A Charitable Research Foundation Devoted to Education, Consumer Protection, Scientific Advancement and Freedom...

  document Index | first magazine Section | main Archives

                                 ˙about donations ž join H home Ŗ media i about ( contact   

 

IT'S CYBERWAR!!
How to understand and fight computer crime. Identity theft, cyber stalking and other computer-related crimes are on the rise.  Here's how to shake them by understanding the threat and taking on countermeasures.

* FOR IMMEDIATE SECURITY ASSISTANCE...
   VISIT COMPAMERICA's 902M Security Server >

     call 888-275-2771 for a user id - free to all ACSA members

 

It is in this digital soup, this is a hyper-relational environment, that we see the death of the barrier. . . . What we do have is the network and the death of dichotomy. This is fatal for the legal system, which depends for its very life on the existence of barriers- after all, that's what the law does: it utters the line between this and that, and punishes the transgressor.

-- Curtis E.A. Karnow

Introduction

The Internet is a new frontier, but it's problems are not unlike any wild, unregulated environment.  Just like the Wild, Wild West, the Internet  is wide open to both exploitation and exploration, it has good and on it some of its users are simply bad to the bone. There are no sheriffs on the Information Superhighway, they think.  In reality, there are more and more law enforcement agents setting up decoys on the web. While it appears no one is there to protect you or to to lock-up virtual desperados and bandits, you can resort to reporting crimes if committed against you.  The lack of supervision and enforcement in certain areas, leaves users to watch out for themselves and for each other. That includes chat rooms on such as AOL, MSN, and other online services, one's INBOX, and in anything that extends your contact with another from inside the web alone to outside at a physical location.

One problem is that Teenagers keep dangerous contacts a secret form their parents.  It takes considerable time, but a parent must insure that the Teen understands that the ONLY reason an adult impersonating someone their own age, or older, would ever want to meet them, could potentially end their life.

Early on in the history of the Internet, a loose standard called "netiquette" was developed but it is still very inadequate and not adequately protective, from the standards found in "real life".  Unfortunately, cyberspace remains wide open to faceless, nameless con artists that can carry out all sorts of mischief.

A FEW Basic Rules ACSA has evolved:

A) Know who is contacting you.  Find out their name and address, and check them out first.  Remember, any person can impersonate anyone else!

B) Never give private information like credit cards, social or other information, unless you initiated a purchase with a reputable business, and then only to a Banking Institution or Secure Credit Card Processor.  PayPal is a recommended payment method, as is Thumbcard. 

C) If you suspect fraud, don't pay, you can always pay later. If you are a merchant and suspect fraud, don't ship the merchandise, you can always do so later.  Wait and be sure of your customer.

D) Discount all offers up front to pay for goods in any manner, and ship them to anything but the confirmed address of the credit card holder or bank account.  ALWAYS check the Address Verification System of your credit card processor and / or the bank or credit card company in use. 

E) If you receive a check, either verify the shipping address with a good check verification service, or provide it to the Bank issuing the checks, and double check. 

F) If you even remotely think someone unauthorized in the household of the account holder is pulling a fast one, contact the account holder by phone.

C) Unless you are an adult, never give out your real name or address or phone number to anyone you haven't met in the Real world first, and then only if they are someone you can trust, like a schoolmate or teacher, and even then, hesitate.  They should not need your personal information.

Types of Cybercrime

The definition of cybercrime is still evolving.  Currently there is much debate among experts about what constitutes a computer-related or cybercrime. Cybercrime generally is understood to include traditional activities such as fraud, theft or forgery whenever a computer is involved. It can also include a number of new crimes like cyberstalking.  Cybercrime can also include activities not considered criminal in one jurisdiction, but punishable in another.

The top ten list of scams as recently listed in Consumer Sentinel, a database maintained by the Federal Trade Commission are:

1. Internet auction fraud
2. Internet service provider fraud
3. Fraudulent Internet web-site design/promotions (web cramming)
4. Fraud related to Internet information and adult services
5. Multi-level marketing (pyramid sales) fraud
6. Business opportunities and work-at-home fraud
7. Investment, get-rich-quick schemes
8. Travel/holiday fraud
9. Telephone, pay-per-call solicitation frauds
10. Health-care fraud.

We cover most of the significant cybercrime issues below.

Computer Network Intrusions

One of the first problems with networks was that people can get into them from anywhere.  The popular movie "War Games" illustrated an extreme but useful example of this.  Crackers (often misnamed hackers) can break into computer systems from anywhere in the world and steal data, plant viruses, create back doors, insert Trojan Horses, or change user names and passwords.  Network intrusions are illegal, but detection and enforcement are difficult.  Current law is limited and many intrusions go undetected.  The cracker can bypass existing password protection by creating a program to capture logon IDs and passwords.

Password Sniffers

Password sniffers are programs that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can then impersonate an authorized user and log in to access restricted documents. Laws are not yet set up to adequately prosecute a person for impersonating another person on-line, but laws designed to prevent unauthorized access to information may be effective in apprehending crackers using sniffer programs. 

Spoofing

Spoofing is done when you disguise one computer to electronically "look" like another computer in order to gain access to a system that would normally be restricted.  

Industrial Espionage

Corporations, like governments, often spy on the enemy. The Internet and privately networked systems provide new and better opportunities for espionage.  Spies can get information about product finances, research and development, and marketing strategies.  These cyberspies rarely leave behind a trail.

Cyberfraud

Stock manipulation, pyramid schemes, fraudulent business opportunities, offshore scams, are all types of cyberfraud.  The Internet has made these all the easier with fraudulent web auctions, internet services, merchandise, pyramid and multilevel marketing schemes, business opportunities, work-at-home schemes, credit card issuing, sweepstakes, and book sales leading the way.

Cyberstalking

Cyberstalking refers to sending harassing or threatening E-mail to others and includes e-mail threats, e-mail bombs, "nuking", sending unwanted message or files, inappropriate requests in chat rooms, forged e-mail source addresses, and inappropriate postings on message boards.  Cyberstalkers have been known to make death threats, to publicize the victim's home address and telephone number, and worse.  It has been estimated that approximately 200,000 people stalk someone each year. 

Cyberstalkers usually target women and children who are inexperienced in on-line activities and the rules of netiquette.  These stalkers feel empowered by their perceived anonymity.  Stalkers generally lose interest if they don't get the reactions they seek. 

How do defend yourself:

  • Stay anonymous - choose a genderless screen name
  • Never give your full name or address to strangers
  • Learn 'netiquette' - follow it and expect it from others
  • Don't respond to harassing or negative messages (flames)
  • Get out of uncomfortable or hostile situations quickly
  • Watch what you say - don't flirt online
  • Save offending messages
  • Learn more about Internet privacy

In general, it is easy to avoid cyberstalking - you just need to  avoid appearing to be an inexperienced young girl.  Don't accept files from or give any personal information to strangers.

Software Piracy

According to estimates by the U.S. Software and Information Industry Association, as much as $7.5 billion of American software may be illegally copied and distributed annually worldwide. Piracy is easy, and few pirates are caught. This issue is thoroughly covered on the What are Warez? page.

Cyberterrorism

Cyberterrorism is the use of computers and programs in attacks against others.  Cyberterrorism is thoroughly covered on our Infowar page.

Computer Sabotage

The use of the Internet to hinder the normal functioning of a computer system through the introduction of worms, viruses, or logic bombs is referred to as computer sabotage. Computer sabotage can be used to gain economic advantage over a competitor, to promote the illegal activities of terrorists, or to steal data or programs for extortion purposes.

Mail bombs

Software can be written that will instruct a computer to do almost anything, now terrorism has hit the Internet in the form of mail bombings.  By instructing a computer to repeatedly send electronic mail (email) to a specified person's email address, the cybercriminal can overwhelm the recipient's personal account and potentially shut down entire systems. This may or may not be illegal, but it is certainly disruptive. 

Credit card fraud

Millions of dollars may be lost annually by consumers who have credit card and calling card numbers stolen from on-line databases.  Security measures are improving, and traditional methods of law enforcement seem to be sufficient for prosecuting the thieves of such information.  Bulletin boards and other on-line services are frequent targets for hackers who want to access large databases of credit card information.  Such attacks usually result in the implementation of stronger security systems.

Identity Theft

Identity theft is really identity fraud.  This theft of one's identity occurs a criminal uses someone else's identity for their own illegal purposes.  Examples include fraudulently obtaining credit, stealing money from the victim’s bank accounts, using the victim's credit card number, establishing accounts with utility companies, renting an apartment, or even filing bankruptcy using the victim’s name. The cyber-impersonator can steal unlimited funds in the victim’s name without the victim even knowing about it for months -- even years.  

Conclusion

Cyber crime is a rapidly growing and evolving area.  Computer experts will be constantly challenged to keep up with cyber crime techniques and tools.  Business continuity depends on strong computer security and disaster recovery operations.  Do you best to stay current on these issues.  The links below offer some excellent resources for this purpose.


LINKS

Related Pages
What are Warez?  
InfoWar - Information Warfare

Cyber crime Resources

The FBI and the National White Collar Crime Center are dedicated to detecting and preventing all types of computer-related crimes.

Computer Crime and Intellectual Property Section (CCIPS) in the Criminal Division of the U.S. Department of Justice.

National Cybercrime Training Partnership - (NCTP) Leads the Training Community in Developing a New Paradigm for Training Law Enforcement in Electronic and High-Technology Crime.

Cybercrime on the Internet - comprehensive coverage of this issue

Cybercrime coverage from Techtv.com

CyberCrime - Justice, Law and Society - a great collection of links from InfoSysSec

Articles

Spies in the Digital Age-Noted espionage expert H. Keith Melton explains how computers have changed the rules of the game

What Is Computer and Telecommunication Crime?-from the Royal Canadian Mounted Police

Who Should Fight Cybercrime? - from Wired, who should it be? Politicians generally don't have the technical understanding to make the informed decisions that could become law. On the flip side: Engineers are neither politicians nor police.

Internet Research Resources

411 Listings -  search White Pages

Search-Top 10 Computer Searches for Locating Missing Persons

Resources for Investigators - Canadian site

Cyber Helpers

Get virus protection software from McAfee.com

The Center for Society and Cyber Studies - cyber crime news, internet Investigation, Cybercrime Training & Education, e-Profiling, Public Safety Cybercrime Units, and more.

CyberSnitch™ is the a High Tech Crime Reporting System that let's you report Internet crimes.  All reported crimes are immediately received by legitimate law enforcement agencies across the United States for further investigation.

Cyber Angels Need help?  Cyber Angels Is the Largest Internet Safety Organization in the World.

Privacy Rights Clearinghouse, a California consumer advocacy organization and hotline. 

Get help with the Identity-Theft Survival Kit.  By a survivor of identity-theft -- a Complete Package For Restoring Your Credit And Peace Of Mind.

BOOKS

Secrets and Lies: Digital Security in a Networked World - covers the technologies used to protect and intercept data, and strategies for proper implementation of security systems.

Naked in Cyberspace: How to Find Personal Information Online - reveals the personal records available on the Net and demonstrates both how they are used and how to use them.

Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services  - Even if you find snooping about other people distasteful, you should get this book to find out what others can find out about you--and how you can cover your digital tracks. 

Data Privacy Law -  an authoritative study in three parts of U.S. data protection standards.

Legislating Privacy: Technology, Social Values, and Public Policy - an excellent review of privacy-related writings and case studies of successful and unsuccessful privacy legislation. 

Other Titles

Borders in Cyberspace: Information Policy and the Global Information Infrastructure

Business Guide to Privacy and Data Protection Legislation

The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software

Computers, Surveillance, and Privacy

Cryptography & Privacy Sourcebook (1996): Documents on Wiretapping, Cryptography, the Clipper Chip, Key Escrow & Export

PGP: Pretty Good Privacy