A young man sits illuminated only by the light of a computer screen. His
fingers dance across the keyboard. While it appears that he is only word processing or
playing a game, he may be committing a felony.
In the state of Connecticut, computer crime is defined as:
53a-251. Computer Crime
(a) Defined. A person commits computer crime when he violates any of the
provisions of this section.
(b) Unauthorized access to a computer system. (1) A person is guilty of the
computer crime of unauthorized access to a computer system when, knowing that he is not
authorized to do so, he accesses or causes the be accessed any computer system without
authorization...
(c) Theft of computer services. A person is guilty of the computer crime o f
theft of computer services when he accesses or causes to be accessed or otherwise uses or
causes to be used a computer system with the intent to obtain unauthorized computer
services.
(d) Interruption of computer services. A person is guilty of the computer
crime of interruption of computer services when he, without authorization, intentionally or
recklessly disrupts or degrades or causes the disruption or degradation of computer services
or denies or causes the denial of computer services to an authorized user of a computer
system.
(e) Misuse of computer system information. A person is guilty of the computer
crime of misuse of computer system information when: (1) As a result of his accessing or
causing to be accessed a computer system, he intentionally makes or causes to be made an
unauthorized display, use, disclosure or copy, in any form, of data residing in,
communicated by or produced by a computer system.
Penalties for committing computer crime range from a class B misdemeanor to a
class B felony. The severity of the penalty is determined based on the monetary value of
the damages inflicted. (2)
The law has not always had much success stopping computer crime. In 1990 there
was a nationwide crackdown on illicit computer hackers, with arrests, criminal
charges, one dramatic show-trial, several guilty pleas, and huge confiscations of data and
equipment all over the USA.
The Hacker Crackdown of 1990 was larger, better organized, more deliberate, and
more resolute than any previous efforts. The U.S. Secret Service, private telephone
security, and state and local law enforcement groups across the country all joined
forces in a determined attempt to break the back of America's electronic underground. It was
a fascinating effort, with very mixed results.
In 1982, William Gibson coined the term "Cyberspace". Cyberspace is defined as
"the 'place' where a telephone conversation appears to occur. Not inside your actual
phone, the plastic device on your desk... The place between the phones. The indefinite
place out there." (1, p. 1)
The words "community" and "communication" share the same root. Wherever one
allows many people to communicate, one creates a community. "Cyberspace" is as much of a
community as any neighborhood or special interest group. People will fight more to defend
the communities that they have built then they would fight to protect themselves.
This two-sided fight truly began when the AT&T telephone network crashed on January 15,
1990.
The crash occurred due to a small bug in AT&T's own software. It began with a
single switching station in Manhattan, New York, but within ten minutes the domino
effect had brought down over half of AT&T's network. The rest was overloaded, trying to
compensate for the overflow.
This crash represented a major corporate embarrassment. Sixty thousand people
lost their telephone service completely. During the nine hours of effort that it took to
restore service, some seventy million telephone calls went uncompleted.
Because of the date of the crash, Martin Luther King Day (the most politically
touchy holiday), and the absence of a physical cause of the destruction, AT&T did not
find it difficult to rouse suspicion that the network had not crashed by itself- that it
had been crashed, intentionally. By people the media has called hackers.
Hackers define themselves as people who explore technology. If that technology
takes them outside of the boundaries of the law, they will do very little about it.
True hackers follow a "hacker's ethic", and never damage systems or leave electronic
"footprints" where they have been.
Crackers are hackers who use their skills to damage other people's systems or
for personal gain. These people, mistakenly referred to as hackers by the media, have been
sensationalized in recent years.
Software pirates, or warez dealers, are people who traffic in pirated software
(software that is illegally copied and distributed). These people are usually looked
down on by the more technically sophisticated hackers and crackers.
Another group of law-breakers that merit mentioning are the phreakers.
Telephone phreaks are people that experiment with the telephone network. Their main
goal is usually to receive free telephone service, through the use of such devices as
homemade telephone boxes. They are often much more extroverted than their computer
equivalents. Phreaks have been known to create world-wide conference calls that run for
hours (on someone else's bill, of course). When someone has to drop out, they call up
another phreak to join in.
Hackers come from a wide variety of odd subcultures, with a variety of
languages, motives and values. The most sensationalized of these is the "cyberpunk"
group. The cyberpunk FAQ (Frequently Asked Questions list) states:
2. What is cyberpunk, the subculture?
Spurred on by cyberpunk literature, in the mid-1980's certain groups
of people started referring to themselves as cyberpunk, because they
correctly noticed the seeds of the fictional "techno-system" in
Western society today, and because they identified with the
marginalized characters in cyberpunk stories. Within the last few
years, the mass media has caught on to this, spontaneously dubbing
certain people and groups "cyberpunk". Specific subgroups which are
identified with cyberpunk are:
Hackers, Crackers, and Phreaks: "Hackers" are the "wizards" of the
computer community; people with a deep understanding of how their
computers work, and can do things with them that seem
"magical". "Crackers" are the real-world analogues of the "console
cowboys" of cyberpunk fiction; they break in to other people's
computer systems, without their permission, for illicit gain or simply
for the pleasure of exercising their skill. "Phreaks" are those who do
a similar thing with the telephone system, coming up with ways to
circumvent phone companies' calling charges and doing clever things
with the phone network. All three groups are using emerging computer
and telecommunications technology to satisfy their individualist
goals.
Cypherpunks: These people think a good way to bollix "The System" is
through cryptography and cryptosystems. They believe widespread use of
extremely hard-to-break coding schemes will create "regions of privacy"
that "The System" cannot invade. (3)
This simply serves to show that computer hackers are not only teenage boys with
social problems who sit at home with their computers; they can be anyone.
The crash of AT&T's network and their desire to blame it on people other than
themselves brought the political impetus for a new attack on the electronic underground.
This attack took the form of Operation Sundevil. "Operation Sundevil" was a crackdown on
those traditional scourges of the digital underground: credit card theft and telephone code
abuse.
The targets of these raids were computer bulletin board systems. Boards can be
powerful aids to organized fraud. Underground boards carry lively, extensive, detailed, and
often quite flagrant discussions of lawbreaking techniques and illegal activities.
Discussing crime in the abstract, or discussing the particulars of criminal cases, is not
illegal, but there are stern state and federal laws against conspiring in groups in order to
commit crimes. It was these laws that were used to seize 25 of the "worst" offenders,
chosen from a list of over 215 underground BBSs that the Secret Service had fingered for
"carding" traffic.
The Secret Service was not interested in arresting criminals. They sought to
seize computer equipment, not computer criminals. Only four people were arrested during the
course of Operation Sundevil; one man in Chicago, one man in New York, a nineteen-year-old
female phreak in Pennsylvania, and a minor in California.
This was a politically motivated attack designed to show the public that the
government was capable of stopping this fraud, and to show the denizens of the
electronic underground that the government could penetrate into the very heart of their
society and destroy routes of communication, as well as bring down the legendary BBS
operators. This is not an uncommon message for law-enforcement officials to send to
criminals. Only the territory was new.
Another message of Sundevil was to the employees of the Secret Service
themselves; proof that such a large-scale operation could be planned and accomplished
successfully.
The final purpose of Sundevil was as a message from the Secret Service to their
long-time rivals the Federal Bureau of Investigation. Congress had not clearly stated which
agency was responsible for computer crime. Later, they gave the Secret Service jurisdiction
over any computers belonging to the government or responsible for the transfer of money.
Although the secret service can't directly involve themselves in anything outside of this
jurisdiction, they are often called on by local police for advice.
Hackers are unlike any other group of criminals, in that they are constantly in
contact with one another. There are two national conventions per year, and monthly
meetings within each state. This has forced people to pose the question of whether
hacking is really a crime at all.
After seeing such movies at "The Net" or "Hackers", people have begun to wonder
how vulnerable they individually are to technological crime. Cellular phone
conversations can be easily overheard with modified scanners, as can conversations on
cordless phones.
Any valuable media involving numbers is particularly vulnerable. A common
practice among hackers is "trashing". Not, as one might think, damaging public
property, but actually going through a public area and methodically searching the trash for
any useful information. Public areas that are especially vulnerable are ATM chambers and
areas where people posses credit cards printouts or telephone bills.
This leads to another part of hacking that has very little to do with the
technical details of computers or telephone systems. It is referred to by those who
practice it as "social engineering". With the information found on someone's phone bill
(account or phonecard number), an enterprising phreak can call up and impersonate an
employee of the telephone company- obtaining useable codes without any knowledge of the
system whatsoever. Similar stunts are often performed with ATM cards and pin numbers.
The resulting codes are either kept or used by whomever obtained them, traded or
sold over Bulletin Board Systems or the Internet, or posted for anyone interested to
find.
With the increasing movement of money from the physical to the electronic,
stricter measures are being taken against electronic fraud, although this can backfire.
In several instances, banks have covered up intrusions to prevent their customers from
losing their trust in the security of the system. The truth has only come out long after
the danger was passed.
Electronic security is becoming a way of life for many people. As with the
first cellular telephone movements, this one has begun with the legitimately wealthy and the
criminals. The most common security package is PGP, or Pretty Good Privacy. PGP uses RSA
public-key encryption algorithms to provide military-level encryption to anyone who seeks to
download the package from the Internet.
The availability of this free package on the Internet caused an uproar and
brought about the arrest of the author, Phil Zimmerman. The United States government
lists RSA encryption along with weapons of which the exportation is illegal. The
Zimmerman case has not yet been resolved.
The United States government has begun to take a large interest in the Internet
and private Bulletin Board Systems. They have recently passed the Communications
Decency Act, which made it illegal to transmit through the Internet or phone lines in
electronic form any "obscene or inappropriate" pictures or information. This Act
effectively restricted the information on the Internet to that appropriate in PG-13
movies.
As of June 12, 1996, the censorship section of the Communications Decency Act
was overturned by a three-judge panel of the federal court of appeals, who stated that it
violates Internet user's first amendment rights, and that it is the responsibility of the
parents to censor their children's access to information, not the government's. The court
of appeals, in effect, granted the Internet the protections previously granted to
newspapers, one of the highest standards of freedom insured by our Constitution. The
Clinton administration has vowed to appeal this decision through the Supreme Court.
Technological crime is harder to prosecute than any other, because the police
are rarely as technologically advanced as the people they are attempting to catch. This
situation was illustrated by the recent capture of Kevin Mitnick. Mitnick had eluded police
for years. After he broke into security expert Tsumona's computer, Tsumona took over the
investigation and captured Mitnick in a matter of months.
It will be fascinating to see, as technology continues to transform society, the
way that technological criminals, usually highly intelligent and dangerous, will
transform the boundaries of crime. As interesting to see will be how the government
will fight on this new battle ground against the new types of crime, while preserving
the rights and freedom of the American people.
No comments:
Post a Comment