Overview
Explore the intricacies of the Computer Fraud and Abuse Act (CFAA) and its application in federal hacking cases through this illuminating Black Hat conference talk. Gain valuable insights from a Department of Justice's Computer Crime & Intellectual Property Section Prosecutor as they break down the CFAA in plain English and explain the decision-making process for bringing charges. Discover key statistics on CFAA usage, learn how to navigate potential legal pitfalls as a practitioner or researcher, and understand the delicate balance between protecting computer networks and fostering critical vulnerability research. Delve into topics such as state vs. federal jurisdictions, charging decisions, sentencing factors, and the investigatory phase. Examine real-world examples, average sentences, and concerns about chilling effects on security research. Gain knowledge about foreign nation-state attacks, vulnerability scanning, and the DOJ's approach to monetary thresholds, authorization, and loss calculation. Leave with a comprehensive understanding of how federal prosecutors utilize the CFAA and how to conduct security research responsibly while enabling law enforcement to pursue genuine criminal behavior.
Syllabus
Intro
Welcome
Preface
State vs Federal Governments
The CFAA
Three Components
How Often Do We Use The CFAA
Factors That Must Be Considered
Charging Decisions
Sentencing
Factors
Example
Average Sentence
Concession
Concerns about chilling
The investigatory phase
Vulnerability scanning
Summary
Foreign Nation State Attacks
Where To Find Information
Education
DOJs Approach
Monetary Thresholds
Authorization
Loss Calculation
Preventing Legal Recourse
Taught by
Black Hat