Computer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime is criminal exploitation of the Internet, inherently a cybercrime. Dr. Debarati Halder and Dr. K. Jaishankar (2011) define Cybercrimes as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may threaten a nation’s security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Dr.Debarati Halder and Dr.K.Jaishankar(2011) further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "“Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones”.
Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyberwarfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.
A report (sponsored by McAfee) estimates the annual damage to the global economy at $445 billion; however, a Microsoft report shows that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US.
- 1 Classification
- 2 Documented cases
- 3 Combating computer crime
- 4 See also
- 5 References
- 6 Further reading
- 7 External links
Computer crime encompasses a broad range of activities.
Fraud and financial crimes
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
- Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
- Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
- Altering or deleting stored data;
Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching a computer-based attack against computers, networks, or the information stored on them.
Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. As well there are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attacks and to offer "protection". According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the public domain. Perpetrators typically use a distributed denial-of-service attack.
An example of cyberextortion was the attack on Sony Pictures of 2014.
The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included, the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.
Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require the technical knowledge of the perpetrators. These crimes are relatively new, having been in existence for only as long as computers have - which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet:
Crimes that primarily target computer networks or devices include:
Computer as a tool
When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline world. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool which increases his potential pool of victims and makes him all the harder to trace and apprehend.
Crimes that use computer networks or devices to advance other ends include:
- Fraud and identity theft (although this increasingly uses malware, hacking and/or phishing, making it an example of both "computer as target" and "computer as tool" crime)
- Information warfare
- Phishing scams
- Propagation of illegal obscene or offensive content, including harassment and threats
Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or, they may contain links to fake online banking or other websites used to steal private account information.
Obscene or offensive content
The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be legal.
The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs.
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyberbullying, cyberstalking, hate crime, online predator, stalking, and trolling). Any comment that may be found derogatory or offensive is considered harassment. Harassment targeting women and children in the internet also includes revenge pornography. Dr.Debarati Halder and Dr.K.Jaishankar (2013) defined online revenge pornography as "an act whereby the perpetrator satisfies his anger and frustration for a broken relationship through publicising false, sexually provocative portrayal of his/her victim, by misusing the information that he may have known naturally, and that he may have stored in his personal computer, or may have been conveyed to his electronic device by the victim herself, or may have been stored in the device with the consent of the victim herself; and which may essentially have been done to publicly defame the victim.".
There are instances where committing a crime, which involves the use of a computer, can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Manual §2G1.3(b)(3) for his use of a cell phone to “persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct.” Kramer argued that this claim was insufficient because his charge included persuading through a computer device and his cellular phone technically is not a computer. Although Kramer tried to argue this point, U.S. Sentencing Guidelines Manual states that the term computer "means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device."
Connecticut was the first state to pass a statute making it a criminal offense to harass someone by computer. Michigan, Arizona, and Virginia and South Carolina have also passed laws banning harassment by electronic means.
Harassment as defined in the U.S. computer statutes is typically distinct from cyberbullying, in that the former usually relates to a person's "use a computer or computer network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any suggestion or proposal of an obscene nature, or threaten any illegal or immoral act," while the latter need not involve anything of a sexual nature.
Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment), it does not include all types of speech. In fact spoken or written "true threat" speech/text is criminalized because of "intent to harm or intimidate", that also applies for online or any type of network related threats in written text or speech. The US Supreme Court definition of "true threat" is "statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group".
citation needed] to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The deep web site Silk Road was a major online marketplace for drugs before it was shut down by law enforcement (then reopened under new management, and then shut down by law enforcement again).[
The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away.
One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.
A hacking group called MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.
In 1983, a nineteen-year-old UCLA student used his PC to break into a Defense Department international communications system.
Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an ongoing technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek re-runs in Germany; which was something which Newscorp did not have the copyright to allow.
On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and a copy of the virus spread via e-mail to other people.
In February 2000, an individual going by the alias of MafiaBoy began a series denial-of-service attacks against high profile websites, including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks.
The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with an individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.
On 2 March 2010, Spanish investigators arrested 3[clarification needed] in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators.
In August 2010 the international investigation Operation Delego, operating under the aegis of the Department of Homeland Security, shut down the international pedophile ring Dreamboard. The website had approximately 600 members, and may have distributed up to 123 terabytes of child pornography (roughly equivalent to 16,000 DVDs). To date this is the single largest U.S. prosecution of an international child pornography ring; 52 arrests were made worldwide.
On March 1, 2011 at Lassiter High School, two students were accused of impersonation of a staff member via cybercrime, but both claimed they were uninvolved. The offense was made a felony in the Cobb County School District two months after the impersonation had happened. Shortly afterwards, the head of the LHS School Board said "The teacher just wouldn't do this at all". The case ended on May 9, and no evidence was found.
December 2012 Wells Fargo website experienced a denial of service attack. Potentially compromising 70 million customers and 8.5 million active viewers. Other banks thought to be compromised: Bank of America, J. P. Morgan U.S. Bank, and PNC Financial Services.
April 23, 2013 saw the Associated Press' Twitter account's hacking to release a hoax tweet about fictional attacks in the White House that left President Obama injured. This erroneous tweet resulted in a brief plunge of 130 points from the Dow Jones Industrial Average, removal of $136 billion from S&P 500 index, and the temporary suspension of their Twitter account. The Dow Jones later restored its session gains.
Combating computer crime
|This section requires expansion. (January 2015)|
Diffusion of Cybercrime
The broad diffusion of cybercriminal activities is an issue in computer crimes detection and prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC ISIS), technical expertise and accessibility no longer act as barriers to entry into cybercrime. Indeed, hacking is much less complex than it was a few years ago, as hacking communities have greatly diffused their knowledge through the Internet. Blogs and communities have hugely contributed to information sharing: beginners could benefit from older hackers’ knowledge and advice. Furthermore, Hacking is cheaper than ever: before the cloud computing era, in order to spam one needed a dedicated server, skills in server management, network configuration and maintenance, knowledge of Internet service provider standards, etc. By comparison, a mail software-as-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and could be easily set up for spam. Jean-Loup Richet explains that cloud computing could be helpful for a cybercriminal as a way to leverage his attack - brute-forcing a password, improve the reach of a botnet, or facilitating a spamming campaign.
A computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for criminal purposes, it may contain records of value to criminal investigators in the form of a logfile. In most countries Internet Service Providers are required, by law, to keep their logfiles for a predetermined amount of time. For example; a European wide directive (applicable to all EU member states) states that all E-mail traffic should be retained for a minimum of 12 months.
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries, such as the Philippines, laws against cybercrime are weak or sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain undetected. Even when identified, these criminals avoid being punished or extradited to a country, such as the United States, that has developed laws that allow for prosecution. While this proves difficult in some cases, agencies, such as the FBI, have used deception and subterfuge to catch criminals. For example, two Russian hackers had been evading the FBI for some time. The FBI set up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the United States by offering them work with this company. Upon completion of the interview, the suspects were arrested outside of the building. Clever tricks like this are sometimes a necessary part of catching cybercriminals when weak legislation makes it impossible otherwise.
President Barack Obama released in an executive order in April 2015 to combat cybercrime. The executive order allows the United States to freeze assets of convicted cybercriminals and block their economic activity within the United States. This is some of the first solid legislation that combats cybercrime in this way.
Penalties for computer related crimes in New York State can range from a fine and a short period of jail time for a Class A misdemeanor such as unauthorized use of a computer up to computer tampering in the first degree which is a Class C felony and can carry 3 to 15 years in prison.
However, some hackers have been hired as information security experts by private companies due to their inside knowledge of computer crime, a phenomenon which theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the internet or computers, even after they have been released from prison – though as computers and the internet become more and more central to everyday life, this type of punishment may be viewed as more and more harsh and draconian. However, nuanced approaches have been developed that manage cyberoffender behavior without resorting to total computer and/or Internet bans. These approaches involve restricting individuals to specific devices which are subject to computer monitoring and/or computer searches by probation and/or parole officers.
- Computer trespass
- Economic and Industrial Espionage
- Federal Bureau of Investigation (FBI)
- Immigration and Customs Enforcement (ICE)
- Internet homicide
- Internet stalking
- Internet suicide
- Internet War
- Legal aspects of computing
- List of computer criminals
- Metasploit Project
- Online predator
- Organized crime
- Penetration test
- Personal Jurisdiction over International Defendants in US Courts
- Police National E-Crime Unit
- Protected computer
- United States Secret Service
- White collar crime
- Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing.
- Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p. 392. ISBN 0-201-70719-5.
- David Mann And Mike Sutton (2011-11-06). "Netcrime". Bjc.oxfordjournals.org. Retrieved 2011-11-10.
- * Halder, D., & Jaishankar, K. (2011) Cyber crime and the Victimization of Women: Laws, Rights, and Regulations. Hershey, PA, USA: IGI Global. ISBN 978-1-60960-830-9
- "Cyber Warfare And The Crime Of Aggression: The Need For Individual Accountability On Tomorrow’S Battlefield". Law.duke.edu. Retrieved 2011-11-10.
- "Cyber crime costs global economy $445 billion a year: report". Reuters. 2014-06-09. Retrieved 2014-06-17.
- "Sex, Lies and Cybercrime Surveys" (PDF). Microsoft. 2011-06-15. Retrieved 2015-03-11.
- "#Cybercrime— what are the costs to victims - North Denver News". North Denver News. Retrieved 16 May 2015.
- "Future Crimes". Retrieved 8 March 2015.
- "Cyber Crime definition".
- "Save browsing". google.
- * Halder, D., & Jaishankar, K. (2013) Revenge Porn by Teens in the United States and India: A Socio-legal Analysis. International Annals of Criminology, 51(1-2), 85-111.
- "Revenge Porn by Teens in the United States and India: A Socio-Legal Analysis". Retrieved 16 May 2015.
- "2011 U.S. Sentencing Guidelines Manual § 2G1.3(b)(3)".
- "United States of America v. Neil Scott Kramer". Retrieved 2013-10-23.
- "South Carolina". Retrieved 16 May 2015.
- [dead link]
- "Section 18.2-152.7:1". Code of Virginia. Legislative Information System of Virginia. Retrieved 2008-11-27.
- Susan W. Brenner, Cybercrime: Criminal Threats from Cyberspace, ABC-CLIO, 2010, pp. 91
- Weitzer, Ronald (2003). Current Controversies in Criminology. Upper Saddle River, New Jersey: Pearson Education Press. p. 150.
- David Mann And Mike Sutton (2011-11-06). ">>Netcrime". Bjc.oxfordjournals.org. Retrieved 2011-11-10.
- "A walk on the dark side". The Economist. 2007-09-30.
- "DHS: Secretary Napolitano and Attorney General Holder Announce Largest U.S. Prosecution of International Criminal Network Organized to Sexually Exploit Children". Dhs.gov. Retrieved 2011-11-10.
- Salvador Rodriguez (June 6, 2012). "Like LinkedIn, eHarmony is hacked; 1.5 million passwords stolen". Los Angeles Times.
- Rick Rothacker (Oct 12, 2012). "Cyber attacks against Wells Fargo "significant," handled well: CFO". Reuters.
- DAVID K. LI (January 17, 2012). "Zappos cyber attack". New York Post.
- "AP Twitter Hack Falsely Claims Explosions at White House". Samantha Murphy. April 23, 2013. Retrieved April 23, 2013.
- "Fake Tweet Erasing $136 Billion Shows Markets Need Humans". Bloomberg. April 23, 2013. Retrieved April 23, 2013.
- Richet, Jean-Loup (2013). "From Young Hackers to Crackers". International Journal of Technology and Human Interaction 9 (1).
- Richet, Jean-Loup (2011). "Adoption of deviant behavior and cybercrime ‘Know how’ diffusion". York Deviancy Conference.
- Richet, Jean-Loup (2012). "How to Become a Black Hat Hacker? An Exploratory Study of Barriers to Entry Into Cybercrime.". 17th AIM Symposium.
- Data Retention (EC Directive) Regulations SI 2007/2199
- Kshetri, Nir. "Diffusion and Effects of Cyber Crime in Developing Countries".
- Northam, Jackie. "U.S. Creates First Sanctions Program Against Cybercriminals".
- Kenniff, Raiser. "New York Internet Crimes Laws".
- Computer fraud charges in New York. May 2011. Bukh Law Firm, PC - 14 Wall St, New York NY 10005 - (212) 729-1632. New York computer fraud lawyer
- Managing the Risks Posed by Offender Computer Use, Perspectives, December 2011,http://appaweb.csg.org/Perspectives/Perspectives_V35_N4_P40.pdf
- Bowker, Art (2012). The Cybercrime Handbook for Community Corrections: Managing Risk in the 21st Century. Springfield: Thomas. ISBN 9780398087289.
- Balkin, J., Grimmelmann, J., Katz, E., Kozlovski, N., Wagman, S. & Zarsky, T. (2006) (eds) Cybercrime: Digital Cops in a Networked Environment, New York University Press, New York.
- Bowker, Art (2012) "The Cybercrime Handbook for Community Corrections: Managing Risk in the 21st Century" Charles C. Thomas Publishers, Ltd. Springfield.
- Brenner, S. (2007) Law in an Era of Smart Technology, Oxford: Oxford University Press
- Csonka P. (2000) Internet Crime; the Draft council of Europe convention on cyber-crime: A response to the challenge of crime in the age of the internet? Computer Law & Security Report Vol.16 no.5.
- Easttom C. (2010) Computer Crime Investigation and the Law
- Fafinski, S. (2009) Computer Misuse: Response, regulation and the law Cullompton: Willan
- Glenny, Misha, DarkMarket : cyberthieves, cybercops, and you, New York, NY : Alfred A. Knopf, 2011. ISBN 978-0-307-59293-4
- Grabosky, P. (2006) Electronic Crime, New Jersey: Prentice Hall
- Halder, D., & Jaishankar, K. (2011) Cyber crime and the Victimization of Women: Laws, Rights, and Regulations. Hershey, PA, USA: IGI Global. ISBN 978-1-60960-830-9
- Jaishankar, K. (Ed.) (2011). Cyber Criminology: Exploring Internet Crimes and Criminal behavior. Boca Raton, FL, USA: CRC Press, Taylor and Francis Group.
- McQuade, S. (2006) Understanding and Managing Cybercrime, Boston: Allyn & Bacon.
- McQuade, S. (ed) (2009) The Encyclopedia of Cybercrime, Westport, CT: Greenwood Press.
- Parker D (1983) Fighting Computer Crime, U.S.: Charles Scribner’s Sons.
- Pattavina, A. (ed) Information Technology and the Criminal Justice System, Thousand Oaks, CA: Sage.
- Paul Taylor. Hackers: Crime in the Digital Sublime (November 3, 1999 ed.). Routledge; 1 edition. p. 200. ISBN 0-415-18072-4.
- Robertson, J. (2010, March 2). Authorities bust 3 in infection of 13m computers. Retrieved March 26, 2010, from Boston News: Boston.com
- Walden, I. (2007) Computer Crimes and Digital Investigations, Oxford: Oxford University Press.
- Rolón, Darío N. Control, vigilancia y respuesta penal en el ciberespacio, Latin American's New Security Thinking, Clacso, 2014, pp. 167/182
- Richet, J.L. (2013) From Young Hackers to Crackers, International Journal of Technology and Human Interaction (IJTHI), 9(3), 53-62.
- Wall, D.S. (2007) Cybercrimes: The transformation of crime in the information age, Cambridge: Polity.
- Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online, Routledge, London.
- Yar, M. (2006) Cybercrime and Society, London: Sage.
|The Wikibook The Computer Revolution has a page on the topic of: Computer Crime|
- Centre for Cyber Victim Counselling (CCVC)
- The American Society of Digital Forensics & eDiscovery - Cybercrime Information
- A Guide to Computer Crime from legal.practitioner.com
- International Journal of Cyber Criminology
- Virtual Forum Against Cybercrime
- High Technology Crime Investigation Association
- Computer Crime Research Center
- CyberCrime Asia Research Center - Information about computer crime, Internet fraud and CyberTerrorism in Asia
- Information and Research Center for Cybercrime Germany
- Cybercrime.gov from the United States Department of Justice
- National Institute of Justice Electronic Crime Program from the United States Department of Justice
- FBI Cyber Investigators home page
- US Secret Service Computer Fraud
- Australian High Tech Crime Centre
Indian raw agency research and analysis wing