Computer Crime: - Binghamton



[pic]

ABSTRACT

Over the past decade the number of computer related criminal incidents have increased multi-fold and losses related to computer crime is at an estimated high of $1,500,000,000,000. Yet the lack of public awareness of exactly what defines a computer crime causes many highly publicized incidents to be labeled unfairly as computer crime along with the actual incidents, further blurring the line between regular crime and computer crime.

While anyone would agree that a ‘denial of service ‘ attack or an internet worm such as the W32.Blaster worm both fall under the definition of a computer crime, where does something distributing child pornography over the internet fall under? Should this also be considered a part of computer crime or is a differentiation between such cases needed?

This paper will attempt to provide the reader a number of things:

i) What is considered to be a computer crime and what is not.

ii) The basic types of computer crimes as well as a number of examples for each type.

iii) The future of computer crime.

INTRODUCTION

Computer crime is a growing problem all over the globe now that personal computers have become the norm. In fact,. There are over 800 million people are using the internet all over the globe at this moment. This international nature of modern computer society creates many complications when it comes to criminal activities. Indeed, it’s all too often that we hear of the latest virus to hit the major networks to be the work of a hacker living on the opposite side of the globe or of a large scale attack being made on an internet backbone outside of the United States.

With the number of internet users all around the world growing at an ever increasing pace, it has now become critical for all users to be familiar with the inherited risks that the internet brings forth and also some of the legal responsibilities that a user has in an open environment that is the internet. This means that knowing what a computer crime is will help not only a user avoid legal troubles down the road, but also make the user aware of the ways that computers can be exploited and how to protect oneself against such attacks.

Yet there is one major roadblock to this task. What exactly is computer crime? Does any crime involving a computer constitute a computer crime or should its definition be more strict? Does cyber-stalking count as a computer crime or is that merely an extension of a pre-existing type of crime? Why does its definition even matter?

A BRIEF HISTORY: WHAT IS COMPUTER CRIME?

Although computers have been part of world history since its advent in the 1940’s it was not until the 1970s that computers became affordable enough for small businesses to use them in massive quantities. It was here that one first heard the term computer crime be used. These crimes ranged from disgruntled workers altering the file systems of the company mainframe to hackers transferring funds from one account to another and it is also here that the definition of what exactly a computer crime is came into question.

Much of the mass media seems to quantify any crime that involves a computer in one form or another as a computer crime, and Forester and Morrison suggested in 1994 that a computer crime was to be defined “as a criminal act in which a computer is used as a principal tool” but even this definition has many pitfalls. For one example, by this definition someone using a PDA to cheat on the SATs will be considered to be committing a computer crime as will a murderer using to look up directions to the victim’s home. While it is arguable that neither person would have been able to commit these crimes exactly the same way if computers were not involved, it is easy to see that both of these cases can be seen as just another case of academic misconduct and murder and not computer crimes.

Thus, it is more reasonable to define computer crime as crime that can only carried out ONLY through the use of computer technology. This strict definition is needed is due to the ever integrating nature of modern society. Cars, guns, and even certain photo frames have computer software embedded in them nowadays. If we were to keep Forester and Morrison’s definition of computer crime, a time will come when almost any crime can be defined as a computer crime, a situation that will become a legal nightmare for many future lawyers. By limiting computer crime to the above definition it is clear that the examples listed above are not computer crimes, while criminal activities such as the spreading of viruses is.

It is interesting to note that computer crime and Cybercrime are two completely separate entities although they both seem to have the same meaning at first glance. Cybercrime is defined as “crime committed using a computer and the internet”[1] meaning that any criminal activity committed through the internet will be considered a Cybercrime, even if it’s not a crime that can only be committed through a computer. Thusly, the proliferation of child pornography and stalking through the internet will be filed as a Cybercrime and not as a computer crime. It is this distinction that leads us to the three broadly defined types of computer crime: Software Piracy, Electronic Break-ins, and Computer Sabotage.

SOFTWARE PIRACY

Software piracy is, perhaps, the one type of computer crime that almost everyone is familiar with. Defined as the act of “using computer technology to either produce multiple unauthorized copies of computer software or to distribute unauthorized copies over a computer network”, it is also the computer crime that is currently the biggest problem plaguing the software industry.

Software piracy includes other intellectual properties being distributed that are slightly outside the scope of what most people consider software. These include movies, music, and even printed material such as books and comics that are increasing being scanned into JPEG files and being spread over Peer-To-Peer (P2P) networks such as Direct Connection++ and WinMX.

Although recent trends have curbed software piracy somewhat, the amount of pirated software in North America alone is estimated to account for 26% of all software currently in use, resulting in a loss of over $2,000,000,000 annually. What is more troubling is that a recent PC World magazine suggests that almost one-fourth of all companies rely on pirated software. It is troubling that even professionals working in the industry is taking part in such unethical practices.

ELECTRONIC BREAK-INS

Electronic Break-ins refer to the act of using technology to gain unauthorized access to a computer system or to a password-protected web site. These break-ins can range from a user breaking into a government network to something small scale as assessing the information of another home user’s personal computer(PC). The most famous example of electronic break-ins is probably the 1983 movie War Games, which features a teenage hacker causing World War III to occur when he hacks into a military network and begins to fiddle around with the information there.

The amount of damage that can be done by breaking into an infrastructure that is large enough is tremendous. One of the largest cases regarding electronic break-ins took place in 2001, when a band of computer hackers broke into over three dozen corporate sites and stole the credit card information of over a million users.

Ironically, while electronic break-ins are most often associated with computer hackers by the people at large, studies have shown that almost 82% of all break-ins are the result of people working on the inside than the result of hackers trying to access information from a remote terminal[2]. However, there are admittedly a number of active hacker communities active in the internet that exist solely to attack and bring down various commercial sites and systems.

In fact, one aspect of electronic break-ins that is often overlooked is the spread of industrial espionage. Now that most company information is digitized, it shouldn’t be surprising that spies are breaking into computer systems to look scan for sensitive information.

COMPUTER SABOTAGE

Computer sabotage comes in various forms. It refers to the use of computer technology to unleash programs that either disrupt the flow of electronic information across computer networks, such as the Internet, or destroy/ damage data and computer system resources.

Computer viruses have long around ever since the 70’s, spread through mostly via floppy disks. However nowadays virus are often spread over the internet through seemingly innocent e-mail attachments, although any lapse in computer security can cause a virus to slip through and infect a computer system. Although many of these viruses only wreck havoc on a single computer, many of the newer viruses target entire network systems. The infamous Melissa virus of 1999 targeted mailing systems and caused many large corporations, including Microsoft, to turn off their mail servers until the virus was under control.

Another popular form of computer sabotage is “Denial Of Service” (DoS) Attacks. Unlike viruses, which usually infect a computer system with malicious data, a DoS attack is one specifically designed to bring a computer network down by flooding the network with useless requests for data. This causes severe network degradation and often causes networks to shut down completely. “Distributed Denial of Service” (DDoS) Attacks is a more advanced form of this computer sabotage and refers to the use of multiple computers to attack a network at once. Computer viruses are particularly good at DDoS attacks since the owners of the infected machines are participating against their own will. The Melissa virus is an example of a virus that causes a DDoS attack.

Although the popular conception is that computer sabotage takes a great amount of computer knowledge and skill to be pulled off, the wide spread of the internet has resulted in numerous viruses and tools that are freely downloadable from various illegal sites. While the widespread-ness of such tools mean that adequate internet security measures such as application patches and anti-virus software already detect and nullify any malicious intent these script kiddies have in mind, they can still cause a lot of damage by preying on users and commercial sites that still use outdated protection measures.

OTHER CRIMES

In addition to a three basic crime types already listed, there are a number of other computer crimes that being birthed as the internet matures.

Although the vast majority of internet crimes can be thought of an internet version of pre-existing crimes, some of these are so unique to the internet that it becomes necessary to talk about them in their own category. This is where the new phenomenon of “page jacking” comes in.

Page jacking is the simulating of a legitimate website in order to obtain secrets of business from an unsuspecting user. Although such crimes of deception are usually non-internet crimes, the unique nature of the internet makes practices such as page jacking a tactic that many computer users fall victim to. A typical case of this is a similar but illegitimate website from a mistyped web address. For example, a mistyping of to will result in a search engine that is similar to Google but is not affiliated with the company in Google search engine in any way.

The real damage of page jacking occurs when sensitive information, such as credit card numbers, are involved. Already there have been numerous cases of internet buyers being fooled by links to false auction payments sites and wired money to a hidden account. Other cases involve e-mails being sent from companies such as your Internet Service Provider or your banking service requesting that you update your account information, and linking you to a site that looks exactly the same to the authentic site, all the down to a false VeriSign logo. Already major companies such as Paypal and Earthlink have reported such instances of Internet deception occurring, resulting in stolen credit card numbers, personal information, and in some extreme instances, bank accounts.[3]

THE FUTURE

As the Internet evolves, it is expected that computer crimes will take become an even bigger chunk of all crimes than it is right now. While software piracy has been on the decline, other forms of media, such as music and movies, have seen an exponential growth in the piracy of their licensed material through the electronic medium.

Even the new electronic media, such as cell phones, have reported cases of computer viruses meaning that as more and more tools become integrated with computer software, computer crime will find a new venue to prey upon.

It can be argued that the growing complexity of computer software and improving computer security will result in computer crime to decrease in the future, but while the amount of knowledge needed to pull off a successful attack on a computer is ever increasing, the propagation of easy to use computer sabotage tools by the people with the technical expertise to the average user will actually result in an increase of potential computer criminals[4] , making a secure computer infrastructure even harder to maintain. Computer security in the future will depend on the hard work of Information Technology (IT) professionals, the further advances in both Firewall technology and the hard work of Anti-virus companies such as Norton and McAfee to maintain.

CONCLUSION

Computer crime has progressed a long way from its admitted minor communities of hackers out to take on the large corporations ala a modern day Robin Hood to a recognized threat to the modern world. In an age when the average company posts $1,000,000 in lost revenue due to computer misuse and over $1,500,000,000,000 are lost worldwide due, computer crime is no longer just an imaginary threat sensationalized by the mass media.

The challenge of today’s educators is to teach the less technically inclined about the dangers of computer crime and what is considered to be a criminal activity and what is not. Given the mass spread of free music through the internet, it is quite possible that future generations will grow expecting to be able pirate any form of media for free unless people are taught that such activity is a crime that have real consequences for both the customer and the corporation. It is also only through such efforts that more people will take the time to keep up-to-date on their computer security and will keep their computer security software from becoming outdated.

REFERENCES

1.Business Software Alliance “Four Out Of Every Ten Software Programs Are Pirated Worldwide” [June 10, 2002]

2.PC World “Leading Companies Rely on Pirated Software”

[October , 2004]

3.CERT Coordination Center”Denial of Service Attacks” [June 4, 2001]

4.Davis Logic “Cybercrime and identity theft” [August 24, 2004]

5.IT Security “What on Earth are we spending our Infosec budgets on?” [June 10, 2003]

6.Herman T. Tavani(2000), “Defining the Boundaries of Computer Crime:Piracy, Break-ins, and Sabotage in Cyberspace.”, Computers and Society, September 2000 Issue, pp3-9

7.Stefano Grazioli & Sirkka L. Jarvenpaa(2003), “Deceived:Under Target Online” Communications of the ACM Vol. 46, No. 12, pp196-205

8.Richard C. Hollinger(1991) “Hackers:Computer Heroes or Electronic Highwaymen?” Computers and Society, Vol. 21, No. 1, pp6-17.

[pic]

Figure 1 Intruder Knowledge vs. Attack Sophistication

[pic]

Figure 2 Number of Intruders able to execute attacks

About the Author

[pic]

WooJin Lee was born in Pusan, South Korea on October 5, 1982 and moved to the United States at the age of 7 and has resided in New York City ever since. He attended Stuyvesant High School and there learned to loathe the overly intellectual type, and tried to regain sanity by attending Binghamton University to no success. There he is currently a Computer Science major with a International Studies minor, as well as a Fast Track MBA student.

He has a love of languages and is fully trilingual in Japanese, Korean, and of course, English. It was this love of languages that caused him to study abroad in Japan for a year, where he earned his Level 1 fluency in the Japanese Proficiency Test. He also spent time in Japan teaching English to middle aged businessmen and learned that it’s impossible to teach someone something if they don’t take it seriously.

An avid reader and Go player, he is the co-founder and treasurer of the Binghamton University Go Club and likes to spend the club meetings thinking about the philosophical nature of Go.

Ironically, despite his computer science background, WooJin works mostly as a freelance translator on the side due to the much, much, higher pay and the flexibility that comes with the job.

Computer Crime:

What is it and what types of computer crimes exist?

WooJin Lee

Computer Science Major , SUNY-Binghamton

exswoo@

Table of Contents

ABSTRACT 1

INTRODUCTION 1

A BRIEF HISTORY: WHAT IS COMPUTER CRIME? 1

ELECTRONIC BREAK-INS 2

COMPUTER SABOTAGE 3

OTHER CRIMES 4

THE FUTURE 4

CONCLUSION 4

REFERENCES 5

About the Author 7

Figure 1 Intruder Knowledge vs. Attack Sophistication 6

Figure 2 Number of Intruders able to execute attacks 6

-----------------------

[1] Wordnet 2.0, Princeton Library

[2] Computers and Society, Vol.21, No.1-June 1991

[3] Risks Digest, Vol. 20, Issue 97, 2000

[4] Figures 1 and 2.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download