Close

Cyberattacks and Network Disruptions

The ever-expanding world of technology brings with it the threat of cyber attacks that can affect everything from a personal email account to an entire corporate database. While there are many types of cyber attacks, some of the most common include but may not be limited to, ransomware, scareware, BOTS, viruses, trojans, and malware (i.e., malicious software).

Both federal and state governments have passed legislation to combat the growing threats of cyber attacks. In 1986, the United States Congress passed the Electronic Communications Privacy Act (ECPA), under 18 U.S.C. §§ 2510-2522, which protects wire, oral, and electronic data against unauthorized wiretapping. The ECPA came under criticism for its failure to effectively apply to changing technological advancements, including new methods of storing data. In the same year, Congress passed the Stored Communications Act (SCA), under 18 U.S.C. §§ 2701-2712, which addressed third-party responsibility to release stored information. The SCA calls into discussion people's right to be secure against "unreasonable searches and seizures" under the Fourth Amendment to the United States Constitution where courts compel social networking websites, message boards, and other Internet Service Providers to release privately stored data.

Since 1996, the Computer Fraud and Abuse Act (CFAA), under 18 U.S.C. § 1030, has made it a federal violation to intentionally access a government computer without authorization and obtain protected information. Disrupting federal networks is subject to a fine, imprisonment and even investigation by the United States Secret Service. A subject of constant litigation, the Ninth Circuit recently interpreted the reach of the CFAA in United States v. Nosal. The Ninth Circuit found that employees who access company websites do not violate the CFAA where they have authority to use the websites, even if the employees unlawfully use information they gathered from the website. The USA PATRIOT ACT has since amended the breadth and application of the CFAA in light of related anti-terrorism legislation.

California has specific state legislation to protect against cyber attacks. For example, California Civil Code § 1798.82 compels California citizens and businesses to report any instance of an unauthorized breach in data security. Furthermore, California Penal Code § 502 makes it a criminal offense to intentionally access and alter privately stored data.

So, cyber activity begs the question of whether courts can consider electronically stored data as "personal property" and apply trespass to chattel standards to find damages. In 1996, Thrifty-Tel, Inc. v. Bezenek first introduced the notion that electronic data can be "personal property" subject to protection under tort law. Four years later, in eBay Inc. v. Bidder's Edge, eBay successfully argued that Bidder's Edge trespassed on eBay chattel when it used web crawlers to monitor and gather data. However, the California Supreme Court overruled this holding in 2003 in Intel Corp. v. Hamidi. There, the court found that a former Intel employee's emails to current Intel employees did not constitute a trespass to chattel and was not subject to common law trespass protection.

Types of Cyberattacks:
  1. Ransomware Attacks: Ransomware attacks involve malicious software that encrypts a victim's files, rendering them inaccessible until a ransom is paid. These attacks can target individuals, businesses, or even critical infrastructure, causing significant financial and operational damage.
  2. Phishing Attacks: Phishing attacks use deceptive tactics, often through emails or fake websites, to trick individuals into providing sensitive information such as passwords or financial details. Successful phishing attempts can lead to unauthorized access and data breaches.
  3. DDoS Attacks: Distributed Denial of Service attacks overwhelm a target's network or website with a flood of traffic, causing it to become unavailable to legitimate users. DDoS attacks can be motivated by various factors, including hacktivism, competition, or as a smokescreen for other cybercrimes.
  4. Malware and Viruses: Malicious software, including viruses and malware, can infiltrate systems to steal information, disrupt operations, or gain unauthorized control. Cybercriminals continuously evolve these tools to bypass security measures.
  5. Insider Threats: Insider threats involve individuals within an organization intentionally or unintentionally compromising security. This may include employees with malicious intent, negligent actions, or inadvertent sharing of sensitive information.
Cyberattack Motivations:
  1. Financial Gain: Many cyberattacks are financially motivated, with criminals seeking to extort money through ransomware, stealing financial information, or engaging in fraudulent activities.
  2. Political or Ideological Motivations: Some cyberattacks are driven by political or ideological motives, often carried out by hacktivist groups or nation-state actors aiming to disrupt or gain an advantage.
  3. Industrial Espionage: Corporate entities may be targeted for industrial espionage, where cybercriminals seek to steal proprietary information, trade secrets, or intellectual property.
  4. Disruption and Chaos: Certain cyberattacks aim to cause disruption and chaos, whether for personal satisfaction, revenge, or as a means of distracting from other criminal activities.
Safeguarding Methods:
  1. Robust Cybersecurity Measures: Implementing strong cybersecurity measures, including firewalls, antivirus software, and intrusion detection systems, is crucial to defend against a wide range of cyber threats.
  2. Employee Training: Educating employees about cybersecurity best practices, including recognizing phishing attempts and practicing safe online behavior, helps mitigate the risk of insider threats.
  3. Regular Software Updates: Keeping software and systems up to date with the latest security patches is essential in addressing vulnerabilities that cybercriminals may exploit.
  4. Incident Response Planning: Developing comprehensive incident response plans enables organizations to respond effectively to cyberattacks, minimizing the impact and downtime.
  5. Collaboration and Information Sharing: Collaboration between organizations, government agencies, and international partners is crucial for sharing threat intelligence and collectively combating cyber threats.

In conclusion, as technology advances, so do the capabilities and motivations of cybercriminals. Understanding the landscape of cyberattacks and implementing proactive cybersecurity measures is imperative to safeguarding our digital future. The collaborative efforts of individuals, organizations, and governments worldwide are essential in creating a resilient and secure online environment in the face of evolving cyber threats.