Cybercrime: A Revolution in Terrorism and Criminal Behavior Creates Change in the Criminal Justice System
Introduction
The internet has revolutionized how individuals interact with each other. After four years of the Internet, fifty million people are connected to this global network. It took the radio thirty-eight years to reach fifty million users, and a mere sixteen years for the computer to reach fifty million users. The popularity of the Internet is growing exponentially (Gaines, 2007) .
A new strain of crime has developed through the invention of the computer and Internet: cybercrime. Cybercrime is when criminals use computers or networks as a tool, place, or target for criminal activity and behavior. The development of cybercrime has affected law enforcement agencies and society. Enforcement has led to the creation of laws, policies, and legislature. Law enforcement agencies must vigorously fight and prevent cybercrime in order to help create a safer society.
Origin and History of Cybercrime
The origins of cybercrime can be traced back to the days without Microsoft Windows, the Internet, or even the Personal Computer. Stewart Nelson, a student at MIT, used the university’s computer to generate the tones needed to access their long distance phone service. Over the years, cybercrime and all of its auxiliaries have grown in complexity, danger, and risk.
The term “hacking” became popular and mainstream in 1970 with the creation of the first personal computer, the Altair 8800. The computer came disassembled in a kit, the user had to build not only the computer, but write the software too. The Altair 8800 created the “hacker”, as it enabled them to own a computer and learn to program (Shinder, 2002).
Several years later the first multimedia computer was released, the Commodore 64, the computer was perceived as a “toy” for teenagers, and introduced them to present-day hacking (Shinder, 2002). The first “networks” did not use the Internet at all. The earliest of networks contained a mainframe computer, and several “dumb” terminals. A dumb terminal possesses no processor power; everything it runs comes off of the mainframe. These terminals had no memory or processor, simply a mouse, keyboard, and display. This network failed, due to the simple fact that if the mainframe crashed, so did all of the other terminals (Shinder, 2002).
Shortly after IBM released the first desktop PC that could be used in an office setting. The new computer provided reliability and affordability, but lacked networking capabilities. If a user wanted to transfer a file, they must put it on a floppy disk, and physically move it to the receiving computer. This system did not work when the files wee larger than the floppy disk could hold (Shinder, 2002).
In 1970 researchers for Xerox developed the Ethernet at their Palo Alto Research Center. The Ethernet is still the basis for most local area networks (LAN’s) today. A local area network allows many PC’s to access a server (mainframe) with the information. Thus, if a server crashes, the user’s workstation is still accessible (Schell, 2004). The modem and phone line created a new way for computers to communicate with each other throughout the world. This led to the creation of the Bulletin Board System (BBS) in 1978. The PC would be hooked up to a modem, which was wired to a phone line. A computer would make a phone call to the System Operator (sysop) of the BBS to access the forum. Modems at the time were very slow, at 24 kilobyte (kb) per second, and individuals out of their own homes operated the BBS’s. This system was unreliable and extremely slow (Schell, 2004).
As the BBS service grew, it attracted many computer gurus and hackers. As the forums grew more complex, hackers began sharing software. This is referred to as “warez”, which means pirated software. Pirated software is applications that were created to be sold, but someone copied the program to their computer and posted it for others to use, free of charge (Schell, 2004).
During these stages of the BBS service, pornography began to be posted. Sysops would create a forum, post images, and charge a fee to view the pictures. Until the creation of the dial up Internet, the BBS were for the elites, those who could afford expensive computer equipment, such as a modem. Scientists claim that the emergence of the BBS fostered, and are the roots of, cybercrime (Schell, 2004).
The first Internet Service Providers (ISP’s) consisted of two computer geniuses (“nerds”) with a low cost budget. These are not referred to ISP’s, rather as Wide Area Networks, because they were not able to communicate with the outside world. At the time, the operating system of choice was Windows 3.x. This operating system lacked the software to access the Internet, Transmission Control Protocol\Internet Protocol (TCP\IP) and Winsock. Once the user has obtained the software, which could take weeks, they must configure the settings in a text editor, with the settings written in computer jargon. Accessing the Internet in the early stages was a challenge, and actually required hacking and programming, which later resulted in the influx of cyber crimes (Schell, 2004).
Commercialization and Modernization of Cybercrime
In the 1980s companies such as CompuServe, Prodigy, and AOL began to emerge. These were commercial providers who would charge a monthly fee to users if they wanted to access their “community”. In the 1980s the fee to dial into CompuServe was $25 per hour (Wall, 2001). Users chose to connect through these companies due to ease of use. There was no configuring; inserting a disk and running a program would have the user “wired” In the early 1990s the fees for dial up internet decreased to $25 per month for unlimited access. The decline in cost made it possible for more online criminals to emerge in the anonymous online community (Wall, 2001).
In 1990 and 1991 users began to ponder the thought of privacy. They were not sure if a third party would intercept their Internet communications. As a result Phillip Zimmermann created an encryption program called Pretty Good Privacy (PGP). PGP was used to hide sensitive information, but criminals also used the program to hide evidence of crimes they had committed to the police (Wall, 2001).
In 1994 the first online bank opened, called First Virtual. This opened up a lot of opportunities for hackers. Cybercrime was slowly becoming more popular. In 1995 the Secret Service and Drug Enforcement Agency (DEA) obtained the first Internet wiretap, which is exactly like a phone wiretap. The DEA was able to shut down a company who was selling illegal cell phone cloning equipment (Verton, 2003).
Congress and society became more concerned in regards to the massive amounts of pornographic material that was circulating the Internet. Unsuccessfully, Congress passed the Communications Decency Act, which was ruled unconstitutional by the Supreme Court (Verton, 2003). In 1996, cyber criminals were working in full force. A “cancelbot” was created for Usenet and it destroyed a mere 25,000 newsgroup postings. During this time hackers invaded the US Department of Justice’s mainframe, as well as the Central Intelligence Agency and the Air Force’s computers (Verton, 2003).
From here on out, Cybercrime was not uncommon. Hundreds of websites and servers were hacked, including the US Department of Commerce and the US Senate’s website. In the midst of chaos the Melissa virus was programmed, which sent a virus to e-mail servers causing thousands of companies servers to malfunction (Verton, 2003).
From hacking passwords to creating viruses and worms, cyber criminals were doing it all. As the millennium was near, a group of criminals created a website to simulate that of Bloomberg Financial. The false news story created a huge profit for a third party small technology company, increasing their wealth by 31% (Verton, 2003).
Entering the millennium caused a huge disruption for companies due to a Denial of Service attack. Major web sites like MSN, Yahoo, and Apache were shut down and hacked. The Code Red virus and Sircam virus spawned to millions of e-mail accounts worldwide. Cybercrime has only accelerated through the years, and has no plans to slow down (Verton, 2003).
Forms of Cybercrime
The term cybercrime is used broadly in respect to the types, and magnitudes, of crimes that can occur. In the simplest of forms, cybercrime is when a user “hacks” or “steels” a user’s password to gain access to their network. Unauthorized access can result in a number of crimes, including data theft, fraud, and identity theft (Furnell, 2002). Spyware and Malware deal with malicious code. These programs are designed to infiltrate and destroy a computer system or network. Both Spyware and Malware are terms used interchangeably to define malicious code. Malicious code is installed on a user’s computer without their consent (Furnell, 2002).
A common attack for networks of businesses and large corporations is a Denial of Service attack (referred to as DoS). A DoS attack is an attack on a computer or network that causes an interruption in service. The attacker creates this attack by using all of the network’s bandwidth and overloading the computer, causing it to crash (Furnell, 2002).
Recently, terrorism has taken advantage of the new technologies, such as the Internet and computer. Cyber terrorism is the process of causing harm to others via a computer because of one’s religious, ethnic, or social beliefs (Furnell, 2002).
Cyber stalking is very similar to stalking in person; that is, a cyber stalker will follow a victim’s online activity. The stalker then uses the information he or she has gathered to make verbal threats and intimidate the victim. Cyber stalking is more common due to the anonymity of the Internet; however, due to the advancement in law enforcement, more stalkers can be tracked. Each time a stalker accesses the Internet, they reveal an Internet protocol (IP) address, such as 100.32.405.32. With the IP address law enforcement agencies can gather the physical address of the location and make the arrest (Reno, 2003). In 1999, Vice President Al Gore, said “Make no mistake: this kind of harassment can be as frightening and as real as being followed and watched in your neighborhood or in your home” (Valentine).
Identity theft, fraud, and phishing are presently the most common forms of cybercrime. Phishing is when a criminal tries to obtain sensitive information in an illegal manner. The most popular type of sensitive information is credit cards. There are many ways a criminal phishes for sensitive information; in the first days of America Online (AOL) criminals would send Instant Messages (IM) to users posing as a Customer Service Representative (CSR) requesting their online password. They would then use the passwords to obtain credit card numbers, spam users, and conduct illegal online activity under the phished account. In January 2004 the Federal Trade Commission (FTC) issued its first lawsuit against a California teenager who built a website just like that of AOL in order to collect credit card numbers (Wiseman 2004).
Pornographic material on the Internet is a form of cybercrime. For pornographic material to be legit there must be a signed contract between the photographer, poster, and the person in the picture. Most pornographic material on the Internet is illegal. A growing problem in present day society is under age pornography. Even with consent of the minor, posting of content is illegal (Wiseman 2004).
Current and Former Laws Surrounding Cybercrime
Legislature for Cybercrime and Fraud began to surface in 1982. Congress began receiving information and evidence from victims of cybercrime, primarily corporations. These corporations wanted to ensure that their vulnerabilities would not be made public (Lerner).
In 1986 Congress introduced the Computer Fraud and Abuse Act of 1986, which collectively passed. The main goal of the act was to create laws for fraud, and cyber-related crimes on the federal level. The act defines a misdemeanor crime as illegally transporting a federal computer or unauthorized use of a password. For felony offenses the criminal must have had unauthorized access to federal systems (Lerner).
In the same session of Congress, the Electronic Communications Privacy Act of 1986 was created to broaden federal laws on wiretapping. The federal government extended the law to include new forms of communication, such as the computer. This law was created to demolish its ancestor, the Omnibus Crime Control and Safety Streets Act, which only enabled federal officials to wiretap oral-based communications (Loader).
The National Information Infrastructure Protection Act of 1996 amends the Computer Fraud and Abuse Act of 1986. The purpose of the amendment was to reflect changes that were occurring in the Information Technology realm. Legislation regarding cybercrime must be updated on a persistent basis due to the fast pace of the technology market in the United States (Jafri, 2003).
Congress passed the Communications Assistance for law enforcement Act of 1994. This act states that law enforcement agencies may lawfully conduct electronic surveillance, and that the telecommunications carriers must comply and modify their systems to allow for the surveillance. The main purpose of the act was to allow law enforcement agencies access to their systems (with proof of warrant) in a timely manner (Wall, 2001).
The Cyber Security Enhancement Act’s main goals include increasing sentencing for cyber-related crimes, and increasing security on all levels. However, Section 102 of the act allows for ISP’s to maintain and store records of electronic transmissions, including e-mail and online commerce transactions. The ISP’s keep these records in case law enforcement agencies need immediate access. Those who oppose this act state that it is a violation of human rights (Ramasastry, 2002).
The Homeland Security Act of 2002 was created in the aftermath of September 11, 2001. The act modified the structure of the government by creating the Department of Homeland Security. This act was the largest reorganization of a government in fifty years. The act gave major powers to the government, allowing them to monitor citizens without probable cause. The bill was created to fight the war against terrorism (Gaines, 2007).
New and Pending Legislature
Cybercrime, in recent years, has increased exponentially. Adware and Spyware have grown in popularity due to the always-on Internet connections and increased connection speeds. Spyware are software applications that secretly obtain information from the user’s computer and transmits the information to various sources via the computer’s Internet connection. The information gathered is used for advertising and marketing purposes, displaying unwanted ads or popup windows. Spyware is commonly found in free applications that are available for download on the Internet (Loader, 2000). In 2004 Congress introduced the Internet Spyware (I-SPY) Prevention Act, this act created stiff laws and punishments for those who deploy Spyware with their applications. This act will provide the Department of Justice with resources and guides for prosecution of offenders (Loader, 2000),
Senator Patrick Leahy introduced the Anti-Phishing Act of 2004, this act would make spoofing (replicating) a website for the purpose to “induce, request, ask or solicit any person to transmit, submit or provide any means of identification to another” a felony offense. The law says that acts of phishing may result in a sentencing of up to five years or heavy fines (Loader, 2000).
In February 2004, the Fraudulent Online Identity Sanctions Act was proposed in order to update the Trademark Act of 1946. This act would make it illegal for an individual to provide false information to a domain registration company, such as Register.com. This act protects companies from phishing attacks, as it will prevent registration of domains such as www.verrizon.com that will spoof users who accidentally type in the wrong web address (Loader, 2000).
Famous Court Cases
The Melissa virus of 1999 was one of the most destructive viruses of the century. David L. Smith created the virus from his home computer in Mammoth County, New Jersey. Smith began spreading the virus by posting a document on a sex newsgroup, claiming the file contained passwords to adult websites. Once the virus infects the computer, it would send the virus to the first fifty people on the user’s address book. The virus spread exponentially, causing $80 million dollars in damage. Smith pleaded guilty in both state and federal courts, and only received a sentence of twenty months. Judge Joseph A. Greenway claims that Smith received such a short sentence due to his complete cooperation with both state and federal authorities (Computer Intrusion Cases).
In 2003 a multi district investigation was launched on, Alexy V. Ivanov of Chelyabinsk, Russia. Ivanov pleaded guilty to many charges, including credit card fraud, wire fraud, and extortion. Ivanov and his colleagues hacked into computers in the United States from Russia, stealing credit card numbers, passwords, user names, and financial information. Ivanov was considered to me the “manager” in a criminal enterprise. District Judge Alvin W. Thompson sentenced Ivanov to 48 months in a maximum-security federal prison, with three years of supervised release (Computer Intrusion Cases).
In 2004, nineteen individuals were indicted on sixty-two counts. The individuals founded the website www.shadowcrew.com, which was one of the largest online centers for identity theft. Shadowcrew sold account numbers, counterfeit licenses and social security cards, as well as counterfeit passports. Shadowcrew trafficked a mere 1.7 million credit card numbers and counterfeit identifying documents. “Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America’s businesses,” said U.S. Attorney General John Ashcroft. The individuals received a sentence from three to fifteen years (Computer Intrusion Cases).
Effect of Cybercrime on Law Enforcement
Cyber and computer crime has significantly changed the way law enforcement agencies operate. Many agencies have departments within to handle these types of crimes. The Federal Bureau of Investigations (FBI) is the leading organization to fight cyber crime and terrorism. The FBI created the National Infrastructure Protection Center, which deals with the most critical issues. The FBI currently has more than one agent at each of the fifty-six field divisions nationwide (Gaines, 2007).
The Department of Justice allocates an entire section to Computer Crime and Intellectual Property (CCIP). Within the department, they combat national and international computer and intellectual property crimes. Within the section there is the Computer Crime Initiative, which fights electronic theft and attacks on critical systems. CCIPS works with other law enforcement agencies and institutions, both in the public and private sectors. Within CCIPS, there are attorneys who routinely investigate and try complex issues relating to computing and telecommunications (Loader, 2000).
The police are the first governmental department on scene when there has been a cybercrime attack on a person or business. The police must show up at the business or residency to initiate the investigation and, in some cases, to collect evidence or make arrests. The police are responsible for serving state and federal warrants (Loader, 2000).
Many departments throughout the United States have divisions for cyber crime and terrorism. These departments are counter-terrorism units. The San Luis Obispo Police Department created a Cyber Crime program due to the overwhelming popularity of computer and internet crimes. The program is aimed to refer the victims to other organizations better suited for their needs, such as the FTC (Loader, 2000).
For better, or for worse, cybercrime is causing departments to be reorganized throughout the world; the structure of police is changing with the advancements in technology. City streets are no longer their only concern, maintaining a safe and friendly “virtual world” has become just as important (Loader, 2000).
The Government’s Role in Preventing Cybercrimes
Law enforcement agencies in the United States are working day in and day out to prevent cybercrimes from occurring. The Immigration and Customs Enforcement (ICE) launched a Child Predators program in which they have arrested up to 7,500 criminals. ICE has created a database for the public to view individual’s information as per Megan’s Law, which contains the names of convicted predators. ICE is in the process of creating a national child victim database (Child Exploitation).
ICE has created its very own Cyber Crime Center. The mission statement of the center says that it investigates all domestic and international criminal activity that is facilitated or occurring on the internet. The Child Exploitation division of the center targets child predators through monitoring e-mail, web usage, and chat rooms. The National Child Victim Identification Program is run at the center (Child Exploitation).
The Cyber Crime Center operates a forensics unit in which the department investigates seized technology – mostly storage devices. Computer Forensic Agents (CFA) is trained to examine medium such as hard disks, floppy disks, and flash drives and media (Child Exploitation).
The center’s special agents investigate primarily domestic crimes regarding money laundering, narcotics trafficking, identity and document fraud, illegal exports, and smuggling. The center receives leads from the government and the public. Since the center is funded by Customs and Immigration, they also investigate human trafficking, illegal aliens, and stolen international property (Child Exploitation).
Preventing Cybercrimes for Businesses and the Public
Businesses have lost billions of dollars due to cyber crimes. Any time a company’s network is shut down means a loss of profit. Many businesses, especially smaller organizations, do not allocate proper funding for security implementations, software and hardware.
The first step in prevention is to create a security plan for the company, a mixture of invasive (hardware firewalls) and non-invasive (software applications) is needed. Such examples include a router with a firewall and Norton Anti Virus. Measures need to taken in regards to the privacy and personal information stored on servers and computers. Adding an encryption or password can greatly detract a hacker.
It is vital for businesses to have an updated operating system. Checking for updates on a daily, even hourly, basis will ensure that if vulnerability is found, it will be fixed. Antivirus, anti-spam, and anti-Trojan applications are essential. These will prevent harmful data to be placed on user workstations.
Businesses can prevent cybercrime by monitoring user workstations, going on commercial websites dramatically increases the risk of infection. The key to success is communication – businesses must train their employees on proper internet usage at work, as well as how to store confidential data and passwords. As a bottom line, users should never take work related information home that is confidential, such as databases with social security numbers.
The Future of Cybercrime and Recommendations
The future of cyber crime is uncertain, but cyber terrorism is a threat to society that will always exist, and law enforcement agencies must continue to expand into the “cyber” universe. A terrorist can do more with a computer than he can with a gun. Our nation relies heavily on telephones, computers, and the Internet. Our source for emergency services is the telephone; if such media were to be breached the terrorists have ultimate control. Criminal information is stored, and often transmitted via Internet, as well as legal, medical, and other confidential information. People would be surprised if they knew how much information is stored on the Internet, and on computers, about them.
Law enforcement agencies must expand their services, and most of all, reach out into the community. Young teenagers are one of the top cyber criminals. Providing community awareness workshops for both parents, and teenagers, are vital. Community policing is just as important, there must be online leadership promoting “safe neighborhoods” and providing citizens with information on possible security breaches on their systems and networks.
Many home users and businesses do not realize the vulnerabilities in their networks or systems until it is too late. Law enforcement agencies must cross the line into the information age and take an active part in identifying such vulnerabilities in a timely manner.
Lastly, law enforcement must target those criminals who create spam, spyware, adware, viruses, and worms. They are the heart of corruption on the Internet. One must work in a pyramid, finding the creators of the viruses and worms will create a better Internet.
Congress must pass new legislature in order for this to be possible, sentencing must be increased, five years, as a maximum sentence for cyber crimes is unacceptable. Federal funding must be increased in order for programs to continue to operate, and to expand and create new programs to fight the war on cyber crime.
For young teenagers and children, parents are the first line of defense. Most parents do not track their child’s online usage; many children have computers in their rooms, behind closed doors. Having such technology is a privilege, online stalking occurs mainly behind parent’s backs, until children come forth and confess. Parents must realize that using the Internet is a privilege, not a god given right. This is harder for the younger generation – as they grew up with the Internet.
Companies such as MySpace and Facebook must take responsibility too. They do a poor job at verifying a user’s age. Children register for the site claiming to be 15 or 16, when in fact they are nine or ten. These websites are a lure for stalkers, based on the fact that most users list their screen name, city, and even address. Pictures are a problem for young women; stalkers are exposed to quite scandalous pictures of women who are only twelve or thirteen. However, the stalker is lead to believe they are the age on the profile.
The creators of such websites need to ensure that users are of age, and perhaps limit pictures to profiles of users 18+. Social security numbers or licenses may then verify the person’s age. A credit card authorization is a new form of verifying one’s age, assuming no children have a VISA or MasterCard.
It is the recommendation that all sexual predators, and anyone on parole or probation for similar charges, have to submit their IP address for review on a periodic basis; this will ensure that there has not been any activity on stalking websites. Furthermore, their IP addresses should remain static, and not change. Such websites as MySpace, Facebook, and any dating\personals site be banned. Such tasks can be accomplished electronically without the work of parole or probation officers.
