Kenneth W. Mentor
University of North Carolina Wilmington
Virtually unknown twenty years ago, computer crime has rapidly become part of daily life. Computer crime, also known as cybercrime, includes a range of criminal activity associated with computers or networks. Cybercrimes include the theft of property or identity, stalking and bullying, child pornography, and the distribution of illegal goods and services. Computer crime also includes denial of service attacks, securities fraud, and a variety of emerging issues regarding copyright and intellectual property. Due to the disruptive potential of crimes directed at businesses or governments, computer crime also raises concerns about terrorism or cyber-warfare.
Although technological breakthroughs have always created new opportunities for criminal behavior, the pace of change has accelerated due to rapid advancements in processing power, access to technology, and the expansion of networks used to access computer-based technology. This technology allows criminals to operate more efficiently and effectively, often with minimal surveillance. Since these crimes are not detected or investigated through traditional law enforcement tools, these crimes present a significant challenge for the justice system.
According to Federal Bureau of Investigation (FBI) estimates, U.S. businesses spend around $67 billion each year dealing with computer theft and malicious programs such as viruses and spyware. The Internet Crime Complaint Center (IC3), a partnership between the FBI, the Bureau of Justice Assistance, and the National White Collar Crime Center, also estimates a total loss of $559 million per year million related to a variety of frauds, including scams asking for advance fees associated with a large return from a fake lottery or estate, non-delivery of merchandise or payment, and other crime related to consumer goods and services. The number increased substantially in 2009, as it has every year, more than doubling the 2008 estimate of $265 million.
Computers as Targets of Cybercrime
The targets of computer crimes include both individuals and organizations. Crimes against individuals target the person’s property, or in the case of stalking and bullying, the person is the target. The computer itself was the target of many of the first cybercrimes. Cybercriminals, often motivated by curiosity and challenge more than personal gain, exploited opportunities to access other computers. The infringement on the privacy of others, which may include damage to files, software, or other property, is known as hacking. The first hackers were younger computer users who engaged in hacking as a hobby that provided an opportunity to develop, and demonstrate, their computer skills. The initial hackers were not interested in harming others. In fact, they were often helpful in efforts to identify and reduce security risks.
Cybercriminals soon moved beyond simply accessing other computers to a more active effort to control these computers or the networks to which they are attached. Computer viruses and worms, transferred through the exchange of infected files or embedded in “Trojan horses” or other seemingly benign files, have the potential to quickly spread from one system to another. Once infected, files and information on the computer are altered or destroyed as the virus actively seeks other computers to infect. A virus can hide and replicate itself, wait harmlessly until activated, delete or transfer files and information, post messages on the user’s screen, and interfere with the use of printers or other peripherals. In a cycle of development often demonstrating escalating skill levels, individuals, businesses, and governments have spend billions on the development of anti-virus and anti-spyware software, often staying just a step ahead of cybercriminals.
Vandalism and defacement are also examples of crimes directed at computers. Cyber vandalism ranges from sending destructive viruses and worms, to hacker attacks designed to disrupt or destroy entire computer networks. Vandals may delete information needed by legitimate users or install programs that deny users from accessing this information. Hackers may also vandalize a website or personal computer in order to display political, religious, or other malicious messages.
Hacking has reached a global level, often targeting businesses or governments. For example, a hacker group known as “Anonymous” successfully organized denial-of-service attacks that disrupted service at Visa and MasterCard after these corporations stopped allowing donations to WikiLeaks. Like WikLeaks, Anonymous and similar groups use the Internet to highlight what they see as illegal or unethical corporate or government behavior. Although these organizations target computers, their actions also demonstrate the use of computers as a tool for protest and/or financial gain.
Computers as Tools for Cybercriminals
Rather than targeting the computer or network, other computer crimes use technology as a tool for the completion of a crime. These crimes include fraudulent use of credit and debit cards, unauthorized access of bank accounts, and theft from accrual, conversion, or transfer accounts. Due to the prevalence of technology, the cybercriminal can steal millions of dollars by using technology to skim a few cents, or less, from billions of routine transactions performed every day.
While embezzlement and fraud are certainly not new crimes, technology has changed the rules. Similarly, stalking and bullying are examples of existing crimes that have evolved to take advantage of technological tools. Cyber stalking refers to the use of the Internet, e-mail, or other electronic communication methods to stalk another person. Some stalkers pursue minors through online chat rooms while others harass their victims through social networking or other online or electronic communication. Cyber stalking can range from simple harassment, threatening or intimidating a victim, or repeated attempts to communicate with the victim. Since computers and the Internet provide a safe haven for the cyber stalker, while also providing a place to exhibit uninhibited conduct, this crime can be difficult to identify and address.
Stalking and exploitation have grown to the extent that these crimes reach beyond inexperienced computer users to impact individuals that assume they are well protected and fully aware of threats encountered with the use of technology. Although stalking and exploitation have always been challenging issues for the justice system, the use of technology in order to complete these crimes creates an enormous challenge. Similarly, bullying has always been a challenge for parents, schools, and the justice system. Cyber bullying inflicts and compounds the harm of traditional bullying but does so through the medium of electronic text.
Cyber spying, another growing concern associated with both crime and privacy, involves accessing computer files or using the Internet to gather private and confidential information. While hackers may access confidential information through illicit means, many of us willingly share a large amount of information on Facebook and other sites with social networking features. For example, crime may occur when an individual posts vacation pictures celebrating a trip. This announcement also notifies friends and others that the potential victim’s house may be empty. On a much larger scale, techniques used by cybercriminals may include data mining, which involves the analysis of cumulative data about an individual’s financial history, habits, preferences, and other unique traits.
Technology has also provided new opportunities for cybercrime associated with child pornography, money laundering, gambling, and the distribution of illegal substances. In addition to new laws and policies, law enforcement has responded to this category of computer crime by taking advantage of the privacy that is so attractive to cybercriminals. For example, child predators have been targeted by investigations in which law enforcement officers pose as children in an attempt to lure predators to a certain location for an arrest. Gaming websites have also been infiltrated, and charged brought, as a result of similar sting operations.
Opportunities for Cybercrime
Other computer crimes are the result of the massive opportunity created due to the widespread use of computers and technology. These crimes are committed by groups or individuals actively involved in cybercrime as well as citizens who break the law, willingly or otherwise, because it has become so easy to do so. Computer theft and the black market for technology are simple examples of this type of criminal activity. Similarly, technology has advanced to the point where amateurs can easily engage in counterfeiting. As with other types of cybercrime, the justice system has responded to these challenges by relying on technological advances that make it more difficult to profit from breaking the law.
Crimes in this category also target industries, individuals, and businesses in order to engage in criminal activity ranging from music trading, software piracy, and other infringement of copyright and intellectual property rights. These crimes occur, in part, as the result of confusion about ownership. For example while an individual knows it is wrong to steal a computer, the ownership of software, music, and movies is not immediately apparent. It can also be difficult to define a victim when the crime is limited to downloading music from websites using programs that facilitate file sharing.
The policy response to this type of cybercrime includes education, increased threats, and reliance on technological advances that monitor the sharing of digital media. This monitoring can lead to a DMCA (Digital Millenium Copyright Act) warning, an informational first step provided by the Internet provider, potentially followed by legal action. While the DMCA increases penalties for online copyright infringement, and criminalizes efforts to defeat copyright protections, the initial policy response to this type of cybercrime includes the opportunity to learn about copyright laws. The cybercriminal, who may be a computer savvy child with a great music collection, has the opportunity to conform to these laws before facing further legal action. The DMCA also addresses repeat behavior by authorizing both civil and criminal penalties, including imprisonment and fines up to $1,000,000.
Identity theft is another example of a crime that relies on the ubiquitous use of computers and technology. Identity thieves use a variety of electronic tools, often relying on the individual’s limited understanding of computers, to collect social security numbers, credit card information, and other unique information to gain access to a person’s financial data. Phishing, one of the best-known tools used by cybercriminals, uses e-mail or websites to steal personal and financial information. Computer criminals have become increasing sophisticated in their efforts to make it difficult to distinguish legitimate e-mail and website content from illegitimate, so Internet users have been forced to become similarly creative, educated, and suspicious in order to protect themselves from cybercriminals.
While the majority of Internet users have learned to identify and avoid these risks, much as we have learned to minimize risk in the non-virtual world, phishing and related scams only need to succeed for a small number of people when the scam is operating on a global level. Research supported by the financial services industry reports that more than 11 million adults were victims of identity theft and fraud in 2009. The total cost of these crimes was more than $54 billion. The number of victims actually decreased considerably in 2010, down to just over 8 million people, but the cost of identity fraud increased to $631 per incident, up 63% from the previous year. The decreased number of incidents may be attributable to increased security by the general public and financial institutions, although the increasing cost of such crimes can be financially devastating for victims.
Responding to Computer Crime
While law enforcement agencies are typically bound by geography, computer criminals can treat the whole world as their target. While leading to a vast number of potential victims, the global nature of cybercrime leads to unique challenges for the justice system.
Like computer crime itself, the enforcement of cybercrime is evolving. Based on the uniqueness of this criminal activity, congress has treated computer-related crime as a distinct federal offense since 1984. Identity theft became a federal crime in 1998, with most states passing similar laws against identity theft since then. The attacks of 9/11 also impacted our definition of, and response to, computer crime. The USA Patriot Act amended parts of the National Information Infrastructure Protection Act in order to make it easier to investigate and prosecute crimes against crucial computer systems. Federal and state law enforcement agencies have also increased their efforts to collaborate in a variety of ways, including the coordination of activities completed by law enforcement agencies involved in investigating cybercrime. Local police departments have also responded to new challenges by creating specialized units focusing on specific types of cybercrime, with undercover officers actively involved with the investigation of gambling, child pornography, and the distribution and sale of illegal goods and services.
Though contemporary techniques have increased the effectiveness and efficiency of justice agencies charged with responding to cybercrime, critics are concerned that these efforts have compromised the privacy and liberty of U.S. citizens who have not engaged in criminal activity. While the level of intrusion and surveillance citizens will tolerate may depend on the perception of risk, computer crime has rapidly become a massive problem and we may not fully comprehend the risks – to both security and liberty. Cybercriminals have also demonstrated the ability to respond very quickly to new opportunities for criminal gain, in spite of increased efforts to stop their behaviors. As with other questions about crime, we often confront issues regarding the balance of security and liberty. Although the justice system has a long history of protecting our rights in the face of threats, cybercrime has accelerated these efforts to uncomfortable levels and we can expect continued policy changes in response to the challenges of computer crime.
Balkin Jack M., James Grimmelmann, Eddan Katz, Nimrod Kozlovski, Shlomit Wagman and Tal Zarsky., CYBERCRIME: Digital Cops in a Networked World. New York NY: NYU Press, 2007
Bloss, William P. Under a Watchful Eye: Privacy Rights and Criminal Justice. Santa Barbara, CA: Praeger Publishers, 2009
Britz, MarJie T. Computer Forensics and Cyber Crime: An Introduction, 2/E. Boston, MA: Prentice Hall, 2009
Clarke, Richard and Robert Knake. Cyber War: The Next Threat to National Security and What to Do About It. New York, NY: HarperCollins Publishers, 2010
Federal Bureau of Investigation. The IC3 2009 Annual Report on Internet Crime. Washington, DC: Federal Bureau of Investigation, 2010.
Knetzger, Michael, and Jeremy Muraski. Investigating High-Tech Crime. Boston, MA: Prentice Hall, 2008
Solove, Daniel J. and Paul M. Schwartz. Privacy, Information, and Technology. New York: Aspen Publishers, 2008
Kerr, Ian, Valerie Steeves, and Carole Lucock, eds. Lessons from the Identity Trail: Anonymity, Privacy, and Identity in a Networked Society. New York: Oxford University Press, 2009
McQuade, Samuel C. Understanding and Managing Cybercrime. Boston, MA: Prentice Hall, 2006
Taylor, Robert W., Eric J. Fritsch, John Liederbach, and Thomas J. Holt, Digital Crime and Digital Terrorism Second Edition. Boston, MA: Prentice Hall, 2011