Computer Crime, Law,

Prosecution, and More

CSE/CJ 429
29 November 2006

Robyn R. Mace, Ph.D., CPP

MSU, School of Criminal Justice
Globalization and
Computers
• Structural Revolution; scale and scope
• Financial, Commercial, Communications,
Personal Networks are linked and
interdependent
• Instantaneous exchanges; 24 hour society
• Military, Industrial, Social Applications
• Expanded Vulnerabilities/Threats
Computer Crime

• Object, Target, Tool?

• “An act committed in violation of criminal
or civil codes using electronic or digital
technologies for unauthorized activities
and transactions”
• Network “generally defined as a specific
type of relation linking a defined set of
persons, objects, or events.”
• From Knoke and Kulinkski, 1982:12
New or Traditional
Crimes?
• Theft, Piracy
• Illegal Goods and Services
• Conspiracy
• Harassment
• Vandalism, Destruction of Property
• Interpersonal/Social Violence
Brief History of
Computing Machines
• Mechanical
– Abacus, Slide Rule; Difference Engine (Babbage,
1822); Mechanical Calculators
• Vacuum Tube (functions like valve)
– Faster switching; electromagnetic relays
• Punch Cards
– Jacquard Loom (c. 1800); 1890 Census; Tabulating
machines
• ENIAC (1943-1946) for Army
– increased ballistics calculations x1440;
– 18,000 vacuum tubes, 30 tons, size=several rooms
Brief History of
Computing Machines
• Transistors (1947 Bardeen, Brattain, Shockley
@ Bell Labs); Semiconductors
• Integrated Circuits*** (1958 Kilby @ TI)
– Millions of circuits on single chip; stores, organizes,
processes, interprets information
– Integrated Circuits +resistors +capacitors=microchips
• Networks (1960s)
• Desktops (1970s); IBM PC (1981)
• Handheld (1980s)
• Wireless (1990s)
Transistor/Integrated
Circuit Derivative Techs
• Military/Commercial: Satellites;
communications; broadcasts; weaponry
• Infrastructure: Air traffic; water/waste
control systems; emergency response
• Social/Commercial: banking; industrial;
medical; entertainment
• Personal: cars, microwave ovens, video
cameras, televisions, touch tone phones,
computers
Brief History of the
Internet
• ARPAnet, 1969-1990 – Advanced
Research Projects Agency
– Linked 4 Mainframes@ Stanford, UCLA, UC
Santa Barbara, U. of Utah
– Email; telnet; FTP
• NSFnet, 1973-1976
• Milnet, 1983
• www, 1989-91
– Tim Berners-Lee; html, http, udis/urls
Types of
Telecommunications
• Telegraph
• Cable
• Telephone*
• Radio
• Television
• Mobile & Wireless*
• Carrier Services*
• Broadband Access*
• Networks & Infrastructure*

* relevant for our purposes

Telecom Applications

• Telephone
• Mobile & Wireless
– Cell phones, PDAs, Wireless computers, GPS
• Carrier Services
• Broadband Access
– DSL, Telephone and Cable providers
– Opens a portal
• Networks & Infrastructure
– Ethernets, WANs and LANs, Operating Systems
Telephone

• Original hackers, phrackers, phreakers

• Initially for challenge, access to free phone
• Broader criminal applications in 1980’s
with deregulation of phone system and
proliferation of services and phone
numbers
• Telephone Fraud costs $4 billion per year
– Note from recent court outcomes that some
(organized) crime is apparently taking place inside
some of these companies as well.
Mobile and Wireless
Carrier Services and
Broadband Access
Networks and
Infrastructure
Waves of Computer
Crimes
• 1960’s – Hacking began as problem-solving
• 1970’s
– Privacy Violations, Salami Slicing (EFT), Phone Phreaking,
Trespass; Distribution of Illicit Materials
• 1980’s
– Software Piracy/Copyright violations, Viruses, Phone Phreaking,
Trespass; Commercialization of Illicit Material Distribution
• 1990’s
– IP Spoofing, File Transfer Protocol Abuse, Phantom Nodes,
Protocol Flaws
• 2000’s
– Automated Hacking, Desktop Forgery, International Industrial
Espionage; Transnational Organized Crime and Terrorism
(derived from Parker, SRI)
Characteristics of
Computer Crimes
• Geographic dislocation of offender
• Invisibility/Anonymity of offender
• Lack of victim awareness
• Unwillingness to report
• Multiple pathways to/from crime
• Intangibility of digital goods, evidence,
value
Motivations of Computer
Criminals
• Financial
• Commercial
• Professional
• Occupational
• Recreational
• Ideological
Why Should We Be
Concerned?
• Growth and development of cyber technologies
has changed the threat environment
• Technology creates dependencies that evolve
to interdependency
• A significant attack on one can directly impact others (cascade effect)

• Pervasiveness of cyber technologies redefines

security
• Physical attacks have cyber consequences and cyber attacks have
physical consequences
Why Should We Be
Concerned?
• Attackers well aware of the potential impact of
using cyberspace
• Nations adding Computer Network Warfare to strategy and
doctrine
• Terrorist groups developing cyber capabilities (Al Qaeda)
• Criminal groups have been using cyberspace for years
• Critical infrastructures prime target for exploitation and
compromise (i.e., water, energy, chemical)

• Open society generates many

opportunities for information
and financial exploitation
Counting Computer
Crimes
• No uniform offense definitions
• No centralized reporting or collection
• No standardization in estimation of harm
• No single responsible entity
• No penalties for non-reporting
• Few incentives for reporting
– Recoverability; Punishment?
CSI/FBI Computer Crime
and Security Survey 2006
• Long-term Trends
– Unauthorized systems use
– Internal and external incidents
– Detection: Types of Attacks/Misuse
– Actions taken

• Managing Associated Risks

– Auditing, Performance Evaluation, External Insurance
– Security Training Needs
– Organizational spending on security investments

http://www.gocsi.com/
CSI/FBI Computer Crime
and Security Survey 2006
• Virus attacks – main sources of financial
losses
• Unauthorized access – second greatest
financial loss source
• Laptop and theft of proprietary data (3 & 4)
• Categories account for almost 75% of
losses
CSI/FBI Computer Crime
and Security Survey 2006
• Organizational reporting to law enforcement
increased (from 20-25%)
• Estimated losses = $52,494,290 (615
respondents)
• ROI, IRR, and NPV are primary forms of
economic evaluation of security expenditures
– 80% of organizations conduct audits
– Range 6%-26% of IT budget on Security
– Relatively little outsourcing of IT security
• Sarbanes-Oxley Act has substantial impact
– Shifts organizational focus from technology to
corporate governance
CSI/FBI Computer Crime
and Security Survey 2006
• Critical Issues
1. Data protection
2. Regulatory Compliance
3. ID Theft and Information leakage
4. Viruses and worms
5. Management Involvement, Risk
Management, and Resource Allocation
6. Access Control; Awareness/Education
CSI/FBI Computer Crime
and Security Survey 2006
• Key Training Areas
– Security Policy
– Network Security
– Security Management
– Access Controls
– Systems architecture
– Economics
– Investigations and legal Issues
– Cryptography
Top Bugs

• Estimated Damages Worldwide

– Love Bug, 2000, $ 8.75 billion
– MyDoom, 2004, $ 5.75 b
– Netsky, 2004 $ 3.75 b
– Sasser, 2004 $ 3.6 b
– SoBig, 2003 $ 2.75 b
– Zotob, 2005 $ 850 million
– Mytob, 2005 $ 500 million

Source: WSJ (11/21/06, A-1) citing Computer Economics

Computer Crime Control
Model
• Prevention
– Awareness, Education, Policy
– Threat and Vulnerability Assessment
• Detection (Investigation)
– Crisis Management
– Auditing, Tracing, Evidence
• Prosecution
– Handling evidence, Expert Witnesses, Court Room
and post-trial activities
(adopted from FBI Model, Icove et al. 1995)
Computer Crime Control
Model Elements
• Detection vs. Investigation
• Public and Private Agencies, Actors,
Motivations
• Investigation Goals
– Stop loss, stop publicity OR
– Prosecute
• Reliance of Law Enforcement on technical
expertise of others
• Perception of Problem (vs. violent crime)
Impacts of Computer
Crime
• Personal
• Social
• Economic
• Political
Personal Victimization

• Privacy
• Identity
• Social Conduit to Trouble
• Financial
Economic/Social
Victimization
• Infrastructure
– Energy (Oil/Gas/Electricity); Water; Transportation;
Health and Safety; Banking/Finance
– (video clip)
• Communications
– Telegraph, telephone, internet, cable, cellular,
satellite; connective technologies

• Denial of Service; Access

• Loss of Money/Operations; Trust
Political Victimization

• National Security
• Information Warfare
– disruption of information infrastructure
• Cyberterrorism
– “Criminal act perpetrated through computers resulting in
violence, death, and/or destruction, and creating terror
for the purpose of coercing a government to change its
policies” NIPC
• Continuity/control of Government
• Disinformation
• Erase, deface, replace
Organized Crime and
Computing
• Strengthening links between international,
regional, national, and local networks and
markets based on
– Shared need for secrecy/privacy in operations
– Shared need for methods and modes of
international distribution
– Shared antipathy for governments and
national sovreignty
Privacy/Information
Control
• Throw-away phones (need
distribution/coordination network)
• Encryption
• Steganography
• Bit-streaming (bit torrent)
• Firewalls, filters, fundamentals
Cryptography and
Encryption
• Close to as old as human communications
• Governments and militaries, particularly but also
other types of data
• Involves coding information to protect secrets
• Key issues
– Authentication
– Authorization
– Confidentiality
– Integrity
– Privacy
• www.howstuffworks.com has a good overview of encryption and
applications
How encryption works
Steganography

• Art and science of disguising or hiding

information in the form of something else
• Originally, Roman did it with wax tablets
• Images or information may be encoded
into pictures or texts files
• The “invisible” files can be (compiled and)
retrieved by those with code
Bit-streaming and bit-
torrent
• Allows use of up and download
capabilities for more efficient use of
bandwidth and faster loading
• Uses multiple sites and multiple machines
to maximize duplication and retrieval
accuracy and reduce detection of
unauthorized storage
Using Emerging
Technology for Crime
• February 2005 – Digital Signature Transponder
(RFID) tag decoded in automated car key
system; highlights broad security implications of
new locks/seals (and Passports?)
• March 2004 – Madrid bombers used hotmail
draft box to save messages and communication
(undetected by network monitors)
• Fall 2004 - Wi-Fi Virus (wi-jacking); lab
developed virus transmitted cell-to-cell
• Cells phones as tracking and eavesdropping
devices
Controlling Computer
Crime: Caveat Emptor
• Law
• Jurisdiction
• Resources
• Capacity of Responders
Laws and Agencies

• Federal
– 1984 Computer Fraud and Abuse Act 18 U.S.C. 1030
– 18 U.S.C. 1029, 1362, 2510, 3701, 3121
– Homeland Security Act; USA Patriot Act
– Presidential Directives
– Justice, Defense, Treasury; CIA, NSA
• States
– 1978 Florida; All states had acts w/ 20 years
• International
– Treaties, Conventions
– UN, Interpol; Council of Europe
Jurisdictional Issues

• Offense origination
• Offense occurrence
• Prosecution locale
• Agency cost burden
– Time, $/Equipment, Personnel
• Investigational Logistics
– Search/Seizure; Info Volume; Protocols
• Cooperation/Information Exchange
Resources/Response
Capacity
• Responsibility: whose job is it?
– Caveat emptor?
• Motivation: Public Good vs. Private Profit
• Skill/Personnel
– Training; Retention
• Forensic Capabilities
– Equipment, Processing Time, Backlogs
Responses (not solutions)

• Transnational Coordination
– Multi-sector cooperation (state, private, NGO)
• Information and Resource Sharing
• Enhanced Law, Enforcement, Judicial
Capabilities
• Enhanced Public Awareness,
Responsibility
• Evolutionary responsiveness: reactive or
proactive?
Criminal Justice
Agencies
• Traditional and Emerging Roles
• Police
• Prosecution
Criminal Justice
Agencies
• Traditional and Emerging Roles
• Police
– Approximately 18,760 police agencies, w/ c. 950k
employees, and $ 51 billion budget
– 60 Federal Police Agencies; 13 Intelligence Agencies;
Military Police
• Prosecution
– Approximately 2,300 Municipal, County, Parish and
Local prosecutors
– 94 U.S. Attorneys
– 56 Attorneys General
A Model for Building
Computer Crime Capacity
• Individual
– Professional exposure
– Contact, Problem ID
• Individuals, Team
– Directed Activities
– Policy Development
– Support External Problem Solving
Building Computer Crime
Capacity Continued
• Task Force, Working Groups
– Resource Support
– Coordinated Internal and External Activities
• Unit, Bureaus, Divisions
– Structural Permanence
– Integrated Internal and External Strategy and
Operations
– Network Anchor
Examples

• 12 Regional Electronic Crimes Task Force

• San Jose High Tech Crimes Unit
• Austin High Tech Crime Unit
– Austin High Tech Foundation
• Professional Organizations
New York ECTF

• 1st of Regional Task Forces, established in early 1990s

• Focal issues: Information sharing, enforcement,
• Collaboration between LE jurisdictions and private sector
• Early ID of emerging crime trends
• Contributions of space, equipment, training and
investigators
• Locations: Boston, Charlotte, Chicago, Cleveland,
Dallas, Houston, Las Vegas, Los Angeles, Miami, San
Francisco, Washington (DC)
San Jose REACT Task
Force
• Established in 1996
• Focal issues: enforcement, training
• Full, part-time membership
• Design and prevention collaborations
• Early ID of emerging crime trends
• Contributions of space, equipment,
training and investigators
Austin High Tech
Crimes Unit
• Established in 1995
• Focal issues: proactive protection of local tech
concerns (component theft, hacking, intel prop)
– Estimated 400 high tech companies in Austin area
• Federal, state and local LE agencies
• Good “cyber” crime referral information
• Austin Metro High Tech Foundation
– Financial support to Austin area LE
Investigation

• Jurisdiction
• Evidence
– Non-traditional
– Easily corruptible
• Warrants
• Search and Seizure
• Infrastructure Issues
– Banking, financial, computer records
– Private, proprietary
Investigation
• Jurisdiction: What Agency
– FBI, SS vs. state and local
• Evidence, Search and Seizure
• Instrumentality (volume of materials)
• Physical place to be searched
• Original and duplicates
• Authentication
Key International Issues

• Deregulation and Free Markets

– Transfer of technology, industry, people
• Innovation and Adoption
• Regulation and Social Control
• Value and valuation of “assets”
• State vs. Civil Roles
Implications for
International Markets
• International Market Structures
– Demand and Supply
– Generational Orientation and Management
• Ownership/Distribution of Resources
• Regulatory Incentives/Capabilities
• Corruption
Professional, Research,
and Training Resources
• CyberSecurity
– Information Systems Security Association
• http://www.issa.org/
– High-Tech Crime Investigators Association
• http://www.htcia.org/
– National Institute for Standards and Technology
• http://csrc.nist.gov/focus_areas.html
• Financial/Transactional Fraud
– Association of Certified Fraud Examiners
• www.acfe.org
– National White Collar Crime Center
• www.nw3c.org/
Professional, Research,
and Training Resources
• Telecommunications Fraud
– Communications Fraud Control Association
• www.cfca.org/
• General
– National Criminal Justice Referral Service
• www.ncjrs.org
– American Society for Industrial Security
• www.asisonline.org
– Certified Fraud Examiners
• www.acfe.org
– Purdue CERIAS
• http://www.cerias.purdue.edu/
Federal and Related
Resources

– DOD: ACID, AFOSI, NCIS, DISA

– FBI NCCS
– Treasury/Secret Service
– Customs
– CERT/Carnegie Mellon
• Check out the CyberSec podcasts at http://
www.cert.org/podcast/
Must-See TV and other
background resources
• Suspect Nation by Henry Porter on
Democracy TV
• Cuckoo’s Egg, Cliff Stoll
• Hackers, Steven Levy
• William Gibson’s books
Triangle of Crime and
Disorder

Motivated Offender

Suitable Target/Victim

Location/Opportunity

Source/More Information: http://www.popcenter.org/learning/60steps/index.cfm?page=Welcome

Managing Crime and
Disorder

Capable Handlers for

Motivated Offenders

Capable Guardians for

Suitable Target/Victim

Place Manager/Management for

Locations/Opportunities
Questions / Comments
Info Sec Exercise

• 2 Phases, each with Debriefing/Call-out

Phase I: Threats and Vulnerability/Risk Assessment (15-20

minutes)

Break-out discussion (15-20 minutes).  Brief break. (< 5

minutes)
 
Phase II: The Attack/Responding to Threats (10-15 minutes)
 
Breakout/discussion/process review (5-15)
Info Sec Exercise

• 4-5 Groups/Goals

– Terrorist Threat

– Counter-terrorist Threat Assessment/Prevention

Response

– Profit Motivated Group

– Private (and/or Public) Sector Prevention/Response

Info Sec Exercise
Roles within Groups
Outlaws
• Financier/Budget
• Technologist
• Planner/Logistics
• Strategist

Agencies
• Budget/Congressional
• Defense
• Legal
• Operational
Info Sec Exercise

• Goals: Phase I
– ID most probable/damaging type/sets of
attacks from criminal and LE perspective

• Goals: Phase II
– Prepare for execution of ID most
probable/damaging type/sets of attacks from
criminal and LE perspective