Computer crime classification
Date: April 15, 2004Source: Computer Crime Research Center
By:
- alteration of programs by way of secret placing of command sets that should snap into action under specified conditions in some time. E.g. as soon as the program illegally transfers money funds to so called false account, it will self-destruct and delete all the data on the committed operation;
- access to data bases and files of the authorized user through weak places in security systems. There arises an opportunity to read and examine information stored in the system, copy it, appeal for it in case of necessity. Thus one may appeal to data base of the competitor company and have an opportunity not only to analyze its financial state, but also obtain evident advantages in competition struggle;
- using bugs in programs and flaws. The program is “breaking” and malefactor inputs some amount of certain commands that help to perform new unplanned functions, making this program runnable. Thus, one may transfer money to false accounts, obtain info on real estate, identities, etc.
Criminals may obtain passwords, keys, ids (by way of getting a list of users with all required info, documents in institutions where there is no control of documents preservation, listening of phone talks) and penetrate in computer system as authorized users. Systems with no authentic identification (e.g. identification by physiological features: fingerprints, eye retina, voice) are especially invulnerable in this relation.
As it was already noticed, interference in computer, computer system and network operation without right may be connected to violating or threatening a person. Violating or threatening a person may take place in case of direct, indirect or mixed methods of committing computer crime. At that subject to violating or threatening are both authorized user of computer system and other person related to computer equipment.
Direct access to computer information connected to violating or threatening a person may occur in case when authorized user of other person after violating or under the threat of which, are forced to commit interference in computer, computer system and network operation without right. The damaging, deletion, deterioration, alteration or suppression of computer data without right is performed on the computer where information is stored.
Indirect access to computer information connected to violating or threatening a person will take place in case of direct or electromagnetic interception of information from computer where it is stored (with further copying, deletion, alteration and suppression of computer data without right) is committed by a person, suffered violation. This action may be not compulsory committed by a person suffered violation in full extent. It is enough only to obtain passwords, ids, access cards, etc.
Mixed methods of interference in computers, computer systems and networks operation without right may be committed the same way. For instance in case of physical influence (or threat) on programmers (operators) on purpose of inputting unplanned commands in program or its alteration: if violence occurs in order to detect flaws in security system, or other kinds of mistakes related to program structure, for its further use without right.
In conclusion we should mark out that typology of ways and methods of computer crime commitment will allow to develop more efficiently estimation and criteria in broad range of high-tech and computer crimes, and also will facilitate development of domestic laws taking into account international legislation.
Original article
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2008-07-25 01:02:56 - I LOVE YOU jeshish maharjan |
| 2005-09-30 10:36:35 - Well Fargo Bank Online Banking Suntrust Online Banking |
| 2004-04-20 19:57:57 - I just feel that computers are too... anon2 |
| 2004-04-16 02:54:11 - If you want to get a really *good* idea of... Anon |
| Total 4 comments |
