Types of computer crime
Date: November 25, 2005Source: Computer Crime Research Center
By:
NextTaken together, these statistics have enormous implications for law enforcement for two reasons. First, they prove that the number of computer crime cases is growing as computer and network use increases. Second, and even more important, the current number of intrusions detected drastically underrepresents the scope of the problem.
This massive underreporting is about to change, however, and we anticipate that the number of reported incidents will increase exponentially. This is due, in part, to Computer Anomaly Detection Systems (CADS), computer programs which use the power of the computer to identify suspicious activity [16]. One recent test proved that for each intrusion identified by a system administrator, CADS identified over 100 more. CADS is a relatively new security measure, and one that is increasingly being used by system administrators. Computer crime professionals are just beginning to receive cases "opened" by the computer, and when the use of CADS becomes widespread, the numbers will be staggering.
Considering the large number of unreported intrusions, it is also not surprising that published reports estimating the damage caused by computer criminals vary widely. Again, however, even conservative estimates suggest that the losses are huge. As far back as 1991, it was believed that computer fraud was costing American businesses 5 billion dollars a year [17]. Reports from other countries were similar. For example, it was reported in 1991 that computer crime in the United Kingdom cost an estimated 2.5 billion pounds annually. [18] Although total losses remain difficult to calculate, more recent reports suggest that the growth in Internet use is paralleled by a corresponding rise in financial losses. In the United States, the losses are now estimated at $10 billion. [19] In the U.K., the British Banking Association has estimated that computer fraud is now costing businesses 5 billion pounds a year. [20]
The damage, however, cannot be measured in terms of dollars alone. As Clifford Stoll's book, The Cuckoo's Egg, makes clear, computer hackers pose a threat to the security of nations. [21] High-tech spying is becoming commonplace and hacker-spies are being actively recruited. When such hackers strike, they often do so by weaving through the communications network, and it may be extremely difficult to tell where they are coming from, what their motives are, who their employers are (if anyone), and what other locations they have attacked. Although Stoll's book documents a case of military espionage, these concerns are equally applicable to industrial espionage. Recently, nearly one-half of 205 of America's largest companies reported that their computers had been attacked and penetrated; 84% of these companies assessed their damages at upwards of $50,000 per incident [22]. With the increased use of computers and computer networks for developing and storing trade secrets, serious attention must be paid to this area.
Computer criminals have even threatened the public's general health and safety, as evidenced by recent attacks upon medical research data and patient files. In one virus incident, a British health authority lost vital information from its hematology department, and an Italian university lost almost a year of AIDS research data. [23] In the northeast United States, one large hospital was attacked by a virus, and more than 40% of its patient records were destroyed. [24] Exacerbating the public's new vulnerability to these viruses, now even traditional criminals are committing their crimes in new, exploitative ways. In the early 1990s a zoologist-turned-scam-artist received a two-and-a-half year prison sentence in absentia from Italian authorities following an fraud and extortion scheme involving 20,000 virus-infected disks. [25]
In light of the many ways that computers can be misused, how do we more accurately determine the scope of the problem? One answer lies in centralized reporting. Within the government, the private sector, and the academic sector, CERTs [26] have been created. Because reporting to a CERT allows the victim to obtain immediate technical assistance, victims naturally are more likely to report intrusions. To the extent that the CERTs see a pattern in the reports—for example, a certain virus may be widespread—they can assist in repair by contacting other victims and experts who may be working on the same problem. There are now many CERTs, each having its own domain or area of concern. These individual CERTs have organized the Forum of Incident Response and Security Teams (FIRST) to coordinate their efforts.
Although centralized reporting will ultimately provide more accurate statistics, it will still not represent the full scope of the problem. Unfortunately, many victims remain unwilling to report cases of computer abuse, and this makes it more difficult to quantify precisely the amount of damage perpetrated by computer criminals. The reasons for such nonreporting vary. In some cases, it is a simple business decision. The damage may be too minimal to justify the expenditure of time and staff necessary to pursue a criminal prosecution. Or the effect on a company's stock value may be too great. Alternatively, the business may decide to handle the matter administratively or internally, especially if it can be made whole by some administrative settlement. Some firms are simply embarrassed; they are concerned that bad publicity may be generated by a public airing of the incident. Others fear that exposing their system's vulnerabilities will merely encourage additional hacker attacks.
While we are not oblivious to various business concerns, we strongly encourage victims to report all criminal law violations. Equally important, we ask that crimes be reported immediately upon detection, for time is often of the essence in high-tech cases. When incidents are not reported, follow-up investigations are impeded, and the problem is likely to get much worse much faster.
We are also aware that victims sometimes fail to report high-tech crimes because of a widespread misconception that government officials do not understand computer crimes well enough to prosecute the computer criminal. While there may have been some truth to this view five years ago, the DOJ's recent successes and extensive training programs demonstrate that this is an outdated perception. Indeed, it is important in this regard to understand the ongoing law enforcement challenge, and what is being done to meet it.
IV. UNDERSTANDING THE LAW ENFORCEMENT CHALLENGE
The increased use of computers and computer networks has raised significant challenges for law enforcement personnel. Even a relatively mundane computer use, such as a drug dealer storing records on a personal computer, raises challenges for investigators. While any federal agent can open a ledger book and begin reading paper entries, not every federal agent should be searching that personal computer. In fact, the agent executing the electronic search may not be familiar with the criminal's hardware and software, the special techniques that can be used to hide data, [27] and the special utilities that may aid his or her search efforts 28].
In fact, the different ways in which criminals can use computers has created many new challenges, not only for law enforcement, but for computer security professionals as well. Although the list is not all-inclusive, some of the following issues are critical.
A. The Shift to an Intangible Environment
The shift from a corporeal environment—where items are stored in a tangible form that can be physically carried, such as information written on paper—to an intangible, electronic environment means that computer crimes, and the methods used to investigate them, are no longer subject to traditional rules and constraints. Consider, for example, the way the crimes of theft and criminal mischief have changed. Before the advent of computer networks, the ability to steal information or damage property was to some extent determined by physical limitations. A burglar could only break so many windows and burglarize so many homes in a week. During each intrusion, he could take away only what he could carry. While this conduct is by no means trivial, the amount of property he could steal or the amount of damage he could cause was restricted by physical limitations.
In the information age, these limitations no longer apply. Criminals seeking information stored in networked computers with dial-in access can access that information from virtually anywhere in the world. The quantity of information that can be stolen, or the amount of damage that can be caused by malicious programming code, may be limited only by the speed of the network and the criminal's equipment. Moreover, such conduct can very easily occur across state and national borders.
The lack of physical boundaries not only creates opportunities for criminals, but raises novel issues for law enforcement personnel. For example, when agents seek a search warrant, Rule 41 of the Federal Rules of Criminal Procedure requires that they seek the warrant in the district where the property to be searched is located. In other words, if agents wish to search a file cabinet in lower Manhattan in New York City, they would apply for a warrant in the Southern District of New York.
But suppose an...
Add comment
Email to a Friend
