How Federal Prosecutors Use The CFAA

Explore the intricacies of the Computer Fraud and Abuse Act (CFAA) and its application in federal hacking cases through this illuminating Black Hat conference talk. Gain valuable insights from a Department of Justice's Computer Crime & Intellectual Property Section Prosecutor as they break down the CFAA in plain English and explain the decision-making process for bringing charges. Discover key statistics on CFAA usage, learn how to navigate potential legal pitfalls as a practitioner or researcher, and understand the delicate balance between protecting computer networks and fostering critical vulnerability research. Delve into topics such as state vs. federal jurisdictions, charging decisions, sentencing factors, and the investigatory phase. Examine real-world examples, average sentences, and concerns about chilling effects on security research. Gain knowledge about foreign nation-state attacks, vulnerability scanning, and the DOJ's approach to monetary thresholds, authorization, and loss calculation. Leave with a comprehensive understanding of how federal prosecutors utilize the CFAA and how to conduct security research responsibly while enabling law enforcement to pursue genuine criminal behavior.