Computer Crime

 Any criminal act

committed via
computer

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Computer Related Crime
 any criminal act in which a
computer is involved, however
peripherally

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cybercrime
 Any abuse or misuse of computer
systems which result in direct
and/or concomitant losses

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Traditional Problems
Associated With Computer
Crime
 While criminals have always displayed an
ability to adapt to changing technologies,
law enforcement agencies and government
institutions, bound by bureaucracy, have
not.
 Computer crime, in particular, has proven a
significant challenge to personnel for a
variety of reasons.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Traditional Problems
Associated with Computer
Crime
 Physicality and jurisdictional concerns
 Lack of communication b/w agencies
 Intangibility of physical evidence
 Inconsistency of law and community
standards
 Intangibility of evidence
 Cost/benefit to perpetrator

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Physicality and
Jurisdictional Concerns
 intangibility of activity and location are not provided for
by law – individuals sitting at their desk can enter
various countries without the use of passports or
documentation.
 vicinage – an element necessary for successful
prosecution requires the specification of the crime scene
(physical not virtual), i.e., “ Where did the crime actually
occur?” If a Citadel cadet from 4th Battalion illegally
transferred money from The Bank of Sicily to The Bank
of London, where did the crime occur? Which laws
apply?

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Jurisdiction
 Which agency is responsible for
the investigation of a particular
incident.
 Using the previous example, which
agency has primary jurisdiction
over the thief?

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Lack of communication
between agencies

i.e., traditional lack

of collaboration
further
compounded by
the introduction of
international
concerns

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Inconsistency of law and
community standards
 i.e., definitions of obscenity, criminality, etc. –
further complicated on the international level
where some societies may tolerate, or even
condone, certain behaviors

 Example: Antigua, Caracas, and the Dominican

Republic all challenge American sovereignty
over wagers placed by Americans through online
casinos and sports books

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Intangibility of evidence
 patrol officers unsure as to
recognition of evidence
 patrol officers unsure of method of
preservation of evidence

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost/benefit to perpetrator
 much less expensive AND the risk of
successful prosecution is slight
 do not need method of transportation
 do not need funds
 do not need storage capabilities
 are not labor intensive and can be
committed alone

 All these significantly decrease the risk to

the deviant and severely hamper law
enforcement efforts.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Perceived insignificance
and stereotypes


stereotypes of computer
criminals often involve
non-threatening, physically
challenged individuals (i.e.,
“computer geeks”)
 stereotypes of computer
crimes usually involve
hacking and improper use

        

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Prosecutorial Reluctance
Apathy (or perhaps laziness)
Lack of concern of constituents
Lack of cooperation in extradition requests
Victim’s reluctance to prosecute
Labor intensive nature of case preparation
Lack of resources for offender tracking

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Lack of Reporting
 Fortune 500 companies
have been electronically
compromised to the tune
of at least $10
Billion/year

 Although this number is

increasing, early studies
indicated that only 17%
of such victimizations
were reported to the
police.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Reasons for non-
reporting:
 Consumer confidence – must assure consumers that their
personal data is safe. (ex., Citibank)
 Corporate interests – do not want to lose control over their
investigation. They wish to control level of access and scope
of investigation. They naively believe that if criminal activity is
uncovered, they can simply report their findings to the police.
 Cost/benefit analysis – believe that the low likelihood of
enforcement and prosecution vs. the high likelihood of lost
consumer confidence is simply not worth it
 Jurisdictional uncertainty – many companies are unclear
as to which agency to report to.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Jurisprudential
inconsistency
 The Supreme
Court has denied
certiorari on the
vast majority of
cases, resulting in
a patchwork of
law across the
United States.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Lack of Resources

1. Traditional budget constraints

2. Nature of technology
3. Cost of training
4. Cost of additional personnel
5. Cost of hardware
6. Cost of software
7. Cost of laboratory
8. Inability to compete with private industry

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Traditional Budget
Constraints
 Law enforcement
has always been
significantly under
funded: the public
unwilling to
expend
community funds
on training,
personnel, and
technology.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Nature of technology
 Always changing
 requires perpetual training.
(ex. Wireless technologies
and emerging encryption
and steganography
programs are increasingly
common and have
complicated LE efforts)
 Thus, training soon
becomes obsolete

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost of Training

 Extremely expensive for example,

charges more than $1500 per
person. The cost of software
licenses and training.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost of additional
personnel
 For every officer transferred to
technology crime, another must be
recruited, hired, and trained to take
his/her place.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost of hardware
 equipment soon becomes
obsolete, precluding the purchase
of pricey components

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost of software
 Forensic software is extremely
expensive. Products by
Guidance Software, NTI, and
AccessData packages exceed
several hundred dollars for a
single license! Minimum
requirements include: data
duplication, data verification,
data capture, data recovery, data
preservation, and data analysis.
In addition, password cracking,
text searching, and document
viewing tools are needed.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Cost of laboratory
 Must find
appropriate,
unallocated
space within or
outside of the
department

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Inability to compete with
corporations


Individuals with forensic training

are highly prized by corporations.
Since they can afford to offer high
salaries and lucrative benefit
packages, they can successfully
lure officers into private practice.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Computers as targets
 Phreaking
 Viruses and worms
 Trojans and hacking
 Miscellaneous

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Phreaking
 phreaking – activity in which
telecommunications systems are
manipulated and ultimately
compromised – the precursor to
contemporary hacking

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Viruses and worms
 viruses and worms – increasingly
popular, they pose significant
concerns for individuals,
businesses, universities, and
governments. (ex. “Love Bug”
affected at least 45 million
computers and caused billions of
dollars in damages.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Trojans and hacking
 Tools for stealing data are readily
available for download from the
Internet (including, BackOrifice,
NetBus, and DeepThroat). Such
theft poses significant concern for
corporations and governments, as
trade secrets and public
infrastructures are at risk.

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Other Activities
 Software piracy, trafficking in
stolen goods, etc. (discussed in
detail in Chapter 4)

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Computers as
instruments
(discussed in detail in chapter 4)


a.      Embezzlement
b.      Stalking
c.       Gambling
d.      Child pornography
e.      Counterfeiting
f.        Fraud

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Computers as incidentals

 (discussed in detail in Chapter 4)

 a.      bookmaking
b.      narcotics trafficking
c.      homicide

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.
 Estimates of Computer
Crime
 Estimates of computer crime are poor at
best:
        Actual costs range from $15 to
$250 billion
        Businesses affected range from
25% to 99%
        More than ½ of businesses spend
5% or less of their IT budget on security.
        A 185% increase in KP cases in
one year!
 Estimated that one KP bulletin board was
accessed by over 250 users a day.
Computer Forensics and Cyber Crime PRENTICE HALL
Britz ©2004 Pearson Education, Inc.
 Extent of business
victimization
 25% of respondents detected external system
penetration
 27% detected denial of service
 79% detected employee abuse of Internet
privileges
 85% - detected viruses
 19% suffered unauthorized use
 19% reported 10 or more incidents
 35% reported 2-5 incidents
 64% of those acknowledging an attack
reported Web-site vandalism
 60% reported denial of service
 over 260 million dollars in damages were
reported by those with documentation

Computer Forensics and Cyber Crime PRENTICE HALL

Britz ©2004 Pearson Education, Inc.