The Cyber Epidemic

The rapid acceleration of technology has created a world in which hackers trigger cyber-attacks on a number of different computer networks, including those of banks, corporations, financial institutions, and stores.[1] Hackers have now turned their attention to video game networks. Sony Entertainment’s PlayStation Network recently became the victim of a distributed denial of service attack (“DDoS attack”).[2] This is not the first time that Sony was targeted with such an attack. Back in 2011, hackers extracted personal data, bank account information, and login information belonging to 77 million Sony customers.[3]

A DDoS attack occurs when a hacker takes control of multiple computers, sometimes without the owner’s knowledge, and creates artificial traffic on a targeted server until that server cannot keep up with the exorbitant amounts of requests.[4] The hacker is able to take down a server from anywhere in the world and cause monetary losses.[5]

To combat hackers, the Federal Government enacted the Computer Fraud and Abuse Act (“CFAA”) in 1984.[6] The CFAA allows for criminal and civil liability to be imposed upon a hacker who knowingly[7] or intentionally accesses a computer without authorization.[8] While some revisions have been made to strengthen the CFAA over the years, none have created sufficient deterrence.[9] Hackers continue to cause havoc on networks and servers on big companies like Sony or banks, like JP Morgan and Chase.[10]

Some scholars have taken the position that maximum jail sentences for hackers prosecuted under the CFAA should be increased.[11] Others have argued that the CFAA is too harsh and that punishments should be lessened following the suicide of famed hacker Aaron Swartz.[12] This viewpoint prompted proposed legislation to relax the laws. However, the proposal ultimately met its demise in Congress.[13] Choosing sides is not important; rather, creating a solution to the problem should be of the highest urgency!

[1] Steven Musil, Cybercrooks use DDoS attacks to mask theft of banks’ millions, CNET (Aug. 21, 2013, 8:30 PM), http://www.cnet.com/news/cybercrooks-use-ddos-attacks-to-mask-theft-of-banks-millions/.

[2] Nicole Arce, Sony PlayStation Network suffers DDoS attack, Tech Times (Aug. 26, 2014, 12:12 AM), http://www.techtimes.com/articles/13925/20140826/sony-playstation-network-suffers-ddos-attack.htm.

[3] Liana B. Baker, Sony PlayStation suffers massive data breach, Reuters (Apr. 26, 2001, 7:36 PM), http://www.reuters.com/article/2011/04/26/us-sony-stoldendataidUSTRE73P6WB20110426.

[4] Jonathan Strickland, How Zombie Computers Work, HowStuffWorks, http://computer.howstuffworks.com/zombie-computer3.htm (last visited Aug. 29, 2014).

[5] Id.

[6] 18 U.S.C. § 1030 (2008).

[7] 18 U.S.C. § 1030(a)(1).

[8] 18 U.S.C. § 1030(a)(2).

[9] W. Cagney McCormick, The Computer Fraud & Abuse Act: Failing to Evolve with the Digital Age, 16 SMU Sci. & Tech. L. Rev. 481, 488-90 (2013).

[10] Musil, supra note 1.

[11] McCormick, supra note 9, at 494-95.

[12] John Schwartz, Internet Activist, a Creator of RSS, Is Dead at 26, Apparently a Suicide, N.Y. Times (Jan. 12, 2013), http://www.nytimes.com/2013/01/13/technology/aaron-swartz-internet-activist-dies-at-26.html?pagewanted=all&_r=0.

[13] Thomas Brewster, Aaron’s Law Is Doomed Leaving US Hacking Law ‘Broken’, Forbes (Aug. 6, 2014, 9:39 AM), http://www.forbes.com/sites/thomasbrewster/2014/08/06/aarons-law-is-doomed-leaving-us-hacking-law-broken/.

Author: Michael Urcuyo

Michael Urcuyo is a second year law student and an Associate Editor of the Rutgers Computer and Technology Law Journal. Prior to law school, Michael obtained a B.A. in Neuroscience from Drew University, where he minored in the German Language. Michael is interested in Health, Patent, and Corporate law. This past summer, he interned with the Honorable Marta T. Royster in Hudson County Superior Court, Civil Division. His hobbies include playing chess and watching football.