The Categories and Types of Computer Crimes - Essay Example

Introduction The definition of computer crime is some what varied and diverse and always ever changing with the expansion of computer applications. The former definitions were made when the “computer world” was small and only covered the computer system; this is inadequate in describing the current mammoth systems. However, one definition that is appropriate today defines computer crime as any illegal act for which knowledge of computer technology is used to commit the offence (McEwen et al, 1989, p. 1). This definition covers both active and passive computer involvement in the crime. Active computer involvement include such attacks as changing data in databases and destroying files while passive attacks are those in which computers are used in the crimes such as keeping databases of illegal activities or network of members. McEwen et al (1989) categorize computer crimes into five main groups. These are: internal computer crimes, telecommunication and telephone crimes, computer manipulation crimes, computer in support of crimes and theft of hardware and software. Internal computer crimes involve the use of or alteration of computer programs which results in the computer system performing an unauthorized functions. This attack is often perpetrated by computer programmers and requires some level of knowledge to correct. Examples of this type of crime include use of computer viruses, trojan horses, logic bombs and trap doors. Telecommunication crimes involve illegal access and use of computer systems over telephone lines. In this method a hacking program continually dials the system with random codes, when a code is realized to be open, then the system is accessed and the cost is automatically reverted to the innocent customer. Another aspect is the misuse of telephone systems. Some examples of this type of crime are phreaking and hacking. Changing of computer data with an aim of advancing a crime by using the new data fall under computer crime category commonly called computer manipulation crimes. This is listed as the most common type of crime and is always responsible for loss of huge amounts of money. It includes embezzlement in financial institutions, by falsifying documents, and fraud. Another category of computer crime is when computers are used by criminals to support their activities. These support activities may include controlling of criminal networks, data storage in databases as well as communication with the members of the criminal network. The last category of computer crime which falls under thefts involves authorized copying of computer software (software piracy) and hardware. All these categories of computer crimes have differing levels of harm they may cause to an organization. These harms may include denial of service, data loss or system inconsistencies. While most of the changes in the computer and technology fields have been realized in the past twenty or so years, computer crime is not a new phenomenon. Throughout the sixties to date there have been a number of computer crimes which have been extensively covered and with the increasing level of sophistication in both hardware and software industries, there will continue to be even more spectacular cases of computer crimes. However, one case of computer crime worth discussing is that involving Adrian Lamo. Adrian Lamo Adrian Lamo was born in Boston, Massachusetts in February of 1981 to Mary Lamo-Atwood and Mario Lamo both of Columbian descent. He had formerly dropped out of Lowell High School (San Francisco) in 1999. In his time as a hacker he went by the name the homeless hacker due to his tendencies of roaming cyber cafes, abandoned buildings and lounge surfing. He is reputed to have gained access to a dozen of high-security networks sometimes to explore the weakness of the system while sometimes for research. He pled guilty to federal charges of unauthorized access to a computer network on 8th January 2004 and was sentenced to home detention and sixty five thousand dollars in restitution. After his conviction, he enrolled in American River College where he pursues a degree in writing, photography, and editorial work. He also married on September 6th, 2007 to Lauren Lamo. Major attacks Lamo is attributed to a dozen attacks on private and public networks which included schools but he is most famous for his access to the New York Times, Microsoft, Fortune 500 networks. He has also confessed to have gained access into Yahoo and SBC (a telephone company), Cingular, Ameritech among other networks. Hacking, the term used to refer to un authorized access to a secure computer network has its roots in the invention of the telephone. Hacking can only work in networked environments hence the first ever recorded ‘hacking’ was done by John Draper (captain Crunch) when he discovered that a toy whistle from a cereal box could produce the precise tone of 2600Hz which could consequently allow him to make free long distance calls (Kizza, 2002, p. 243). This came to be known as “phreaking”. Over time there were other attacks but the first notable system penetration started in mid-80 with a group of hackers who were based in San Francisco called 414-club. Their attacks were via Stanford University computers. But with time, there have arisen two types of hackers; those whose main aim is to detect weaknesses in system so that they can help the owners to correct the loop holes and those who scan for such loopholes so as to initiate attacks. the former are called white hat hackers/ robin hood hackers while the later are called black hat hackers/crackers. Adrian Lamo falls into the later category (Robin hood hackers). New York Times Attack Mitnick & Simon (2005) record in their book The art of intrusion: the real stories behind the exploits of hackers, intruders & deceivers that Adrian’s main motivation for hacking into New York Times systems was because he felt it could offer him some level of challenge due to their upped security after a previous hacking attack by HFC (Hacking for Girlies) ( Mitnick & Simon, 2005, p. 100). In the attack, Adrian went online and after exploring, discovered that the host for the times was outsourced which would mean that his access to the corporate site is limited. So he checked for New York Times from ARIN (American Registry for Internet Numbers), an organization that manages the internet numbering resources for North America. From this he got the IP addresses for New York Times which he scanned but without success, he then checked the list of Domain Name Server (DNS) and was not successful again, finally he went back to the website and got an email link from which he extracted the internal IP address of the Times he scanned for an open address and got in finally. When inside, he created five separate accounts including one in which he added his own name and cell phone number. After browsing for a about three months (conducting well over 3000 searches), he contacted a well known internet journalist and explained the vulnerability of Times’ system which he had exploited. He however asked the journalist not to publish the story until when Times will have corrected the flaw. However the Times, embarrassed by the former attack did not want to hear what he had to say. It is at this point that he informed the journalist to publish the story. After the publishing, the flaws were corrected within 24 hours. (Mitnick, & Simon, 2005) MCI WorldCom In gaining access to this system, Adrian used a computer program called proxyHunter to locate open proxy servers at WorldCom. After scanning he identified five open proxies. He identified one which was used for internal private network and configured his laptop browser to use the proxy. Two months later, he had gained access to the human resource network and extracted names of the company’s 86,000 employees. With these information he could reset the password for each employee and access the payroll for the company as well as other private information about each employee. At that instance he could even have diverted the payment for many employees to his account but he did not. Court case In September 8th, 2003, the then United States Attorney for the Southern District of New York, James B. Comey prosecuted Adrian Lamo before a Manhattan Federal Court for hacking into the internal computer network of New York times, creating a fictitious user identities conducting searches that run up to $300,000 in database charges for a period of over three months. However in the investigations that were led by Pasquale D’amuro, the then Assistant Director of FBI in Charge of the New York other charges of hacking were not included. Adrian pleaded guilty to these charges and was sentenced to six months of home confinement, a two year probation period and was also ordered to pay $64,900 in restitution. (U.S. Department of Justice, 2003) Bibliography Kizza, J. M. (2002). Ethical and social issues in the information age. New York: Springer. McEwen, J.T. et al (1989). Dedicated Computer Crime Units. New York: DIANE Publishing. U.S. Department of Justice. (2004). Hacker Pleads Guilty in Manhattan Federal Court to Illegally Accessing New York Times Computer Network. Retrieved June 7, 2009, from United States Attorney, Southern District of New York website: http://www.usdoj.gov/criminal/cybercrime/lamoPlea.htm U.S. Department of Justice. (2003). U.S. Charges Hacker with Illegally Accessing New York Times Computer Network. Retrieved June 7, 2009, from United States Attorney, Southern District of New York website: http://www.usdoj.gov/criminal/cybercrime/lamoCharge.htm Parker, T., et al. (2004). Cyber adversary characterization: auditing the hacker mind. New York: Syngress. Milhorn, T. H. (2004). Crime: Computer Viruses to Twin Towers. New York: Universal-Publishers. Gissel, R. (2005). Digital Underworld. Massachusetts: MacroTech Press. Mitnick, D. K. & Simon W. L. (2005). The art of intrusion: the real stories behind the exploits of hackers, intruders & deceivers. San Franscisco: John Wiley and Sons. Solomon, M. G et al. (2004). Computer forensics jumpstart. San Franscisco: John Wiley and Sons. Milhorn, T. (2007). Cybercrime: How to Avoid Becoming a Victim. New York: Universal-Publishers. Schell, H. B. (2007). The Internet and society: a reference handbook. Las Vegas: ABC-CLIO. Weiser, B. (2003). Hacker Accused of Running Up $300,000 Charge at The Times. Retrieved June 7, 2009, from The New York Times. Website: http://www.nytimes.com/2003/09/10/nyregion/10HACK.html Read More