Digital Crime

Digital Crime Evidence and Procedures Digital TITLE: Compare and contrast the four different categorizations of computer crimes Abstract Computers are used for many different types of personal and work related activities. Getting on the Internet and researching a topic for a college paper, researching types of flat screen televisions and their various prices, or what about getting on the computer and playing games, or using computers to watch movies and chat with friends and family.

From a work standpoint, computers assist in processing orders, calculating and tracking numbers, manufacturing vehicles, sending email, and literally millions of other computer related activities. But, what if computers were used to copy Microsoft’s Office software applications and sell them at 60% cost on the black market? What if computers were used to login to accounts that weren’t the owners and take unauthorized data to sell for identify theft purposes?

What if computers were used to hack into databases and “borrowed” data that then provided “insider information” that endowed an unprecedented stock gain for Members of the Board of Directors? These examples would mean that computers were being used for cyber-crimes. There are four primary categories of these types of cyber-crimes that will be the focus of this research paper. Introduction A stated on the Law and Legal Information Web site, “A precise definition of computer crime is problematic’ (Law. rank. org, n. d). Delving further into an explanation, one finds, “This is because of the array of different forms and forums in which the crime may appear. A single category cannot accommodate the wide divergence of conduct, perpetrators, victims, and motives found in examining computer crimes. Adding to this confusion is the fact that computer crimes also can vary depending upon the jurisdiction criminalizing the conduct. The criminal conduct can be the subject of punishment under a state statute.

There is also an odd mixture of federal offenses that can be used to prosecute computer crimes. But computer crimes are not just domestic. Because computer networks operate internationally via the Internet, the law of other countries can influence the definition of computer crime as well. Despite debate among leading experts, there is no internationally recognized definition of computer crime. At the core of the definition of computer crimes are activities specifically related to computer technologies.

Thus, stealing a computer or throwing a computer at another person would not fall within the scope of the definition of computer crime in that these activities do not use the computer technology as the means or object of the criminal act, and it is the technology that is the focus of this paper (law. jrank. org. p. 697). Defining the various computer activities continues to be a challenge but one that normally can be agreed upon is that of computer crimes now known as cyber-crimes.

Computer crime, also known as cyber-crime, e-crimes, hi-tech crime or electronic crime, is referred to any criminal activity that is done by means or through a computer or Internet network. For the sake of this paper, cyber-crimes is the term of choice. Cyber-crimes are a fairly new set of tractable crimes, starting in 2001 by The Internet Fraud Complaint Center (IFCC), which began operations on May 8, 2000. The IFCC is a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI).

Just prior to the 2001 IFCC organization, in 1999, The President of the United States put together a “Working Group” to Report on the Unlawful Conduct on the Internet and on March 2000 they did present a report entitled, “(PWGUCI) 2000). ” Parts of this report will be discussed throughout this paper, as it relates and is purposeful. The IFCC’s primary mission is to address fraud committed over the Internet.

On a side note, although the primary mission of the IFCC is to address Internet fraud, the IFCC served a critical role for the United States starting on September 11, 2001, just hours after the terrorist attacks in New York, Pennsylvania, and Washington, D. C. The IFCC web site served as the mechanism for people to file online tips with the FBI regarding the attacks. Tens of thousands of tips were reported and processed and some of the information proved useful in the subsequent criminal investigations, (IC3. gov. page 100312).

The following chart indicates that the online crime complaints increased substantially once again in 2009. The IC3 received a total of 336,655 complaints, a 22. 3 percent increase from 2008. The total loss linked to online fraud was $559. 7 million; this is up from $265 million in 2008. This partnership continues to flourish and support the ongoing Internet attacks, issues, and tracking; therefore helping all to better understand the trends and needs. Over the years, the IFCC has tracked many various Internet trends and beginning in 2003 started reporting on an annual basis a through Internet crimes report.

One of the annual charts that respectfully highlight “The Top 10 Internet Cybercrimes” is the one that best represents what is being discussed. Starting in 2003 the Top 10 Cybercrimes has been tracked. The 2003 chart is included below as is the 2009, in order to show the variation and trends. (IC3. gov. ,p. 6) The following is the 2009 Top 10 Cybercrimes, from the IC3 2009 Annual Report. A description of the chart indicated the following: During 2009, email scams that used the FBI’s name was the offense most often reported to IC3, comprising 16. 6% of all crime complaints.

Non-delivery of merchandise and/or payment represented 11. 9% of complaints. Advance fee fraud made up an additional 9. 8% of complaints. Other top 10 complaint categories included identity theft (8. 2%), overpayment fraud (7. 3%), miscellaneous fraud (6. 3%), spam (6. 2%), credit card fraud (6. 0%), auction fraud (5. 7%), and destruction/damage/vandalism of computer property, (i. e. ,” computer damage,” 4. 5%). (IC3. gov. ,p. 7) From 2003 to 2009 Auction fraud has gone from 61% of the complaints to 5. 7% of the complaints. This is almost a 10% decrease per year, if neutralized and averaged.

One has to wonder why this has occurred. Is it that other issues are greater, or have the auction houses become better? One assumption that the research indicates is that complaints normally come based upon two major factors, 1) identifiable loss (i. e. : one knows how much money they lost) and 2) nuisance or menace. This would assist in supporting auction fraud dropping, as the number of menacing emails continues to be on the rise and the damage that identify theft, email scams, and non-delivery of paid for merchandise has increased drastically. IC3. gov, n. p. ) The Working Group Three The1999 Working Group was the first time the government came together and formed an Internet task force with Internet crime being the focus. Within a rather exhaustive report of their findings comes the definition of the three computer crimes that they consider can be committed. The first is the computer as a communication tool. The computer as a communication tool presents the computer as the object used to commit the crime.

This category includes traditional offenses such as fraud committed through the use of a computer. For example, the purchase of counterfeit artwork at an auction held via the Internet uses the computer as the tool for committing the crime via the Internet as the communication tool. While the activity could easily occur offline at an auction house, the fact that a computer was used, via the Internet, made it one of the three computer crimes currently being discussed. This fits within the FBI categories that will be discussed eventually.

Another point that can be made with the use of the computer via the Internet is that due to the fact that a computer is used for the purchase of this artwork it may cause a delay in the detection of it being a fraud. The use of the Internet may also make it difficult to find the perpetrator of the crime. Understanding how the use of the computer in this transaction is critical to being able to grasp the concepts of the three crimes. This crime could have occurred online or offline but since the computer was used via the Internet, it was a computer related crime. (law. rank. org. ,p. 697) There are many reasons for using stolen computers or storage devices for illegal activities. For example, store all of the programs they have stolen, track their activities, store credit card numbers, keep track of their child pornography or other pornography files, store business files they have stolen, store business applications they have stolen, store databases they have stolen, etc. There are just so many different types of datum, applications and other files that could be stored on storage devices that it is impossible to list them all.

There is an area that requires input from hackers and that is most likely not available. The question that needs to be answered is, “Why do hackers use stolen storage devices that police will be able to obtain to store their illegally obtained information, files, goods, etc.? Storage devices technically do not allow for 100% removal of something that has been stored on it, therefore once a hacker has saved and deleted, the police are able to come in and with the proper tools retrace the steps and locate the deleted files.

There are better tools. Why not use them? Stolen devices do not cost hard dollars, which is the only idea floating around. There must be better. The FBI Four The FBI four categorizations of computer crimes are: 1) the computer as a target, 2) the computer as an instrument of the crime, 3) the computer as incidental to crime, and 4) crimes associated with the prevalence of computers. These four are very different from each other, yet totally similar. This will be seen as progress throughout the paper is made.

Continuing on with number one, it is different from the rest in that, this is where the actual owner of the system is not allowed access to the system; they are denied the expected service. Number two, the tool is the computer and the tool is used to commit the crime. For example, a burglar uses a crowbar to break-in to a building, just as a digital criminal uses a computer to break into a network and into a database to do their damage. And, number three occurs in the digital criminal world where activities take place and then computers are used in some “incidental” way to “facilitate” it occurring.

And finally, the fourth type of computer crime is done due to the prevalence of computers. Examples include intellectual property rights, counterfeiting, and identity theft. All of the four primary categories of crimes provide us with plenty of examples from which to learn, draw on, and report. One of the best ways to understand concepts that are different and unique yet tied together in a list, is to approach them as if they are completely separate and then bring them together after all of their differences are identified. Therefore, let’s begin with: Computer as a target.

Objective of this crime is to damage or steal data from a computer at a location away from the current computer. Some important types of data include intellectual property theft, theft of marketing information, theft of business information, and stealing personal information. Creating malicious spyware and viruses with the intention of sabotaging the operating systems also comes under this category. Unlawful access to confidential government records, techno-vandalism and techno-trespassing also come under crimes where computer is a target.

Crimes in which the computer is the target include such offenses as theft of intellectual property, theft of marketing information, or blackmail based on information gained from computerized files (e. g. , medical information, personal history, or sexual preference). These crimes also could entail sabotage of intellectual property, marketing, pricing, or personnel data or sabotage of operating systems and programs with the intent to impede a business or create chaos in a business’ operations.

Unlawful access to criminal justice and other government records is another crime that targets the computer directly. This crime covers changing a criminal’s history; modifying warrant information; creating a driver’s license, passport, or another document for identification purposes; changing tax records; or gaining access to intelligence files. Techno-vandalism occurs when unauthorized access to a computer results in damage to files or programs, not so much for profit but for the challenge. In such cases, the damage or loss may be intentional or accidental.

Another crime in this category is techno-trespass that is, “walking” through a computer just to explore. In such cases, the intruder only looks at a file, but even this violates the owner’s privacy. This would be the technological equivalent of a criminal trespass (Lectlaw. , Carter, 1995. ) What about your computer? Why would hackers want your computer? Rather than debate this, let’s just agree that hackers do want your computer, because they want everyone’s computers, they want all computers. They want what is stored on all computers.

Hackers look for credit card numbers, bank account information, addresses, social security numbers, birth dates, and anything else that they can find. During junior high, high school, possibly college, many are taught that if entrepreneurial-ship is a chosen career, then using another’s money may work best; never risk one’s own money, if possible. Unfortunately, hackers seem to have taken this idea into the illegal realms and way out of context. Stealing from others is not the way to fund one’s life. By stealing information on computers, hackers can use your money to buy themselves anything, i. . : all the goods and services they desire. Unfortunately, hackers do not just want information from your system, they also want your Internet connection, your disk space/storage, and your Internet speed, and much more. Hackers use these resources to attack other computers. The more computers a hacker can be using at the same time, the harder it is for officials to track them down. If they can’t track them down, if they are IP hoping for instance, they can continue to utilize a resource, which means that once they’ve figured out how to break into your computer, they will come back.

The Instrument of the Crime Due to the nature of computer crime, a crime could occur without the technology; however, computerization helps the crime to occur faster, permits processing of greater amounts of information, and makes the crime more difficult to identify and trace. Some of the most common crimes are: unlawful banking transactions, money laundering organized crime, bookmaking, drug raids, and illegal activities when involved in police computer activity. Essentially, the criminal introduces a new code (programming instructions) to manipulate the computer’s analytical processes, thereby facilitating the crime. Another method involves converting legitimate computer processes for illegitimate purposes. Crimes in this category include fraudulent use of automated teller machine (ATM) cards and accounts; theft of money from accrual, conversion, or transfer accounts; credit card fraud; fraud from computer transactions (stock transfers, sales, or billings); and telecommunications fraud.

One example of using a computer, as the instrument to commit a crime is the growing problem of individuals’ using cellular phones and electronically billing charges to other customers. In these cases, offenders obtain cellular billing identification codes by using scanning devices, which are small parabolic (curve-shaped) antennae connected to portable computers. When activated, these scanners capture and store account numbers transmitted by cellular phones. The offenders operate near highways, because motorists frequently make calls from their cars.

Once they capture the computerized billing codes, they program these codes into other cellular phones simply by hooking up the phone to a personal computer. Then, using software originally developed by programmers in London, they reprogram the signal chip in the cellular phone. The use of this software, which is easy to copy and to use, is spreading across the United States and Canada, sometimes being shared through underground computer bulletin board services (BBS). ” (The FBI Magazine, July 1995, p. ) Research papers that focus on computer topics just wouldn’t be as exciting without at least a couple of cyber-criminal examples. “TORRANCE, Calif. — With open computer labs, thousands of users and comparatively lax access security, campuses are fast becoming favorite targets and dupes for cyber-criminals. Last year, an on-again, off-again student strolled into the computer lab at El Camino College here, sat down at a computer and sent a falsified e-mail to his former employer that sent shockwaves rumbling through powerful Wall Street.

The message, which read as a dire-sounding press release from a Costa Mesa, Calif. -based high-tech firm, sent the company’s stock plummeting. The company’s market value plunged $2 billion, and thousands of investors sustained nearly $110 million in losses. Mark S. Jakob, 23, of El Segundo, Calif. , was later arrested and pleaded guilty to securities and wire fraud under a plea agreement with federal prosecutors. ” (Hackerheaven. com, Wright, 2001. ) The second example where the computer was the instrument to a crime is, on April 7, 1999, visitors to an online financial news message board operated by Yahoo! Inc. got a scoop on PairGain, a telecommunications company based in Tustin, California. An e-mail posted on the message board under the subject line “Buyout News” said that PairGain was being taken over by an Israeli company. The e-mail also provided a link to what appeared to be a website of Bloomberg News Service, containing a detailed story on the takeover. As news of the takeover spread, the company’s publicly traded stock shot up more than 30 percent, and the trading volume grew to nearly seven times its norm.

There was only one problem: the story was false, and the website on which it appeared was not Bloomberg’s site, but a counterfeit site. When news of the hoax spread, the price of the stock dropped sharply, causing significant financial losses to many investors who purchased the stock at artificially inflated prices. Within a week after this hoax appeared, the Federal Bureau of Investigation arrested a Raleigh, North Carolina man for what was believed to be the first stock manipulation scheme perpetrated by a fraudulent Internet site.

The perpetrator was traced through an Internet Protocol address that he used, and he was charged with securities fraud for disseminating false information about a publicly traded stock. The Securities and Exchange Commission also brought a parallel civil enforcement action against him. In August, he was sentenced to five years of probation, five months of home detention, and over $93,000 in restitution to the victims of his fraud, (PWGUCI 2000). The Computer as Incidental to the Crime Criminal enterprises also use computer as incident to their crimes, the crimes that they commit.

Computer appeal to criminal enterprises or for their businesses for many of the same reasons they appeal to others: they are quick, reliable, and very accurate; they perform many business related tasks far faster than by hand. Thus, they are used to support many different types of criminal enterprises, including loan sharking and drug rings. It has been rumored that large numbers of prostitution rings have been found using computers to keep track of customer’s visits, particulars, and business applications like payroll, (Digital crime and digital terrorism, p. 2) It has been confirmed over time, the computer is not essential for crimes to occur, but it is related to many criminal acts. This means that the crime could occur without the computer technology; however, computerization helps the crime to occur faster, permits processing of greater amounts of information, and makes the crime more difficult to identify and trace. Such crimes include money laundering and unlawful banking transactions, BBSs supporting unlawful activity, organized crime records or books, and bookmaking.

In one case, a suspect committed murder by changing a patient’s medication information and dosage in a hospital computer. Cases involving drug raids, money laundering seizures, and other arrests also have produced computers and electronic storage media containing incriminating information. Many times, the criminals encrypt the data or design the files to erase themselves if not properly accessed. In some instances, criminals even destroy the storage media, such as disks, to eliminate evidence of their illegal activities.

All of these situations require unique data recovery techniques in order to gain access to the evidence (The FBI Magazine, Carter, 1995). With the rapid development, growth and expansion of computer technology, criminals can now exchange information, including such artifacts as pornography using the greatest technological means. The standard gangs and pornographers are not the only ones saturated in computer use today; it has become so lucrative that the mafias and drug cartels are also entrenched with technology that may be even more advanced than what we have.

The computer and network systems are incidental to the crime. This makes sense – right! The mafia, the drug cartels, gangs, pornography, and crime in general has been around since the beginning of time but now, those involved have technology to help them be more efficient, produce more, gain more, gather more, do more damage, become bigger than they already are, and take over larger territories than they currently have. The crimes are done outside the computer system, outside the technology.

However, the computer and network technology advancements create greater and greater opportunities for criminals as they participate in all of the various crimes previously discussed. One the other hand, the advancement is also happening on the side of law enforcement. Crimes Associated With the Prevalence of Computers Before an understanding of the environment within which crimes can take place under the guise of number four, let’s define the one word that appears somewhat out of place, “prevalence”.

Merriam-Webster’s Online Dictionary located at, www. merriam-webster. com/dictionary/prevalent, as; 1 defines prevalence: Powerful. 2: being in ascendancy: dominant, 3: generally or widely accepted, practiced, or favored : widespread. Therefore, crimes associated with the dominance of computers. The research of this category returned approximately 1/3 the quantity of information of the other categories that have been reviewed. This category of crimes is committed just because there are many, and a significant many, computers present and available.

The crimes that are committed that fall into this category include; intellectual property violations, identify thefts (which fit into several categories), copyright of computer programs, copyright and distribution violation of software programs, manufacturing illegal counterfeit computer equipment, software piracy, misuse of telephone systems & long distance services, copyrighting of computer games, misuse of stolen cell phones, manufacturing knock-off cell phones and misusing chips from stolen phones, manufacturing computer peripherals such as hard drives and memory and selling these as if they are the original equipment manufacturer (OEM), theft and resale of technological equipment of special kinds, peripherals and programs manufactures but selling at very reduced prices. Now, some of these show their real colors and let you know they are not the OEM but rather they are part of an enterprising group dealing with the manufactures so that they can sell for very reduced prices, not the full truth but not the full lie. It is impossible to discuss activities like these above without looking at who gets hurt. Violation of copyright laws, especially those of business and commercial software can results in magnificent losses to those that spend years and millions in research and development of specialized software.

For a while, and the introduction of Open Source Office, Microsoft was hopeful that they would see a decrease in pirated copies of Microsoft Word, Office, and Excel. Thorough research did not indicate that Microsoft has published any updated numbers showing that they have seen a decrease in pirated copies sold, since Open Source Office became available. This means, that hackers are still making available to those at are unwilling to pay the full price for software, copies of Microsoft products. For example; A software package usually costs about $400; a strong-arm robbery usually yields about $50 or less for the thief. Thus, one copyright violation is the economic equivalent of eight strong-arm robberies.

However, because the emotional trauma experienced in a piracy is almost nonexistent, many people do not view this as a serious crime,(Lectlaw,n. p. ). The unauthorized copying of personal computer software for use in the office or at home or sharing of software among friends is the most pervasive form of piracy encountered abroad and in the United States. SIIA estimates this type of piracy is responsible for more than half the total revenues lost by the industry. Another area that is large on the pirated scale is the audio books and videotapes. There have been several attempts at showing the costs associated with hacker’s involvement with “Prevalence” crimes. $1. billion a year to $455 billion in losses are numbers that have been thrown out as potential worldwide losses due to all hackers related crimes. Let’s look at a few examples: Ongoing computer scams targeting small businesses cost U. S. companies $25 million in the third quarter of 2009, according to the U. S. Federal Deposit Insurance Corporation. Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC, (Computerworld. com, McMillam, 2010).

Scotland Yard still has no option but to blame themselves, for the “nintruder” or intruders have been rigorously pursued, but as of yet still have not been caught. Hackers like these are costing Britain alone almost $1. 54 billion a year, (Groups. csail. mit. edu, 1997). Legal Issues of Cyber-Crimes Given the name, “cyber-crimes” highly indicates something that needs to be controlled and/or distinguished. As indicated several times throughout this paper, there are many organized groups whose aim it is, it to monitor, control and punish the apprehended. Several years ago it was hard to get a cyber-criminal to be convicted of a cyber-crime. There were no rules or guidelines, let alone laws and officers.

What is the current status of computer or cyber-crimes? Since the Internet is not owned by anyone and there are no formal Internet police, the younger group of hackers from the 1980 and 90’s were of the mind-set that they could get away with anything, or that was the mind-set back in those days. History has shown that our world is not inhabited by people that can govern themselves. It truly is sad that we had the opportunity to prove that we did not need government policing, we had a clean slate, a place where anyone could do anything and we were monitored and regulated by each other. As an International society, we failed. We failed horribly.

We cried for help when we couldn’t police the Internet ourselves and now there are State, Federal and International laws, penalties, regulations, guidelines, etc. for everything Internet, and it is because we caused it. The penalties that are most visible to the common person are the State and Federal statutes. Included in the upcoming pages is a brief list of the Federal cyber-crime statues, as can be found at the “www. CERT. org” web site. This web site is one that shows the all about FBI cyber training and instructing how the FBI investigates Computer Crimes. Within this site is a multitude of information about the FBI, how they investigate cyber-crimes, software engineering institute, and various response teams.

This is actually a site with a wealth of cyber-crime information. Conclusion It is a known fact that more has to be done to eliminate crime and that obviously includes cyber-crime, on a small note, more needs to be done to protect information, information that is “secret”, “sacred”, “sensitive”, “valuable” and agreed upon as “highly-protected”. But, as long as data and information has a value attached there will be criminals willing to risk getting it. Bottom-line, there will always be cyber-crime. Let’s just hope it doesn’t come to real bullets against computer systems and the people that run them. REFERENCES Computer crime – categorizing computer-related crime. (n. d. ). Retrieved from http://law. jrank. rg/pages/697/Computer-Crime-Categorizing-computer-related-crime. html Computer crime – categorizing computer-related crime. (n. d. ). Retrieved from http://law. jrank. org/pages/697/Computer-Crime-Categorizing-computer-related-crime. html President’s Working Group on Unlawful Conduct on the Internet (PWGUCI) 2000, The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet, PWGUCI, Washington, DC, http://www. usdoj. gov/criminal/cybercrime/unlawful. htm, visited 2, May 2010. Butterworth, C, & Bresson, P. (2010, March 12). Ic3 2009 annual report on internet crime released. Retrieved from http://www. ic3. gov/media/2010/100312. aspx

The Internet crime complaint center. (2003, December 31). IC3 2003 Internet Fraud Report, 1(1), Retrieved from http://www. ic3. gov/media/annualreport/2003_IC3Report. pdf Podgor, Ellen. (n. d. ). COMPUTER CRIME. encyclopedia of crime and justice entries. Retrieved (2010, May 6) from http://www. highbeam. com/doc/1G2-3403000048. html Computer crime – categorizing computer-related crime. (n. d. ). Retrieved from http://law. jrank. org/pages/697/Computer-Crime-Categorizing-computer-related-crime. html Carter, David. (1995, July). Types of computer crimes. The FBI Magazine, Retrieved from http://www. lectlaw. com/files/cri14. htm, doi: The Lectric Law Library http://www2. fiu. du/~cohne/Theory%20S09/Ch%2014%20-%20Types%20of%20computer%20crime. pdf, The FBI Magazine, July 1995, page 3. Wright, Scott. (2001, January 22). Www. hackerheaven. edu. Community College Week, Retrieved from http://findarticles. com/p/articles/mi_7781/is_12_13/ai_n32870192 Taylor, R. , Caeti, T. , Loper, D. , Fritsch, E. , & Liederbach, J. (2006). Digital crime and digital terrorism [page 12]. Carter, David. (1995, July). Types of computer crimes. The FBI Magazine, Retrieved from http://www. lectlaw. com/files/cri14. htm, doi: The Lectric Law Library Carter, David. (1995, July). Types of computer crimes. The FBI Magazine, Retrieved from http://www. lectlaw. om/files/cri14. htm, doi: The Lectric Law Library www. merriam-webster. com/dictionary/prevalent McMillian, Robert. (2010, March 8). Fdic: hackers took more than $120m in three months. ComputerWorld, Retrieved from http://www. computerworld. com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months Kim, Michael. (1997, Fal). How Countries handle computer crime. Ethics and Law on the Electronic Frontier, Retrieved from http://groups. csail. mit. edu/mac/classes/6. 805/student-papers/fall97-papers/kim-crime. html doi: 6. 805/STS085 http://www. cert. org/tech_tips/FBI_investigates_crime. html (n. d. ). Retrieved from http://www. CERT. org/