Computer Crime

The illegal activities related to computers and computer

networks are usually classified as computer crime.
The computer can be involved either actively
(computer-assisted crime), when the computer is
used to commit the crime (computer sabotage and
hacking), or passively (computer-related crime),
when the computer is used indirectly to commit the
crime (e.g., record data for an illegal weapon
dealing). Some computer crimes are transformations
of old crimes, such as espionage, theft, fraud and
sabotage; others are entirely new kinds of crimes,
such as trespassing in computer networks,
cyberterrorism, and computer sabotage
Non-Reported Computer Crime
 Fear of bad publicity and reputation
 Lack of confidence that the authorities will apprehend the
computer criminals
 Lack of specialised personnel to investigate computer crimes
 Ignorance of rights
 Ignorance of who is in charge in these cases
 Publicising computer crime will bring new ideas and methods
of attacks
 Prosecutions are expensive, investigations are time-
consuming and the sentences often light
 The existing laws are monolithic to computer technology, and
most juries do not regard computer crimes as serious crimes
because jury members in general lack the technical
knowledge necessary to appreciate the severity of the crime
Computer Abuse

Computer abuse: the use of computer systems

to perform irresponsible or unacceptable acts
such as sending electronic messages with
offensive language or pornographic material
and spam (unsolicited or illegal electronic
messages sent automatically to bulk
recipients, usually for advertisement).
Who are the computer criminals?

Computer criminals can be either

insiders or outsiders. Where
insiders are individuals coming
from within the company or the
organisation where the criminal
act takes place, such as
employees, managers,
supervisors, computer staff,
clerks and cashiers, outsiders
such as skilful hackers and
terrorist groups have no direct
relationship with the place of
crime.
Motivations

Computer criminals are usually driven by the

desire to
 win easy money
 steal goods
 to enjoy themselves by fooling the system
 to sabotage other people and machines
 to take revenge for personal reasons
 to perform acts of terrorism
 to produce propagandistic messages and
revolutionary actions.
Targets

The usual victims of

computer criminals
are
 Big companies
 Institutions
 Organisations
 Governments
Computer Fraud

Computer fraud includes any technique aimed at manipulating

information within a computer system for the purpose of
illicit gain. It is divided into computer-related fraud, in which
the computer is used unintentionally to commit the fraud,
and computer-assisted fraud, in which the computer is used
actively to commit the fraud. Computer fraud involve:
 theft of money (e.g., unauthorised transfer of payments to
different accounts);
 theft of information (e.g., retrieval of data from databases for
illegal use);
 theft of goods (e.g., redirection of goods to wrong
destinations); and
 theft of services (e.g., illegal use of a cable TV channel)
Forms of Computer Fraud
 ATM fraud: the fraudster uses automated teller machines
 EFT fraud: the fraudster uses the Electronic Fund Transfer system
(EFT)
 EDI fraud: the fraudster uses the Electronic Data Interchange
system (EDI)
 Credit card fraud: the fraudster steals the credit card number and
the owner’s authentication.
 Telecommunication fraud: involves (1) long distance phone fraud
and (2) mobile phone fraud. The latter is also known as cloning.
 Cable TV fraud: the fraudster decodes illegally the signal of a cable-
TV channel.
 Telemarketing fraud: the fraudster redirects telemarketing goods to
wrong addresses or sells fake telemarketing products to
unsuspecting customers.
 Internet Stock fraud: the fraudster pretends to be an investment
expert.
Hackers and Hacking

Skilful programmers, usually referred to as

intruders or hackers, can gain unauthorised
access, or break-in, to computers and
computer networks. Hackers can either act
directly, by penetrating the system
themselves, or indirectly, by embedding a
destructive program within the system that
causes serious damage or problems to the
machine.
Categories
 Hacker is just to a skilful programmer who is obsessive about
programming
 Cracker is a person who gains unauthorised access to a
computer system for malicious purposes
 Phreak (‘phone’, ‘free’, and ‘freak’) is a person that gains
illegal access to telephone services and use these services to
satisfy individual goals.
 Cypherpunker is an intruder who wishes to create new regions
of privacy where ‘the system’ will not be able to invade.
 Hactivist is the use of hacking by hackers for political purposes
such as promoting a political cause or spreading anti-war
messages via the Web.
Kevin Mitnick

The most typical example a hacker

persona is that of Kevin Mitnick. He
was accused of hacking the
computer systems of international
companies such as Motorola and
Nokia and governmental agencies
such as the North American
Aerospace Defence Command and
the FBI. He was arrested by the FBI
in September 1995 and remained in
prison until January 2000. He was
under supervision until January
2003, and during this period he was
prohibited in the use of any
telecommunication technology
 Cyberpunk

The rebellious personality of a

hacker is actually portrayed in
the cyberpunk movement. The
term cyberpunk was made
famous by William Gibson’s
bestselling novel Neuromancer
(published in 1984). A
cyberpunker is a fictitious
countercultural personality of a
rebellious hacker who lives in a
high-tech future, within a
dystopian and dehumanised
society integrated by computers
and computer networks.
Hacking Techniques
 Piggybacking: the hacker invades a computer system by
pretending to be a legitimate user of the network.
 Scavenging: the hacker searches through stray data for clues
that might unlock the secrets of a targeted computer system. A
similar technique is known as dumpster diving, wherein the
hacker searches electronic garbage in order to find discarded
documentation that may include user names and passwords.
 Password guessing: the hacker aims just to crack the
password.
 Autodialing: the hacker systematically dials with his/her
computer until answered by the computer on the other side of
the line.
 Zapping: The hacker penetrates a computer system by
unlocking the master key to its program, then self-destroying it
by activating its own emergency program.
Computer Sabotage

The computer saboteurs create

tiny but destructive programs
that cause serious hardware
and/or software problems in a
computer system, such as
deleting files in the hard disk,
destabilising the computer
system, clogging up mail servers
by sending fake e-mails to the
address found in the address
book of the victim, and stealing
information from the computer of
the victim and sending this
information back to the saboteur.
Viruses

Viruses: By analogy to a ‘biological virus’, a ‘computer

virus’ is a self-replicating program reproduced by
attaching executable copies of itself to other
programs. The effects of a virus may range from
irritating messages to complete destruction of the
system. A virus cannot run independently. The most
common type of viruses are: (1) boot sector
viruses: infects the system boot and spreads
whenever the system is loaded; (2) e-mail viruses:
spread through e-mail attachments; and (3) macro
viruses: spread through documents that contain
macros—programming instructions that perform
automated tasks.
Worms

Worms: A worm is a virus-like program that makes copies of

itself across network connections, seeking uninfected
workstations in which to reproduce. In contrast to a
computer virus, a worm program can travel independently
through different hosts and resides more in the computer
memory of a system rather than on disk. The aim of a
typical worm is through continued reproductions to cause
disk or memory overload throughout the network.
Inevitably, the network freezes and the system has to be
reloaded; this process causes complete loss of memory
data that have not been saved on disk. On the other
hand, the consequences of a worm are not as destructive
as that of a virus. A worm is a memory virus; thus it can
be removed by shutting down the infected system.
Trojan Horses

Trojan Horses: A Trojan horse is a destructive program

disguised to appear as something benign. The name of
this malicious program comes from the famous wooden
horse of the Trojan War that the Greeks left as a gift to
the Trojans. The horse was full of Greek armed forces
that caused the fall of Troy from when released into the
city at the right moment. Likewise, the electronic version
of the Trojan horse resides in the code of a program until
the moment of its activation. The conditions of activation
are determined by the computer programmer who
designed the program. A Trojan horse is usually posted
through the Internet disguised as a harmless program,
game, or utility. Trojan horses are also used to exchange
secret information between hackers. Some Trojan horses
release other malicious programs such as viruses or
worms.
Bombs

Logic Bombs and Time Bombs: Logic Bombs and Time

Bombs are kinds of Trojan horses. A Logic Bomb inserts
secretly into a system and causes a destructive action
when a certain logical event or a sequence of events
happens (i.e., if program x runs, then do destructive
action y). Similarly, a Time Bomb is triggered after a
particular time-related event (i.e., if program x runs after
date y, then do the destructive action z). Frequently, a
logic bomb or a time bomb is an act of vengeance. For
example, a programmer who is unfairly removed from his
or her post may plant a time bomb to be triggered after
the date of his or her removal.
Spyware

Spyware: A spyware is a type of

surveillance program that is inserted
into a computer system in order to
monitor, store, and analyse the
electronic transmissions of the system.
A spyware is not itself a destructive
program. In some cases, spywares are
used for security reasons.
Fighting Computer Crime

Three different approaches are

suggested to prevent computer
crime:
(1) computer security and
management;
(2) appropriate legislation, policies,
and standards; and
(3) education and moral awareness.