The Scale and Nature of Computer-Assisted Crime

 

 

 

A table listing types of computer-assisted crime backed up with examples is included in Superhighway Robbery: Preventing e-commerce crime - Graeme R.Newman and Ronald V.Clarke (Willan Publishing 2003 ISBN 1 - 84392 - 018 - 2 : http://www.willanpublishing.co.uk), second volume in the Crime Science Series edited by Gloria Laycock, (formerly Head of the Home Office Police Research Group, now Director of the Jill Dando Institute of Crime Science, University College, London) and is reproduced here with their permission. Although a snapshot, it shows the diversity of computer-assisted crime that already exists – and gives an indication of what can be expected.

 

Crime Type or Incident

Examples

Estimates of Extent or Cost

Theft of telephone services

Convertible target: obtained employee’s access code and software from Internet.

Transitional target: hacked into telephone company computer system, and assumed systems operator status. See also cell phone cloning, below.  4

Prime target: telephone services.

In the UK, £290 million one incident in 1990 (Grabosky, 2001.) and 5 per cent of total industry turnover (Grabosky, 20W; Schick, 1995).

Phreaking’ for fun in the 1980s, small amounts of between £500 and £1,000 in the UK (Clorigh and Mungo, 1992).

Video piracy

Prime target: intellectual property. Counterfeit copies of movies and video games downloadable from the Internet. Hacker posted on a well-known hacker website (http:/ /wwwi600org) a program to decode DVDs (DeCSS) and convert them into downloadable files.5 Video game makers sue Yahoo! for selling pirated games at auction.6

Ten per cent of all movies can be downloaded from the Internet illegally and for free.7 Piracy drives down prices, occurs in over 65 countries.8 Industry cost estimated $32 billion worldwide from piracy in 1998.9  Some 270,000 Dutch web addresses offer a movie or TV show illegally for sale or most often free.10

Software piracy

Prime target: intellectual property. Easy copying from disks and CDs, obtain protection-free copies from the Internet.

$7.4 billion worldwide lost in ‘1993 according to Software Publishers Association.11

Copyright

Prime target: intellectual property. Reproduction of copyrighted material on the Internet. Trading in copyrighted songs and recordings via peer-to-peer. Most famous case: Napster music site, used by millions, shut down because of copyright infringement.12

Worldwide annual costs to industry approx. $15-17 billion annually.13

Vandalism

Incidental or Undifferentiated targets: everyone connected to the Internet. Most infamous example of the ‘worm’ virus released into the Internet causing untold damage within hours infecting 10 per cent of Internet hosts, many out of business for up to two weeks.14

Trillions of dollars. See hacking and terrorism below.

Spying, industrial espionage

 

Prime target: information system. Most famous example: intruder into Lawrence Berkeley Lab computer tracked down and caught (Stoll, 1989).

More recently, intruders found ‘sniffing’ in Rome USA Lab, Griffiss Air Force Base. Cost: $211,000 plus cost of investigation.15

Terrorism

 

Prime target: information system and intelligence. The US Defense Department receives some 60—80 hacker attacks a week to its computers. In February 1998, 11 Dept of Defense computers were broken into. In 1998, a ‘cracker’ cyber terrorist disabled a Chinese satellite to protest western investment in China.16

It is estimated that there are upwards of 30,000 hacker sites on the Internet that provide tutorials on how to write viruses, choke networks and announce meeting points for hackers all over the world.17

Electronic funds transfer fraud

 

Convertible target: information system and intelligence database of banks. Irrevocable transfer of funds, usually offshore, extremely difficult to prevent, especially when perpetrators typically use fictitious identities (Chapman and Smith, 2001).

Over 50 per cent of banks surveyed report having been victimised by fraud (Chapman and Smith, 2001). See also below, cross-border crime.

Hacking

Prime target: specific information system or intelligence. This is the most well known computer crime. Hackers have broken into banks in Los Angeles, the Los Alamos National Research Center, the LA Police Department, Scotland Yard, Pacific Telephone and many more. The most infamous hacker Kevin Mitnick cost hi-tech companies at least $291.8 million.19 In contrast to virus releases which aim at undifferentiated targets, hackers usually target specific organisations. To hackers, these systems are also commonly attractive targets.

In 1995 estimated that hackers cost business $800 million.20 In 2000 the estimate is $1.6 trillion worldwide.21

Denial of Service

Prime target: specific information system or intelligence. The most sophisticated version is distributed denial of service, in which an individual exploits bugs or loopholes in operating systems (usually Windows) to cause a flood of messages to be sent via hundreds of computers to one website which effectively closes it down.22

It is predicted because of the rapidly increased availability of bandwidth (fast connection to the Internet) to users, and the more powerful personal computers (especially running Windows XP), that distributed denial of service will increase drastically in coming years. All major e-commerce sites have been victimised.23

Cross-border Crime

Prime target: trusting customer. Boy buys a DVD player on Amazon auction site. Wires money to seller in Moldova. Never receives item. Finds out that many others have been victimised as well. Amazon partially reimburses victim.24 See also credit card fraud below. The auction web site is a transitional target for the fraudster.

Russian in St Petersburg accesses Citibank’s funds transfer system and deflects payments of $10.7 million to his own account in Russia (Smith, 2001). Internet ideally suited to cross-border crime since the Internet exists beyond national boundaries.

Extortion and blackmail

Transitional target: bulletin board used to convey threat to kill Microsoft president Bill Gates. Offender used encrypted messages and images posted on AOL Netgirl Bulletin Board, demanding transfer of $5,246,827.62 to a Luxembourg bank account. Offender caught, tracked to Long Grove, Illinois.25

Banks have begun to appease online extortionists by paying them off. Gangs have amassed up to £400 million worldwide by issuing threats to destroy computer systems by using information warfare techniques.26

Cloning of cellular phones, phone cards

Convertible target: buy cell phones in bulk, clone to other numbers and discard after use. The US DEA numbers were cloned by the Colombia Drug cartel (Denning and Baugh Jr, 2000).

Estimated in 1996 $1 million to $2 million worth of illegal phone use per day in the United States and Canada.27

 

Credit card fraud

Convertible target: in an example of cross-border crime, two British men in Wales hacked into e-commerce websites in the USA, UK, Canada, Thailand and Japan and stole credit card information for 26,000 accounts. Stolen numbers sold in cybermarkets of former Soviet Union.28

Losses for this crime alone exceeded $3 million. Visa estimates that online credit card fraud accounts for 25—28 cents of every $100 spent, about four times worse than the offline rate of 7 cents per $100.29  Recent estimates of losses globally are in the billions.30

Accounting fraud

Convertible targets: these include intervening in the information systems underlying the automation of buying and selling; purchasing and payment fraud, circumvention of payment authorisation controls, and many other techniques that utilise opportunities afforded by the lack of paper trails in computerised record-keeping. The scandals of Enron and WorldCom accounting are recent hi-tech examples of these essentially old crimes. (Crowder, 1997).

Circumvention of auditing controls (e.g. WorldCom estimated costs close to $3 billion) and manipulation of electronic markets, e.g. insider trading and false purchasing (e.g. Enron, estimated costs in hundreds of millions).31

 

Stalking

Prime target: women who register with online dating websites are tracked down by would-be suitors (Jerin and Dolinsky, 2001). Incidental targets: all of e-commerce. Crimes like stalking cannot be compartmentalised or localised in the Internet. They affect the entire ‘global neighbourhood’ of the Internet.

In 2000, estimated that of worldwide population of users there are 3,000 Internet stalkers.32

 

Harassment

A man, spurned by a woman, posted on an online bulletin board an invitation to her home for a ‘gang rape fantasy’, giving her address, phone number, and how to bypass her burglar alarm. Eight men showed up33.

Prime target: an individual’s personal information.

Transitional target: the bulletin board.

Typical targets are inexperienced users of the Internet, and women (US DOJ, 1999).

Money laundering

Prime and convertible target: infiltration of banking system by organised crime, use of electronic non- bank transfers and cyber-banking, and many other sophisticated techniques (Financial Action Task Force, 2001).

Estimated that one trillion dollars is laundered every year (Williams, 1997: 239).

 

Investment fraud

Prime target: customers duped by bogus banks that use the web as a transitional target to set up fraudulent websites. Bogus company that promises to turn iron-ore rocks into gold, and many more.34

Securities scams run by organised crime: 35 companies in the USA exposed by FBI in 2000. Frauds cost victims $50 million.35

Telemarketing fraud

Prime target: customers and groups of customers. The top ten telemarketing frauds of 2000 were (in order of incidence):

prizes/sweepstakes, magazine sales, credit card sales, work-at-home, advance fee loans, telephone slamming, credit card loss protection, buyers clubs, telephone cramming, travel/vacations.36

Transitional targets: fraudulent websites and e-mail used to promote scams.

Estimated cost in the USA of $40 billion a year through telemarketing fraud; 92 per cent of adults in the United States report receiving fraudulent telephone offers. The FBI estimates that there are 14,000 illegal telephone sales operations at any given time.37

 

 

Sale of illegal or stolen goods

Transitional target: Internet auction sites, bulletin boards, news groups. Man uses aliases to sell pirated Adobe software on Ebay auction site. Indicted by US Department of Justice.38  Four high school boys purchased DXM, an hallucinogen, on web auction site.39

16 million users of auction websites per month; 87 per cent of fraud cases online estimated to be related to auction websites.40 Consumer complaints in the USA rose from 1,280 in 1987 to 10,660 in 1999.41 There are over 1,000 auction sites on the Internet.42

Identity theft

Convertible target: a husband/wife team (the ‘modern Bonnie and Clyde’) stole the identities and emptied the bank accounts of their victims in over six US states.43

Identity fraud accounted for 96 per cent of Visa members’ bank credit card fraud losses of $407 million in 1997 (United States General Accounting Office, 1998; see also Jones and Levi, 2000).

Gambling

Attractive targets: May or may not be illegal in various countries and regions, which is a major part of the problem (McMillen and Grabosky, 1998). The web is the transitional target for promoting these attractive activities.

Worldwide online gambling revenue has increased from $651 million in 1998 to $2,238 million in 2OO1.44

 

Tax evasion

Convertible target: Barnes&Noble.com sued by Amazon.com for not charging sales tax because it gave them an unfair competitive price advantage.45

Sales tax and trade embargoes make otherwise ordinary products ‘hot’. Cuban cigars are sold widely on the web.46

Criminal conspiracy

International networks to trade in pornography, the ‘Wonderland Club’. Organised crime in smuggling, drugs, gambling and prostitution all enhanced by convertible target of the computing environment (Grant and Grabosky, 1997).

100 arrests in 1998 and 100,000 images seized worldwide (Grant and Grabosky, 1997:41).

 

Aiding and abetting crime

Convertible target: intelligence provided by how-to news groups: bomb-making, lock-picking, counterfeiting, encryption fixes, smart card cloning (Mann and Sutton, 1998).

Alt.hacker newsgroup is one of many in which ‘newbies’ and seasoned hackers exchange information.
 
Notes
 

4

Grabosky and Smith (2001) subsume almost the entire range of ‘digital crime’ within telecommunications fraud.

5

Staff (2000) ‘Attorneys in video hacker court case predict mass piracy’, Reuters, CNN.com, 18 July. A new DVX compression format now makes it possible to compress extremely large movie files into small enough files to make it practicable to download from the Internet. This technology is now widely available. See: Borland, John (2001) ‘Hackers’ video technology goes open source’, CNET News.com, 17 January.

6

Staff (Reuters) (2000) ‘Video game makers sue Yahoo! in piracy complaint’, Business News, http://www.internetnews.com/bus-news/article.php/3_99352_Ext.

7

Staff (2000) ‘Attorneys in video hacker court case predict mass piracy’, Reuters, CNN.com, 18 July

8

Wheeler, Marilyn (2000) ‘Forget streaming video. Bootleg versions of nearly every movie you can name are already available online’, ZDNET News.com, 15 May

9

Staff (1999) ‘US. and video game makers lost more than $3 billion worldwide in 1998 due to software piracy: Greater China, Paraguay, Thailand and Malaysia top list’, Business Wire, 16 February http://www.businesswire.com

10

Arlen, Gary (2001) ‘Always on: Dutch video piracy prelude to a corporate threat’, Broadband Week, 16 April. This figure contrasts with the US figure of 534,668. Clearly the Netherlands figure is disproportionate to the population.

11

Meyer, M. and Underwood A. (1994) ‘Crimes of the Net’, Bulletin/Newsweek, 15 November: 68—9.

12

Castelluccio, Michael (2001) ‘Intellectual property online: a landmark case’, Strategic Finance, February: 52—7.

13

United States Information Infrastructure Task Force (1995) Intellectual Property and the National Information Infrastructure: Report of the Working Group on Intellectual Property Rights (Bruce A. Lehman, Chair). Washington: US Patent and Trademark Office.

14

Eichin, M. W. and Rochlis, J. A. (1989) ‘With microscope and tweezers: an analysis of the Internet virus of November 1988’, Proceedings of the IEEE Computer Society Symposium on Security and Privacy, May: 326—42.

15

Christy, Jim (1998) Rome Laboratory Attacks: Prepared testimony of Jim Christy, Air Force Investigator, before the Senate Government Affairs Committee, Permanent Investigations Subcommittee, 22 May 1996.

16

(1998) ‘Cyber terrorism’, Terrorism Update, Anti-defamation League, Winter http://www.adl.org

17

Barker, Garry (1999) ‘Australia: Internet terrorism escalates the new info-war’, The Age (Melbourne), 13 July: 9.

18

See Wasik (1991: 42—54). The accomplishments of hackers are shrouded in myth and full of apocryphal stories. It is particularly difficult to tell fact from fiction in many cases. See, for example, Levy (1984) and Taylor (2000).

19

Miller, Greg (2001) ‘Firms say hacker cost them $291 million’, L.A. Times on Channel 2000, http: / /www.channel2000.com. Pro-hacker websites and publications dispute this estimate. See http://www.2600.org

20

Ricciutti, Mike (1996) ‘Hacking cost business $800 million’, CNET News.com, 6 June, 12:15 p.m. PT, http://news.cnet.com/news/0-1005-200-311476.html?tag=prntfr

21

Knight, Will (2000) ‘Hacking will cost world $1.6 trillion this year’, ZDNET news, 11 July, http://news.zdnet.co.uk/story/0,,s2080075,00.html However, other experts doubt the claims of some hackers’ achievements. See Nuttall Smith, Chris and Flavelle, Dana (2000) ‘Experts doubt claims by Canadian hacker’, Toronto Star, 16 February

22

Gibson Research Corporation (2001) Denial of service investigation and Exploration’, http://grc.com/dos/.  Also contains how it was done’ information A most publicised case of distributed denial of service was that of Mafiaboy and others in which several major e-comrnerce businesses such as Amazon com, Etrade and others were brought down by Mafiaboy s claimed attack (Verton, 2002)

23

Staff (2000) E*Trade, ZD Net latest targets in wave of cyber-attacks Earlier strikes hit Ebay, Amazon, CNN com, Yahoo! Insurgency on the Internet, http://www.cnn.com/2000/TECH/computing/02/09/cyber.attacks.02/index.html 9 February, web posted at 1.33 pm EST (18.33 GMT)

24

Parker, Nicholas (2000) ‘Mom, Moldova, and how a boy lost his innocence (plus $375)’, Fortune, col 141, issue 11 274—5

25

United States of America v Adam Quinn Pletcher, United States District Court, Western District of Washington Seattle, Magistrate’s docket, Case No 97- 179M, 9 May 1997.

26

Staff (1996) ‘Banks appease online terrorists’, CNET News.com, 3 June.

27

Staff (1996) ‘Companies give cell phone bandits a new hang-up’, CNN News, 10 December, http://www.cnn.com/TECH/9612/10/cellular.cloning/

28

Richtel, Matt (2002) ‘Credit card theft is thriving online as global market’, New York Times, 13 May, p. Al.

29

Sullivan, Bob (1999) ‘Just how bad is online fraud? No one really knows how safe your credit card data is’, MSNBC, http://stacks.msnbc.com/news/590609.asp, June 25.

30

Richtel, Matt (2002) ‘Credit card theft is thriving online as global market’, New York Times, 13 May, p. Al.

31

Staff (2002) ‘Accounting for change’, The Economist, 29 June, pp. 13—14

32

Cyberangels (2000) About Cyberstalking, Cyberangels, http://www.cyberangels.org/stalking/

33

Fint, J. (2000) ‘Stalker terror, girl tracked and taunted’, Sunday Herald Sun, 4 June, Melbourne, p.1 and p.3.

34

Wyatt, Edward (1999) ‘SEC sweep focuses on bogus securities Offerings on the web’, New York Times,13 May, Section C, p. 9. Bulkeley, William M. (1999) ‘Arrest made in PairGain Internet hoax’, Wall Street Journal, 16 April Section C, p.1. Lowry, Tom (1998) ‘Bogus cyberbanks pose increasing threat’, USA Today, 6 April, Section B, p.1. On credit card scams: BT (1998). ‘Three real cons in the virtual world’, Good Housekeeping, vol. 227, no. 3, p. 163. On bogus HIV test kits: Kurtzweil, Paula (1999) ‘Internet sales of bogus HIV test kits result in first-of-kind wire fraud conviction’, FDA Consumer, vol.33, no.4, July—August. On ‘cramming’ by sending fraudulent invoices to businesses who subscribe to ‘free’ web hosting: Gross, Liza (1999) ‘FTC says to beware of web site scams’, Graphic Arts Monthly, voL 71, no. 9, September, http://www.gammag.com On fake e-mail messages to elicit personal information such as credit card numbers: Davis, Kristin (2000) ‘You’ve got bogus mail’, Managing Kiplinger’s, vol. 54, no. 11, November. On bogus drugs: Leff, Michael (1 ‘Too good to be true’, Consumer Reports on Health, vol.11, no.6. p.2.

35

McEvoy, Aoife, Aibro, Edward N., McCracken, Harry, Brandt, Andrew and Spring, Tom (2001) ‘Dot cons’, PC World, May, vol.19, no.5, pp. 107—10.

36

National Consumers League at 1701 K Street, NW, Suite 1200, Washington, DC 20006, (202) 835—3323, info@nclnet.org, http://www.fraud.org/telemarketing/teleinfo.htm

37

Ibid.

38

US Department of Justice (2001) press release: Man indicted for auctioning pirated software, US Attorney Northern District of California, November, http://www.cybercrime.gov/docs.html

39

Hancock, Bill (2000) ‘Isn’t it interesting what you can buy at an auction site? TVs, computers, drugs’, Computers and Security, vol. 19, no. 5, pp. 404—5.

40

Haney, Clare (2001) ‘Auction sites hit hard by electronic crime’, Info World, vol.23, no. 3, 15 January, p. 25.

41

Messmer, Ellen (2000) ‘Ebay acts to curtail Internet fraud’, Networld, 24July http://www.nwfusion.com

42

Blake, Kevin (2000) ‘Cyber fraud crackdown’, Consumers’ Research Magazine, March, vol. 83, no. 3, p. 6.

43

Kristin, Davis (1998) ‘The Bonnie and Clyde credit card fraud’, Kiplinger’s Personal Finance Magazine, July, vol. 52, no. 7, p. 65.

44

NTJA surveys, http://www.nua.org

45

McWilliams, Brian (1997) PC World News Radio, Friday, 22 August

46

TKarp, Jack (2001) ‘A growing number of foreign websites sell Cuban cigars to US residents, and there’s nothing law enforcement can do about it’, TechTV.com, 6 November. http://www.techtv.com/cybercrime/viceonline/story/0,23008,3336772,00.html

© Copyright EURIM 2003

EURIM Publications

EURIM E-Crime Study Index

EURIM Home Page