Computer Crime Research Center


Criminalistic description of interference with work of computers without right

Date: March 18, 2004
Source: Computer Crime Research Center
By: Vladimir Golubev

... information is processed.

The second group includes ways of indirect (remote) access to information. Access without right to certain computer or information is made via computer networks from another computer, located at certain distance. Ways of indirect (remote) access are:

1. Connecting to telecommunication cables of authorized user (i.e. phone line) and obtaining access to his system.
2. Penetrating in other information systems by automated picking out of phone numbers of subscribers with further connection to their computers (picking out is carried out till the criminal receives the answer of the modem on the other side of phone line).
It is necessary to note that attempt of unauthorized access may be detected easily. That’s why similar hack is carried out from several workplaces: at specified time several (more than 10) PCs perform attempt of unauthorized access. System security may prevent several “attacks” and others get desirable illegal access. One of the penetrated computers blocks network logging system that fixes all access attempts. In a result other penetrated computers may not be detected and allocated. Some of them start to hack a certain sub network, other carry out fake operations in order to hinder functioning of the enterprise, institution, authority and cover up crime [6].
3. Penetrating in computer network with help of passwords, pretending to be an authorized user. Using this method violators crack password on purpose to access other’s computer. There is a number of specially developed software for these purposes. They may be purchased on the ”shadow” computer market. Having got the right password (it takes less than 24 hours for choosing 8-digit password), illegal user obtains access to computer information and may use it whatever he likes: copy, delete, deteriorate, modify or suppress computer data, perform operations like wire transfers, forgery of payment orders, etc. as the authorized user.

One of the most spread instruments of illegal access to a computer is computer itself. World Wide Web recently became the other widespread tool.

Two Kazakhstan men have been arrested in London for allegedly breaking into Bloomberg L.P.’s Manhattan computer system in an attempt to extort $200,000 from the business news service and its owner, Michael Bloomberg. Oleg Zezov, who was employed by Kazkommerts Securities in Almaty, Kazakhstan, and Igor Yarimaka were arrested in August 2000 on two extortion related counts and one count of computer intrusion. According to the complaints, Michael Bloomberg was part of a sting operation at a London hotel during which the defendants were arrested. They are currently being held in Britain and the United States is seeking their extradition. Zezov allegedly entered Bloomberg’s system through computers in Almaty. In the spring of 1999 Bloomberg provided database services, via a system known as Open Bloomberg, to Kazkommerts Securities. Zezov is one of four individuals at Kazkommerts associated with Kazkommerts contract with Bloomberg. Criminals believed they could intimidate companies with threats of computer hacking and/or the spreading of malicious accusations, Bloomberg said in a statement. This global operation showed that private industry can stand up for its property rights and does not have to submit to such blackmail. The complaint against Zezov allege that he sent a number of e-mails to Michael Bloomberg demanding that Bloomberg pay him $200,000 in exchange for revealing information about how he infiltrated the company’s computer system. One of the e-mail addresses Zezov used to contact Bloomberg was On March 27, a Bloomberg representative contacted the FBI and said that Michael Bloomberg had received e-mail from an individual using the address and identifying himself in the text of the letter as Alex. Prosecutors alleged that Zezov was the author of the e-mail. In the e-mail, Zezov allegedly said he was not a criminal but intended to help you understand some drawbacks of your system. Among these was that Bloomberg Traveller, a smaller, more portable version of a Bloomberg terminal, had security problems. The same day, Bloomberg received a multi-page fax that consisted of a printout of Bloomberg computer screens containing personal information about Michael Bloomberg, including his employee identification photograph, his computer username and password at Bloomberg and credit card numbers. Bloomberg officials told the FBI that his information was only accessible to certain authorised persons and was not among data available to Bloomberg clients. At the direction of the FBI, Michael Bloomberg replied to the address stating he was interested in the information and asking how to arrange for payment. In an April 3 e-mail, Zezov allegedly demanded $200,000 and Bloomberg responded that they should meet in person. Zezov then allegedly demanded that Bloomberg deposit the money in an offshore account. Bloomberg, at the FBI’s direction, opened an account in Deutsche Bank in London and deposited the sum. While Zezov was able to confirm that the account had been opened, he could not withdraw any funds. Zezov said he wanted control over the account and Bloomberg then suggested they resolve the matter in a face-to-face meeting in London. Zezov and Yarimaka flew from Kazakhstan to London and met with Bloomberg on Aug. 10 at the Hilton Hotel. Bloomberg was accompanied by two London police officers, one posing as a Bloomberg executive and the other serving as translator. Zezov introduced himself as Alex and Yarimaka said he was a former Kazakhstan prosecutor representing Alex in the payment matter. The defendants allegedly reiterated their demands at the meeting and were arrested.

As it was already noticed, interference in computer, computer system and network operation without right may be connected to violating or threatening a person. Violating or threatening a person may take place in case of direct, indirect or mixed methods of committing computer crime. At that, subject to violating or threatening are both authorized user of computer system and other person related to computer equipment. Direct access to computer information connected to violating or threatening a person may occur in case when authorized user of other person after violating or under the threat of which, are forced to commit interference in computer, computer system and network operation without right. The damaging, deletion, deterioration, alteration or suppression of computer data without right is performed on the computer where information is stored. Indirect access to computer information connected to violating or threatening a person will take place in case of direct or electromagnetic interception of information from computer where it is stored (with further copying, deletion, alteration and suppression of computer data without right) is committed by a person, suffered violation. This action may be not compulsory committed by a person suffered violation in full extent. It is enough only to obtain passwords, ids, access cards, etc. Mixed methods of interference in computers, computer systems and networks operation without right may be committed the same way. For instance in case of physical influence (or threat) on programmers (operators) on purpose of inputting unplanned commands in program or its alteration: if violence occurs in order to detect flaws in security system, or other kinds of mistakes related to program structure, for its further use without right.

Crime concealment is an activity (element of criminal activity) directed to hinder investigation by concealing, destructing and falsifying traces of crime and their carriers [6].

Methods of concealing illegal access to a computer are fairly determined by ways of its commitment. In case of direct access to a computer, concealing traces of crime is destruction of traces left (fingerprints, footsteps, micro particles and so on). In case of indirect access to a computer, concealing lies in modus operandi that embarrasses detection of illegal access. This is achieved by using other’s passwords, logins, etc.

Instruments of illegal interference with work of a computer, system and network are computer facilities and special computer software. It is necessary to distinguish instruments of direct and remote access.

Instruments of direct access are as follows: computer information carriers, all means of overcoming systems of information protection. At that, each category of protection means (organizational technical, software technical) corresponds to its own set of instruments of illegal interference with work of a computer.

Instruments of remote access are as follows: network facilities (in case of unauthorized access from local networks), facilities of access to remote networks (communication devices, modems).

Data on circumstances of the offence are significant for analysis and investigation into illegal access to a computer, i.e. situation of committing such unlawful actions.

On our opinion, situation of illegal access to a computer is composed of material, technical, space, time, socio-psychological circumstances of committing considered crime.

Extra factors describing conditions of committing illegal access to computer information may be as follows: presence and state of computer protection means (organizational, technical, software), discipline, demands of the management on observance of rules and regulations of information security and service of computers, etc.

Low organizational technical level of business function, low control over information security, inefficient system...

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo