Cybercriminals to face tougher penalties under proposed Ohio bill

Published: Sep. 30, 2021 at 5:44 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

TOLEDO, Ohio (WTVG) - The pandemic has fueled a growing fire. It’s given people more time online and led to more cybercrime. The FBI said it fielded a record number of victim complaints in 2020, with losses totaling more than $4 billion. In Ohio, experts say the laws meant to target cyber crooks aren’t tough enough.

“The bad guys are making enormous amounts of money, and there are rarely any consequences for them,” said Dave Hatter, a cybersecurity expert based in Cincinnati.

He said these criminals aren’t slowing down anytime soon.

“Until there are serious consequences for this sort of thing, if you’re a criminal, especially a criminal outside the United States, it’s a field day for you,” he said.

There is a bill moving through the Ohio legislature. It looks to modernize current laws and create new felony-level offenses for cybercriminals.

House Bill 116 would also allow cybercrime victims to file a civil lawsuit against the people responsible for their attack.

“I think this is a good thing and should’ve happened a long time ago,” Hatter said.

A similar bill passed the Ohio House last year but didn’t get a vote in the Senate. Lawmakers ran out of time. It had its second hearing in the House Criminal Justice Committee Tuesday where lawmakers gathered proponent testimony.

Hatter said the laws won’t have much of an impact on international cybercriminals. But they would help prosecute someone, like a disgruntled employee who tries to steal information from their company.

That happened to the Desco Federal Credit Union based in Portsmouth, Ohio. Lee Powell, the CEO of the credit union, submitted written testimony supporting the bill that explained the frustrations he faced trying to bring someone to justice who tried to steal information from his company.

He said a former employee tried to hack the credit union’s core processor to access and steal information about its members. The person didn’t succeed, but the credit union thought they should be held accountable. An FBI agent told the company the incident didn’t rise to the level of a federal case, and local authorities told them that they could only charge the ex-employee if they caused the credit union to lose money.

It has worked with Rep. Brian Baldridge, R-Winchester, to develop the legislation. Current Ohio law only has two offenses to address computer-related crimes, according to the Ohio Legislative Service Commission: Criminal mischief and unauthorized use of a computer.

The new offenses created under the proposal include electronic computer service interference, electronic data tampering, and electronic data manipulation, computer trespass, electronic data theft, and unauthorized data disclosure.

But even with laws on the books, Hatter says most law enforcement agencies lack the resources to thoroughly investigate these crimes.

“A lot of this fraud is not punished, because until it reaches a certain level or has a certain socioeconomic impact, they just aren’t going to prosecute it,” Hatter said. “They just don’t have the resources. The bad guys know this. They know that most law enforcement agencies are not well-positioned to attempt to go after these kinds of criminals.”

See a spelling or grammar error in our story? Please include the title when you click here to report it.

Copyright 2021 WTVG. All rights reserved.