Virginia's computer trespass statute — commonly called the "hacking" law — criminalizes unauthorized access to computer systems even when no data is stolen. A conviction can mean felony charges, prison time, and a permanent criminal record. D.J. Rivera brings unmatched technical and legal expertise to your defense.
Virginia Code § 18.2-152.4 — Computer Trespass
It shall be unlawful for any person to use a computer or computer network, without authority and with the intent to: (i) temporarily or permanently remove, halt, or otherwise disable any computer data, computer programs, or computer software from a computer or computer network; (ii) cause a computer to malfunction, regardless of how long the malfunction persists; (iii) alter, disable, or erase any computer data, computer programs, or computer software; (iv) effect the creation or alteration of a financial instrument or of an electronic transfer of funds; (v) cause physical injury to the property of another; or (vi) make or cause to be made an unauthorized copy, in any form, of computer data, computer programs, or computer software.
Virginia's computer trespass statute is one of the broadest computer crime laws in the Commonwealth. Unlike computer fraud, which requires intent to obtain property, computer trespass can be charged for any unauthorized access to a computer system where the defendant intended to alter, damage, copy, or disrupt data or systems — even if the actual harm caused was minimal.
The statute covers a wide range of conduct, from sophisticated network intrusions to relatively minor acts such as copying files without permission, installing unauthorized software, or accessing a system to view data. The penalty depends on the damage caused, making the valuation of harm a critical issue in every computer trespass prosecution.
| Damage Caused | Classification | Prison | Fine |
|---|---|---|---|
| No damage / minimal damage | Class 1 Misdemeanor | Up to 12 months | Up to $2,500 |
| Damage ≥ $1,000 or repeat offense | Class 6 Felony | 1–5 years | Up to $2,500 |
| Damage to government/critical infrastructure | Class 5 Felony | 1–10 years | Up to $2,500 |
| Federal CFAA (if charged) | Federal Felony | Up to 20 years | Substantial |
The valuation of damage is one of the most contested issues in computer trespass cases. The prosecution will typically rely on the victim's estimate of the cost to restore systems, recover data, or investigate the intrusion. D.J. Rivera challenges these valuations through independent technical analysis and expert testimony.
Security researchers and penetration testers who access systems without explicit written authorization face computer trespass charges even when their intent is to identify and report vulnerabilities. The absence of a formal authorization agreement is the critical issue in these cases.
Employees who access former employer systems after termination — even to retrieve personal files — can face computer trespass charges. The moment employment ends, authorization to access employer systems typically ends as well.
Using another person's login credentials — even with their permission — can constitute computer trespass if the account holder did not have authority to share access. Authorization is personal and non-transferable in most computer systems.
Installing software on another person's computer without authorization — including monitoring software, keyloggers, or remote access tools — constitutes computer trespass even if no data is immediately accessed or damaged.
Accessing a WiFi network without authorization, exploiting network vulnerabilities, or bypassing network security measures constitutes computer trespass regardless of what is done once access is gained.
Creating, distributing, or deploying malware — including ransomware, viruses, and trojans — that causes damage to computer systems is among the most serious forms of computer trespass and is frequently charged as both a state and federal offense.
Computer trespass requires access "without authority." Authorization in computer systems is complex and context-dependent. Implicit authorization — arising from the nature of the defendant's role, relationship with the system owner, or prior course of conduct — can negate the "without authority" element. After Van Buren v. United States (2021), the Supreme Court significantly narrowed the scope of "exceeding authorized access" under federal law, and Virginia courts have begun applying similar reasoning. D.J. Rivera scrutinizes every aspect of the authorization question, including the terms of service, employment agreements, and the technical architecture of the system.
The difference between a misdemeanor and a felony in computer trespass cases is often the valuation of damage caused. The prosecution typically relies on the victim's self-reported estimate of remediation costs, which frequently includes inflated figures for IT labor, security audits, and "lost productivity." D.J. Rivera retains independent technical experts to challenge these valuations, often reducing the alleged damage below the felony threshold.
D.J. Rivera's GCFE (GIAC Certified Forensic Examiner) certification and D.Eng. in Cybersecurity Analytics give him the technical expertise to challenge the government's forensic evidence at the same level as the investigators who collected it. He reviews forensic reports for methodological errors, challenges the integrity of forensic images, scrutinizes log file analysis for misinterpretation, and identifies alternative explanations for the digital evidence.
Computer trespass requires proof of specific intent — the intent to alter, damage, copy, or disrupt data or systems. Accidental access, access to test a system's security posture without intent to cause harm, or access motivated by curiosity rather than malice may not satisfy the intent element. D.J. Rivera develops intent defenses by presenting evidence of the defendant's purpose and the context of the access.
Law enforcement must obtain a warrant supported by probable cause before seizing computers and digital devices. Overbroad warrants — authorizing seizure of all digital devices in a location rather than specific devices related to the alleged offense — are a common basis for suppression motions in computer trespass cases. D.J. Rivera scrutinizes every search warrant and files suppression motions where the warrant was deficient or improperly executed.
Computer trespass cases are won or lost on technical evidence — network logs, forensic disk images, access records, and system architecture documentation. Most defense attorneys cannot meaningfully challenge this evidence because they lack the technical background to understand it. D.J. Rivera is different.
As a GIAC Certified Forensic Examiner (GCFE), Certified Ethical Hacker (CEH), and GIAC Penetration Tester (GPEN), D.J. Rivera understands exactly how computer intrusions are conducted, detected, and investigated — because he has the same training as the investigators. His D.Eng. in Cybersecurity Analytics from George Washington University and his experience defending critical networks for the US Marine Corps under US Cyber Command give him an unparalleled perspective on how to challenge the government's technical case.
Do not speak to investigators without an attorney. D.J. Rivera is available 24/7 for a free, confidential consultation.
Get Your Free Consultation Now