Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more. Additionally, although the terms computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used. As the use of computers has grown, computer crime has become more important.
Computer crime can broadly be defined as criminal
activity involving an information technology infrastructure, including illegal
access (unauthorized access), illegal interception (by technical means of
non-public transmissions of computer data to, from or within a computer
system), data interference (unauthorized damaging, deletion, deterioration,
alteration or suppression of computer data), systems interference (interfering
with the functioning of a computer system by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer data), misuse of
devices, forgery (ID theft), and electronic fraud.[1]
Computer crime issues have become high-profile,
particularly those surrounding hacking, copyright infringement through warez, child
pornography, and child grooming. There are also problems of privacy when confidential
information is lost or intercepted, lawfully or otherwise.
|
Generally
Computer crime encompass a broad range of potentially
illegal activities. Generally, however, it may be divided into one of two types
of categories: (1) crimes that target computer networks or devices directly;
(2) crimes facilitated by computer networks or devices, the primary target of
which is independent of the computer network or device.
Examples of crimes that primarily target computer
networks or devices would include,
- Malware
and malicious code
- Denial-of-service
attacks
- Computing
viruses
Examples of crimes that merely use computer networks or
devices would include,
- Cyber
stalking
- Fraud and
identity theft
- Phishing scams
- Information
warfare
A common example is when a person starts to steal
information from sites, or cause damage to, a computer or computer
network. This can be entirely virtual in that the information only exists
in digital form, and the damage, while real, has no physical consequence other
than the machine ceases to function. In some legal systems, intangible property
cannot be stolen and the damage must be visible, e.g. as resulting from a blow
from a hammer. Where human-centric terminology is used for crimes relying on natural
language skills and innate gullibility, definitions have to be modified to
ensure that fraudulent behavior remains criminal no matter how it is committed.
A computer can be a source of evidence. Even
though the computer is not directly used for criminal purposes, it is an
excellent device for record keeping, particularly given the power to encrypt
the data. If this evidence can be obtained and decrypted, it can be of great
value to criminal investigators.
Specific computer crimes
Spam
Spam, or the unsolicited sending of bulk email for commercial
purposes, is unlawful to varying degrees. As applied to
email, specific anti-spam laws are relatively new, however limits on
unsolicited electronic communications have existed in some forms for some time.[2]
Fraud
Computer fraud is any dishonest misrepresentation of fact
intended to induce another to do or refrain from doing something which causes
loss.[citation needed] In this
context, the fraud will result in obtaining a benefit by:
- altering
computer input in an unauthorized way. This requires little technical
expertise and is not an uncommon form of theft by employees altering the
data before entry or entering false data, or by entering unauthorized
instructions or using unauthorized processes;
- altering,
destroying, suppressing, or stealing output, usually to conceal
unauthorized transactions: this is difficult to detect;
- altering
or deleting stored data; or
- altering
or misusing existing system tools or software packages, or altering or
writing code for fraudulent purposes. This requires real programming
skills and is not common.
Other forms of fraud may be facilitated using computer
systems, including bank fraud, identity
theft, extortion,
and theft of
classified information(Csonka, 2000)
Obscene or offensive content
The content of websites and other electronic
communications may be distasteful, obscene or offensive for a variety of
reasons. In some instances these communications may be illegal.
Many jurisdictions place limits on certain speech
and ban racist, blasphemous,
politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes.
The extent to which these communications are unlawful
varies greatly between countries, and even within nations. It is a sensitive
area in which the courts can become involved in arbitrating between groups with
entrenched beliefs.
Harassment
Whereas content may be offensive in a non-specific way,
harassment directs obscenities and derogatory comments at specific individuals
focusing for example on gender, race, religion, nationality, sexual
orientation. This often occurs in chat rooms, through newsgroups, and by
sending hate e-mail to interested parties (see cyber
bullying, cyber stalking, harassment by computer, hate crime,
Online
predator, and stalking). Any comment that may be found derogatory or
offensive is considered harassment.
Drug trafficking
Drug traffickers are increasingly taking advantage of the
Internet to sell their illegal substances through encrypted e-mail and other
Internet Technology. Some drug traffickers arrange deals at internet
cafes, use courier Web sites to track illegal packages of pills, and swap
recipes for amphetamines in restricted-access chat rooms. The rise in Internet
drug trades could also be attributed to the lack of face-to-face communication.
These virtual exchanges allow more intimidated individuals to more comfortably
purchase illegal drugs. The sketchy effects that are often associated with drug
trades are severely minimized and the filtering process that comes with
physical interaction fades away. Furthermore, traditional drug recipes were
carefully kept secrets. But with modern computer technology, this information
is now being made available to anyone with computer access.
Cyberterrorism
Government officials and Information Technology security specialists
have documented a significant increase in Internet problems and server scans
since early 2001. There is a growing concern among federal officials[who?] that such intrusions
are part of an organized effort by cyberterrorists,
foreign intelligence services, or other groups to map potential security holes
in critical systems. A cyberterrorist is someone who intimidates or coerces a
government or organization to advance his or her political or social objectives
by launching computer-based attack against computers, network, and the
information stored on them.
Cyberterrorism in general, can be defined as an act of
terrorism committed through the use of cyberspace or computer resources (Parker
1983). As such, a simple propaganda in the Internet, that there will be bomb
attacks during the holidays can be considered cyberterrorism. At worst,
cyberterrorists may use the Internet or computer resources to carry out an
actual attack. As well there are also hacking activities directed towards
individuals, families, organised by groups within networks, tending to cause
fear among people, demonstrate power, collecting information relevant for
ruining peoples' lives, robberies, blackmailing etc.
Documented cases
- The
Yahoo! website was attacked at 10:30 PST on Monday, 7 February 2000. The
attack lasted three hours. Yahoo was pinged at the rate of one
gigabyte/second.
- On 3 August 2000, Canadian federal prosecutors charged MafiaBoy
with 54 counts of illegal access to computers, plus a total of ten counts
of mischief to data for his attacks on Amazon.com,
eBay, Dell Computer, Outlaw.net, and Yahoo. MafiaBoy had also attacked
other websites, but prosecutors decided that a total of 66 counts was
enough. MafiaBoy pleaded not guilty.
- About
fifty computers at Stanford University, and also computers at
the University of California at Santa Barbara, were amongst the zombie
computers sending pings in DDoS attacks.
- In 26 March 1999, the Melissa worm infected a document on a
victim's computer, then automatically sent that document and copy of the
virus via e-mail to other people.
Applicable laws
United States
- Access
Device Fraud. 18 U.S.C. § 1029.
Fraud and related activity in connection with access devices.
- Computer Fraud and Abuse Act. 18 U.S.C. § 1030--Fraud
and related activity in connection with computers.
- CAN-SPAM
ACT. 15 U.S.C. § 7704.
Controlling The Assault of Non-Solicited Pornography and Marketing Act of
2003.
- Extortion
and Threats. 18 U.S.C. § 875.
EXTORTION and THREATS. Interstate communications.
- Identity
Theft and Assumption Deterrence Act of 1998. 18 U.S.C. § 1028.
Fraud and related activity in connection with identification documents,
authentication features, and information.
- No
Electronic Theft ("NET") Act. 17 U.S.C. § 506.
Criminal Offenses. (criminal copyright infringement)
- Digital
Millennium Copyright Act of 1998 (DMCA) . 17 U.S.C. § 1201.
Circumvention of copyright protection systems.
- Electronic Communications
Privacy Act, 18 U.S.C. § 2701, et
seq]. (STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS
ACCESS)
- Economic
Espionage Act. 18 U.S.C. § 1831-Economic
Espionage.
- US
Computer Crime Laws by State
Canada
- Criminal Code of Canada, Section
342.1. Unauthorized
Use of Computer.
- Criminal Code of Canada, Section 184. Interception of
Communications
- Computer
Crime in Canada
United Kingdom
- The Computer Misuse Act 1990 (chapter
18.)
- The Regulation of
Investigatory Powers Act 2000 (chapter 23.)
- The Anti-terrorism, Crime
and Security Act 2001 (chapter 24.)
- The Data Protection Act 1998 (chapter
29.)
- The Fraud
Act 2006 (chapter 35.)
- Potentially
the Forgery
and Counterfeiting Act 1981 (chapter 45) may also apply in relation to
forgery of electronic payment instruments accepted within the United
Kingdom.
- The CMA
was recently amended by the Police and Justice Act 2006
(chapter 48)
- The Privacy
and Electronic Communications (EC Directive) Regulations 2003
(Statutory Instrument 2003 No. 2426.)
- See also
the UK
Internet Rights web site and the All
Party Internet Group report on recommended amendments to the CMA.
Australia
- Cybercrime
Act 2001 (Commonwealth)
- Crimes
Act 1900 (NSW): Part 6, ss 308-308I.
- Criminal
Code Act Compilation Act 1913 (WA): Section 440a, Unauthorised use of
a computer system Criminal Code 1899 (Qld), section 408D(i); Criminal
Code 1924 (Tas), section 257D
Malaysia
Pakistan
Singapore
Latin America
Venezuela
- Special Computer Crimes
Act (Ley Especial de Delitos Informáticos, In Spanish) ] India
Others
- Council
of Europe Convention on Cybercrime
- Global Survey of
Cybercrime Law
- Unauthorized Access
Penal Laws in 44 Countries
- Convention on Cybercrime
- ITU Global Cybersecurity Agenda
External links
- Johanna
Granville “Dot.Con:
The Dangers of Cyber Crime and a Call for Proactive Solutions,” Australian
Journal of Politics and History, vol. 49, no. 1. (Winter 2003), pp.
102–109.
- Cyber
Crime
- Ciberdelincuencia.Org
Cybercrime legislation and policy in Latin-America (in Spanish)
- High Technology
Crime Investigation Association
- Cybercrime -
High Tech crime JISC Legal Information Service
- A Guide to Computer
Crime Practitioner.Com
- Criminal
Justice Resources - Cybercrime
- Cybercrime NYLS
- Cybertelecom :: Crime
- European
Convention on Cybercrime
- Computer
Crime Research Center - Daily news about computer crime, Internet
fraud and cyber terrorism
- CyberCrime
Asia Research Center - Information about computer crime, Internet
fraud and cyberterrorism in Asia
- Cyber
Crime Law - News and commentary on preventing, detecting, and
prosecuting computer crimes
- Annual e-Crime Conference Serving
Europe & International corporations
- E-crime and computer evidence
conference (first held in 2005 - now an annual event)
- - The Legal
Framework - Unauthorized Access to Computer Systems
- - Cybercrime Law
- - Computer Crimes,
Ronald B. Standler
Government resources
- Cybercrime.gov
US Department of Justice CCIPS
- Australian
High Tech Crime Centre
- U.S.
Department of Justice National Institute of Justice Electronic Crime
Program
- US CERT
United States Computer Emergency Readiness Team (US-CERT)
- FBI Cyber
Investigations Home Page
- US
Secret Service Computer Fraud
- On Guard OnGuardOnline.gov
provides practical tips from the federal government and the technology
industry to help you be on guard against Internet fraud, secure your
computer, and protect your personal information.
- http://www.cybercrime.gov
- U.S.
Department of Justice cybercrime web site
- ID Theft one-stop national
resource to learn about the crime of identity theft
- FindLaw
Computer Crime
- RCMP Computer Crime
Prevention Royal Canadian Mounted Police
- Australian
Computer Abuse Research Bureau (ACARB) introduction to computer abuse
concepts
See also
ITU Global Cybersecurity Agenda
No comments:
Post a Comment