Computer Crime Research Center

staff/gva2.jpg

Computer Crime Typology

Date: January 16, 2004
Source: Computer Crime Research Center
By: Vladimir Golubev

Experts consider that computer crimes today represent more serious danger for our country than 5 years ago.

According to Economic Crime Unit of the Ministry of Internal Affairs of Ukraine official statistics for 4 months of 2001 year, 7 crimes, in 2002 – 25, for 6 months of 2003 - 51 crimes have been revealed. It is necessary to note that qualification of the revealed criminal acts in sphere of computer and Internet technologies, except actions provided for by Articles of Section 26 of the Criminal Code of Ukraine, is based on Articles providing theft, causing of damage, illegal actions with payment orders and other means of access to bank accounts, illegal actions concerning information with restricted access, etc. 24 criminal cases on 37 crimes committed with use of Internet technologies have been processed for the first six months of 2003. It is possible to define groups of widespread crimes in Ukraine.

First group covers offences with ids (logins - passwords, PIN-codes) which are committed both by outsiders, and workers of communication and Internet services companies ("insiders"). Second group are offences with information of restricted access using remote access technologies. It is possible to mark out the third group of crimes with computer accounts, access to which is provided remotely by network technologies. For example, illegal use of "client-bank" systems against enterprises (institutions), or for efficient control of electronic money funds of criminal character.

It is necessary to consider official statistics on cybercrime critically in view of high latency of this kind of crime. In global practice, unfortunately, it makes only 12% of cybercrimes that become known to public and law enforcement. Say for example, what bank is interested in situation when everyone knows about its hacked payment system? Right next day all clients will close their accounts in this bank.

Distribution of computer viruses, swindle with plastic cards, theft of money resources from bank accounts, computer information theft and service regulations of automated computer systems violations are not all kinds of computer crimes. That is why the problem of counteraction is emerging both for Ukraine, and many other countries of the world. The main feature of such criminality as the integral part of criminality in general lies in fact that every year brings new tendencies of aggravation and it is getting a transnational (boundless) character.

Recently Ukrainian hackers have attacked computer payments system of The Royal Bank of Scotland Group (Great Britain). As a result the system of payments (WorldPay) has been put out of action. The Royal Bank of Scotland is taking measures now to renew the computer system of retail payments. By means of this system The Royal Bank has served 27,000 clients by WorldPay and accepted payments on Visa, Mastercard, Diners and Eurocard in more than 27 countries all over the world. Maxim Kovalchuk, 25 years old resident of Ternopol, Ukraine, who has been arrested in Bangkok, was nominated as the October 2003 "Best hacker". As experts assert, he is one of the most dangerous hackers in the world and he has caused damage of 100 million USD to leading computer companies of the USA.

Despite of efforts of many countries aimed at fighting cybercrimes, their number is not decreasing, on the contrary is constantly increasing. Ukraine is also involved in this negative process. That’s why research into computer crime typology and analysis of modus operandi (crime commitment method) for such kinds of crimes are topical in view of crime prevention.

European Union Convention on Cybercrime defines four types of “pure” computer crimes. These are offences against confidentiality, integrity and availability of computer data and systems [2]:

- Illegal access, Article 2 (the access to the whole or any part of a computer system without right);
- Illegal interception, Article 3 (intentional interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system);
- Data interference, Article 4 (the damaging, deletion, deterioration, alteration or suppression of computer data without right)
- System interference, Article 5 (the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data).

Other - computer-related or computer-facilitated crimes, they are:
- crimes when computer is a mean (e-thefts, frauds, forgeries, etc)

- content-related crimes when computer is the intellectual mean (i.e. placing of child pornography, information unleashing national, racial, religious hostility, etc.) [3].

Modus operandi is a system of actions of the criminal (and/or related persons) united by one intention directed on preparing, committing and covering up a crime, determined by objective or subjective factors and connected to use of corresponding facilities and means [4].

Today there is no clear classification of modus operandi for illegal interference in computers, systems and networks functioning [5]. On our opinion they can be divided in to 3 main groups:

The first group: ways of direct access.
It covers damaging, deletion, deterioration, alteration, suppression or copying of computer data, and also serious hindering without right of computer, system or network functioning by inputting corresponding commands from the computer where information is stored. Direct access may be made by both persons working with data (related to this work), and persons intentionally penetrating in restricted areas or premises, where information is processed.

It is necessary to note that today mentioned ways are the least spread in view of decentralization of information processing. In other words it is easier to intercept computer information during its transfer via telecommunication channels or computer networks, than in case of direct penetrating in premises.

Now and then in order to seize information left by the user, offender looks around workplaces of programmers for drafts. On this purpose criminal may examine and/or restore erased software.

The second group includes ways of indirect (remote) access to information. Access without right to certain computer or information is made via computer networks from another computer, located at certain distance. Ways of indirect (remote) access are:

1. Connecting to telecommunication cables of authorized user (i.e. phone line) and obtaining access to his system.
2. Penetrating in other information systems by automated picking out of phone numbers of subscribers with further connection to their computers (picking out is carried out till the criminal receives the answer of the modem on the other side of phone line).
It is necessary to note that attempt of unauthorized access may be detected easily. That’s why similar hack is carried out from several workplaces: at specified time several (more than 10) PCs perform attempt of unauthorized access. System security may prevent several “attacks” and others get desirable illegal access. One of the penetrated computers blocks network logging system that fixes all access attempts. In a result other penetrated computers may not be detected and allocated. Some of them start to hack certain subnetwork, other carry out fake operations in order to hinder functioning of the enterprise, institution, authority and cover up crime [6].
3. Penetrating in computer network with help of passwords, pretending to be an authorized user. Using this method violators crack password on purpose to access other’s computer. There is a number of specially developed software for these purposes. They may be purchased on the ”shadow” computer market. Having got the right password (it takes less than 24 hours for choosing 8-digit password), illegal user obtains access to computer information and may use it whatever he likes: copy, delete, deteriorate, modify or suppress computer data, perform operations like wire transfers, forgery of payment orders, etc. as the authorized user.

Methods of direct and electromagnetic interception are also referred to methods of indirect (remote) access to computer information.

Direct interception is the simplest way of access without right. Intercept is made via external communication channels, or by way of direct connection to cables of peripheral devices. At that cable and wire systems, land microwave systems, satellite communication systems and also government communication systems are the object of direct listening.

Electromagnetic interception. Present day technical devices allow to obtain information directly without connecting to computer system: in result of emissions interception of central processors, display, communication channels, printer, etc. All this may be committed in enough distance from the object of interception. E.g. one may “take” information from computer located in a nearby room, building by using special equipment.

Method of using “bugs” is one of the most spread electromagnetic interception. These “bugs” are sensitive microphones designed for listening of conversations of attendants.

The third group is made up by mixed methods that may be committed both by direct and indirect (remote) access. They are:

- secret insertion of commands in programs that allow to perform new unplanned functions, making this program runnable (program copies files, but...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo