Types of computer crimeDate: November 25, 2005
Source: Computer Crime Research Center
Two photographs hung side by side on the wall. The first depicted a homicide detective's worst nightmare. A body lay twisted on the floor, a gaping wound in the chest. Across the room, on the floor, was a large pistol. On the white wall above the victim's body, scrawled in the victim's own blood, were the words, "I'll kill again, you'll never catch me."
The second photograph depicted the same room, the same victim. But in this photo, the wall was "clean." The gaping chest wound was gone, replaced with a small head wound from which blood trickled. The gun was clutched in the victim's hand.
Was this a vicious homicide, or a suicide? Which picture told the real story? Because the original photograph was taken with a digital camera, telling which photo was real, and which one was created by merely rearranging binary digits, may be difficult.
This is, of course, only a mock scenario. However, at a meeting of the Federal Computer Investigations Committee (FCIC) in 1991, a demonstration of such a scenario was provided . The Committee had been established by a handful of federal and state law enforcement personnel who were among the first to appreciate how emerging technologies were providing new opportunities for criminals and creating new challenges for law enforcement officials. For this group, the point of this demonstration was not lost: an apparently ordinary photograph may not be so ordinary, and one must be technologically astute enough to realize the potential for digital alteration.
The reliability of evidence is but one issue raised by emerging technologies. More importantly, the launching of malicious programming codes through global computer networks and international hacker attacks is no longer the fanciful idea of science fiction writers and screenwriters; it is existing reality. Often termed "computer crime," the offenses actually are the product of a merger between two related but distinct technologies—computers and telecommunications. The criminal potential is enormous, and the Justice Department's introduction to crimes committed in cyberspace was indeed a startling one.
II. EARLY CASES AND A FEDERAL INITIATIVE
In 1986, an astronomer at the University of California at Berkeley was assigned to solve a vexing but apparently minor problem at the Berkeley computer laboratory . Berkeley was running two accounting programs which kept track of the use of Berkeley computers and billed their users. Because these programs were tracking the same information, their results should have been the same. Yet for some unknown reason, there was a $.75 discrepancy.
Clifford Stoll's investigation revealed that an unauthorized user had penetrated the Berkeley system. This hacker had given himself an account by creating a user identification code in one accounting system, but had failed to create a similar account in the second system. Put another way, one accounting system recognized his presence and billed him while the other did not. Thus, the $.75 error.
Stoll, having already determined that there had been an unauthorized use of Berkeley's computers, contacted various federal law enforcement authorities. Not surprisingly, no federal agency expressed interest in devoting resources to a $.75 case. Undeterred, Stoll began his own investigation, keeping records of the hacker's activities and working with both local and foreign phone companies to trace the source of the attacks. Stoll ultimately discovered that the source of the attack was a German hacker, Markus Hess, who had been paid by the KGB to ferret out U.S. military secrets . Thus, both the law enforcement and intelligence communities learned two valuable lessons. First, networked information is at risk from outside access. Second, the financial loss to the victim does not necessarily determine the seriousness of the intrusion, and cases cannot be screened solely on the basis of financial harm.
The Stoll adventure turned out to be the first of three specific events that, in combination, served to galvanize federal law enforcement's computer crime efforts. The second event was the Morris worm . Robert Morris, a Cornell University student, developed a program in 1988 designed to attack computers throughout the Internet . After the worm penetrated the target computer, it would consume the computer's available memory, resulting in the shutdown of the computer. Before the worm could be neutralized, it had crippled approximately 6,200 computers and caused over 98 million dollars in damage. If Stoll's experience taught us that our information was vulnerable, the Morris worm proved that our hardware was equally at risk.
The third critical event was a 1989 attack on BellSouth, a regional Bell operating company, by a hacker group known as the Legion of Doom (LOD). By penetrating BellSouth's administrative computers, including the Loop Maintenance Operating System (LMOS) and the Computer Operating System for Mainframe Operations (COSMOS), the LOD gained the ability to alter, disrupt, and, according to some of its members, shut down local telephone service. Considering the critical importance of communication facilities in matters of national security and emergency preparedness, as well as the telephone's central role in American life, the LOD attack cast a dark shadow on the computer revolution.
Although the Hess, Morris, and LOD cases were handled successfully, it was clear that emerging computer and telecommunications technologies would pose new challenges for the law enforcement community. Ubiquitous computing (the widespread integration of computers into our daily lives) was not simply changing the way we live, but changing the way criminals conduct business. It was imperative that the federal government develop a comprehensive program to anticipate and respond to these changes. With this in mind, the Criminal Division of the Department of Justice (DOJ) proposed, and the Attorney General's Economic Crime Council endorsed, a Computer Crime Initiative. As a result, in September 1991 a distinct Computer Crime Unit was created within the General Litigation Section of the Justice Department. On October 13, 1996, this unit was elevated to section status, and renamed the Computer Crime and Intellectual Property Section. This section now consists of eleven prosecutors assigned to work full-time on computer crime.
But what exactly is "computer crime?" Although the term is not subject to a precise definition, computer crime denotes the use of computers by individuals in one of three ways. First, a computer may be the target of the offense. In these cases, the criminal's goal is to steal information from, or cause damage to, a computer. Second, the computer may be a tool of the offense. This occurs when an individual uses a computer to facilitate some traditional offense such as fraud or theft (for example, a bank employee may use a computer program to skim small amounts of money from a large number of bank accounts, thus generating a significant sum for personal use). Third, computers are sometimes incidental to the offense, but significant to law enforcement because they contain evidence of a crime. Narcotics dealers, for example, may use a personal computer to store records pertaining to drug trafficking instead of relying on old-fashioned ledgers.
Why the great concern about computer crime? First, history teaches that criminals will frequently abuse new technologies to benefit themselves or injure others. Automobiles are an apt example. Designed to provide transportation for law-abiding individuals, the automobile soon became a target (e.g., car theft, carjacking), a tool (e.g., the getaway car in a bank robbery), and a weapon (e.g., hit-and-run). Clearly, computers are following the same route.
Moreover, concern about computer crime is being fueled by recent statistics that reveal the sheer number of intrusions and the damage being caused.
III. THE SCOPE OF THE COMPUTER CRIME PROBLEM
Published reports estimating the number of computer incidents and the damage caused by computer criminals vary widely, but even the most conservative estimates suggest that both the number of incidents and the dollar losses are staggering.
Following the Morris worm incident of 1988, the Advanced Research Projects Agency (ARPA)  funded the Computer Emergency Response Team (CERT)  at Carnegie Mellon University to help ensure the availability and security of Internet resources. Their statistics indicate that, corresponding to the phenomenal growth of the Internet,  the number of security incidents reported to the CERT has increased by 498%, and the number of sites affected worldwide has increased by 702%. 
Three recent surveys of businesses further describe the depth of the problem. One survey of 246 companies revealed that the monthly rate of incidents involving the theft of proprietary information rose 260% from 1985-93 . In another survey, almost one-quarter of the 898 organizations queried indicated that they had experienced some verifiable computer crime within the preceding twelve months . In yet a third survey, 98.5% of the respondents indicated that their businesses had been victimized by computer criminals, with 43.3% reporting that they had been victimized more than twenty-five times. 
Alarming as these surveys are, security experts believe that most computer crimes are neither detected nor reported.  In fact, statistics compiled by one U.S. government agency supports this conclusion.  To test the security of this agency's computers, machines were deliberately "attacked." Of the 38,000 computers...
Add comment Email to a Friend