web.archive.org

computer crime: Information and Much More from Answers.com

  • ️Wed Jul 01 2015

Computer crimes encompass unauthorized or illegal activities perpetrated via computer as well as the theft of computers and other technological hardware. As firms of all sizes, industrial orientation, and geographic location increasingly rely on computers to operate, concerns about computer crime have also risen, in part because the practice appears to be thriving despite the concerted efforts of both the law enforcement and business communities to stop it. But computer experts and business consultants alike note that both international corporations and modest family-owned businesses can do a great deal to neutralize computer "viruses" and other manifestations of computer crime.

Many analysts believe, however, that small business owners are less likely to take steps to address the threat of computer crime than are larger firms. Indeed, many small businesses admit that they are passive about the threat because of costs associated with implementing safeguards and the perception that computer "hackers" and other threats are far more likely to pick on bigger companies. But as Tim McCollum flatly stated in Nation's Business, "companies increasingly are falling prey to hackers, computer thieves, software viruses, and, in particular, unauthorized and often illegal activities by their own employees. In fact, chances are that sooner or later most companies will become victims of high-tech crime …[and] when computer criminals strike, small-business victims can suffer relatively more than large corporations, whose bottom lines are more resistant to damage from any single theft of equipment or information."

Indeed, computer crime statistics in the United States are sobering. In 2000, for instance, a study commissioned by the Federal Bureau of Investigation (FBI) indicated that 85 percent of business respondents—which included companies of all sizes and orientations—said that they had been victimized by at least one computer-related crime in the previous year. These crimes ranged from problems of epidemic proportions, such as virus infection, to less prevalent but still serious problems like Web site defacement, denial of service attacks, financial fraud, sabotage, and network break-ins. The financial losses associated with computer crime more than doubled between 1999 and 2000 to reach $265 million. Other experts offer similarly grim evaluations of the hardware theft problem. A computer-insurance company in Ohio called Safeware, for instance, estimated that American businesses lost $1.4billion in 1996 to the theft of computers.

The Birth of "hacking"

Early use of the term "hacker" was applied to computer hobbyists who spent their spare time creating video games and other basic computer programs. However, this term acquired a negative connotation in the 1980s when computer experts illegally accessed several high-profile databanks. Databases at the Los Alamos National Laboratory (a center of nuclear weapons research) and the Sloan-Kettering Cancer Center in New York City were among their targets. The introduction of relatively inexpensive personal computers and modems helped make this pastime affordable; the use of regular telephone lines as accessways made it possible. Over time, the designation "hacker" came to be associated with programmers and disseminators of computer viruses, and the public perception of hackers continues to be one of lone computer experts with a taste for mischief or mayhem. But "hacking" has come to encompass a wide range of other computer crimes as well, many of them primarily grounded in efforts to make money. Indeed, the vital information kept in computers has made them a target for corporate espionage, fraud, and embezzlement efforts.

Internal and External Threats

As criminologist and computer-insurance executive Ron Hale indicated to Tim McCollum of Nation's Business, one of the most unsettling facts about computer crime is that the greatest threat to information security for small businesses is their employees. As McCollum noted, "a company's employees typically have access to its personal computers and computer networks, and often they know precisely what business information is valuable and where to find it." The reasons for these betrayals are many, ranging from workplace dissatisfaction to financial or family difficulties.

Computer crimes perpetrated by outsiders are a major threat too, of course, but whereas employees often abscond with sensitive information or attempt to benefit financially when engaging in illegal activities, outsiders are more likely to engage in behavior that is simply destructive (i.e., computer viruses). Some security experts believe that the continued threat of outside "hackers" is due at least in part to the growing number of employees who engage in "telecommuting" via modem and the swelling ranks of company networks hooked to the Internet. These connections can be used to infiltrate computer systems. The damage wreaked by outside intruders can be significant and wide-ranging. As Scott Charney, chief of the U.S. Justice Department's section on computer crime, told Nation's Business, many companies never find out that information has been stolen, while other businesses are heavily damaged by the incursion. Yet many companies do not report thefts and other security breaches that they do discover because they fear that the publicity will result in a loss of prestige and/or business.

VIRUSES. The most common outside threat to a business's computer network is the virus. Indeed, the National Computer Security Association (NCSA) estimated that in 1996, two out of three U.S. companies were affected by one or more of the estimated 16,000 computer viruses that were floating around the country at that time. "Viruses infect your machine by attaching themselves to programs, files, and start-up instructions," wrote Cassandra Cavanah in Entrepreneur. "There are two main types of computer viruses: macro and binary. Macro viruses are written to attack a specific program…. Binary viruses are either actual programs designed to attack your data or attach themselves to program files to do similar destruction. Binary viruses are the ones to be concerned with; they can reformat your hard drive, wipe out data and stop your operating system from working. The best way to fight these bugs is to avoid them—but in today's word of Internet downloads and e-mail file exchanges, this is an impossible task." Luckily for small business owners, a wide variety of anti-virus software programs are available at computer stores and on the Internet (the latter can be downloaded).

Security Measures

Computer security is concerned with preventing information stored in or used by computers from being altered, stolen, or used to commit crimes. The field includes the protection of electronic funds transfers, proprietary information (product designs, client lists, etc.), computer programs, and other communications, as well as the prevention of computer viruses. It can be difficult to place a dollar value on these assets, especially when such factors as potential loss of reputation or liability issues are considered. In some cases (e.g., military and hospital applications) there is a potential for loss of life due to misplaced or destroyed data; this cannot be adequately conveyed by risk analysis formulas.

The question most companies face, then, is not whether to practice computer security measures, but how much time and effort to invest. Fortunately, companies looking to protect themselves from computer crime can choose from a broad range of security options. Some of these measures are specifically designed to counter internal threats, while others are shaped to stop outside dangers. Some are relatively inexpensive to put in place, while others require significant outlays of money. But many security experts believe that the single greatest defense that any business can bring to bear is simply a mindset in which issues of security are of paramount concern. "Firewalls, security scanners, antivirus software, and other types of security technology aren't enough to prevent high-tech crime," said Nation's Business. "Real prevention begins by formulating a company security policy that details—among other matters—what information is valuable and how to protect it."

PROTECTION FROM INTERNAL THREATS. Whereas big corporations typically have entire departments devoted to computer system management, small businesses often do not have such a luxury. "In a small business, the system administrator could be anyone from a secretary to the CEO," wrote Lynn Greiner in CMA—The Management Accounting Magazine. "Whoever it is, you can almost guarantee it'll be a busy person who has the duties tacked on to his or her job description. And you can also almost guarantee that this unlucky soul will have few if any resources, and probably no training to help with the burden of keeping the corporate systems running. Fortunately, the technology has advanced to a level that allows administrators to ensure the stability and security of their computer systems, without spending too much time or money."

Common-sense measures that can be taken by managers and/or system administrators to minimize the danger of internal tampering with computer systems include the following:

  • Notify employees that their use of the company's personal computers, computer networks, and Internet connections will be monitored. Then do it.
  • Physical access to computers can be limited in various ways, including imposition of passwords; magnetic card readers; and biometrics, which verifies the user's identity through matching patterns in hand geometry, signature or keystroke dynamics, neural networks (the pattern of nerves in the face), DNA fingerprinting, retinal imaging, or voice recognition. More traditional site control methods such as sign-in logs and security badges can also be useful.
  • Classify information based on its importance, assigning security clearances to employees as needed.
  • Eliminate nonessential modems that could be used to transmit information.
  • Monitor activities of employees who keep odd hours at the office.
  • Make certain that the company's hiring process includes extensive background checks, especially in cases where the employee would be handling sensitive information.
  • Stress the importance of confidential passwords to employees.

PROTECTION FROM EXTERNAL THREATS. Small businesses also need to gird themselves against out-side intruders. "As with employee crime, the best protection against attacks by outsiders are matters of common sense," said McCollum. "Companies can buy a technological barricade called a firewall and position it between their internal networks and external ones, but hackers often can get in anyway because the firewall hardware and software are poorly configured or are not activated. One way to avoid these problems is to pay outside experts to carry out these complex configuration and installation chores." Of course, good firewalls tend to be expensive (some cost $20,000 or more), but lower cost alternatives have made their way into the marketplace in recent years.

The single greatest scourge from the outside is, of course, the computer virus. But business owners can do much to minimize the threat from viruses by heeding the following basic steps:

  • Install and use anti-virus software programs that scan PCs, computer networks, CDROMs, tape drives, diskettes, and Internet material, and destroy viruses when found.
  • Update anti-virus programs on a regular basis.
  • Ensure that all individual computers are equipped with anti-virus programs.
  • Forbid employees from putting programs on their office computers without company approval.
  • Make sure that the company has a regular policy of backing up (copying) important files and storing them in a safe place, so that the impact of corrupted files is minimized. Having a source of clean (i.e., uninfected by viruses) backup copies for data files and programs is as important as it is elementary.

A variety of sources exist to assist small business owners with virus protection and Internet security measures. For example, several Web sites provide free virus warnings and downloadable antivirus patches for Web browsers. The Computer Security Institute provides annual surveys on security breaches. Another useful resource is the National Computer Security Association, which provides tips on Internet security for business owners and supplies definitions of high-tech terms.

Small businesses seeking to establish Internet security policies and procedures might begin by contacting CERT. This U.S. government organization, formed in 1988, works with the Internet community to raise awareness of security issues and organize the response to security threats. The CERT Web site posts the latest security alerts and also provides security-related documents, tools, and training seminars. Finally, CERT offers 24-hour technical assistance in the event of Internet security breaches. Small business owners who contact CERT about a security problem will be asked to provide their company's Internet address, the computer models affected, the types of operating systems and software used, and the security measures that were in place.

Hardware Theft

Although computer viruses and other high-tech threats cause the most dread within the business community, the most common type of computer crime actually involves the theft of computer hardware. Unfortunately, employees are often the culprits with this type of crime as well, especially if they work shifts after business hours. Other losses are attributed to outsiders who abscond with computers through elementary breaking-and-entering means. Security experts, though, say that companies can do a lot to cut down on such losses simply by maintaining accurate and up-to-date equipment inventories; locking up hardware that is not in use; locking computers and monitors to desks; and attaching electronic tags to computers. The latter device emits a radio-frequency signal that can activate video cameras or set off alarms when the computer is removed from the premises. Finally, companies should make sure that they purchase adequate insurance.

Business travelers, meanwhile, need to keep a close eye on their notebook and desktop computers, which are highly coveted by thieves. Indeed, the allure of these portable computers is so great that thieves sometimes work in teams to get their hands on them. Airports and hotels are favorite haunts of thieves looking to make off with these valuable items. Security experts thus counsel business travelers to be especially vigilant in high traffic areas, to carry computer serial numbers separately from the hardware, and to consider installing locks, alarms, or tracing software.

Non-Criminal Security Threats

Of course, not all threats to computer well-being come from parties with criminal intent. Savvy small business owners will make sure that their computers—including data as well as hardware—are protected from environmental disaster (power surges, floods, blizzards, fires, etc.) and operator incompetence alike.

Any computer security program should include elements that reflect an understanding of the basic environmental conditions a computer requires in order to operate properly. Ensuring that the system receives adequate power is paramount. Drops in voltage or blackouts can occur due to utility switching problems, stormy weather, or other difficulties at the utility company. In such instances, computers may lose unsaved data or fall victim to "disk crashes." Computer systems can also be endangered by sharp increases in voltage, known as "spikes," which can seriously damage hardware. A variety of voltage regulators, surge protectors, grounding techniques, and filters exist to combat these problems. In the 1990s, intense activity centered on the development of uninterruptible power systems that use storage batteries to ensure a smooth transition between power sources in the event of power failure. Local area networks as well as individual computers can be protected by these devices.

Fire is another important threat to computer systems. Their susceptibility to fire damage is exacerbated by the flammability of paper supplies likely to be stored in close proximity. Plastics used in the manufacture of computers can produce explosive gases when exposed to high temperatures. Moreover, common fire prevention measures such as water sprinklers can further damage computers, especially if the computers are under active power. The use of fire-resistant construction materials, fire walls, vent closure systems, etc., are standard ways to mitigate the threat of fire. Carbon dioxide and Halon 1211 gas extinguishers are suitable for use near electronic equipment because they do not leave a residue.

Other physical security concerns include protection against excessive heat, humidity, and water, which can be introduced by flooding, burst pipes, and other unfortunate developments. Of course, computers and other electronic equipment also suffer damage from less dramatic sources, such as spilled coffee, airborne particles, and cigarette smoke, so coverings made of plastics and other materials have become standard in many firms that rely on computers. But these safeguards will be of little use in the face of more serious situations. Organizations vitally dependent on data processing facilities should prepare contingency plans for disasters such as hurricanes, earthquakes, or blizzards. Ideally, backup facilities should be located far enough away so that they will not be damaged along with the original system in the event of catastrophe.

Further Reading:

Avolio, Frederick M. "Building Internet Firewalls." Business Communications Review. January 1994.

Belsie, Laurent. "Firewalls Help Protect Internet from Attack of the Hackers." Christian Science Monitor. April 29, 1994.

Cavanah, Cassandra. "Get the Bugs Out: Cure Your Computer's Ills with Anti-Virus Software." Entrepreneur. September 1997.

"Develop a Company Policy." Nation's Business. November 1997.

Gibson, Stan. "Hacking: It's a Mad, Mad, Mad New World." eWeek. January 1, 2001.

Greiner, Lynn. "Small Business: Managing Your System." CMA—The Management Accounting Magazine. September 1996.

Karp, Josh. "Small Businesses Often Target of Cybercrime; Lack of IT Expertise Leads to Vulnerability." Crain's Chicago Business. February 19, 2001.

McCollum, Tim. "Computer Crime: The Era of Electronic Innocence Is Over." Nation's Business. November 1997.

Morgan, Lisa. "Be Afraid …Be Very Afraid—Malicious Attacks Are on the Rise, and Trends Are Harder to Predict." Internet Week. January 8, 2001.

Steffora, Ann, and Martin Cheek. "Hacking Goes Legit." Industry Week. February 7, 1994.

See also: Internet Security

This entry contains information applicable to United States law only.

The use of a computer to take or alter data, or to gain unlawful use of computers or services.

Because of the versatility of the computer, drawing lines between criminal and noncriminal behavior regarding its use can be difficult. Behavior that companies and governments regard as unwanted can range from simple pranks, such as making funny messages appear on the computer screen, to the manipulation of funds or data producing millions of dollars in losses. Early prosecution of computer crime was infrequent and usually concerned embezzlement, a crime punishable under existing laws. The advent of more unique forms of abuse, such as computer worms and viruses and widespread computer hacking, has posed new challenges for government and the courts.

The first federal computer crime legislation was the Counterfeit Access Device and Computer Fraud and Abuse Act (18 U.S.C.A. § 1030), passed by Congress in 1984. The act safeguards certain classified government information and makes it a misdemeanor to obtain through a computer financial or credit information that federal laws protect. The act also criminalizes the use of computers to inflict damage to computer systems, including their hardware and software.

In the late 1980s, many states followed the federal government's lead in an effort to define and combat criminal computer activities. At least twenty states passed statutes with similar definitions of computer crimes. Some of these states may have been influenced by studies released in the late 1980s. One report, made available in 1987 by the accounting firm of Ernst and Whinney, estimated that computer abuse caused between $3 billion and $5 billion in losses in the United States annually. Moreover, some of these losses were attributable to newer, more complicated crimes that usually went unprosecuted.

One set of especially destructive crimes— internal computer crimes — includes acts in which one computer's program interferes with another computer, hindering its use, damaging data or programs, or causing the other computer to crash (to become temporarily inoperable). Two common types of such programs are known in programming circles as worms and viruses. Both of these cause damage to computer systems through the commands written by their author. Worms are independent programs that create temporary files and replicate themselves to the point where computers grow heavy with data, become sluggish, and then crash. Viruses are dependent programs that reproduce themselves through a computer code attached to another program, attaching additional copies of their program to legitimate files each time the computer system is started or when some other triggering event occurs.

The dangers of computer worms and viruses gained popular recognition with one of the first cases prosecuted under the Computer Fraud and Abuse Act. In United States v. Morris, 928 F.2d 504 (1991), Cornell University student Robert T. Morris was convicted of violating a provision of the act that punishes anyone who, without authorization, intentionally accesses a "federal interest computer" and damages or prevents authorized use of information in such a computer, causing losses of $1,000 or more. Morris, a doctoral candidate in computer science, decided to demonstrate the weakness of security measures of computers on the Internet, a network linking university, government, and military computers around the United States. His plan was to insert a worm into as many computers as he could gain access to, but to make sure the worm replicated itself slowly enough that it would not cause the computers to slow down or crash. However, Morris miscalculated how quickly the worm would replicate. By the time he released a message on how to kill the worm, it was too late: some six thousand computers crashed or became "catatonic" at numerous institutions, with estimated damages of $200 to $53,000 for each institution. Morris was sentenced to three years' probation and four hundred hours of community service, and fined $10,500. The Supreme Court refused to review the case (Morris, cert. denied, 502 U.S. 817, 112 S. Ct. 72, 116 L. Ed. 2d 46 [1991]).

Morris's goal of attempting to prove a point through the clever manipulation of other computers is shared by computer hackers. Typically young, talented, amateur computer programmers, hackers earn respect among their peers by gaining access to varieties of information through telecommunications systems. The information obtained ranges from other individuals' E-mail or credit histories to the Defense Department's secrets.

A high-profile case in 1992 captured national headlines. In what federal investigators called a conspiracy, five young members of an underground New York City gang of hackers, the Masters of Deception (MOD), faced charges that they had illegally obtained computer passwords, possessed unauthorized access devices (long-distance calling card numbers), and committed wire fraud in violation of the Computer Fraud and Abuse Act. Otto Obermaier, the U.S. attorney prosecuting the youths, described their activities as "the crime of the future," and said he intended to use the case to make a critical statement about computer crime. The indictment contained eleven counts, each punishable by at least five years in jail and individual fines of $250,000. Supporters of MOD's civil liberties, including the Washington, D.C.-based Electronic Frontier Foundation, questioned whether the gang members had done anything truly illegal.

MOD members Paul Stira and Eli Ladopoulos pleaded guilty to the charges against them. They confessed that they had broken the law, but insisted that they had not done anything for personal profit. They were sentenced to six months in a federal penitentiary, followed by six months' home detention. John Lee and Julio Fernandez faced specific charges of illegally selling passwords for personal profit. Lee pleaded guilty and received a year behind bars followed by three hundred hours of community service. Fernandez bargained with prosecutors, offering them information on MOD activities, and thus received no jail time. Gang leader Mark Abene, notorious in computer circles by his handle Phiber Optik, pleaded guilty to charges of fraud. A New York judge sentenced Abene to a year in federal prison, hoping to send a message to other hackers. However, by the time Abene was released from prison in 1995, his notoriety had grown beyond the hacker underground. Many in the computer world hailed him as a martyr in the modern web of computer technology and criminal prosecution. Abene subsequently found employment as a computer technician at a New York-based on-line service.

Computer crime can become an obsession. Such was the case for Kevin Mitnick, a man described by federal prosecutors prior to his arrest as the most wanted computer hacker in the world. In the early 1980s, as a teenager, Mitnick proved his mettle as a hacker by gaining access to a North American Air Defense terminal, an event that inspired the 1983 movie War Games. Like the MOD gang, Mitnick gained access to computer networks through telecommunications systems. In violation of federal law, he accessed private credit information, obtaining some twenty thousand credit numbers and histories. Other break-ins by Mitnick caused an estimated $4 million in damage to the computer operations of the Digital Equipment Corporation. The company also claimed that Mitnick stole more than a million dollars in software.

Mitnick was convicted, sentenced to one year in a minimum-security prison, and then released into a treatment program for compulsive behavior disorders. Federal investigators tried to keep close track of him during his probation, but in November 1992, he disappeared. Authorities regained his trail when Mitnick broke into the system of computer security expert Tsutomu Shimomura at the San Diego Supercomputer Center — a move clearly intended as a challenge to another programming wizard. Shimomura joined forces with the Federal Bureau of Investigation to pursue their elusive quarry in cyberspace. Using a program designed to record activity in a particular database that they were sure Mitnick was accessing, while monitoring phone activity, Shimomura and authorities narrowed their search to Raleigh, North Carolina. A special device detecting cellular phone use ultimately led them to Mitnick's apartment. Mitnick was arrested and was charged on twenty-three federal counts. He plea bargained with prosecutors, who agreed to throw out twenty-two counts in exchange for Mitnick's guilty plea for illegally possessing phone numbers to gain access to a computer system. Mitnick was sentenced to eight months in jail.

Mitnick's case illustrates the difficulties legislatures and courts face when defining and assigning penalties for computer crime. Using a computer to transfer funds illegally or to embezzle money is clearly a serious crime meriting serious punishment. Mitnick broke into numerous services and databases without permission and took sensitive information, behavior that violates federal laws; however, he never used the information for financial gain. This type of behavior typically has no counterpart outside of cyberspace — for example, people do not break into jewelry stores just to leave a note about weak security.

See: e-mail.

Wikipedia: computer crime

Scale_of_justice.png
Criminal law
Part of the common law series
Criminal elements
Actus reus · Causation · Concurrence
Mens rea · Intention · Recklessness
Criminal negligence · Ignorantia juris…
Strict, Corporate & Vicarious liability
Crimes against people
Assault · Battery · Robbery
Sexual offences · Pimping · Rape
Kidnapping · Manslaughter · Murder
Crimes against property
Criminal damage · Arson
Theft · Burglary · Deception
Crimes against justice
Obstruction of justice · Bribery
Perjury · Malfeasance in office
Inchoate offenses
Attempt
Conspiracy · Accessory
Criminal defenses
Automatism, Intoxication & Mistake
Insanity · Diminished responsibility
Duress · Necessity
Provocation · Self defence
Other areas of the common law
Contract law · Tort law · Property law
Wills and trusts · Evidence
Portals: Law · Criminal justice

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity.

Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

Discussion

A common example would be when a person intends to steal information from, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Yet denial of service attacks for the purposes of extortion may result in significant damage both to the system and the profitability of the site targeted. A further problem is that many definitions have not kept pace with the technology. For example, where the offense requires proof of a trick or deception as the operative cause of the theft, this may require the mind of a human being to change and so do or refrain from doing something that causes the loss. Increasingly, computer systems control access to goods and services. If a criminal manipulates the system into releasing the goods or authorizing the services, has there been a "trick", has there been a "deception", does the machine act because it "believes" payment to have been made, does the machine have "knowledge", does the machine "do" or "refrain from doing" something it has been programmed to do (or not). Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed (consider the definition of wire fraud).

Issues surrounding hacking, copyright infringement through warez, child pornography, and paedophilia (see child grooming), have become high-profile. But this emphasis fails to consider the equally real but less spectacular issues of obscene graffiti appearing on websites and "cyberstalking" or harassment that can affect everyday life. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized or unintended person.

In R v Stanford (2006) EWCA Crim 258 the defendant was charged with the unlawful interception of e-mail communications to a public company under s1(2) Regulation of Investigatory Powers Act 2000. After his resignation as deputy chairman of the company, he was found to have intercepted e-mail to and from certain persons in that company. His defense under s1(6) was that the interceptions had been made at his request by the company's computer system administrator who was excluded from criminal liability because either he was a person who had a right to control the operation or use of the system (s1 (6) (a)) or because he had the express or implied consent of such a person to make the interception (s1(6)(b)). The Court of Appeal held that to "control" for the purposes of s1(6) meant to "authorize and forbid". An administrator only has the power physically to use and operate the system. There is no control in the management sense. The objective of s1 of the Act was to protect the privacy of e-mails. If anyone with unrestricted ability to operate and use a telecommunications system were exempt from criminal liability for intercepting communications, it would defeat the purpose of the statute.

E-mail and Short Message Service (SMS) messages are seen as casual communication including many things that would never be put in a letter. But unlike spoken communication, there is no intonation and accenting, so the message can be more easily distorted or interpreted as offensive. In England and Wales, s43 Telecommunications Act 1984 makes it an offense to use a public telecommunications network to send 'grossly offensive, threatening or obscene' material, and a 'public telecommunications network' is widely enough defined to cover Internet traffic which goes through telephone lines or other cables.

Secondly, a computer can be the tool, used, for example, to plan or commit an offense such as larceny or the distribution of child pornography. The growth of international data communications and in particular the Internet has made these crimes both more common and more difficult to police. And using encryption techniques, criminals may conspire or exchange data with fewer opportunities for the police to monitor and intercept. This requires modification to the standard warrants for search, telephone tapping, etc.

Thirdly, a computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators. Thus, specialized government agencies and units have been set up to develop the necessary expertise. See below for a link to the U.S. Department of Justice's website about e-crime and its computer forensics services.

Fraud

Main article: Computer Fraud

Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

  • altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
  • altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
  • altering or deleting stored data; or
  • altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.

Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.

Offensive Content

The content of websites and other electronic communications may be harmful, distasteful or offensive for a variety of reasons. Most countries have enacted law that place some limits on the freedom of speech and ban racist, blasphemous, politically subversive, seditious or inflammatory material that tends to incite hate crimes. This is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs, each convinced that their point of view has been unreasonably attacked. In England, s28 Crime and Disorder Act 1998 defines a racial group, following Mandla v Dowell-Lee (1983) 2 AC 548 (in which a requirement to wear a cap as part of a school uniform had the effect of excluding Sikh boys whose religion required them to wear a turban), as a group of persons defined by reference to race, color, nationality (including citizenship) or ethnic or national origin; and a religious group as a group of persons defined by reference to religious belief or lack of religious belief. Therefore, it is equally an offense to show hostility to a person who practices a particular faith as to a person who has no religious belief or faith.

Harassment

Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, harassment by computer, stalking, and cyberstalking). In England, in a broader form than s43 Telecommunications Act 1984, s1 Malicious Communications Act 1988 makes it an offense to send an indecent, offensive or threatening letter, electronic communication or other article to another person. Now, s2 Protection from Harassment Act 1997 criminalizes a course of conduct amounting to harassment which the defendant knows, or ought to know, amounts to harassment of another. If a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other, the knowledge will be imputed to the defendant. Although harassment is not defined, s7 states that it includes causing alarm or distress, and conduct is defined as including speech in all its forms. In DPP v Collins (2006) 1 WLR 308 the defendant repeatedly telephoned the offices of his MP on a wide range of political matters. In conversations with employees at the office and on messages left on the telephone answering machine, he used racist terms to show the frustration he felt at the way in which his affairs were being handled. No-one was personally offended, but the staff became depressed. Charged under s127(1) Communications Act 2003, the magistrates found that the terms were offensive but that a reasonable person would not find them grossly offensive. To determine whether any message content is merely offensive or grossly offensive depended on their particular circumstances and context, i.e. in the wider society which is an open and just multi-racial society, the test of offensiveness was objective.

More problematic are deliberate attacks which amount to defamation although, in March 2006, Michael Keith-Smith became the first person to win damages from an individual internet user after she accused him of being a 'sex offender' and 'racist blogger' on a Yahoo! discussion site. She also claimed that his wife was a prostitute. The High Court judge decided that Tracy Williams, of Oldham, was "particularly abusive" and "her statements demonstrated that ... she had no intention of stopping her libellous and defamatory behavior". She was ordered to pay £10,000 in damages, plus £7,200 costs. In general, libel is not treated as a criminal matter except when it may provoke the person defamed into retaliatory violence (see cybersmearing as it affects business [1]. All forms of unsolicited e-mail and advertisements can also be considered to be forms of Internet harassment where the content is offensive or of an explicit sexual nature. Now termed spam, it has been criminalized in various countries[2]

Drug Trafficking

Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms.

The Internet's easy-to-learn, fast-paced character, global impact, and fairly reliable privacy features facilitate the marketing of illicit drugs. Detecting money laundering of cash earned by drug traffickers is very difficult, because dealers are now able to use electronic commerce and Internet banking facilities. Also, traffickers have been using online package tracking services offered by courier companies to keep tabs on the progress of their shipments. If there happened to be some sort of undue delay, this could signal authority interception of the drugs, which would still allow the dealers time to cover their tracks. Law enforcement is also more deficient because illicit drug deals are arranged instantaneously, over short distances, making interception by authorities much more difficult.

The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.

Cyberterrorism

Government officials and IT security specialists have documented a significant increase in Internet probes and server scans since early 2001. There is a growing concern among federal officials that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them.

Even before the September 11, 2001, terrorist attacks, the U.S. government considered the potential threat of cyberterrorism serious enough that is established the National Infrastructure Protection Center in February 1998. This function was transferred to the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate to serve as a focal point for threat assessment, warning, investigation, and response for threats or attacks against US critical infrastructure, which provide telecommunications, energy, banking and finance, water systems, government operations, and emergency services. Successful cyberattacks against the facilities that provide these services could cause widespread and massive disruptions to the normal function of our society.

Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources. As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. At worst, cyberterrorist may use the Internet or computer resources to carry out an actual attack.

Documented Cases of Computer Crimes

  • The Yahoo website was attacked at 10:30 PST on Monday, 7 February 2000. The attack lasted three hours. Yahoo was pinged at the rate of one gigabyte/second.
  • On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks on Amazon.com, eBay, Dell Computer, Outlaw.net, and Yahoo. MafiaBoy had also attacked other websites, but prosecutors decided that a total of 66 counts was enough. MafiaBoy pled not guilty.
  • About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DoS attacks.
  • In 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and copy of the virus via e-mail to other people.

See also

Applicable laws

United States

  • ACCESS DEVICE FRAUD. 18 U.S.C. § 1029. Fraud and related activity in connection with access devices.
  • CAN-SPAM ACT. 15 U.S.C. § 7704. Controlling The Assault of Non-Solicited Pornography and Marketing Act of 2003.
  • EXTORTION AND THREATS. 18 U.S.C. § 875. EXTORTION and THREATS. Interstate communications.
  • IDENTITY THEFT AND ASSUMPTION DETERRENCE ACT of 1998. 18 U.S.C. § 1028. Fraud and related activity in connection with identification documents, authentication features, and information.
  • No Electronic Theft ("NET") Act. 17 U.S.C. § 506. Criminal Offenses. (criminal copyright infringement)
  • Digital Millennium Copyright Act of 1998 (DMCA) . 17 U.S.C. § 1201. Circumvention of copyright protection systems.
  • Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. (STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS)

Canada

United Kingdom

Australia

Others

Academic resources

Government resources

Other external links

References

  • Brenner, Susan W. "Is There Such a Thing as 'Virtual Crime'?" (2001) 4 Cal. Crim. Law Rev. 1 [4]
  • Dmitrieva, "Stealing Information: Application of a Criminal Anti-Theft Statute to Leaks of Confidential Government Information", (2003) Vol. 55, No. 4 Florida Law Review, 1043.
  • Jacobson, "Computer Crimes", (2002) Vol. 39 American Criminal Law Review, 273.
  • Standler,Ronald B., "Computer Crime", (2002)[5]
  • Reynolds, George. Ethics in Information Technology, (2006)
  • Solove, "Identity Theft, Privacy, and the Architecture of Vulnerability", (2002) Vol. 54 Hastings Law Journal, 1227.
  • Stair, Ralph and Reynolds, George. Fundamentals of Information Systems. 3rd Edition
  • Walden, Ian, Computer Crimes and Digital Investigations, OUP, 2007

This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)