Types of computer crime
Date: November 25, 2005Source: Computer Crime Research Center
By:
NextThe training provided to the agents and prosecutors assigned to information technology crimes never ends. They start with the fundamentals—basic computer and telecommunications hardware and software training—and move on to more advanced topics—SS7 and TCP/IP protocol training [36] The goal is not to make them computer experts, but to ensure that they can understand the terminology used by the perpetrators and victims, interact intelligently with witnesses, and present their case in understandable terms to judges and juries.
Although training agents and prosecutors is of primary concern, part of our educational program entails speaking to computer security professionals with whom we share interests and concerns. These public appearances are significant for two reasons. First, they help us to appreciate the forces at work in the computer community and the effect they have on law enforcement. For example, the shift from "open systems" which promote connectivity and interoperability to "open but secure systems," which more strictly limit computer abuse, will create new and significant sources of evidence (for example, an intrusion detection system may provide a comprehensive record of an intruder's conduct). Our contact with computer security professionals has also allowed us to understand why, from a law enforcement perspective, security appears lax at so many computer sites: it is hard to justify the cost of security when the threat, although real, has not yet affected the day-to-day operations of a business. It is often not until an individual site is actually victimized that corporate management reacts to the computer crime problem.
The second purpose of our public appearances is to allow us to explain to computer professionals what they should expect from law enforcement if they do become a victim of computer abuse and seek our assistance. Law enforcement is continually striving to conduct thorough investigations with minimal disruption to agencies or businesses. Still, computer professionals must recognize that it is simply not possible for investigators and prosecutors to become instant experts in every type of system, in light of the wide array of computers and operating systems on the market. For instance, in the Legion of Doom case,[37] the successful prosecution would have been impossible without the perseverance, expertise, and support of BellSouth. Therefore, we will often need the victim to assist us in our efforts.
Exactly what assistance will we need? In every criminal case, we must prove both that a crime occurred and that a certain individual, or group of individuals, is responsible. Put another way, we must ascertain what was done by whom. If there was damage to a computer system, we need to know the extent of the damage and the cost of repair. If information was stolen, we need to know the type of information, how it was stolen, and its value.
How we prove identity depends upon how the crime was committed. If we suspect an insider, we will interview employees to discover who had both an opportunity and a motive to commit the crime. If an outsider is suspected, we will often be required to work closely with the telephone companies and Internet service providers to pinpoint the source of the attack. If this is the case, the victim can again provide assistance. If a computer system is actively maintaining audit trails, [38] as many do, they may provide a significant starting point in such an investigation by showing the port of entry. [39] If the victim's employees have had personal contact with the intruder, as is sometimes the case, this too will be important.
B. Domestic Coordination
The speed with which an individual engaging in computer crime can cross interstate or international boundaries to commit massive theft or cause widespread damage raises yet another concern for law enforcement: investigative coordination. Since a hacker can quickly move from state to state utilizing existing circuit-switched and public data networks,[40] many different victims may, in short order, be reporting intrusions to federal and local authorities, thus leading to parallel investigations. At the federal level alone, multiple agencies may have jurisdiction over the same federal offense. For example, the Computer Fraud and Abuse Act specifically grants concurrent jurisdiction to both the FBI and the Secret Service. [41] Additionally, if the victim is a government agency, both agency personnel and that agency's Inspector General may conduct an investigation into the hacker's conduct. In such circumstances, there is always the risk that investigators from the different agencies may unnecessarily duplicate efforts or, even worse, inadvertently interfere with one another.
The ability of computer criminals to cross state boundaries easily requires that law enforcement carefully coordinate all computer crime investigations. The same centralized reporting that is enabling us to better understand the scope of the computer crime problem also enables us to allocate resources carefully and handle multidistrict investigations. Routinely, members of the Justice Department's Computer Crime Section, the FBI, and the Secret Service share information regarding ongoing computer crime investigations. The goal is to ensure that all multidistrict or multiagency cases are coordinated from a central point or, in the vernacular, that the left hand always knows what the right hand is doing. To assist in this effort on the prosecutorial side, the United States Attorney's Offices around the country are required to report all computer crime investigations and prosecutions to the Justice Department's Computer Crime Section.
C. International Coordination
Domestic coordination solves only part of the problem. Succinctly put, computer crime is a worldwide problem calling for an organized international response.
Not surprisingly, heavily computerized countries are frequently victimized by computer-related crimes such as viruses. Less-developed countries are not immune, however. As these nations begin to computerize, they too become fertile ground for hackers. The vulnerability of both modern and modernizing nations has been highlighted by recent events:
* A Christmas card message sent over BitNet, the international aca demic computer network, landed in 2,800 machines on five conti nents, including IBM's internal network. It took only two hours for the benign virus to spread 500,000 infections worldwide, forcing IBM to shut the network down for several hours to make repairs. [42]
* Pirate bulletin boards contain information regarding computer vul nerabilities and are being used to develop and perfect new computer viruses. Such bulletin boards have been found throughout the United States as well as in Bulgaria, Italy, Sweden, and the former Soviet Union [43].
* In China, it was reported that a computer hacker defrauded a Chi nese bank of approximately $200,000 through money transfers [44].
* Recent reports indicate highly prolific virus writers are working in Bulgaria. [45]
As on the domestic front, international computer offenses differ from traditional international crimes. First, they are easier to commit. In the narcotics context, for example, the product must be carried physically, which requires human effort, vehicles for conveyance, and a route of passage between nations. Each of these requirements poses difficulties for criminals and offers opportunities for law enforcement. We are often able to dismantle a narcotics network by apprehending a courier at the border and then turning this individual against his employers.
Such opportunities simply do not exist in the computer context. Hackers are not hampered by the existence of international boundaries because property need not be physically carried, but can be shipped covertly via telephone and data networks. A hacker needs no passport and passes no checkpoints. She simply types a command to gain entry. Additionally, there is little need for manpower because a hacker, working alone, can effectively steal as much information as she can read.
Second, computer crime has not received the emphasis that other international crimes have attracted. For an international program to be effective, the nations involved must recognize that the criminal conduct in question poses a domestic threat and that international cooperation is necessary to respond effectively to the problem. In the United States, one of the most heavily computerized nations in the world, our society has not until recently mobilized against computer criminals, despite having been the frequent target of such computerized attacks for years. [46] Although our society has now recognized the seriousness of the threat, it is not surprising that other, less computerized countries have not yet joined in our chorus of concern.
The result is that many countries have weak laws, or no laws, against computer hacking. This is a major obstacle to international cooperation because countries without computer crime laws are often reluctant to devote significant resources to investigating such offenses.
For that reason, the United States has joined international efforts to raise public consciousness about computer crime and encourage other countries to enact or strengthen their computer...
Add comment
Email to a Friend
