Candidate of Philological Sciences, assistant professor
Candidate of Technical Sciences; Aphanasov D.V.
Candidate of Philosophical Sciences, professor
Academy of Ukraine Internal Revenue Service
Security of information systems and problem of detecting computer crimes in the practical
activities of the operative departments fighting against crimes in the field
of intellectual property and high information technologies
Rapid development of computer technologies and wide spreading of electronic computer caused some problems for law-enforcement agency officials, one of which is to protect objects of computer technique. This problem has existed for a long time, but in spite of the newer and newer proposals, it has not been fully settled get. The problem has a complex nature and solving it depends on the various factors, which can be conditionally divided into such categories as:
· Legal means of protection. They involve laws existing in the state, decrees and other normative acts that regulate rules of using restricted information and responsibility for violating them.
As a rule, computer crimes are easy to commit but difficult to clear, and sometimes even when solved they remain completely unproven. That is why the criminal laws must become severe towards the lawbreakers in due course.
· Moral-ethical means. The moral-ethical means of counteraction consists of all possible rules of conduct, which have been traditionally established or are being set by spreading electronic computers in the country or society. For the most part these regulations are not compulsory and they are not legislatively fixed, but ignoring them in most cases results in undermining the authority and prestige of a person, group of individuals or organizations. “Code of professional conduct of the members from USA electronic computer users association” is the most characteristic example. So, intentional or unintentional actions are those, which disturb the normal work of computer systems, cause additional unjustified expenses of resources or breach the integrity of information to be stored and processed, etc.
· Administrative means of protection. They have an organizational character and regulate the process of data processing system functioning, applying its resources, staff activity and also the order of interaction between users and the system in such a way that the threat to the computer system security would will be complicated or excluded. They combine preparation of the rules of processing information in the computer system, measures expected when projecting, building and equipping the computer centers and other objects of data being processed by means of electronic computers, steps carried out when selecting and training the staff, arrangement of the reliable passing regime, arrangement of the registration, storage, use and destruction of the documents and carriers containing confidential information, arrangement of the preparation and hidden control over the work of users and staff in the computer system, etc.
Computer physical security provides for installing electronic computers on the metal desks with special niches for the units or metal hoods, which can be removed. Such a requirement is useful to prevent the possible damage of the Winchester from accidental pushes or shakes.
Floppies with valuable information should be stored in the safe, but not in the drawer of the desk.
Confidential data must be enciphered
· Technical means of protection. They are different electronic devices and special programs executed independently or in the complex with other means, protection functions, these are identification of users, restriction of the access to the resources, registration of events, cryptographic protection of data, etc.
It is the most difficult to determine the fact itself of the crime commitment. The level of detecting computer crimes is very low now because of the difficulties with mathematical equipment. According to the German experts only 10% of computer crimes can be cleared in proper time by means of systematic revisions and 90% of offences are solved only by chance.
Moreover, even when committed obviously mercenary crime, the victims often do not make haste to inform law-enforcement bodies. Sometimes the guilty persons are dismissed, transferred to the other structural departments or deducted expenditures in the social order. Refusal from the criminal prosecution leads to the lack of general prevention, moreover, it invites others to try their opportunities.
For example: the difficulty in determining the general expenses is an interesting aspect of financial computer crimes. It can be provided by American Schneider case dealing with the electronic robbery of Pacific Ocean telephone company. During the inquiry Schneider said that he had stolen about one million US dollars, and, according to the company leadership data, only one hundred thousand US dollars were drawn.
Undoubtedly, an operative official investigating computer crimes must be a good programmer or, at least, has to know well the nuances of use and possibilities of the computer technique.
Detecting computer crimes must not be considered as something very difficult and a matter of the selected persons. There are some factors, which fully simplify it. In most cases the main factor is a very restricted circle of persons who could really commit such a crime.
If the question is about such technically difficult actions as a unauthorized access to the especially closed systems, forge of information, installation of “logical bomb” in the set program, there are very few experts, who have a sufficient level of proficiency to perform them, in every computer center.
So, here appears a paradox, more cunningly a computer crime is committed, more easily a criminal can be found.
When investigating computer crimes, there are often difficulties in conducting such ordinary inquisitional actions as for example, search and collection of the objective evidences.
Can the printed information or data on the magnetic carriers obtained during the search be considered as a proof? According to the most lawyers, it cannot.
The printed information can be considered as a proof when it is drawn by means of specially certificated programs, properly checked for the protection against introducing changes into the data to be printed or copied. Additionally, the procedures of performing such actions as copying and printing information must be clearly determined in the adjective legislation. The court should not accept such documents as an evidence until this problem is solved.
Let us pay attention to one more peculiarity connected with detecting computer crimes – an alibi of the suspected.
After committing a crime, a criminal can forge computer information, for example, to change the time of performing operation or the user code, erase the e-computer work record, etc. The courts should not thrust the alibi of such a kind more than the evidences of the guilt of a person suspected in copying and printing computer information.
So, the work of an operative official on detecting computer crimes has some peculiarities and requires special training. The problem of taking into consideration these peculiarities has to be resolved, for example, by means of introducing appropriate specialization into the colleges of law and teaching jurisprudence to the programmer-students.
Undoubtedly, the field of programming directed to clearing and preventing computer crimes will be developed very rapidly. Solving many organizational and financial problems will soon allow speaking about the prosperity of this way of investigations.
1. Konovalenko M.M. Computer virus and information protection – K.: “Science thought”, 1999 0 272 p.
2. Melnikov V.V. Information protection in the computer systems – M.: “Finances and statistics”, 1997 – 368 p.