I am not a lawyer, much less a cyber lawyer, but I was recently wondering “are there any laws—especially federal ones—that cover just plain old Hacking per se?” Say someone breaks into your blog, maybe they look at your drafts, maybe they deface the front page… is that, in and of itself, a crime no matter where in the United States your attacker is?
The answer is—Yes! 18 USC §1030
makes it a federal Class C felony to access computers you're not authorized to in the United States.
Specifically (with definitions from 18 USC §1030 (e)
, classifications from §3559 (a)(3)
, fines from §3571 (b)(3)
, and emphasis added):
18 USC §1030 (a)(2)(C)
Whoever … intentionally accesses a computer without authorization … and thereby obtains … information from any [computer … which is used in or affecting interstate … communication] … The punishment … is— a fine [not more than $250,000] or imprisonment for not more than ten years, or both … [even for] an attempt …
18 USC §1030 (a)(5)(A)
Whoever … intentionally causes … [any impairment to the integrity or availability of data, a program, a system, or information] without authorization, to a [computer … which is used in or affecting interstate … communication] … The punishment … is— … a fine [not more than $250,000], imprisonment for not more than 10 years, or both … [even for] an attempt …
And the courts are very, very, unreasonably generous with their interpretation of the word "affecting", so I doubt one would even need to show that the system ever sent packets across state lines in order to fit that requirement.
As for state laws, it looks like someone already compiled a big list of them: www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx