By mid-November 2013, an elaborate scheme was underway somewhere in eastern Europe as the biggest shopping day in the U.S., known as “Black Friday,” was approaching. Hackers were working to gain access to Target’s computer network by using the credentials of a company that worked on the air conditioning units in the retailer’s many stores. Once in the networks, hackers uploaded a “credit card-stealing” malicious software (Malware) to a majority of Target’s point-of-sale devices. All was in place for Black Friday, November 29, 2013 and the unwary customers using their credit cards for holiday gifts. By December 2, 2103, the credit card numbers started flowing out, eventually reaching a point that the intrusion allowed hackers to actively collect credit cards from live transactions.
By infiltrating the majority of Target’s point-of-sale devices, the hackers were able to steal over 40 million credit card accounts. Of those stolen, between 1 and 3 million were successfully sold on the black market for about $27 each which generated $53.7 million in income for the hackers.
The massive breach of Target’s computer system was a costly one. Banks spent more than $200 million replacing millions of credit cards while Target incurred approximately $150 million in expenses related to the breach.
Although the Target breach is unusual in its scope and sophistication, cybercrime in the U.S. and Ohio is on the rise affecting businesses and individuals.
Cybercrime is a general term used to describe any illegal activity that uses a computer as its primary means of commission. Criminals once involved in violent offenses and drug dealing have turned to cybercrime and are now exploiting the speed, convenience, safety, and anonymity of the internet to commit a wide range of criminal activities including but not limited to: credit card fraud, identity fraud, tax refund fraud, attacks against computer hardware and software, e.g. malware, hacking and network intrusions, penetration of online financial services and more violent offenses like cyber bullying and cyber stalking.
Ohio Computer Fraud and Cybercrime Enforcement a Top Priority
Law enforcement officials and prosecutors at the state and federal levels are making cyber crime investigation and prosecutions a top priority.
In 2011, Ohio amended R.C. § 2913.041 entitled “unauthorized use of property” to create a criminal statute that deals with the problem of cybercrime. R.C. § 2913.04 makes it illegal to “hack” into a computer system/network without the consent of the owner, for the purpose of executing a scheme to defraud or to obtain property, services, or money, by false pretenses. As with most theft related offenses, the felony level and punishment is related to the loss to the victim and/or the value of the property or services. This designation becomes crucial in the light of the Target hack. For example, the actual value of the credit card numbers and other related information contained thereon was not significant; however, the loss to Target and to the banks in replacing the cards and making the customers whole reached almost a half billion dollars.
Under Ohio law, a violation of the unauthorized use of property statute (R.C. § 2913.04) that involves a loss of over $1000 is a felony of the fifth degree. Larger losses, in excess of $100,000, rises to a felony of the third degree and carry with it a potential of 36 months in prison.
In addition, Ohio law and R.C. § 2913.04 does not preclude prosecutors from charging a computer hacker with violations of other criminal statutes. For example, all hacks that steal information (credit cards, bank accounts, insurance information, etc.) are theft offenses that could be charged under the theft statute, R.C. § 2913.02. Aggravated theft, i.e. theft or a loss of over $500,000, can result in a felony of the first or second degree and a possibility of a significant prison sentence.
In addition, prosecutors can also charge sophisticated hackers with a violation of R.C. §2923.32, engaging in a pattern of corrupt activities, also known as Ohio’s “RICO” statute. The Ohio RICO statute carries with it harsh penalties as to prison sentences as well as significant fines and asset seizures.
Experts predict that internet offenses and cybercrime will increase even as more businesses and individuals implement security measures to thwart such breaches. If you find yourself charged with an internet related offense contact criminal defense attorney Joe Edwards at 614-309-0243.