Summer’s over — what’s your move? Join Pro for 50% off using code [MAKEITHAPPEN](https://www.codecademy.com/checkout?periods=year&plan_id=proGoldAnnualV2&discountCode=MAKEITHAPPEN)


Learn about the Computer Fraud and Abuse Act (CFAA), its importance, and some popular cases that help establish the act today.


Computer Fraud & Abuse Act 

In this lesson, you learned about the Computer Fraud and Abuse Act (CFAA) and gain summaries of some cases that redefined the act. As an ethical hacker, it's essential to know about the CFAA as it can provide some guidance about ethical hacking or be ethical. As you continue your ethical hacking journey, remember that requesting permission to access information is essential and puts the **ethical** in ethical hacking.

Conclusion

Van Buren v. the United States is an interesting one. 


### What Did Nathan Van Buren do?

Nathan Van Buren, a Georgia police sergeant, was charged with violating the Computer Fraud And Abuse Act (CFAA) when he used his government credentials and resources to obtain information for his personal gain.

### Why Was This Wrong?

Well, not only did Van Buren use government resources to obtain private information for his personal gain, but he also “exceeded authorized access” by going into the database to obtain information for personal use. 

### How Did Nathan Van Buren Get Caught?

The FBI followed Nathan Van Buren from a previous claim, and the FBI staged a trap to catch him in the act. Once caught, the FBI charged him with violating the Computer Fraud and Abuse Act (CFAA). Nathan Van Buren was convicted however, sometime later, Van Buren appealed to the court, mentioning that he did not "exceed authorized access" according to the CFAA because he was authorized to access the computer and database since he was a police sergeant. As a result, the Supreme Court withdrew Van Buren's conviction under the CFAA.

Van Buren v. United States

Have you ever wondered what makes hacking illegal?

In the 1980s, some lawmakers created the first federal computer fraud law, the **Computer Fraud and Abuse Act (CFAA)**. CFAA primarily deals with hacking into systems. According to the National Association of Criminal Defense Lawyers, the CFAA "prohibits intentionally accessing a computer without authorization or in excess of authorization." However, this definition falls short as it "fails to define what 'without authorization' means." This can be an issue as it allows for broad interpretation (which we will see later).

Nonetheless, even though the act does not clearly define 'without authorization,' one thing is for sure, it is illegal to break into a computer system, and it is illegal to exceed what you were authorized to access. 

In this lesson, we'll explore some popular case studies that made the CFAA what we have today. 

What Is The Computer Fraud & Abuse Act?

Sometimes being the first is not always great. Take, for example, Robert Morris. 

### What Did Robert Morris do?

Robert Morris, a student at Cornell University at the time, created and released one of the first worms on the internet. His action caused several computers to be infected and systems to be destroyed. 

### Why Was This Wrong?

You can imagine the chaos after releasing a worm onto the internet that infected several computers and destroyed systems. Robert Morris's decision to release the worm to prove a point on the lack of internet security and hide his identity by releasing the worm on different school networks led him to be charged with violating the Computer Fraud And Abuse Act (CFAA). 

### How Did Robert Morris Get Caught?

One of Morris' friends made an anonymous call to a news agency, and eventually, the news agency reported the culprit to the public. From there, the FBI launched an investigation and confirmed that Robert Morris was the culprit.  


United States v. Morris

Software bugs exist, and most individuals take advantage of those bugs. However, what if a software bug in a video poker machine causes someone who took advantage of this vulnerability to win hundreds of thousands of dollars? Does this exploitation of the software bug fall under exceeding unauthorized access? 

Well, that was one of the main questions in the United States v. Kane case. 

### What Did John Kane do?

John Kane discovered a vulnerability within a video poker game that he took advantage of for several months before he got caught. 

### Why Was This Wrong?

When John Kane found the video poker game's vulnerability, he did not report it to the organization. Instead, he took advantage of the vulnerability to win hundreds of thousands of dollars. 

### How Did John Kane Get Caught?

The video poker game organization grew suspicious and reported John Kane and charged him with violating the CFAA. However, the charges against John Kane were dismissed because video poker machines were not considered protected computers, and John Kane's actions did not qualify as exceeding authorized access. 
