Cyber-related misconduct raises a recurring question under military attempt law: at what point does activity on a computer or network become a criminal attempt rather than mere preparation? A specific version of the question is whether something like a login attempt is enough to support a conviction for an attempt under Article 80 of the Uniform Code of Military Justice. The answer depends entirely on the facts, because Article 80 distinguishes between preparation, which is not punishable as an attempt, and a substantial step toward the offense, which is. A login attempt can fall on either side of that line.
The Article 80 Framework Applied to Cyber Conduct
Article 80, codified at 10 U.S.C. 880, defines an attempt as an act done with specific intent to commit an offense, amounting to more than mere preparation, and tending to effect the commission of that offense even if it fails. To convict, the government must prove three things. There must be a specific intent to commit a particular underlying offense. There must be an overt act, a concrete act at an identifiable time and place. And that act must amount to more than mere preparation, meaning it must be a substantial step that strongly corroborates the criminal intent and represents a direct movement toward commission of the crime.
These principles apply to cyber conduct just as they apply to physical conduct. There is nothing about a keyboard, a credential, or a network that changes the underlying test. The challenge is mapping the familiar preparation-versus-substantial-step analysis onto digital actions.
Why a Login Attempt Is Not Automatically an Attempt Offense
Standing alone, a single login attempt is ambiguous. People type credentials for countless innocent or merely careless reasons, and the act of entering a username and password does not, by itself, reveal a settled criminal purpose. For that reason, an isolated login attempt, without more, is often best characterized as preparation rather than a punishable attempt. It may show interest or curiosity, but Article 80 requires both a proven specific intent to commit a defined offense and conduct that constitutes a substantial step toward it.
The government also has to identify what underlying offense was being attempted. An attempt charge is always an attempt to commit something specific. If the prosecution cannot tie the login activity to a clear intended offense, such as unauthorized access to a protected system, theft of information, or damage to data, the attempt theory struggles regardless of how the conduct is labeled.
When Login Attempts Cross the Line
Although a bare login attempt is often preparatory, login activity frequently does qualify as a substantial step when it is accompanied by facts that demonstrate intent and direct movement toward the crime. The analysis is holistic, and several factors commonly push login-related conduct into attempt territory.
Repeated, targeted attempts can be significant. A pattern of trying many passwords against a specific account, or systematically probing a particular protected system, looks far more like a direct effort to break in than a single mistaken entry. The use of tools or techniques designed to defeat security, such as automated credential testing or methods to circumvent access controls, similarly corroborates a criminal purpose. Evidence of stolen or improperly obtained credentials being used to access a system the accused knew he was not authorized to enter points strongly toward intent. And contemporaneous statements, messages, or planning that reveal the goal of the access can transform otherwise ambiguous keystrokes into clear evidence of an attempt.
In short, the question is not simply “did the accused try to log in,” but “do the login attempts, together with everything else, show a specific intent to commit a defined offense and a substantial step toward committing it.” When the surrounding circumstances supply that intent and that direct movement, login attempts can be sufficient.
Factual Impossibility Does Not Save the Accused
A defendant sometimes argues that the access could never have succeeded, for example because the account was disabled, the system was monitored, or the credentials would not have worked. Under Article 80, factual impossibility is generally not a defense. If the accused intended to gain unauthorized access and took a substantial step toward it, the fact that success was impossible for reasons unknown to him does not defeat the attempt. This is consistent with the general military rule that attempt liability turns on intent and conduct rather than on whether completion was achievable.
The Underlying Offense Still Matters
Because an Article 80 attempt is always tethered to an underlying offense, the strength of an attempt charge depends on clearly identifying and proving the elements of what was being attempted. In the military context, the underlying conduct might be charged in connection with offenses such as unauthorized access to or misuse of government information systems, larceny of data, or related misconduct, depending on the facts and the applicable articles and regulations. Defense and prosecution alike must keep the underlying offense in focus, because the substantial-step analysis only makes sense in relation to a specific crime.
Practical Guidance
For a service member facing an attempt charge built on cyber activity, the most productive defense usually targets the two soft points in the government’s case: whether the evidence truly establishes a specific intent to commit a defined offense, and whether the digital conduct crossed from preparation into a substantial step. Forensic detail matters enormously here, including who performed the actions, what was actually attempted, how many times, with what tools, and against what target. A careful reconstruction of the digital record often determines whether the conduct was ambiguous preparation or a clear attempt.
Conclusion
Preparatory acts in cybercrimes, such as a single login attempt, are not automatically sufficient for an Article 80 conviction, because the statute punishes only conduct that goes beyond mere preparation and constitutes a substantial step taken with specific intent to commit a defined offense. A bare, isolated login attempt is frequently preparatory and ambiguous. But login activity can readily support an attempt conviction when surrounding facts, such as repeated targeted attempts, the use of tools to defeat security, the use of unauthorized credentials, or revealing statements, demonstrate both the intent and a direct movement toward the underlying crime. The decisive question is always whether the conduct, taken as a whole, crossed the line from preparation into a substantial step.
Disclaimer
This article is provided strictly for general educational and informational purposes. It is intended to explain how the Uniform Code of Military Justice (UCMJ), the Rules for Courts-Martial, the Military Rules of Evidence, and related military administrative processes work as a matter of public legal education. It does not constitute legal advice, a legal opinion, or a recommendation about any particular case, and it is not a substitute for advice from a qualified military defense attorney who can evaluate the specific facts and command, service, and jurisdictional circumstances involved.
Reading this article, or contacting any website on which it appears, does not create an attorney-client relationship between the reader and any law firm, attorney, or author. Every court-martial, nonjudicial punishment action, administrative separation, and security-clearance matter turns on its own facts, the charged articles, the convening authority, the service branch, and the evidence, and outcomes vary widely from one case to another.
Military law also changes over time. The Military Justice Act of 2016 (effective January 1, 2019) and subsequent National Defense Authorization Acts renumbered and rewrote many punitive articles, revised the Article 32 preliminary hearing, and altered sentencing, clemency, and appellate procedures. Statutes, regulations, executive orders, the Manual for Courts-Martial, and decisions of the service Courts of Criminal Appeals and the Court of Appeals for the Armed Forces may have been amended, superseded, or reinterpreted after this article was written, and article numbers or procedures cited here may have changed.
For these reasons, no reader should act or decline to act based on this content without first consulting a licensed attorney experienced in military justice about their own situation. The author and publisher make no warranty, express or implied, as to the accuracy, completeness, timeliness, or current applicability of the information provided, and disclaim any liability for any action taken or not taken in reliance on it. If you are facing investigation, charges, or an adverse administrative action, time limits may apply, and you should seek qualified counsel promptly.