Computer Crime Problems Research Center

 

Vladimir Golubev

Crime-research.org

 

 

CRIMINOLOGICAL CRIME CHARACTERISTIC

IN THE SPHERE OF COMPUTER TECHNOLOGY USE

 

The search of ways of efficient struggle against crimes committed in the sphere of computer technologies use and implementation is being conducted in different directions. Scientific elaboration of the problem is one of them. Scientists’ interest towards these questions has increased recently. The detailed study of computer or cyber crime (CC) reveals a number of aspects, the research of which would be rather complicated. As a rule, they are situated in so-called contiguous fields of science at the interfaces among different scientific disciplines. Analysis of criminological characteristics of CC is of essential importance for the genesis and development mechanism definition of CC phenomena.  The group of the three factors describes the characteristics: criminal and legal; criminological; social and demographic [1].   The last group considers the characteristics of both: criminals and victims.              

Unfortunately, official statistics does not possess authentic data concerning criminalistic characteristic of crimes committed in Ukraine in the sphere of computer technology use and implementation, their dynamics and structure.  It occurs both due to the imperfection of statistics, and due to the high latency of such crimes, which is proved by other national scientific workers’ researchers [2].    

It’s easy to forecast further increase of national infrastructure activity dependence from the processes   of information and Ukraine’s entering into the single information space, the spreading of criminogenic processes in the illegal computer technologies use and so-called cyber crimes.   

 Cyber crime – is phenomenon of international significance.  Its level is in direct dependence from the level of development and introduction of up-to-date computer technologies in Ukraine and network access to them. Thus, onrush and rapid information development in Ukraine enables to use and implement computer technologies in lucrative impulse, which in some extent threatens state information safety.  

According to the data of annual research of CC problems held by the Computer Security Institute (USA), cumulative crime loss in the sphere of computer technologies use for the lattest 5 years, from 1997 to 2001, results in more than $1 billion [3].  According to   General Department Against Organized Crime of the Ministry of Internal Affairs statistics data on Sept.,2002, 18 criminal cases has been instituted.  Material damage of the one case resulted in $ 249 million [4].  

All the abovementioned factors predetermine actuality and urgency of the questions considered in this article.  The analysis of criminogenic crime characteristics, which are committed in the sphere of computer technologies use, in practice will assist the generation or formation and realization of the new Ukrainian information legislation conception, and elaboration and introduction of urgent effective measures to avoid negative information processes, which are related to computer crime.   

Chapter XVI of the Criminal Code of Ukraine “Crimes in the sphere of electronic computers (computers), systems and computer networks use” (Adopted during the seventh session of Verkhovna Rada, April, 5) contains a number of regulations, which provide criminal liability for committing a crime in the sphere of computer technologies use. They include article 361 CC “Illegal intervention in the computers, systems and computer networks operation”, that is illegal intervention in the computers, their systems or computer networks operation which leads to the distortion or deletion of the computer information or carriers of the information, spreading of computer viruses by program and technical measures implementation, which are meant to penetrate into the machine, systems or computer networks illegally and to cause distortion and deletion of computer information or its carriers;

Article 362 CC “Stealing, misappropriation, claiming of computer information or seizing the information by frauding and official position abuse”; 

Article 363 CC “Violation of the rules and regulations of electronic computers operation and maintenance” –violation of the rules of electronic computers, their systems and networks operation and maintenance by a person, who is responsible for their operation, if it caused stealing, distortion and deletion of computer information, means of its protection, illegal copying of computer information, disturbance in the computers, their systems and networks operation.     

Thus, the theory of criminal law regarding criminal – legal base in struggle against computer crime has some regulations, which contain qualifying crime attributes or factors provided by the abovementioned articles of Criminal Code of Ukraine.  

Application of these special regulations while qualifying computer crimes executes not only criminal-legal function, but it carries a number of criminological and criminalistic functions, including - maintenance of criminal statistics objectivity, scientific researches objectivity, formation of empirical background for elaboration of different methods of revealing and disclosing crimes and their prevention.   Struggle efficiency against crimes committed in the sphere of computer technologies, systems and networks use is determined by criminalistic essence of the type of computer encroachment understanding. For example, let’s assume that a trespasser penetrated into the bank computer system and with the manipulations help transferred a sum of money into specific account.  This sum was successfully withdrawn from the account by on of the participants.     

This crime can be qualified according article 361 CC of Ukraine “Illegal intervention in the computers, systems and computer networks operation”. In this case, we can consider that illegal intervention into the automated bank system and non-authorized computer information alteration occurred.  They have all the data about clients’ accounts, besides they distorted information.  This specific case is subjected to the abovementioned article. Illegal intervention in the computers, systems and computer networks operation should be understood any form of intervention with the program and technical use which are designated for illegal penetration, which allows information manipulation [5].        

The trespasser didn’t have legal right for the information access with the aim of obtaining non-authorized access by illegal code capture.  Banks used the codes for information protection. According to the article 14 CC of Ukraine, the trespasser’s actions can be qualified as crime preparation and obstacles avoiding, and deliberate creation of the conditions for committing a crime. Thus, illegal intervention into the bank computer system operation occurred, which was accompanied by illegal operations with means of access to the bank accounts. This can be considered as a corpus delict, which subject to the articles 200, 231 CC of Ukraine.

The result of the trespasser’s actions is the following: the money has disappeared from a proprietor’s account.  Theft or larceny took place – secret larceny in guilty person’s favour, which caused damage to the proprietor’s property (article 185, CC). The problem is in how to qualify such theft.  The Criminal Code states that a theft can be committed by penetration in a dwelling or housing, other premises or depository (viewing automated banking system as a property depository of the person, who suffered losses). But it doesn’t spread on burglary, robbery and blackmailing.           

The obligatory factor of theft is a secret larceny.  We can observe it in the considered case. But theft doesn’t implement fraud or deception to seize smb’s property.  But in our case fraud is obvious, because smb. else’s  money was transferred.  But as a material subject money wasn’t stolen, - the appropriate requisites were altered in electronic files, which lead to the alteration of rights on property (money) possession and regulation.       

These actions can be qualified according article 190 “Frauding” CC of Ukraine, that is taking over somebody else’s property or obtaining the right on the property by frauding or trust abuse.  But the peculiarity of the considered case is that it looks like a proprietor transferred his property to the criminal   of his own record. According to judiciary practice, fraud is a “deliberate distortion and concealment of truth in order to deceive the person, who owns property, which leads proprietor to transform property to the criminal of his own record”. In the considered case money wasn’t transferred of proprietor’s own record, so we can hardly qualify this crime as frauding.        

Let’s decide when the deception takes place. Computer memory can be considered as a place where information about money is stored in electronic files.  This allows conducting operations with money.  As a rule, special hardware-software means of protection from non-authorized access to the information are used.     

Criminal uses deception only when he penetrates into bank computer network and overcomes the system protection. There can be different methods but we’ll talk about them a bit later. According article 185.3 CC of Ukraine, such actions can be considered as “illegal penetration into dwelling, other premises or depository”. Penetration is also an intrusion into depository with the help of different devices (in our case – it’s a computer), and by deceiving somebody.  Penetrations are not the goal of a crime.  They are the means of getting access to values.  “Other premises or depository” can be considered as “special place or device, specially equipped, for permanent or temporal storage values from ravishment or destruction”.    

The considered case can be qualified as theft, committed with penetration into depository (article 185.3 CC of Ukraine).

It’s necessary to mention, that theft can be recognized as complete and finished crime from the moment of actual or de facto seizure of property and trespasser’s possibility to dispose of the property of his own record.  In our case this possibility occurs from the moment of completing the transaction.      

Thus, we’re dealing with complex or integrated crime, expressed in illegal intervention into computers, systems and networks operation and unauthorized access to the computer information, which is stored, to its modifications and money transfer from the victim’s account.   

So, means of theft in the computer systems of financial sphere is set of receptions and means which provide deliberate unauthorized access to bank information resources and technologies, and also enable to carry out modification of the existing bank information with the purpose of infringement of property relations, which is expressed in illegal withdrawal of money and transfers to the other person. 

There are various known ways, which constantly increase on methods of their fulfillment. It’s explained both by computer technology complicity and by constant expansion of new information operations, lots of which provide movement of financial values and means.  

According to their criminalistic essence these deliberate actions are recognized as a crime with clearly defined stages of the development of criminal activity. They differ from one another by their activity and by level of completeness of criminal action. The right and correct assessment or evaluation of the committed crime requires definition of the stages. There are 3 stages according article 14 CC of Ukraine. They are the following: 

Preparation for a crime. Preparation for a crime is a search or adaptation of devices, search for new partners or joint offenders or conspiracy for committing a crime.  It also includes making out a special program that will overcome protection of information network in the financial intermediary, the following data collecting: bank clients, protection systems, and password selection, overcoming system protection from unauthorized access.     

Criminal attempt. Criminal attempt is a deliberately committed action by a person. The action is directed on committing a crime. In this stage unauthorized flow of means in the trespasser’s favour is organized by data manipulation and by the programs that control it, which are stored in the computer system memory.     

Crime termination. Criminal attempt considered to be terminated if a person has done all the necessary actions to complete a crime. This is the final stage if all the unauthorized transaction are completed and the trespasser has opportunity to use the results of his criminal activity.      

A questionnaire of employees of information safety departments and system administrators of automated bank systems in 20 banks of Ukraine was organized to study basic elements of criminalistic characteristics of computer crimes. 

According to our research data the most common access to computers, systems and networks carried out by company’s employees – programmers, engineers, operators, who are computer users or maintenance staff (41.9% of the interviewed).    Almost two times less this access carried out by other employees (20.2%), and in 8.6% cases ex-workers have committed this crime.  In 25% cases outsiders had access to the computer information and system.

Remote method to get access to computer, system or network is a mediate connection with a computer (network server), located in a distance.  This connection is possible through local and global computer networks and other means of connection.  Network systems together with common access in the framework of one computer system, is subjected to a special kind of attacks. This is explained by resource and information allocation in “cyberspace”. These are so-called remote network attacks.     

Remote network attack can be understood as destructive information influence on distributional computer system, which spreads program through transmission link. According to the results of the research 39.2% of the total number of computer crimes is committed by remote access to computer, systems and network. 

19.7% from the total number of such crimes spread harmful computer programs on hardware carriers. Distribution of disks with harmful programs is carried out during pirate software sale. The names of the compact disks are not impressive and often speak for themselves: “Hackers-2002”, “Espionage tricks”, “Free Internet” etc. The disks include a number of programs for “evil” computer systems, and some harmful programs – program beetles and viruses.           

A lot of attention is given to the site crime in the sphere of computer technologies use, as in some cases it is the same as the criminal’s permanent location.  According to the questionnaire data, site crime depends on the way it was committed. If a criminal has direct access to the computer, system or network site crime will be computer location (50% of the interviewed). In particular, 41%c of the interviewed information safety administrators confirmed illegal intervention into the computer, system or networks operation by using remote access.            

At the remote access to the computer, system or network operation when committing a crime criminal location and computer location in most of the times are different. The results of the research show that in 17,3% cases remote access was carried out from the computer equipment at the criminal’s home.  In 8,2% cases access was carried out from the criminal’s workplace.  In 5,1% the criminal used technical facilities in different computer clubs and centers.   

Alongside with the traditional spreading of harmful programs, which is done by pirate compact disks and infected computer games, viruses ( so-called network worms during the work in the Internet or by using e-mail) spreading take a significant place. 

The basic goals and motives for committing crimes in the sphere of computer technologies use are: self-interest and greed (58,9% of the interviewed), ruffian actions (17,2%), revenge (12,7%), commercial or industrial espionage (9,1%).  People with age from 30 to 45 years old prevail among the criminals.  People from 16 to 30 years old (37,8%) go under this category too.

Considering and examining the characteristic feature of a criminal it’s important to mention a special category of the trespassers in the sphere of computer technologies use, called “hackers”.

Hackers  (English to hackto cut, to chop) – are a special category of experts in the sphere of computer technologies use, who commit unlawful actions in the sphere of computer system communication and information technologies. Their activity is directed on access to the computer information.  In order to achieve their goal they can use different techniques of “evil”, fraud protection.  They can  steal and alter data, modify files, block the system or computer operation when they penetrate into the network. They can use different techniques and means, including special equipment for weak spot search in the protection system.    

Sometimes they crack just for fun or for gaining the authority among hackers. But very often it happens with the purpose of getting rich and to do some criminal actions.  As a rule, hackers are professional in the computer technology use, who have outstanding skills.  So it’s very easy for them to manipulate computer systems at a distance (remote attacks in the Internet

Computer ruffians. Motivated attacks on websites and e-mail servers have increased recently.  According to their methods these attacks duplicate “hackerism”. In these cases groups or individuals overload e-mail servers or delete or erase websites for messages transmission (for example, political). Though these infringements do not result in damage of operation systems or a network, nevertheless they become the reason of failures in email work   which in turn causes substantial money expenditures and blocking of access of subscribers to the websites where there is valuable information. In 1996 unauthorized access to the website computer system of the US Ministry of Justice was committed.  Trespassers deleted the contents of more than 200 catalogues and placed pages with Adolf Gitler’s picture, swastika, obscene materials etc.       

Virus Writers. One of the forms of cyber crime is illegal damage of computer system or network with the purpose of global communication systems infringement.  The infringement is carried out by computer viruses.  Nowadays founders and creators of these programs represent serious threat for users. There are a lot of computer viruses, such as Melissa Macro Virus, Explore.Zip Worm, CIH (Chernobyl) Virus, etc. Not so long ago a computer virus destroyed energy power database of one of the Ukrainian nuclear station. Accident didn’t take place just because the virus has got only in a system which duplicates the basic system.

In April 2002 a dangerous version of Internet-worm “Klez” got activated and millions of the computers in the world were infected with this dangerous virus. The quantity of the infected computers was increasing with tremendous speed every day and because of its damage scope “Klez” stands together with such viruses as  ²LÎVÅÓΔ, “CodeRed” and “S³rcam”, which were the reason of substantial losses. The exact amount of the losses is just being counted.       

Criminal Groups. We can observe a tendency in computer crime increase.  Criminal groups whose purpose is to ravish or steal money from bank institutions or with other criminal purpose commit these crimes.       

In 1999 in the USA a computer was used to commit a murder.  The criminals failed several times in victim’s assassination by firearms.  So to destroy the victim, who was in the hospital under FBI protection, they hired hackers.  The hackers penetrated into the hospital local network through the Internet and changed the cardio stimulator and artificial lung ventilation apparatus operation regime.  The victim had died.  His death seemed rather natural, as he could not struggle for life any longer because of the wound.  And only in due time after logic files analysis on local network access, conducted by providers, they discovered that the unauthorized access changed the cardio stimulator operation regime.

Cyber terrorists. Terrorist organizations started to use new informational technologies and Internet more often with criminal intentions to get rich, to carry out some propaganda or secret information transfer. Criminal groups such as Hizbollah, HAMAS, the Abu Nidal organization and Bin Laden’s al Qa’ida use computer files, e-mail and encryption (cryptography and computer ???) to support their illegal activity. Though terrorists have not used their cyber weapon yet on purpose, they use new informational technologies and computer progress achievements, and this already is a serious threat. Cyber terrorism, up-to-date informational technologies use in the Internet, is a weapon, which is implemented to damage state major infrastructures (such as energetic, transport, governmental). It can become a real threat for the world highly developed countries national safety in the nearest future.      

Commercial or industrial espionage. This is a type of crimes, which is related with commercial and industrial information ravishment. Some foreign special services have used up-to-date computer technologies as one of the methods to get access to state secrets and confidential information of other state.      

In the abovementioned cyber crimes computers are used as a “weapon” or instrument and as the purpose of a crime. Unfortunately, computers are used for committing traditional crimes

Network swindlers. Internet use with a swindle purpose is one of the mostly widespread cyber crimes, which affected both private and state institutions of the world. Thus, it is very important for law enforcement bodies to study the nature of such crimes and to fight with trespassers using their weapon – Internet.     

Due to the largeaudienceand possibility of remaining anonym Internet can become a perfect weapon for swindlers. Network swindle – is criminal actions, which are committed by criminogenic elements (groups).  These actions are aimed at profit gaining by deceit or by citizens trust abuse using up-to-date computer technologies, communications and transmissions, and Internet.       

Anybody with some practical experience can find an effective way to deceive through the Internet either in his/her apartment or in the office. Internet is the most favourable environment for committing any kind of crimes. Let’s take, for example, a case happened on 7 April, 1999.  The visitors of the “Yahoo.Inc” financial news web site found sensational news.  An ad spread via e-mail in the "Buyout News" section stated that the telecommunication company “PairGain”, Huston, USA is taken over by an Israel company.  The details could be found on the Bloomberg News Service web site.  This news spread with unexpected speed and the share prices of “PairGain” had become 30% higher. The sales volume had increased almost in 7 times. But it was all fake both the web site where the information appeared and the Bloomberg’s web site wasn’t the company’s site.  When the financial community found out the truth the prices reduced immediately that had led to substantial financial losses of the shareholders, who had bought shares at artificially increased prices.  

Intellectual pirates. Intellectual property is a moving force of the world economic process of the  XXI century. Nonlicensed production (piracy) threatens economic and public safety, as it doesn’t correspond with international quality standards. Increase in low quality pirate production affected Internet networks, where thousand of web sites for pirate products spreading are created.          

Appropriate measures to provide constitutional rights on information protection and information safety guaranty, creation of the favourable conditions to avoid and fight cyber crime are being used in Ukraine nowadays. Crime in the sphere of computer technologies use doesn’t have any boundaries, hence traditional methods of avoiding and fighting computer crime are not effective. There is a number of important points in this context: further computer crime criminogenic problems research; scientific search of effective ways of information safety level increase through organizational and legal protection information perfection in computer systems; problems solving on avoiding and investigating computer crime; law enforcement experts training in the computer crime sphere.      

 

1.             Criminology.  Special part. Study book. / Editor, professor I.M. Danshina. — Õ.: Law, 1999. — p.8-9. 

2.             Zimbaluk V.S. Computer crime latency. // Struggle against the organized crime and corruption (theory and practice). —2001. — ¹ 3. — p.178.

3.             Hahanovsky V.G.  The organization of experts preparation in struggle against crime in the hi tech sphere // Struggle against the organized crime and corruption (theory and practice) —2001. — ¹ 3. — p.202.

4.             2001 SCI/FBI Computer Crime and Security Survey. Computer Security Institute.2001. — ¹6. — P.9.

5.             Scientific and practical commentary of the Criminal Code of Ukraine  / under edition of the outstanding lawyer of Ukraine, candidate of juridical sciences M.I. Melnik, candidate of juridical sciences M.I. Havronyuk  /.— Ê.: “Cannon”, “À.Ñ.Ê.”.— 2001.— p.902-907.

 

 

 



Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright © Computer Crime Research Center, 2001-2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org