NASA astronaut Anne McClain allegedly logged into her ex-wife's bank account and then deleted the transaction history, while aboard the ISS. If so, what are the implications of the first cybercrime in space?
First Published 28th August 2019
In space, no one can hear you chuckle.
4 min read | Reflare Research Team
This week has seen a lot of major news outlets report that a NASA astronaut may have committed the first crime while in space. To make matters worse, the alleged crime can be classed as cybercrime. In this briefing, we will take a brief look at the oversensationalized details before getting into what actually matters in this case: The ambiguity of cybercrime jurisdiction.
What happened?
NASA astronaut Anne McClain had been on a mission to the International Space Station earlier in 2019. During this time, her ex-wife alleges that she logged into the ex-wife’s personal bank account. Since the two are in the process of divorcing and the account was allegedly not shared, this login could potentially be judged to have been criminal.
Ms. McClain counters that she accessed an account to which she was given access in order to verify that her child was cared for appropriately.
The issue is currently being investigated by NASA’s inspector general.
Why it doesn’t matter
There is nothing inherently different about this case than about any other alleged case of unauthorized access to computer resources. Had Ms. McClain for example been in Canada during the login attempt, the US authorities would still investigate since the alleged crime is a matter between two US citizens that went through a US bank. In a rush to publish a sensationalized headline, many news outlets assumed that her unusual location would complicate investigations in some form. To the best of our knowledge, no such complications are to be expected.
Why it does matter?
The jurisdiction affecting cyber crimes is fuzzy in general. For example, if a French citizen residing in the US connects to a remote desktop computer located in China to steal money from his or her Australian ex-spouse’s bank account with a Swiss bank, where should the crime be investigated?
What if the target was not a bank account but a server operated by a 3rd party in an off-shore location?
What if the exact location of the servers and individuals cannot be determined?
Unlike most crimes that are committed physically, the jurisdiction of cyber crimes is fuzzy. The case of Ms. McClair, for all the over-sensationalization, has shone a light on this issue which currently has no clear solution.
Since it would require a significant amount of cooperation between various countries to establish a general framework for cybercrime jurisdiction, we expect it to remain unclear for the foreseeable future. This in turn allows criminals to act with relative impunity until a solution can be found.