Cybercrime On The Internet Essay, Research Paper

Overview

If cyberspace is a type of community, a giant neighborhood made up of

networked computer users around the world, then it seems natural that

many elements of a traditional society can be found taking shape as bits

and bytes. With electronic commerce comes electronic merchants, plugged-in

educators provide online education, and doctors meet with patients in

offices on-line. It should come as no surprise that there are also cybercriminals

committing cybercrimes.

As an unregulated medley of corporations, individuals, governments, educational

institutions, and other organizations that have agreed in principle to

use a standard set of communication protocols, the Internet is wide open

to exploitation. There are no sheriffs on the Information Superhighway

waiting to zap potential offenders with a radar gun or search for weapons

if someone looks suspicious. By almost all accounts, this lack of "law

enforcement" leaves net users to regulate each other according to

the reigning norms of the moment. Community standards in cyberspace appear

to be vastly different from the standards found at the corner of Main

Street and Elm in Any City, USA. Unfortunately, cyberspace is also a virtual

tourist trap where faceless, nameless con artists can work the crowds.

Mimicking real life, crimes and criminals come in all varieties on the

Internet. The FBI and the

National White Collar Crime Center

are dedicated to detecting and preventing all types of computer-related

crimes. Some issues being carefully studied by everyone from Net veterans

and law enforcement agencies to radical pundits include:

Computer

network break-ins

Industrial

espionage

Software

piracy

Child

pornography

E-mail

bombings

Password

sniffers

Spoofing

Credit

card fraud

Computer

network break-ins

Using software tools installed on a computer in a remote location, hackers

can break into computer systems to steal data, plant viruses or trojan

horses, or work mischief of a less serious sort by changing user names

or passwords. Network intrusions have been made illegal by the U.S. federal

government, but detection and enforcement are difficult. Limitations with

the law as it is currently written can be seen upon examining Kevin

Mitnick’s plea bargain, wherein there is little connection between

his final plea and the crimes he allegedly committed.

Industrial

espionage

Corporations, like governments, love to spy on the enemy. Networked systems

provide new opportunities for this, as hackers-for-hire retrieve information

about product development and marketing strategies, rarely leaving behind

any evidence of the theft. Not only is tracing the criminal labor-intensive,

convictions are hard to obtain when laws are not written with electronic

theft in mind.

Software

piracy

According to estimates by the U.S. Software

and Information Industry Association, as much as $7.5 billion of American

software may be illegally copied and distributed annually worldwide. These

copies work as well as the originals, and sell for significantly less

money. Piracy is relatively easy, and only the largest rings of distributors

are usually caught. Moreover, software pirates know that they are unlikely

to serve hard jail time when prisons are overcrowded with people convicted

of more serious crimes. From the legal perspective, prosecutors in the

Dave LaMacchia case found that matching charges

to an alleged crime was not an easy task.

Child pornography

This is one crime that is clearly illegal, both on and off the Internet.

Crackdowns may catch some offenders, but there are still ways to acquire

images of children in varying stages of dress and performing a variety

of sexual acts. Legally speaking, people who use or provide access to

child porn face the same charges whether the images are digital or on

a piece of photographic paper. Trials of network users arrested in a recent

FBI bust may challenge the validity of those laws as they apply to online

services.

Mail bombings

Software can be written that will instruct a computer to do almost anything,

and terrorism has hit the Internet in the form of mail bombings. By instructing

a computer to repeatedly send electronic mail (email) to a specified person’s

email address, the cybercriminal can overwhelm the recipient’s personal

account and potentially shut down entire systems. This may or may not

be illegal, but it is certainly disruptive. Well-known journalists Joshua

Quittner and Michelle Slatalla learned the hard way what it feels

like to be targeted by mail bombs when their home computer was flooded

with jibberish and their phone lines were rerouted for a weekend.

Password

sniffers

Password sniffers are programs that monitor and record the name and password

of network users as they log in, jeopardizing security at a site. Whoever

installs the sniffer can then impersonate an authorized user and log in

to access restricted documents. Laws are not yet set up to adequately

prosecute a person for impersonating another person on-line, but laws

designed to prevent unauthorized access to information may be effective

in apprehending hackers using sniffer programs. The Wall Street Journal

suggests in recent reports that hackers may have sniffed out passwords

used by members of America OnLine, a service with more than 3.5 million

subscribers. If the reports are accurate, even the president of the service

found his account security jeopardized.

Spoofing

Spoofing is the act of disguising one computer to electronically "look"

like another computer in order to gain access to a system that would normally

be restricted. Legally, this can be handled in the same manner as password

sniffers, but the law will have to change if spoofing is going to be addressed

with more than a quick-fix solution. Spoofing was used to access valuable

documents stored on a computer belonging to security expert Tsutomu

Shimomura.

Credit

card fraud

The U.S. Secret Service believes

that half a billion dollars may be lost annually by consumers who have

credit card and calling card numbers stolen from on-line databases. Security

measures are improving, and traditional methods of law enforcement seem

to be sufficient for prosecuting the thieves of such information. Bulletin

boards and other on-line services are frequent targets for hackers who

want to access large databases of credit card information. Such attacks

usually result in the implementation of stronger security systems.

Since there is no single widely-used definition of computer-related crime,

computer network users and law enforcement officials must distinguish

between illegal or deliberate network abuse versus behavior that is merely

annoying. Legal systems everywhere are busily studying ways of dealing

with crimes and criminals on the Internet. Currently, the prosecution

of cybercriminals is handled differently from one jurisdiction to another.

The results of high-profile cases involving Kevin Mitnick,

Jake Baker, and Dave LaMacchia

could have significant ramifications for the legal world.

Kevin Mitnick, alternately

described as anything from a genius to a menace, was arrested on February

15, 1995, for allegedly breaking into the home computer of Tsutomu

Shimomura, a well-respected member of the computer security world.

Known to hackers around the planet as "Condor," a name taken

from the Robert Redford movie" Three Days of the Condor," Mitnick

was suspected of spoofing his way through Shimomura’s elaborate blockade

and stealing computer security tools to distribute over the Internet.

By July 1, Mitnick’s lawyer and federal prosecutors had reached a plea

bargain agreement whereby Mitnick would admit to "possessing unauthorized

access devices" and the prosecutors would drop the other 22 charges

brought against the renowned hacker. Mitnick’s admission of guilt carried

a maximum prison sentence of eight months.

Dave LaMacchia

was indicted by a grand jury on April 7, 1994 on charges of "conspiracy

and scheme to defraud." The charges stemmed from LaMacchia’s involvement

in the operation of a pair of bulletin board systems (BBS) at the Massachusetts

Institute of Technology (MIT). The boards, called CYNOSURE I and CYNOSURE

II, were allegedly used as distribution centers for illegally copied software.

In this case, the law was not prepared to handle whatever crimes may have

been committed. The judge ruled that there was no conspiracy and dismissed

the case. If statutes were in place to address the liability taken on

by a BBS operator for the materials contained on the system, situations

like this might be handled very differently.

Jake

Baker, a student at the University

of Michigan in Ann Arbor, was arrested by FBI agents on February 9,

1995 and charged with "transmitting threats across state lines."

The charge came about after it was discovered that Baker had posted an

erotic fantasy on the Internet in which he raped and tortured a character

with the same name as one of Baker’s real-life classmates. The charges

were later revised to making a "threat to injure another person,"

but in the meantime Baker had been suspended from the University of Michigan

and his story had made headlines around the world. The case raises issues

beyond the legality of posting a fantasy in which a living person’s name

is used. Many people have expressed concern over whether Baker’s civil

liberties were violated when he was suspended and how much liability an

individual has when posting materials to the Internet. Baker was eventually

acquitted, in part because his story was determined to be "self expression"

and did not constitute a threat.

Legal systems are not yet adequately prepared for the variety of crimes

that can be committed over computer networks. The legality or illegality

of "cybercrimes" is ambiguous, although certain jurisdictions

are taking steps to answer these questions. Florida, California, Texas,

and Georgia are leading the way with statutes designed specifically to

combat cybercrimes.

Related Resources

Books and Studies

The

New Hacker’s Dictionary

Katie

Hafner & John Markoff, Cyberpunk: Outlaws and Hackers on the Computer

Frontier

Hacker

Kevin Mitnick allowed back online

Rimm

Study and Counter-arguments

Lance

Rose, NetLaw: Your Rights in the Online World

Clifford

Stoll, The Cuckoo’s Egg

Cyberspace’s

Most Wanted: Hacker Eludes F.B.I. Pursuit

Organizations

CACI

– Children Accessing Controversial Information

Computer

Emergency Response Team

American

Cival Liberties Union

Electronic

Frontier Foundation

LawGuru.com

– free answers to legal questions, law library and research center

Internet

Fraud Complaint Center

UN

Commission on Crime Prevention and Criminal Justice

Pritchard

Law Web

Consumer.net

– consumer information organization

Anonymizer

– to surf anonymously

Internet

Society

Products of Interest

Jones

Futurex

Kerberos

Sources

Business Week

Borrus,

Amy; The New CIA: I-SPY-For Business; October 17, 1994

Cortese,

Amy; Warding off the Cyberspace Invaders; March 13, 1995

Eng,

Paul; It’s 10:30. Do You Know Who’s Using Your Cellular Code?;

May 30, 1994

Kelley

Holland; Stalking the Credit Card Scamsters; January 17, 1994

Oster,

Patrick; How to Foil Phone-Card Fraud; November 21, 1994

Port,

Otis; Halting Highway Robbery on the Internet; October 17,

1994

Time

Elmer-Dewitt,

Philip; Terror on the Internet; December 8, 1994

Godwin,

Mike; Computer Crimes Are Becoming More Daring and Imaginative;

March 14, 1995

Quittner,

Joshua; Cracks in the Net; February 19, 1995

Quittner,

Joshua; Kevin Mitnick’s Digital Obsession; February 19, 1995

New York Times

Markoff,

John; Caught by the Keyboard: Hacker and Grifter Duel on the Net;

February 19, 1995

Markoff,

John; How A Computer Sleuth Traced A Digital Trail; February 16, 1995

Markoff,

John; Slippery Cybervandal Caught In His Own Electronic Web; February

16, 1995

Legal and Governmental Sources

FBI

National Computer Crime Squad

Federal

Trade Commission; Facts for Consumers: Credit and Charge Card Fraud

Indictment,

United States of America v. David LaMacchia

Statements

of Defendant’s Legal Counsel and of the U.S. Attorney assigned to

the case of the United States of America v. David LaMacchia

U.S.

Secret Service

U.S.

District Court, Eastern District of Michigan, Southern Division: Indictment,

United States of America v. Jake Baker and Arthur Gonda

Newswires

FBI

Makes Arrests in Online Child Porno Sting; Reuters New Media;

September 14, 1995

Hacker

Agrees to Plead Guilty; San Francisco Examiner; July 2, 1995

Hacker

Held Without Bail; Reuter; February 17, 1995

Hacker

Reaches Plea Bargain (paraphrased: no title given); Reuter; July 1,

1995

Most

Wanted Computer Hacker Gets Court Date; Reuter; February 16, 1995

Miscellaneous Documents

Abelson,

Hal & Mike Fischer; Listiing of Materials and Reading for Course

6.805/STS085 at MIT

Greenspun,

Philip; David LaMacchia Defense Fund

Hacker

Dictionary

http://gnn.com/;

Shimomura vs. Mitnick: The Computer Crime of the Year?; (possibly

written by O’Reilly)

Loundy,

Dave; Encode, Delete, Download-You’re Busted; Chicago Daily

Law Bulletin; August 10, 1995

Miller,

Adam S.; The Jake Baker Scandal; Trincoll Journal

Perry,

Kenneth M., Esq. and P-Law, Inc.; Current Regulatory Environment

[email protected];

What’s the Big Deal over Jake Baker

Reid,

Brian, PhD.; Pornography on the ‘Net

Siino,

Rosanne M.; Official Netscape Response to French Hacker

Sterling,

Bruce; The Hacker Crackdown: Law and Disorder on the Electronic

Frontier

Wall

Street Journal; AOL Plagued by Hackers; September 8, 1995

Wallich,

Paul; Wire Pirates; Scientific American; March 1994