Hacking, Unauthorized Access, And Computer Disruption Crimes

05 Oct 2025 --
0 Comments

1. Hacking and Unauthorized Access Crimes

Definition:
Hacking involves intentionally gaining unauthorized access to computer systems, networks, or data. Unauthorized access is illegal under cybercrime legislation, even if no data is stolen, due to the risk posed to systems and information integrity.

Relevant Laws:

USA: Computer Fraud and Abuse Act (CFAA, 1986)

India: Information Technology Act, 2000 (Sections 66, 66C, 66D, 43)

UK: Computer Misuse Act 1990

Case 1: United States v. Kevin Mitnick (1995, USA)

Facts: Kevin Mitnick gained unauthorized access to networks of major corporations, including IBM and Nokia, stealing software and confidential data.

Legal Issues: Violated CFAA, engaged in wire fraud, and breached security systems without authorization.

Outcome: Mitnick was sentenced to five years in prison. His case emphasized that hacking, even without physical theft, is a serious federal crime.

Case 2: TJX Companies Inc. Data Breach (2007, USA)

Facts: Hackers accessed TJX’s database through weak Wi-Fi security, stealing 45 million credit and debit card details.

Legal Issues: Unauthorized access, data theft, violation of federal computer crime laws.

Outcome: Hackers were prosecuted and sentenced to prison. TJX paid over $9 million in compensation, highlighting corporate responsibility for cybersecurity.

Case 3: Yahoo Data Breaches (2013–2014, USA)

Facts: Hackers accessed over 3 billion user accounts, compromising email addresses, passwords, and personal information.

Legal Issues: Unauthorized access and failure of corporate systems to prevent hacking. Executives faced liability for delayed disclosure.

Outcome: Yahoo paid a $35 million SEC settlement, and executives were reprimanded. The case demonstrated the intersection of hacking and corporate accountability.

Case 4: Maroochy Shire Sewage System Hack (2000, Australia)

Facts: A disgruntled former employee hacked the sewage control system in Maroochy Shire, causing 800,000 liters of raw sewage to spill into rivers and parks.

Legal Issues: Unauthorized access to critical infrastructure, malicious interference with computer systems.

Outcome: The hacker was sentenced to prison. This is a classic example of cyber-physical disruption caused by hacking.

2. System Disruption and Denial-of-Service (DoS) Attacks

Definition: System disruption involves intentionally interrupting computer systems or networks, commonly through DoS or DDoS attacks.

Relevant Laws:

USA: CFAA prohibits intentionally damaging or interrupting computer systems.

India: IT Act, Section 66F (Cyberterrorism) and 43 (Damage to computer systems).

UK: Computer Misuse Act 1990, Section 3 (Unauthorized modification of computer material).

Case 5: Anonymous DDoS Attacks (2010–2012, Global)

Facts: Hacker group Anonymous targeted government websites, financial institutions, and corporate platforms in protest against policies, using DDoS attacks.

Legal Issues: Unauthorized access, intentional system disruption, violations of CFAA and equivalent international laws.

Outcome: Several participants were arrested globally, received fines, and prison sentences. Political motives did not exempt them from liability.

Case 6: Bangladesh Bank SWIFT Heist (2016, Bangladesh)

Facts: Hackers accessed Bangladesh Bank’s SWIFT system, attempting to steal $951 million. They succeeded in transferring $81 million to accounts in the Philippines.

Legal Issues: Unauthorized access to financial systems, fraud, cross-border computer crime.

Outcome: International investigation implicated North Korean hackers. Banks worldwide strengthened SWIFT security protocols.

Case 7: WannaCry Ransomware Attack (2017, Global)

Facts: WannaCry infected over 200,000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin. Hospitals, companies, and government agencies were affected.

Legal Issues: Unauthorized access, computer disruption, cyber extortion, violation of international cybercrime laws.

Outcome: Attributed to North Korean hackers. The attack emphasized the need for timely software updates and global cybersecurity cooperation.

Case 8: Sony PlayStation Network Hack (2011, USA)

Facts: Hackers infiltrated Sony’s PlayStation Network, compromising 77 million user accounts and exposing personal data. The network was offline for 23 days.

Legal Issues: Unauthorized access, identity theft, corporate negligence in protecting user data.

Outcome: Sony paid $15 million in settlements and enhanced cybersecurity measures.

Key Legal Principles Illustrated by These Cases

Unauthorized Access is a Criminal Offense: Accessing systems without permission is punishable even if no theft occurs.

System Disruption is Severe: DDoS attacks, ransomware, and sabotage are treated as serious offenses under national and international law.

Corporate Accountability: Companies are legally responsible for implementing adequate cybersecurity measures.

Cross-Border Enforcement: Cybercrime often involves international collaboration to apprehend perpetrators.

Real-World Consequences: Cyber attacks can result in financial loss, environmental damage, data breaches, and reputational harm.