A report discussing the proposition that computer crime has increased dramatically over the last 10 years.
Computer crime is generally defined as any crime accomplished through special knowledge of computer technology. Increasing instances of white-collar crime involve computers as more businesses automate and the information held by the computers becomes an important asset. Computers can also become objects of crime when they or their contents are damaged, for example when vandals attack the computer itself, or when a "computer virus" (a program capable of altering or erasing computer memory) is introduced into a computer system.
As subjects of crime, computers represent the electronic environment in which frauds are programmed and executed; an example is the transfer of money balances in accounts to perpetrators' accounts for withdrawal. Computers are instruments of crime when they are used to plan or control such criminal acts. Examples of these types of crimes are complex embezzlements that might occur over long periods of time, or when a computer operator uses a computer to steal or alter valuable information from an employer.
Variety and Extent
Since the first cases were reported in 1958, computers have been used for most kinds of crime, including fraud, theft, embezzlement, burglary, sabotage, espionage, murder, and forgery. One study of 1,500 computer crimes established that most of them were committed by trusted computer users within businesses i.e. persons with the requisite skills, knowledge, access, and resources. Much of known computer crime has consisted of entering false data into computers. This method of computer crime is simpler and safer than the complex process of writing a program to change data already in the computer.
Now that personal computers with the ability to communicate by telephone are prevalent in our society, increasing numbers of crimes have been perpetrated by computer hobbyists, known as "hackers," who display a high level of technical expertise. These "hackers" are able to manipulate various communications systems so that their interference with other computer systems is hidden and their real identity is difficult to trace. The crimes committed by most "hackers" consist mainly of simple but costly electronic
trespassing, copyrighted-information piracy, and vandalism. There is also evidence that organised professional criminals have been attacking and using computer systems as they find their old activities and environments being automated.
Another area of grave concern to both the operators and users of computer systems is the increasing prevalence of computer viruses. A computer virus is generally defined as any sort of destructive computer program, though the term is usually reserved for the most dangerous ones. The ethos of a computer virus is an intent to cause damage, "akin to vandalism on a small scale, or terrorism on a grand scale." There are many ways in which viruses can be spread. A virus can be introduced to networked computers thereby infecting every computer on the network or by sharing disks between computers. As more home users now have access to modems, bulletin board systems where users may download software have increasingly become the target of viruses. Viruses cause damage by either attacking another file or by simply filling up the computer's memory or by using up the computer's processor power. There are a number of different types of viruses, but one of the factors common to most of them is that they all copy themselves (or parts of themselves). Viruses are, in essence, self-replicating.
We will now consider a "pseudo-virus," called a worm. People in the computer industry do not agree on the distinctions between worms and viruses. Regardless, a worm is a program specifically designed to move through networks. A worm may have constructive purposes, such as to find machines with free resources that could be more efficiently used, but usually a worm is used to disable or slow down computers. More specifically, worms are defined as, "computer virus programs ... [which] propagate on a computer network without the aid of an unwitting human accomplice. These programs move of their own volition based upon stored knowledge of the network structure."
Another type of virus is the "Trojan Horse." These viruses hide inside another seemingly harmless program and once the Trojan Horse program is used on the computer system, the virus spreads. One of the most famous virus types of recent years is the Time Bomb, which is a delayed action virus of some type. This type of virus has gained notoriety as a result of the Michelangelo virus. This virus was designed to erase the hard drives of people using IBM compatible computers on the artist's birthday. Michelangelo was so prevalent that it was even distributed accidentally by some software publishers when the software developers' computers became infected.
SYSOPs must also worry about being liable to their users as a result of viruses which cause a disruption in service. Viruses can cause a disruption in
service or service can be suspended to prevent the spread of a virus. If the SYSOP has guaranteed to provide continuous service then any disruption in service could result in a breach of contract and litigation could ensue. However, contract provisions could provide for excuse or deferral of obligation in the event of disruption of service by a virus.
The first federal computer crime law, entitled the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, was passed in October of 1984.
The Act made it a felony to knowingly access a computer without authorisation, or in excess of authorisation, in order to obtain classified United States defence or foreign relations information with the intent or reason to believe that such information would be used to harm the United States or to advantage a foreign nation.
The act also attempted to protect financial data. Attempted access to obtain information from financial records of a financial institution or in a consumer file of a credit reporting agency was also outlawed. Access to use, destroy, modify or disclose information found in a computer system, (as well as to prevent authorised use of any computer used for government business) was also made illegal. The 1984 Act had several shortcomings, and was revised in The Computer Fraud and Abuse Act of 1986.
Three new crimes were added to the 1986 Act. These were a computer fraud offence, modelled after federal mail and wire fraud statutes, an offence for the alteration, damage or destruction of information contained in a "federal interest computer", an offence for trafficking in computer passwords under some circumstances.
Even the knowing and intentional possession of a sufficient amount of counterfeit or unauthorised "access devices" is illegal. This statute has been interpreted to cover computer passwords "which may be used to access computers to wrongfully obtain things of value, such as telephone and credit card services."
Remedies and Law Enforcement
Business crimes of all types are probably decreasing as a direct result of increasing automation. When a business activity is carried out with computer and communications systems, data are better protected against modification,
destruction, disclosure, misappropriation, misrepresentation, and contamination. Computers impose a discipline on information workers and facilitate use of almost perfect automated controls that were never possible when these had to be applied by the workers themselves under management edict. Computer hardware and software manufacturers are also designing computer systems and programs that are more resistant to tampering.
Recent U.S. legislation, including laws concerning privacy, credit card fraud and racketeering, provide criminal-justice agencies with tools to fight business crime. As of 1988, all but two states had specific computer-crime laws, and a federal computer-crime law (1986) deals with certain crimes involving computers in different states and in government activities.
There are no valid statistics about the extent of computer crime. Victims often resist reporting suspected cases, because they can lose more from embarrassment, lost reputation, litigation, and other consequential losses than from the acts themselves. Limited evidence indicates that the number of cases is rising each year because of the increasing number of computers in business applications where crime has traditionally occurred. The largest recorded crimes involving insurance, banking, product inventories, and securities have resulted in losses of tens of millions to billions of dollars and all these crimes were facilitated by computers.
Bequai, August, Techno Crimes (1986).
Mungo, Paul, and Clough, Bryan, Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals (1993).
Norman, Adrian R. D., Computer Insecurity (1983).
Parker, Donn B., Fighting Computer Crime (1983).
Dodd S. Griffith, The Computer Fraud and Abuse Act of 1986: A Measured
Response to a Growing Problem, 43 Vand. L. Rev. 453, 455 (1990).