Computer Crime Research Center


Criminal Legal Description of Computer Crimes: Methods and Practice of Investigation

Date: June 09, 2004
Source: Computer Crime Research Center
By: Victor Sabadash

Counteraction to computer crime is topical for Ukraine and for other countries as well. Computer crimes obtained transnational (trans-border) level. Thus British police arrested 12 citizens of the former USSR countries, including Ukraine and Russia, on suspicion of committing computer crimes. Only in 2003 scammers managed to transfer 108 million of USD from bank accounts in Britain to Russia reported Mick Ditz, Scotland Yard representative. The total size of damage incurred by a criminal group yet is to be evaluated.

Computer criminals used a relatively new method -- phishing, which becomes more and more popular amongst hackers, BBC informs. Recently many banks all over the world encountered variety of frauds and scams committed by hackers, swindlers and inside bank officials. But the most spread kind of crime against banks and especially accounts' owners is a so called 'phishing scam'. This scam is always entailed by usual spam. Artists try to trick consumers into giving up credit card information by posing as mail from, the government Web site where citizens comment on federal rule-making.

The phishing e-mails typically have subject headings of 'Official information' or 'Urgent information to all credit card holders!' and claim that recent changes in the law require that Internet users identify themselves to the federal government to create a secure and safer Internet community.'

Like other phishing scams, the e-mail includes a link to a bogus Web site, which in this case closely resembles Once there, users are asked to enter private and personal financial information, including credit card numbers.

Phishing expeditions can be a financial windfall for attackers, since some analysts' estimates put the success rate of such bogus e-mails at about 1 in every 20 recipients.

The most recent major outbreak of phishing attacks was between the summer of 2003 and January 2004, when Mimail and host of copy-cats tried to trick users into giving up credit card information by masquerading as messages from PayPal, eBay, and other major companies and banks.

Ditz regards that money came to Russian bank accounts opened for "one-day" fake firms. He is assured that arrested men are only the executors; their requester is a criminal group of Russia. Hackers got only small percents from the stolen money.

The first computer-facilitated crime was filed in the US, 1969. In Ukraine criminal responsibility was determined only in 1996.

New Criminal Code of Ukraine comprises three articles that criminalize offences of such kind. They are unified in Section 16 "Crimes in sphere of computers, computer systems and networks operation". The Criminal Code also contains other articles providing for responsibility for these violations. Particularly, part 3 article 190 (fraud, illegal operations using computer facilities) and article 200 (use of counterfeit electronic means to access bank accounts) of the Criminal Code of Ukraine.

Computer crimes are very latent owing to mechanism and ways of committing. According to the FBI 85-97% of all computer violations are not even opened. Experts consider that latency of computer crimes in the US is 80%, in UK - 85%, in Germany - 75%, in Russia - more than 90%. In the West less than 1% of computer crimes are brought to court. At that, experts say inspections allow revealing of not more than 10% of e-thefts. Ukrainian statistics show that only one sentence was ruled in 2003 in computer technologies sphere, in 46 more cases public prosecutors withdrew their indictments in the court.

This data shows that law enforcement officers often do not understand how to investigate these crimes and how to prove them in the court. The other problem is how to establish a fact of a committed crime. It is concerned with "cyber space" where crimes are usually committed not leaving the place with help of a personal computer, it has no frontiers. Besides illegal copying of information often remains undetected, virus infection is often regarded as usual user's mistake who couldn't detect it. Victims' attitude to infringement of their property is not always adequate. Instead of immediately informing police of illegal infringement of computer system victims do not hurry to do it, being afraid of loosing reputation.

Experts mark out three main categories of victims:
1. System owners - 79%.
2. Their clients - 13%.
3. Third parties - 8%.

It is remarkable that owners unwillingly inform (if they do) law enforcement of facts of committing computer related crimes. Such situation explains the high level of computer crime latency, as this category of victims is the majority.

Besides, officials engaged in information security assurance are not interested in uncovering facts of computer crimes. The fact of unauthorized access to their subordinate system prejudices their professional skills. Unsound security measures taken by the management may incur serious complications. Bank employees, as a rule, thoroughly conceal crimes committed against their banks detected by them as this may turn upon prestige of this bank and may cause losses of clients. Some victims are afraid of serious competent inquiry hence it can reveal improper or even illegal operations. Victims frequently fear that insurance companies will increase rate of insurance insurance premium (or they will refuse to prolong insurance contract), if computer crimes become regular for these organizations and their financial and other secrets will be divulged.

Thus we may outline the following factors that influence on victim's decision not to turn to law enforcement agencies on a fact of computer related crime:

1. Incompetence of law enforcement in establishing the fact of committing computer crime, process of its revealing and investigating.
2. Taking into consideration that, in case of criminal investigation, losses incurred by investigation may be bigger than damage caused by computer crime which is to be refunded judicially, many organizations usually not go beyond finding solution by taking own measures (not excludes recurrence of computer crime incidents).
3. Fear to sully reputation in business circles and further loss of clients as a result.
4. Unavoidable disclosure of security system during judicial proceedings.
5. Fear to reveal own illegal activities.
6. Revelation of reasons favoring computer crime during investigation may discredit professional skills of separate officials.
7. Legal illiteracy of most officials.
8. Companies often do not have clear idea of information's value stored in their computer systems. Usually it is evaluated by production expenses or by competitive ability. These data usually are production secrets, plans, confidential information and lists of customers, which can be used with the purpose of blackmail or other purposes. The value of such information is different for the owner and for the criminal that tries to get it. Direct value of such information is evaluated taking into account gathering, processing and storing costs, and also its market price. At the same time, some facts related to computer crimes influence on its direct value. If data were stolen or deleted (partially or fully) losses will include uncollected revenues, services, information recovery costs, losses from mutual mistakes at this, etc.

It is necessary to mark out that success of investigation of computer related crimes depends on the correct organization and planning of its process.

Defining tasks and solutions for each stage of computer crime investigation should be done on the basis of estimating the character of the event and all facts possessed by the investigator. Data of operational units, scientific technical achievements, progressive experience of investigating such crimes and real capabilities of the investigator and officers should be taken into account. Planning should be performed interruptedly; the investigator should modify the plan once he gets new data.

Investigative experience shows that the more technically complicated is the way to penetrate into computer system or network, the easier is the process of detecting suspect, because there are not so many experts able to cope with such security systems. Unauthorized access to closed computer system or network is technically difficult. Only skillful experts are able to perform such operation. Therefore it is expedient to search for suspect among technical personnel of victim companies (software developers, management, operators, programmers, communication engineers and experts on information protection).

It is expedient to involve IT experts in computer crimes investigation from the very beginning. It is also necessary to have certain information on kind, model of the computer, operation system installed on the examined system.

Besides, it is important to provide various forums, seminars, trainings on issues of qualification and investigation of offences in the sphere of computer information for law enforcement, investigators, judges in order to maintain more complete, qualified investigation and proceedings.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo