Computer Crime

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more. Additionally, although the terms computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used. As the use of computers has grown, computer crime has become more important. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.[1] Computer crime issues have become high-profile, particularly those surrounding hacking, copyright infringement through warez, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

Contents • •

• •

1 Generally 2 Specific computer crimes o 2.1 Spam o 2.2 Fraud o 2.3 Obscene or offensive content o 2.4 Harassment o 2.5 Drug trafficking o 2.6 Cyberterrorism 3 Documented cases 4 Applicable laws o 4.1 United States o 4.2 Canada o 4.3 United Kingdom o 4.4 Australia o 4.5 Malaysia o 4.6 Pakistan o 4.7 Singapore o 4.8 Latin America o 4.9 Venezuela

•

4.10 India 4.11 Others 5 External links o 5.1 Government resources 6 See also

•

7 References

o o

•

Generally Computer crime encompass a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories: (1) crimes that target computer networks or devices directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device. Examples of crimes that primarily target computer networks or devices would include, • • •

Malware and malicious code Denial-of-service attacks Computing viruses

Examples of crimes that merely use computer networks or devices would include, • • • •

Cyber stalking Fraud and identity theft Phishing scams Information warfare

A common example is when a person starts to steal information from sites, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed. A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators.

Specific computer crimes Spam

Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful to varying degrees. As applied to email, specific anti-spam laws are relatively new, however limits on unsolicited electronic communications have existed in some forms for some time.[2]

Fraud Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss.[citation needed] In this context, the fraud will result in obtaining a benefit by: •

• • •

altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes; altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect; altering or deleting stored data; or altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.

Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information(Csonka, 2000)

Obscene or offensive content The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal. Many jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes. The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs.

Harassment Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, cyber

stalking, harassment by computer, hate crime, Online predator, and stalking). Any comment that may be found derogatory or offensive is considered harassment.

Drug trafficking Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.

Cyberterrorism Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. There is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them. Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. At worst, cyberterrorists may use the Internet or computer resources to carry out an actual attack. As well there are also hacking activities directed towards individuals, families, organised by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.

Documented cases • •

The Yahoo! website was attacked at 10:30 PST on Monday, 7 February 2000. The attack lasted three hours. Yahoo was pinged at the rate of one gigabyte/second. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks on Amazon.com, eBay, Dell Computer, Outlaw.net, and Yahoo. MafiaBoy had also attacked other websites, but prosecutors decided that a total of 66 counts was enough. MafiaBoy pleaded not guilty.

•

•

About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks. In 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and copy of the virus via e-mail to other people.

Applicable laws Note: This list is illustrative and not exhaustive.

United States •

Access Device Fraud. 18 U.S.C. § 1029. Fraud and related activity in connection with access devices.

•

Computer Fraud and Abuse Act. 18 U.S.C. § 1030--Fraud and related activity in connection with computers.

•

CAN-SPAM ACT. 15 U.S.C. § 7704. Controlling The Assault of Non-Solicited Pornography and Marketing Act of 2003.

•

Extortion and Threats. 18 U.S.C. § 875. EXTORTION and THREATS. Interstate communications.

•

Identity Theft and Assumption Deterrence Act of 1998. 18 U.S.C. § 1028. Fraud and related activity in connection with identification documents, authentication features, and information.

•

Wire Fraud. 18 U.S.C. § 1343. Fraud by wire, radio, or television.

•

No Electronic Theft ("NET") Act. 17 U.S.C. § 506. Criminal Offenses. (criminal copyright infringement)

•

Digital Millennium Copyright Act of 1998 (DMCA) . 17 U.S.C. § 1201. Circumvention of copyright protection systems.

•

Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq]. (STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS)

•

Trade Secrets Act. 18 U.S.C. § 1832. Theft of trade secrets.

• •

Economic Espionage Act. 18 U.S.C. § 1831-Economic Espionage. US Computer Crime Laws by State

Canada • • •

Criminal Code of Canada, Section 342.1. Unauthorized Use of Computer. Criminal Code of Canada, Section 184. Interception of Communications Computer Crime in Canada

United Kingdom • • • • • •

• • •

The Computer Misuse Act 1990 (chapter 18.) The Regulation of Investigatory Powers Act 2000 (chapter 23.) The Anti-terrorism, Crime and Security Act 2001 (chapter 24.) The Data Protection Act 1998 (chapter 29.) The Fraud Act 2006 (chapter 35.) Potentially the Forgery and Counterfeiting Act 1981 (chapter 45) may also apply in relation to forgery of electronic payment instruments accepted within the United Kingdom. The CMA was recently amended by the Police and Justice Act 2006 (chapter 48) The Privacy and Electronic Communications (EC Directive) Regulations 2003 (Statutory Instrument 2003 No. 2426.) See also the UK Internet Rights web site and the All Party Internet Group report on recommended amendments to the CMA.

Australia • • •

Cybercrime Act 2001 (Commonwealth) Crimes Act 1900 (NSW): Part 6, ss 308-308I. Criminal Code Act Compilation Act 1913 (WA): Section 440a, Unauthorised use of a computer system Criminal Code 1899 (Qld), section 408D(i); Criminal Code 1924 (Tas), section 257D

Malaysia •

Computer Crimes Act 1997 (Act 563)

Pakistan • •

Prevention of Electronic Crimes Ordinance 2007 Electronic Transactions Ordinance 2002

Singapore •

Computer Misuse Act 1993 (Chapter 50A)

Latin America

•

Cybercrime Legislation and Policy Reports in Latinamerican countries (in Spanish)

Venezuela •

Special Computer Crimes Act (Ley Especial de Delitos Informáticos, In Spanish) ] India

•

INFORMATION TECHNOLOGY ACT 2000 Online

Others • • • • •

Council of Europe Convention on Cybercrime Global Survey of Cybercrime Law Unauthorized Access Penal Laws in 44 Countries Convention on Cybercrime ITU Global Cybersecurity Agenda

External links •

• • • • • • • • • • • • • • • • •

Johanna Granville “Dot.Con: The Dangers of Cyber Crime and a Call for Proactive Solutions,” Australian Journal of Politics and History, vol. 49, no. 1. (Winter 2003), pp. 102–109. Cyber Crime Ciberdelincuencia.Org Cybercrime legislation and policy in Latin-America (in Spanish) High Technology Crime Investigation Association Cybercrime - High Tech crime JISC Legal Information Service A Guide to Computer Crime Practitioner.Com Criminal Justice Resources - Cybercrime Cybercrime NYLS Cybertelecom :: Crime European Convention on Cybercrime Computer Crime Research Center - Daily news about computer crime, Internet fraud and cyber terrorism CyberCrime Asia Research Center - Information about computer crime, Internet fraud and cyberterrorism in Asia Cyber Crime Law - News and commentary on preventing, detecting, and prosecuting computer crimes Annual e-Crime Conference Serving Europe & International corporations E-crime and computer evidence conference (first held in 2005 - now an annual event) - The Legal Framework - Unauthorized Access to Computer Systems - Cybercrime Law - Computer Crimes, Ronald B. Standler

Government resources • • • • • • •

• • • • •

Cybercrime.gov US Department of Justice CCIPS Australian High Tech Crime Centre U.S. Department of Justice National Institute of Justice Electronic Crime Program US CERT United States Computer Emergency Readiness Team (US-CERT) FBI Cyber Investigations Home Page US Secret Service Computer Fraud On Guard OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. http://www.cybercrime.gov - U.S. Department of Justice cybercrime web site ID Theft one-stop national resource to learn about the crime of identity theft FindLaw Computer Crime RCMP Computer Crime Prevention Royal Canadian Mounted Police Australian Computer Abuse Research Bureau (ACARB) introduction to computer abuse concepts

See also • • • • •

Computer trespass Internet homicide Internet suicide Online predator ITU Global Cybersecurity Agenda

References Wikipedia.com