Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity.
Computer crime or cyber crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.
A common example would be when a person intends to steal information from, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Yet denial of service attacks for the purposes of extortion may result in significant damage both to the system and the profitability of the site targeted. A further problem is that many definitions have not kept pace with the technology. For example, where the offense requires proof of a trick or deception as the operative cause of the theft, this may require the mind of a human being to change and so do or refrain from doing something that causes the loss. Increasingly, computer systems control access to goods and services. If a criminal manipulates the system into releasing the goods or authorizing the services, has there been a "trick", has there been a "deception", does the machine act because it "believes" payment to have been made, does the machine have "knowledge", does the machine "do" or "refrain from doing" something it has been programmed to do (or not). Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed (consider the definition of wire fraud).
Issues surrounding hacking, copyright infringement through warez, child pornography, and paedophilia (see child grooming), have become high-profile. But this emphasis fails to consider the equally real but less spectacular issues of obscene graffiti appearing on websites and "cyberstalking" or harassment that can affect everyday life. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized or unintended person.
E-mail and Short Message Service (SMS) messages are seen as casual communication including many things that would never be put in a letter. But unlike spoken communication, there is no intonation and accenting, so the message can be more easily distorted or interpreted as offensive. In England and Wales, s43 Telecommunications Act 1984 makes it an offense to use a public telecommunications network to send 'grossly offensive, threatening or obscene' material, and a 'public telecommunications network' is widely enough defined to cover Internet traffic which goes through telephone lines or other cables.
Secondly, a computer can be the tool, used, for example, to plan or commit an offense such as larceny or the distribution of child pornography. The growth of international data communications and in particular the Internet has made these crimes both more common and more difficult to police. And using encryption techniques, criminals may conspire or exchange data with fewer opportunities for the police to monitor and intercept. This requires modification to the standard warrants for search, telephone tapping, etc.
Thirdly, a computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators. Thus, specialized government agencies and units have been set up to develop the necessary expertise. See below for a link to the U.S. Department of Justice's website about e-crime and its computer forensics services.
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
* altering or deleting stored data; or
* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.
The content of websites and other electronic communications may be harmful, distasteful or offensive for a variety of reasons. Most countries have enacted law that place some limits on the freedom of speech and ban racist, blasphemous, politically subversive, seditious or inflammatory material that tends to incite hate crimes. This is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs, each convinced that their point of view has been unreasonably attacked. In England, s28 Crime and Disorder Act 1998 defines a racial group, following Mandla v Dowell-Lee (1983) 2 AC 548 (in which a requirement to wear a cap as part of a school uniform had the effect of excluding Sikh boys whose religion required them to wear a turban), as a group of persons defined by reference to race, color, nationality (including citizenship) or ethnic or national origin; and a religious group as a group of persons defined by reference to religious belief or lack of religious belief. Therefore, it is equally an offense to show hostility to a person who practices a particular faith as to a person who has no religious belief or faith.
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, harassment by computer, stalking, and cyberstalking). In England, in a broader form than s43 Telecommunications Act 1984, s1 Malicious Communications Act 1988 makes it an offense to send an indecent, offensive or threatening letter, electronic communication or other article to another person. Now, s2 Protection from Harassment Act 1997 criminalizes a course of conduct amounting to harassment which the defendant knows, or ought to know, amounts to harassment of another. If a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other, the knowledge will be imputed to the defendant. Although harassment is not defined, s7 states that it includes causing alarm or distress, and conduct is defined as including speech in all its forms. In DPP v Collins (2006) 1 WLR 308 the defendant repeatedly telephoned the offices of his MP on a wide range of political matters. In conversations with employees at the office and on messages left on the telephone answering machine, he used racist terms to show the frustration he felt at the way in which his affairs were being handled. No-one was personally offended, but the staff became depressed. Charged under s127(1) Communications Act 2003, the magistrates found that the terms were offensive but that a reasonable person would not find them grossly offensive. To determine whether any message content is merely offensive or grossly offensive depended on their particular circumstances and context, i.e. in the wider society which is an open and just multi-racial society, the test of offensiveness was objective.
More problematic are deliberate attacks which amount to defamation although, in March 2006, Michael Keith-Smith became the first person to win damages from an individual internet user after she accused him of being a 'sex offender' and 'racist blogger' on a Yahoo! discussion site. She also claimed that his wife was a prostitute. The High Court judge decided that Tracy Williams, of Oldham, was "particularly abusive" and "her statements demonstrated that ... she had no intention of stopping her libellous and defamatory behavior". She was ordered to pay £10,000 in damages, plus £7,200 costs. In general, libel is not treated as a criminal matter except when it may provoke the person defamed into retaliatory violence (All forms of unsolicited e-mail and advertisements can also be considered to be forms of Internet harassment where the content is offensive or of an explicit sexual nature. Now termed spam, it has been criminalized in various countries.
Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms.
The Internet's easy-to-learn, fast-paced character, global impact, and fairly reliable privacy features facilitate the marketing of illicit drugs. Detecting money laundering of cash earned by drug traffickers is very difficult, because dealers are now able to use electronic commerce and Internet banking facilities. Also, traffickers have been using online package tracking services offered by courier companies to keep tabs on the progress of their shipments. If there happened to be some sort of undue delay, this could signal authority interception of the drugs, which would still allow the dealers time to cover their tracks. Law enforcement is also more deficient because illicit drug deals are arranged instantaneously, over short distances, making interception by authorities much more difficult.
The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.
To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. It should be noted, there are numerous third party vendors which not only produce software capable of monitoring these computer systems internally, but there are security products capable of monitoring external activity, whether observed or hidden monitoring, such as via security cameras or other similar security system types.