Computer Crime Research Center

library/Belousov.jpg

Some aspects of investigating computer crimes

Date: October 15, 2003
Source: Computer Crime Research Center
By: Andrey Belousov

Page 1 2
... open the archive of passwords used to obtain a system access and reveal a person that had introduced a virus into the nation-wide phone network combining military, industrial and scientific organizations. The systems preventing illegal penetrations fix such attempts.


As appears from the above, computer protecting technical means can play an important role in exposing computer crimes. We will not describe technical methods of investigation that can be used by the programming inspector [5]. We will only note that there are very many of them. They are reference and real text variance place search programs, key words search programs, system change indicating programs, anti-virus programs and so on.


Computer crimes are difficult to expose because of that there are no correct programs and crime attempts can be easily masked under computer malfunctions or errors. Thus, Uniteddime serving bank fell a victim to its measures on correcting mistakes when a senior teller used them and changed a balance of huge inactive accounts. He just reviewed and modified them to reflect a sum that left on the account after visiting the banking vault. When his attention was attracted by individual money shortages, he attributed them to electronic errors. He corrected errors and covered shortages by transferring them from other accounts. The misappropriation of $1.5 million was revealed not by auditors but FBI officials furnishing evidences that he had put into circulation up to $300 thousand a day.


The same author notes that none of known 63 mistakes made by the banking computer was in favor of a client. Evidently, it is not a mere randomness. No criminal was arrested.


Another problem for the inspector is a holding of more than one profession during the operation of electronic computers. The bookkeeper is often a programmer and operator at the same time. As a result, mutual checks are excluded, the possibility of misuses increases and investigating actions are more difficult to carry out.


The analysis of home and foreign special literature and publications in the periodic press on fighting computer crimes [6] allows us to distinguish three main groups of preventive measures:


1) Legal;

2) Organizational and technical;

3) Criminalistical.


Sometimes it is necessary to realize some usual investigating actions (searching and collecting material evidences) when investigating computer crimes. In fact, the search of a computer differs from that of a flat. Special programs modifying computer information are only used to enter the computer memory and find any programs, codes and so on there. Therefore, an unfair inspector always have an opportunity to find something necessary for him in the computer and search witnesses can hardly hinder him. At the same time, a “competent” inspector can destroy crime evidences when trying to make a copy.


The same problem appears when collecting evidences. Could a printing copy or magnetic carrier information be considered as an evidence?


Now the e-document has become an element of the documented information structure. Russia’s legislation defines it as a document where information is presented in the electronic form. This document can be considered as evidence in writing if its truth can be established, i.e. if the court can make a particular check or expert examination - a main criterion of considering such documents as evidence in court. Consequently, it is necessary to confirm the truth of information.


The problem was solved with the help of electronic digital signature (EDS) that prevents from forging e-documents. It is resulted from cryptographic data transformation with the use of locked key that allows identifying an owner and establishing the lack of information distortion in the e-document.


The force of an e-document with EDS depends on the availability of signature identifying program and technical means in the automated information system and observation of established conditions of its use.


The question of making an expert examination of the e-document has not been settled yet. According to the procedural legislation, the court has the right to schedule an examination on request of a party to solve some problems. The point is that the expert examination cannot be made when both parties abandoned a document that is a core of their dispute. It results in disabling the court to schedule an examination and, consequently, making it impossible for both parties to protect their interests in an appropriate way.


The problem of producing e-copies of traditional documents in court has not been resolved yet but features particular perspectives.


Considering a printed copy as evidence requires making it with the help of specially certificated programs checked for protection from modifying printed (copied) information in an illegal way. The Criminal Procedural Code should specify procedures of conducting such actions as making copies from machine carriers and printing information. The court should not regard such documents as evidences until this question is settled.


Let us pay attention to one more question connected with investigating computer crimes – suspect’s alibi. After committing a crime (removing the electronic computer data record), the criminal can forge computer information to change an operation time and user’s code. It is obvious that courts should not have much confidence in such an alibi as well as evidences of suspect’s guilt obtained by copying and printing machine information.


In conclusion, it should be noted that fighting computer technology crimes in an effective way depends on an optimum combination of legal and preventive measures, laborious work on improving criminal laws and elaborating norms that establish the liability for committing cybercrimes and are practically used.


1. O. Baranov Electronic legislation // Weekly mirror. - #20 (P. 395. – June 1-7th, 2002).


2. V. Kozlov Computer crime: What is it? (Criminalistical aspect). - http / www.crime-research.org/library/Ccrime.html.


3. V. Golubev Some problems of investigating computer crimes. – Report of February 26, 2003 at the Southeast Cybercrime Summit (Atlanta, USA) - Crime-research.org.


4. V. Golubev Criminalistical characteristic of criminals committing computer technology crimes - http/ www.crime-research.org/library/Golubev0104.html.


5. Information protection and classification of protective measures was taken from: A.V. Nechaev Some aspects of protecting information // Personal computer helps militia and investigation. Opportunities and perspectives. M., 1997. – P. 58-64.


6. A. V. Golubev Information security: problems of fighting cybercrimes. – Zaporozhye: SU “ZIGMU”, 2003. – 220p.
Page 1 2
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo