consists of any criminal activity in which computer systems or networks are used as tools. Computer crime also includes crimes in which computer systems are
However, the real world has difficulties in dealing with computer crimes. Several reasons why computer crimes are hard to cope with include
Lack of understanding:
In general, legislators, judges,
Laws are slow to change, and fail to keep pace with
Multiple roles of computers in crime: These include crimes committed against a computer (such as hacking into a system and stealing information) and crimes committed by using a computer (such as using a system to launch a Distributed Denial of Service attack).
Computer crimes are often difficult to
Rules of evidence:
Often, original documents aren’t available in a computer crime case. Most evidence in such a case is
Lack of evidence: Many crimes are difficult to prosecute because law enforcement agencies lack the skills or resources to even identify the perpetrator, much less gather sufficient evidence to bring charges and successfully prosecute. Frequently, skilled computer criminals use a long trail of compromised computers through different countries in order to make it as difficult as possible for even diligent law enforcement agencies to identify them.
Definition of loss: A loss of confidentiality or integrity of data goes far beyond the normal definition of loss in a criminal or civil case.
Location of perpetrators: Often, the persons who commit computer crimes against specific organizations do so from locations outside of the victim’s country. Computer criminals do this, knowing that even if they make a mistake and create discoverable evidence that identifies them, the victim’s country law enforcement agencies will have difficulty apprehending the criminal.
Computer criminals often aren’t
Juvenile laws in many countries aren’t taken seriously and are inadequate to
Many computer criminals are individuals that hold a position of trust within a company and have no prior criminal record. Such an individual will likely be able to afford a dream team for legal defense, and a judge may be inclined to levy a more lenient sentence for the first-time offender. However, recent corporate scandals in the U.S. have set a strong precedent for
Computer crimes are often
Military and intelligence attacks
Terrorism exists at many levels on the Internet. In April 2001, during a period of tense relations between China and the U.S. (resulting from the crash landing of a U.S. Navy reconnaissance plane on Hainan Island), Chinese hackers (
Following the terrorist attacks against the U.S. on September 11, 2001, the general public became painfully aware of the extent of terrorism on the Internet. Terrorist organizations and
Military and intelligence attacks are perpetrated by criminals, traitors, or foreign intelligence
Banks, large corporations, and e-commerce sites are the targets of financial attacks, all of which are motivated by greed. Financial attacks may seek to steal or embezzle funds, gain access to online financial information, extort individuals or businesses, or obtain the personal credit card
Businesses are becoming the targets of more and more computer and Internet attacks. These attacks include competitive intelligence gathering, denial of service, and other computer-
Lack of expertise: Despite heightened security awareness, a shortage of qualified security professionals still exists, particularly in private enterprise.
Lack of resources: Businesses often lack the resources to prevent, or even detect, attacks against their systems.
Lack of reporting or
The cost to businesses can be significant, including loss of trade secrets or proprietary information, loss of revenue, and loss of reputation.
Grudge attacks are targeted at individuals or businesses and are motivated by a
Fortunately, these attacks (at least in the case of a disgruntled employee) can be easier to prevent or prosecute than many other types of attacks because:
The attacker is often known to the victim.
The attack has a visible impact that produces a
Most businesses (already sensitive to the possibility of wrongful termination
Specific laws (such as the U.S. Economic Espionage Act of 1996, which we discuss later in this chapter) provide very severe penalties for such crimes.
“Fun” attacks are perpetrated by thrill seekers and
who are motivated by
These attacks can also be relatively easy to detect and prosecute. Because the perpetrators are often script kiddies or
Also, because no real harm is normally done nor intended against the system, it may be tempting (although ill advised) for a business to prosecute the individual and put a positive public relations spin on the incident. You’ve seen the film at 11: “We quickly
Many computer criminals in this category only seek notoriety. Although it’s one thing to brag to a small circle of
As we discuss in Chapter 7,
are novice hackers or less