Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

The Prosecution of Computer Crime

Document Cited in Related
Vincent
Published date01 April 2002
Date01 April 2002
DOIhttps://doi.org/10.1108/eb026030
Pages308-325
AuthorR.E. Bell
Subject MatterAccounting & finance
Journal of Financial Crime Vol. 9 No. 4
The Prosecution of Computer Crime
R. E. Bell
INTRODUCTION
Criminals have always exploited technological
advances and therefore the advent of the gun, the
telephone and the car created new opportunities for
crime. Similarly, the increasingly widespread use of
computers in society has led to computer-related
crime.1
Computer-related crime may be divided into in a
number of different categories. First, computers
may be incidental to an offence, but still significant
for law enforcement purposes. For example a compu-
ter may have been used by a drugs trafficker to record
details of shipments and corresponding payments
and, although incidental to the offences, the compu-
ter may therefore still have significant evidential
value. Second, a computer may be a tool for commit-
ting offences. In United States v Osowski and Tang the
indictment alleged that the defendants exceeded their
authorised access in order to enter a system used to
manage stock option disbursals and direct that
stock, valued at approximately $6.3m, be placed in
their personal brokerage accounts.2 The phrase 'old
crime, new tools' is sometimes used to describe this
category of crime. For example, threats to kill is a
'traditional' crime that can now be carried out by
the new tool of e-mail. Third, a computer may be
the target of an offence. In 1988 Robert Morris
launched a program, subsequently known as the
'Morris Worm', infecting more than 10 per cent of
the Internet. Many businesses and government sites
disconnected themselves from the Internet as news
of the incident spread. Costs to repair the infected sys-
tems were estimated to be approximately $100m, and
Morris was subsequently convicted in the USA under
the Computer Fraud and Misuse Act.3 The phrase
'new crime, new tools' is sometimes used to describe
this category of crime.
There are, of course, a range of other possible
definitions and classifications of computer crime
and room for much debate on what constitutes it.
As a result there is yet no internationally recognised
definition.4 The NCIS definition of computer
crime as 'an offence in which a computer network
is directly and significantly instrumental in the
commission of a crime'5 may cover two of the cate-
gories above. Computer crime can also be classified
into crime that involves the use of the Internet or
crime that does not involve the Internet. A narrower
definition might omit the use of computers to
commit traditional crimes and focus on crimes
where the computer is the target of the offence. On
this basis not every crime committed with a
computer would be a computer crime.
However computer crime is defined, computers
are now emerging in many types of criminal investi-
gations and their increasing use by criminals requires
a consideration of whether we have adequate legal
tools and resources to locate, identify and prosecute
cybercriminals.
THE SCALE OF THE PROBLEM
Although statistics showing the level of computer
crime are limited, cybercrime has been described as
'one of the fastest evolving areas of criminal beha-
viour'.6 The view of the UK Audit Commission is
that computer fraud and abuse is on the increase
and is expected to worsen as use of the Internet
increases. According to its 1997 survey, computer
fraud and abuse was increasing: 45 per cent of organi-
sations then suffered from it, up from 36 per cent in
1994.
Losses from fraud were up 25 per cent, from
£28,000 per incident in 1994 to £35,000 in 1997.7
In a 2001 US survey, 85 per cent of respondent orga-
nisations had detected a computer security breach
that year; 64 per cent had suffered financial losses
due to these breaches; 34 per cent had suffered theft
of proprietary information; and 21 per cent had
suf-
fered loss through financial fraud.8 Computer-related
crime is therefore increasing in both volume and
complexity and, arguably, is now having a major
impact on society. A 1997 estimate considered that
computer crime cost between $500m and $10bn
annually in the USA alone.9
Those concerned with financial crime must have a
clear understanding of the issues involved in compu-
ter crime, since much of it is financial crime or, at the
very least, crime that has major financial implications
for individuals, businesses or society as a whole. In the
modern economy, intellectual property is often
regarded as the most valuable asset owned by a busi-
ness.
As much of it is stored in digital format on com-
puters, theft and copying of information becomes an
Journal of Financial Crime
Vol. 9, No. 4, 2002, pp. 308-325
Henry Stewart Publications
ISSN 1359-0790
Page 308
The Prosecution of Computer Crime
important area of criminal activity. Once stolen, it is
useless arranging police roadblocks or watches at
ports and airports, as digital property, unlike stolen
paintings, can be sent out of the country via
modem. However, even this assumes that the organi-
sation recognises there has been unauthorised access
to the computer holding the information and that it
has been copied. In the new knowledge economy,
hackers can make significant financial gain from the
sale of stolen information and intellectual property.
In 2000 hackers gained unauthorised access to the
Benetton Formula One engine designs.10 Similarly,
hackers are increasingly targeting the Hollywood
film industry now that films are being stored using
digital
technology.11
Internet banking has brought a new dimension to
potential fraudulent activity as it redefines consu-
mer banking and creates new opportunities for
high-tech crime. In 1994, unauthorised access to
Citibank's cash management system was gained
by hackers in Russia and more than $10m was
wire transferred to pre-established accounts. The
FBI began to monitor the cash movements and
discovered cash being moved to accounts in
Argentina, Indonesia, Finland, Russia, Switzerland,
Germany and Israel. Eventually, all but $400,000
taken before monitoring began was recovered.
The investigation resulted in six foreign nationals
being charged in the USA. Vladimir Levin was
arrested in England in 1995 and was extradited
to the USA in 1997, later pleading guilty to
conspiracy to commit bank fraud.12
The Internet has created new opportunities for
various types of fraud. The Securities and Exchange
Commission has stated that nearly 25 per cent of all
US federal securities investigations in the USA now
involve some form of Internet-related stock fraud.
One of the most high profile of these cases was that
of Jonathan Lebed, aged 15, who, after purchasing a
large block of stock, sent numerous false and mis-
leading e-mails to message boards. Consequent
buying caused the price of the stock to increase
dramatically, whereupon Lebed sold his stock,
making profits of $272,826.13
The stereotypical picture of teenage hackers does
not represent the only threat in terms of computer
crime. Disgruntled employees have the capacity to
cause significant financial damage to their employers.
In United States v
Lloyd,14
a former chief network
administrator sacked from his job after working for
the company for 11 years was convicted in relation
to deleting all design and production programs
belonging to a high-tech measurement and control
instruments manufacturer. The damage, in lost
contracts and lost productivity to the company,
totalled more than $10m. Of course an employee's
motivation for computer misuse need not necessarily
be financial. In R v Rymer, a male nurse was con-
victed of two charges of unauthorised modification
of computer material after hacking into a hospital
computer system and prescribing potentially lethal
drugs to
patients.13
Computers also open up new opportunities for
blackmail. In 1997, telephone calls were made to
banks in Oregon and Massachusetts claiming that
the institutions had been targeted by an environ-
mental group. The caller explained that the group
had penetrated the bank's computer systems and, if
the banks did not make $2m in 'donations' to the
group, the computer systems would be crashed. A
subsequent telephone call was traced and the
defendant was arrested and later pleaded guilty to
extortion.16
Organised crime groups have become aware of the
possibility of exploiting computers for criminal
purposes and there are increasing incidences of such
groups being engaged in high-tech crime.17 In Italy
members of a criminal group allegedly succeeded in
'cloning' an online branch of the Banco di Sicilia
and were preparing to remove funds from an account
belonging to the Sicilian regional government. With
the complicity of two bank employees and using
stolen computer files, codes and passwords, the
organisation had managed to compromise the
bank's computer systems. The police view was that
the operation was certainly authorised by the Sicilian
Mafia.18 It is also believed that the Russian Mafia is
becoming increasingly sophisticated in computer
crime. Russian Mafia hacking rings are often run
by former KGB agents who recruit hackers to hack
into e-commerce computers and steal credit card
and bank account numbers. More than 1 million
credit card numbers have reputedly been stolen by
Eastern European organised crime groups. Organised
crime has also moved into 'cyberextortion' whereby
hackers download proprietary information, such as
trade secrets and customer databases, and then
demand money, either to patch the system against
other hackers or to prevent the sale of the material
to foreign competitors of the businesses they were
stolen from.19 The potential use of violence and
intimidation either to recruit hackers or to obtain
Page 309

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT