2

On Youtube, We can find videos of some tech guys controlling others (scammers) computers without permission.

Not sure how they did it, and this is not a question about how do they know which computers to break into when they are communicating on the phone, then successfully identify the scammers and control their computers.

Question: What laws do those tech guys break? (if any)

Improve this question
7
  • So if I steal from a thief while he is burglarizing my home, have I committed a crime? Almost certainly. But who is going to report that crime? The thief? Probably not because he would likely have to incriminate himself do to so. Same principle here. Yes, the YouTuber is probably violating some laws but is the scammer going to report it to law enforcement authorities and risk exposing their operation? Probably not.
    – jwh20
    Commented Aug 22, 2022 at 14:05
  • 1
    @jwh20 isn't recording yourself committing a crime and publishing the video legal, voluntary self-incrimination?
    – Someone
    Commented Aug 22, 2022 at 14:31
  • 1
    This can get especially dicey when you think you are hacking a scammer but you actually hack an innocent person. This is one reason why vigilantism in general isn't accepted in most societies.
    – Philipp
    Commented Aug 22, 2022 at 15:03
  • @Someone It likely is, but who is interested in prosecuting? I'm talking about the scammer filing a complaint. He's not going to do that because that would incriminate him.
    – jwh20
    Commented Aug 22, 2022 at 15:08
  • @jwh20 can't prosecutors choose to prosecute a crime without a complaint filed by the victim?
    – Someone
    Commented Aug 22, 2022 at 18:57

2 Answers 2

Reset to default
3

The Computer Fraud and Abuse Act - Maybe

The US has the Computer Fraud and Abuse Act of 1984

Similar law to UK's, this specifically refers to gaining unauthorized or exceeding authorized access to a computer system. However, there are some differences, in which case the specific actions may be gray area, legally speaking. The CFAA references 7 specific areas for action (paraphrased):

  1. Access national defense information (classified DoD or State department systems)
  2. Financial records/institutions, government agencies, or protected computers used in commerce, voting systems, etc. The catch-all "or has been used in interstate commerce" may be significant here, particularly for "hacking back" to a system in a different country.
  3. Nonpublic computers belonging to/used by the US Government
  4. Fraud by computer, not counting the use of the computer itself unless more than $5000 in value.
  5. Damaging a protected computer, subdivided into intentional, reckless, or simple damage for later use in the punishments.
  6. Trafficking in stolen accounts
  7. Threats/extortion regarding damage or unauthorized access to a protected computer, when used in interstate or foreign commerce.

In short, hacking back against someone attempting to defraud you in your computer from a foreign country may not neatly fit into any of these boxes, depending on what is actually done to the "bad guy" computer. Stealing bank records, credit report information, etc, will run afoul of (2). Selling passwords, etc: (6). If the fraudster was an agent of the USG, you might get a few of these boxes checked. If you threaten damage to the computer unless they pay up, that might be (7). However, all of these turn on the definition of a "protected computer", which is:

(2) the term “protected computer” means a computer—
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government;
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; or
(C) that—
(i) is part of a voting system; and
(ii)
(I) is used for the management, support, or administration of a Federal election; or
(II) has moved in or otherwise affects interstate or foreign commerce;

The questionable argument would be if the fraudsters are affecting interstate or foreign commerce. I don't know if a criminal action originating in a foreign country (which are also illegal in that country, as I understand it) might be considered to affect interstate or foreign commerce.

Would it be prosecuted? Probably only if the individual in question managed to irritate the wrong politician, since going after perpetrators who are in the act of defrauding a "little old lady" out of her life's savings is generally seen as a net positive. Prosecuting said vigilante without being able to stop the initial fraud is a good way for the average district attorney to get very bad press and not get reelected the next cycle.

As far as I understand it, the way the fraudster's computers are hacked is by "riding back" the connection to the attacker's machine after they initiate a remote control connection to perform their fraud. This makes it more of a response to an attack than an "unprovoked" attack on the fraudster's machine, which could also affect the public opinion on whether or not to prosecute any technical violation.

Improve this answer
1

  • Short Answer

The Computer Misuse Act 1990

  • Long Answer

Section 1

Unauthorised access to computer material.

(1)A person is guilty of an offence if—

  • (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer , or to enable any such access to be secured;

  • (b)the access he intends to secure, or to enable to be secured, is unauthorised; and

  • (c)he knows at the time when he causes the computer to perform the function that that is the case.

(2)The intent a person has to have to commit an offence under this section need not be directed at—

  • (a)any particular program or data;

  • (b)a program or data of any particular kind; or

  • (c)a program or data held in any particular computer.

(3)A person guilty of an offence under this section shall be liable—

  • (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (b)on summary conviction in Scotland, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.

And/or Section 2

Unauthorised access with intent to commit or facilitate commission of further offences.

(1)A person is guilty of an offence under this section if he commits an offence under section 1 above (“the unauthorised access offence”) with intent—

  • (a)to commit an offence to which this section applies; or

  • (b)to facilitate the commission of such an offence (whether by himself or by any other person);

and the offence he intends to commit or facilitate is referred to below in this section as the further offence.

(2)This section applies to offences—

  • (a)for which the sentence is fixed by law; or

  • (b)for which a person who has attained the age of twenty-one years (eighteen in relation to England and Wales) and has no previous convictions may be sentenced to imprisonment for a term of five years (or, in England and Wales, might be so sentenced but for the restrictions imposed by section 33 of the Magistrates’ Courts Act 1980).

(3)It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion.

(4)A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible.

(5)A person guilty of an offence under this section shall be liable—

  • (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (b)on summary conviction in Scotland, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (c)on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

And/or Section 3

Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. (1)A person is guilty of an offence if—

  • (a)he does any unauthorised act in relation to a computer;

  • (b)at the time when he does the act he knows that it is unauthorised; and

  • (c)either subsection (2) or subsection (3) below applies.

(2)This subsection applies if the person intends by doing the act—

  • (a)to impair the operation of any computer;

  • (b)to prevent or hinder access to any program or data held in any computer; or

  • (c)to impair the operation of any such program or the reliability of any such data; or

  • (d)to enable any of the things mentioned in paragraphs (a) to (c) above to be done.

(3)This subsection applies if the person is reckless as to whether the act will do any of the things mentioned in paragraphs (a) to (d) / to (c)of subsection (2) above.

(4)The intention referred to in subsection (2) above, or the recklessness referred to in subsection (3) above, need not relate to—

  • (a)any particular computer;

  • (b)any particular program or data; or

  • (c)a program or data of any particular kind.

(5)In this section—

  • (a)a reference to doing an act includes a reference to causing an act to be done;

  • (b)“act” includes a series of acts;

  • (c)a reference to impairing, preventing or hindering something includes a reference to doing so temporarily.

(6)A person guilty of an offence under this section shall be liable—

  • (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (b)on summary conviction in Scotland, to imprisonment for a term not exceeding 12nmonths or to a fine not exceeding the statutory maximum or to both;

  • (c)on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.

And/or Section 3ZA

Unauthorised acts causing, or creating risk of, serious damage

(1)A person is guilty of an offence if—

  • (a)the person does any unauthorised act in relation to a computer;

  • (b)at the time of doing the act the person knows that it is unauthorised;

  • (c)the act causes, or creates a significant risk of, serious damage of a material kind; and

  • (d)the person intends by doing the act to cause serious damage of a material kind or is reckless as to whether such damage is caused.

(2)Damage is of a “material kind” for the purposes of this section if it is—

  • (a)damage to human welfare in any place;

  • (b)damage to the environment of any place;

  • (c)damage to the economy of any country; or

  • (d)damage to the national security of any country.

(3)For the purposes of subsection (2)(a) an act causes damage to human welfare only if it causes—

  • (a)loss to human life;

  • (b)human illness or injury;

  • (c)disruption of a supply of money, food, water, energy or fuel;

  • (d)disruption of a system of communication;

  • (e)disruption of facilities for transport; or

  • (f)disruption of services relating to health.

(4)It is immaterial for the purposes of subsection (2) whether or not an act causing damage—

  • (a)does so directly;

  • (b)is the only or main cause of the damage.

(5)In this section—

  • (a)a reference to doing an act includes a reference to causing an act to be done;

  • (b)“act” includes a series of acts;

  • (c)a reference to a country includes a reference to a territory, and to any place in, or part or region of, a country or territory.

(6)A person guilty of an offence under this section is (unless subsection (7) applies) liable, on conviction on indictment, to imprisonment for a term not exceeding 14 years, or to a fine, or to both.

(7)Where an offence under this section is committed as a result of an act causing or creating a significant risk of—

  • (a)serious damage to human welfare of the kind mentioned in subsection (3)(a) or (3)(b), or

  • (b)serious damage to national security,

a person guilty of the offence is liable, on conviction on indictment, to imprisonment for life, or to a fine, or to both.

And/or Section 3A

Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA

(1)A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1, 3 or 3ZA.

(2)A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1, 3 or 3ZA.

(3)A person is guilty of an offence if he obtains any article—

  • (a)intending to use it to commit, or to assist in the commission of, an offence under section 1, 3 or 3ZA, or

  • (b)with a view to

its being supplied for use to commit, or to assist in the commission of, an offence under section 1, 3 or 3ZA.

(4)In this section “ article ” includes any program or data held in electronic form.

(5)A person guilty of an offence under this section shall be liable—

  • (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (b)on summary conviction in Scotland, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

  • (c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .