Fighting cybercrimes
Date: November 05, 2003Source: Computer Crime Research Center
By:
The problem of computer crimes has attracted attention of many foreign criminalists since the introduction of electronic computers that caused some negative consequences and aggravated the situation connected with protecting information stored in computer and their system databases. These crimes have been registered since 1958. At that time they meant the damage and plunder of computers, theft of information; swindle or misappropriation of money; non-authorized use of computers or embezzlement of machine time. The Stanford Research Institute has recorded those cases for a long time but they were of no special interest. By the way, in 1966 a Minnesota bank was first robbed by using the electronic computer [1].
Today all economically developed countries widely use new information technologies in industrial, commercial and banking spheres. It is explained by the fact that traditional methods do not make it possible to gain a correct understanding of a modern information flow or make a profound analysis of dynamic processes of the enterprise economic activities [2]. In its turn, it has even more aggravated the situation connected with protecting information in a reliable way. The active development of Internet technologies has introduced such new categories as e-trade, e-business, etc. Diagram 1 shows the increase in the number of Internet-users.
Diagram 1. The number of Internet-users (mln)
This process has also taken place in Ukraine, which financial establishments obtained an access to the international payment systems. The number of Internet-users in our country is still high when compared with western countries. Today they are approximately 2 million. However, it is only four per 100 persons. At present, such concrete projects as the electronic government or remote education on the base of the Internet are already discussed simultaneously with such a complex of programs as «Electronic Ukraine». At the same time significant advantages of Internet-technologies applied by an information society to conduct scientific researches, electronic business and commerce can be also used by criminals to swindle, steal or "money laundering ", etc. According to the Computer Security Institute, in the latter half of 2002 the number of hacking attacks has increased by 32 % as compared with the similar period in 2001.
The number of non-authorized penetrations into information systems has recently increased like a shot (see Diagram 2).
The Internet that became the most important information source after September 11, 2001, instantly responds to a political and economic life worldwide. On the first day after military operations were initiated in Iraq, more than 400 web sites with English and Arabian anti-war appeals were attacked. Developers of the "Iraq" computer virus sent the electronic message with an inscription “Go USA!!!” and offer to look through the latest photos made at a place of military events. As a result, many computers were infected [3].
In December 2002, the First international strategic congress “E-Crime Congress 2002" devoted to the problems of fighting electronic crimes (the author of this publication participated it) was held in London.
The National Hi-Tech Crime Unit (NHTCU) - the first in the history of Great Britain national law-enforcement organization on fighting computer crimes - took part in preparing and holding the congress.
Great Britain has spent about 25 million pounds for three years on fighting cybercrimes where 10 million - on developing corresponding departments on spots and 15 million - on creating the National Hi-Tech Crime Unit. Nearly 400 delegates from Australia, New Zealand, Korea, Hong Kong, Russia, Latvia, the USA took part in the congress " E-Crime". They represented state, commercial, scientific organizations and law enforcement bodies (in particular, GB Ministry of Internal Affairs, Interpol, Eurofloor, FBI, Russia's Department "K", Microsoft, Symantec, IBM, Sun Microsystems Ltd., VISA, MasterCard, eBay, Bank of New York, Swedbank) engaged in information security and cyber forensics.
It was noted at the Congress that the number of high-tech crimes rapidly increases. The Internet allows organized criminal groups to receive a quick profit with rather small risk to be convicted. An access to the Net makes it possible to break the law in a remote and fast way irrespective of the nationality and residence. It is easy for criminals to deceive people, hide evidences and steal property. They represent a significant threat for a critical infrastructure of the developed countries. According to the Washington ProFile news agency, the terrorist number one - Osama bin Laden - has received computer program Promis manufactured by Inslaw Inc. that allows penetrating into the US governmental information networks. In particular, FBI and CIA use programs created by Inslaw Inc. If Ben Laden really has Promis he can observe operations of the US special services, obtain secret information on strategic objects in the USA, and launder money without any problems. Besides, this software might be used by Al Qaeda to prepare terrorist attacks against New York and Washington on September 11, 2001.
William Barr, the vice-president of a group of insurance companies, has stated in his report that 90 % of organizations annually suffered from illegal penetrations into their information systems; 80 % of them confirm financial losses; only one virus NIMDA has caused damage of more than 1,8 billion pounds; in October, 2002 a cyberattack within one hour put out of action 9 from 13 main computers controlling the Internet global information movement; annually there are cases of stealing private information to the sum of above 38 billion pounds.
Therefore, taking into consideration that the electronic dependence favors committing cybercrimes, it is necessary to protect every enterprise on a national scale and throughout the world. First, fighting computer crimes provides for creating an appropriate legislative base, taking a complex of organizational measures (including a professional training) and giving a special technical support.
Ukraine's Criminal Code has Section XVI "Crimes committed by using electronic computers, their systems and networks", consisting of Articles 361, 362, 363 devoted to fighting computer crimes.
There is no doubt that the certain progress in qualifying these crimes was achieved unlike the previous Code. However in spite of Ukraine's entry into the European Community and the European Convention on fighting cybercrimes signed on November 23, 2001 where kinds of computer crimes and ways of international interaction were specified, there was a pressing need in reforming the current legislation. After all, the lack of interstate borders in global information networks is one of the basic features, which should be taken into account when preventing and fighting computer offences.
The EC Legislation Committee recommends unifying penal laws on fighting computer offences and specifying the liability for the following crimes:
-Unauthorized access to information;
- Illegal interception of information by using technical means of computer information or through computer radiations;
- Interference with data (their destruction, modification or concealment);
- Interference with a computer system by preventing its operation;
- Misuse of devices (manufacture and distribution of equipment to commit computer crimes);
- Computer counterfeit (creation of false data);
- E-swindle (actions that result in losing others' property through the interference with computer systems);
- Computer swindle (interference with the work of an information system to derive economic benefits);
- Distribution of the children's pornography;
- Copyright infringements.
It should be noted that the Convention also provides for the necessity of accepting some procedures on revealing and documenting computer crimes. After all, fighting computer crimes demands an essentially new methodology of pre-judicial inquiry. Item 16 specifies that each party should take legislative and other measures to give their competent bodies an opportunity to issue orders or store computer data, for example, on the movement of information that was saved by the computer system, in particular, if there are some grounds to consider such computer data especially sensitive to loss or modification.
The given questions are settled in the EU countries according to the Council Resolution on operative inquiries of law enforcement bodies concerning public telecommunication networks and services of June 20, 2001 (¹ 9194/01) and that on legal interception of telecommunications of January 17, 1995 (¹ 96/Ñ 329/01).
Though computer crimes have not been widely extended in Ukraine yet, but their cases have been already fixed. Thus, on November 16-20, 2001, Ukrtelecom with more than 700 computers and tens of servers were attacked with a virus. As a result, computers were disconnected from the Internet and the system of corporate e-mail was put out of action for some time. The damage caused by the attack made more than 1 million UAH [4]. Resonant crimes are committed against financial and bank systems as well [5]. The tendency to increase these crimes in Ukraine reminds the world one - annual increase by 2-3 times (according to Ukraine's MIA Department...
Next
Add comment
Email to a Friend
