Essay/Term paper: Computer crime

Essay, term paper, research paper:  Information Technology

Computer Crime


A young man sits illuminated only by the light of a computer screen. His
fingers dance across the keyboard. While it appears that he is only word
processing or playing a game, he may be committing a felony.

In the state of Connecticut, computer crime is defined as: 53a-251. Computer
Crime
(a) Defined. A person commits computer crime when he violates any of the
provisions of this section.
(b) Unauthorized access to a computer system. (1) A person is guilty of the
computer crime of unauthorized access to a computer system when, knowing that he
is not authorized to do so, he accesses or causes the be accessed any computer
system without authorization...
(c) Theft of computer services. A person is guilty of the computer crime o f
theft of computer services when he accesses or causes to be accessed or
otherwise uses or causes to be used a computer system with the intent to obtain
unauthorized computer services.
(d) Interruption of computer services. A person is guilty of the computer
crime of interruption of computer services when he, without authorization,
intentionally or recklessly disrupts or degrades or causes the disruption or
degradation of computer services or denies or causes the denial of computer
services to an authorized user of a computer system.
(e) Misuse of computer system information. A person is guilty of the computer
crime of misuse of computer system information when: (1) As a result of his
accessing or causing to be accessed a computer system, he intentionally makes or
causes to be made an unauthorized display, use, disclosure or copy, in any form,
of data residing in, communicated by or produced by a computer system.

Penalties for committing computer crime range from a class B misdemeanor to a
class B felony. The severity of the penalty is determined based on the monetary
value of the damages inflicted. (2)

The law has not always had much success stopping computer crime. In 1990 there
was a nationwide crackdown on illicit computer hackers, with arrests, criminal
charges, one dramatic show-trial, several guilty pleas, and huge confiscations
of data and equipment all over the USA.

The Hacker Crackdown of 1990 was larger, better organized, more deliberate, and
more resolute than any previous efforts. The U.S. Secret Service, private
telephone security, and state and local law enforcement groups across the
country all joined forces in a determined attempt to break the back of
America's electronic underground. It was a fascinating effort, with very mixed
results.

In 1982, William Gibson coined the term "Cyberspace". Cyberspace is defined as
"the "place" where a telephone conversation appears to occur. Not inside your
actual phone, the plastic device on your desk... The place between the phones.
The indefinite place out there." (1, p. 1)

The words "community" and "communication" share the same root. Wherever one
allows many people to communicate, one creates a community. "Cyberspace" is as
much of a community as any neighborhood or special interest group. People will
fight more to defend the communities that they have built then they would fight
to protect themselves.

This two-sided fight truly began when the AT&T telephone network crashed on
January 15, 1990.

The crash occurred due to a small bug in AT&T's own software. It began with a
single switching station in Manhattan, New York, but within ten minutes the
domino effect had brought down over half of AT&T's network. The rest was
overloaded, trying to compensate for the overflow.

This crash represented a major corporate embarrassment. Sixty thousand people
lost their telephone service completely. During the nine hours of effort that
it took to restore service, some seventy million telephone calls went
uncompleted.

Because of the date of the crash, Martin Luther King Day (the most politically
touchy holiday), and the absence of a physical cause of the destruction, AT&T
did not find it difficult to rouse suspicion that the network had not crashed
by itself- that it had been crashed, intentionally. By people the media has
called hackers.

Hackers define themselves as people who explore technology. If that technology
takes them outside of the boundaries of the law, they will do very little about
it. True hackers follow a "hacker's ethic", and never damage systems or leave
electronic "footprints" where they have been.

Crackers are hackers who use their skills to damage other people's systems or
for personal gain. These people, mistakenly referred to as hackers by the media,
have been sensationalized in recent years.

Software pirates, or warez dealers, are people who traffic in pirated software
(software that is illegally copied and distributed). These people are usually
looked down on by the more technically sophisticated hackers and crackers.

Another group of law-breakers that merit mentioning are the phreakers.
Telephone phreaks are people that experiment with the telephone network. Their
main goal is usually to receive free telephone service, through the use of such
devices as homemade telephone boxes. They are often much more extroverted than
their computer equivalents. Phreaks have been known to create world-wide
conference calls that run for hours (on someone else's bill, of course). When
someone has to drop out, they call up another phreak to join in.

Hackers come from a wide variety of odd subcultures, with a variety of
languages, motives and values. The most sensationalized of these is the "
cyberpunk" group. The cyberpunk FAQ (Frequently Asked Questions list) states:
2. What is cyberpunk, the subculture?

Spurred on by cyberpunk literature, in the mid-1980's certain groups of people
started referring to themselves as cyberpunk, because they correctly noticed the
seeds of the fictional "techno-system" in Western society today, and because
they identified with the marginalized characters in cyberpunk stories. Within
the last few years, the mass media has caught on to this, spontaneously dubbing
certain people and groups "cyberpunk". Specific subgroups which are identified
with cyberpunk are:

Hackers, Crackers, and Phreaks: "Hackers" are the "wizards" of the computer
community; people with a deep understanding of how their computers work, and can
do things with them that seem "magical". "Crackers" are the real-world analogues
of the "console cowboys" of cyberpunk fiction; they break in to other people's
computer systems, without their permission, for illicit gain or simply for the
pleasure of exercising their skill. "Phreaks" are those who do a similar thing
with the telephone system, coming up with ways to circumvent phone companies'
calling charges and doing clever things with the phone network. All three groups
are using emerging computer and telecommunications technology to satisfy their
individualist goals.

Cypherpunks: These people think a good way to bollix "The System" is through
cryptography and cryptosystems. They believe widespread use of extremely hard-
to-break coding schemes will create "regions of privacy" that "The System"
cannot invade. (3)

This simply serves to show that computer hackers are not only teenage boys with
social problems who sit at home with their computers; they can be anyone.

The crash of AT&T's network and their desire to blame it on people other than
themselves brought the political impetus for a new attack on the electronic
underground.

This attack took the form of Operation Sundevil. "Operation Sundevil" was a
crackdown on those traditional scourges of the digital underground: credit card
theft and telephone code abuse.

The targets of these raids were computer bulletin board systems. Boards can be
powerful aids to organized fraud. Underground boards carry lively, extensive,
detailed, and often quite flagrant discussions of lawbreaking techniques and
illegal activities. Discussing crime in the abstract, or discussing the
particulars of criminal cases, is not illegal, but there are stern state and
federal laws against conspiring in groups in order to commit crimes. It was
these laws that were used to seize 25 of the "worst" offenders, chosen from a
list of over 215 underground BBSs that the Secret Service had fingered for
"carding" traffic.

The Secret Service was not interested in arresting criminals. They sought to
seize computer equipment, not computer criminals. Only four people were
arrested during the course of Operation Sundevil; one man in Chicago, one man
in New York, a nineteen-year-old female phreak in Pennsylvania, and a minor in
California.

This was a politically motivated attack designed to show the public that the
government was capable of stopping this fraud, and to show the denizens of the
electronic underground that the government could penetrate into the very heart
of their society and destroy routes of communication, as well as bring down the
legendary BBS operators. This is not an uncommon message for law-enforcement
officials to send to criminals. Only the territory was new.

Another message of Sundevil was to the employees of the Secret Service
themselves; proof that such a large-scale operation could be planned and
accomplished successfully.

The final purpose of Sundevil was as a message from the Secret Service to their
long-time rivals the Federal Bureau of Investigation. Congress had not clearly
stated which agency was responsible for computer crime. Later, they gave the
Secret Service jurisdiction over any computers belonging to the government or
responsible for the transfer of money. Although the secret service can't
directly involve themselves in anything outside of this jurisdiction, they are
often called on by local police for advice.

Hackers are unlike any other group of criminals, in that they are constantly in
contact with one another. There are two national conventions per year, and
monthly meetings within each state. This has forced people to pose the
question of whether hacking is really a crime at all.

After seeing such movies at "The Net" or "Hackers", people have begun to wonder
how vulnerable they individually are to technological crime. Cellular phone
conversations can be easily overheard with modified scanners, as can
conversations on cordless phones.

Any valuable media involving numbers is particularly vulnerable. A common
practice among hackers is "trashing". Not, as one might think, damaging public
property, but actually going through a public area and methodically searching
the trash for any useful information. Public areas that are especially
vulnerable are ATM chambers and areas where people posses credit cards printouts
or telephone bills.

This leads to another part of hacking that has very little to do with the
technical details of computers or telephone systems. It is referred to by those
who practice it as "social engineering". With the information found on
someone's phone bill (account or phonecard number), an enterprising phreak can
call up and impersonate an employee of the telephone company- obtaining useable
codes without any knowledge of the system whatsoever. Similar stunts are often
performed with ATM cards and pin numbers.

The resulting codes are either kept or used by whomever obtained them, traded
or sold over Bulletin Board Systems or the Internet, or posted for anyone
interested to find.

With the increasing movement of money from the physical to the electronic,
stricter measures are being taken against electronic fraud, although this can
backfire.

In several instances, banks have covered up intrusions to prevent their
customers from losing their trust in the security of the system. The truth has
only come out long after the danger was passed.

Electronic security is becoming a way of life for many people. As with the
first cellular telephone movements, this one has begun with the legitimately
wealthy and the criminals. The most common security package is PGP, or Pretty
Good Privacy. PGP uses RSA public-key encryption algorithms to provide
military-level encryption to anyone who seeks to download the package from the
Internet.

The availability of this free package on the Internet caused an uproar and
brought about the arrest of the author, Phil Zimmerman. The United States
government lists RSA encryption along with weapons of which the exportation is
illegal. The Zimmerman case has not yet been resolved.

The United States government has begun to take a large interest in the Internet
and private Bulletin Board Systems. They have recently passed the
Communications Decency Act, which made it illegal to transmit through the
Internet or phone lines in electronic form any "obscene or inappropriate"
pictures or information. This Act effectively restricted the information on
the Internet to that appropriate in PG-13 movies.

As of June 12, 1996, the censorship section of the Communications Decency Act
was overturned by a three-judge panel of the federal court of appeals, who
stated that it violates Internet user's first amendment rights, and that it is
the responsibility of the parents to censor their children's access to
information, not the government's. The court of appeals, in effect, granted the
Internet the protections previously granted to newspapers, one of the highest
standards of freedom insured by our Constitution. The Clinton administration
has vowed to appeal this decision through the Supreme Court.

Technological crime is harder to prosecute than any other, because the police
are rarely as technologically advanced as the people they are attempting to
catch. This situation was illustrated by the recent capture of Kevin Mitnick.
Mitnick had eluded police for years. After he broke into security expert
Tsumona's computer, Tsumona took over the investigation and captured Mitnick in
a matter of months.

It will be fascinating to see, as technology continues to transform society,
the way that technological criminals, usually highly intelligent and dangerous,
will transform the boundaries of crime. As interesting to see will be how the
government will fight on this new battle ground against the new types of crime,
while preserving the rights and freedom of the American people.