Natalia Akhtyrskaja , Ph.D.
Criminalistic Analysis in Computer Crime Investigation
Information security is becoming a problem of top priority in system of national safety and the new unified state policy in this sphere demands priority consideration.
Dangerous information influences should be divided into two kinds. The first is related to loss of valuable information that reduces efficiency of own activity or raises efficiency of the opponent, the competitor. When information influences the consciousness of people, we speak about disclosure of the state secrets, recruiting of agents, use of special measures and means for listening, use of lie detectors, medical, chemical and other influences on mentality of the person with purpose to force him to tell or forget something. Safety from this information influence is provided by agencies of censorship, counterespionage and other subjects of information security. If technical systems are source of information we refer to technical intelligence, or espionage (interception of telephone conversations, radiograms, signals of other communications), penetration into computer networks, databanks. The National Security Agency of the USA is engaged in similar activity, spending about 15 billion dollars annually. Counterintelligence services and institutions providing theoretical and practical protection of computer facilities, communication systems also carry out counteraction to high-tech intelligence.
Other kind of information influence covers introduction of negative info that can lead to dangerous wrong decisions. It also can force to do harm, even to push to suicide, and drive society to accident. Special services of information technical counteraction should provide information security for threats of this kind. They should neutralize actions of misinformation, stop manipulation of public opinion and reduce consequences of computer attacks.
Means of information security provide protection of control systems, communication, computer networks, interception avoidance and prevention of data theft.
Bases of information security may include: legality, balance of interests of the person, society and the state, unified integrated approach, integration with international systems of security, economic efficiency.
Consideration of information security applying system approach allows to see difference of scientific and traditional senses of this problem. In everyday life information security is understood only as necessity of fight against leakage of private (confidential) information, and also with distribution of false and hostile data. Comprehension of new information dangers, especially technical has not occurred yet in society.
Development and introduction of information technologies in various spheres of social life, as well as any other scientific and technical achievements, quite often brought not only comfort, but also dangers. Today it is possible to allocate the most essential groups of IT dangers caused by achievements of scientific and technical progress.
The first group refers to rapid development of a new class of weapon. It is information capable to efficiently influence on mentality, consciousness of people, and on IT infrastructure of society and armed forces.
The second group of IT dangers to the person, society, the state is a new class of social crimes based on use of modern information technologies (e-money fraud, computer hooliganism, etc.). Experts reckon computer to be the most promising mean of a crime. In the advanced countries practically all monetary operations are carried out via computer systems and networks. Credit cards are becoming widespread replacing usual money. Cards forgery, theft with help of computers became original disaster in the USA, Italy and other countries. Companies, especially banks, are often more eager to hide the facts of computer theft as they are afraid of possible falling trust of investors, shareholders, partners. Therefore official statistics shows that true volume of losses is almost unregistered. Victims frequently do not suspect that they were robed. Experts believe that in the USA banks losses from computer theft are four times greater than losses from cases of armed robberies. For last 10 years annual losses increased more than in 20 times and now make up tens of billions dollars.
Application of the general method of investigation assumes reception of the scientific - empirical data not only in area of criminal practice, but also in field of solution, investigation and prevention of crimes. In this sense criminalistics is interested in comprehension of investigational structure, situationally caused investigatory tasks, programs of actions of criminals. In turn it causes registration of significant information in sphere of crime investigation, accumulation of the empirical data and its formalization on the basis of the system structural analysis of investigation process according to separate categories of crimes. This requirement is dictated by how fully, rationally, productively, quickly investigation of crimes is carried out . Foreign forensic scientists also point out necessity of comprehension of patterns concerning crime investigation . Thus it is necessary to consider only those interrelated elements which concern sphere of proving and essentially influence on taking tactical criminalistic decisions on the case alongside with data on patterns of corresponding categories of crimes.
Considering the given problem, it is possible to assert confidently that only summarizing of investigatory practice can give the bases for classification of separate elements of criminalistic character of a crime and establish correlation dependences between them. So, the analysis of investigatory practice gives the basis to classify ways of swindle with plastic cards.
First way. Swindlers use devices which are connected to ATM (cash dispenser) and get data on cards. In due time in Moscow a group of offenders that have mounted special nozzles which looked like original buttons on keyboards of ATM was disclosed. The owner of a card withdrew money from the account without any problems, but the counterfeit keyboard recorded all pressed keys, including PIN-code.
Second way. Offenders used the other device, Englishmen name it "Lebanese loops", plastic envelopes which size is little bit bigger than size of a card. Offenders put it in a slot of ATM. The owner of a card tries to withdraw money, but ATM cannot read data from a magnetic strip. Besides it is impossible to take a card out because of the specific design of an envelope. At this time the offender comes and tells that it happened to him too last day. He says that it is necessary to enter PIN-code and press Cancel two times to get a card back. The owner of a card does so and certainly ATM returns no card. Then he decides that the card remains in ATM and leaves. The swindler gets a card with the help of improvised means already knowing a PIN-code.
Third way. It is technically complicated, but possible to intercept data which ATM sends to bank in order to make sure of availability of the required sum on customerĺs account. On this purpose it is necessary to connect to the corresponding cable without breaking it and to get the necessary data. Required instructions can be easily found and free accessed in the Internet. In this connection it is possible to assert that such way will be used even more often.
Fourth way. Malefactors leave nearby a tiny video camera to find out a PIN-code. At this time they are in the nearest automobile with laptop on where they can see all keys entered by the owner of the card.
Fifth way. It is rather expensive, but true. Swindlers put in crowded place their "own ATM". But it is ôout of order" for some reason and it successfully records all necessary data from a card.
Sixth way. Swindlers from United Arab Emirates inserted special devices into card slots which recorded all data on a card put into ATM. Malefactors only needed to peep a PIN-code.
It is significant to answer the following questions for investigation: what concept covers scientific-empirical data received as a result of studying and summarizing of investigatory-forensic practice and how do they correspond with scientific-practical recommendations of concrete particular criminalistic method. It is necessary to investigate, first of all, features of gnosiological relation and to reveal parts of a chain arising here.
Law enforcement officers do not fix the following topics in materials of criminal case while investigating: data on conditions of investigation, investigatory tactical plan and tactical combination aimed at efficient realization of investigatory actions. Therefore, a unique source (carrier) of information, reception of which is necessary for studying and summarizing of organization and realization practice of investigation, is a subject of investigation on the given criminal case.
So citizen └. was accused of committing computer information theft that belonged to "Insite Ltd." company, he caused a significant damage by breach of trust, with absence of attributes of swindle. That is he was accused of committing crimes provided for by Part.1 of Article 362, Part.1 Article 192 of the Criminal Code of Ukraine. The specified crimes have been committed under the following circumstances.
Head of "Insite Ltd.", citizen F. has singed a contract for Internet/Relkom network services with ôTrifle C. Ltd" company. Contract provided rendering of paid Internet access services. Remote connection to the Internet with login and password was set on computer of F. Login and password being computer information, became the property of "Insite Ltd". The password was stored in computer of F., it was encrypted and represented in nine "*" at authentication window.
Citizen └. was appointed to the post of sales manager by the order of the company. Acting on his official duties, └. should have promoted sales of office supplies. When giving an employment to A., F. explained, that └. would have a workplace and a computer with help of which he would carry out work, and also explained, that access to the Internet was carried out by sanction of F.
Manager └. decided to steal account for access to the Internet, set on the computer of F., and then to use this information on personal purposes. Then he copied program "Openpass", knowing that the given program allows to decipher illegally (hack) the account for the Internet access at the workplace of F.
Knowing for sure that F. would be out on business trip and could not impede him in fulfillment of theft, A. fulfilled criminal intention, and further accessed the Internet from home computer, using the received data. As a result of criminal acts the significant damage has been caused.
As direct purposes of studying and summarizing of investigatory practice we may name the following:
1) revealing patterns of proof process and features of concrete categories of crime investigation determined by them^;
2) definition of efficiency for used methods of disclosing and crime investigation, including methods of reflexive actions and behavior management of persons, counteracting to investigator^;
3) examining of methodical recommendations accuracy and validity .
Achievement of these goals creates scientific-information preconditions for the solution of the primary task - forming of particular criminalistic methods.
Besides it is necessary to study and summarize investigatory practice on such purposes as:
1) check of availability and distribution of criminalistic particular methodical recommendations^;
2) revealing the typical mistakes made at crime investigation and definition of reasons for these mistakes^;
3) check of investigators functioning level, material and technical support of their professional activity, methodical work with them.
However the factual data of studying and summarizing of investigatory practice on these and other purposes are used not only at forming of particular criminalistics methods, and also in other aspects:
1) improvement of regular number of investigators^;
2) increase of their professional qualification, carrying out of their specialization^;
3) equipment of investigators by recommendations on methods of investigation^;
4) activation of management functions of higher investigatory bodies of law enforcement departments in relation to subordinate.
 V. Obraztzov, Criminalistics: Field of Scientific Knowledge, Criminalistic maintenance of preliminary investigation, Moscow: 1992, p.6.
 E. Stelzer, Sozialistische Kriminalistik Band 1., Berlin: 1978.
 V. Shvyrev, Theoretical And Empirical In Scientific Comprehension, ╠oscow: 1978.
 R. Belkin, Criminalistics: Problems, Tendencies, Prospects, ╠oscow: 1988, p. 207.
^macro[showdigestcomments;^uri;Criminalistic Analysis in Computer Crime Investigation]