ЮрИнфоР >>> Институт актуального образования "ЮрИнфоР-МГУ" >>> Конференции и круглые столы >>>
International conference organized by "JurInfoR-MSU" Institute for Contemporary Education, “JurInfoR” center, the Criminalists and Criminologists’ Union (Moscow), and the U.S. Department of Justice, 20-21 May, 1997, Moscow
On combating new types of economic crimes in Russia and the United States
Illegal online activity
The Internet and other online environments are no more immune to criminal conduct than is the physical world, These media provide new opportunities for the coordination and commission of a variety of illegal acts. This document offers an overview of the types of criminal methods and conduct investigators have encountered on line in the past (and are likely to encounter in the future)
Computers can play three different roles in criminal. Activity. First, a computer may be a target of the offense, where the criminal's objective is to steal information from, or cause damage to, the target systems. Second, computers can be used as tools to facilitate an offense, such as an attack on another computer system or a more traditional offense (such as fraud) carried out electronically. Finally, a computer may be used as a storage device, Note that a single case may involve all three types of computer use,
1. Computer As Target
True “computer crime” involves attacks on a victim computer, generally to acquire information stored on that target, to use the target system without payment (theft of service), or to damage the system. Most (but not all) such violations involve gaining unauthorized access to the target system (i.e., “hacking” into it).
Theft of information
Offenses involving theft of information may take a variety of forms, depending on the nature of the system attacked. Sensitive information stored on law enforcement and military computers offers a tempting target to many parties, including subjects of criminal investigations, terrorist organizations, and foreign intelligence operatives.
Hackers also target non-governmental systems to obtain proprietary information. In some instances, the focus is on economically valuable information. For example, in one case a hacker gained access to a hotel reservation system to steal credit card numbers. In another, a hacker stole proprietary information - valued at more than one billion dollars - that would have allowed him to build a cellular phone system.
The latter case falls into the broad category of intellectual property theft. This includes not only the theft of trade secrets, but also much more common offenses involving the unauthorized duplication of copyrighted materials, especially software programs (such as prerelease versions of commercial programs) not otherwise available.
Sometimes an attacker’s motivation is to learn private information about another individual, whether as a means to an end (e.g., to extort money or to embarrass the victim through public disclosure) or simply to satisfy personal curiosity, Targets in this category include systems containing medical records, telephone customer records (such as call records or unlisted directory information), or consumer credit report information.
Theft of services
A second class of violations involves gaining unauthorized access to a system for the purpose of obtaining unpaid-for services. For instance, an offender may use his computer to break into a telephone switching system (including a private system, such as a PBX) in order to steal long-distance calling services. (This type of telephone equipment manipulation is often referred to as “phone phreaking” or simply “phreaking.”) In some cases, hackers have used the resources of compromised systems to perform intensive computational tasks such as cracking encrypted passwords stolen from other sites,
The most common theft-of-service offense is associated with the practice of “weaving,” the process by which a hacker traverses multiple systems (and possibly multiple telecommunications networks, such as the Internet or cellular and landline telephone networks) to conceal his true identity and location. In this scenario, the sole reason for breaking into a given computer may be to use it as a stepping-stone for attacks on other systems.
Damage to systems
Even where an attacker's objective is not to obtain information from the target computer or to use it, he may have any of several other goals in mind. Perhaps most obvious is the case where the attacker intends to destroy or modify data important to the owner or user(s) of the victim system. Malicious attacks of this type are often carried out by disgruntled ex-employees seeking to retaliate for perceived unfair treatment. See, e.g., Sablan v. United States, 92 F.3d 865 (9th Cir. 1996) (shortly after dismissal, ex-employee of bank modified or deleted files on computer system).
A more insidious type of damage takes place In cases where the attacker compromises a system in furtherance of a larger scheme. The moat well-known examples of this type of attack have .involved telephone network computers. In one case, a hacker manipulated telephone switching equipment to guarantee that he would be the winning caller in several call-in contests held by local radio stations; the fruits of his scheme included two Porsche automobiles and $30,000 in cash.
Internet-connected computers are subject to similar types of attacks. Routers - computers that direct the path taken by data packets traveling on the Internet - are analogous to telephone switches, and are thus tempting targets for skilled hackers interested in disrupting, or even rerouting, communications traffic on the network .
On several occasions, hackers have installed "sniffer" programs that surreptitiously capture user passwords during the login process. Because users often employ the same password on more than one computer system (contrary to prudent security practice), capturing a user’s password often provides a hacker easy access to other computer systems where that user has accounts. That access, in turn, greatly simplifies the hacker's task of compromising those other systems.
Computer as Instrumentality of Cfiminal Conduct
Computers may play the role of instrumentality in illegal conduct in either of two ways. An offender may merely use a computer to perpetrate a traditional offense, such as a fraudulent marketing scheme, or may instead employ it as a means of attacking another computer. The following sections describe the types of activity commonly observed in this area.
Computer as Tool of Traditional Offenses
Like the physical world, the online world has its share of hucksters, seam artists, and fly-by-night operators. Frauds commonly attempted on line include:
— advance fee schemes, in which the offender advertises the availability of goods or services and requires payment in advance. Only after paying do victims discover that the goods or services are defective, inferior, or nonexistent.
— pyramid schemes and chain letters essentially identical to those disseminated by postal mail. A conventional chain letter contains a list of names and addresses to whom recipients are urged to send money. Recipients are then expected to add their names to the list (often removing the topmost name to keep the number of participants constant) and to redistribute the updated letter.
— Ponzi schemes, which differ from chain letters in that a Ponzi scheme promotes an allegedly lucrative business opportunity, often involving foreign currency exchange, precious metals trading, or other high-return investment. There is in fact no underlying business, and the perpetrator simply uses the "profits" from later investors' contributions to pay earlier investors, thus giving the appearance of profitability and attracting additional victims.
Vehicles used to promote these frauds include the World-Wide-Web, Usenet (where solicitations are often posted indiscriminately to hundreds of newsgroups), Internet Relay Chat, and direct e-mail. (The term “spamming” is often used to refer to the practice of sending large numbers of promotional messages indiscriminately to individual e-mail addresses, mailing lists, or Usenet newsgroups.)
Online gambling operations, made generally illegal under 18 U.S.C. p. 1084, have also become increasingly common. Made available most frequently on the Web, often from offshore, these operations range from simple lottery sites to sports betting operations or even full-blown “virtual casinos" offering a range of gaming activities. Aside from the illegality of the gambling transmissions themselves, there is also tremendous potential for fraud by the “house,” as by rigging probabilities (in craps, for example), inspecting players' cards, or even refusing to pay stakes to winners. While moat current operations obtain players credit card numbers as a means of payment, the anticipated increase in the use of “digital cash” ia likely to simplify online transactions and fuel growth in the gambling arena.
Online resources are also an inviting medium for would-be traffickers in obscene materials and child pornography. Cyberspace offers these individulala a number of advantagea over the physical world, including a) the ability to use a pseudonym instead of a real name, b) the ease of locating and communicating with like-minded peraona, and g) the speed and eaae of exchanging digitally atored images over long diatanges at minimal cost. Internet Relay Chat and/or chat rooms are common meeting grounds, with images distributed variously over Usenet, the Web or via electronic mail, Pedophilea may also exploit the identity- concealing aspects of cyberspace to converse (and even arrange for in-person encounters) with intended victims,
While these Crimea are those most commonly encountered in the online realm, it is worth emphasizing the point that online facilitiga may be used in the furtherance of a broad range of traditional criminal activity. Electronic mail and chat aeaaions can be used to plan or coordinate almoat any type of unlawful act, or even to communicate threats or extortionate demands to victims. As robust encryption methods become more widespread, criminals can be expected to use this technology to evade detection in the planning and execution of their illegal activities.
Computer As Means of Attacking Other Computer
In some cases, the victim computer and the attacking computer will be one and the same, This is most frequently seen in “insider” attacks, such as the Sablan case cited in section I above, where a perpetrator has physical access to the target machine.
In the majority of cases, however, attacks on computers are launched from other computers residing on the same network, Because some networks - the Internet, most obviously - consist of hundreds or thousands of sites spanning multiple continents, there are correspondingly greater opportunities for intrusions or other attacks,
Remote attacks fall into two basic categories: unauthorized access and denial of service. In an unauthorized access attack - i.e. a classic computer intrusion - the offender attempts to exploit security holes in the target system as a means of gaining access to the system itself. If successful, the attacker may steal or destroy information or use the compromised system as a platform from which to launch attacks on still more machines.
In a denial-of-service attack, by contrast, the objective is to disable the target system without necessarily gaining access to it. One technically straightforward method of accomplishing this objective is “mailbombing”, the practice of sending large volumes of e-mail to a single site' (or user account) in order to clog the mail server or even cause the target host to crash. Other methods, ranging from simply tying up incoming phone lineb all the way to technically sophisticated attacks using low-level data transmission protocols, may also be used to achieve the same end I rendering the target system unavailable for normal use.
3. Computers as Storage Devices
The third role a computer can play in criminal activity is that of passive storage mediums In many cases, this use will be ancillary to the system's other role as the victim of an intrusion.
For examples after compromising a system a hackerwill often create a special directory for storing files. These files may include hacking software tools, password files (or password lists) for other sites, or lists of stolen credit card numbers. By secreting these types of information on a remote system, hacker makes it more difficult to tie these articles to him in the event he comes under law enforcement scrutiny.
Hackers may also use these storage locations as “dead drops” or even clearinghouses for distribution of password lists, credit card and calling card numbers, proprietary corporate information, pornographic image files, or “warez" (pirated commercial software).
Copyright (c) 1996-2001 Институт актуального образования ЮрИнфоР-МГУ
Замечания и предложения просьба присылать группе разработки Института "ЮрИнфоР-МГУ"