| Criminal Investigation, 8/e Charles R. Swanson,
University of Georgia Neil C. Chamelin,
Assistant State Attorney, Second Judicial Circuit Leonard Territo,
University of South Florida- Tampa
Computer Crime
Chapter OutlineI. INTRODUCTION TYPES OF COMPUTER CRIME (See Slides 16-2, 16-3 and 16-4) A. The Computer as the Target The crimes include the denial of expected service or the alteration of data. 1. Computer Manipulation Crimes. These types of crimes involve changing data or creating electronic records in a system for the specific purpose of advancing another crime, typically fraud or embezzlement. 2. Data Alteration or Denial. Data alteration and denial directly targets the computer by attacking the useful information stored or processed bythe computer. 3. Network Intrusion and Theft of Data. Hacking or Cracking are words commonly used to describe the unauthorized entry into a computer system. 4. Denial of Service. More direct than the subtleties of a network intruder, the denial of service leaves little room for argument of a negative effect. Although any resource may be denied to the rightful user, the most prominent example of this crime targeting the computer is the network denial of service attack. 5. Computer Vandalism. When an intruder removes valuable information from a computer system, the intruder denies the legitimate user or owner access to that information. B. The Computer as an Instrumentality of the Crime (See Slides 16-5 and 16-6) 1. Theft. Parker, creator of the first computer crime typology, notes that market-sensitive proprietary information, financial information, trade secrets, process technology information, human resources information, customer information, information products, transitory information, and security information can all have value to the owner. 2. Theft of Services. Although many services available on the Internet are free, some data and services are considered proprietary. This means the users must pay to use the data or service. The use of these proprietary services without payment is theft. 3. Fraud. Like the common definition of fraud, fraud using a computer exploits the trust, guaranteed by law, in a business transaction. Fraud can be perpetrated by the buyer, seller, or peer in a transaction. 4. Threat and Harassment. The U.S. Department of Justice (DOJ) maintains a Web site that details a range of threatening behaviors conducted on the internet. C. Computers as Incidental to the Crime (See Slide 16-7) In this category the computer does not conduct the illegal transaction, it simply facilitates it. 1. Money Laundering. The movement of illegally obtained money to legitimate businesses can be greatly facilitated by using computer systems. 2. Criminal Enterprise. Computers appeal to criminal enterprises or businesses for many of the same reasons they appeal to others: they are quick, reliable, very accurate, and perform many business-related tasks far faster than if done manually. 3. Child Pornography. Chapter 12, Crimes Against Children, details the use of the Internet in luring unsuspecting children to pedophiles and in distributing child pornography. In the latter area, the Internet has been the key communication medium for the sale and exchange of child pornography on both an international and domestic basis. 4. Pedaphilia and Sexual Assault. If child pornographers use computer networks to exchange indecent images of children, those images must have been created with children. In other instances, the Internet has been used to lure victims to pedophiles, thus providing opportunity. D. Crimes Associated with the Prevalence of Computers (See Slides 16-8, 16-9. and 16-10) 1. Intellectual Property Violations. Intellectual property violations are often described as piracy. The Business Software Alliance (BSA) is the principal software industry, antipiracy resource. The BSA estimates loses to piracy in the United States alone at over $2.5 million during 2000. 2. Misuse of Telephone Systems. Telephone "phreakers" are people who trick telephone systems into believing that long-distance and air time are being legitimately purchased. 3. Component Theft and Counterfeiting. Although system and component theft has been dropping in significance, the actual dollar value has grown since the CSI/FBI survey began. 4. Identity Theft. Although identity theft can occur without the aid of a computer, the unique contribution of the computer to this crime is the vastly expanded field of victims and amount of information available. 5. Corporate Crime. The rapid growth of the computer industry has caused many questionable business practice to be developed and eventually accepted as a part of doing business. Examples of these questionable practices include rebate fraud, grossly one-sided End Use License Agreements (EULAs), misleading advertising, component swapping, reselling refurbished components in ‘new’ systems, simple fraud, and many others. II. MALICIOUS CODE AND COMPUTER CRIME (See Slides 16-11, 16-12, 16-13
and 16-14) Investigators should be aware of the tools that are unique to computer criminals. A. Discovery Tools. Most network intrusions attack targets of opportunity; this means that rather than select a target system, most intruders find a vulnerable system. B. Cryptoanalysis Tools. Bruce Schneier defines cryptanalysis as the art and science of accessing secured information without conventional means. C. Exploits. Exploits are a generic class of programs that are written to take advantage of a security hold or "back door" program designed to evade normal security procedures. D. Attack Codes. Unlike simple intrusion aids, which may cause damage incidental to the intrusion, attack code is malicious software intended to impair or destroy the function of another computer or network resource. 1. Denial of Service Attack Methodologies. AOL punters, WinNuke, Bonk, Tear Drop, Mail Bombs and myriad other software tools have been developed with the sole function of annoying users. 2. Logic Bombs. Logic bombs use illegal program instructions a dn misuse legitimate instructions to damage data structures. E. Delivery Vehicles. Delivery vehicles provide computer criminals with a method to deliver their attack software. 1. Trojan Horse Programs. Trojan horse programs are the delivery vehicle of choice for exploit software. Trojan horse programs masquerade as legitimate programs. 2. Viruses and Worms. A computer virus is a malicious program that is secretly inverted into normal software or into the computer’s active memory. III. INVASION OF PRIVACY AND RELATED ISSUES (See Slides 16-15) A. Sexually Explicit Material Nothing seems to spur more controversy than debate concerning regulation of the Internet. While several attempts have been made to limit access to unwanted material available on the web, no set standards have yet been approved as law. B. Cookies "Cookies" which are small files planted by web pages on visiting computer. These files are stored within your browser (Netscape Navigator) or a separate file (Microsoft Explorer). They are used by a web server to identify past users. IV. THE HACKER PROFILE A. The computers that hackers use are typically far less sophisticated than those used by the system they attack. Their weapon of choice is a fast computer with a large hard disk, a modem, and a telephone line through which they can access the information superhighway. V. THE INSIDER PROFILE (See Slide 16-16) A. The most likely suspects in insider computer crimes are programmers and system operators. B. When investigating what appears to be an insider computer crime, the investigator should consider the following factors: 1. Opportunities 2. Situational Pressures—Financial 3. Situational Pressures—Revenge 4. Personality Traits VI. INVESTIGATING COMPUTER CRIME (See Slide 16-17) A. Crime Scene Techniques Frequently, computer crime evidence will be seized by the execution of a search warrant. This warrant should include information about the computer, data storage devices (including internal and external hard drives), floppy disks, tape backups, modems, programs, software manuals, user notes, hard-copy output, and any peripherals that may be of concern to investigators, such as scanners. B. Digital Forensic Analysis. Digital forensic analysis is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. VII. PREVENTING COMPUTER CRIME (See Slide 16-8) Protecting information, largely by making it inaccessible to unauthorized users, is a key element of preventing computer crimes. A. Back-Ups and Redundant File Storage Backups are the single most important security measure a company or individual can take. B. Firewalls A firewall is a device or software that acts as a checkpoint between a network or stand-alone computer and the Internet. C. Encryption Bruce Schneier defines cryptography as "the are and science of securing messages." Messages can be any data. Encryption is a technique of securing data by scrambling it into nonsense. D. Password Discipline The single greatest problem in computer security is password protection. Several approaches have been taken in an attempt to solve the issue, including password-creation software, one-time password generators, and user authentication systems—like biometric devices. |
|