 |
Just What is High Technology
Crime?
|
|
In recent months, there has been a move to classify, define and track high technology crime. This is due in part to the high profile it has had with the recent network intrusions, denial of service attacks and the stealing of credit cards on the Internet. Most companies are now focusing on "High Technology Crime." But then just what is "High Technology Crime?" Well, it's the same old crime, just done with some form of electronic technology. This article will cover crime based around computer. Cell phones, radio transmitters and other devices will not be covered. Computer based crime is classified into three broad categories, computers can be the target of crime, an instrument of the crime or a peripheral object to a crime. Within each of these broad categories are the tried and true crimes we are all used to, good old fraud, theft, extortion and vandalism. The crimes are the same; the technology used to commit them is different. Below is our list of high technology crimes specific to computers and classified into the three broad categories. Computers as the target of the crime Laptop Theft The theft of laptop computers averages around 56 a day. This is in part because of their inherent properties. They are small, portable, expensive, in high demand and easy to lose track of for a brief second. Usually a person steals a laptop computer to sell it or its parts, to obtain the information on it or to deny the use of it by the owner. Desktop Theft Desktop computers are stolen every day. A recent study suggested the rate could be as high as 1000 units a day. Desktop computers are stolen to sell them or their parts, to obtain the information on them or to deny the use of them by their owners. Memory/CPU Chip Theft The value per ounce of memory chips and CPU chips place them as valuable as gold or silver. They are easy to sell and close too impossible to trace. Typically, a theft would involve someone opening a computer case and stealing the memory or CPU out of it. There are, however, numerous cases of large cargo thefts of chips at gunpoint from manufacturers and distributors. Service Theft The theft of service can manifest itself in several different forms. The primary form is the unauthorized use and or access to a computer system or network. During the years of big iron (mainframe computers of the 60s & 70s) it was common for service theft to be obtained by brute force password attacks, lucky guesses or social engineering. With the advent of the Internet and interconnected local area networks, network intrusions have become popular and lead this category of crime. Again, the cracker obtains access to a network and its attached computers by obtaining passwords through brute force attacks, lucky guesses, social engineering or exploiting an error in the operating system that is running the network. Once access to a system has been established the cracker can either exploit it for its' resources or use it as a tool to attack another system and provide anonymity. Vandalism Web site defacing is the number one form of vandalism in high technology crime today. This is when a cracker gains access to a WEB site's computer and basically places graffiti on it. No one is safe. Entities ranging from the FBI and CIA to the biggest names in industry have had their WEB sites defaced. Even the hacker groups "antionline" and "2600" have been victims of this form of vandalism. Data file changes can be the most dangerous form of vandalism. This is where someone without authority changes data files on a system. This type of crime can occur in hospitals, businesses, homes and government. Email flooding is another form of electronic vandalism to deny service to a user. This is where an individual floods the email box of a company or individual causing it to stop receiving email. For most companies and individuals an email failure like this would cause a problem and for some a server problem. System resources' flooding is one of the oldest forms of electronic vandalism. The purpose is to deny service to a system user. This is where a program, Virus, Trojan horse or Worm, floods a CPU with requests for resources that overwhelm and take over a system so the user can get little if any CPU or system resources. Ping attack is a denial of service attack, again vandalism, where a system on a network gets "pinged" by another system at a fast repeating rate thus tying up the computer so no one else can contact it. Typically this is run against WEB servers or mail servers. A partial packet attack is similar to a ping attack except the computer is sent partial network packets that again tie up the processor. DNS redirect attacks are when a network domain name server has been compromised and the DNS lookup table is changed. This is done to redirect requests for a WEB site from one server to another. Usually the other server belongs to a cracker with evil intent and by its nature denies service to the legitimate WEB site. Hardware Sabotage is the damage or destruction of a computer, which is by its nature a denial of service attack because it causes the computer to fail to operate. This can be done with a software contaminate or direct physical attack. Software Sabotage is the damage or destruction of computers' programs or data, which is by its nature a denial of service attack because it causes the computer to fail to operate. This can be done with a software contaminate or direct physical attack. Remarking memory or CPU chips This is where a cyber criminal erases the original markings on a memory or CPU chip to remark it as a more expensive chip to sell for a higher price. Computers used as an instrument of the crime Service theft is the stealing of services from an individual or organization. There are several different types of service theft including cracking (hacking) for unauthorized access into a system or network, computer service, stealing phone service (PBX cracking), stealing power, cracking (hacking) for use of a system for bouncing off, or using for a relay, and unauthorized or misrepresentation for the use of a system or network. These are all forms of service theft where the computer is used to commit the crime of cracking (hacking) a system or network to gain access. This is where a individual or group social engineers, brute force attacks or calculates a password or exploits an operating system flaw to gain access to a network or system. The same basic procedure can be used to gain access to a private (or public) PBX. Once access to a PBX is established the person or group can call anywhere they want for free. There is also the stealing of electrical power by cracking a power switching system. This is rare but can be and has been done. The last is the use of a system for reasons other than represented. The best example of this type of theft is SPAM. This is where the email server of a company (or individual) is used to send unsolicited email or where a Trojan horse has been planted on a system to act as an agent to commit a distributed denial of service attack on another system. Counterfeiting, This field has been reinvented thanks to the personal computer. Any number of monetary instruments can be and are forged using a PC. Where just 10 years ago, a forger required skills learned over years of experience and expensive equipment, now just a low cost PC and printer can be used. In addition, the "cook book" on forgery and the files to print are available on the WEB for free or a very low cost. This includes forging monetary instruments such as currency, credit cards, checks, stock certificates, bonds, contracts and receipts. Gambling chips and tickets, driver's licenses, birth certificates and indicia of ownership (pink slips) are also easily forged. Identity theft this is done using a PC (personal computer). Driver licenses, birth certificates, and automotive registration and owner certificates are all available on the NET. Using a PC, a person can research an individual or company, forge documents and take over the identity of a person or company. Usually this is done to commit some form of theft but it can also be done to destroy a reputation or commit fraud. This fraud can include false sexual harassment evidence or planting historical data supporting a false claim. Credit card fraud is another area where a PC is used to commit the crime. Credit card generation software is available all over the NET. These programs will generate valid credit card numbers for a number of banks and card companies. Using these programs with a PC and a magnetic stripe writer, a user could make a "credit card" with even the magnetic strip on the back. Stalking is another crime that can be committed with a computer. The PC is used to research the victim as well as stalking the victim through email, ICQ and IRC. This is typically used in child luring and general harassment of an ex-spouse, friend, perceived enemy, rival suitor or competitor. Threat the same as stalking in a lot of ways. Typically a victim is stalked and then a threat is issued. Stock manipulation scams can be done using a PC by posting phony email supporting a stock or creating fraudulent documents, invoices, sales orders and the like to support a high stock valuation. This is basically raw fraud. Espionage is routinely conducted using a PC. Network "sniffers" can capture network traffic in real time, including password logins and account names, as well as data such as credit card numbers and email contents. The collection of confidential data in databases is also at risk. Computer Contaminates is the single largest and most popular form of crime that uses the computer as the instrumentality. These nasty little programs destroy data, provide a portal for eavesdropping and can shut down a computer or network. There are four major classifications of contaminate Viruses, Cancers, Trojan horses, and Worms. Viruses are programs that like the namesake biological life form require a host in order to live and work. In the cyber sense, a virus requires another program in order to operate. It is not a whole program in and of itself. They typically infect boot sectors or other system and or application programs.
Cyber Terrorism is a broad description of the use of one or more computer crime tools to attack and cause havoc. Cyber Terrorism can include stalking and denial of service attacks of one form or another. Confidence schemes naturally have migrated over to computers. It's the same old scams, the drop, the too good to be true deal and the like. The computer is used to communicate, email, and create false documents. Improper use crime is when a person uses a computer to surf or render activity using the company's computer that is in conflict with the company's rules and policies or could be injurious to a company's reputation. Gambling is conducted using the computer. The environment of the Internet, which has no formal country borders, has caused an explosion of online gaming. Local Intranets as well as the Internet is where you will find betting pools, web-based slots and lotteries. Copyright infringement crime occurs when computer software is copied or protected works, such as books, articles, movies and music, are made available without paying the royalties to the author. Recent forms include Napster and MP3 files, first run movies made available on MPG files or expensive software given away or sold on collection CDs. Hate Crimes are committed using computers in various ways including Email postings, web sites advocating physical violence or harassment and stalking. Reputation assassination is committed using a computer in several ways. Forged email is posted that is purported to be from the victim. A good example of this was a recent email posted and spread reportedly from talk show host Art Bell degrading Asian people. Logging into scandalous web sites and/or posting to news groups as the victim thus creating a false trail of scandalous behavior. Both individuals and companies can become victims of this type of crime. Distributing or selling controlled substances is a crime that can be facilitated with computers. Web sites or email sent out offering dope, prescription drugs or other contraband material. Distributing or selling contraband material is a crime that can be facilitated with computers. WEB sites, news groups, IRC channels, ICQ lines all become channels for the distribution of child pornography or confidential information. The list of material can be quite long including stolen credit card information and proprietary source code for software or design files for computer chips or electronic devices. Auction fraud is another popular crime committed with computers. Phony online auctions are common place through out the web. The crime usually includes either non-delivery of the product or a shell bidding to up the price or the product in the auction. Computers as an incidental peripheral to a crime Any crime not related to high technology could generate electronic evidence. Usually this evidence is not readily seen by either the perpetrator or the investigator. What follows are some examples of computer generated evidence that is incidental to a crime. Personal Information Managers & PDAs may contain a wealth of information on a crime. PIMs and PDAs such as the 3COM Palm Pilot, Sharp Wizards, and some Timex watches contain names and addresses, calendar dates, financial information and appointments. PIMs today come in all shapes and sizes. All of them are designed to keep track of information just like the little old black book of years earlier. Pagers contain important data both within the pager and at the paging company in logs. Lists of all the numbers that called in as well as the numbers they left to call can sometimes be found in logs and the pagers themselves. Access records from computer control entry systems or alarm systems. They sometimes contain logs of who came in and out along with the times and dates. Surfing records from proxy servers and firewalls contain information on when and where a person has surfed. Email servers contain logs showing the sending and receiving of email. Records of the phone activity are sometimes kept by phone systems. A log may be kept of all activity for a specific period of time. This could range from one hour to several months. Intellectual property theft some times leaves a trail in email and ftp logs. Auto GPS systems may have records that contain a list of the past travel of the device. ISP logs may contain records of access and surfing for a user. Computer logs generated by some operating systems may contain surfing, access and applications used in logs. Phone company logs created by the switching equipment contain information on every phone call made. Local calls on landlines are recorded and archived for a brief period of time for billing purposes. Long distance companies log all calls for billing. Cell phone companies keep a record of all calls for billing as well. Credit card companies keep records of all transactions that a specific credit card is associated with for billing. ATM records usually have both a printed transaction log and a video record of the ATM. As long as this list is, there will always be some crimes that are not yet classified. People are creating new types of crime on a daily basis. We hope this helps make the picture a little clearer. Michael J. Menz is a detective in the Sacramento County Sheriff's Department. An expert in high technology related crime and computer network intrusion crime, Michael works with the Sacramento Valley Hi-Tech Crimes Task Force. He is responsible for computer forensics, training and investigations. Mark J. Menz is the director of training, computer forensics, and security in the recently- opened Sacramento office of the internationally-renowned Kroll Technology Group. In addition to providing instructional services, he assists with technology related investigations and security as well as computer forensics.
|
