Is it legal to hijack online scammers accounts?

Question

If someone were to start phishing scammers, hijacking their accounts and handing them over to the FBI, is there any protection for said vigilante?

I think there is some precedence for the necessity law but for the life of me I can't find any information online. You always hear about people taking the fight back to criminals but one thing commonly left out in these articles is the legality.

So my direct question: Is there any certificate, law, license that one can get that protects their ability to hunt scammers, phish their accounts and hand over the information to the feds?

Update

Since this got migrated to law I will clarify some of the terms above.

When I say phish someones account I mean tricking the scammer into handing over their credentials. Usually this is done with a fake login page that is tied to the hacker's [good guy in this case] database. When the scammer types in their credentials they are handing over their username and password willingly. I don't doubt this is legal.

What I am asking is, if said hacker then uses these credentials to log into the scammers accounts, and changes all the passwords effectively locking the scammer out [hijacking]. Would the hacker be in violation of the computer fraud and abuse act, and therefore liable when they handed the accounts over to the FBI?

Answer 1

No, it is not.

Just as it is illegal to steal from a thief, it is illegal to hack a hacker.

Criminals are often considered a good target for crimes from a practical standpoint, but crimes against criminals are still prosecuted. As criminals are unlikely to report crimes against them to the authorities (particularly when doing so runs the risk of them being arrested for their crimes), targeting them does tend to result in a lower risk of being caught by the authorities, but if the crime is discovered, it will generally be prosecuted all the same.

To that point, two Florida men have recently been arrested and are being prosecuted for stealing millions of dollars in Bitcoins from an illegal, darkweb drug marketplace in 2013, and there is always the more famous case of the two government agents who are in jail for stealing from the Silk Road.

In your specific example, if all you did was hand over the information to the FBI, it's less likely that you'd be prosecuted than if you did so for personal gain, but you would be at risk of prosecution for engaging in vigilante computer hacking, yes. Also consider that if your actions happened to interfere with an ongoing investigation or result in the inability to prosecute (say, for the evidence you gathered being tainted and inadmissible by your involvement), you could be charged with crimes such as obstruction of justice or interfering with a police investigation as well.

Answer 2

Law enforcement can do those things. You can't.

The Department of Justice publishes a manual on Prosecuting Computer Crimes.

Several provisions of the CFAA impose criminal liability on a defendant who, among other things, “exceeds authorized access” when accessing a computer. See 18 U.S.C. §§ 1030(a)(1), (a)(2), & (a)(4).

[...]

password protection is an implicit (and technological) limit on access for otherwise authorized users who are not given the password. See EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. 2003).

The DOJ recommends that you contact law enforcement if you suspect a crime has been committed:

If at any point during the organization’s response or investigation it suspects that the incident constitutes criminal activity, law enforcement should be contacted immediately.

The DOJ says to not "hack back":

Although it may be tempting to do so (especially if the attack is ongoing), the company should not take any offensive measures on its own, such as “hacking back” into the attacker’s computer—even if such measures could in theory be characterized as “defensive.” Doing so may be illegal, regardless of the motive.

Answer 3

Illegal. However that does not mean it is not done. Snowden exposed the USA doing it but the USA will not convict itself.

Computer Crime Statutes - National Conference of State Legislatures

I personally know of some High School kids that got indicted on Felony charges for 'hacking' into grades database and changing theirs. They got kicked out of high school for that, in addition to their parents spending their savings defending them. Not sure how it turned out. This was in Alexandria, LA.