Computer Crime: Prevention and Innovation
Since the introduction of computers to our society, and in the early 80’s the Internet, the world has never been the same. Suddenly our physical world got smaller and the electronic world set its foundations for an endless electronic reality. As we approach the year 2000, the turn of the millenium, humanity has already well established itself into the “Information Age.” So much in fact that as a nation we find our selves out of a service economy and into an information based economy. In a matter of only a few years almost all systems are run buy computers in some way, shape, or form. We depend on them for everything. Even the smallest malfunction or glitch in a system could now cause unfathomable amounts of trouble in everything from riding the bus, having access to your money, to getting your prescription at the pharmacists. Furthermore, Icove (1998) suggested that with the price of home computers that work faster and store more memory going down every year due to competition in the market, it is estimated that by the year 2011 most every American home will have a PC with instant access to the Internet. With an increase in users everyday and new businesses taking advantage of perks of an alternate electronic world, this information dimension will only get bigger, more elaborate, provide more services, and we will find society as a whole more and more dependent on it.
However, even in an artificial environment such as the cyberspace, it appears mankind cannot escape from its somewhat overwhelming natural attraction to wrongful behavior or criminal tendencies. In turn this alternative dimension has been infected with the same criminal behavior that plagues our physical reality. The information age has opened the doors to anti social, smart, and opportunistic people to find new and innovative ways to commit old crimes. These people are called hackers. Schamalleger (1999), stated that hackers are people who view and use computers as objects of exploration and exploitation(p. 457).
What is the social Problem?
Computer crime is the official name given to this criminal phenomenon driven by hackers. Although a solid definition of computer crime has yet to be agreed upon by scholars, it is described in a functional manner encompassing old crimes such as forgery, theft, mischief, fraud, manipulation or altering of documents; all of which are usually subject to criminal sanctions everywhere (“Electronic Crime”). Also included in the description or computer crime is the unauthorized invasion or trespass of data base systems of private companies or government agencies. According to Schamalleger (1999) computer crime is also described as any violation of a federal or state computer crime statue. Colorado State statue defines computer crime as,
(1) Any person who knowingly uses any computer, computer system, computer network, or any part thereof for the purpose of devising or executing any scheme or artifice to defraud; obtain money, property, or services by means of false or fraudulent pretenses, representations or promises; using property or services of another without authorization; or committing theft commits computer crime.
(2) Any person who knowingly and without authorization uses, alters, damages, or destroys any computer, computer system, or computer network described in section 18-5.5-101 or any computer software program documentation, or data contained in such computer, computer system or computer network commits computer crime (Schmalleger, 1999, p. 486).
Bloombecker (1986) suggested he history of computer crime and hacking started in the late 1950’s when AT&T first implemented its interstate phone system and direct distance dialing (DDD)(p. 450). Manipulation of the way that the DDD system worked, in order to make free long distance calling, was the objective of this crime. What the early hackers did was duplicate the particularly distinguishable tones that the phone companies used in their early switching devices enabling them to fool the system into thinking that the customer has paid. A person who used any number of devices available for manipulating switch systems in order to explore or exploit is called a phone phreak (Schmalleger, 1999, p. 479).
Who are the perpetrators?
Computer crime, like any other criminal activity, is a product of opportunity, desire, and ability. Anyone who owns a computer or has access to a computer has the opportunity to misuse its systems to engage in criminal activity. According to Kovacich (1989) researchers found that the average age of most computer crime defendants is between the ages of 21 and 23. The second highest age groups of computer crime defendants are between 18 and 20 (p. 25). Maxfield (1989) suggested that hackers could be classified into the following groups based on their psychological characteristics: pioneers, scamps, explorers, game players, vandals, and addicts.
Among these six (6) classifications of hackers, hard-core computer criminals are mostly found in the explorers, game players, vandals, and addicts. Maxfield (1989) stated pioneers are simply captivated by technology and explore with out necessarily knowing what they are getting into or without specific criminal intent. Scamps are curious and playful hackers that intend no real harm. Explorers, on the other hand, specifically look for highly sophisticated and secured systems that are relatively far from their physical location. The further away and the more sophisticated the systems that are being broken into are, the more exciting it is for the explorer. For the game player hacker, hacking is a sport that involves the identification and defeat of software, systems, and copyright protections. Vandals are hateful, angry hackers that strike harshly, randomly, and without any apparent personal gain other then knowledge, responsibility, and credit for such acts. Finally, addicts are your stereotypical nerdy individuals that are literally addicted to computer technology and hacking its self like an addict to drugs. Due to these obsessive behavioral patterns it is not surprising that many of these types of hackers are coincidentally hooked on illicit drugs too. Schmalleger (1999) stated that evidence of this is found in some hacker bulletin boards, where along with information on passwords, modems, and susceptible systems, they also share information on drugs (p. 490).
Who Does the Problem Affect?
Since the 1950’s, technology has skyrocketed raising the capability of computers along with it. In turn computer crime has also evolved at the same rate from mere phone phreaking, to a complex categorization of crime all to itself. So much in fact that computer crime is now a global concern due to the financial burden that it places onto its victims. Primary victims to computer crime are the companies’ or government agencies’ database systems that are being invaded. By doing so the hacker is hoping to cause some sort of loss or inconvenience and either directly or indirectly benefit themselves or a group they belong to or have strong affiliation with. Secondary victimization is what happens to the public when they begin to fear that no information or computer system that we rely on is ever truly safe from hackers. In short computer crime affects the entire world-all of us.
Computer use, misuse, and abuse.
Hollinger (1988) suggested that computer us is grouped into three (3) categories. Those categories are normal, proper computer use, improper computer use, and criminal misuse (p. 126). Computer abuse, although not illegal, points to moral issues of concern for society as a whole. This refers to legal but restricted web sites and activities belonging to subcultures that do not share traditional value structures that the general public adheres to. Due to the existence of these groups the information dimension has also been flooded with misuses such as sexually explicit material and sensitive information that, in my opinion, the general public should not have such easy access to. A few examples of Sensitive information are, access to bomb making blue prints, where to get materials for such a devise, and military tactical procedures that out line the process and positioning of such devises to create the most damage.
In the category of computer misuse, is the creation and deployment of viruses and software piracy. Schmalleger (1999) stated that a computer virus is a set of computer instructions that propagates copies or versions of itself into computer programs or data when it is executed (p. 477). This renders all systems locked into malfunction mode and can cause permanent damage to a computers hard drive and or memory if at all the computer can be de-bugged from the virus in the first place.
According to Bequai (1987) more than $13 billion are lost world wide to software piracy. Software piracy refers to the bootlegging of software programs available for computers. Using software of this nature not only takes business away from the makers of the software, but it also, one, takes away from the original intentions and capabilities of the software, and two, provides a greater risk of passing a virus onto the computer it is applied to.
How, When, and Where Dose the Problem Occur?
In traditional criminal events, when one is looking for the roots or causation of any particular physical crime, the physical environment, social environment, psychological and mental capacity, and economics all play major roles. Likewise, physical crime happens in real time and in a physically tangible space. However, computer crime is more complicated in the sense that although real time measurements are used to record the transactions between computers, the location of the criminal offence is in cyberspace. Schmalleger (1999) wrote that cyberspace is the computer produced matrix of virtual possibilities, including on line services, wherein human beings interact with each other and with technology it self .
Although physical environment, social environment, psychological and mental capacity, and economics are important factors in computer crimes, specific causation of computer crime has to be dealt with on a case by base study. What makes one person engage in computer crime can be different from what makes another person do the vary same criminal act. However, what remains the same in all computer crimes is the dependent use of modems, telephones, and some sort of unauthorized entrance into a government, commercial, or private data base system.
For example, on September 16, 1999 in Dallas, Texas, United States Attorney Paul E. Coggins was happy to report that, due to aggressive investigations done by the Federal Bureau of Investigation and later prosecuted by Assistant United States Attorney Matthew Yarbrough, Corey Lindsly and Calvin Cantrell were sentenced in federal court by Chief District Judge Jerry Buchmeyer. Criminal conviction on the two was handed down for selling stolen long distance calling card numbers that were illegally obtained by hacking into computer systems of Sprint Corporation, Southwestern Bell and GTE. Calvin Cantrell, age 30, of Grand Prairie, Texas, was sentenced to two years imprisonment and ordered to pay $10,000 to the victimized corporations and Corey Lindsly, age 32, of Portland, Oregon, was sentenced to forty-one months imprisonment and ordered to pay $10,000 to the victimized corporations.
Through investigations Corey Lindsly and Calvin Cantrell were identified as two major ringleaders in a computer hacker organization known as the Phone Masters. This group of hackers, very professionally, structured their attacks on the computers through teleconferencing and made use of encryption program PGP to hide the data that they exchanged with each other. In addition to the crimes that Corey Lindsly and Calvin Cantrell were convicted for, further evidence showed that the group had also infiltrated computer systems owned by utility providers, credit reporting agencies, and systems owned by state and federal governmental agencies including the Nation Crime Information Center (NCIC) computer. The definitive mission of the Phone Masters organization was to one day take control of all telecommunications infrastructures in the nation.(“Department of Justice”)
In the Phone Masters example, an on line social environment, psychological and mental capacity, and economic gain were underlying factors in the causation of the criminal acts that Corey Lindsly and Calvin Cantrell ended up plead guilty to. In this example economic gain was the centerpiece of motivation. However, economic gain is not always a reason for computer crime. Sometimes people, particularly younger people between the ages of 12 to 35, partake in computer crime due to a lack of power or control in their real lives. These people then turn to the electronic realm as an alternative to the real world so they can over come feelings of personal inferiority by challenging machines. These people develop self worth and acknowledgment for their criminal actions from the peers of their subculture. Bequai (1987) research found that these people refer to themselves as cyber punks and they roam independently or in groups through cyberspace in search for vulnerable systems much like street gangs in search for likely victims or opportunity to partake in any criminal action just for kicks.
For example in Boston, Massachusetts, on October 18, 1998, Federal criminal charges were brought upon a juvenile computer hacker. According to United States Attorney Donald K. Stern and Acting Special Agent in Charge Michael T. Johnston of the U.S. Secret Service, in March of 1997, in two separate accessions, the defendant deployed a series of commands from the his personal computer at home. These virus like commands made a necessary telephone company computer shut down and in turn killed telephone communications to the Worcester airport. This caused vital services to the FAA control tower to be disabled for a total of twelve hours. He deployed the first series of commands at 9:00 am. Emergency teams scrambled franticly for six hours until they we able to temporarily fix the malfunction, but only to have in knocked down again by the defendant just as soon as it was fixed. He deployed his second series of commands at 3:00 PM. It was 9:00 PM when the Worcester airport and its surrounding communities were able to set up telephone communications again.
In the course of the investigation done by the U.S. Secret Service additional evidence showed that the defendant also electronically broke into a pharmacists’ computer in a Worcester area pharmacy store and copied patient records. This information was accessible by modem after hours when the pharmacy was closed so that there headquarter offices could update patient records at anytime. Even though the juvenile was in a view only program and could not alter the prescriptions, and no evidence was found that he dispersed the information, this was still viewed as a serious invasion of privacy and the nature of his actions were found to be criminal.
In result to a plea-bargained decision the juvenile received two years’ probation, ordered to complete 250 hours of community service, must pay restitution to the telephone company, and in addition, he was made to surrender all of the computer equipment used during his criminal activity. Further more, during his sentence he may not possess, use, or buy a modem or any other means of remote accessing of computers or computer networks directly or indirectly. In response to the plea-bargained decision, Stern (1998) stated:
This case reflects our intention to prosecute in federal court anyone, including a teenager, who commits a serious computer crime. The plea agreement is a balanced effort, weighing the seriousness of this juvenile’s computer intrusions and his lack of malevolence. As with a driver’s license, the freedom to explore with a computer and modem comes with the obligation to act responsibly and respect the law. ( “Department of Justice #2”)
According to the Department of Justice (1999) the charges in this particular case are vitally important because they are the first ever to have been brought against a juvenile by the federal government for commission of a computer crime. The juvenile was not publicly named due to federal laws concerning juvenile cases.
A Realistic Theory For the Future Prevention of Computer Crime
Hollinger (1988) suggested that computer crime is relatively new as compared to part-one index crimes. It is often seen as a method or a medium in which to commit particular types of crimes rather than a crime all to its self. Furthermore, because most computer crimes are executed in a non-violent manner the public unwittingly views it as a crime of less seriousness than one that involves violence. However, even if they are committed in a non-violent way, on average hackers cost the private companies and government agencies world wide billions of dollars every year. The consumers and the taxpayers are the ones left to make up the losses in the long run. Whether violence was used in these offences or not it is surely evident as to why this phenomenon concerns us all.
The problem with dealing with computer crime is that most of it is reactive instead of proactive. Also affecting the way we combat computer crime is the way that society views it and the way society punishes offenders. To me, it appears that the efforts against computer crime are following a historical view of policing and crime fighting where a lot of emphasis was put on law enforcement, dealing with the offender after the crime has been committed, instead of community cohesion, trying to set up community based organizations to try a raise awareness and impact the criminal behavior before in turns to criminal activity. The evolution that policing has gone through over the years, from enforcement to prevention, should provide as a good model to follow in preventing and dealing with computer crime instead of just reacting to it.
This prevention approach would most successful if done in three parts. Part one would involve the media, the government, and businesses or groups that have fallen victims to hackers in the past. Even though the media is often accused of damaging public perception on issues, it can also be use to help shift or steer public perception in the right direction. The media’s responsibility would be to bring the public interest message to the masses through the use of TV and radio commercials, newspaper writing, pamphlets, highway billboards, internet posting, mailing list, and series or public lectures or conferences. Primarily, the victimized companies and groups along with the government agencies involved in the pursuit and conviction of the offenders would compose the message that media would be delivering. The message would entail an appropriate perspective on computer crime, examples of what attitudes society should or should not have toward computer crime, examples or a view of the many government agencies that are on the front line of the computer crime battlefield, and finally a heightened uniform guideline for the punishment of computer crime.
Part two of my computer crime prevention approach would involve taking away much if not all the discretion involved in the sentencing of people convicted of computer crime. I feel that because the outcomes of computer crime could can so financially detrimental, instilling harsh mandatory uniform sentencing guild lines should be enacted. This would let the offenders know that the public will not tolerate computer criminal activity and not to expect leniency if convicted of computer crimes. This method of sentencing is not liked by many judges because it takes away from their judicial powers and dose not allow the judge to decide what he/she think is best for the community, district, city, or state they preside over. Hackers like it even less because it ensures their fait if caught and convicted of computer crime.
Part three would simply be the reinforcement of part two and provide that the punishment for computer criminals be harsher and involve more time in a federal prison then the average sentence being handed down today for computer crime offenses. A perfect example of the way this three-part method of dealing with computer crime works is in the similar approach used in Project Exile where the media helps push the idea that the government will automatically give people five years in a federal institution, added to the sentence of any other crime they may be found guilty for, if they are found in possession of an illegal handgun. Project Exile has helped drastically cut the numbers of people carrying and using illegal handguns and a similar Project for computer crime would, in my opinion, have similar results in impacting existing computer criminals and deter would-be hackers from partaking in computer crime.
Bequai, A. (1987).Technocrimes. Lexington Mass:Lexington Books.
Bloombecker, J. (1986). A Security Managers Guide to Hacking. DATAPRO Reports on
Information Security, Report #IS#%-450-101, 1986.
Department of Justice. 4 Oct. (1999). <http://www.usdoj.gov/
Department of Justice. 4 Oct. (1999). <http://www.usdoj.gov/
Electronic Crime. 15 Aug. (1999). <http://police.sas.ab.ca/prl/elect.html.>
Hollinger, R. & Kaduce, L . (1988). “The Process of Criminalization: The Case of
Computer Crime Laws.” Minneapolise/St. Paul: West Publishing. 26:101-126.
Icove, D., & Icove, K. (1995). Computer Crime : A Crimefighter’s Handbook (Computer
Security) New York: O’Reilly & Associates.
Kovacich, G. & Boni, W. (1999). High Technology Crime Investigator’s Handbook.
Maxfield, J. (1985). Computer Bulletin Boards and the Hacker Problem. Arlington VA:
Automation Training Center, EDPACS, Electric Data Processing Audit, Control
and Security news letter.
Parker, D. (1989) National Institute of Justice’s Computer Crime: Criminal Justice
Research Manual, FBI Law Enforcement Bulletin.
Schamalleger, F. (1999). Criminology Today: An Integrative Introduction 2nd ed. New
Jersey: Providence Hall, Upper Saddle River.