OCCURRENCE OF CYBER CRIME

Cyber crime occurs when information technology is used to commit or conceal an offense. Computer crimes include:

• Financial fraud

• Sabotage of data and/or networks

• Theft of proprietary information

• System penetration from the outside and denial of service

• Unauthorized access by insiders and employee misuse of Internet access privileges

• Viruses, which are the leading cause of unauthorized users gaining access to systems and networks through the Internet^[i]

Cyber crimes can be categorized as either internal or external events. Typically, the largest threat to organizations has been employees and insiders, which is why computer crime is often referred to as an ‘insider’ crime. For example, Ernst & Young’s global research has found that 82% of all identified frauds were committed by employees, almost a third of which were committed by management.

Internal events are committed by those with a substantial link to the intended victim, for example, a bank employee who siphons electronic funds from a customer’s account. Other examples include downloading or distributing offensive material, theft of intellectual property, internal system intrusions, fraud, or intentional or unintentional deletion or damage of data or systems.

However, as advances continue to be made in remote networks, the threat from external sources is on the rise. For example, in the 2001 CSI/FBI Computer Crime and Security Survey, 49% of respondents reported their internal systems as a frequent point of attack while 48% reported Internet connections as the most frequent point of attack.

An external event is committed anonymously. A classic example was the Philippine-based 1999 “I Love You” e-mail attack. Other types of external cyber crime include computer system intrusion, fraud, or reckless or indiscriminate deliberate system crashes.

Internal events can generally be contained within the attacked organization as it is easier to determine a motive and, therefore, simpler to identify the offender. However, when the person involved has used intimate knowledge of the information technology infrastructure, obtaining digital evidence of the offense can be difficult.

An external event is hard to predict, yet can often be traced using evidence provided by, or available to, the organization under attack. Typically, the offender has no motive and is not even connected with the organization, making it fairly straightforward to prove unlawful access to data or systems.

^[i]“Computer Forensics: Response Versus Reaction,” Ernst & Young Australia, The Ernst & Young Building, 321 Kent Street, Sydney NSW 2000, Australia (Ernst & Young LLP, 787 Seventh Avenue, New York, New York, 10019), 2001, p.3.