Computer Crime Billions of dollars in losses have already been discovered. Billions more have gone undetected. Trillions will be stolen, most without detection, by the emerging master criminal of the twenty-first century–the computer crime offender. Worst of all, anyone who is computer literate can become a computer criminal. He or she is everyman, everywoman, or even everychild. The crime itself will often be virtual in nature–sometimes recorded, more often not–occurring only on the Internet, with the only record being electronic impulses.
Before discussing Internet crimes, we can expect to see in the years ahead, let’s look at the good news: The most-dreaded types of offenses–crimes such as murder, rape, assault, robbery, burglary, and vehicle theft–will be brought under control in the years ahead by a combination of technology and proactive community policing. Creation of the cashless society, for example, will eliminate most of the rewards for robbers and muggers, while computer-controlled smart houses and cars will thwart burglars and auto thieves.
Implanted bodily function monitors and chemical drips (such as “sober-up” drugs and synthesized hormones) will keep most of the sexually and physically violent offenders under control. But computer criminals–ranging in age from preteen to senior citizen–will have ample opportunities to violate citizens’ rights for fun and profit, and stopping them will require much more effort. Currently, we have only primitive knowledge about these lawbreakers: Typically, they are seen only as nuisances or even admired as innovators or computer whizzes.
But increasingly, the “hacker” is being replaced by the menacing “cracker”–an individual or member of a group intent on using the Internet for illegal profit or terrorism. Access to the Internet has begun to expand geometrically, and technology is making the Internet even more friendly and affordable for millions of users. But foolproof protective systems can probably never be developed, although some high-tech entrepreneurs are certainly trying. Even if a totally secure system could ever be developed, it would likely disrupt the free flow of information–an unacceptable intrusion to most users.
In fact, it is the ease of access that is driving this rapidly expanding field of crime. What are the major computer crimes being committed, how, and by whom? More importantly, where is computer crime headed in the twenty-first century? Let’s look at five crime categories: communications, government, business, stalking, and virtual crimes. COMMUNICATIONS CRIMES Already, cellular theft and phone fraud have become major crimes. Low-tech thieves in airports and bus terminals use binoculars to steal calling-card access numbers as unsuspecting callers punch in their phone codes.
Other thieves park vans beside busy interstate highways and use equipment obtained from shopping mall electronics stores to steal cellular phone access codes from the air. Within moments of these thefts, international calls are being made with the stolen numbers in what is becoming a multibillion-dollar-a-year criminal industry. Phone company employees, meanwhile, are also stealing and selling calling card numbers, resulting in more hundreds of millions of dollars in unauthorized calls.
In 1994, an MCI engineer was charged with selling 60,000 calling card numbers for $3 to $5 each, resulting in more than $50 million in illegal long-distance charges. In another case, when a phone company tried to institute a call-forwarding program, crackers quickly defrauded the system of more money than the company stood to make in legal profits. In the future, the opportunities for hacking and cracking will escalate, with telephones, computers, faxes, and televisions interconnected to provide instantaneous audiovisual communication and transmission of materials among individuals.
The wide appeal of new multimedia communication systems will likely create such a huge volume of subscribers that the price will plummet and make access by all possible. But if billions of dollars of losses are to thieves, compounded by billions more required to repair damages created by system terrorists, the cost might become prohibitive to all but the wealthy. In 1995, the U. S. Internal Revenue Service instituted stringent new regulations on electronic tax filing and returns.
This move was to stop a rash of fraud that cost taxpayers millions in 1994: Returns that were processed quickly via this method turned out to be for tens of thousands of fictitious corporations and individuals. Similarly, in an attempt to stop food-stamp fraud, the government issued electronic debit cards to a trial population and plans to go nationwide with the system later in the decade. However, reports show that many recipients are selling their benefits for cash–50 to 60 on a dollar–to brokers who then receive full payment.
Cyberpunks” regularly break into government computer systems, usually out of curiosity and for the thrill of the challenge. They often intercept classified data and sometimes even interrupt and change systems. One U. S. Justice Department official reported that military computers are the most vulnerable, “even less secure than university computers. ” This official noted that, during Operation Desert Storm, hackers were able to track both actual and planned troop movements. James V. Christy II, director of an Air Force unit of computer-crime investigators, set up a team of hackers to test the security of military computer systems.
He reported that the hackers broke into Pentagon systems “within 15 seconds” and went on to break into over 200 Air Force systems with no one reporting or even recognizing the break-ins. Ironically, computer hackers often beat the system using the very technology intended to stop them. For example, federal law-enforcement agencies use an Escrowed Encryption Standard to protect classified information and a chip-specific key to decrypt the system. Experienced hackers can easily discover the key and use it to obtain passwords, gaining full access to encrypted systems.
Newer, more-secure encryption systems for protecting government and international business transactions require storing the “keys” in “escrow” with a specific government agency–usually the U. S. Treasury Department. Hackers find this security solution unacceptable because it slows the free flow of information and puts almost all sensitive and important data in the hands of government officials. This is seen by many as being dangerous to individual freedoms and a major step in the direction of creating a class structure based on the “information rich” and “information poor. “.
As more government data is stored in computers, protection will become both more vital and more difficult. When the livelihood of an individual depends on data in government computers, the temptation to “adjust” that record to increase benefits and reduce charges will be great. Many will try to do the adjusting themselves; others will be willing customers for a burgeoning black market of professional crackers. For those who have little need for government benefits but would like to eliminate their tax liability, a highly destructive method would be to plant a computer virus in government computers to destroy large numbers of records.
In this way, suspicion would not fall on an individual. Today, most banking is done by electronic impulse, surpassing checks and cash by a wide margin. In the near future, nearly all business transactions will be electronic. Thus, access to business computers equals access to money. Recently, computer hacker John Lee, a founder of the infamous “Masters of Deception” hacker group, discussed his 10-year career, which began when he was 12 years old and included a one-year prison term in his late teens.
Without admitting to any wrongdoing, Lee said that he could “commit a crime with five keystrokes” on the computer. He could: (1) change credit records and bank balances; (2) get free limousines, airplane flights, hotel rooms, and meals “without anyone being billed”; (3) change utility and rent rates; (4) distribute computer software programs free to all on the Internet; and (5) easily obtain insider trading information. Though prison was “no fun,” Lee admitted that he would certainly be tempted to do it all again.
In a groundbreaking study published in Criminal Justice Review in the spring of 1994, Jerome E. Jackson of the California State University at Fresno reported the results of a study of a new group of criminals he called “fraud masters. ” These professional thieves obtain credit cards via fake applications, or by electronic theft, and pass them around among their peers internationally for profit. These young men and women want the “good life” after growing up in poverty. They are proud of their skills of deception and arrogant enough to feel they won’t be caught.
None of those in the five-year case study were caught. As seen in the $50-million-plus losses in the MCI case, a far greater threat to businesses than hackers are disgruntled and financially struggling employees. As internal theft from retail stores has always been many times greater in volume than theft from shoplifters, robbers, and burglars, theft by employees armed with inside information and computer access is and will continue to be a much larger problem than intrusion by hackers, crackers, and terrorists combined.
By the turn of the century, 80% of Americans will process information as a major part of their employment, according to a United Way study. In addition, the future portends new and brighter “for-profit” invasion of business computers. As one Justice Department official says, “This technology in the hands of children today is technology that adults don’t understand. ” The first generation of computer-literate citizens will reach adulthood shortly after the turn of the century and will surely open a new age in the annals of crime and crime fighting.
One frightening type of computer criminal emerging rapidly is the “cyberstalker. ” Possibly the most disturbing of these criminals is the pedophile that surfs computer bulletin boards, filled with bright young boys and girls, in search of victims. He develops a relationship and then seeks to meet the child in person to pursue his sexual intentions. Already recognized as a serious problem, cyberstalking has spawned the “cybercop” –a police officer assigned to computer bulletin boards in search of these pedophiles.
Once a suspect is spotted, the cybercop plays the role of a naive youngster and makes himself or herself available for a meeting with the suspect in hopes of gaining evidence for an arrest. Also on the network, in search of pedophiles, are computer pornography sellers who offer magazine-quality color photographs of young boys and girls in a variety of sexually suggestive or actual sexual acts. Such a ring was broken up in 1994 and was found to have clients in several countries, with the pictures themselves transmitted from Denmark.
Another type of stalker expected to be seen more in the future is the emotionally disturbed loner, seeking attention and companionship through the Internet, and who often becomes obsessed with a bulletin board “friend. ” If this person obtains personal information about the acquaintance, he or she sometimes seeks a close, often smothering relationship. If spurned, the stalker launches a campaign of harassment, moving into real-space harassment if adequate information is obtained.
Vengeance can take many forms, from ruining credit records and charging multiple purchases to the victim to creating criminal records and sending letters to employers informing them of the “shady background” of the victim. In the twenty-first century, with access to the Internet available to all and information from data banks networked into dossiers reserved for “official use only” (but easily accessible to hackers and crackers), stalking will not only increase but be facilitated by a new generation of portable computers.
Organic nanocomputers may one day be implanted in the human brain, making possible a new crime: mindstalking. Unauthorized intrusion and seduction will reach directly into the victim’s brain, making the stalker harder to evade and even more difficult to escape. VIRTUAL CRIMES Stock and bond fraud is already appearing on the Internet–stocks and bonds that appear on the markets, are actively traded for a short time, and then disappear. The stocks and bonds are nonexistent; only the electronic impulses are real.
In a recent case, a trader was paid $9 million in commissions for what appeared to be some $100 million in sales of bonds. But investigators now feel that these bonds may never have changed hands at all, except over the Internet. In the future, a virtual-reality expert could create a hologram in the form of a respected stockbroker or real estate broker, then advise clients on the Internet to buy certain stocks, bonds, or real estate. Unsuspecting victims acting on the advice might later find that they had enlarged the coffers of the virtual-reality expert, while buying worthless or nonexistent properties.
This is just the tip of the iceberg in what might be tagged as “virtual crime”–offenses based on a reality that only exists over the computer. As virtual reality becomes increasingly sophisticated, it is the young adults in the first decade of the twenty-first century who–having grown up with virtual reality–will create the software and determine the legal and criminal uses of this technology. And with virtual reality potentially reaching directly into the brains of recipients via “organic” computers, the ability to separate reality from the truth outside, will be one of the greatest challenges of the twenty-first century.
The outlook for curtailing computer crime by technology or conventional law-enforcement methods is bleak. Most agencies do not have the personnel or the skills to cope with such offenses, and to date all high-tech approaches have been met by almost immediate turnabouts by hackers or crackers. As individuals see and talk to each other over computers in the next few years, and as nanotechnology makes computers even more portable, new technology will emerge to protect data.
But simplifying systems to make them more universally acceptable and accessible will also make them more vulnerable to intruders. Control of access by optical patterns, DNA identification, voice spectrographs, encryption, and other methods may slow down hackers, but no method is foolproof or presents much of a challenge to today’s most-talented hackers. The trouble is that in the future many more users will have skills far beyond those of today’s crackers–a process one expert termed “the democratization of computer crime. Still, there is much to be gained by easy access to the Internet.
The “cyberpunk imperatives,” a code subscribed to many hackers, include: (1) information should be free so that the most capable can make the most of it; (2) the world will be better off if entrepreneurs can obtain any data necessary to provide needed or desired new products and services; and (3) decentralization of information protects us all from “Big Brother. “. Computer crime probably cannot be controlled by conventional methods.
Technology is on the side of the offender and motivation is high–it’s fun, exciting, challenging, and profitable. The only real help is one that has not proven very successful in recent decades: conscience and personal values, the belief that theft, deception, and invasion of privacy are simply unacceptable. Behavioral psychologists argue that all values are learned by a system of rewards and, to a lesser extent, punishment. Thus, if these values are necessary for survival, children should consciously be conditioned to live by them.
If all citizens–all computer users–were taught these values and sought to live by them, the Internet could become the wondrous and friendly place its creators have envisioned. Ironically, the greatest possible allies to be found in this search for values are the adolescent hackers of the 1980s, many of whom are the software programmers of the 1990s. In his book, Secrets of a Super-Hacker, a hacker named “Knightmare” says that “true hackers” love to break into systems and leave proof of their skills, but do not hurt individuals by stealing tangible goods or money, or destroying files or systems.
Hacker ethics,” Knightmare writes, include informing computer managers about problems with their security and offering to teach and share knowledge about computer security when asked. Increasingly, government and business computer managers are asking. Many of the Fortune 500 companies and numerous government agencies have hired hackers to test their systems and even design new security protocols for them.
Thus, hackers are helping to protect the information superhighway from crackers and terrorists. As one hacker says, “Hackers love computers and they want the Net safe. ” In conclusion, computer crime is major part of our technological society and should be dealt with similarly to “real” crimes. In the electronic world, it is harder to find the criminal and track him/her down. In the end, all advantages, such as using a computer, come with their disadvantages, computer crime in it’s worst form.