Computer Crime

A young man sits illuminated only by the light of a computer screen. His fingers dance across the keyboard. While it appears that he is only word processing or playing a game, he may be committing a felony. In the state of Connecticut, computer crime is defined as: 53a-251. Computer Crime (a) Defined. A person commits computer crime when he violates any of the provisions of this section. (b) Unauthorized access to a computer system. (1) A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that he is not authorized to do so, he accesses or causes the be accessed any computer system without authorization... (c) Theft of computer services. A person is guilty of the computer crime o f theft of computer services when he accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services. (d) Interruption of computer services. A person is guilty of the computer crime of interruption of computer services when he, without authorization, intentionally or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer system. (e) Misuse of computer system information. A person is guilty of the computer crime of misuse of computer system information when: (1) As a result of his accessing or causing to be accessed a computer system, he intentionally makes or causes to be made an unauthorized display, use, disclosure or copy, in any form, of data residing in, communicated by or produced by a computer system. Penalties for committing computer crime range from a class B misdemeanor to a class B felony. The severity of the penalty is determined based on the monetary value of the damages inflicted. (2) The law has not always had much success stopping computer crime. In 1990 there was a nationwide crackdown on illicit computer hackers, with arrests, criminal charges, one dramatic show-trial, several guilty pleas, and huge confiscations of data and equipment all over the USA. The Hacker Crackdown of 1990 was larger, better organized, more deliberate, and more resolute than any previous efforts. The U.S. Secret Service, private telephone security, and state and local law enforcement groups across the country all joined forces in a determined attempt to break the back of America's electronic underground. It was a fascinating effort, with very mixed results. In 1982, William Gibson coined the term "Cyberspace". Cyberspace is defined as "the 'place' where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk... The place between the phones. The indefinite place out there." (1, p. 1) The words "community" and "communication" share the same root. Wherever one allows many people to communicate, one creates a community. "Cyberspace" is as much of a community as any neighborhood or special interest group. People will fight more to defend the communities that they have built then they would fight to protect themselves. This two-sided fight truly began when the AT&T telephone network crashed on January 15, 1990. The crash occurred due to a small bug in AT&T's own software. It began with a single switching station in Manhattan, New York, but within ten minutes the domino effect had brought down over half of AT&T's network. The rest was overloaded, trying to compensate for the overflow. This crash represented a major corporate embarrassment. Sixty thousand people lost their telephone service completely. During the nine hours of effort that it took to restore service, some seventy million telephone calls went uncompleted. Because of the date of the crash, Martin Luther King Day (the most politically touchy holiday), and the absence of a physical cause of the destruction, AT&T did not find it difficult to rouse suspicion that the network had not crashed by itself- that it had been crashed, intentionally. By people the media has called hackers. Hackers define themselves as people who explore technology. If that technology takes them outside of the boundaries of the law, they will do very little about it. True hackers follow a "hacker's ethic", and never damage systems or leave electronic "footprints" where they have been. Crackers are hackers who use their skills to damage other people's systems or for personal gain. These people, mistakenly referred to as hackers by the media, have been sensationalized in recent years. Software pirates, or warez dealers, are people who traffic in pirated software (software that is illegally copied and distributed). These people are usually looked down on by the more technically sophisticated hackers and crackers. Another group of law-breakers that merit mentioning are the phreakers. Telephone phreaks are people that experiment with the telephone network. Their main goal is usually to receive free telephone service, through the use of such devices as homemade telephone boxes. They are often much more extroverted than their computer equivalents. Phreaks have been known to create world-wide conference calls that run for hours (on someone else's bill, of course). When someone has to drop out, they call up another phreak to join in. Hackers come from a wide variety of odd subcultures, with a variety of languages, motives and values. The most sensationalized of these is the "cyberpunk" group. The cyberpunk FAQ (Frequently Asked Questions list) states: 2. What is cyberpunk, the subculture? Spurred on by cyberpunk literature, in the mid-1980's certain groups of people started referring to themselves as cyberpunk, because they correctly noticed the seeds of the fictional "techno-system" in Western society today, and because they identified with the marginalized characters in cyberpunk stories. Within the last few years, the mass media has caught on to this, spontaneously dubbing certain people and groups "cyberpunk". Specific subgroups which are identified with cyberpunk are: Hackers, Crackers, and Phreaks: "Hackers" are the "wizards" of the computer community; people with a deep understanding of how their computers work, and can do things with them that seem "magical". "Crackers" are the real-world analogues of the "console cowboys" of cyberpunk fiction; they break in to other people's computer systems, without their permission, for illicit gain or simply for the pleasure of exercising their skill. "Phreaks" are those who do a similar thing with the telephone system, coming up with ways to circumvent phone companies' calling charges and doing clever things with the phone network. All three groups are using emerging computer and telecommunications technology to satisfy their individualist goals. Cypherpunks: These people think a good way to bollix "The System" is through cryptography and cryptosystems. They believe widespread use of extremely hard-to-break coding schemes will create "regions of privacy" that "The System" cannot invade. (3) This simply serves to show that computer hackers are not only teenage boys with social problems who sit at home with their computers; they can be anyone. The crash of AT&T's network and their desire to blame it on people other than themselves brought the political impetus for a new attack on the electronic underground. This attack took the form of Operation Sundevil. "Operation Sundevil" was a crackdown on those traditional scourges of the digital underground: credit card theft and telephone code abuse. The targets of these raids were computer bulletin board systems. Boards can be powerful aids to organized fraud. Underground boards carry lively, extensive, detailed, and often quite flagrant discussions of lawbreaking techniques and illegal activities. Discussing crime in the abstract, or discussing the particulars of criminal cases, is not illegal, but there are stern state and federal laws against conspiring in groups in order to commit crimes. It was these laws that were used to seize 25 of the "worst" offenders, chosen from a list of over 215 underground BBSs that the Secret Service had fingered for "carding" traffic. The Secret Service was not interested in arresting criminals. They sought to seize computer equipment, not computer criminals. Only four people were arrested during the course of Operation Sundevil; one man in Chicago, one man in New York, a nineteen-year-old female phreak in Pennsylvania, and a minor in California. This was a politically motivated attack designed to show the public that the government was capable of stopping this fraud, and to show the denizens of the electronic underground that the government could penetrate into the very heart of their society and destroy routes of communication, as well as bring down the legendary BBS operators. This is not an uncommon message for law-enforcement officials to send to criminals. Only the territory was new. Another message of Sundevil was to the employees of the Secret Service themselves; proof that such a large-scale operation could be planned and accomplished successfully. The final purpose of Sundevil was as a message from the Secret Service to their long-time rivals the Federal Bureau of Investigation. Congress had not clearly stated which agency was responsible for computer crime. Later, they gave the Secret Service jurisdiction over any computers belonging to the government or responsible for the transfer of money. Although the secret service can't directly involve themselves in anything outside of this jurisdiction, they are often called on by local police for advice. Hackers are unlike any other group of criminals, in that they are constantly in contact with one another. There are two national conventions per year, and monthly meetings within each state. This has forced people to pose the question of whether hacking is really a crime at all. After seeing such movies at "The Net" or "Hackers", people have begun to wonder how vulnerable they individually are to technological crime. Cellular phone conversations can be easily overheard with modified scanners, as can conversations on cordless phones. Any valuable media involving numbers is particularly vulnerable. A common practice among hackers is "trashing". Not, as one might think, damaging public property, but actually going through a public area and methodically searching the trash for any useful information. Public areas that are especially vulnerable are ATM chambers and areas where people posses credit cards printouts or telephone bills. This leads to another part of hacking that has very little to do with the technical details of computers or telephone systems. It is referred to by those who practice it as "social engineering". With the information found on someone's phone bill (account or phonecard number), an enterprising phreak can call up and impersonate an employee of the telephone company- obtaining useable codes without any knowledge of the system whatsoever. Similar stunts are often performed with ATM cards and pin numbers. The resulting codes are either kept or used by whomever obtained them, traded or sold over Bulletin Board Systems or the Internet, or posted for anyone interested to find. With the increasing movement of money from the physical to the electronic, stricter measures are being taken against electronic fraud, although this can backfire. In several instances, banks have covered up intrusions to prevent their customers from losing their trust in the security of the system. The truth has only come out long after the danger was passed. Electronic security is becoming a way of life for many people. As with the first cellular telephone movements, this one has begun with the legitimately wealthy and the criminals. The most common security package is PGP, or Pretty Good Privacy. PGP uses RSA public-key encryption algorithms to provide military-level encryption to anyone who seeks to download the package from the Internet. The availability of this free package on the Internet caused an uproar and brought about the arrest of the author, Phil Zimmerman. The United States government lists RSA encryption along with weapons of which the exportation is illegal. The Zimmerman case has not yet been resolved. The United States government has begun to take a large interest in the Internet and private Bulletin Board Systems. They have recently passed the Communications Decency Act, which made it illegal to transmit through the Internet or phone lines in electronic form any "obscene or inappropriate" pictures or information. This Act effectively restricted the information on the Internet to that appropriate in PG-13 movies. As of June 12, 1996, the censorship section of the Communications Decency Act was overturned by a three-judge panel of the federal court of appeals, who stated that it violates Internet user's first amendment rights, and that it is the responsibility of the parents to censor their children's access to information, not the government's. The court of appeals, in effect, granted the Internet the protections previously granted to newspapers, one of the highest standards of freedom insured by our Constitution. The Clinton administration has vowed to appeal this decision through the Supreme Court. Technological crime is harder to prosecute than any other, because the police are rarely as technologically advanced as the people they are attempting to catch. This situation was illustrated by the recent capture of Kevin Mitnick. Mitnick had eluded police for years. After he broke into security expert Tsumona's computer, Tsumona took over the investigation and captured Mitnick in a matter of months. It will be fascinating to see, as technology continues to transform society, the way that technological criminals, usually highly intelligent and dangerous, will transform the boundaries of crime. As interesting to see will be how the government will fight on this new battle ground against the new types of crime, while preserving the rights and freedom of the American people.