Sie sind auf Seite 1von 15

Computer crimes encompass unauthorized or illegal activities perpetrated via computer as well as the theft of computers and other

technological hardware. As firms of all sizes, industrial orientation, and geographic location increasingly rely on computers to operate, concerns about computer crime have also risen, in part because the practice appears to be thriving despite the concerted efforts of both the law enforcement and business communities to stop it. But computer experts and business consultants alike note that both international corporations and modest family-owned businesses can do a great deal to neutralize computer "viruses" and other manifestations of computer crime. Many analysts believe, however, that small business owners are less likely to take steps to address the threat of computer crime than are larger firms. Indeed, many small businesses admit that they are passive about the threat because of costs associated with implementing safeguards and the perception that computer "hackers" and other threats are far more likely to pick on bigger companies. But as Tim McCollum flatly stated in Nation's Business, "companies increasingly are falling prey to hackers, computer thieves, software viruses, and, in particular, unauthorized and often illegal activities by their own employees. In fact, chances are that sooner or later most companies will become victims of high-tech crime [and] when computer criminals strike, small-business victims can suffer relatively more than large corporations, whose bottom lines are more resistant to damage from any single theft of equipment or information." Indeed, computer crime statistics in the United States are sobering. In 2000, for instance, a study commissioned by the Federal Bureau of Investigation (FBI) indicated that 85 percent of business respondentswhich included companies of all sizes and orientationssaid that they had been victimized by at least one computer-related crime in the previous year. These crimes ranged from problems of epidemic proportions, such as virus infection, to less prevalent but still serious problems like Web site defacement, denial of service attacks, financial fraud, sabotage, and network break-ins. The financial losses associated with computer crime more than doubled between 1999 and 2000 to reach $265 million. Other experts offer similarly grim evaluations of the hardware theft problem. A computer-insurance company in Ohio called Safeware, for instance, estimated that American businesses lost $1.4billion in 1996 to the theft of computers.

The Birth of "hacking"

Early use of the term "hacker" was applied to computer hobbyists who spent their spare time creating video games and other basic computer programs. However, this term acquired a negative connotation in the 1980s when computer experts illegally accessed several high-profile databanks. Databases at the Los Alamos National Laboratory (a center of nuclear weapons research) and the Sloan-Kettering Cancer Center in New York City were among their targets. The introduction of relatively inexpensive personal computers and modems helped make this pastime affordable; the use of regular telephone lines as accessways made it possible. Over time, the designation "hacker" came to be associated with programmers and disseminators of computer viruses, and the public perception of hackers continues to be one of lone computer experts with a taste for mischief or mayhem. But "hacking" has come to encompass a wide range of other computer crimes as well, many of them primarily grounded in efforts to make money. Indeed, the vital information kept in computers has made them a target for corporate espionage, fraud, and embezzlement efforts.

Internal and External Threats

As criminologist and computer-insurance executive Ron Hale indicated to Tim McCollum of Nation's Business, one of the most unsettling facts about computer crime is that the greatest threat to information security for small businesses is their employees. As McCollum noted, "a company's employees typically have access to its personal computers and computer networks, and often they know precisely what business information is valuable and where to find it." The reasons for these betrayals are many, ranging from workplace dissatisfaction to financial or family difficulties. Computer crimes perpetrated by outsiders are a major threat too, of course, but whereas employees often abscond with sensitive information or attempt to benefit financially when engaging in illegal activities, outsiders are more likely to engage in behavior that is simply destructive (i.e., computer viruses). Some security experts believe that the continued threat of outside "hackers" is due at least in part to the growing number of employees who engage in "telecommuting" via modem and the swelling ranks of company networks hooked to the Internet. These connections can be used to infiltrate computer systems. The damage wreaked by outside intruders can be significant and wideranging. As Scott Charney, chief of the U.S. Justice Department's section on computer crime, told Nation's Business, many companies never find out that information has been stolen, while other businesses are heavily damaged by the incursion. Yet many companies do not report thefts and other

security breaches that they do discover because they fear that the publicity will result in a loss of prestige and/or business. VIRUSES. The most common outside threat to a business's computer network is the virus. Indeed, the National Computer Security Association (NCSA) estimated that in 1996, two out of three U.S. companies were affected by one or more of the estimated 16,000 computer viruses that were floating around the country at that time. "Viruses infect your machine by attaching themselves to programs, files, and start-up instructions," wrote Cassandra Cavanah in Entrepreneur. "There are two main types of computer viruses: macro and binary. Macro viruses are written to attack a specific program. Binary viruses are either actual programs designed to attack your data or attach themselves to program files to do similar destruction. Binary viruses are the ones to be concerned with; they can reformat your hard drive, wipe out data and stop your operating system from working. The best way to fight these bugs is to avoid thembut in today's word of Internet downloads and e-mail file exchanges, this is an impossible task." Luckily for small business owners, a wide variety of anti-virus software programs are available at computer stores and on the Internet (the latter can be downloaded).

Security Measures
Computer security is concerned with preventing information stored in or used by computers from being altered, stolen, or used to commit crimes. The field includes the protection of electronic funds transfers, proprietary information (product designs, client lists, etc.), computer programs, and other communications, as well as the prevention of computer viruses. It can be difficult to place a dollar value on these assets, especially when such factors as potential loss of reputation or liability issues are considered. In some cases (e.g., military and hospital applications) there is a potential for loss of life due to misplaced or destroyed data; this cannot be adequately conveyed by risk analysis formulas. The question most companies face, then, is not whether to practice computer security measures, but how much time and effort to invest. Fortunately, companies looking to protect themselves from computer crime can choose from a broad range of security options. Some of these measures are specifically designed to counter internal threats, while others are shaped to stop outside dangers. Some are relatively inexpensive to put in place, while others require significant outlays of money. But many security experts believe that the single greatest defense that any business can bring to bear is simply a mindset in which issues of security are of paramount concern. "Firewalls, security scanners, antivirus software, and other types of security technology aren't enough to prevent hightech crime," said Nation's Business. "Real prevention begins by formulating a company security policy that detailsamong other matterswhat information is valuable and how to protect it." PROTECTION FROM INTERNAL THREATS. Whereas big corporations typically have entire departments devoted to computer system management, small businesses often do not have such a luxury. "In a small business, the system administrator could be anyone from a secretary to the CEO," wrote Lynn Greiner in CMAThe Management Accounting Magazine."Whoever it is, you can almost guarantee it'll be a busy person who has the duties tacked on to his or her job description. And you can also almost guarantee that this unlucky soul will have few if any resources, and probably no training to help with the burden of keeping the corporate systems running. Fortunately, the technology has advanced to a level that allows administrators to ensure the stability and security of their computer systems, without spending too much time or money." Common-sense measures that can be taken by managers and/or system administrators to minimize the danger of internal tampering with computer systems include the following:

Notify employees that their use of the company's personal computers, computer networks, and Internet connections will be monitored. Then do it. Physical access to computers can be limited in various ways, including imposition of passwords; magnetic card readers; and biometrics, which verifies the user's identity through matching patterns in hand geometry, signature or keystroke dynamics, neural networks (the pattern of nerves in the face), DNA fingerprinting, retinal imaging, or voice recognition. More traditional site control methods such as sign-in logs and security badges can also be useful. Classify information based on its importance, assigning security clearances to employees as needed. Eliminate nonessential modems that could be used to transmit information.

Monitor activities of employees who keep odd hours at the office. Make certain that the company's hiring process includes extensive background checks, especially in cases where the employee would be handling sensitive information. Stress the importance of confidential passwords to employees.

PROTECTION FROM EXTERNAL THREATS. Small businesses also need to gird themselves against outside intruders. "As with employee crime, the best protection against attacks by outsiders are matters of common sense," said McCollum. "Companies can buy a technological barricade called a firewall and position it between their internal networks and external ones, but hackers often can get in anyway because the firewall hardware and software are poorly configured or are not activated. One way to avoid these problems is to pay outside experts to carry out these complex configuration and installation chores." Of course, good firewalls tend to be expensive (some cost $20,000 or more), but lower cost alternatives have made their way into the marketplace in recent years. The single greatest scourge from the outside is, of course, the computer virus. But business owners can do much to minimize the threat from viruses by heeding the following basic steps:

Install and use anti-virus software programs that scan PCs, computer networks, CDROMs, tape drives, diskettes, and Internet material, and destroy viruses when found. Update anti-virus programs on a regular basis. Ensure that all individual computers are equipped with anti-virus programs. Forbid employees from putting programs on their office computers without company approval. Make sure that the company has a regular policy of backing up (copying) important files and storing them in a safe place, so that the impact of corrupted files is minimized. Having a source of clean (i.e., uninfected by viruses) backup copies for data files and programs is as important as it is elementary.

A variety of sources exist to assist small business owners with virus protection and Internet security measures. For example, several Web sites provide free virus warnings and downloadable antivirus patches for Web browsers. The Computer Security Institute provides annual surveys on security breaches. Another useful resource is the National Computer Security Association, which provides tips on Internet security for business owners and supplies definitions of high-tech terms. Small businesses seeking to establish Internet security policies and procedures might begin by contacting CERT. This U.S. government organization, formed in 1988, works with the Internet community to raise awareness of security issues and organize the response to security threats. The CERT Web site posts the latest security alerts and also provides security-related documents, tools, and training seminars. Finally, CERT offers 24-hour technical assistance in the event of Internet security breaches. Small business owners who contact CERT about a security problem will be asked to provide their company's Internet address, the computer models affected, the types of operating systems and software used, and the security measures that were in place.

Hardware Theft
Although computer viruses and other high-tech threats cause the most dread within the business community, the most common type of computer crime actually involves the theft of computer hardware. Unfortunately, employees are often the culprits with this type of crime as well, especially if they work shifts after business hours. Other losses are attributed to outsiders who abscond with computers through elementary breaking-and-entering means. Security experts, though, say that companies can do a lot to cut down on such losses simply by maintaining accurate and up-to-date equipment inventories; locking up hardware that is not in use; locking computers and monitors to desks; and attaching electronic tags to computers. The latter device emits a radio-frequency signal that can activate video cameras or set off alarms when the computer is removed from the premises. Finally, companies should make sure that they purchase adequate insurance. Business travelers, meanwhile, need to keep a close eye on their notebook and desktop computers, which are highly coveted by thieves. Indeed, the allure of these portable computers is so great that thieves sometimes work in teams to get their hands on them. Airports and hotels are favorite haunts of thieves looking to make off with these valuable items. Security experts thus counsel business

travelers to be especially vigilant in high traffic areas, to carry computer serial numbers separately from the hardware, and to consider installing locks, alarms, or tracing software.

Non-Criminal Security Threats

Of course, not all threats to computer well-being come from parties with criminal intent. Savvy small business owners will make sure that their computersincluding data as well as hardwareare protected from environmental disaster (power surges, floods, blizzards, fires, etc.) and operator incompetence alike. Any computer security program should include elements that reflect an understanding of the basic environmental conditions a computer requires in order to operate properly. Ensuring that the system receives adequate power is paramount. Drops in voltage or blackouts can occur due to utility switching problems, stormy weather, or other difficulties at the utility company. In such instances, computers may lose unsaved data or fall victim to "disk crashes." Computer systems can also be endangered by sharp increases in voltage, known as "spikes," which can seriously damage hardware. A variety of voltage regulators, surge protectors, grounding techniques, and filters exist to combat these problems. In the 1990s, intense activity centered on the development of uninterruptible power systems that use storage batteries to ensure a smooth transition between power sources in the event of power failure. Local area networks as well as individual computers can be protected by these devices. Fire is another important threat to computer systems. Their susceptibility to fire damage is exacerbated by the flammability of paper supplies likely to be stored in close proximity. Plastics used in the manufacture of computers can produce explosive gases when exposed to high temperatures. Moreover, common fire prevention measures such as water sprinklers can further damage computers, especially if the computers are under active power. The use of fire-resistant construction materials, fire walls, vent closure systems, etc., are standard ways to mitigate the threat of fire. Carbon dioxide and Halon 1211 gas extinguishers are suitable for use near electronic equipment because they do not leave aresidue. Other physical security concerns include protection against excessive heat, humidity, and water, which can be introduced by flooding, burst pipes, and other unfortunate developments. Of course, computers and other electronic equipment also suffer damage from less dramatic sources, such as spilled coffee, airborne particles, and cigarette smoke, so coverings made of plastics and other materials have become standard in many firms that rely on computers. But these safeguards will be of little use in the face of more serious situations. Organizations vitally dependent on data processing facilities should prepare contingency plans for disasters such as hurricanes, earthquakes, or blizzards. Ideally, backup facilities should be located far enough away so that they will not be damaged along with the original system in the event of catastrophe.

Further Reading:
Avolio, Frederick M. "Building Internet Firewalls." Business Communications Review. January 1994. Belsie, Laurent. "Firewalls Help Protect Internet from Attack of the Hackers." Christian Science Monitor. April 29, 1994. Cavanah, Cassandra. "Get the Bugs Out: Cure Your Computer's Ills with Anti-Virus Software." Entrepreneur. September 1997. "Develop a Company Policy." Nation's Business. November 1997. Gibson, Stan. "Hacking: It's a Mad, Mad, Mad New World." eWeek. January 1, 2001. Greiner, Lynn. "Small Business: Managing Your System." CMAThe Management Accounting Magazine. September 1996. Karp, Josh. "Small Businesses Often Target of Cybercrime; Lack of IT Expertise Leads to Vulnerability." Crain's Chicago Business. February 19, 2001.

McCollum, Tim. "Computer Crime: The Era of Electronic Innocence Is Over." Nation's Business. November 1997. Morgan, Lisa. "Be Afraid Be Very AfraidMalicious Attacks Are on the Rise, and Trends Are Harder to Predict." Internet Week. January 8, 2001. Steffora, Ann, and Martin Cheek. "Hacking Goes Legit." Industry Week. February 7, 1994.

Read more:

The use of a computer to take or alter data, or to gain unlawful use of computers or services. Because of the versatility of the computer, drawing lines between criminal and noncriminal behavior regarding its use can be difficult. Behavior that companies and governments regard as unwanted can range from simple pranks, such as making funny messages appear on the computer screen, to the manipulation of funds or data producing millions of dollars in losses. Early prosecution of computer crime was infrequent and usually concerned embezzlement, a crime punishable under existing laws. The advent of more unique forms of abuse, such as computer worms and viruses and widespread computer hacking, has posed new challenges for government and the courts. The first federal computer crime legislation was the Counterfeit Access Device and Computer Fraud and Abuse Act (18 U.S.C.A. 1030), passed by Congress in 1984. The act safeguards certain classified government information and makes it a misdemeanor to obtain through a computer financial or credit information that federal laws protect. The act also criminalizes the use of computers to inflict damage to computer systems, including their hardware and software. In the late 1980s, many states followed the federal government's lead in an effort to define and combat criminal computer activities. At least twenty states passed statutes with similar definitions of computer crimes. Some of these states may have been influenced by studies released in the late 1980s. One report, made available in 1987 by the accounting firm of Ernst and Whinney, estimated that computer abuse caused between $3 billion and $5 billion in losses in the United States annually. Moreover, some of these losses were attributable to newer, more complicated crimes that usually went unprosecuted. One set of especially destructive crimes internal computer crimes includes acts in which one computer's program interferes with another computer, hindering its use, damaging data or programs, or causing the other computer to crash (to become temporarily inoperable). Two common types of such programs are known in programming circles as worms and viruses. Both of these cause damage to computer systems through the commands written by their author. Worms are independent programs that create temporary files and replicate themselves to the point where computers grow heavy with data, become sluggish, and then crash. Viruses are dependent programs that reproduce themselves through a computer code attached to another program, attaching additional copies of their program to legitimate files each time the computer system is started or when some other triggering event occurs. The dangers of computer worms and viruses gained popular recognition with one of the first cases prosecuted under the Computer Fraud and Abuse Act. In United States v. Morris, 928 F.2d 504 (1991), Cornell University student Robert T. Morris was convicted of violating a provision of the act that punishes anyone who, without authorization, intentionally accesses a "federal interest computer" and damages or prevents authorized use of information in such a computer, causing losses of $1,000 or more. Morris, a doctoral

candidate in computer science, decided to demonstrate the weakness of security measures of computers on the Internet, a network linking university, government, and military computers around the United States. His plan was to insert a worm into as many computers as he could gain access to, but to make sure the worm replicated itself slowly enough that it would not cause the computers to slow down or crash. However, Morris miscalculated how quickly the worm would replicate. By the time he released a message on how to kill the worm, it was too late: some six thousand computers crashed or became "catatonic" at numerous institutions, with estimated damages of $200 to $53,000 for each institution. Morris was sentenced to three years' probation and four hundred hours of community service, and fined $10,500. The Supreme Court refused to review the case (Morris, cert. denied, 502 U.S. 817, 112 S. Ct. 72, 116 L. Ed. 2d 46 [1991]). Morris's goal of attempting to prove a point through the clever manipulation of other computers is shared by computer hackers. Typically young, talented, amateur computer programmers, hackers earn respect among their peers by gaining access to varieties of information through telecommunications systems. The information obtained ranges from other individuals' E-mail or credit histories to the Defense Department's secrets. A high-profile case in 1992 captured national headlines. In what federal investigators called a conspiracy, five young members of an underground New York City gang of hackers, the Masters of Deception (MOD), faced charges that they had illegally obtained computer passwords, possessed unauthorized access devices (long-distance calling card numbers), and committed wire fraud in violation of the Computer Fraud and Abuse Act. Otto Obermaier, the U.S. attorney prosecuting the youths, described their activities as "the crime of the future," and said he intended to use the case to make a critical statement about computer crime. The indictment contained eleven counts, each punishable by at least five years in jail and individual fines of $250,000. Supporters of MOD's civil liberties, including the Washington, D.C.-based Electronic Frontier Foundation, questioned whether the gang members had done anything truly illegal. MOD members Paul Stira and Eli Ladopoulos pleaded guilty to the charges against them. They confessed that they had broken the law, but insisted that they had not done anything for personal profit. They were sentenced to six months in a federal penitentiary, followed by six months' home detention. John Lee and Julio Fernandez faced specific charges of illegally selling passwords for personal profit. Lee pleaded guilty and received a year behind bars followed by three hundred hours of community service. Fernandez bargained with prosecutors, offering them information on MOD activities, and thus received no jail time. Gang leader Mark Abene, notorious in computer circles by his handle Phiber Optik, pleaded guilty to charges of fraud. A New York judge sentenced Abene to a year in federal prison, hoping to send a message to other hackers. However, by the time Abene was released from prison in 1995, his notoriety had grown beyond the hacker underground. Many in the computer world hailed him as a martyr in the modern web of computer technology and criminal prosecution. Abene subsequently found employment as a computer technician at a New York-based on-line service. Computer crime can become an obsession. Such was the case for Kevin Mitnick, a man described by federal prosecutors prior to his arrest as the most wanted computer hacker in the world. In the early 1980s, as a teenager, Mitnick proved his mettle as a hacker by gaining access to a North American Air Defense terminal, an event that inspired the 1983 movie War Games. Like the MOD gang, Mitnick gained access to computer networks through telecommunications systems. In violation of federal law, he accessed private credit information, obtaining some twenty thousand credit numbers and histories. Other break-ins by Mitnick caused an estimated $4 million in damage to the computer operations of the Digital Equipment Corporation. The company also claimed that Mitnick stole more than a million dollars in software. Mitnick was convicted, sentenced to one year in a minimum-security prison, and then released into a treatment program for compulsive behavior disorders. Federal investigators tried to keep close track of him during his probation, but in November 1992, he

disappeared. Authorities regained his trail when Mitnick broke into the system of computer security expert Tsutomu Shimomura at the San Diego Supercomputer Center a move clearly intended as a challenge to another programming wizard. Shimomura joined forces with the Federal Bureau of Investigation to pursue their elusive quarry in cyberspace. Using a program designed to record activity in a particular database that they were sure Mitnick was accessing, while monitoring phone activity, Shimomura and authorities narrowed their search to Raleigh, North Carolina. A special device detecting cellular phone use ultimately led them to Mitnick's apartment. Mitnick was arrested and was charged on twenty-three federal counts. He plea bargained with prosecutors, who agreed to throw out twenty-two counts in exchange for Mitnick's guilty plea for illegally possessing phone numbers to gain access to a computer system. Mitnick was sentenced to eight months in jail. Mitnick's case illustrates the difficulties legislatures and courts face when defining and assigning penalties for computer crime. Using a computer to transfer funds illegally or to embezzle money is clearly a serious crime meriting serious punishment. Mitnick broke into numerous services and databases without permission and took sensitive information, behavior that violates federal laws; however, he never used the information for financial gain. This type of behavior typically has no counterpart outside of cyberspace for example, people do not break into jewelry stores just to leave a note about weak security. See: e-mail. Wikipedia on Computer crime

Computer crime, or cybercrime, refers to any crime that involves a computer and a network.[1] The computer may have been used in the commission of a crime, or it may be the target.[2] Netcrime refers to criminal exploitation of the Internet.[3] Such crimes may threaten a nations security and financial health.[4] Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nationstate is sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.[5]

o o o o o 1 Topology 1.1 Spam 1.2 Fraud 1.3 Obscene or offensive content 1.4 Harassment 1.5 Drug trafficking

o o o

1.6 Cyber terrorism 1.7 Cyber warfare 2 Documented cases 3 Combatting Computer Crime 4 See also 5 References 6 Further reading 7 External links 7.1 Government resources

Computer crime encompasses a broad range of activities. Generally, however, it may be divided into two categories: (1) crimes that target computers and directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.[citation needed] Crimes that primarily target computer networks or devices include: Computer viruses Denial-of-service attacks Malware (malicious code)

Crimes that use computer networks or devices to advance other ends include: Cyberstalking Fraud and identity theft Information warfare Phishing scams

Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.[6]

Main article: Computer fraud

Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss.[citation needed] In this context, the fraud will result in obtaining a benefit by: Altering computer input in an unauthorized way. This requires little technical

expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes; Altering, destroying, suppressing, or stealing output, usually to conceal

unauthorized transactions: this is difficult to detect; Altering or deleting stored data; Altering or misusing existing system tools or software packages, or altering or

writing code for fraudulent purposes. Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information. A variety of Internet scams target consumers direct.

Obscene or offensive content

The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal. Over 25 jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes. The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs. One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography.

Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying,cyber

stalking, harassment by computer, hate crime, Online predator, and stalking). Any comment that may be found derogatory or offensive is considered harassment.

Drug trafficking
Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology.Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away.

Cyber terrorism
Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them. Cyber terrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. As well there are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc. Cyberextortion is a form of cyberterrorism in which a website, e-mail server, or computer system is subjected to repeated denial of service or other attacks by malicious hackers, who demand money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in

order to keep the victim's name out of the domain. Perpetrators typically use a distributed denial-of-service attack.[7]

Cyber warfare
Main article: Cyber warfare The U.S. Department of Defense (DoD) notes that cyberspace has emerged as a nationallevel concern through several recent events of geo-strategic significance. Among those are included the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.[8]

Documented cases
One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.[9] A hacking group called the MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.[9] In 1983, a nineteen year old UCLA student used his PC to break into a Defense Department international communications system.[9] Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an on-going technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek re-runs in Germany; which was something which Newscorp did not have the copyright to allow.[10] On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and copy of the virus via e-mail to other people. In February 2000 a individual going by the alias of MafiaBoy began a series denial-of-service attacks against high profile websites, including Yahoo!,, Dell, Inc., E*TRADE, eBay, and CNN. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie

computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks. The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad".[11] It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with an individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the Storm botnet. On 2 March 2010, Spanish investigators busted 3[clarification needed] in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators. In August 2010 the international investigation Operation Delego, operating under the aegis of the Department of Homeland Security, shut down the international pedophile ring Dreamboard. The website had approximately 600 members, and may have distributed up to 123 terabytes of child pornography (roughly equivalent to 16,000 DVDs). To date this is the single largest U.S. prosecution of an international child pornography ring; 52 arrests were made worldwide.[12]

Combatting Computer Crime

A computer can be a source of evidence. Even when a computer is not directly used for criminal purposes, may contain records of value to criminal investigators.

See also
Computer trespass Cyber bullying Cyber defamation law Cyber terrorism Economic and Industrial Espionage Federal Bureau of Investigation (FBI) High Technology Crime Investigation Association Immigration and Customs Enforcement (ICE) Internet homicide

Internet stalking Internet suicide Internet War INTERPOL Legal aspects of computing List of convicted computer criminals Metasploit Project Online predator Organized crime Penetration test Personal jurisdiction over international defendants in the United States Police National E-Crime Unit United States Secret Service White collar crime


1. 2. 3. 4. 5.

^ Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer

Crime," Cleveland, Mississippi: Anderson Publishing. ^ Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: incident

response essentials. Addison-Wesley. pp. 392. ISBN 0201707195. ^ Mann and Sutton 1998: >>Netcrime: More change in the Organization of

Thieving. British Journal of Criminology; 38: 201-229. ^ Internet Security Systems. March-2005. ^ Ophardt, Jonathan A. "Cyber warfare and the crime of aggression: the

need for individual accountability on tomorrow's battlefield" Duke Law and Technology Review, February 23, 2010.

6. 7.

^ See, e.g., Telephone Consumer Protection Act of 1991, Do-Not-Call

Implementation Act of 2003, CAN-SPAM Act of 2003. ^ Lepofsky, J. (2006, June). Cyberextortion by denial-of-service attack.

Risk, Retrieved from %20DoS,%20Risk%20Magazine%20June%202006.pdf

8. 9.

^ "War is War? The utility of cyberspace operations in the contemporary

operational environment" U.S. Army War College, February 2010. ^

a b c

Weitzer, Ronald (2003). Current Controversies in Criminology. Upper

Saddle River, New Jersey: Pearson Education Press. pp. 150.


^ Mann, D. and Sutton, M. (1998) >>Netcrime: More Change in the

Organization of Thieving. British Journal of Criminology. 38:PP. 201229

11. 12.

^ "A walk on the dark side". The Economist. 2007-09-30. ^


Further reading
Balkin, J., Grimmelmann, J., Katz, E., Kozlovski, N., Wagman, S. & Zarsky, T.

(2006) (eds) Cybercrime: Digital Cops in a Networked Environment, New York University Press, New York. Brenner, S. (2007) Law in an Era of Smart Technology, Oxford: Oxford University

Press Csonka P. (2000) Internet Crime; the Draft council of Europe convention on cyber-

crime: A response to the challenge of crime in the age of the internet? Computer Law & Security Report Vol.16 no.5. Easttom C. (2010) Computer Crime Investigation and the Law Fafinski, S. (2009) Computer Misuse: Response, regulation and the law Cullompton:

Willan Grabosky, P. (2006) Electronic Crime, New Jersey: Prentice Hall McQuade, S. (2006) Understanding and Managing Cybercrime, Boston: Allyn &

Bacon. McQuade, S. (ed) (2009) The Encyclopedia of Cybercrime, Westport,

CT: Greenwood Press. Parker D (1983) Fighting Computer Crime, U.S.: Charles Scribners Sons. Pattavina, A. (ed) Information Technology and the Criminal Justice

System, Thousand Oaks, CA: Sage. Paul Taylor. Hackers: Crime in the Digital Sublime (November 3, 1999 ed.).

Routledge; 1 edition. pp. 200. ISBN 0415180724. Robertson, J. (2010, March 2). Authorities bust 3 in infection of 13m computers.

Retrieved March 26, 2010, from Boston News: Walden, I. (2007) Computer Crimes and Digital Investigations, Oxford: Oxford

University Press. Wall, D.S. (2007) Cybercrimes: The transformation of crime in the information

age, Cambridge: Polity. Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation

Online, Routledge, London.

Yar, M. (2006) Cybercrime and Society, London: Sage.

Read more: