Crime On The Internet Essay, Research Paper
Jones Telecommunications &
Crime on the Internet
Overview
If cyberspace is a type of community, a giant neighborhood made up of networked computer users around the world, then it seems natural that many elements of a traditional society can be found taking shape as bits and bytes. With electronic commerce comes electronic merchants, plugged-in educators provide networked education, and doctors meet with patients in offices on-line. It should come as no surprise that there are also cybercriminals committing cybercrimes.
As an unregulated hodgepodge of corporations, individuals, governments, educational institutions, and other organizations that have agreed in principle to use a standard set of communication protocols, the Internet is wide open to exploitation. There are no sheriffs on the Information Superhighway waiting to zap potential offenders with a radar gun or search for weapons if someone looks suspicious. By almost all accounts, this lack of “law enforcement” leaves net users to regulate each other according to the reigning norms of the moment. Community standards in cyberspace appear to be vastly different from the standards found at the corner of Main Street and Elm in Any City, USA. Unfortunately, cyberspace is also a virtual tourist trap where faceless, nameless con artists can work the crowds.
Mimicking real life, crimes and criminals come in all varieties on the Internet. The FBI’s National Computer Crime Squad is dedicated to detecting and preventing all types of computer-related crimes. Some issues being carefully studied by everyone from Net veterans and law enforcement agencies to radical pundits include:
Computer network break-ins
Industrial espionage
Software piracy
Child pornography
E-mail bombings
Password sniffers
Spoofing
Credit card fraud
Computer network break-ins
Using software tools installed on a computer in a remote location, hackers can break into computer systems to steal data, plant viruses or trojan horses, or work mischief of a less serious sort by changing user names or passwords. Network intrusions have been made illegal by the U.S. federal government, but detection and enforcement are difficult. Limitations with the law as it is currently written can be seen upon examining Kevin Mitnick’s recent plea bargain, wherein there is little connection between his final plea and the crimes he allegedly committed.
Industrial espionage
Corporations, like governments, love to spy on the enemy. Networked systems provide new opportunities for this, as hackers-for-hire retrieve information about product development and marketing strategies, rarely leaving behind any evidence of the theft. Not only is tracing the criminal labor-intensive, convictions are hard to obtain when laws are not written with electronic theft in mind.
Software piracy
According to estimates by the U.S. Software Publisher’s Association, as much as $7.5 billion of American software may be illegally copied and distributed annually worldwide. These copies work as well as the originals, and sell for significantly less money. Piracy is relatively easy, and only the largest rings of distributors are usually caught. Moreover, software pirates know that they are unlikely to serve hard jail time when prisons are overcrowded with people convicted of more serious crimes. From the legal perspective, prosecutors in the Dave LaMacchia case found that matching charges to an alleged crime was not an easy task.
Child pornography
This is one crime that is clearly illegal, both on and off the Internet. Crackdowns may catch some offenders, but there are still ways to acquire images of children in varying stages of dress and performing a variety of sexual acts. Legally speaking, people who use or provide access to child porn face the same charges whether the images are digital or on a piece of photographic paper. Trials of network users arrested in a recent FBI bust may challenge the validity of those laws as they apply to online services.
Mail bombings
Software can be written that will instruct a computer to do almost anything, and terrorism has hit the Internet in the form of mail bombings. By instructing a computer to repeatedly send electronic mail (email) to a specified person’s email address, the cybercriminal can overwhelm the recipient’s personal account and potentially shut down entire systems. This may or may not be illegal, but it is certainly disruptive. Well-known journalists Joshua Quittner and Michelle Slatalla learned the hard way what it feels like to be targeted by mail bombs when their home computer was flooded with jibberish and their phone lines were rerouted for a weekend.
Password sniffers
Password sniffers are programs that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can then impersonate an authorized user and log in to access restricted documents. Laws are not yet set up to adequately prosecute a person for impersonating another person on-line, but laws designed to prevent unauthorized access to information may be effective in apprehending hackers using sniffer programs. The Wall Street Journal suggests in recent reports that hackers may have sniffed out passwords used by members of America OnLine, a service with more than 3.5 million subscribers. If the reports are accurate, even the president of the service found his account security jeopardized.
Spoofing
Spoofing is the act of disguising one computer to electronically “look” like another computer in order to gain access to a system that would normally be restricted. Legally, this can be handled in the same manner as password sniffers, but the law will have to change if spoofing is going to be addressed with more than a quick-fix solution. Spoofing was used to access valuable documents stored on a computer belonging to security expert Tsutomu Shimomura.
Credit card fraud
The U.S. Secret Service believes that half a billion dollars may be lost annually by consumers who have credit card and calling card numbers stolen from on-line databases. Security measures are improving, and traditional methods of law enforcement seem to be sufficient for prosecuting the thieves of such information. Bulletin boards and other on-line services are frequent targets for hackers who want to access large databases of credit card information. Such attacks usually result in the implementation of stronger security systems.
Since there is no single widely-used definition of computer-related crime, computer network users and law enforcement officials must distinguish between illegal or deliberate network abuse versus behavior that is merely annoying. Legal systems everywhere are busily studying ways of dealing with crimes and criminals on the Internet. Currently, the prosecution of cybercriminals is handled differently from one jurisdiction to another. The results of high-profile cases involving Kevin Mitnick, Jake Baker, and Dave LaMacchia could have significant ramifications for the legal world.
Kevin Mitnick, alternately described as anything from a genius to a menace, was arrested on February 15, 1995, for allegedly breaking into the home computer of Tsutomu Shimomura, a well-respected member of the
Dave LaMacchia was indicted by a grand jury on April 7, 1994 on charges of “conspiracy and scheme to defraud.” The charges stemmed from LaMacchia’s involvement in the operation of a pair of bulletin board systems (BBS) at the Massachusetts Institute of Technology (MIT). The boards, called CYNOSURE I and CYNOSURE II, were allegedly used as distribution centers for illegally copied software. In this case, the law was not prepared to handle whatever crimes may have been committed. The judge ruled that there was no conspiracy and dismissed the case. If statutes were in place to address the liability taken on by a BBS operator for the materials contained on the system, situations like this might be handled very differently.
Jake Baker, a student at the University of Michigan in Ann Arbor, was arrested by FBI agents on February 9, 1995 and charged with “transmitting threats across state lines.” The charge came about after it was discovered that Baker had posted an erotic fantasy on the Internet in which he raped and tortured a character with the same name as one of Baker’s real-life classmates. The charges were later revised to making a “threat to injure another person,” but in the meantime Baker had been suspended from the University of Michigan and his story had made headlines around the world. The case raises issues beyond the legality of posting a fantasy in which a living person’s name is used. Many people have expressed concern over whether Baker’s civil liberties were violated when he was suspended and how much liability an individual has when posting materials to the Internet. Baker was eventually acquitted, in part because his story was determined to be “self expression” and did not constitute a threat.
Legal systems are not yet adequately prepared for the variety of crimes that can be committed over computer networks. The legality or illegality of “cybercrimes” is ambiguous, although certain jurisdictions are taking steps to answer these questions. Florida, California, Texas, and Georgia are leading the way with statutes designed specifically to combat cybercrimes.
Copyright ? 1994-99 Jones International and Jones Digital Century. All rights reserved.
Related Resources
Books and Studies
Hacker’s Dictionary
Katie Hafner & John Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier
David Icove, Karl Seger, & William VonStorch, Computer Crime: A Crimefighter’s Handbook
Rimm Study and Counter-arguments
Lance Rose, NetLaw: Your Rights in the Online World
Michelle Slatalla & Joshua Quittner, Masters of Deception: The Gang That Ruled Cyberspace
Clifford Stoll, The Cuckoo’s Egg
Cyberspace’s Most Wanted: Hacker Eludes F.B.I. Pursuit
Organizations
CACI – Children Accessing Controversial Information
Computer Emergency Response Team
EFF
P-Law: Legal Resource Locator
UN Commission on Crime Prevention and Criminal Justice
U.S. House of Representatives Internet Law Library: Computers and the Law
Anonymizer – to surf anonymously
Internet Society
Products of Interest
Jones Futurex
Kerberos
State Statutes
California Computer Crime Law
Florida Computer Crimes Act
Georgia Computer Systems Protection Act
Texas Computer Crime Law
Sources
Business Week
Borrus, Amy; The New CIA: I-SPY-For Business; October 17, 1994
Cortese, Amy; Warding off the Cyberspace Invaders; March 13, 1995
Eng, Paul; It’s 10:30. Do You Know Who’s Using Your Cellular Code?; May 30, 1994
Kelley Holland; Stalking the Credit Card Scamsters; January 17, 1994
Oster, Patrick; How to Foil Phone-Card Fraud; November 21, 1994
Port, Otis; Halting Highway Robbery on the Internet; October 17, 1994
Time
Elmer-Dewitt, Philip; Terror on the Internet; December 8, 1994
Godwin, Mike; Computer Crimes Are Becoming More Daring and Imaginative; March 14, 1995
Quittner, Joshua; Cracks in the Net; February 19, 1995
Quittner, Joshua; Kevin Mitnick’s Digital Obsession; February 19, 1995
New York Times
Markoff, John; Caught by the Keyboard: Hacker and Grifter Duel on the Net; February 19, 1995
Markoff, John; How A Computer Sleuth Traced A Digital Trail; February 16, 1995
Markoff, John; Slippery Cybervandal Caught In His Own Electronic Web; February 16, 1995
Legal and Governmental Sources
FBI National Computer Crime Squad
Federal Trade Commission; Facts for Consumers: Credit and Charge Card Fraud
Indictment, United States of America v. David LaMacchia
Statements of Defendant’s Legal Counsel and of the U.S. Attorney assigned to the case of the United States of America v. David LaMacchia
U.S. Secret Service
U.S. District Court, Eastern District of Michigan, Southern Division: Indictment, United States of America v. Jake Baker and Arthur Gonda
Newswires
FBI Makes Arrests in Online Child Porno Sting; Reuters New Media; September 14, 1995
Hacker Agrees to Plead Guilty; San Francisco Examiner; July 2, 1995
Hacker Held Without Bail; Reuter; February 17, 1995
Hacker Reaches Plea Bargain (paraphrased: no title given); Reuter; July 1, 1995
Most Wanted Computer Hacker Gets Court Date; Reuter; February 16, 1995
Miscellaneous Documents
Abelson, Hal & Mike Fischer; Listiing of Materials and Reading for Course 6.805/STS085 at MIT
Greenspun, Philip; David LaMacchia Defense Fund
Hacker Dictionary
http://gnn.com/; Shimomura vs. Mitnick: The Computer Crime of the Year?; (possibly written by O’Reilly)
Loundy, Dave; Encode, Delete, Download-You’re Busted; Chicago Daily Law Bulletin; August 10, 1995
Miller, Adam S.; The Jake Baker Scandal; Trincoll Journal
Perry, Kenneth M., Esq. and P-Law, Inc.; Current Regulatory Environment
pjswan@engin.umich.edu; What’s the Big Deal over Jake Baker
Reid, Brian, PhD.; Pornography on the ‘Net
Siino, Rosanne M.; Official Netscape Response to French Hacker
Sterling, Bruce; The Hacker Crackdown: Law and Disorder on the Electronic Frontier
Wall Street Journal; AOL Plagued by Hackers; September 8, 1995
Wallich, Paul; Wire Pirates; Scientific American; March 1994
Credits
–contributed by Natalie D. Voss
–WebSite Design by Gerhard Wiegand
–the crew