Computer Crime Prevention

Computer crime is a major concern of computer professionals today. It is necessary to inform the users who
own computers that are connected to the internet the many crimes that may be of harm to them. In this paper, I will
discuss several methods of computer crime prevention so users can lessen the likelyhood of being attacked.
Table of Contents

2
 I. Introduction

Ever since the event in September of 2001, a major concern of every person in the world has been security,
especially that of computers and the Internet. This is where computer crime prevention comes into play. Computer
crime prevention provides this security in forms such as software, hardware, laws, and lawsuits. In order to present
solutions in preventing computer crime, one must know what he or she is up against.
The most dangerous form of computer crime is called “hacking”, which is “the act of gaining unauthorized
access to a computer, network, Web site, or areas of a system” by “breaking through security measures, or to
perform malicious actions and destroy or steal data from a website or corporate network”.1
A second serious and common attack is through the usage of a computer virus. Computer viruses are
programs that attach itself to files on a computer, thus making the computer “sick”. One example is known as a
Trojan horse, which was named so because of the way it operates similarly to the legendary Trojan horse in ancient
history. Trojan horses cause damage to data or an entire system by hiding as a useful program, which later causes
system errors, for example by deleting files or causing system crashes after it is ran by a user.
Recently the two most publicized and notable crimes are “spyware”/spam and piracy. Spyware and spam
are the annoying advertisements that appear on computer screens and the junk e-mails that people receive. Piracy
deals with the sharing and downloading of illegal software and media files such as music and movies.
Almost all of these risks have arisen because of the exponential growth of the Internet over the past decade.

According to the U.S census of 2000 (See figure 1)2, about 44 Million households had Internet access, but in a more
recent survey made by Nielsen//Netratings, the number of Americans who have Internet access is actually around
204.3 million users3, which is an increase of about 160 million users within four years. Though the number of
computer users has increased readily throughout the years computer crime has been around for a long time and so
has the prevention of these crimes.

1
“Computer Crime Prevention,” Computer Crime Prevention, <http://www.nrps.com/community/comprev.asp>.
2
“Home Computer and Internet Use in the United States: August 2000,” September 2001
<http://www.census.gov/prod/2001pubs/p23-207.pdf>.
3
“Three Out of Four Americans Have Access To the Internet, According to Nielsen//NetRatings,” March 18, 2004
<http://www.netratings.com/pr/pr_040318.pdf>.

3
 II. History of Computer Crime Prevention

The exact origin of computer crime is not known but computer crimes have existed since “the very first
computer networks were built, because some people were looking for ways to exploit them for illegal purposes. As
soon as it was widely recognized that computers stored something of value (information), criminals saw an
opportunity”.4
The earliest history of viruses occurred in 1987 when two people by the name of “Basit & Amjad realized
that the boot sector of a diskette contained executable code which would run whenever a PC was booted with a
diskette in drive A:” so they “replaced this code with their own program, that this could be a memory resident
program, and that it could install a copy of itself on each floppy diskette that is accessed in any drive”5, which was
then named the Brain virus. Because of this virus, in 1988 the first anti-virus software was available for purchase.
When people realized that viruses were a serious problem, preventing them from entering their networks
was a major concern of administrators. One solution to this problem was the usage of firewalls. The first security
firewalls, which were IP routers with filtering capabilities, were used in the early 1990’s to prevent access to certain
data and data from exiting the network. For example, Digital Equipment Corporation’s firewall, the Secure External
Access Link, also known as the DEC SEAL. 6
It is nearly impossible to stop every single method of attack, just like the police can not oversee the actions
of every person. Most institutions do not just try to prevent one or more occurrences, instead they try preventing
future attacks with the following methods.

III. Computer Crime Prevention Methods

Total prevention of computer crime is impossible because of the new technologies that come out every day.
There are probably thousands of methods for preventing computer crime but here are a few prevention methods of
the more common ones.
The physical level is the first line of defense for many computers. The easiest way to prevent a computer
from an attacker would be to never connect the computer to the Internet or better yet any network, but because of the
rapid growth of the Internet, many people around the world use it as an information resource so the disconnection
method would not sit well with many people. So the next best way to prevent an attack at the physical level can be
as simple as locking a door or to a larger degree installing an external firewall. There are two types of firewalls, a
hardware based firewall, which is known as a firewall appliance, and a software-based firewall which operates in the
same manner as their hardware-based counterparts.
Firewalls are “designed to control inbound and outbound access, preventing unauthorized data from
entering the network and restricting how and what type of data can be sent out”7. Firewalls have two basic types of
filtering, to allow all packets through unless they are explicitly denied or to block packets unless they are explicitly
permitted. The best firewalls can perform multiple types of filtering including packet filtering, circuit filtering, and
application filtering.
Packet filtering deals with Internet Protocol (IP) packets and filters them based on the information within
the packet, for example, the address of the source and destination within the packet. Instead of dealing with packets,
circuit filtering filters sessions, such as the ones used by TCP and UDP. Application filtering filters according to the
data content of a packet when making filtering decisions as well as to the user information, for example, preventing
a certain user from uploading files using FTP but at the same time allowing users to download files through FTP.
Firewalls which can perform all three of these filters offer the highest level of protection from attacks, but
with the best of anything comes with a high price tag. The only noticeable difference between hardware and
software based firewalls are the prices of each and types of protection, local host versus network protection (port
blocking).

4
Debra Littlejohn Shinder, “Reviewing the History of Cybercrime,” Scene of the Cybercrime Computer Forensics Handbook,
(Syngress Media, 2002) 50.
5
Dr. Alan Solomon, “A Brief History of PC Virus,” Dr. Soloman History: 1986-1987 – The Prologue,
<http://www.cknow.com/vtutor/vt19867.htm>.
6
Frederic Avolio, “Firewalls and Internet Security, the Second Hundred (Internet) Years,” Cisco Publications – IPJ Issues,
<http://www.cisco.com/warp/public/759/ipj_2-2/ipj_2-2_fis1.html>.
7
Shinder, 395.

4
 “In reality, all firewalls are software based. The hardware devices sold as firewalls run proprietary that
performs basically the same functions as a software program”.8 Many firewalls today use a type of technology
known as data encryption, which prevents a hacker from obtaining important information from a computer or
network. Data encryption serves three purposes, authentication, which verifies if a user is allowed to access data on
the network, confidentiality, which keeps the data a secret, and integrity, which ensures the data does not change
during transport. Data encryption occurs in many applications whether someone realizes it or not, for example every
time a person logs on to a website that requires a password or every time someone sends an e-mail, data is being
encrypted. A fairly new technology that utilizes data encryption is wireless, for now wireless technologies only have
two main forms of protection, Wired Equivalent Privacy (WEP) and Virtual Private Networks (VPN), which utilize
encryption as the basis of securing information.
Another common type of software widely used today is antivirus software. Antivirus software protects
computers by one of two ways, watching any parts of the computer that might allow for a virus to enter, which is
known as on-access detection and the other method being on-demand detection, which is the scanning of a computer
regularly for known virus signatures (unique string of bytes that identifies the virus like a fingerprint).9
On-access detection or real time detection, works by constantly monitoring the files within a computer, for
example if file manipulation occurs due to a size change, renaming, or moving. On-demand detection, which is also
known as manual detection, allows a user to do a search of his or her entire computer at a convenient time, either
scheduled by the program or the user or at any one specific time a user wishes to scan the computer.
There are a vast number of vendors of antivirus software but the two main competitors for Windows
machines are Symantec and McAfee, which produce Norton Antivirus and McAfee VirusScan. These products are
available for purchase online and in stores or a free trial can be downloaded from websites such as download.com
(www.download.com), or the manufacturer’s website. For those who do not wish to pay for this software, there are
still limited amounts of antivirus software available online, one being AntiVir.
Speaking of download.com, currently the most popular download of the week ending on October 17, 2004
on the website is a program that protects against spyware, Ad-Aware SE Personal Edition version 1.05. Spyware and
spam have become a major problem in the past few years. Spyware secretly monitors people’s activities and
displays unwanted advertising and spam is the name given to the junk e-mail people receive in their e-mails.
According to mi2g.com (www.mi2g.com) the estimated spyware and virus damage so far in 2004, “is estimated to
lie between $157 billion and $192 billion worldwide”.10 Spyware and spam has become such a problem that the
federal government here in the United States is trying to regulate them.
In the December of 2003, President Bush signed the “Can-Spam” bill11 which contained a complex set of
rules to govern how companies may communicate using e-mail with existing and new customers. There was one
problem with this bill though, it did not entirely stop spam, but rather encouraged it as long as it was non-fraudulent
e-mails. Currently there is another bill in congress, The Spy Act, which are “dense regulations that specify what
software can and can't do and under what circumstances it must seek explicit permission from the user to proceed. It
covers activities such as taking control of a computer, modifying browser settings, installing a keystroke logger, and
bypassing antivirus software”.12
Besides the two aforementioned bills, there have actually been many other laws relating to the prevention
of computer crime. In 1986 The Computer Fraud and Abuse Act, twice amended, made it illegal when someone
“knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct,
intentionally causes damage without authorization, to a protected computer”.13 The first amendment to this act was
applied in 1994, with the Computer Abuse Amendment Acts to address the transmission of viruses and other
harmful code, and in 2001 to with the Patriot Act to extend the scope and penalties within the Computer Fraud and
Abuse Act. After the passing of the law, thousands of lawsuits have been filed against computer hackers, usually
resulting in jail time and/or hefty fines.

8
Shinder, 393.
9
“All About Antivirus Software,” Australian Consumers Association Choice, April 2004
<http://www.choice.com.au/viewArticle.aspx?id=104266&catId=100276&tid=100008&p=1>.
10
“$290 of Malware Damage Per Windows PC Worldwide in 2004,” mi2g, August 24, 2004
<http://www.mi2g.com/cgi/mi2g/press/240804.php>
11
Declan McCullagh, “Bush OKs spam bill--but critics not convinced,” C|NET News.com, December 16, 2003
<http://news.com.com/2100-1028_3-5124724.html?tag=nl>.
12
Declan McCullagh, “Anti-Spyware bill heads for House,” C|NET News.com, June 24, 2004
<http://news.com.com/2100-1028_3-5246876.html?tag=nl>.
13
“The Computer Fraud and Abuse Act,” 18 U.S.C. Sec. 1030 (5)(A)(i)

5
 In the summer of 2003 a different form of lawsuit was filed by the Recording Industry Association of
America (RIAA). The lawsuits were “against individuals accused by the music companies of illegal downloading
and sharing songs over the Internet”14 These lawsuits all belong to one of the most serious crimes today, copyright
infringement, or better known as piracy.
Piracy has been a growing concern of the entertainment and software industries because “the temptation to
reproduce copyrighted material for personal use, for sale at a lower price, or indeed, for free distribution, has proven
irresistible to many.15 According to the Business Software Alliance (BSA), companies lost a total of $29 billion due
to piracy.16 The increase in piracy is directly proportional to the amount of peer-to-peer programs that shared illegal
media over the Internet, the first being Napster which debuted in the fall of 1999.17 Currently the only form of piracy
prevention is in the form of lawsuits, which was why Napster was finally stopped in 2001 after a judge ordered the
shut down of the Napster servers. Due to the growing popularity of peer-to-peer file sharing at the time, the number
of people sharing illegal media increased. Soon after the closing of Napster other peer-to-peer software such as
Kazaa, Morpheus, audiogalaxy, etc. began to emerge. Today Kazaa is still standing strong mainly because the
lawsuits filed by the RIAA and MPAA (Motion Picture Association of America) are still pending.
All of the crimes that were previously mentioned had some relation with networks and the Internet, but an
often overlooked crime that poses a serious threat to everyone who owns a computer is theft. I do not mean theft as
in hacking into a computer and stealing information, but actually physically taking a computer component such as a
hard drive or even an entire computer. There are several main concerns when securing a computer:

• Controlling physical access to the servers.

• Controlling physical access to networked workstations
• Controlling physical access to the network devices.
• Controlling physical access to the cable.
• Being aware of security considerations with wireless media.
• Being aware of security consideration related to portable computers.
• Recognizing the security risk of allowing data to be printed.
• Recognizing the security risks involving diskettes, CD’s, tapes, and other removable media.18

Prevention of theft is easily done because there are so many devices that prevent a thief from stealing
computers. For example sliding panels on a desktop (Figure 2) or a laptop lock (Figure 3) for personal computers
and workstations.

Figure 2: Sliding door with lock

Source: http://www.pagecomputers.com/page/images/items/SP10F.jpg

14
“RIAA Lawsuit Orgy Underway,” Wired News, September 8, 2003
<http://www.wired.com/news/digiwood/0,1412,60341,00.html?tw=wn_story_related>.
15
Dr. Peter Grabowsky, “Computer Crime: A Criminological Overview,” April 15, 2000, 8
<http://www.aic.gov.au/conferences/other/grabosky_peter/2000-04-vienna.pdf>.
16
Thomas Hoffman, “BSA Pursuing 700 Software-Piracy Probes,” September 23, 2003
<http://www.pcworld.com/news/article/0,aid,117906,00.asp>.
17
“Napster.”, Wikipedia Encyclopedia: The Free Encyclopedia, <http://en.wikipedia.org/wiki/Napster>.
18
Shinder, 358.

6
Figure 3: Laptop Lock
Source: http://www.onthegopc.com/index.asp?PageAction=VIEWPROD&ProdID=7

IV. Future of Computer Crime Prevention

The future of computer crime prevention lies in the ability to prevent computer crime international and
determine the jurisdictions for prosecuting these cyber criminals. In an article by Dr. Peter Grabosky, a former
Director of Research at the Australian Institute of Criminology he states that “While international offending is by no
means a uniquely modern phenomenon, the global nature of cyberspace significantly enhances the ability of
offenders to commit crimes in one country which will affect individuals in a variety of other countries”19. For
example if a person in New York falls victim to a scam originating in China, very little will be done on either side
because of the rarity of global law enforcement.
In an attempt to solve the issue above, in September of 2004, a conference was held in France to encourage
other countries to fight computer crime internationally in an effort to fight against computer crimes such as fraud,
copyright, and child pornography. At this conference countries were encouraged to join the 30 other countries who
have already signed the Council of Europe's Cybercrime Convention.20 One noticeable fact from this article was that
the United States decline to sign this treaty because it
One question that keeps every legislator and law maker guessing is how to regulate the Internet? Since the
Internet has become such a large scale entity, it is difficult to regulate those who abuse it. The problem has now
scaled into an international affair. As an attempt to regulate cyberspace, the U.S. Government issued The National
Strategy to Secure Cyberspace21 in 2002, but was not signed by President Bush until January of 2003.22 According to
Robert Vamosi, the Senior Editor of CNET Reviews on cnet.com (www.cnet.com), “don't expect the plan to resolve
all our cyber security issues--or even come close”.23

19
Dr. Grabowsky, 16.
20
Dan Ilett, “Cybercrime summit urges international cooperation,” C|NET News.com, September 18, 2004
<http://news.com.com/2100-7348_3-5372664.html>.
21
“The National Strategy To Secure Cyberspace,” http://www.whitehouse.gov/pcipb/
22
Robert Vamosi, “Is your computer safer than it was four years ago?” C|NET Reviews, October 8, 2004
<http://reviews.cnet.com/4520-3513_7-5535979-1.html?tag=txt>.
23
Robert Vamosi, “Why the government's cybersecurity plan promises to disappoint,” C|NET Reviews,
September 12, 2002 <http://reviews.cnet.com/4520-3513_7-5021260-1.html?tag=txt>.

7
 V. Conclusion

In the near future, the future of computer crime prevention will depend on the development of wireless
communications and the security needed to protect the data traveling through this medium. It will be interesting to
see what forms of laws and regulations will come about in the next five to protect the privacy of the individual as
well as corporations because “Cyberspace programs must strengthen, not weaken, such protections.”24, which holds
true now and in the future.
Total prevention of all computer crime today is impossible. Technology, such as the Internet, is growing
way too fast for any one person or any current governing body to regulate it. So the best way to prevent computer
crime is by multi-layering several prevention methods and to be mindful of the possible dangers that you may face
in the near future. For example, workstations and servers should have firewalls to serve as the primary defense
against an attack, but if the criminal breaks through, the next line of defense could be some form of data encryption
software which protects the information within a computer by rendering data useless unless a key is used to decrypt
it because in today’s society the most secure computers are those with the most security software because when it
comes to computers, you can never be “too” safe.

24
“The National Strategy To Secure Cyberspace,” 54

8
 VI. Works Cited

“$290 of Malware Damage Per Windows PC Worldwide in 2004,” mi2g, August 24, 2004
<http://www.mi2g.com/cgi/mi2g/press/240804.php>

“All About Antivirus Software,” Australian Consumers Association Choice, April 2004
<http://www.choice.com.au/viewArticle.aspx?id=104266&catId=100276&tid=100008&p=1>.

Avolio, Frederic. “Firewalls and Internet Security, the Second Hundred (Internet) Years,” Cisco Publications – IPJ
Issues, <http://www.cisco.com/warp/public/759/ipj_2-2/ipj_2-2_fis1.html>.

“Computer Crime Prevention,” Computer Crime Prevention, <http://www.nrps.com/community/comprev.asp>.

Grabowsky, Peter, Ph.D. “Computer Crime: A Criminological Overview,” April 15, 2000, 8
<http://www.aic.gov.au/conferences/other/grabosky_peter/2000-04-vienna.pdf>.

Hoffman, Thomas. “BSA Pursuing 700 Software-Piracy Probes,” September 23, 2003
<http://www.pcworld.com/news/article/0,aid,117906,00.asp>.

“Home Computer and Internet Use in the United States: August 2000,” September 2001
<http://www.census.gov/prod/2001pubs/p23-207.pdf>.

Ilett, Dan “Cybercrime summit urges international cooperation,” C|NET News.com, September 18, 2004
<http://news.com.com/2100-7348_3-5372664.html>.

McCullagh, Declan. “Anti-Spyware bill heads for House,” C|NET News.com, June 24, 2004
<http://news.com.com/2100-1028_3-5246876.html?tag=nl>.

McCullagh, Declan. “Bush OKs spam bill--but critics not convinced,” C|NET News.com, December 16, 2003
<http://news.com.com/2100-1028_3-5124724.html?tag=nl>.

“Napster.”, Wikipedia Encyclopedia: The Free Encyclopedia, <http://en.wikipedia.org/wiki/Napster>.

“RIAA Lawsuit Orgy Underway,” Wired News, September 8, 2003

<http://www.wired.com/news/digiwood/0,1412,60341,00.html?tw=wn_story_related>.

Shinder, Debra L.. “Reviewing the History of Cybercrime,” Scene of the Cybercrime Computer Forensics
Handbook, (Syngress Media, 2002) 50.

Solomon, Alan, Ph. D. “A Brief History of PC Virus,” Dr. Soloman History: 1986-1987 – The Prologue,
<http://www.cknow.com/vtutor/vt19867.htm>.

“The Computer Fraud and Abuse Act,” 18 U.S.C. Sec. 1030 (5)(A)(i)

“The National Strategy To Secure Cyberspace,” <http://www.whitehouse.gov/pcipb/>.

“Three Out of Four Americans Have Access To the Internet, According to Nielsen//NetRatings,” March 18, 2004
<http://www.netratings.com/pr/pr_040318.pdf>.

Vamosi, Robert. “Is your computer safer than it was four years ago?” C|NET Reviews, October 8, 2004
<http://reviews.cnet.com/4520-3513_7-5535979-1.html?tag=txt>.

Vamosi, Robert. “Why the government's cybersecurity plan promises to disappoint,” C|NET Reviews,
September 12, 2002 <http://reviews.cnet.com/4520-3513_7-5021260-1.html?tag=txt>.

9
 VII. Biography

Joseph Wong is currently a student at SUNY Binghamton University working towards a Bachelors Degree
in Computer Science as well as a Masters in Business Administration. His current goal is to obtain a job within the
field of Information Technology. In his lifetime, he has owned about four desktop computer and one laptop,
beginning with a 33 MHz computer and currently a 1.6 Centrino notebook computer.

10