Computer Crime Research Center

staff/gva2.jpg

Criminalistic description of interference with work of computers without right

Date: March 18, 2004
Source: Computer Crime Research Center
By: Vladimir Golubev

... low control over information security, inefficient system of information security, indifference to violations of information security regulations and other are peculiar to possible situation of the considered crime.


Exposing features of situation occurred allows to determine the most important facts during examining scene of action, examining computer equipment and documents, voucher and interrogation of certain witnesses and solving problems on necessity of certain documents seizure, etc.

The property that defines illegal access to a computer is that place of indirect committing illegal action (objective aspect of corpus delicti) and harmful consequences place (place where results of illegal action will ensue) may not be the same. This happens almost in all cases of illegal access to a computer. In case of direct access mentioned places are the same. Such crime is often committed by employees of the company or organization. Therefore, computer crime can be transnational (transboundary): the crime is committed under one jurisdiction and consequences ensue under the other. It is necessary to note that computer facilitated crimes become more transnational, organized and group. Transnational feature of these crimes poses certain dangers to information security which is a compound of national safety of the country.



Data on traces of illegal access to a computer is the most important element of the criminal description. The traces of a crime are any changes of surroundings caused by committing a crime [7].



The property that defines traces of a crime is that they are negligibly examined by present-day police science of traces or clues because, in most cases, they are informative, i.e. they represent one or another modification in computer information: damaging, deletion, deterioration, alteration or suppression.

Therefore traces of illegal access to a computer are divided into to types: traditional traces (traces-images examined by police science of traces or clues, traces-substances, and traces-objects) and untraditional traces – information traces.

The first are material traces: hand-written notes, printed materials, etc. that testify to preparing and committing a crime. Material traces may be left on the computers (fingerprints, micro particles on the keyboard, disk drives, printer, etc.) and on magnetic carriers and CD-ROMs.

Information traces are formed in consequence of influence (damaging, deletion, deterioration, alteration or suppression) on computer information by accessing and represent any modifications of computer information related to committing a crime. First of all, they remain in magnetic information carriers and reflect modifications in the stored information (as compared to the initial information).

Results of antivirus and test software work are also information traces. These traces may be revealed during examination of computer equipment, programmers’ work notes and antivirus software logs. It is necessary to involve experts in such examination.

Information traces can be left in case of indirect (remote) access through computer networks. They appear because perpetrator should log in to connect to the remote network. All these logins are fixed in system log files. Also system determines user network address, software and its version. Besides, users usually give their e-mail addresses, real names and other data for network connection. This information is requested by system administrator (provider) to control connections to his server. This allows to identify personality of users penetrating into the network.


Traces showing illegal access to a network may be as follows: operations of renaming directories and files; changing size, contents, standard properties, date and time of creation; appearing of new directories and files, etc.

Targets of criminal encroachment in case of illegal access to a computer are: computers, systems, networks and computer information. In spite of the fact that computer information cannot be unconditionally regarded as a target of crime because it is not material, the author agrees that it is reasonable to widen general theoretic concept of target of crime. It is suggested to include things not only of material world, but also definite evenly existing phenomena, formations, computer information [8]. Computer information is text, graphic and any other information (data) that exist in electronic format, is stored in appropriate carriers and can be created, changed and used with help of computer. Computer information can be defined as information fixed in machine-readable medium or transmitted through communication channels in a format accessible by computer.

Personality of the criminal is important element of criminalistic description of computer crimes. Crime committer is minimal cumulative evidence describing the person that committed a crime and necessary cause criminal proceedings against him. In particular personality traits of a person and environment in its interaction successively define motivation of decision making about criminal activity in computer technologies sphere. Motivation includes a process of emergence, forming of reason and purpose for criminal conduct. It is necessary to examine the reason of criminal conduct as compulsion, that was formed under influence of social environment and personal vital experience, which is the internal direct reason of criminal activity, and expresses attitude of a person to the object of criminal activity [9].

Researches conducted by Computer Crime Research Center show that 33% of perpetrators aged under 20, 54% aged between 20 and 40, 13% were older than 40 years old [10].

Men are 5 times more likely to commit computer crimes. The majority of criminals have higher or incomplete higher technical education (53,7%), along with 19,2% of those that have other higher or incomplete higher education. [11]. Lately, the number of women engaged in these crimes is increasing. It is concerned with women’s occupations related to workplaces equipped by automated computer systems, women’s oriented positions (secretary, accountant, economist, manager, cashier, inspector, etc).

Conducted researches show:

52% of the established criminals had special training in field of automated computer information processing;

97% of public authorities and institutions employees, that used computer systems and information technologies in their everyday life;

30% of them had direct relation to computer means exploitation.

Thus it is possible to make the following conclusions:


Criminalistic description of illegal interference with work of a computer includes data on modus operandi and concealment of a crime, facts of a crime, data on motives and goals of committed actions, and also data on personality of the criminal.

1. It is reasonable to divide modus operandi of illegal interference with work of a computer into two groups: direct and indirect (remote) access to a computer. Two different ways of illegal interference with work of a computer each of them has definite specific features. This conditions peculiarities of operative search activity for each of them.
2. Operative information can be obtained during examination of typical ways of hindering investigation into the given category of crimes. Concealing traces of crime is the most informative from this point of view. This may be reflected in damaging, deletion, deterioration, alteration or suppression

3. Main goals and motives of computer crimes are as follows: profit, hooligan motive, revenge, commercial espionage and sabotage.

4. Among cyber criminals, nearly four in five are male. Most criminals have higher or incomplete higher technical education, and also other higher or incomplete higher education. Most of them aged between 20 and 40.
5. Search activity of an investigator on interference with work of computers is a complex of procedural and other actions directed to establishing relevant facts known to the investigator.

6. Among main objects of search in cases on illegal interference with work of a computer are as follows: persons committed illegal interference, instruments used for illegal interference, computer information, literature of the subject.

7. Among main search signs of persons committed illegal interference with work of computers are general signs (sex, age, nationality, special peculiarities, place of residence, occupation and other) and special (programming skills, knowledge of computer equipment, personal data on a criminal left by him in different computer systems and other).

8. There is a principal possibility for search of the computer equipment used for crime committing. At this, search signs are as follows: configuration of the computer used for crime committing, mobility of the used computer equipment, presence of certain network and peripheral equipment, certain software.



[1] V. Korzh, Methods of investigating economical crimes, committed by organized groups, criminal organizations, Investigator's Guideline, Scientific practical textbook, Kharkiv: "Licei" Publishing house, 2002, p.8.
[2] N. Shuruhnov, Criminalistic description of crimes, Criminalistics (topical issues), edited by Zuev, Moscow: 1988, p.119.

[3] B. Vekhov, Computer crimes: ways of commitment and investigation methods – Moscow: 1996, p. 49-105.

[4] V. Kozlov, Theory and practice of fighting computer crimes, Moscow: 2002, p. 114.

[5] V. Tsymbaluck, Latency of computer crimes, Fighting organized crimes and corruption (theory and practice),...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo