Preventing Computer Crime

Computer crimes need to be prevented and halted thought increased computer network security measures as well as tougher laws and enforcement of those laws in cyberspace:

Computer crime is generally defined as any crime accomplished through special knowledge of computer technology. All that is required is a personal computer, a modem, and a phone line. Increasing instances of white-collar crime involve computers as more businesses automate and information becomes an important asset. Computers are objects of crime when they or their contents are damaged, as when terrorists attack computer centers with explosives or gasoline, or when a “computer virus”–a program capable of altering or erasing computer memory–is introduced into a computer system. As subjects of crime, computers represent the electronic environment in which frauds are programmed and executed; an example is the transfer of money balances in accounts to perpetrators’ accounts for withdrawal. Computers are instruments of crime when used to plan or control such criminal acts as complex embezzlements that might occur over long periods of time, or when a computer operator uses a computer to steal valuable information from an employer.

Computers have been used for most kinds of crime, including fraud, theft, larceny, embezzlement, burglary, sabotage, espionage, murder, and forgery, since the first cases were reported in 1958. One study of 1,500 computer crimes established that most of them were committed by trusted computer users within businesses; persons with the requisite skills, knowledge, access, and resources. Much of known computer crime has consisted of entering false data into computers, which is simpler and safer than the complex process of writing a program to change data already in the computer. With the advent of personal computers to manipulate information and access computers by telephone, increasing numbers of crimes–mostly simple but costly electronic trespassing, copyrighted-information piracy, and vandalism–have been perpetrated by computer hobbyists, known as “hackers,” who display a high level of technical expertise. For many years, the term hacker defined someone who was a wizard with computers and programing. It was an honor to be considered a hacker. But when a few hackers began to use their skills to break into private computer systems and steal money, or interfere with the system’s operations, the word acquired its current negative meaning. Organized professional criminals have been attacking and using computer systems as they find their old activities and environments being automated.

There are not a large number of valid statistics about the extent and results of computer crime. Victims often resist reporting suspected cases, because they can lose more from embarrassment, lost reputation, litigation, and other consequential losses than from the acts themselves. Limited evidence indicates that the number of cases is rising each year, because of the increasing number of computers in business applications where crime has traditionally occurred. The largest recorded crimes involving insurance, banking, product inventories, and securities have resulted in losses of tens of millions to billions of dollars–all facilitated by computers. Conservative estimates have quoted $3 billion to $100 billion as yearly losses due to computer hackers. These losses are increasing on a basis equivalent to the number of computers logged on to networks, which is almost an exponential growth rate. The seriousness of cybercrimes also increases as the dependency on computers becomes greater and greater.Crimes in cyberspace are becoming more and more popular for several reason. The first being that computers are become more and more accessible; thus are just become another tool in the arsenal of tool to criminals. The other reason that computer crimes are becoming more and more common are that they are sometimes very profitable. The average computer crime nets a total of $650,000 (American, 1991 standards); more than seventy-two times that of the average bank robbery.

Today’s Techno bandits generally fall one of three groups, listed in the order of the threat they pose:

1. Current or former computer operations employees.

2. Career criminals who use computers to ply their trade.

3. The hacker.

Outsiders who break into computer systems are sometimes more of a threat, but employees and ex-employees are usually in a better position to steal. Because we rely more and more on computers, we also depend on those who make them and run them. The U.S. Bureau of Labor Statistics projects that the fastest growing employment opportunities are in the field computers and data-processing. Since money is a common motive for those who use their computing know-how to break the law, losses from computer theft are expected to grow as the number of computer employees rises.

The following are examples of how employees that work on computers can gain profit at the employer’s expense:

In 1980, two enterprising ticket agents for TransWorld Airlines (TWA) discovered how to make their employer’s computer work for them. The scam went like this: When a passenger used cash to pay for a one-way ticket, Vince Giovengo sent in the credit change form, which should have been discarded. He kept the receipt should have been given to the costumer for paying cash. Samuel Paladina, who helped board passengers, kept the part of the traveler’s ticket that should have been returned to the costumer. The two agents used computers to reassemble the ticket from the pieces they had. They then marked the ticket void, and kept the cash the traveler had paid. The swindle was finally discovered by another employee who questioned the large number of voided tickets, only after approximately $93,000 was taken.

The two TWA employees were tried in the United States and were convicted of federal wire fraud in the United States. They each received six months in prison as a result of their crime. The penalty they had to pay should have been much, much higher, in order to prevent computers from being used in crimes in the future. This is true for not just the United States and Canada, but for every country in the world.

Another computer heist, one of the largest ever, involved several highly placed employees of the Volkswagen car company of West Germany. In 1987 the company discovered that these “loyal” workers had managed to steal $260 million by re- programming the computers to disguise the company’s foreign currency transactions. The workers that committed the crime received 10 years in Germany’s prison system; not nearly as harsh as if they had stolen the money through non-computerized means. This sets an example that computer crimes are easy to execute, and are punished very lightly. This will evoke a downward spiral; leading to more and more computer crimes.

For career criminals, computers represent a new medium for their illegal actions. Computers only enhance the speed and quality of the crimes. Now the professional criminals can steal or commit almost any other crime they want, simply by the means of typing directions into the computer. Computers are quickly being added to the list of the tools of crime.

Hackers often act in groups. The actions of several groups of hackers, most notable are the Masters of Deception (MOD) and the Legion of Doom, have been exposed in the media recently. These groups and most malicious hackers are involved in computer crime for the profit available to them. Individual hackers are often male teenagers. They comprise the majority of the computer criminals, although they do pose a major threat to society’s computer uses.

Computer criminals have various reasons for doing what they do. The main reason computer crimes are being committed on the large scale that they are is mainly for the profit. As earlier stated, the average computer crime nets more than seventy-two times that of the average bank robbery. This is seen for many skilled computer operators as a opportunity to make some quick profit. Cybercrimes are usually only committed by people that would not commit any other type of crime. This shows that the chances of getting caught and punished are perceived as very low, a view that must be changed.

Some hackers feel that it is their social responsibly to keep the cyberspace a free domain, without authorities. This is accomplished by sharing information, and removing the concept of property in cyberspace. Therefore, they feel that it is proper to take information and share it. In their minds, they have committed no crime, but from the victim’s eyes, they deserve to be punished.

Other hackers think that it is a challenge to read other’s files and see how far they can penetrate into a system. It is pure enjoyment for these hackers to explore a new computer network. It becomes a challenge to gain access to strange, new networks. They often argue that they are only curious and cause no harm by merely exploring, but that is not always the case.

Where did my homework files go? Who is making charges to my credit card?

Sounds like someone is out for revenge. Computer have become a modern day tool for seeking revenge. Here is an example: A computer system operator was fired from CompuServe (a major Internet provider) and by the next day his former manager’s credit card numbers had been distributed to thousands of people via electronic bulletin boards. The manager’s telephone account had been charged with thousands of long-distance phone calls, and his driver’s license had been issued with hundreds of unpaid tickets. This shows the awesome power of a knowledgeable hacker.

Also, these hackers try to maintain free services. Some of these free services include Internet access, and long distance telephone access.

Banks and brokerage houses are major targets when stealing money is the objective, because of their increased reliance on electronic funds transfer (EFT). Using EFT, financial institutions and federal and provincial governments pass billions of dollars of funds and assets back and forth over the phone lines every day. The money transferred from bank to bank or account to account, is used by sending telephone messages between computers. In the old days,( Before] C. [computers], transferring money usually involved armored cars and security guards. Today, the computer operators simply type in the appropriate instructions and funds are zipped across telephone lines from bank A to bank B. These codes can be intercepted by hackers and used to gain credit card numbers, ATM and personal identification numbers, as well as the actual money being transferred. With the ATM and credit card numbers, they have access to all the money in the corresponding accounts.

The act of changing data going into a computer or during the output from the computer is called “data diddling”. One New Jersey bank suffered a $128,000 loss when the manager of computer operations made some changes in the account balances. He transferred the money to accounts of three of his friends.

“Salami slicing” is a form of data diddling that occurs when an employee steals small amounts of money from a large number of sources though the electronic changing of data (like slicing thin pieces from a roll of salami). For example, in a bank, the interest paid into accounts may routinely be rounded to the nearest cent. A dishonest computer programmer may change the program so that all the fractions of the cents left over go into his account. This type of theft is hard to detect because the books balance. The sum of money can be extremely large, when taken from thousands of accounts over a period of time.

“Phone Phreaks” were the first hackers. They are criminals that break into the telephone system though many various mean to gain free access to the telephone network. Since telephone companies use large and powerful computers to route their calls, they are an oblivious target to hackers.

Stealing information in the form of software (computer programs) is also illegal. Making copies of commercial software, for re-sale or to give to others is a crime. These types of crime represent the largest growing area of computer crime. In one case, a group of teenagers pretending to be a software firm, sold $350,000 dollars’ worth of stolen software to a Swiss electronics company.

While most hackers claim curiosity and a desire for profit as motives for cracking computer systems, a few “dark-side hackers” seem to intentionally harm others. For these individuals, computers are convenient tools of wickedness. One crazed hacker broke into the North American Air Defense computer system and the U.S. Armies MASNET computer network. While browsing the files, officials say, he had the ability to launch missiles at the USSR. This could have led the nuclear war, and possibly the destruction of the world.

There are more than 1200 bugs out there, and the infections spread put the victim out of action until the healing process begins (if there is a healing process). This may sound like a description of the common cold or flu virus, except that the virus does not attack people. This bug is made by human hands and it attacks computers. It is spread though shared software, almost as easily as a sneeze, and it can be every bit as weakening as the flu. Around the world on March 6, 1992, computer users reported for work only to find that their computers didn’t work. The machines had “crashed” due to Michelangelo. This was a computer virus that was set to destroy all infected computers because it was set to go off on the renaissance artist’s 517th birthday. Approximately 10,000 computers were hit world-wide. The virus disabled the computers causing millions of dollars’ worth of down-time and lost data.

Computer crimes are becoming more and more dangerous. New laws and methods of enforcement need to be created; the evidence is above. An effort is being made by governments, but it is not enough. The problem is an international affair, and should be treated as such.

Current Canadian laws are some of the most lenient in industrialized counties. They were also in place much later than other countries put their laws about computer crime into effect, when compared to the United States and Japan. The Criminal Law Amendment Act, 1985 included a number of specific computer crime-related offences. Now, for the first time, Canadian law enforcement agencies can lay charges relating to cybercrime. The following text is an excerpt from the Martin’s Annual Canadian Criminal Code, 1995 edition:

326. (1) every one commits theft who fraudulently, maliciously, or without colour of right,

(b) Uses any telecommunication facility or obtains any telecommunication service.

(2)In this section and section 327, “telecommunication” means any

transmission, emission or reception of signs, signals, writing, images or sounds or intelligence of any nature by wire, radio, visual, or any other electro-magnetic system.

342. 1 (1) everyone who, fraudulently and without colour of right,

(a) Obtains, directly or indirectly, any computer service,

(b) by means if an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, or

(c) Uses or causes to be used, directly or indirectly, a computer system with intent to commit and offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty to an offence punishable on summary conviction. 430. (1.1) every one commits mischief who willfully

(a) Destroys or alters data;

(b) renders data meaningless, useless or ineffective;

(c) Obstructs, interrupts or interferes with any person in the lawful use of data; or

(d) Obstructs, interrupts of interferes with the lawful use of data or denies access to data to any person who is entitled to access thereto.

These Canadian are already outdated, and they are only eleven years old.

They need to be amended to include stiffer penalties. At the time of the creation of the laws in 1985, they were deemed adequate, because computers crimes were not looked upon as a serious issue with far-reaching effects. In 1996, computer crime has become a damaging and dangerous part of life. It is now necessary to revamp these laws to include young offenders.

The young people committing some of these crimes have very detailed knowledge of computer systems and computer programing. If they can handle this type of knowledge, and commit these crimes, they should be able to foresee the consequences of their actions. Most young hackers feel that they are bright, and therefore should be able understand the results of their actions on other’s computers and computer systems. The laws should treat these young offenders like adults, because they realize what they are doing is wrong, and should suffer the consequences.

Some of the computer crimes listed in the criminal code are only summary offences; thus are not considered very serious. This spreads the message to hackers that the crimes are not serious, but they are. Since the hackers don’t view the crimes as serious, they are likely to commit more of them. If the consequences of breaking any laws referring to computer crime were made tougher, hackers would realize what they are doing is wrong. They will also see other hackers being charged with offences under the criminal code and figure out that they may be next on the list to be punished for their actions.

Not only do these laws need to be made tougher, they need to be enforced consistently. The Authorities must from all countries must have a conference to discuss the need for consistent enforcement of the law referring to computer crime. This is because computer crimes are truly international. A hacker in Canada may break into a bank in Switzerland. Does the criminal get punished by the laws of the U.S. or by the laws of Switzerland? This needs to be decided upon.

The authorities must have special operations to stop computer crimes, just as they do for drug trafficking. Much time must be devoted to stopping these crimes, before it leads to disaster. The problem is getting out of hand and the public must actively participate in cooperation with the authorities in order to bring the problem under control.

Security is one matter that we can take into our own hands. Until new laws are created and enforced, it is up to the general computer-using public to protect themselves. The use of passwords, secure access multiport and common sense can prevent computer crimes making victims of us all.

Passwords can add a remarkable amount of security to a computer system. The cases where pass words have been cracked are rare. Included with the password program must be an access restriction accessory. This limits the number of guesses at a password to only a few tries, thus effectively eliminating 98% of intruders.

Secure access multiport (SAM’s) are the best protection against computer crime making a victim out of a computer user. When joining a network, the user calls in and enters password and access code. The user is then disconnected from the network. If the network recognizes the user as a valid one, it will call the user back and allow him/her to log on. If the user was invalid, the network will not attempt to re-connect with the user (see figure 1). This prevents unwanted persons from logging on to a network.

Common sense is often the best defense against computer crime. Simple things like checking and disinfecting for viruses on a regular basis, not sharing your password or giving out your credit card number on online services (ie: Internet). Also, employers can restrict access employees have to computers at the place of employment. This would dissipate most computer crimes executed by employees.

If new laws and enforcement of those law are not soon established, along with heightened security measures, the world will have a major catastrophe as a result of computer activity. The world is becoming increasingly dependent on computers, and the crimes committed will have greater and greater impact as the dependency rises. The possible end of the world was narrowly averted, but was caused by a computer crime. The United States defense computer system was broken into, and the opportunity existed for the hacker to declare intercontinental nuclear war; thus leading to death of the human race. Another event like this is likely to occur if laws, enforcement of the laws and security of computers are not beefed up. The greatest creation of all time, the computer, should not lead the destruction of the race that created it.