StudyDaddy Law Assignment 2: Digital Computer Crime

Assignment 2: Digital Computer Crime

INTRODUCTION Scenarios that depict the rising problem of digital crime and digital terrorism are numerous and impossible to ignore—data destroying viruses that shut down the Internet, computer thieves stealing credit card and Social Security numbers, identity theft victims that number into the millions, terrorists laundering money and using the Internet to steal billions of dol- lars in an instant, and nation states launching cyberattacks to destroy their enemies in ways more lethal than the famous amphibious assaults of the last century’s world wars. The situa- tion is worsened by public perceptions that law enforcement and governmental officials are ill-equipped to deal with these crimes. Digital crimes inspire fear in consumers and lead to a lack of trust in the security and safety of e-commerce and online business transactions. Fears of imminent and crippling attacks to our society and infrastructure are the direct result of our reliance on computers and networks for a host of societal functions, including military operations, finance, communications, utilities, and mass transit. In 2013, details emerged regarding the work of a sophisticated global network of thieves who stole $45 million from automated teller machines (ATMs) located within 27 different nations. 1 A decade earlier, the public viewed images of thousands of people walking home from work due to a power problem that began in Canada and quickly spread to the United States. The disaster led many to believe that terrorists had attacked the nation’s power grid. Recent descrip- tions of both Chinese and Russian hacker intrusions into power grids in the United States con- tinue to concern citizens and governments alike. To be sure, the scope and nature of digital crime and digital terrorism sometimes creates misperceptions and fear that exceed the identifi- able threats; however, the dangers posed by cybercriminals and terrorists are real and present unique and difficult challenges to law enforcement and other governmental officials. 1 Introduction and Overview of Digital Crime and Digital Terrorism ▪ ▪ ▪ ▪ ▪ CHAPTER OBJECTIVES After completing this chapter, you should be able to ■ Describe the current issues, trends, and problems in digital crime and digital terrorism. ■ Understand estimates on the costs of cybercrime. ■ Understand the intended audience, purpose, and scope of this text. ■ Discuss the developmental perspective on the problem and changes to cybervictimization. ■ Describe the scheme for classifying computer crimes. 1 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 2 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism The transformation of the digital infrastructure and information technology over the course of the last three-quarters of a century has been nothing short of astonishing. The first electronic computer was completed in 1945, and the first long-distance elec- tronic communication on the Internet was sent in 1969. 2 Until the creation of the per- sonal computer, computers and the Internet were the exclusive tools of society’s scientific elite and the military and were housed at major university campuses, military bases, and corporate research parks. In fact, the coming “information society” would become increasingly dependent on computers and networks to keep our society opera- tional. Computers are now fixtures of everyday life, and almost every form of interac- tion, business, and communication between people relies on computers and network systems in some fashion. The Internet has truly made the world a smaller place. Stu- dents can register for or drop classes in real time from their homes while sitting in front of a keyboard. Individuals are able to swiftly and conveniently withdraw money from bank accounts at any time by using ATMs. Friends use satellite transmissions linked across vast computer networks to instantly communicate with one another. Social net- working Web sites like Facebook, Myspace, Instagram, Pinerest, and Twitter allow indi- viduals to connect, communicate, and instantly update the world about their attitudes and activities. Stock transactions, flight schedules, reference libraries, e-commerce, the  latest news, and innumerable other resources are all available with a few clicks of the mouse. The advancement of computer technology and networking rapidly expanded communications and information markets, but this progress has also come with enor- mous social and economic costs. The same technology that provides useful services has also been perverted for criminal and terrorist purposes. Technological progress in the areas of computing, networking, communications, and e-commerce provides criminals and terrorists with an unbelievable array of new tools and opportunities to perpetrate their crimes. The Internet is, in essence, a lawless frontier where bullies, deviants, crim- inals, and terrorists can roam freely with reckless abandon. The rapid advancement of computers and networks occurred without adequate regulation or monitoring, and produced a scenario where the “law of the jungle” often prevails. Lawmakers and law enforcement personnel alike are still trying to play catch-up.

New Threats to the Information Age Computers are currently used to perform many traditional criminal acts, most promi- nently the production and distribution of child pornography, financial crimes, infor- mation and corporate espionage, exploitation, stalking, and identity theft. The openness of the Internet has expanded the scope of criminal opportunities and has spawned whole new categories of crimes and criminals, including “hackers,” who seek to invade our computer networks, and virus writers, who develop tools that can damage and destroy computer systems. The number of Internet-connected devices—including tra- ditional computers, mobile devices, and newer technologies—is currently estimated to exceed 8.7 billion. 3 The expansion and sheer amount of Internet traffic has already exceeded the estimates predicted by experts and commentators a few years ago. The opportunities to commit computer crimes and the technical competence of the crimi- nals have clearly expanded more quickly than our efforts to control them. Perhaps the most feared online crime is the interception of privileged information, such as credit card numbers or passwords leading to identity theft. Abuses associated ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 3 with the issuance of credit have reached epidemic proportions. In fact, a small group of hackers compromised the financial database of the TJX Corporation in 2005, causing over $1 billion in fraud and bank losses. 4 Theft of intellectual property ranging from trade secrets to illegal reproduction of copyrighted consumer materials such as music and movies has an incalculable cost. The Motion Picture Association of America (MPAA) reported fiscal losses upward of $6 billion in 2005 from movie piracy in the United States alone. Over 40 percent of these reported losses were argued to be a result of university students in the United States. 5 Trading and selling illicit information on the Internet is a recurring problem and instills fear in online consumers. While identity theft is probably the most feared online crime, it is not the only threat to Internet consumers. The other category of digital crime that inspires the most fear and disdain is virus writing and other types of malicious software, or malware. Any time an average user has a problem with his or her computer, the person is likely to have a knee-jerk response, blaming the problem on a virus. The virus protection indus- try is now a multimillion dollar business, selling and proffering security online. Con- sumer fear is, however, not unfounded, as a recent study by the security company PandaLabs found: Almost 25 percent of personal computers with some sort of protec- tive software around the world were infected with malicious software, compared to 33.2 percent of systems without protection. 6 Beyond these dangers, threats from would- be terrorists and politically motivated “hactivists” threaten the functioning of our gov- ernment, commerce, and military operations. Recent studies indicate that many corporations, government agencies, and utility companies are highly vulnerable to computer attacks from outsiders, who in some cases may be able to seriously affect large segments of the population through a single organization’s computer system. This threat cannot be taken lightly, and the Federal Bureau of Investigation (FBI) and the Department of Homeland Security both conclude that the potential exists for serious harm emanating from attempts to tamper with the information infrastructure. Purpose and Scope of This Book This text is primarily intended to be an introduction to the problems of digital crime and digital terrorism. A special emphasis is placed on being decidedly nontechnical in our writing and explanations; however, some technical terms and issues are inevitable in this field of study. We hope that we have described the technical jargon in sufficient detail such that the casual reader will not be lost in the shuffle. The intended audience is anyone interested in learning more about the etiology of digital crime and digital ter- rorism. The average criminal justice student may have a solid knowledge of the law, criminology, and criminal justice systems, yet possess little knowledge of the complexi- ties of digital crime and victimization. Computer science students well versed in the technical aspects of computers and networks may have little knowledge of the legal aspects of their field and issues of criminality and victimization. Furthermore, practi- tioners in both the criminal justice field and the computer science field typically have limited knowledge of each other’s occupations. Finally, many students and casual read- ers may simply wish to become better educated in this area. This text is written with all of these groups in mind. The ambition of the authors was to bring aspects of both of these fields together in a readable, nontechnical text designed to increase knowledge about the problems of digital crime and digital terrorism. Anyone with a little knowledge about computers ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 4 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism and the criminal justice system should find merit in the topics covered in this text. We have also consciously focused on common digital crimes and common computer sys- tems, as these will be most familiar to the neophyte. The text is decidedly focused on Microsoft-based systems, common Internet systems, and the most typical types of dig- ital crime and digital terrorism. As such, certain types of digital crimes and certain operating systems/software are beyond our scope and intent. Again, a decided effort was made to explain the more technical parts of this book in a “user-friendly” tone; however, readers who know very little about computers might have some difficulty with some of the details and level of description. The first section of this book covers the etiology of digital crime and digital ter- rorism and includes a discussion of the criminology of these types of crimes and poten- tial offenders. Who are the digital terrorists and digital hackers, and why do they commit their crimes and acts of aggression? The second section addresses the various types of digital crimes and covers the nature, extent, and offender groups in each of the chapters. Chapters on white-collar crime, viruses and malicious code, exploitation, and hate are all covered in this section. The third section covers the law, enforcement, and investigation of digital crimes and terrorism. Included in this section are chapters on the laws and legislation covering digital crime and digital terrorism, the agencies charged with enforcing these laws, and the investigative and forensic aspects of this area. Finally, the book concludes with chapters on preventing these types of crimes and threats and discusses what the future might hold. Defining the Terms As in any new area of study and exploration, the terms often change to match industry- wide jargon or innovative style. For instance, the authors use the terms digital crime and digital terrorism to encompass the myriad of crimes committed within the vast fields of information technology and computer networks. The prefix of “ cyber ” has now been introduced into our social vocabulary to mean almost anything “real” or “virtual” attached to a computer or network. For instance, we now refer to cybertalk, cyberspace, and even cybercafés, as a prefix to meaning that the following word is computer or com- puter network related. Hence, digital crime can easily be called cybercrime or com- puter crime since the terms refer to the same types of activity, or digital terrorism can be referred to as cyberterrorism . Interestingly, classic works on computer crime by Donn Parker 7 are absent the “cyber” prefix as well as early legal constructs developed to initiate legislation against criminality involving computers. Malware is another new term to the computer crime world. Malware includes computer viruses, worms, Trojan horses, spyware, adware, or any other destructive software aimed at disrupting normal computer network services, collecting sensitive information, or gaining access to private computers, systems and/or networks. Short for malicious software , malware is often referred to as computer contaminant and is a legal terminology by statute in several U.S. states. 8 Clearly, the discipline has matured rapidly over the past few years, and this book attempts to keep pace using these terms interchangeably. OVERVIEW Cybercrime has increased dramatically in recent years. Indeed, both the character and nature of these offenses and their frequency of occurrence have changed notably since about 1995, when the Internet experienced explosive growth. 9 One simply needs to ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 5 search the phrase “computer crime” or “cybercrime” on Google or any other Internet search engine to find a plethora of incidents and commentaries on the problem. The question of how much computer crime occurs is simply unknown given the scope and variety of the problem. Not only is there significant inconsistency in defining computer crime offenses, there is an absence of any attempt to collect offense data systematically.

Offenses vary in character from clear criminality (e.g., theft, fraud, or destruction of data files) to acts where criminal culpability is less clear, such as violations of privacy (e.g., unauthorized access to credit reports or medical records). Similarly, types of criminal behavior by computer users also vary (e.g., pornography, extortion, cyber- stalking, or gambling). This situation is complicated by the global character of net- working offenses—transactions and behavioral interactions can occur between people worldwide from their homes with no scrutiny by immigration, customs, or other gov- ernment entity. Given these complexities, our broad overview of digital crime and digital terror- ism provided in this chapter covers a wide range of issues, including an introduction to what we refer to as a “developmental perspective” on these problems, the realities of increased victimization, a discussion on ongoing changes to the character of cyber- victimization and the emergence of digital terrorism as an important concern, and an overview of studies designed to estimate the exponential costs of digital crimes. The chapter concludes with a section that introduces the reader to a widely recognized sys- tem for classifying the various types of computer crimes. This section provides an orga- nizational framework for discussions on the various types of digital crimes and forms of digital terrorism covered in the remainder of the text .

A Developmental Perspective on a Growing Problem Personal computing and the Internet have grown substantially since the introduction of the microcomputer. Technological development including memory capacity, pro- cessing speed, software capabilities, and remote communications via computer (i.e., networking) grew geometrically. Similarly, there has been rapid integration of comput- ing, telecommunications, multimedia, and information archiving technologies. With the public’s embrace of the Internet and its staggering growth since 1995—Sky Dayton, founder of the Earthlink Network, has described 1995 as “pre-historic” in networking terms 10 —the need for network security became obvious. Certainly there were some early efforts to explore the idea of computer crime and recognition of the technological transformation as a potential crime problem that required significant attention; how- ever, these early efforts to control computer crime largely reflected the groundbreaking but limited technology of the day. One of the earliest commentators on the problems associated with computer crime was Parker. 11 Parker recognized the potential for computer-related criminality even in systems that were by today’s standards archaic. His early work underscored how easily criminals could misuse information that is now much more easily accessible. In the late 1970s, the Bureau of Justice Statistics highlighted the emergence of computer crime through a series of publications that included an overview of important issues, 12 com- puter security, 13 and crimes related to electronic fund transfers. 14 These monographs focused on the potential for cybercriminality and considered issues of law, investigation, case development, and possible criminal strategies. This groundbreaking research employed methodologies that still apply to many operational aspects of security and ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 6 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism crime control today. Yet, the reports contain very limited documentation of actual crim- inality and do not include discussion of cybercriminals, per se. In the 1980s, a few more publications emerged on the topic, mostly dealing with logistical issues associated with computer-related criminality. Several publications discussed methods to prevent com- puter crimes. 15 Others explored practices for effectively investigating and prosecuting a computer crime case. 16 As research developed on the problems of computer crime, several common themes emerged. Some research offered classification schemes for the emerging crime problems. 17 Scholars also began documenting cases of computer-related fraud within government agencies, nearly all of which were cases of trust violations. 18 O t h e r s o u t - lined the work of hackers during the early days of Bitnet, or the predecessor of the modern-day Internet. 19 Some researchers began to call for the creation of dedicated computer crime units. 20 Publications and a new line of products were introduced as part of an entire new industry designed to provide security against these new computer criminals, including firewalls, encryption systems, operations security, virtual private networks (VPNs), physical security, access controls, and biometric security develop- ments. Nearly all of the publications employ the same methodology: describe the secu- rity issue, offer options for a solution, and provide technological procedural alternatives for each potential solution. Behavioral approaches and descriptions of problems and trends are virtually nonexistent within these publications. One exception is Icove et al., 21 who not only comprehensively focus on security and investigation but also offer some interesting insights about motivations and behaviors. While their work provided some guidance to the emerging field of cyber security, the research was limited because it was based on a small number of investigations. Other publications about cybercrime are found in the popular press. Case studies such as The Cuckoo’s Egg 22 and Ta k e d o w n 23 look at specific instances of network incur- sion. Stoll 24 documents the case of a computer hacker from Germany who penetrated a wide range of U.S. academic and military computers seeking information to steal and sell on the global national security market. Shimomura 25 describes the investigation, arrest, and prosecution of Kevin Mitnik, perhaps the most well known of all hackers, who was released in early 2000 from federal prison for computer crime violations. Both publications provide interesting and unique insights about the capacity to commit cybercrimes as well as the difficulty of investigating these offenses. However, as case studies, they offer information about specific offenders, not generalizations about trends in cybercriminality or patterns of offending. A great deal of effort continues to be dedicated to all forms of computer security because of the growth in the problems of hacking/cracking and the use of malicious software. These efforts include firewalls, encryption technologies to control computer access, and virus control. Ironically, rapid growth in the computer security industry has largely occurred without adequate research on the nature of cybercrimes and criminals. The majority of research in this area focuses on the mechanisms and techniques used rather than on the etiology of the offenders and the offenses they commit. According to Parker, the lack of attention paid to computer crime historically is no accident. “In 1970, a number of researchers concluded that the problem was merely a small part of the effect of technology on society and not worthy of specific explicit research.” 26 The result was that cybercrime and the massive problems associated with these new forms of criminality were largely ignored by policy makers and scholars. Parker underscored how wrong-headed these views were when he noted that “the increase in substantial ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 7 losses associated with intentional acts involving computers proved the fallacy of this view.” 27 The irony is that Parker’s observations were made more than a decade ago, yet there is little substantial progress in understanding and addressing the problem from criminological and investigative perspectives. Even more troubling is that fact that Parker’s comments were made during a period in which computing was dominated by big business, government, and researchers. Today, personal computing has changed the entire face of the computer industry and has exponentially increased the risk of com- puter crime victimization to the ordinary citizen. The Reality of Increased Cybervictimization Two trends clearly drive the reality of increased cybervictimization. The first trend involves the increased use of computers by virtually every citizen. Cybervictimization will clearly continue to increase as more and more people utilize the Internet and com- puters become further ingrained in our everyday lives. There seems to be a connection between the movement toward industrialization and increased commercial activity, related increases in Internet connectivity, and the ongoing rise in cybervictimization.

For example, a study comparing reporting of cybercrime victimization in eight indus- trialized nations across the globe from 1999 to 2001 found that computer security inci- dents were on the rise, particularly in Canada, Australia, the United Kingdom, and the United States. 28 In fact, the United States had the highest victimization rate overall, fol- lowed by the United Kingdom and Japan. These findings would suggest that the risk of victimization increases with time and the penetration of computers and the Internet within any particular society. The second clear trend driving increased cybervictimization is the increased availability of technical information on virus creation and computer hacking tech- niques that enable more and more technically savvy computer criminals. This informa- tion is available to both organizational “insiders” and “outsiders,” and there is an ongoing debate as to which of these groups poses the largest threat to potential victims.

In the mid-1980s, Van Duyn observed that “insiders pose a far greater threat to the organization’s computer security than outside ‘electronic invaders’ possibly could,” pri- marily because “insiders are familiar with their employers’ data processing operations and the type of data each system and application is storing and processing.” 29 In short, “insiders” know exactly where to look for vulnerable information, and if they are in any doubt “can reference the systems documentation which usually includes programming specifications, file and record layouts, a data element dictionary, and so on.” 30 As a result of these situations, many experts conclude that vulnerability from within an organization is the most dangerous and poses the most serious threat. In fact, one study estimated that 90 percent of economic computer crimes were committed by employees of the victimized companies. A more recent study conducted in North America and Europe found that 73 percent of the risk to computer security was from internal sources, while only 23 percent was attributable to external sources. 31 U n l i k e “outsiders” attempting to break into a system, “insiders” are oftentimes able to more easily circumvent safeguards, reducing their chances of being detected. Moreover, if the employee has authorized access to the information, but chooses to steal or destroy it, then detection is even more difficult. The argument in favor of the dangers posed by “insiders” clearly still has merit, but the dangers posed by “outsiders” have more recently increased due to the emergence of networking, expansive growth in user-friendly Internet ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 8 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism protocols, and adaptable databases integrated within Web pages. Exponential growth in the e-commerce realm and the number of financial transactions conducted online has also increased the threats posed by “outsiders.” Whether the greatest threats are posed by “insiders” or “outsiders,” the parallel trends involving increased computer use and the availability of information to potential computer criminals virtually ensure that the number of cybercrime victims will substantially grow well in the future. Changes to Cybervictimization and the Emergence of Digital Terror To this point, the focus of much of the research and attention in this area has been digital crime and the individual victimization of private citizens, or the use of comput- ers as criminal instruments. Barrett 32 however offers insights about the wide range of cybercriminality that can occur and a description of behaviors that range from acts best described as “crimes” and those more likely to be thought of as forms of “terrorism.” In this way, Barrett provides a foundation about the capacity of computers to be used as both criminal instruments and instruments of warfare. The point is that the dynamics and processes involved in the production of digital crime and digital terrorism are vir- tually the same, and that the rise of digital terrorism poses at least as grave a threat as digital crime. Inferences from the National Infrastructure Protection Center data 33 can be made that digital crime and digital terrorism are on parallel tracks. This is reinforced by the January 1999 experience of simultaneous attacks on the U.S. Defense Department com- puter systems originating in Russia. Similar tactics were used by Russian organized crime groups against banks. 34 Other attacks, such as those perpetrated by Chinese hackers, utilize the same techniques and tools as in coordinated attacks against private citizens and financial industries. 35 Closer to home, the United States and Israel recently developed and deployed a computer worm dubbed as “Stuxnet,” which has been described as “the world’s first precision guided cybermunition.” 36 Stuxnet was designed to undermine Iran’s nuclear program. Elements of the program became public in 2010.

The advent of the Stuxnext virus and its use against Iran raises issues in regard to the vulnerability of national critical infrastructures that rely on the functioning of com- puter networks around the globe. The advent of international national warfare centered on the use of digital tactics is clearly upon us. Indeed, the central themes of this book lie at the intersection of the parallel concerns of digital crime and digital terrorism, and the goals of increasing awareness about these issues. The Costs of Cybercrime Estimates in regard to the costs of cybercrime are mainly derived from surveys of cor- porations and government agencies. These estimates vary considerably because of dif- ferences in research methodologies and the difficulties associated with calculating these costs across different categories of crime. These variations can be seen within an overview of major studies conducted over the last several decades. One project conducted by the American Bar Association (ABA) in 1987 found that of the 300 corporations and government agencies surveyed, 72 (24%) claimed to have been the victim of a computer-related crime in the last 12 months prior to the survey. 37 The estimated losses from these crimes ranged from $145 million to $730 million over the one-year period. The broad range of estimates shows that not only is it difficult to identify and document these crimes, it is even more difficult to place a monetary value ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 9 on the loss of intellectual property wherein the actual value may not be known for months or years. The Florida Department of Law Enforcement (FDLE) surveyed 898 public and private sector organizations that conducted business by computer. Of the 403 (44.9%) respondents, 25 percent reported they had been victimized by computer criminals. 38 The Florida study found embezzlement of funds by employees to be a major source of the crimes; however, no attempt to estimate losses was made because, according to one of the researchers interviewed, “losses would have been nothing more than a guess.” Many experts believe that the true level of computer crime is severely underreported because companies handle these matters internally. This is due primarily to a desire to limit the public’s perceptions of the vulnerability of companies to these types of crimes and intrusions. In perhaps one of the most comprehensive studies on computer security threats and crimes, a survey conducted in 1991 of 3,000 Virtual Address Extension (VAX) sites in Canada, Europe, and the United States found that 72 percent of the respondents reported a security incident had occurred within the previous 12 months and 43  percent reported the incident was criminal in nature. 39 By far the greatest security threats came from employees or people who had access to the computers; however, a number of external security breaches from hackers telephoning into the systems or accessing via networks were also reported. The ABA and FDLE studies scarcely mentioned this “external threat” and gave little attention to it as a growing problem. This is not surpris- ing, since networking in the late 1980s was comparatively limited, and networking technology was both more expensive and more cumbersome. However, a 1991 United Nations study suggested that external threats via remote access were a problem that would grow in the years to come. Carter and Katz 40 show a trend of victimization that increased significantly over previous studies, with 98.5 percent of the respondents reporting they had been victimized—43.3 percent reported being victimized more than 25 times. While these numbers seem dramatic, security professionals with whom these results were discussed stated they were surprised at the frequency of admitted victimization, not actual vic- timization. One respondent stated, “Do we know the national or even local scope of the computer crime threat? Probably not; but it has to be higher than anyone wants to admit.” The 1998 joint survey by the FBI and Computer Security Institute found that for the third year in a row, corporate security directors reported an increase of computer system penetration by outsiders. This represented a 20 percent increase of successful system incursions since 1996. 41 In fact, their 2007 data suggest that most directors believe that less than 40 percent of their security incidents are due to insiders. 42 C o l - lectively, these data provide empirical support for the anecdotal evidence: Not only is unauthorized access to and theft from computer systems increasing, but so does the number of system incursions committed by “outsiders.” Anderson and his colleagues in 2012, highlighted the weaknesses of prior studies designed to estimate the costs of computer crime. 43 These limitations include under- and overreporting, as well as both intentional and unintentional biases. They present findings on the first systematic study of the costs of cybercrime. Their research distin- guishes the costs associated with several different categories of computer crime, includ- ing (1) traditional crimes that are now “cyber” because they are conducted online, (2) transitional crimes that have changed with the advent of the Internet, (3) new crimes ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 10 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism that have been originated since the advent of the Internet, and (4) crimes that facilitate other crimes through the misuse of computers. They calculate costs associated with each type of computer crime in terms of costs in anticipation (e.g., anti-virus software), direct losses and indirect costs, compensation paid to victims, and general indirect costs (e.g., reputational damage, loss of revenue). Examples of some of their global esti- mates in regard to the annual costs associated with various types of computer crime include: • Online banking fraud (e.g., phishing, malware) $1.69 billion • Copyright infringement (software, music) $172 million • Online credit card fraud $4.2 billion • Online tax fraud $125 billion • Advance fee fraud $1 billion • Stranded traveler scams $10 million • Cost of cybercriminal infrastructures $24.8 billion CLASSIFICATION OF COMPUTER CRIME Defining computer crime sufficiently is a daunting and difficult task. Nevertheless there are, generally, four categories of computer crime, including (1) the computer as a target, (2) the computer as an instrument of the crime, (3) the computer as incidental to crime, and (4) crimes associated with the prevalence of computers. Definitions can become rapidly outdated, as new technology has consistently bred new offenses and victimizations.

The Computer as a Target Crimes where the computer itself is the target include the denial of expected service or the alteration of data. In other words, the attack seeks to deny the legitimate user or owner of the system access to his or her data or computer. Network intruders target the server and may cause harm to the network owners or the operation of their business. Data alteration and denial directly target the computer by attacking the useful information stored or processed by the computer. Altered data may affect business decisions made by the company or may directly impact individuals by altering their records. Furthermore, this activity, in some circumstances, results in the expenditure of great resources to recover the data. Although malicious network intruders may alter critical data, the most common source of such damage is an employee of the affected company. The primary difference between data alteration and network intrusion is the intent of the intruder. By reading or “browsing” through confidential files, the intruder actually creates a copy of the file. Thus, mere browsing may be theft, but it does not deprive the owner of the data or the user of the data. This makes the distinction between data alteration and intrusion more meaningful. The story of Kevin Mitnick (perhaps the poster boy of hackers) perfectly exempli- fies this distinction, as he wreaked havoc on countless systems during his hacking career.

The prosecution of Mitnick relied on estimates of the value of software he downloaded but did not alter. Several major corporations placed a total value of hundreds of millions of dollars on the software Mitnick obtained. This amount was determined by a method suggested by the FBI: They directed the companies to estimate the total development costs of the software. This amount was questioned at various stages in Mitnick’s trial.

ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 11 Since Mitnick did not deprive the companies of the product of their research and devel- opment, it seems that the actual economic harm caused would be less than the total cost.

This contention was supported by the failure of any of the corporation on the list of Mitnick’s victims to report such a loss to the Securities and Exchange Commission, as required for losses suffered by a company that sells stock. When intrusion is discovered, it often requires the owner or administrator of the affected system to question the integrity, accuracy, and authenticity of data on the net- work. Although the legitimate user of the system and data is not denied access to either, there is no reasonable certainty of the data’s security in the system. Security measures often require the removal of Web-based resources and restoration of data from, hope- fully, unaffected backup copies. More direct than the subtleties of a network intruder, the denial of service leaves little room for argument of a negative effect. Although any resource may be denied to the rightful user, the most prominent example of this crime targeting the computer is the network denial-of-service attack. For example, on February 7, 2000, the Web site of Yahoo! was subjected to an unprecedented attack that effectively removed the site from the Internet for three hours. The initial reaction of law enforcement, security, and even hackers was shock that a site as large as Yahoo could be overwhelmed. 44 Subsequent investigation showed that the attacks had been aimed at choke points that funneled the majority of the site’s traffic through a few routers. While not as bad as first suspected, the attack showed that even the largest sites on the Internet were not safe. The significance of denial-of-service attacks was also demonstrated in the recent conflict between Russia and Estonia, which was caused by the removal of a Russian war monument from a memorial garden in Estonia. 45 Russian citizens in Estonia and else- where were enraged by this action, leading to protests and violence in the streets of both Estonia and Russia. Computer-based attacks quickly ensued against government and private resources in both nations by computer hackers and citizens alike. In par- ticular, Russian hackers so severely limited access to Estonian government and finan- cial systems that the government had to temporarily host files on servers in the United States to continue business without interruption. 46 The damage the denial-of-service attacks caused to the Estonian economy was so severe that the country was crippled as a result. Computer vandalism also falls under the category of crimes where the computer is a target. When an intruder removes valuable information from a computer system, the intruder denies the legitimate user or owner access to that information. This could represent a substantial loss of expected revenue. If the data are for direct sale, like a computer program or music, it may be possible to estimate the value of the lost data.

However, it is more likely that data disrupted will be provided to the public for good- will, to generate advertising income, or for no commercial purpose. Even though a dollar value cannot be attached to the data, the owner still has a right to present the intended message and be free from disruption. Many organizations, like the University of Cambridge, maintain a Web presence for no apparent commercial purpose. In this case, the University of Cambridge has the distinction of owning the last defaced Web page to be archived at Attrition.org . On May 13, 2001, the Web camera at the University of Cambridge was replaced with the calling card of a computer vandal.

The vandal wished to express nothing more important than “Ne0tz owned u!” 47 In  another example of computer vandalism, a group named “Hacking for Girlies” ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 12 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism defaced the New York Times Web site. The defacement caused the New York Times embarrassment and the loss of advertising revenue for its free Web-based service. Some defacements, however, allow individuals to express their perspectives about a political or religious agenda. For example, when a U.S. spy plane crashed in China in 2001, a small war erupted between hackers in these countries over the rights to the plane and the rea- sons the jet was flying in the first place. The defacements contained political messages such as “Fuck the U.S.A.” and “China is Wrong!” and affected Web sites owned by the government, academia, and the private sector. 48 The consequences of computer vandal- ism are similar to data alteration or denial of service; many instances of computer van- dalism also include network intrusion. All of these offenses target the computer. The Computer as an Instrument of a Crime Unlike crimes targeting the computer, using the computer as the instrument of the crime means that the computer is used to gain some other criminal objective. In other words, a burglar uses crowbars and lock picks as the instruments of crime in a fashion similar to the cybercriminal using computers and networks for crimes, such as theft, theft of service, fraud, exploitation, and threats or harassment. Theft is defined as the taking of property with the intent of permanently depriv- ing the owners of their property or service. In an environment where data are more easily copied than deleted, depriving the ow ner of the property permanently is rela- tively rare. However, theft can also mean taking property with the intent to deprive the owner of the value of the property or stealing securities. Parker, creator of the first com- puter crime typology, notes that market-sensitive proprietary information, financial information, trade secrets, process technology information, human resources informa- tion, customer information, information products, transitory information, and secu- rity information can all have value to the owner. 49 To some degree, each of these forms of information requires that the owner either maintain confidence in the integrity of the information or control the distribution of the information to maintain its value. Other, more blatant, examples of computerized theft do actually deprive the legit- imate owner of a tangible asset. The salami slice technique is a money crime; it is an automated means of stealing assets from a large number of transactions. In the round- down salami technique, the computer is used to round calculated dollar amounts down to the nearest cent. By always rounding down and diverting that amount to a special account, the criminal deprives both merchant and consumer of assets; however, the amounts are often trivial, similar to a slice taken from a salami, too thin to produce a noticeable effect, unless millions of transactions are involved. Some thefts specifically involve theft of service. Although many services available on the Internet are free, some data and services are considered proprietary. This means the users must pay to use the data or service. The use of these proprietary services with- out payment is theft. For example, many service providers invest in the ability to meet demand for their service. In the mid-1990s, Internet service provider America Online (AOL) failed to anticipate demand for Internet access. As a result, many customers were not able to connect to AOL servers. To remedy this situation, AOL invested sig- nificant amounts of money in increasing its capacity. The amount of the increase was carefully planned to avoid spending too much. The damage from theft of service occurs when the criminal use of service forces the owner to invest in greater capacity to meet the projected needs of legitimate users.

ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 13 Computers can also be used as instruments to commit fraud. Fraud committed by using a computer exploits the trust, which is guaranteed by law, in a business transac- tion. The buyer, seller, or peer in a transaction can perpetrate fraud. Shopping cart fraud is an example of consumer fraud against a business. Once purchases are selected, the computer criminal saves a copy of the purchase page and alters the prices. Once the altered prices are in place, the criminal submits the page as normal. Some merchants do not discover the fraud until they match inventory to purchases—possibly a month or more after the merchandise is shipped. Although basic security procedures or well- designed shopping cart programs would prevent this, many online merchants do not use either. Other varieties of fraud found online are simply high-tech variants of older meth- ods. Old scams have found entirely new audiences of victims on the Internet. Pyramid schemes have found a new source of legitimacy with professional-appearing Web sites and official-sounding Web addresses. In fact, virtually every tired bunko scheme has found new life through the Internet. Perhaps the most common one recently is the Nigerian bank scheme, where unsuspecting victims send their bank account numbers overseas with the dreams of getting millions in return. New forms of whole cloth fraud have also developed online, such as phishing. This offense involves victims being tricked into providing their financial information to a criminal through the use of con- vincing and extremely accurate fraudulent Web sites. 50 Computers are now often used as instruments to make threats or harass individu- als. The U.S. Department of Justice maintains a Web site that details a range of threat- ening behaviors conducted on the Internet. In an early case of cyberstalking, a Maryland man, Warren Gray, pled guilty to sending five e-mail messages that graphically threat- ened the life of his victim and the victim’s family. At the same time, Gray slashed the victim’s car tires and left a hatchet in the victim’s office. In this case, cyberstalking coin- cided with real-world stalking, but the conviction under federal law came from the use of “interstate wires” to transmit the threat. Even schoolyard bullying has moved to the Internet through the use of social net- working Web sites and instant messaging services. Children can easily post messages that attempt to poke fun or humiliate another individual. In fact, a recent case of bully- ing through the social networking Web site Myspace led a young woman named Megan Meier to commit suicide after receiving cruel and harassing messages from a young man named Josh Evans. In reality, Evans was a fictitious identity created by Lori Drew, the mother of one of Megan’s friends. 51 Drew created this identity as a means to humil- iate Megan as retribution for slighting her daughter. Unfortunately, this event high- lights the severity of cyberbullying. The Computer as Incidental to a Crime Carter characterizes the computer as incidental to other crimes when “a pattern or inci- dent of criminality uses a computer simply for ease in maintaining the efficacy of crim- inal transactions.” 52 In this category, the computer is not the primary instrument of the crime; it simply facilitates it. These crimes include money laundering, criminal enter- prise, child pornography, and luring victims into compromising situations. Money laundering is needed to provide criminals with the ability to spend their money. Funds can be divided into groups that are too small to be noticed and “smurfed” 53 out of the country to be assembled later in an offshore bank. Coordinating ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 14 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism such a complex scheme is greatly facilitated by using computers. 54 Banks or casinos are  closely regulated and heavily penalized for money laundering; however, the enor- mous volume of financial transactions in the United States makes it difficult for regula- tors to  identify even relatively large questionable transactions. These types of transactions have increased with the growth of electronic payment systems, such as e-gold, which allow individuals to make and accept payments in foreign countries without any regulation. 55 Criminal enterprises also use computers as incident to the crimes that they com- mit. Computers appeal to criminal enterprises or businesses for many of the same rea- sons they appeal to others: They are quick, reliable, very accurate, and perform many business-related tasks far faster than if done manually. Thus, they are used to support many different types of criminal enterprises, including loan-sharking and drug rings. A number of prostitution rings have been found using computers to keep track of cus- tomers and payroll. The customers of prostitutes have also developed Web sites that enable discussion and reviews of the services provided by a sex worker. 56 This sort of Internet-based information sharing helps to facilitate the sex trade in the real world. The production and distribution of child pornography have also benefited from the computer revolution. The Internet has been the key communication medium for the sale and exchange of child pornography on both international and domestic bases.

In September 1998, the largest single child pornography sting operation in history occurred, resulting in the arrest of over 200 people in 21 countries. 57 Code named “Operation Cathedral,” British police coordinated raids in Europe, Australia, and the United States, confiscating more than 100,000 indecent images of children. Most of the images were being traded between child pornographers over the Internet. While most of those arrested were men, some were women who also belonged to exclusive child pornography clubs throughout the world. One U.S.-based club, called “Wonderland,” had images for sale depicting children as young as two years of age. The sheer size of the pornography network shocked the police as well as the general public. The United Nations called for a worldwide offensive to curb the exchange of pedophilia on the Internet—a very difficult task considering the vast number of jurisdictions and judicial systems present in the international community. 58 Some crimes of violence are facilitated through the use of a computer. For exam- ple, the Internet has been used to lure victims to pedophiles. Adult users of chat rooms may use the supposed anonymity of the Internet to pose as teenagers to establish a rap- port with their intended victim. Numerous “sting” operations have placed law enforce- ment officers in these same chat rooms posing as children. In fact, a recent study found that these sorts of proactive investigations comprised 25 percent of all arrests for Inter- net sex crimes against minors and produced a high rate of guilty pleas and generally successful prosecutions. 59 Crimes Associated with the Prevalence of Computers Targets of these types of crimes are mainly the industry itself, but also include its cus- tomers and even people who have avoided information technology. These crimes include intellectual property violations, component theft, counterfeiting, identity theft, and a variety of corporate offenses. Intellectual property violations are often described as piracy. The music trading service Napster has recently caused music piracy to replace software piracy in the public mind as the leading example of this crime. Large-scale ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 15 software piracy began in Asia. The Business Software Alliance reports that just one person selling unauthorized copies of some 40 different popular programs in Singapore may have made several million dollars, even though he charged as little as $15 for cop- ies of programs that retailed for as much as $600. 60 Violation of American copyright laws in China—particularly piracy of software, videotaped entertainment, and music— led the United States in early 1995 to announce that it would place a 100 percent tariff on all products entering this country from China unless the Chinese government took action to eliminate such violations. Extensive software piracy now exists worldwide and is facilitated by the Internet. Dutch bulletin boards 61 provided the nexus of “cracked” games and software during the 1980s. Today, piracy groups continue the tradition by racing to provide the first cracked edition of new software, music, and movies for download through Web sites and resources around the world, often before it is released officially. In fact, a movie reviewer for Fox News online was fired for reviewing a pirated copy of the movie X-Men Origins: Wolverine, which he obtained through a piracy group a few months before its official release in the theater. 62 This sort of rapid and large-scale piracy is engendered by the growth of file-sharing programs such as Bit Torrent and Rapidshare, which enable indi- viduals to quickly capture data hosted on multiple computers around the world. The theft of desktop and laptop computers, monitors, printers, scanners, modems, and other computer components has also become a problem due to the increased por- tability of computer systems and the potential for sensitive information to be contained on the system files. In 2007, the theft of laptops and mobile devices accounted for 50 percent of the incidents reported by business and industry security professionals. 63 Although the value of laptops has decreased due to dropping prices of computer tech- nology, the information contained on their hard drives, such as documents and pass- words, has significant monetary value. Theft of proprietary information accounts for over $3 million in losses within the private sector. 64 The full extent of computer theft is unknown because many thefts go unreported and because many police departments consider theft of computer hardware as just another stolen-property crime. Some computer owners do not even know what they own and therefore cannot provide the police with an accurate description, let alone the serial numbers. This is a problem compounded by the inability of some police officers to accurately differentiate among computer equipment and peripherals. Furthermore, the massive growth in small portable devices like iPads, Blackberry devices, and other personal computers and their perceived value make them attractive targets for thieves due to their value and popularity. Identity theft has become a major concern for both the public and members of the law enforcement community. Although identity theft can occur without the aid of a computer, the anonymity of the Internet and access to vast numbers of personal infor- mation have fundamentally changed the nature of this crime. In a fairly common case, almost 40 people employed by a San Diego pharmaceutical company had their identi- ties stolen by a laboratory aide who had discovered unprotected personnel records at the firm. Before being caught, the thief obtained 75 credit cards, $100,000 in merchan- dise, 20 cellular phones, and rented 3 apartments. Identity theft is also significantly enabled by hackers who can gain access to sensi- tive databases of information. Once inside of a large repository of credit cards, personal information, and other files, hackers can parse out this information and sell it in open markets for a profit. In fact, an individual named Kenneth Flurry obtained stolen debit ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 16 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism card numbers with personal information from hackers in Russia and Asia and used the information to create fraudulent ATM cards. He obtained over $380,000 from ATMs over a three-week period using these cards and was arrested and subsequently prose- cuted in the U.S. federal court system. The expanded use of the Social Security number is the primary reason for the ease of identity theft. Three major credit reporting bureaus control the information on all persons applying for credit in the United States: Equifax, Trans Union, and Experian.

These companies allow anyone with a name and Social Security number to access credit histories. Credit card companies make the process of credit application little more com- plicated than supplying this information. Various corporate crimes also appear to be on the rise as computer use has expanded. The rapid growth of the computer industry has caused many questionable business practices to be developed. Examples of these questionable practices include rebate fraud, grossly one-sided end user license agreements (EULAs), misleading adver- tising, component swapping, reselling refurbished components in “new” systems, simple fraud, and many others. The Federal Trade Commission (FTC) has become involved in actions against several companies that promised mail-in rebates, but could not deliver.

Although rebates are a common practice in the industry, the first case to draw wide- spread attention was the Iomega Zip Drive. TM With the unprecedented demand for the Zip Drive, the rebate fulfillment center contracted to handle the processing of rebates was overwhelmed. A large number of rebates were simply lost, and delays of a year or more were common. Interestingly, with the advancement of rewritable computer disks (CDs) and CD/DVD burners, and their subsequent affordability to the general public, the demand for “zip drives” has decreased significantly over the past two years. EULAs are contracts that specify the rights of the consumer when purchasing a license 65 to use software. Originally intended to prevent people from reselling copies of their software, EULAs have become so one-sided as to violate common tenets of con- tract law and consumer protection legislation. Common elements of the EULAs include a stipulation that the software licensed need not function for any particular purpose, even if that function is advertised. Although it is legal to require an EULA, the terms of that contract do not automatically supercede false advertising legislation. There is also an assumption that an item sold is fit for use. An excellent example of a problem resulting from EULAs is the Sony Music Tro- jan, which was revealed in 2005. The Sony Corporation placed a program called XCP, or Extended Copy Protection, onto its music CDs to limit the ability of the consumer to make copies of the disk. The functionality of the program and its presence were not fully elaborated in the EULA. 66 Although the program did nothing malicious, many consumers and artists were embarrassed and outraged that the company felt it appro- priate to micromanage customer computer activity. Summary Attempts to categorize and label specific types of computer crime have followed traditional method- ologies, looking at the computer as a target or instrumentality of the crime as applied to other types of existing legislation. Unfortunately, these types of categorizations and labeling exercises often fall short in grasping the overall milieu in which computer crime is observed. Additionally, they often fail to take into account the behavioral and criminological aspects of digital crime. This may be particularly true when the crime touches some aspect of the Internet or involves a new type ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 17 of white-collar scam or sophisticated corporate fraud. Categorizations do help us sort out and define more commonly observed criminal inci- dents where computers are used. We would like to fit all sorts of different and varied criminal meth- odologies that involve computers into discrete boxes. Certainly, society has accomplished this task for traditional crime by defining the elements necessary to commit a specific crime. There is a new challenge posed by computer crime: Specific incidents may well fit into a criminal violation and hence meet the basic elements of a crime, while other, more sophisticated criminalities may not.

The difficulty in specifically and accurately defin- ing each type and incident of computer crime will continue to plague successful prosecution of those misusing computers. However, and much more important, the nature of digital crime is so expansive as to include ominous and catastrophic events that cripple our critical infrastructure and threaten national secu- rity and cause international conflict. In the post- 9/11 era, terrorism has become a real threat to our society and to our way of life. We have attempted to secure ourselves through the use of physical searches for weapons, the employment of new tech- nological sensing devices in critical areas, more vis- ible signs of police and security presence, and a stepped-up military offensive against those in for- eign countries who may pose threats. Trying to engage the police in the “war on terrorism” may be futile, as the criminal justice system (and particu- larly the police) is designed to address crime. The people who pose significant terrorist dangers are often motivated by ideologies that are really not criminal in the traditional sense of the word. They seek destruction and devastation as part of war.

The police and the criminal justice system are ill- equipped to handle such threats. Sometimes, these terrorists pose significant threats to computer and information systems by targeting our critical infra- structure. Designing a system that will be secure, yet provide easy accessibility to needed data and information, will be a trick. Indeed, securing our information infrastructure may well be one of the most challenging tasks of the future. Review Questions 1. What factors led to the explosive growth of digital crime over the past few decades? 2. Describe some of the most common forms of digital crime. 3. What gaps exist in our understanding of digital crime?

What can be done to address these gaps? 4. Why is the number of cybervictims growing? 5. Why is computer crime severely underreported? 6. What are the four categories of computer crime?

Give examples of the types of crimes that fall under each category. Endnotes 1. New York Times (May 10, 2013). “Hackers Steal $45 Million in ATM Card Breach.” The New York Times. 2. L einer , B.M., et al. (February 1997). “The Past and Future History of the Internet.” Communications of the ACM 40(2): 102–108. 3. S oderberry , R. (2013). “How Many Things Are Currently Connected to the ‘Internet of Things’? Forbes , Retrieved June 11, 2013, from http://www.forbes.com/sites/quora/2013/01/07/ 4. G oodin , D. (2007). “TJX Breach Was Twice As Big As Admit- ted, Banks Say.” The Register. Retrieved March 27, 2008, from http://www.theregister.co.uk/2007/10/24/tjx_breach_estimate_ grows/ 5. Motion Picture Association of America, see: http://www. mpaa.org (June 25, 2009). 6. PandaLabs (2007). “Malware Infections in Protected Systems.” Retrieved November 1, 2007, from http://research.pandasecurity. com/blogs/images/wp_pb_malware_infections_in_protected_sys- tems.pdf 7. P arker , D. (1979). Crime by Computer. New York: Charles Scribner and Sons. 8. See the National Conference of State Legislatures (NCSL) Web site for a listing of Statutory Citation by State. References to malware, viruses, and contaminants are listed by state as well. Retrieved August 10, 2013, from http://www.ncsl.org/ issues-research/telecom/state-virus-and-computer-contami- nant-laws.aspx 9. P arker , D. (1999). Fighting Computer Crime: A New Frame- work for the Protection of Information. New York: John Wiley & Sons, Inc. 10. See www.earthlink.net/bLink 11. P ar ker , D. (1979). Crime by Computer. New York: Charles Scribner and Sons. ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 18 Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 12. Bureau of Justice Statistics (1979). Computer Crime: Criminal Justice Resource Manual. Washington, DC: U.S. Department of Justice. 13. Bureau of Justice Statistics (1980). Computer Security Tech- niques. Washington, DC: U.S. Department of Justice. 14. Bureau of Justice Statistics (1982). Electronic Fund Transfer Systems and Crime. Washington, DC: U.S. Department of Justice. 15. B equai , A. (1983). How to Prevent Computer Crime. New York: John Wiley & Sons; C ooper , J.A. (1984). Computer Security Technology. Lexington, MA: D.C. Heath and Com- pany; R oache , J.Y. (1986). “Computer Crime Deterrence.” American Journal of Criminal Law 13(2): 391; C arroll , J.M. (1987). Computer Security. Boston, MA: Butterworth Pub- lishing; G allery , S. (ed.) (1987). Computer Security. Boston, MA: Butterworth Publishing Company; A rkin , S. (ed.) (1988). Prevention and Prosecution of Computer and High Technology Crime. Oakland, CA: Matthew Bender. 16. T hackery , G. (1985). “Problems of Computer Evidence.” In The Practical Prosecutor, Vol. 2. Houston, TX: National Col- lege of District Attorneys; R ostoker , M., and R ines , R. (1986). Computer Jurisprudence. New York: Oceana Publica- tions; A rkin , Prevention and Prosecution of Computer and High Technology Crime ; C onser , J.A., C arsone , L.P., and S nyder , R. (1988). “Investigating Computer-Related Crimes Involving Small Computer Systems.” In M. P almiotto (ed.), Critical Issues in Computer Investigations , 2nd ed. Cincinnati, OH: Anderson Publishing Company; H ollinger , R.C., and L anza -K aduce , L. (1988). “The Process of Criminalization:

The Case of Computer Crime Laws.” Criminology 26(1): 101; C only , C.H. (1989). Organizing for Computer Crime Investi- gation and Prosecution. Cambridge, MA: Abt Associates. 17. B equai , A. (1987). Technocrimes. Lexington, MA: D.C. Heath and Company. 18. K usserow , R.P. (1983). Computer-Related Fraud and Abuse in U.S. Government Agencies. Washington, DC: U.S. Depart- ment of Health and Human Services. 19. L andreth , B. (1985). Out of the Inner Circle: A Hacker’s Guide to Computer Security. Bellevue, WA: Microsoft Press. 20. M c E wen , T. (1989). Dedicated Computer Crime Units. Washington, DC: National Institute of Justice. 21. I cove , D., S eger , K., and V on S torch , W. (1995). Computer Crime: A Crimefighter’s Handbook. Sebastopol, CA: O’Reilly & Associates, Inc. 22. S toll , C. (1988). The Cuckoo’s Egg. New York: Bantam Books. 23. S him omura , T. (1996). Ta k e d o w n . New York: Hyperion Books. 24. S toll , The Cuckoo’s Egg. 25. S himomura , Ta k e d o w n . 26. P arker , D. (1989). Fighting Computer Crime. New York: Charles Scribner and Sons. 27. Ibid. 28. H olt , T.J. (2003). “Examining a Transnational Problem: An Analysis of Computer Crime Victimization in Eight Coun- tries from 1999 to 2001.” International Journal of Comparative and Applied Criminal Justice 27: 199–220. 29. V an D uyn , J. (1985). The Human Factor in Computer Crime. Princeton, NJ: Petrocelli Books, Inc. 30. Ibid. 31. U .N. Commission on Crime and Criminal Justice (1995).

United Nations Manual on the Prevention and Control of Computer-Related Crime. New York: United Nations. 32. B arrett , N. (1997). Digital Crime. London: Kogan Page. 33. See www.calea.org/online/newsletter/No75/The%20National %20Infrastructure%20Protection%20Center.htm , www.cert.

org and www.fbi.gov 34. S inuraya , T. (June 1999). “The Cyber Crime Problem Increases.” Crime and Justice International 29: 1–10, 32. 35. H enderson , S.J. (2007). The Dark Visitor: Inside the World of Chinese Hackers. Fort Leavenworth, KS: Foreign Military Stud- ies Office . 36. PBS Newshour (October 1, 2010). “Hunting an Industrial Strength Computer Virus around the Globe. Retrieved June 14, 2013, from http://www.pbs.org/newshour/bb/science/july- dec10/computervirus 37. American Bar Association (1987). Report on Computer Crime. Chicago, IL: American Bar Association. 38. Florida Department of Law Enforcement (1989). “Computer Crime in Florida.” An unpublished report prepared by the Florida Department of Law Enforcement, Tallahassee, FL. 39. U .N. Commission on Crime and Criminal Justice (1995).

United Nations Manual on the Prevention and Control of Computer-Related Crime. New York: United Nations. 40. C arter , D.L., and K atz , A.J. (1998). “Computer Crime Vic- timization: An Assessment of Criminality in Cyberspace.” Police Research Quarterly 1(1). 41. Computer Security Institute (1999). Issues and Trends: 1999 CSI/FBI Computer Crime and Security Survey. San Francisco, CA: Computer Security Institute. 42. Computer Security Institute (2007). 2007 CSI/FBI Computer Crime and Security Survey. San Francisco, CA: Computer Security Institute. 43. A nderson , R., B arton , C., B ohme , R., C layton , R., V an E eten , M., L evi , M., M orre , T., and S avage , S. (2012). “Mea- suring the Cost of Cybercrime.” 11th Workshop on the Econom- ics of Information Security, Berlin, Germany. June 26, 2012. 44. E unjung C ha , A., and S chwartz , J. (February 8, 2000).

“Hackers Disrupt Yahoo Web Site.” Washington Post. 45. B r enner , S.W. (2008). Cyberthreats: The Emerging Fault Lines of the Nation State. New York: Oxford University Press; J affe , G. (2006). “Gates Urges NATO Ministers to Defend Against Cyber Attacks.” The Wall Street Journal. 46. Ibid. 47. Attrition.org (May 13, 2001). “Video cam: University of Cam- bridge” [defaced Web page]. Retrieved August 30, 2001, from http://www.attrition.org/mirror/attrition/2001/05/13/video.

cbcu.cam.ac.uk/ 48. D enning , D.E. (2001). “Activism, Hacktivism, and Cyberter- rorism: The Internet as a Tool for Influencing Foreign Policy.” In J ohn A rquilla and D avid F. R onfeldt (eds.), Networks and Netwars: The Future of Terror, Crime, and Militancy. Santa Monica, CA: Rand, pp. 239–288. ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 1 • Introduction and Overview of Digital Crime and Digital Terrorism 19 49. P arker , D. (1998). Fighting Computer Crime: A New Frame- work for Protecting Information. New York: John Wiley & Sons, Inc. 50. J ames , L. (2005). Phishing Exposed. Rockland, MA: Syngress. 51. C athcart , R. (2008). “MySpace Is Said to Draw Subpoena in Hoax Case.” The New York Times. 52. C arter , D .L., and B annister , A.J. (2000). “Computer Crime: A Forecast of Emerging Trends.” Presented at the Academy of Criminal Justice Sciences Annual Meeting in New Orleans, LA. 53. Smurfing in money laundering should not be confused with smurfing in denial of service attacks. 54. Z agaris , B., and M cdonald , S.D. (1992). “Money Launder- ing, Financial Fraud and Technology: The Perils of an Instant Economy.” George Washington Journal of International Law and Economics 26(1): 61–90. 55. Department of Just ice (2007). “Digital Currency Business E-Gold Indicted for Money Laundering and Illegal Money Transmitting.” United States Department of Justice. Retrieved December 25, 2008, from http://www.usdoj.gov/opa/pr/2007/ April/07_crm_301.html 56. H olt , T.J., and B levins , K.R. (2007). “Examining Sex Work from the Client’s Perspective: Assessing Johns Using Online Data.” Deviant Behavior 28: 333–354. 57. S erjeant , J. (September 2, 1998). “Police Raid Global Inter- net Child Porn Club.” Reuters. 58. Ibid. 59. M it chell , K.J., W olak , J., and F inkelhor , D. (2005). “Police Posing as Juveniles Online to Catch Sex Offenders: Is It Working?” Sexual Abuse: A Journal of Research and Treat- ment , 17(3): 241–267. 60. Anonymous (February–March 1992). “Stalking Asian Soft- ware Pirates.” Te c h n o l o g y R e v i e w 95(2): 15. 61. The telephone-based electronic bulletin board systems (BBS) was the primary method for most computer users to commu- nicate and exchange software before Internet access became widely available. 62. S iegel , T. (2009). “Fox Fired Up Over ‘Wolverine’ Review.” Va r i e t y. Retrieved May 25, 2009, from http://www.variety. com/VR1118002128.html 63. P owers , R. (ed.) (2007). 2007 CSI/FBI Computer Crime and Security Survey. San Francisco, CA: Computer Security Institute. 64. Ibid. 65. Software licenses grant the purchaser limited rights to use the compiled version, but not to reverse engineer or sell copies.

Thus, the purchaser does not buy the software; he or she buys the right to use it. 66. M c M illan , R. (2005). “Sony Is Loading Spyware into Users’ PCs.” Te c h w o r l d . Retrieved May 15, 2007, from http://www. techworld.com/security/features/index.cfm?featureid=1931 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!