FREE ESSAY ON DELVING INTO COMPUTER CRIME

DELVING INTO COMPUTER CRIME

White-collar crime, specifically computer crime, is becoming more popular as computers
become more readily available. Crimes using computers and crimes against computers are
usually committed without fear of being caught, due to the detachment of the offender
from the victim.
Computer crime is defined as, "Criminal activity directly related to the use of
computers, specifically illegal trespass into the computer system or database of another,
manipulation or theft of stored or on-line data, or sabotage of equipment and data."(1).
This includes both crimes using computers and crimes against computers.
The people who commit these crimes are of a wide variety. Cyber-criminals can be put in
generally seven categories:
? Pranksters: These individuals perpetrate tricks on others. They generally do not intend
any particular or long-lasting harm. A large portion is juvenile.
? Hackers: These individuals explore others' computer systems for education, out of
curiosity, to achieve idealized social justice, or to compete with their peers. They may
be attempting to gain the use of a more powerful computer, gain respect from fellow
hackers, build a reputation, or gain acceptance as an expert without formal education.
? Malicious hackers (crackers): These individuals are intent on causing loss to satisfy
some antisocial motives or just for fun. Many computer virus creators and distributors
fall into this category.
? Personal problem solvers: By far the most common kind of criminal, these individuals
often cause serious loss in their pursuit of a solution to their own personal problems.
They may turn to crime after conventional problem-solving methods fail, or they may see
crime as a quick and easy way to solve their problems. "They generally believe that the
victim of the crime is rich enough to afford the loss and would not miss what was taken
or used. Disgruntled employees, angry about being fired or not receiving a raise they
felt they deserved, have also been known to "even the score" with their company by
disrupting their computer networks or program functionality fall into this category"(7).
? Career criminals: These individuals earn part or all of their income from crime,
although they do not necessarily engage in crime as a full-time occupation. Some have a
job, earn a little and steal a little, then move on to another job to repeat the process.
In some cases they conspire with others or work within organized gangs such as the Mafia.
The greatest organized crime threat comes from groups in Russia, Italy, and Asia. "The
FBI reported in 1995 that there were more than 30 Russian gangs operating in the United
States. According to the FBI, many of these unsavory alliances use advanced information
technology and encrypted communications to elude capture."(7).
? Extreme advocates: Better known as "computer terrorists," these individuals and groups
have strong social, political, or religious views and are intent on changing conditions
by engaging in crime. Their crimes usually involve violence against people or property
and are calculated to achieve a high level of publicity to bring attention to the
terrorists' causes. "To date, terrorists have rarely engaged in cyber crime, although the
Red Brigades in Europe came close by destroying more than 60 computer centers during the
1980s. Terrorist groups, especially the highly organized ones sponsored by rogue
countries such as Libya and Iran, are likely to turn their attention to our fragile
information, utility, and transportation infrastructures when their current methods lose
their impact."(7). Such groups could plan an attack on a worldwide basis, using
cryptography to communicate, and then carry out their acts through the Internet.
? Malcontents, addicts, and irrational and incompetent people: "These individuals extend
from the mentally ill to those addicted to drugs, alcohol, competition, or attention from
others, to the criminally negligent. In general, they are the most difficult to describe
and the most difficult to protect against. We have no way of determining who is
sufficiently irrational to trigger an attack against an organization or individual
because of a perceived affront. We also have no way of predicting negligence. Criminal
negligence is common in the abuse and misuse of computers. Programmers in New Zealand,
for example, were convicted of criminal negligence when they failed in their duty to
inform the captain of an airliner that they had reprogrammed his navigation system. He
flew the plane into a mountain in Antarctica that, according to his navigation computer,
was not supposed to be there, killing 80 tourists."(7).
Access to computer systems can be gained in many different ways. The simplest of these is
direct access. Being the programmer, developer or specialist working with the system puts
you in control of how the computer or network functions. Access can also be gained
through a method called cracking. Cracking is a method of finding and using somebody
else's username and password. In order to crack a password, "you can make a good guess,
try out a number of combinations, look for the combination (password) written someplace
nearby or…one might try to find an alternate way into the system, a 'back
door'"(2). Scanning is another way to "crack" information. Scanning is "[using] a
computer program that automatically generates a sequence of phone numbers, credit card
numbers, passwords or the like to try against a system entry test"(2). There are ways
around scanning, such as putting a limit of attempts one gets to enter the correct
password in the system entry test would stop the program from trying over and over again.
An additional way one might gain access in through piggybacking. Piggybacking is "getting
into a secured area by slipping in right behind someone who is cleared for access…
[Piggybacking] can happen if the person using a terminal ahead of you did not log off
properly, and her account is thus still active; you can go in"(2), basically it is using
another person's access to as it were your own. The piggybacker then has access to all
the past user's files and can be destructive if they choose and wipe out the account.
There are many different types of computer crimes, but there are basically two main
categories, crimes against computers and crimes using computers. "Crimes against
computers are usually based on the destruction of hardware and software or the theft of
computer technology."(2). Many people get mad at computers for many reasons. Computers
are based on human input, thus computers make mistakes. People sometimes take the anger
that builds up, after a computer has made a number of mistakes, out on the actual
hardware such as: a computer monitor, tower, keyboard, or mouse. Demolished computers
have been dropped, punched, kicked, and some even shot by a gun. Computer systems have
also been mutilated and destroyed to destroy data and records. This is not the best
method of destroying computer data. Although the system as a whole might be devastated,
the data can sometimes be restored through special techniques.
Crimes using computers are more prevalent. There are numerous crimes that can be
committed using computer, but they are not new crimes. The crimes were already in
practice before it's invention but new technology makes them easier to commit and
provides less of a chance of getting caught. Money is the root of a lot of crimes, for
instance, embezzlement is "the act of stealing money that is entrusted to you"(1), or
stealing from somebody that you work for. Banks are one of the best places to steal money
from because, obviously, that's where a large portion of money can be found. A great deal
of the money that a bank oversees is not physical cash; it is numbers in computers. Many
different and ingenious ways have been developed by computer criminals to embezzle money.
The simplest form is to electronically transfer funds from someone's account into your
own. The possibility of being caught doing this is very high because it is noticeable and
traceable. A method of embezzling called "The Salami Technique"(2) involves slicing small
amounts off of many different accounts (instead of just one big transfer) that won't be
noticed and putting the accumulating totals into one's own account. There is also a
"round-off" technique where the amounts taken for oneself from each account are
fractional and would otherwise kept by the bank as "round-off errors", such as 3/10th of
a cent but the small amounts build up over time. This can all be done with a patch or
block of programming code added to the banks' accounting program during a single session.
After the program is installed (or patched), all the criminal has to do is sit and wait.
The program can be activated by an internal timer being set for a certain date and time.
Fraud broadens the computer criminals havoc-reeking horizons and is defined as
"intentional deception"(2). Computers are probably the best means for trickery,
especially through the Internet. When an individual logs onto the Internet through and
ISP (Internet Service Provider), the only identity they are given is an IP (Internet
Protocol) address. Nobody knows anything about the person using that terminal. They can
fabricate any information they choose. Fraud includes, but is not limited to, creation of
false accounts, using any accounts for which you are not entitled to use, destruction of
records, et cetera.
The theft of information has also become a large problem in attempts to protect privacy.
Many corporations and government organizations have extensive databases on a great deal
of people. Information such as age, race, sex, social security number, address, telephone
number, credit card information, and basically anything that has ever been known about a
person is electronically stored and kept for reference. The problem with this data being
stored electronically is that if the system is compromised, the data can be copied and
stolen very quickly and can possibly be stolen over telecommunication lines. Phreaking is
a kind of theft of services. Phreaking a process used to "access the telephone services
illegally and run up considerable calling bills for which they are never charged"(2).
Using different tones, a computer can mock a request for a long-distance call, giving an
individual free long-distance.
Cyberstalking, defined as "The act or crime of willfully and repeatedly harassing another
person in circumstances that would cause a reasonable person to fear injury or death
because of expressed or implied threats"(1), is a relatively new problem. Irritating
others over the Internet is something that commonly occurs, but the word "repeatedly"
placed in front of that statement can make a big difference. If someone is causing a
nescience that interferes with ones' professional or personal life it is considered
stalking.
Catching the computer criminals is the tough part. There are "Computer Crime Stopper"
groups, hackers turned good, whose sole purpose and occupation is to track down and catch
computer criminals. Tracking computer activity is a hard thing to do, especially over the
Internet. There is no "trail" left for the criminal to be followed by. Usually the only
thing crime-stoppers have to go on are the IP addresses and telecommunication lines to
trace to find the origin of the signal, but the perpetrator is normally long gone by the
time authorities arrive.
Prevention is a crucial part in protecting the computers of today. Through secure
servers, which are "special computers [that] provide secure connections between networked
computers and outside systems,"(4) companies protect credit card and other personal
information of their clients. Encryption is a method of "encoding"(4) data using a set of
key (a mathematical formula), which is then sent to the receiving party. They have the
"decoding"(4) key to transform the data back into understandable data. Encryption works
very well, as long as the key doesn't fall into the wrong hands. Firewalls, "a safety
computer placed between a network and outside systems"(4), can deter break-ins from
external systems using usernames and passwords, but as we know they can be cracked with
some effort.
The current laws and regulations against crime do not apply to computer crimes. Although
some laws are twisted and contorted to apply to new situations as they arise, I feel that
new legislation needs to be put into place to apply to the crimes and criminals.
Cyberstalking is a good example of a computer crime that needs it's own legislation to
govern what is to be considered stalking and what are not over the Internet. Stalking
without a computer is clearly defined, both what stalking is and what the penalties are
for committing it, but communication over the Internet isn't as clearly regulated. Are 2
E-Mail's to a person that didn't want them considered stalking, and if so then why isn't
unwanted E-Mail from organizations considered soliciting? Statues need to be presented to
clearly outline what is wrong and what is okay. Instead of trying to apply unrelated laws
to fast-growing criminal opportunities, we should establish a basis for which all
computer crimes can be tried and prosecuted.
"It has been said that the Internet is the first empirically lawless domain of modern
life. Even with the most carefully crafted legislation, enforcing a law in a virtual
community creates unique problems never before faced by law enforcement agencies."(6).
Since the "means" of committing the crimes is different, should we consider different
punishments? In the past, convicted computer criminals have served generally light terms
for their crimes. Shouldn't embezzlement done by a machine, which a human caused it to
do, be the same as embezzlement done directly by the hands of a human? I guess one could
say that we are lucky that ALL crimes can't be committed over a computer, at least not
yet.
Bibliography
(1) Bowen, Mace. "Computer Crime." 9/14/99. http://www.guru.net/. Visited: 10/28/00.
(2) Edgar, Stacey L. Morality and Machines: Perspectives on Computer Ethics. Sudbury:
Jones and Bartlett Publishers, 1997.
(3) Jenson, Barbara. Cyberstalking: Crime, Enforcement and Personal Responsibility in the
On-line World. New York: Wiley Computer Publishing, 1996.
(4) Parker, Donn B. Computer Security. CD-ROM. Encarta Encyclopedia 2000. Microsoft
Corporation. 1993-1999.
(5) Parker, Donn B. Fighting Computer Crime: A New Framework for Protecting Information.
New York: Wiley Computer Publishing, 1998.
(6) Tribe, Laurence H. The Constitution in Cyberspace. New York: Warren & Computer
Professionals, 1991.
(7) U.S. Dept of Justice. "Cyber Crime." 5/23/00. http://www.cybercrime.gov/. Visited:
10/27/00.