TUCoPS :: Cyber Law :: compcrim.txt

Computer Crimes - a speech by William S. Sessions, ex-FBI top dog



                                                                
                        COMPUTER CRIMES:
                   AN ESCALATING CRIME TREND                       

                              By

                      William S. Sessions                               
                           Director
                Federal Bureau of Investigation

                                                                  
     Editor's note:  This article is based on a speech given by 
     FBI Director William S. Sessions.                                 
     
     Artificial intelligence, laptops, PCs, vaxclusters, local
area networks, cobol, bits, bytes, viruses, and worms.  Most
people recognize these words as computer terms.  As computers
have become a vital part of the American way of life, computer
terminology has crept into the vernacular.  There is no doubt
that computers touch every aspect of our lives.  Well over 80
percent of daily financial transactions nationwide take place
via electronic funds transfers.  However, many computer systems
are highly vulnerable to criminal attack.  In fact, computer-
related crime costs American companies as much as $5 billion 
per year.

     When Clifford Stoll, an astrophysicist with an interest in
computers, described computer crime, he likened computer
networks to neighborhoods and small communities. He said cities
and towns are tied together by streets, roads, highways, and
interstates.  Likewise, communities of computers are linked
through local, regional, and national networks.  Rather than
transport food and equipment like highways do, computer networks
move ideas and information.

     Unfortunately, just as American communities are threatened
with drugs and violent crime, this Nation's computer networks
are threatened as well.  They are threatened by thieves robbing
banks electronically; they are threatened by vandals spreading
computer viruses; and they are even threatened by spies breaking
into U.S. military systems.

      White-collar crimes in general--and computer crime in
particular--are often difficult to detect and even more
difficult to prosecute because many times they leave no
witnesses to question and no physical evidence to analyze.  And,
because computer technology is such a rapidly evolving field,
law enforcement has not yet developed a clear-cut definition of
computer crime.  Nevertheless, two manifestations of computer
crime are obvious:  The first is crime in which the computer is
the vehicle or tool of the criminal, and second, crime in which
the computer and the information stored in it are the targets of
the criminal.

COMPUTERS AS CRIME TOOLS

     When criminals use computers as their tools, the crimes
they engineer are essentially traditional crimes, such as
embezzlement, fraud, and theft, perpetrated by non-traditional
means.  The criminal uses a computer as an instrument, like the
forger's pen or the terrorist's bomb.

     The vast majority of computer-related crimes that the FBI
investigates falls into the category of using the computer as a
tool.  For instance, if a team of FBI Agents in one of its 56
field offices uncovers information that a disgruntled employee
is tapping into a bank's computer to transfer funds illegally,
those Agents will probably open up a bank fraud and embezzlement
case and proceed from there.

COMPUTERS AS CRIME TARGETS

     But what about the emerging crime trend that is unique to
computers--in which the computer is the target?  This type of
crime occurs when a computer and the information it stores are
the targets of a criminal act committed either internally by
employees or externally by criminals.  The external threat
usually involves the use of telecommunications to gain
unauthorized access to the computer system.

     In its investigations, the FBI has determined three groups
of individuals involved in the external threat.  The first, and
the largest, group consists of individuals who break into a
computer just to see if they can do it--without stealing or
destroying data.  The next group breaks into computer systems to
destroy, disrupt, alter, or interrupt the system.  Their actions
amount to malicious mischief because they do not attack the
system for financial gain, which is the motive of the last
group.  This group constitutes a serious threat to businesses
and national security for these individuals are professionals
who use specialized skills to steal information, manipulate
data, or cause loss of service to the computer system.

MEASURES TAKEN AGAINST COMPUTER CRIME                             

     Offenses committed through the use of computers include
thefts, destruction of property, embezzlement, larceny, and
malicious mischief, to name a few.  For the most part, offenders
have been prosecuted under Federal statutes (1) to address those
particular crimes.  However, to investigate and prosecute
computer crimes not adequately covered by existing U.S. Federal
laws, the Computer Fraud and Abuse Act was passed. One aspect of
that act made it a crime for an unauthorized person--the
hacker--to access a computer system.

     In 1986, this law was amended and expanded in scope and
appears on the books as Title 18, U.S. Code, Section 1030.  This
statute contains essentially five parts--computer espionage,
theft of financial information, trespass into U.S. Government
computers, trespass into "Federal interest computers" (2) with
intent to defraud, and trespass into a Federal interest computer
to alter or destroy information.  Both the FBI and the U.S.
Secret Service have joint jurisdiction to enforce this statute.
However, the statutes in the new computer fraud and abuse cases
have seldom been interpreted by the courts.  In fact, only 74
FBI cases with the computer as the target of the crime were
identified between August 1987, and December 1989.

CASE STUDY

     One particular case that captured much media attention
demonstrated how complex and elusive computer crimes and
computer criminals can be.  In November 1988, a Cornell
University graduate student designed the "Internet worm," a
malicious code that spread to several hundred computers and
affected the operations of several thousand U.S. Government,
military, education, and commercial computer systems.  This
"worm" did not destroy data but caused massive disruption to
the Defense Department's Advanced Research Project Agency
Network and the computers connected to it.

     Investigators from several FBI field offices identified the
man responsible for the attack, which attracted attention when
it overloaded the system's capacity in numerous locations.  This
student was charged with devising and executing a computer
attack on approximately 6,200 computers connected to the Defense
Data Network.  On July 26, 1989, he was indicted for violating
the Computer Fraud and Abuse Act, a felony that carries a
sentence of up to 5 years in prison.  On January 22, 1990, a
jury in the Northern District of New York returned a verdict of
guilty.  The student was ultimately sentenced to 3 years'
probation, 400 hours of community service, and a $10,000 fine.

     This particular case raised many questions regarding the
long-range impact of "malicious code."  Malicious code is the
general term for computer software designed to deliberately
circumvent established security mechanisms or to take advantage
of inadequate system policies or procedures.  It is often
difficult to trace and is frequently not discovered until it is
too late to prevent the intended harm.

     Computer viruses and computer worms are malicious codes
most frequently introduced into computer systems.  Although some
viruses have been known to carry benign code, more often they
will have devastating effects, such as destroying files or
corrupting data.

EFFECTS OF COMPUTER CRIME

     Computer hacking and the unleashing of viruses are not
harmless pranks.  These products of computer criminal action
have the potential for great harm, not only to large financial
institutions but also to all citizens.  Criminals who hack into
a computer storing a doctor's patient and prescription
information could, by electronically altering the drugs and
dosages, inflict serious harm on patients.  Criminals who hack
into defense computers could compromise valuable intelligence
information and possibly alter the world's balance of power.
And, a fanatical terrorist could inflict devastating damage with
a virus.

     These are very real possibilities.  And the increase in the
number of criminals who have the knowledge and capabilities to
access computers are the reasons why this emerging crime trend
is among the FBI's top priorities.

INVESTIGATING COMPUTER CRIME

     Solving crimes that involve computers demands special
investigative strategies, training, and skills.  To conduct
successful investigations in computer crime, the FBI uses a team
approach.  In most of the investigations that involve computers,
the FBI Agent plays the role of the team leader, assisted by a
computer technician--often drawn from the FBI support personnel
ranks--when necessary.  In addition, the FBI draws on knowledge
from other government agencies, private sector computer firms,
and universities to augment the level of expertise brought to
these sometimes very complex investigations.

COMPUTER CRIME TRAINING                                           

     In order to fight the computer criminals of the next 
century, the FBI is providing investigators with the necessary 
training and expert support services to ensure that their 
efforts are well directed.  For example, computer crime training 
classes for FBI Agents and National Academy students at the
Bureau's facility at Quantico, Virginia, began in 1976.  The FBI
training philosophy is:  To be a computer crimes investigator,
you first must be a computer user.

     Specifically, the FBI offers two computer courses to FBI
Agents and police investigators. In the 2-week basic computer
course, students learn to use computers and become familiar with
the various databases so they can recognize aberrations and
crimes when they occur.  In short, they are made computer
literate.

     Another course is a 1-week advanced investigative course
that zeroes in on viruses and other tricks of the trade.  This
course also covers searches and seizures of crime evidence found
within computers.

INVESTIGATIVE SUPPORT                                             

     Not only are FBI Agents and police investigators trained in 
computer operations, but they are also supported with CASIAT--the 
FBI's computer-assisted security and investigative analysis tool.  
CASIAT is not a computer but a group of experts--members of the 
FBI's National Center for the Analysis of Violent Crime--who
analyze computer crime patterns and develop profiles of computer
criminals to assist investigators.  For instance, as a result of
their research, it has been determined that computer hackers are
motivated by a variety of emotions--including revenge,
retaliation, vandalism, and malicious mischief.  The CASIAT
experts are also establishing a national repository of malicious
software or viruses.  In addition, they are studying the methods
used by various computer criminals in order to deal with crimes
committed by these individuals.

CONCLUSION                                                        

     In the continuing fight against computer crime, law
enforcement must continue to strengthen its investigations,
training, and support services.  The education of prosecutors
and investigators is necessary for them to know and to
understand the elements of criminal conduct in computer crime.
These crimes will be dealt with by using traditional laws and
investigative techniques when possible, but new strategies must
be adopted when needed in order to keep current with the
computer crime trends of the future.

     However, the greatest point of control is removing the
opportunity to commit computer crime.  Computer security is
first and foremost the responsibility of the system owner.
Therefore, corporations must bring the issues of computer
security to the management levels and create policies that
establish security standards and response strategies to computer
crimes.  Cooperative efforts between the public and private
sectors will prevent the computer criminal from causing serious
damage in our Nation.


FOOTNOTES
                                                        
     (1)  18 U.S.C. sec. 1030 (Computer Fraud and Abuse Act of 
1986); 18 U.S.C. sec. 2701 (unlawful access to stored 
communications); 18 U.S.C. sec. 1362 (malicious mischief); 18 
U.S.C. sec. 2314 (interstate transportation of stolen property); 
18 U.S.C. sec. 1343 (wire fraud); 18 U.S.C. sec. 641 (theft of 
government property); 18 U.S.C. sec. 793 (espionage).             

     (2)  A "Federal interest computer" is defined as either a 
computer used by the Federal Government or financial 
institutions, or affecting the use for the Government or 
institution, or a computer "which is one of two or more 
computers used in committing the offense, not all of which are 
located in the same state." 
 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH