Hacker Sentenced to 5 Months Under CFAA for Hacking SodaHead.com Accounts

A Kentucky man was convicted of violating the Computer Fraud and Abuse Act for hacking into specific accounts on the website sodahead.com and replacing purported racist and homophobic content with less offensive content. Michael Pullen was able to hack into the accounts by exploiting a software vulnerability. The man was sentenced to 5 months in [...]

Loss and Damage Are Not Interchangeable Under CFAA–District Court Blows Right Past CFAA’s “Loss” Requirement in Sysco Corp. v. Katz

In denying a motion to dismiss a civil Computer Fraud and Abuse Act claim, a district court found that a departing employee's purported cover-up of nefarious activity by deleting e-mails from his "sent" and "deleted items" folders on Plaintiffs’ computer system was sufficient to allege damage pursuant to 18 U.S.C. § 1030(c)(4)(A)(i) which provision, however, does not address the issue [...]

District Court Finds Breach of Contractual Limits on Access Violates the CFAA

TAKEAWAY: Businesses (and anyone else) that allow others to access to their computers should have contractual agreements with those persons that clearly specify the restrictions on their authorization to access and use the computers and data.  This is the lesson of United States v. Cave, 2013 WL 3766550 (D. Neb. July 16, 2013), a case in which [...]

Yes, Case Law Says It Really Is A CFAA Violation To DDoS A Website

On October 3, 2013, a federal grand jury in Virginia indicted 13 members of Anonymous for conspiracy premised on underlying violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (CFAA). Those indicted allegedly committed a DDoS attack (distributed denial of service) on certain websites. The indictment (download) has, yet again, stirred up [...]