According to term computer crime means Criminal activity directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data.
There are many ways to commit computer crime. Some examples of computer crime are:
1) Accessing a computer, system, or network.
2) Modifying, damaging, using, disclosing, copying, or taking programs or data.
3) Introducing a virus or other contaminant into a computer system.
4) Using a computer in a scheme to defraud.
5) Interfering with someone elses computer access or use.
6) Using encryption in aid of a crime.
7) Falsifying e-mail source information.
8) Stealing an information service from a provider.
Over the last twenty years, a technological revolution has occurred, as computers are now an essential element of todays society. In the world of computers, computer fraud and computer crime are very prevalent issues facing every computer user. Computers without any means of security are vulnerable to attacks from viruses, worms, and illegal computer hackers. A definition of computer crime has changed over the years as the users and misusers of computers have expanded into new areas. When computer were first introduced into businesses, computer crime was defined simply as a form of while-collar crimes committed inside a computer system. Computer crimes are hard to define, because the term is not subject to a precise definition, and it requires vast amounts of computer knowledge to understand how and why it happened.
If we defined the term “computer”, it means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device. Computer crime laws in many states prohibit a person from performing certain acts without authorization, including others listed above.
To prevent computer fraud and computer crime the government had to take a few steps. In 1974, they passed a simple Federal Privacy Act of 1974. A decade later, the computer crime was increasing rapidly, the government amended the acts and made it a federal crime. In the summary of the Acts, they are as follows:
,I Federal Privacy Act of 1974: Goes further that the Freedom of Information Act in that it requires that individuals be able to correct federal information about themselves, by requiring that agency information not be used for alternate purposes without the individual’s consent. Under this act an individual may ask a federal judge to order the correction of errors if the federal agency does not do so.
,I Small Business Computer Security and Education Act of 1984: The act created an educational council that meets annually to advise the Small Business Administration on a variety of computer crime and security issues affecting small business.
,I Computer Fraud and Abuse Act of 1986: Makes it a federal crime to intentionally access a computer for such purposes as 1) obtaining top-secret military information, personal financial or credit information; 2) committing a fraud; 3) altering or destroying federal information.
,I Computer Security Act of 1987: Requires more than 550 federal agencies to develop computer security plans for each computer system that processes sensitive information. The plans are reviewed by the National Institute of Standards and Technology (NIST).
Even after passing these acts, computer crime and computer fraud are at the same speed. We will look three case which had have happed in last twenty years.
U.S. v. Ivanov
On July 25, 2003, United States District Judge Alvin W. Thompson sentenced Alexey V. Ivanov, formerly from Chelyabinsk, Russia, at the federal courthouse in Hartford, Connecticut. Ivanov was sentenced to a term of imprisonment of forty-eight months, to be followed by three (3) years of supervised release.
He was charged under the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. 1030(a)(4)) because his actions effected and were intended to effect computers in Connecticut. Alexsey was thus found to have “obtained value” within the meaning of the CFAA by this exercise of control over computers which contained valuable data and attempting to extort money from their owner. He had hacked into the computers of the Online Information Bureau, Inc. (OIB), a facilitator of financial transactions for e-businesses, which contained data such as credit card numbers of customers and merchant account numbers. He then sent e-mails to OIB indicating that he had found out their key passwords and insisting that they hire him to “check security” for approximately $10,000. Merely viewing data in computers is not a crime under the CFAA, but the fact that he obtained information from OIBs computers over which he exercised control was sufficient to find the “value” needed to charge him under the CFAA and confer jurisdiction. Ivanov had previously pleaded guilty in these proceedings and admitted to numerous charges of conspiracy, computer intrusion (i.e., “hacking”), computer fraud, credit card fraud, wire fraud, and extortion. Those charges stemmed from the activities of Ivanov and others who operated from Russia and hacked into dozens of computers throughout the United States, stealing usernames, passwords, credit card information, and other financial data, and then extorting those victims with the threat of deleting their data and destroying their computer systems. In sentencing Ivanov, the district judge described his participation as a “manager or supervisor” in an “unprecedented, wide-ranging, organized criminal enterprise” that “engaged in numerous acts of fraud, extortion, and intentional damage to the property of others, involving the sophisticated manipulation of computer data, financial information, and credit card numbers.” The district judge found that Ivanov was responsible for an aggregate loss of approximately $25 million.
U.S. v. Salcedo et. al.(W.D. N.C.)
Brian Salcedo and his co-defendant conspired to gain unauthorized access to the nationwide computer system used by Lowes and, after gaining access, to download and steal credit card information. In order to carry out this scheme, they first compromised the wireless network at a Lowes retail store in Michigan, which allowed them to gain unauthorized access to Lowes Companies, Incs central computer system. Access to this central system gave them access to computer systems located in Lowes retail stores all over the United States. Salcedo then installed a program on the computer system of many Lowes retails stores, which would capture customer credit card information. United States District Judge Lacy Thornburgh sentenced Salcedo to 108 months imprisonment on Wednesday, December 15, 2004. This is the longest federal prison sentence ever imposed for a computer hacking offense.
U.S. v. Dinh(D. Mass.)
U.S. District Judge Nathaniel M. Gorton sentenced Van T. Dinh to 1 year and 1 month in prison, to be followed by 3 years of supervised release and a $3,000 fine. Prior to his sentencing, Van Dinh had paid full restitution to the victim Investor in the amount of $46,986, which represented the entire amount of money taken from the Investors account.
Van Dinh pleaded guilty to an eight count indictment charging him with causing damage in connection with unauthorized access to a protected computer; committing mail and wire fraud; and of knowingly executing a scheme and artifice to defraud the Investor and others in connection with a security and to obtain by means of false and fraudulent pretenses, money and property in connection with the purchase and sale of a security.
Dinh purchased approximately 9,120 put option contracts for the common stock of Cisco Systems, Inc at the strike price of fifteen dollars per share and paid $10 per contract. The total purchase price was approximately $91,200. Dinh then emailed the Investor, a member of Stockcharts.coms stock-charting forum in order to obtain his personal email address so that he could send the investor a Trojan horse disguised as a program claiming to be a beta-test of a new stock-charting tool. The Trojan Horse program contained a series of keystroke-logging programs that allowed Dinh to identify an on-line TD Waterhouse account held by the Investor and to extract password and login information for that account.
Nine days before the expiration date of Dinhs Cisco options, Dinh realized that he would lose the entire $91,200 he had paid to purchase the options. Using the login information for the Investors online account, Dinh placed a series of buy orders for the Cisco options for approximately $46,986 to reduce Dinhs losses by $37,000. Dinh placed orders upwards of $59,561 on the Investors account, but the rest went unfilled because the account had already been depleted of funds by Dinh.
In conclusion, I want to emphasize that the problem of fighting computer crimes is a complex one. Today the law must meet the requirements raised by the modern level of technology development so that the justice can be administered independently of means used to commit a crime (Internet and personal satellite connection). The priority direction is to organize interaction and coordinate efforts of law enforcement bodies, special services and court systems, supply them with required material and technical base. No one is capable of opposing this evil without help today. It is necessary to intensify the international cooperation in this field. There is no doubt that the important place in this cooperation belongs to the internationally legal mechanism of regulation.
Work Cited
1. Accounting Information Systems 9th Edition, Romney Steinbart, Prentice Hall Publishing, Chapter 9 Computer Fraud and Security.
2. http://www.answers.com/computer+crime&r=67
3. http://www.ctd.uscourts.gov/Opinions/120601.AWT.Ivanov.pdf
4. http://news.findlaw.com/hdocs/docs/cyberlaw/secdinh100903cmp.html
5. http://www.net.ohio-state.edu/security/links/csa-1987.html
6. http://www.panix.com/eck/computer-fraud-act.html
7. http://www.usdoj.gov/criminal/cybercrime/salcedoSent.htm
8. http://www.usdoj.gov/foia/privstat.htm
