home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
LEGAL
/
COMPCRIM.TXT
< prev
next >
Wrap
Text File
|
1991-03-28
|
14KB
|
270 lines
February 1991
COMPUTER CRIMES:
AN ESCALATING CRIME TREND
By
William S. Sessions
Director
Federal Bureau of Investigation
Editor's note: This article is based on a speech given by
FBI Director William S. Sessions.
Artificial intelligence, laptops, PCs, vaxclusters, local
area networks, cobol, bits, bytes, viruses, and worms. Most
people recognize these words as computer terms. As computers
have become a vital part of the American way of life, computer
terminology has crept into the vernacular. There is no doubt
that computers touch every aspect of our lives. Well over 80
percent of daily financial transactions nationwide take place
via electronic funds transfers. However, many computer systems
are highly vulnerable to criminal attack. In fact, computer-
related crime costs American companies as much as $5 billion
per year.
When Clifford Stoll, an astrophysicist with an interest in
computers, described computer crime, he likened computer
networks to neighborhoods and small communities. He said cities
and towns are tied together by streets, roads, highways, and
interstates. Likewise, communities of computers are linked
through local, regional, and national networks. Rather than
transport food and equipment like highways do, computer networks
move ideas and information.
Unfortunately, just as American communities are threatened
with drugs and violent crime, this Nation's computer networks
are threatened as well. They are threatened by thieves robbing
banks electronically; they are threatened by vandals spreading
computer viruses; and they are even threatened by spies breaking
into U.S. military systems.
White-collar crimes in general--and computer crime in
particular--are often difficult to detect and even more
difficult to prosecute because many times they leave no
witnesses to question and no physical evidence to analyze. And,
because computer technology is such a rapidly evolving field,
law enforcement has not yet developed a clear-cut definition of
computer crime. Nevertheless, two manifestations of computer
crime are obvious: The first is crime in which the computer is
the vehicle or tool of the criminal, and second, crime in which
the computer and the information stored in it are the targets of
the criminal.
COMPUTERS AS CRIME TOOLS
When criminals use computers as their tools, the crimes
they engineer are essentially traditional crimes, such as
embezzlement, fraud, and theft, perpetrated by non-traditional
means. The criminal uses a computer as an instrument, like the
forger's pen or the terrorist's bomb.
The vast majority of computer-related crimes that the FBI
investigates falls into the category of using the computer as a
tool. For instance, if a team of FBI Agents in one of its 56
field offices uncovers information that a disgruntled employee
is tapping into a bank's computer to transfer funds illegally,
those Agents will probably open up a bank fraud and embezzlement
case and proceed from there.
COMPUTERS AS CRIME TARGETS
But what about the emerging crime trend that is unique to
computers--in which the computer is the target? This type of
crime occurs when a computer and the information it stores are
the targets of a criminal act committed either internally by
employees or externally by criminals. The external threat
usually involves the use of telecommunications to gain
unauthorized access to the computer system.
In its investigations, the FBI has determined three groups
of individuals involved in the external threat. The first, and
the largest, group consists of individuals who break into a
computer just to see if they can do it--without stealing or
destroying data. The next group breaks into computer systems to
destroy, disrupt, alter, or interrupt the system. Their actions
amount to malicious mischief because they do not attack the
system for financial gain, which is the motive of the last
group. This group constitutes a serious threat to businesses
and national security for these individuals are professionals
who use specialized skills to steal information, manipulate
data, or cause loss of service to the computer system.
MEASURES TAKEN AGAINST COMPUTER CRIME
Offenses committed through the use of computers include
thefts, destruction of property, embezzlement, larceny, and
malicious mischief, to name a few. For the most part, offenders
have been prosecuted under Federal statutes (1) to address those
particular crimes. However, to investigate and prosecute
computer crimes not adequately covered by existing U.S. Federal
laws, the Computer Fraud and Abuse Act was passed. One aspect of
that act made it a crime for an unauthorized person--the
hacker--to access a computer system.
In 1986, this law was amended and expanded in scope and
appears on the books as Title 18, U.S. Code, Section 1030. This
statute contains essentially five parts--computer espionage,
theft of financial information, trespass into U.S. Government
computers, trespass into "Federal interest computers" (2) with
intent to defraud, and trespass into a Federal interest computer
to alter or destroy information. Both the FBI and the U.S.
Secret Service have joint jurisdiction to enforce this statute.
However, the statutes in the new computer fraud and abuse cases
have seldom been interpreted by the courts. In fact, only 74
FBI cases with the computer as the target of the crime were
identified between August 1987, and December 1989.
CASE STUDY
One particular case that captured much media attention
demonstrated how complex and elusive computer crimes and
computer criminals can be. In November 1988, a Cornell
University graduate student designed the "Internet worm," a
malicious code that spread to several hundred computers and
affected the operations of several thousand U.S. Government,
military, education, and commercial computer systems. This
"worm" did not destroy data but caused massive disruption to
the Defense Department's Advanced Research Project Agency
Network and the computers connected to it.
Investigators from several FBI field offices identified the
man responsible for the attack, which attracted attention when
it overloaded the system's capacity in numerous locations. This
student was charged with devising and executing a computer
attack on approximately 6,200 computers connected to the Defense
Data Network. On July 26, 1989, he was indicted for violating
the Computer Fraud and Abuse Act, a felony that carries a
sentence of up to 5 years in prison. On January 22, 1990, a
jury in the Northern District of New York returned a verdict of
guilty. The student was ultimately sentenced to 3 years'
probation, 400 hours of community service, and a $10,000 fine.
This particular case raised many questions regarding the
long-range impact of "malicious code." Malicious code is the
general term for computer software designed to deliberately
circumvent established security mechanisms or to take advantage
of inadequate system policies or procedures. It is often
difficult to trace and is frequently not discovered until it is
too late to prevent the intended harm.
Computer viruses and computer worms are malicious codes
most frequently introduced into computer systems. Although some
viruses have been known to carry benign code, more often they
will have devastating effects, such as destroying files or
corrupting data.
EFFECTS OF COMPUTER CRIME
Computer hacking and the unleashing of viruses are not
harmless pranks. These products of comp