Computer Crime Research Center


Computer crime: threats and forecasts

Date: July 12, 2004
Source: Computer Crime Research Center
By: Vladimir Golubev

Development of scientific progress related to introduction of modern information technologies led to appearance of new kinds of crimes as illegal infringement with operation of computers, systems and networks, theft, appropriation, extortion of computer information. This socially dangerous phenomenon received a wide-known name - "computer crime" and "cyberterrorism". Computer crime, by mechanism, methods of committing and concealing, possesses characteristic features of high latency and low level of solving.

Vladimir Golubev, CCRC Director, was interviewed by Eduard Steiner, Moscow reporter of a known Austrian newspaper ┬źDer Standard┬╗.

Your Center researches problems of computer crime in Russia, doesn't it?

Our Center is a non-for-profit, non-governmental, scientific research organization. Scientists, law enforcement officers and experts on high tech crime counteraction take part in the work of our Center. Problems of Russian computer crimes are also in the field of our research. Russian scientists, law experts (Vitaliy Vehov, Vitaliy Nomokonov, Natalya Lopashenko, etc.) regularly publish their materials that deal with matters of origin of computer crime, conditions that favor its development and methods to fight and counteract to computer crimes. We conduct comparative analysis of criminal law, which is responsible for crimes in the sphere of computers, systems and networks.

What do you know about Hangup-Team hacker group? Is it a typical hacker group or does is have some distinctions from other groups?

The analysis of Hangup-Team feaures shows that a high level of intellectual initiative is peculiar of its members, their activity is internally motivated by work with information technologies. They are independent enough.(make a separate sentence)

Is this group really a more dangerous one than others?

We may consider F-Secure's opinion to estimate how dangerous this group is. Allegedly members of Hangup were authors of Korgo virus. Michael Albrecht, F-Secure manager, said there was real danger that malefactors may collect passwords of access to banks through the Internet. On their website there's a report on Hangup activities this year; it says American users received about 50 million of spam letters, 1.5 million of computers were infected, size of files with passwords exceeded 5 gigabytes. But F-Secure failed to prove Hangup's authorship of Korgo. As regards to hacking, representatives of various age categories and social groups are involved in hacking. However, professional hackers make up only a small percent of these criminals. The level of computer skills among the majority of criminals leaves much to be desired. But it turns out to be enough to obtain restricted information of careless users.

What is the specifics of cyber-fascism, what does it teach?

Cyber-fascism is a social political movement and ideology that use opportunities brought by the Internet and wide network audience. Their goals and tasks are the same: opposition to institutes and values of democracy of so-called new order and to the limit tough means to assert their position.

Why is it so hard to find and prosecute? What law enforcement agencies (police, etc.) fight computer crimes in Eastern countries? What is necessary for successful fight?

Unfortunately, only 12% of total number of cybercrimes become known and reach law enforcement and public. Well, what bank, for instance, will be interested to announce that their payment systems were hacked? The given problem has several more important aspects: weak training of law enforcement officers to investigate such crimes, computer criminals do not leave any common traces. These crimes usually are transnational, trans-frontier, when a criminal being located in one state commits a crime against the other state. National level criminalization of such activities is important for investigation of cybercrimes and prosecution of guilty. When criminal law of any of these states do not provide responsibility for such activities, this state becomes a legal vault for criminals.

Today, corresponding departments and units to fight high tech crimes are created at the ministries of internal affairs in Ukraine, Russia and other countries of post-Soviet block. July 2001, units fighting violations in the sphere of intellectual property were created at the Department Fighting Economic Crimes of Ukraine in regions. These units direct their work to prevent and reveal crimes related to intellectual property and high tech field. Donetsk Law Institute of the Ministry of Internal Affairs of Ukraine opened an admission of future experts-officers to the investigative search in the sphere of high technologies specialty. In 2002 a group of authors: Vladimir Golubev, Vladislav Gavlovskiy, Vitaliy Tsymbaliuck, with support of TraCCC at the American University (Washington, DC) issued a textbook "Problems of fighting computer crimes". It was the first textbook for Ukrainian cyber policemen. Three constituents are necessary to fight cybercrime successfully:
- harmonization of national law on fighting computer crime with requirements of international law;
- high professional training of law enforcement: from investigator to judicial system;
- cooperation and legal mechanism of law enforcement in collaboration of different countries.

What kinds of Internet crimes are the most dangerous at the moment? Can you explain them? What can you say about blackmail?

Spread of computer viruses, plastic card frauds, theft of money from bank accounts, theft of computer information and violation of operation rules of computer systems are among the most dangerous offences on the Internet. In order to get one million of UAH (about $185-190 thousand) certain people phoned director of Odessa Airport, Ukraine and informed that they had placed an explosive device on board of a plane flying for Vienna and they also had blown up a bomb in the building opposite to the airport building to confirm their serious intentions.

The Security Service of Ukraine and the Air Security Office were informed of the accident right away. Criminals put detailed instructions on fulfillment of their requirements on the Internet. The main demand was one million of UAH. Criminals planned to use Privatbank's "Privat-24" Internet payment system to get the money. The useful feature for criminals in that case was that this system allowed anonymous creation and control over an account knowing only login and password. Therefore they used the Internet to secure anonymous and remote distribution of their threats and receipt of money.

Besides typical operational measures, there was a need to operationally establish data on technical information in computer networks as criminals used the Internet at all stages of their criminal offence. The Security Service decided to engage experts of a unit on fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs. They were committed to establish senders of threat e-mails and the initiators of bank payments.

The response of ISP and the information they provided helped to determine phone numbers and addresses related to criminals, and also allowed to get firm evidences stored in log data bases of ISP and Privatbank.

Logs allowed to find out IP addresses of computers, e-mails and phones that helped to review concrete computers at the scenes.

The chronicle of events proves that prompt and qualified aid, provided by the unit on fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs in January 2002, to officers of departments fighting terrorist and protecting state organization at Security Service allowed to reveal a criminal group, to prevent their criminal activity, and thus to give due to cyber terrorists.

Do computer crime cases increase?

The Computer Crime and Security Survey, conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad, says the USA managed to take over control of computer crimes. Russian statistics data show that it increases as rapidly as the process of computerization goes on. Increase of the number of crimes in the sphere of computer information is a quicker process than computerization in Russia.

Criminals are not afraid of the fact that, in accordance with article 272 of the Criminal Code of the Russian Federation "Illegal access to computer information", they face from 6 months to 5 years of imprisonment.

According to the Main Information Centre of the Ministry of Internal Affairs in Russia, such crimes reached 7053 thousand in 2003, that twofold greater than in 2002 - 3782.

Article 273 "Creation of computer software or alteration of existing programs that intentionally lead to the unauthorized deletion, suppression, modification or copying of information, hindering operation of a computer, computer system or network, and use or distribution of such software or machine mediums with such software. In 2002, 330 and in 2003 - 728 crimes were filed violating this article.

The amount of registered and investigated computer crimes violating article 274 "Violation of computer, computer system and/or network operating rules by an authorized person that caused the deletion, suppression or alteration of computer information protected by law, if it caused significant damage" decreased as compared with the previous period. The top rise of these offences was in 2001 year - 120 crimes. In 2002 this kind of crime reached 10, in 2003 - there...

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2004-12-09 05:18:29 - hey i cant find your e-mail and i need to... Robert
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo