Cyber Crime 1203

8/12/2019 Cyber Crime 1203

1/70

Internet Law(forthcoming, Foundation Press)

Jonathan ZittrainCharles Nesson

Lawrence LessigWilliam FisherYochai Benler

Cha!ter "#$ C%&ercrime(!reliminar% 'ersion)

"

8/12/2019 Cyber Crime 1203

2/70

Cha!ter "#

C%&ercrime

C%&ercrime is an amor!hous field* +t refers &roadl% to an% criminal acti'it% that!ertains to or is committed through the use of the +nternet* wide 'ariet% of conduct fitswithin this ca!acious definition* We will concentrate in this cha!ter on fi'e acti'ities thatha'e &een es!eciall% notorious and that ha'e strained es!eciall% seriousl% the fa&ric oftraditional criminal law$ use of the +nternet to threaten or stal !eo!le- online fraud-hacing- online distri&ution of child !ornogra!h%- and c%&erterrorism*

A. Threats and Stalking

.nfortunatel%, the +nternet maes it much easier to learn a&out other !eo!le, trac theiracti'ities, and threaten them* /he following e0cer!t from 1adose'ich, Thwarting TheStalker: Are Anti-Stalking Measures Keeping Pace with Today's Stalker?, 2333 .* +ll* L*1e'* "4#" (2333) descri&es an es!eciall% serious as!ect of the !ro&lem*

+n the .nited 5tates, recent data suggest that stalers terrori6ea!!ro0imatel% one million women each %ear* lthough staling is notnecessaril% a gender7s!ecific crime, se'ent%7fi'e to eight% !ercent ofstaling cases in'ol'e a male staling a female* +n addition, onl% aminorit% of staling 'ictims are cele&rities- the ma8orit% of targets areordinar% citi6ens* 9stimates from the earl% "::3s indicate ordinar% citi6ensaccount for fift%7one !ercent of staling targets &ut cele&rities com!riseonl% se'enteen !ercent of all staling 'ictims- the remaining thirt%7two!ercent of staling 'ictims are lesser7nown entertainment figures****

s the +nternet and other electronic communications technologies!ermeate 'irtuall% e'er% as!ect of societ%, electronic staling has &eenincreasing as well, although no detailed statistics ha'e &een de'elo!ed forthis !henomenon* ;owe'er, &oth electronic harassment and staling alsoseem to target women as 'ictims*

8/12/2019 Cyber Crime 1203

3/70

Preliminar% e'idence on c%&erstaling has come from incidents handled&% state law7enforcement agencies* For e0am!le, the 5taling and /hreatssessment .nit of the Los ngeles >istrict ttorne%?s @ffice hasestimated that e7mail or other electronic communications were a factor ina!!ro0imatel% twent% !ercent of the roughl% A33 cases handled &% the

unit* &out twent% !ercent of the cases handled &% the 5e0 Crimes .nit inthe anhattan >istrict ttorne%?s @ffice in'ol'ed c%&erstaling* Finall%,&% ":::, an estimated fort% !ercent of the caseload in the Com!uter+n'estigations and /echnolog% .nit of the New Yor Cit% Police>e!artment in'ol'ed electronic threats or harassment, and

8/12/2019 Cyber Crime 1203

4/70

to the +5P?s com!laint !rocedures, the !olicies as to what constitutes!rohi&ited harassment, and the +5P?s follow7u! !rocedures) would &ecostl% and difficult* /he% argue that

8/12/2019 Cyber Crime 1203

5/70

of a crime, shall &e fined under this title or im!risoned not more than two%ears, or &oth*

California Penal Code 646.9:

(a) n% !erson who willfull%, maliciousl%, and re!eatedl% follows orharasses another !erson and who maes a credi&le threat with the intent to!lace that !erson in reasona&le fear for his or her safet%, or the safet% ofhis or her immediate famil%, is guilt% of the crime of staling, !unisha&le&% im!risonment in a count% 8ail for not more than one %ear or &% a fine ofnot more than one thousand dollars (",333), or &% &oth that fine andim!risonment, or &% im!risonment in the state !rison* G G G

(e) For the !ur!oses of this section,

8/12/2019 Cyber Crime 1203

6/70

identified, criminal lia&ilit% is straightforward* good e0am!le is !ro'ided &% the caseof Carl Johnson (as summari6ed in the .*5* >e!artment of JusticeHs Com!uter Crime and+ntellectual Pro!ert% we&site (":::), www*c%&ercrime*go'D8ohnson2*htm)$

@n June "", ":::, Carl 9dward Johnson was sentenced to 4# months of

im!risonment on four felon% counts of sending threatening e7mailmessages 'ia the +nternet to federal 8udges and others* Johnson wascon'icted of one count of retaliating against a 8udicial officer, one count ofo&structing 8ustice &% maing a death threat against a 8udicial officer, andtwo counts of transmitting threatening communications in foreigncommerce* /he first three charges were &ased on death threats !osted tothe +nternet naming two federal 8udges &ased in /acoma and 5eattle* /hefourth charge was &ased on an e7mail threat sent directl% to icrosoftChairman Bill Iates*

/he con'iction and sentence were the culmination of a two7%ear

in'estigation &% .*5* /reasur% agents into anon%mous threats !osted onthe +nternet and a scheme to assassinate go'ernment officials nown as

8/12/2019 Cyber Crime 1203

7/70

!otential ma0imum !enalt% of fi'e %ears in !rison* /he o&struction of8ustice count carried a ma0imum !enalt% of "3 %ears in !rison*

@ther situations are less straightforward K whether &ecause of 8urisdictionalcom!lications, uestions concerning the su&stanti'e reach of these statutes, or the tension

&etween these statutes and the constitutional !rotection for freedom of s!eech* /hreeillustrati'e !ro&lematic cases are set forth &elow*

U.S. v. Kammersell, 19 !."d 11"# (1$th%ir. 1999)

P.L 9LLY, Jr*, Circuit Judge*

>efendant7!!ellant atthew Jose!h ammersell entered a conditionalguilt% !lea to a charge of transmitting a threatening communication in

interstate commerce, in 'iolation of "M .*5*C* M#=(c)* .!onrecommendation of the magistrate 8udge, the district court re8ected r*ammersell?s contention that federal 8urisdiction did not e0ist &ecause&oth he and the reci!ient of the threat were located in the same state whenthe transmission occurred* ;e was sentenced to four monthsim!risonment, and twent%7four months su!er'ised release* @ur8urisdiction arises under 2M .*5*C* "2:"and we affirm*

/he facts in this case are undis!uted* @n Januar% "A, "::#, r*ammersell, then nineteen %ears old, logged on to the +nternet ser'ice!ro'ider (+5P) merica @n Line (

8/12/2019 Cyber Crime 1203

8/70

route of the transmission, where the sender and reci!ient are &oth in thesame state* G G G

5ection M#=(c),!ro'ides$Whoe'er transmits in interstate or foreign commerce an% communication

containing an% threat to idna! an% !erson or an% threat to in8ure the!erson of another, shall &e fined under this title or im!risoned not morethan fi'e %ears, or &oth* /his !ro'ision was enacted in ":4E, and its lastsignificant amendment was in ":4:* t that time, the telegra!h was stillthe !rimar% mode of interstate communication*

r* ammersell argues that the statute must &e inter!reted in light of theswee!ing changes in technolog% o'er the !ast A3 %ears and with referenceto Congressional intent* /he go'ernment urges the court to adhere to the!lain meaning of the statute- &ecause r* ammersellHs threat wastransmitted from .tah to irginia to .tah, it was

8/12/2019 Cyber Crime 1203

9/70

!redominantl% local, and that the statute should not &e read literall% toreach into s!heres of !rimaril% local concern**

U.S. v. Alkhaba&, 1$' !."d 1'9 (th%ir. 199#)

B@YC9 F* 1/+N, Jr*, Chief Judge*

Claiming that the district court erred in determining that certain electronicmail messages &etween &raham Jaco& lha&a6, a**a* Jae Baer, andrthur Ionda did not constitute

8/12/2019 Cyber Crime 1203

10/70

name of one of Baer?s classmates at the .ni'ersit% of ichigan*G

@n Fe&ruar% :, Baer was arrested and a!!eared &efore a .nited 5tatesagistrate Judge on a criminal com!laint alleging 'iolations of "M .*5*C* M#=(c), which !rohi&its interstate communications containing threats toidna! or in8ure another !erson* /he go'ernment made the com!laint

&ased on an FB+ agent?s affida'it, which cited language from the stor%in'ol'ing Baer?s classmate* /he agistrate Judge ordered Baer detainedas a danger to the communit% and a .nited 5tates >istrict Court affirmedhis detention* .!on Baer?s motion to &e released on &ond, this Courtordered a !s%chological e'aluation* When the e'aluation concluded thatBaer !osed no threat to the communit%, this Court ordered Baer?srelease*

@n Fe&ruar% "E, a federal grand 8ur% returned a one7count indictmentcharging Baer with a 'iolation of "M .*5*C* M#=(c)* @n arch "=,"::=, citing se'eral e7mail messages &etween Ionda and Baer, a federal

grand 8ur% returned a su!erseding indictment, charging Baer and Iondawith fi'e counts of 'iolations of "M .*5*C* M#=(c)* /he e7mail messagessu!!orting the su!erseding indictment were not a'aila&le in an% !u&licl%accessi&le !ortion of the +nternet*

@n !ril "=, Baer filed a otion to Ruash +ndictment with the districtcourt* +n United States v #aker! M:3 F*5u!!* "4#=, "4M"(9*>*ich*"::=), the district court dismissed the indictment againstBaer, reasoning that the e7mail messages sent and recei'ed &% Baer andIonda did not constitute

8/12/2019 Cyber Crime 1203

11/70

foreign commerce- (2) a communication containing a threat- and (4) thethreat must &e a threat to in8ure Oor idna! the !erson of another*

8/12/2019 Cyber Crime 1203

18/70

@n ugust 2", "::4, >r* Ieorge Patterson, who o!erated the clinic whereIunn wored, was shot to death* < !oster had &eencirculated !rior to his murder, indicating where he !erformed a&ortionsand that he had Iunn !erform a&ortions for his Pensacola clinic* +n Jul%"::E, >r* John Ba%ard Britton was murdered &% Paul ;ill after &eing

named on an < !oster that ;ill hel!ed to !re!are* @ne gi'esBritton?s !h%sical descri!tion together with his home and office addressesand !hone num&ers, and charges reste later ratified the !oster?s release* /his !oster isca!tioned

8/12/2019 Cyber Crime 1203

19/70

9li6a&eth Newhall, and Warren ;ern are three* /he !oster !ro'ides ;ern?sresidence and the home address of James Newhall and 9li6a&eth Newhall-it also lists the name and home address of >r* Ieorge a&ac%, a doctorwho !ro'ided a&ortions at PPCW* +t offers a < o6en!oster was released, the FB+ offered !rotection to doctors identified on itand ad'ised them to wear &ullet!roof 'ests and tae other securit%!recautions, which the% did* nowing this, L re!rinted the !oster inthe arch "::= edition of its maga6ine (i%e Advocateunder a co'er withthe eadl% >o6en !oster at e'ents inugust "::= and Januar% "::A* G G G

t its Januar% "::A conference, CL dis!la%ed the >eadl% >o6en

!oster, held a

8/12/2019 Cyber Crime 1203

20/70

B% Januar% "::= the !h%sicians new a&out the Iunn, Patterson andBritton murders and the !osters that !receded each* ;ern was terrifiedwhen his name a!!eared on the >eadl% >o6en !oster- as he !ut it$ eadl% >o6en List, which meant to me that77that, as nightfollows da%, that m% name was on this wanted !oster *** and that + would&e assassinated, as had the other doctors &een assassinated*< G G G /he 8ur%found for !laintiffs on all claims e0ce!t for Bra% and /reshman on the1+C@ claims*E/he district court then considered euita&le relief* +t foundthat each defendant used intimidation as a means of interfering with the!ro'ision of re!roducti'e health ser'ices- that each inde!endentl% and as aco7cons!irator !u&lished and distri&uted the >eadl% >o6en !oster, theCrist !oster, and the Nurem&erg Files- and that each acted with malice ands!ecific intent in communicating true threats to ill, assault or do &odil%

harm to each of the !laintiffs to intimidate them from engaging in legalmedical !ractices and !rocedures* /he court found that the &alance ofhardshi!s weighed

8/12/2019 Cyber Crime 1203

21/70

categor% and is narrowl% enough &ounded as a matter of constitutionallaw*

+++

CL argues that the First mendment reuires re'ersal &ecause lia&ilit%was &ased on !olitical s!eech that constituted neither an incitement toimminent lawless action nor a true threat* +t suggests that the e% uestionfor us to consider is whether these !osters can &e considered

8/12/2019 Cyber Crime 1203

22/70

harm to him77or herself or to another*< "M .*5*C* 2EM(e)(4)* /hus, thefirst tas is to define

8/12/2019 Cyber Crime 1203

23/70

mendment* But, in two critical res!ects, the Files go further* +n additionto listing 8udges, !oliticians and law enforcement !ersonnel, the Filesse!aratel% categori6e

8/12/2019 Cyber Crime 1203

24/70

s a direct result of ha'ing a eadl%>o6en Poster, the Crist Poster, and the Nurem&erg Files with s!ecificintent to mae true threats to ill or do &odil% harm to !h%sicians, and tointimidate them from engaging in legal medical !ractices* +t r*9li6a&eth Newhall, >r* James Newhall, PPCW and PFW;C in 'iolationof FC9- !u&lishing, re!u&lishing, re!roducing or distri&uting the >eadl%>o6en Poster, or the Crist !oster, or their eui'alent, with s!ecific intentto threaten !h%sicians, PPCW or PFW;C- and from !ro'iding additionalmaterial concerning Crist, ;ern, either Newhall, PPCW or PFW;C to theNurem&erg Files or an% mirror we& site with a s!ecific intent to threaten,as well as from !u&lishing the !ersonall% identif%ing information a&outthem in the Nurem&erg Files with a s!ecific intent to threaten* /he courtalso ordered CL to turn o'er !ossession of materials that are not incom!liance with the in8unction* G G G

Conclusion

8/12/2019 Cyber Crime 1203

25/70

e0!ression of intent to harm or assault*< /his, cou!led with the statute?sreuirement of intent to intimidate, com!orts with the First mendment*We ha'e re'iewed the record and are satisfied that use of the Crist Poster,the >eadl% >o6en Poster, and the indi'idual !laintiffs? listing in theNurem&erg Files constitute a true threat* +n three !rior incidents, a

8/12/2019 Cyber Crime 1203

26/70

of 'iew* /he !osters and the we&site are designed &oth to rall% !oliticalsu!!ort for the 'iews es!oused &% defendants, and to intimidate !laintiffsand others lie them into desisting a&ortion7 related acti'ities* /his!olitical agenda ma% not &e to the liing of man% !eo!le77!oliticaldissidents are often un!o!ular77&ut the s!eech, including the intimidating

message, does not constitute a direct threat &ecause there is no e'idenceother than the s!eech itself that the s!eaers intend to resort to !h%sical'iolence if their threat is not heeded* G G G

We ha'e recogni6ed that statements communicated directl% to the targetare much more liel% to &e true threats than those, as here, communicatedas !art of a !u&lic !rotest* @ur caselaw also instructs that, in decidingwhether the coerci'e s!eech is !rotected, it maes a &ig differencewhether it is contained in a !ri'ate communication7a face7to7faceconfrontation, a tele!hone call, a dead fish wra!!ed in news!a!er 77 or ismade during the course of !u&lic discourse* /he reason for this distinction

is o&'ious$ Pri'ate s!eech is aimed onl% at its target* Pu&lic s!eech, &%contrast, sees to mo'e !u&lic o!inion and to encourage those of liemind* Coerci'e s!eech that is !art of !u&lic discourse en8o%s far greater!rotection than identical s!eech made in a !urel% !ri'ate conte0t* G G G

B91Z@N, Circuit Judge, with whom 19+N;1>/, @Z+N5+, andL9+NF9L>, Circuit Judges, 8oin, and @?5CNNL+N, Circuit Judge,8oins as to Part +++ onl%, dissenting$G G G s wa'es of fer'ent !rotest mo'ements ha'e e&&ed and flowed, thecourts ha'e &een called u!on to delineate and enforce the line &etween!rotected s!eech and communications that are &oth of little or no 'alue asinformation, e0!ression of o!inion or !ersuasion of others, and are ofconsidera&le harm to others* /his 8udicial tas has ne'er &een an eas% one,as it can reuire77as here77 recogni6ing the right of !rotesting grou!s touestion dee!l% held societal notions of what is morall%, !oliticall%,economicall%, or sociall% correct and what is not* /he defendants here!ose a s!ecial challenge, as the% 'ehementl% condone the 'iew thatmurdering a&ortion !ro'iders77indi'iduals who are !ro'iding medicalser'ices !rotected &% the Constitution77is morall% 8ustified*

But the defendants ha'e not murdered an%one, and for all the reasons +ha'e discussed, neither their ad'ocac% of doing so nor the !osters andwe&site the% !u&lished crossed the line into un!rotected s!eech* +f we arenot willing to !ro'ide stringent First mendment !rotection and a fair trialto those with whom we as a societ% disagree as well as those with whomwe agree77as the 5u!reme Court did when it struc down the con'iction ofmem&ers of the u lu0 lan for their racist, 'iolence77condoning s!eechin #randen&urg77the First mendment will &ecome a dead letter*

2A
http://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0204838401&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0245335801&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0152453101&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0264307901&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?SerialNum=1969133007&FindType=Y&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0204838401&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0245335801&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0152453101&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?DB=WLD-PEOPLECITE&DocName=0264307901&FindType=h&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_tophttp://web2.westlaw.com/Find/Default.wl?SerialNum=1969133007&FindType=Y&AP=&RS=WLW2.80&VR=2.0&SV=Split&MT=LawSchool&FN=_top

8/12/2019 Cyber Crime 1203

27/70

oreo'er, the ne0t !rotest grou!77which ma% &e a new ci'il rightsmo'ement or another grou! e'entuall% 'indicated &% acce!tance of theirgoals &% societ% at large77will (unless we cease fulfilling our o&ligation as8udges to &e e'enhanded) &e censored according to the rules a!!lied to thelast* + do not &elie'e that the defendants? s!eech here, on this record and

gi'en two ma8or erroneous e'identiar% rulings, crossed the line intoun!rotected s!eech* + therefore dissent*

2#

8/12/2019 Cyber Crime 1203

28/70

. Internet !rad

/he &est source of information concerning the growing incidence of fraud committed onthe +nternet is the +nternet Fraud Com!laint Center (+FCC), a !artnershi! &etween the

National White Collar Crime Center (NW4C) and the Federal Bureau of +n'estigation(FB+)* /he following findings are taen from the +FCCHs 233" +nternet Fraud 1e!ort(a'aila&le at htt!$DDwww"*ifccf&i*go'Dstrateg%D+FCCS233"Snnual1e!ort*!df)

From Januar% ", 233" K >ecem&er 4", 233" the +FCCHs we&site recei'ed E:,#""

com!laints* /his total includes man% different fraud t%!es and non7fraudulentcom!laints, such as com!uter intrusions, 5PDunsolicited email, and child!ornogra!h%* >uring this same time !eriod, the +FCC referred "A,##= com!laintsof fraud, the ma8orit% of which was committed o'er the +nternet or similar onlineser'ice* /he total dollar loss from all referred cases of fraud was "#*M million,with a median dollar loss of E4= !er com!laint*

+nternet auction fraud was &% far the most re!orted offense, com!rising E2*M of

referred com!laints* Non7deli'era&le merchandise and !a%ment account for23*4 of com!laints, and Nigerian Letter fraud made u! "=*= of com!laints*CreditDde&it Card fraud and Confidence fraud (such as home im!ro'ement scamsand multi7le'el mareting) round out the to! fi'e categories of com!laintsreferred to law enforcement during the %ear* mong those indi'iduals whore!orted a dollar loss, the highest median dollar losses were found amongNigerian Letter 5cam (=,=#=), +dentit% /heft (4,333), and +n'estment fraud(",333) com!lainants*

o /he Nigerian Letter 5cam is defined as a corres!ondence outlining an

o!!ortunit% to recei'e non7e0istent go'ernment funds from allegeddignitaries that is designed to collect ad'ance fees from the 'ictims* /his

sometimes reuires !a%off mone% to &ri&e go'ernment officials* Whileother countries ma% &e mentioned, the corres!ondence t%!icall% indicates/he Io'ernment of Nigeria as the nation of origin* /his scam has runsince the earl% ":M3Hs and is also referred to as E": Fraud after therele'ant section of the Criminal Code of Nigeria, as well as d'ance FeeFraud* Because of the scam, the countr% of Nigeria rans 2nd for totalcom!laints re!orted at the +FCC on &usinesses &% countr%*

Nearl% #A of alleged fraud !er!etrators are indi'iduals (as o!!osed to

&usinesses), M" are male, and half reside in one of the following states$California, Florida, New Yor, /e0as, and +llinois* While most are from the.nited 5tates, !er!etrators ha'e a re!resentation in Canada, Nigeria, 1omania and

the .nited ingdom* /he amount loss &% com!lainants tends to &e related to a num&er of factors*

Business 'ictims tend to lose more than indi'iduals and males tend to lose morethan females* /his ma% &e a function of &oth online !urchasing differences &%gender, and the t%!e of fraud the indi'idual finds themsel'es in'ol'ed in* Whilethere isnHt a strong relationshi! &etween age and loss, !ro!ortion of indi'idualslosing at least =,333 is higher for those A3 %ears and older than it is for an% otherage categor%*

2M
http://www1.ifccfbi.gov/strategy/IFCC_2001_AnnualReport.pdfhttp://www1.ifccfbi.gov/strategy/IFCC_2001_AnnualReport.pdf

8/12/2019 Cyber Crime 1203

29/70

9lectronic mail (97mail) and we& !ages are the two !rimar% mechanisms &%

which the fraudulent contact too !lace* Nearl% #3 of com!lainants re!ortedthe% had e7mail contact with the !er!etrator*

/he !rimar% federal statute used to !rosecute +nternet fraud is "M .*5*C* "4E4, which

!ro'ides that$

Whoe'er, ha'ing de'ised or intending to de'ise an% scheme or artifice todefraud, or for o&taining mone% or !ro!ert% &% means of false orfraudulent !retenses, re!resentations, or !romises, transmits or causes to&e transmitted &% means of wire, radio, or tele'ision communication ininterstate or foreign commerce, an% writings, signs, signals, !ictures, orsounds for the !ur!ose of e0ecuting such scheme or artifice, shall &e finedunder this title or im!risoned not more than fi'e %ears, or &oth* +f the'iolation affects a financial institution, such !erson shall &e fined not morethan ",333,333 or im!risoned not more than 43 %ears, or &oth*

/he following essa% &% Jonathan 1usch, 5!ecial Counsel for Fraud Pre'ention in theFraud 5ection of the Criminal >i'ision at the .*5* >e!artment of Justice, descri&es inmore detail the t%!es of fraud freuentl% !er!etrated through the +nternet and the Justice>e!artmentHs efforts K rel%ing on section "4E4 and other statutes K to sto! them*

Fraud +n'ol'ing @nline uctions

@nline auction fraud t%!icall% in'ol'es se'eral recurring a!!roaches* /hemost common a!!roach a!!ears to &e the offering of some 'alua&le item,such as com!uters, high7!riced watches, or collecti&le items, through a

nown online auction site* /he indi'iduals who are informed that the% aresuccessful &idders send their mone% to the seller, &ut ne'er recei'e the!romised merchandise* +n a 'ariation of this a!!roach, the criminals sendcounterfeit merchandise in !lace of the !romised merchandise* thirda!!roach in'ol'es the criminal contacting losing &idders in a !articularonline auction, informing them that additional units of the item on whichthe% &id ha'e &ecome a'aila&le, and taing the &idders? mone% withoutdeli'ering the items* G G G

Consumers interested in a !articular auction sometimes want to learn ifother &u%ers ha'e had fa'ora&le e0!eriences with the !ur!orted seller in

that auction* a8or auction sites lie eBa% and ma6on*com allowlegitimate customers to !ro'ide feed&ac on their e0!eriences with!articular sellers* Criminals, howe'er, can also use false e7mail identitiesto !ro'ide enlinger, No* 33C1=#4+9I

2:

8/12/2019 Cyber Crime 1203

30/70

(5*>* Cal* filed Fe&* 2M, 2333), the defendant used online auction sites tooffer Beanie Ba&ies for sale, &ut failed to deli'er the !roducts afterrecei'ing the 'ictim?s mone%* ;e used 'arious

8/12/2019 Cyber Crime 1203

31/70

and ena&le runners to register online* lthough he had no affiliation withthe real ;awaii arathon, he co!ied the authori6ed arathon We&site,and created his own We&site with the confusingl% similar name,* Cal* filed Jan* E, 2333), two defendants mani!ulated the stocof a &anru!t com!an%, N9+ We&world, +nc* /he% !osted messages onse'eral financial message &oards, falsel% stating that N9+ was going to &etaen o'er &% a California com!an%, and, with the hel! of a thirdindi'idual, &ought "43,333 shares of N9+ &efore their mani!ulationsresulted in a dramatic !rice increase* +n an attem!t to conceal theiridentities, the two defendants and their confederates used com!uters at the

4"

8/12/2019 Cyber Crime 1203

32/70

.CL Biomedical Li&rar% to !ost the false re!orts* n 59C amendedcom!laint charged that the defendants and another indi'idual had alsoengaged in similar mani!ulati'e conduct concerning the securities ofele'en other issuers in ":::* (+n Januar%, 233", &oth defendants weresentenced to fifteen months and ten months im!risonment, res!ecti'el%)*

+n .nited 5tates '* oldofs%, No* 5"33C14MM (1PP) (5*>*N*Y*con'icted arch M, 233"), the defendant, a da% trader, on the e'ening of

arch 22, 2333, and the morning of the ne0t da%, !osted a message nearl%twent% times what was designed to loo lie a Lucent !ress releaseannouncing that Lucent would not meet its uarterl% earnings !ro8ections*For most of those !ostings, he used an alias designed to resem&le a screenname used &% a freuent commentator on the Lucent message &oard whohad historicall% e0!ressed !ositi'e 'iews of Lucent stoc* ;e also !ostedadditional messages, using other screen names that commented on therelease or on the message !oster?s conduct* @n arch 24, Lucent?s stoc!rice dro!!ed more than 4*# !ercent &efore Lucent issued a statementdisa'owing the false !ress release, &ut rose &% M !ercent within tenminutes of Lucent?s disa'owal*

+n .nited 5tates '* Jao&, No* C17337"3327>/ (C*>* Cal* indictment filed5e!t* 2M, 2333- !leaded guilt% >ec* 2:, 2333), the defendant engaged ine'en more ela&orate fraudulent conduct to effect a

8/12/2019 Cyber Crime 1203

33/70

8/12/2019 Cyber Crime 1203

34/70

was in'ol'ed in a com!uter hacing scheme that used home com!uters forelectronic access to se'eral of the largest .nited 5tates tele!hone s%stemsand for downloading thousands of calling card num&ers (access codes)*/he defendant, who !leaded guilt% to !ossession of unauthori6ed accessde'ices and com!uter fraud, used his !ersonal com!uter to access a

tele!hone s%stem com!uter and to download and transfer thousands ofaccess codes relating to com!an% calling card num&ers* +n taing thesecodes, the defendant used a com!uter !rogram he had created to automatethe downloading, and instructed his cocons!irators on how to use the!rogram* /he defendant admitted that the loss suffered &% the com!an% asa result of his criminal conduct was :==,:A=* ;e was sentenced toeighteen months? im!risonment and "3,333 in restitution* G G G

+dentit% /heft and Fraud

@nline !a%ment7card fraud is closel% related to the !ro&lem of identit%

theft and fraud* /he Federal /rade Commission (F/C) re!orts that itsConsumer 5entinel We&site, which !ro'ides law enforcement with accessto more than 433,333 com!laints a&out all t%!es of consumer fraud, hasrecei'ed more com!laints a&out identit% theft and fraud than an% othercategor% of consumer fraud* (5eewww*consumer*go'DsentinelDtrends*htm*) While identit% theft can &ecommitted in furtherance of man% t%!es of crime, a num&er of recentfederal !rosecutions ha'e com&ined identit% theft and +nternet fraud*

+n .nited 5tates '* Christian, No* 3373475L1 (>* >el* filed ug* 4, 2333),two defendants o&tained the names and 5ocial 5ecurit% num&ers of 42=high7raning .nited 5tates militar% officers from a !u&lic We&site, thenused those names and identities to a!!l% for instant credit at a leadingcom!uter com!an% and to o&tain credit cards through two &ans* /he%fenced the items the% &ought under the 'ictims? names, and acce!tedorders from others for additional merchandise* /he two defendants, after!leading guilt% to cons!irac% to commit &an fraud were sentenced tothirt%7three and fort%7one months im!risonment and restitution of morethan "33,333 each*

5imilarl%, in .nited 5tates '* Wahl, No* C13372M=P (W*>* Wash*sentenced @ct* "A, 2333), the defendant o&tained the date of &irth and5ocial 5ecurit% num&er of the 'ictim (who shared the defendant?s first andlast name and middle initial)* ;e then used the 'ictim?s identif%inginformation to a!!l% online for credit cards with three com!anies and toa!!l% online for a "=,333 automo&ile loan* ;e actuall% used the !roceedsof the automo&ile loan to in'est in his own &usiness* (/he defendant, after!leading guilt% to identit% theft, was sentenced to se'en months?im!risonment and nearl% 2#,333 in restitution)*

4E
http://www.consumer.gov/sentinel/trends.htmhttp://www.consumer.gov/sentinel/trends.htm

8/12/2019 Cyber Crime 1203

35/70

Business @!!ortunit% Fraud

Business o!!ortunit% or

4=

8/12/2019 Cyber Crime 1203

36/70

%. 2acking

Com!uter crime often in'ol'es illegall% accessing and damaging com!uters* +llegall%accessing and damaging com!uters runs the gamut from the mischie'ous to the

malicious* /his section first addresses hacti'ism, a relati'el% &enign form of illegalaccess and damage to com!uters undertaen for a !olitical !ur!ose* ;acti'ism includeswe& defacement, we& sit7ins, and denial7of7ser'ice attacs* /he discussion then shifts tomore malicious denial7of7ser'ice attacs- worms and 'iruses, which !ro!agatedestructi'el% through the +nternet- and finall% s%stems hacing*

A ,acktivis

2y&erwarriors, &% >oroth% >enning, ;ar'ard +nternational 1e'iew, ol* XX+++, No* 2,5ummer 233", !!* #37#=*

s Palestinian rioters clashed with +sraeli forces in the fall of 2333, ra& and+sraeli hacers too to c%&ers!ace to !artici!ate in the action* ccording to the iddle9ast +ntelligence Bulletin, the c%&erwar &egan in @cto&er, shortl% after the Le&anese5hiHite ;e6&ollah mo'ement a&ducted three +sraeli soldiers* Pro7+sraeli hacersres!onded &% cri!!ling the guerrilla mo'ementHs we&site, which had &een dis!la%ing'ideos of Palestinians illed in recent clashes and which had called on Palestinians to illas man% +sraelis as !ossi&le* Pro7Palestinian hacers retaliated, shutting down the main+sraeli go'ernment we&site and the +sraeli Foreign inistr% we&site* From there thec%&erwar escalated* n +sraeli hacer !lanted the 5tar of >a'id and some ;e&rew te0t onone of ;e6&ollahHs mirror sites, while !ro7Palestinian hacers attaced additional +sraelisites, including those of the Ban of +srael and the /el 'i' 5toc 90change* ;acers

from as far awa% as North and 5outh merica 8oined the fra%, sa&otaging o'er "33we&sites and disru!ting +nternet ser'ice in the iddle 9ast and elsewhere*/he Palestinian7+sraeli c%&erwar illustrates a growing trend* C%&ers!ace is

increasingl% used as a digital &attleground for re&els, freedom fighters, terrorists, andothers who em!lo% hacing tools to !rotest and !artici!ate in &roader conflicts* /he termhacti'ism, a fusion of hacing with acti'ism, is often used to descri&e this acti'it%* G GG

;acti'ists see c%&ers!ace as a means for non7state actors to enter arenas ofconflict, and to do so across international &orders* /he% &elie'e that nation7states are notthe onl% actors with the authorit% to engage in war and aggression* nd unlie nation7states, hacer warriors are not constrained &% the law of war or the Charter of the.nited Nations* /he% often initiate the use of aggression and needlessl% attac ci'ilians%stems*

;acti'ism is a relati'el% recent !henomenon* @ne earl% incident too !lace in@cto&er ":M:, when anti7nuclear hacers released a com!uter worm into the .5 Nationaleronautics and 5!ace dministration (N5) 5PN networ* /he worm carried themessage, Worms gainst Nuclear illers*Your 5%stem ;as Been @fficicall% OsicWNed*You tal of times of !eace for all, and then !re!are for war* t the time ofthe attac, anti7nuclear !rotesters were tr%ing (unsuccessfull%) to sto! the launch of the

4A

8/12/2019 Cyber Crime 1203

37/70

shuttle that carried the !lutonium7fueled Ialileo !ro&e on its initial leg to Ju!iter* /hesource of the attac was ne'er identified, &ut some e'idence suggested that it might ha'ecome from hacers in ustralia*

+n recent %ears, hacti'ism has &ecome a common occurrence worldwide* +taccounts for a su&stantial fraction of all c%&ers!ace attacs, which are also moti'ated &%

fun, curiosit%, !rofit, and !ersonal re'enge* ;acti'ism is liel% to &ecome e'en more!o!ular as the +nternet continues to grow and s!read throughout the world* +t is eas% tocarr% out and offers man% ad'antages o'er !h%sical forms of !rotest and attac*

/he ttraction to ;acti'ism

For acti'ists, hacti'ism has se'eral attracti'e features, not the least of which isglo&al 'isi&ilit%* B% altering the content on !o!ular we&sites, hacti'ists can s!read theirmessages and names to large audiences* 9'en after the sites are restored, mirrors of thehaced !ages are archi'ed on sites such as ttrition*org, where the% can &e 'iewed &%an%one at an% time and from an%where* lso, the news media are fascinated &%

c%&erattacs and are uic to re!ort them* @nce the news stories hit the +nternet, the%s!read uicl% around the glo&e, drawing attention to the hacers as well as to the&roader conflict*

cti'ists are also attracted to the low costs of hacti'ism* /here are few e0!enses&e%ond those of a com!uter and an +nternet connection* ;acing tools can &edownloaded for free from numerous we&sites all o'er the world* +t costs nothing to usethem and man% reuire little or no e0!ertise*

oreo'er, hacti'ism has the &enefit of &eing unconstrained &% geogra!h% anddistance* .nlie street !rotesters, hacers do not ha'e to &e !h%sicall% !resent to fight adigital war* +n a sit7in on the we&site of the e0ican 9m&ass% in the .nited ingdom,the 9lectronic >istur&ance /heater (9>/) gathered o'er "M,333 !artici!ants from EAcountries* ;acti'ists could 8oin the &attle sim!l% &% 'isiting the 9>/Hs we&site*

;acti'ism is thus well7suited to swarming, a strateg% in which hacers attac agi'en target from man% directions at once* Because the +nternet is glo&al, it is relati'el%eas% to assem&le a large grou! of digital warriors in a coordinated attac* /he .nitedingdom7&ased 9lectrohi!!ies Collecti'e estimated that E=2,333 !eo!le !artici!ated intheir sit7in on the we&site of the World /rade @rgani6ation (W/@)* /he c%&erattac wasconducted in con8unction with street !rotests during W/@Hs 5eattle meetings in late":::*

nother attraction of hacti'ism is the a&ilit% to o!erate anon%mousl% on the+nternet* C%&erwarriors can !artici!ate in attacs with little ris of &eing identified, letalone !rosecuted* Further, !artici!ating in a c%&er&attle is not life7threatening or e'endangerous$ hacti'ists cannot &e gunned down in c%&ers!ace*

an% hacti'ists, howe'er, re8ect anon%mit%* /he% !refer that their actions &eo!en and attri&uta&le* 9>/ and 9lectrohi!!ies es!ouse this !hiloso!h%* /heir e'ents areannounced in ad'ance and the main !la%ers use their real names*

We& >efacement and ;i8acing

4#

8/12/2019 Cyber Crime 1203

38/70

We& defacement is !erha!s the most common form of attac* ttrition*org, whichcollects mirrors and statistics of haced we&sites, recorded o'er =,333 defacements in the%ear 2333 alone, u! from a&out 4,#33 in ":::* lthough the ma8orit% of these ma% ha'e&een moti'ated more &% thrills and &ragging rights than &% some higher cause, man%were also casualties of a digital &attle*

We& hacs were common during the oso'o conflict in ":::* /he .5 hacinggrou! called /eam 5!l3it &roe into go'ernment sites and !osted statements such as,/ell %our go'ernments to sto! the war* /he oso'o ;acers Irou!, a coalition of9uro!ean and l&anian hacers, re!laced at least fi'e sites with &lac and red Freeoso'o &anners*

+n the wae of the accidental &om&ing of ChinaHs Belgrade em&ass% &% the Northtlantic /reat% @rgani6ation (N/@), angr% Chinese citi6ens allegedl% haced se'eral.5 go'ernment sites* /he slogan >own with Bar&arians was !laced in Chinese on thewe& !age of the .5 9m&ass% in Bei8ing, while the .5 >e!artment of +nterior we&siteshowed images of the three 8ournalists illed during the &om&ing and crowds !rotestingthe attac in Bei8ing* /he .5 >e!artment of 9nerg%Hs home !age read$

Protest .5Hs Na6i actionUWe are Chinese hacers who tae no cares a&out!olitics* But we can not stand &% seeing our Chinese re!orters &een illed which %oumight ha'e now Osic*N/@ led &% .5 must tae a&solute res!onsi&ilit%*WewonHt sto! attacing until the war sto!sU

We& defacements were also !o!ular in a c%&erwar that eru!ted &etween hacersin China and /aiwan in ugust ":::* Chinese hacers defaced se'eral /aiwanese andgo'ernment we&sites with !ro7China messages sa%ing /aiwan was and alwa%s would &ean inse!ara&le !art of China* @nl% one China e0ists and onl% one China is needed, reada message !osted on the we&site of /aiwanHs highest watchdog agenc%* /aiwanesehacers retaliated and !lanted a red and &lue /aiwanese national flag and an anti7Communist slogan, 1econuer, 1econuer, 1econuer the ainland, on a Chinesehigh7tech +nternet site* /he c%&erwar followed an angr% e0change &etween China and/aiwan in res!onse to /aiwanese President Lee /eng7huiHs statement that China mustdeal with /aiwan on a state7to7state &asis*

an% of the attacs during the Palestinian7+sraeli c%&erwar were we&defacements* /he hacing grou! IForce Paistan, which 8oined the !ro7Palestinianforces, !osted heart7wrenching images of &adl% mutilated children on numerous +sraeliwe&sites* /he Borah /orah site also contained the message, Jews, +sraelis, %ou ha'ecrossed %our limits, is that what /orah teaches /o ill small innocent children in thatmanner You Jews must dieU along with a warning of additional attacs*

;acti'ists ha'e also hi8aced we&sites &% tam!ering with the >omain Name5er'ice so that the siteHs domain name resol'es to the +P address of some other site*When users !oint their &rowsers to the target site, the% are redirected to the alternati'esite*

+n what might ha'e &een one of the largest mass we&site taeo'ers, the anti7nuclear ilw3rm hacers 8oined with the shtra% Lum&er8acs hacers in an attac thataffected more than 433 we&sites in Jul% "::M* ccording to re!orts, the hacers &roeinto the British +nternet ser'ice !ro'ider (+5P) 9as%5!ace, which hosted the sites* /he%altered the +5PHs data&ase so that users attem!ting to access the sites were redirected to ailw3rm site, where the% were greeted &% a message !rotesting the nuclear arms race*

4M

8/12/2019 Cyber Crime 1203

39/70

/he message concluded with .se %our !ower to ee! the world in a state of P9C9 and!ut a sto! to this nuclear &ullshit*

We& 5it7ins

We& sit7ins are another !o!ular form of attac* /housands of +nternet userssimultaneousl% 'isit a target we&site and attem!t to generate sufficient traffic to disru!tnormal ser'ice* grou! calling itself 5trano Networ conducted what was !ro&a&l% thefirst such demonstration as a !rotest against the French go'ernmentHs !olicies on nuclearand social issues* @n >ecem&er 2", "::=, the% launched a one7hour NetH5trie attacagainst the we&sites o!erated &% 'arious go'ernment agencies* t the a!!ointed hour,!artici!ants from all o'er the world !ointed their &rowsers to the go'ernment we&sites*ccording to re!orts, at least some of the sites were effecti'el% noced out for the!eriod*

+n "::M, 9>/ too the conce!t a ste! further and automated the attacs* /he%organi6ed a series of sit7ins, first against e0ican President 9rnesto ZedilloHs we&site

and later against .5 President Bill ClintonHs White ;ouse we&site, the Pentagon, the .5rm% 5chool of the mericas, the Franfurt 5toc 90change, and the e0ican 5toc90change* /he !ur!ose was to demonstrate solidarit% with the e0ican Za!atistas*ccording to 9>/Hs Brett 5tal&aum, the Pentagon was chosen &ecause we &elie'e thatthe .5 militar% trained the soldiers carr%ing out the human rights a&uses* For a similarreason, the .5 rm% 5chool of the mericas was selected* /he Franfurt 5toc90change was targeted, 5tal&aum said, Because it re!resented ca!italismHs role inglo&ali6ation utili6ing the techniues of genocide and ethnic cleansing, which is at theroot of the Chia!asH !ro&lems* /he !eo!le of Chia!as should !la% a e% role indetermining their own fate, instead of ha'ing it !ushed on them through their forcedrelocation*which is currentl% financed &% Western ca!ital*

/o facilitate the stries, the organi6ers set u! s!ecial we&sites with automatedsoftware* ll that was reuired of would7&e !artici!ants was to 'isit one of the FloodNetsites* When the% did, their &rowser would download the software (a Ja'a !!let), whichwould access the target site e'er% few seconds* +n addition, the software let !rotesterslea'e a !ersonal statement on the targeted ser'erHs error log* For e0am!le, if the% !ointedtheir &rowsers to a non7e0istent file such as humanSrights on the target ser'er, theser'er would log the message, humanSrights not found on this ser'er*

When the PentagonHs ser'er sensed the attac from the FloodNet ser'ers, itlaunched a counter7offensi'e against the usersH &rowsers, redirecting them to a !age withan !!let !rogram called ;ostile!!let* @nce there, the new a!!let was downloadedto their &rowsers, where it endlessl% tied u! their machines tr%ing to reload a documentuntil the machines were re&ooted* /he Franfurt 5toc 90change re!orted that the% wereaware of the !rotest &ut &elie'ed it had not affected their ser'ices* @'erall, 9>/considered the attacs a success* @ur interest is to hel! the !eo!le of Chia!as to ee!recei'ing the international recognition that the% need to ee! them ali'e, said 5tal&aum*

5ince the time of the stries, FloodNet and similar software ha'e &een used innumerous sit7ins s!onsored &% 9>/, the 9lectrohi!!ies, and others* /here were re!orts ofFloodNet acti'it% during the Palestinian7+sraeli c%&erwar* Pro7+srael hacers created a

4:

8/12/2019 Cyber Crime 1203

40/70

we&site called Wi6el*com, which offered FloodNet software and other tools &efore it wasshut down* Pro7ra& hacers !ut u! similar sites*

/he 9lectrohi!!ies ha'e &een critici6ed for den%ing their targetsH right to s!eechwhen conducting a sit7in* /heir res!onse has &een that a sit7in is acce!ta&le if itsu&stitutes the deficit of s!eech &% one grou! with a &road de&ate on !olic% issues and if

the e'ent used to 8ustif% the sit7in !ro'ides a focus for the de&ate* /he 9lectrohi!!ies alsodemand &road su!!ort for their actions* n o!eration !rotesting geneticall% modifiedfoods was a&orted when the ma8orit% of 'isitors to their site did not 'ote for theo!eration*

>enial7of75er'ice ttacs

Whereas a we& sit7in reuires !artici!ation &% tens of thousands of !eo!le to ha'ee'en a slight im!act, the so7called denial7of7ser'ice (>o5) and distri&uted denial7of7ser'ice (>>o5) tools allow lone c%&erwarriors to shut down we&sites and e7mail ser'ers*With a >o5 attac, a hacer uses a software tool that &om&ards a ser'er with networ

messages* /he messages either crash the ser'er or disru!t ser'ice so &adl% that legitimatetraffic slows to a crawl* >>o5 is similar e0ce!t that the hacer first !enetrates numerous+nternet ser'ers (called 6om&ies) and installs software on them to conduct the attac*/he hacer then uses a tool that directs the 6om&ies to attac the target all at once*

>uring the oso'o conflict, Belgrade hacers were credited with >o5 attacsagainst N/@ ser'ers* /he% &om&arded N/@Hs we& ser'er with !ing commands,which test whether a ser'er is running and connected to the +nternet* /he attacs causedline saturation of the targeted ser'ers*

5imilar attacs too !lace during the Palestinian7+sraeli c%&erwar* Pro7Palestinianhacers used >o5 tools to attac Net'ision, +sraelHs largest +5P* While initial attacscri!!led the +5P, Net'ision succeeded in fending off later assaults &% strengthening itssecurit%*

# Malicious 2oputer Attacks

6 Ma%ia&oy: $enial-o%-Service Attacks 7utside the Political Arena

@n Fe&ruar% 2333, news re!orts indicated that that Yahoo, Ca&le News Networ, eBa%,ma6on*com, 9G/rade, and Bu%*com, (among other sites) e0!erienced distri&uted denialof ser'ice (>@5

8/12/2019 Cyber Crime 1203

41/70

+n Januar% of 233", afia&o% !leaded guilt% to =A counts of >@5 attacs from Fe&ruar% 2333* ;e was charged with >@5 attac that&rought down CNN*com, ma6on*com, eBa%, >ell Com!uter and others &etweenFe&ruar% M and "E, 2333* /he teenager e'entuall% recei'ed a sentence of eight months indetention followed &% a %ear of !ro&ation for his actions* /he 8udge also reuired him to

donate 2=3 to charit%* afia&o% allegedl% caused more than .5 "*= &illion in damagein connection with the 'arious >>@5 attacs*

8 4ors and +iruses

Both worms and 'iruses are malicious !rograms which !ro!agate uncontrolla&l% o'er the+nternet* worm !rogram is to designed to in'ade a com!uter and re!licate itself &%sending the worm to other com!uters on a networ or in the userHs address &oo* Wormscause damage &% clogging u! com!uter networs, slowing down or e'en cri!!lingindi'idual com!uters and shared ser'ers*

.nlie worms, which do nothing &ut re!licate themsel'es, 'iruses &oth re!licatethemsel'es and carr% a malicious !a%load* /his malicious !a%load ma% &e a !rogramwhich immediatel% corru!ts or deletes data on the infected machine* @r the 'irus ma%unleash a logic &om& which lies dormant on the machine and destro%s data when theinfected com!uterHs cloc reaches a certain date*

+n the !ast, 'iruses and worms were s!read through flo!!% diss and infected macroattachments to common files lie icrosoft Word documents* /oda%, man% 'iruses andworms are s!read through e7mail and acti'ated when the user o!ens an e7mailattachment* /ro8an horse is an e7mail attachment that a!!ears &enign* When theuser o!ens the /ro8an horse, howe'er, a hidden worm or 'irus is acti'ated that can

damage the userHs com!uter and send itself to other com!uters on the userHs networ*

(ove (etter +irus, from National +nfrastructure Protection Center we&site, athtt!$DDwww*ni!c*go'Din'estigationsDlo'eletter*htm

+n a% of 2333, com!anies and indi'iduals around the world were stricen &% the e!artment of 9nerg%, the >e!artment of griculture, the>e!artment of 9ducation, the National eronautics and 5!ace dministration (N5),

E"
http://www.nipc.gov/investigations/loveletter.htmhttp://www.nipc.gov/investigations/loveletter.htm

8/12/2019 Cyber Crime 1203

42/70

along with the ;ouse and 5enate* >amage estimates from the 'irus range u!wards of "3&illion*

+n'estigati'e wor &% the FB+?s New Yor Field @ffice, with assistance from the N+PC,traced the source of the 'irus to the Phili!!ines within 2E hours* /he FB+ then wored,

through the L9I/ in anila, with the Phili!!ines? National Bureau of +n'estigation, toidentif% the !er!etrator* /he s!eed with which the 'irus was traced &ac to its source isun!recedented* /he in'estigation in the Phili!!ines was ham!ered &% the lac of as!ecific com!uter crime statute* Ne'ertheless, @nel de Iu6man was charged on June 2:,2333 with fraud, theft, malicious mischief, and 'iolation of the >e'ices 1egulation ct*;owe'er, those charges were dismissed in ugust 2333 &% Phili!!ine authorities u!ondetermining that traditional laws did not a!!l% to these newer high7tech c%&ercrimes*

s a !ostscri!t, it is im!ortant to note that the Phili!!ine go'ernment on June "E, 2333a!!ro'ed the 97Commerce ct, which now s!ecificall% criminali6es com!uter hacingand 'irus !ro!agation*

9 ,acking

;acing in'ol'es !enetrating a secure area &% su&'erting its securit% measures* ;acersmight accom!lish this &% setting u! !rograms lie war dialers that tr% thousands ofcommon !asswords until one is acce!ted* hacer ma% set u!

@nce hacers !enetrate the ser'ers that host their targetHs com!uter s%stems, the% canalter or remo'e files, steal information and erase the e'idence of those acti'ities* While

man% hacers &rea securit% s%stems 8ust out of curiosit%, other hacers, howe'er, ha'eattem!ted to use their sills for illegal !ersonal financial gain*

,acking %or inancial ;ain

/wo a6ahstan Citi6ens ccused @f Breaing +nto Bloom&erg L*P*?s Com!uter and90tortion re 90tradited, from .*5* >e!artment of JusticeHs Com!uter Crime and+ntellectual !ro!ert% we&site (2332), athtt!$DDwww*usdo8*go'DcriminalDc%&ercrimeD&loom&erg+ndict*htm

Ze6o' and Yarimaa are &oth charged in a four7count 5u!erseding +ndictment with one

count of unauthori6ed com!uter intrusion- one count of cons!irac%- one count ofinterfering with commerce &% using e0tortion- and one count of e0tortion of a cor!orationusing threatening communications*

ccording to the Com!laints filed in this case, Ze6o' gained unauthori6ed access to theinternal Bloom&erg Com!uter 5%stem from com!uters located in lmat%, a6ahstan* +nthe 5!ring of ":::, Bloom&erg !ro'ided data&ase ser'ices, 'ia a s%stem nown as the

8/12/2019 Cyber Crime 1203

43/70

a6ahstan* Ze6o' is em!lo%ed &% a6ommerts and is one of four indi'iduals ata6ommerts associated with a6ommertsH contract with Bloom&erg*

+n addition, according to the Com!laints, Ze6o' sent a num&er of e7mails to ichaelBloom&erg, the com!an%Hs founder, under the name eutsche Ban in London and de!osited 233,333 into the account*

s descri&ed in the Com!laint against Yarimaa, Yarimaa and Ze6o' flew froma6ahstan to London, and on ugust "3, 2333, Yarimaa and Ze6o' met withBloom&erg L*P* officials, including ichael Bloom&erg, and two London etro!olitan!olice officers, one !osing as a Bloom&erg L*P* e0ecuti'e and the other ser'ing as a

translator* t the meeting, Yarimaa allegedl% claimed that he was a former a6ahstan!rosecutor and e0!lained that he re!resented e!artment of >efense, where,among other things, he allegedl% interce!ted login names and !asswords, andintentionall% caused dela%s and damage in communications*

+n !ril ":::, +ffih o&tained unauthori6ed access to a cor!orate internet account which hethen used to illegall% access a com!uter controlled and o!erated &% the .*5* >efenseLogistics genc%* +ffih then concealed his actual com!uter address through a ser'icenown as

8/12/2019 Cyber Crime 1203

44/70

go'ernment?s com!uter* @nce

8/12/2019 Cyber Crime 1203

45/70

/he growth of !eer7to7!eer (P2P) networs has &een staggering, e'en &% +nternetstandards* From non7e0istence a few %ears ago, toda% nearl% a do6en P2P networs ha'e&een de!lo%ed, a half7do6en ha'e gained wides!read acce!tance, and one P2P networalone is res!onsi&le for "*M &illion downloads each month* /he stead% growth in&road&and access, which e0!onentiall% increases the s!eed, &readth, and usage of these

P2P networs, indicates that P2P !enetration and related downloading will continue toincrease at a &reanec !ace*

.nfortunatel%, the !rimar% current a!!lication of P2P networs is un&ridled co!%right!irac%* P2P downloads toda% consist largel% of co!%righted music, and as downloads!eeds im!ro'e, there has &een a mared increase in P2P downloads of co!%rightedsoftware, games, !hotogra!hs, araoe ta!es, and mo'ies* Boos, gra!hic designs,news!a!er articles, needle!oint designs, and architectural drawings cannot &e far &ehind*/he owners and creators of these co!%righted wors ha'e not authori6ed their distri&utionthrough these P2P networs, and P2P distri&ution of this scale does not fit into an%conce!tion of fair use* /hus, there is no uestion that the 'ast ma8orit% of P2P downloads

constitute co!%right infringements for which the wors? creators and owners recei'e nocom!ensation*

/he massi'e scale of P2P !irac% and its growing &readth re!resents a direct threat to theli'elihoods of .*5* co!%right creators, including songwriters, recording artists, musicians,directors, !hotogra!hers, gra!hic artists, 8ournalists, no'elists, and software!rogrammers* +t also threatens the sur'i'al of the industries in which these creatorswor, and the seamstresses, actors, Fole% artists, car!enters, cameramen, administrati'eassistants, and sound engineers these industries em!lo%* s these creators and theirindustries contri&ute greatl% &oth to the cultural and economic 'italit% of the .*5*, theirli'elihoods and sur'i'al must &e !rotected* G G G

While !ursuit of man% of these com!onents to the P2P !irac% solution reuires no newlegislation, + &elie'e legislation is necessar% to !romote the usefulness of at least onesuch com!onent* 5!ecificall%, enactment of the legislation + introduce toda% is necessar%to ena&le res!onsi&le usage of technological self7hel! measures to sto! co!%rightinfringements on P2P networs* G G G

@ne a!!roach that has not &een adeuatel% e0!lored is to allow technological solutions toaddress technological !ro&lems* /echnological inno'ation, as re!resented &% the creationof P2P networs and their su&seuent decentrali6ation, has &een harnessed to facilitatemassi'e P2P !irac%* +t is worth e0!loring, therefore, whether other technologicalinno'ations could &e harnessed to com&at this massi'e P2P !irac% !ro&lem* Co!%rightowners could, at least conce!tuall%, em!lo% a 'ariet% of technological tools to !re'ent theillegal distri&ution of co!%righted wors o'er a P2P networ* .sing interdiction, deco%s,redirection, file7&locing, s!oofs, or other technological tools, technolog% can hel!!re'ent P2P !irac%*

/here is nothing re'olutionar% a&out !ro!ert% owners using self7hel! 77 technological orotherwise 77 to secure or re!ossess their !ro!ert%* 5atellite com!anies !eriodicall% use

E=

8/12/2019 Cyber Crime 1203

46/70

electronic countermeasures to sto! the theft of their signals and !rogramming* Cardealers re!ossess cars when the !a%ments go un!aid* 5oftware com!anies em!lo% a'ariet% of technologies to mae software non7functional if license terms are 'iolated*;owe'er, in the conte0t of P2P networs, technological self7hel! measures ma% not &elegal due to a 'ariet% of state and federal statutes, including the Com!uter Fraud and

&use ct of ":MA* +n other words, while P2P technolog% is free to inno'ate new, moreefficient methods of P2P distri&ution that further e0acer&ate the !irac% !ro&lem,co!%right owners are not euall% free to craft technological res!onses to P2P !irac%*

/hrough the legislation + introduce toda%, Congress can free co!%right creators andowners to de'elo! technological tools to !rotect themsel'es against P2P !irac%* /he!ro!osed legislation creates a safe har&or from lia&ilit% so that co!%right owners ma% usetechnological means to !re'ent the unauthori6ed distri&ution of that ownerHs co!%rightedwors 'ia a P2P networ*

/his legislation is narrowl% crafted, with strict &ounds on acce!ta&le &eha'ior &% the

co!%right owner* For instance, the legislation would not allow a co!%right owner to !lanta 'irus on a P2P user?s com!uter, or otherwise remo'e, corru!t, or alter an% files or dataon the P2P user?s com!uter*

/he legislation !ro'ides a 'ariet% of remedies if the self7hel! measures taen &% aco!%right owner e0ceed the limits of the safe har&or* +f such actions would ha'e &eenillegal in the a&sence of the safe har&or, the co!%right owner remains su&8ect to the fullrange of lia&ilit% that e0isted under !rior law* +f a co!%right owner has engaged ina&usi'e interdiction acti'ities, an affected P2P user can file suit for economic costs andattorne%?s fees under a new cause of action* Finall%, the .*5* ttorne% Ieneral can seean in8unction !rohi&iting a co!%right owner from utili6ing the safe har&or if there is a!attern of a&usi'e interdiction acti'ities*

/his legislation does not im!act in an% wa% a !erson who is maing a fair use of aco!%righted wor, or who is otherwise using, storing, and co!%ing co!%righted wors in alawful fashion* Because its sco!e is limited to unauthori6ed distri&ution, dis!la%,!erformance or re!roduction of co!%righted wors on !u&licl% accessi&le P2P s%stems,the legislation onl% authori6es self7hel! measures taen to deal with clear co!%rightinfringements* /hus, the legislation does not authori6e an% interdiction actions to sto!fair or authori6ed uses of co!%righted wors on decentrali6ed, !eer7to7!eer s%stems, oran% interdiction of !u&lic domain wors* Further, the legislation doesn?t e'en authori6eself7hel! measures taen to address co!%right infringements outside of the decentrali6ed,P2P en'ironment*

/his !ro!osed legislation has a neutral, if not !ositi'e, net effect on !ri'ac% rights* First,a P2P user does not ha'e an e0!ectation of !ri'ac% in com!uter files that she maes!u&licl% accessi&le through a P2P file7sharing networ 7 8ust as a !erson who !laces anad'ertisement in a news!a!er cannot e0!ect to ee! that information confidential* +t isim!ortant to em!hasi6e that a P2P user must first acti'el% decide to mae a co!%rightedwor a'aila&le to the world, or to send a worldwide reuest for a file, &efore an% P2P

EA

8/12/2019 Cyber Crime 1203

47/70

interdiction would &e countenanced &% the legislation* ost im!ortantl%, unlie in aco!%right infringement lawsuit, interdiction technologies do not reuire the co!%rightowner to now who is infringing the co!%right* +nterdiction technologies onl% reuirethat the co!%right owner now where the file is located or &etween which com!uters atransmission is occurring*

No legislation can eradicate the !ro&lem of !eer7to7!eer !irac%* ;owe'er, ena&lingco!%right creators to tae action to !re'ent an infringing file from &eing shared 'ia P2P isan im!ortant first ste! toward a solution* /hrough this legislation, Congress can hel! themaret!lace more effecti'el% manage the !ro&lems associated with P2P file tradingwithout interfering with the s%stem itself*

6 Te0t o% Proposed #ill to Proote Technology Solutions to P8P Piracy

;*1* =2"", "3#thCong* (2332)

59C/+@N "* L++//+@N @N L+B+L+/Y F@1 P1@/9C/+@N @F C@PY1+I;/9>W@15 @N P9917/@7P991 N9/W@15* ="E* 1emedies for infringement$ use of technologies to !re'ent infringement of co!%7righted wors on !eer7to7!eer com!uter networs(a) +N I9N91L*VNotwithstanding an% 5tate or Federal statute or other law, andsu&8ect to the limitations set forth in su&sections (&) and (c), a co!%right owner shall not&e lia&le in an% criminal or ci'il action for disa&ling, interfering with, &locing, di'erting,or otherwise im!airing the unauthori6ed distri&ution, dis!la%, !erformance, orre!roduction of his or her co!%righted wor on a !u&licl% accessi&le !eer7to7!eer filetrading networ, if such im!airment does not, without authori6ation, alter, delete, orotherwise im!air the integrit% of an% com!uter file or data residing on the com!uter of afile trader*(&) 9XC9P/+@N5*V5u&section (a) shall not a!!l% to a co!%right owner in a case inwhichV(") in the course of taing an action !ermitted &% su&section (a), the co!%right ownerV() im!airs the a'aila&ilit% within a !u&licl% accessi&le !eer7to7!eer file trading networof a com!uter file or data that does not contain a wor, or !ortion thereof, in which theco!%right owner has an e0clusi'e right granted under section "3A, e0ce!t as ma% &ereasona&l% necessar% to im!air the distri&ution, dis!la%,!erformance, or re!roduction of such a wor, or !ortion thereof, in 'iolation of an% of thee0clusi'e rights of the co!%right owner under section "3A-(B) causes economic loss to an% !erson other than affected file traders- or(C) causes economic loss of more than =3*33 !er im!airment to the !ro!ert% of theaffected file trader, other than economic loss in'ol'ing com!uter files or data madea'aila&le through a !u&licl% accessi&le !eer7to7!eer file trading networ that containwors in which the owner has an e0clusi'e right granted under section "3A- or(2) the co!%right owner fails to com!l% with the reuirements of su&section (c)*(c) N@/+F+C/+@N 19R.+199N/*V(") co!%right owner shall not &e lia&le undersu&section (a) for an act to which su&section (a) a!!lies onl% ifV

E#

8/12/2019 Cyber Crime 1203

48/70

() the co!%right owner has notified the >e!artment of Justice, in such manner as thettorne% Ieneral shall s!ecif%, of the s!ecific technologies the co!%right owner intendsto use to im!air the unauthori6ed distri&ution, dis!la%, !erformance, or re!roduction ofthe ownerHs co!%righted wors o'er a !u&licl% accessi&le !eer7to7!eer file tradingnetwor- and

(B) the notification under !aragra!h (") was made at least # da%s &efore the co!%rightowner engaged in the act*(2) t the reuest of an affected file trader or the assignee of an +nternet Protocol addressused &% an affected file trader, a co!%right owner shall !ro'ide notice to the affected filetrader or assignee (as the case ma% &e) ofV() the reason for im!airing trading in the com!uter file or data containing theco!%righted wor of the co!%right owner-(B) the name and address of the co!%right owner- and(C) the right of the affected file trader to &ring an action descri&ed in su&section (d)*(d) C.59 @F C/+@N F@1 [email protected] +P+19N/*V(") +f, !ursuant to the authorit% !ro'ided &% su&section (a), a co!%right owner nowingl%

and intentionall% im!airs the distri&ution, dis!la%, !erformance, or re!roduction of a!articular com!uter file or data, and has no reasona&le &asis to &elie'e that suchdistri&ution, dis!la%, !erformance, or re!roduction constitutes an infringement ofco!%right, and an affected file trader suffers economic loss in e0cess of 2=3 as a resultof the act &% the co!%right owner, the affected file trader ma% see com!ensation for sucheconomic loss* G G G

8 The ,ackers Strike #ack

fter the 1ecording +ndustr% ssociation of mericaHs endorsement of BermanHs &ill, the1+Hs we&site was !artiall% disa&led &% denial7of7ser'ice attacs o'er a !eriod of fourda%s* While no one claimed res!onsi&ilit% for the attac, one unidentified 1+re!resentati'e res!onded$ on?t the% ha'e something &etter to do during the summerthan hac our site Perha!s it at least too "3 minutes awa% from stealing music*eclan cCullagh, *"AA 4e& site disa&led &y attack, Z>Net News (Jul% 43, 2332), athtt!$DD6dnet*com*comD2"337""3=7:E#"3"*html

*

$ 6B US2 C 69: The 2oputer raud and A&use Act

"M .*5*C* "343, the Com!uter Fraud and &use ct, is the !rinci!al statute for!rosecuting c%&ercrime* 5ection "343 has &een amended numerous times since its

original !assage in ":ME to match the e'olution of c%&ercrime, most nota&l% with the.5 Patriot ct in 233" (see discussion in C%&erterrorism section in%ra)*

5ection "343 di'ides federal c%&ercrimes into se'en grou!s of offenses which aredifferentiated &% the targeted com!uter, the defendantHs mens rea and actions, and t%!e ofdamage caused*

EM
http://zdnet.com.com/2100-1105-947101.htmlhttp://zdnet.com.com/2100-1105-947101.html

8/12/2019 Cyber Crime 1203

49/70

Targeted coputer 5ection "343 is limited to !rotected com!uters, which are definedas .*5* go'ernment com!uters, a financial institution com!uters, or an% com!uterconnected to the +nternet* "M .*5*C* "343(e)(2)* Penalties for damaging .*5*go'ernment com!uters are generall% higher than !enalties for damaging other !rotectedcom!uters*

$e%endantDs ens rea and actions 5ection "343 assigns a higher !enalt% for adefendantHs actions if he intentionall% rather than nowingl% acted* ;igher !enalties alsoaccrue if a defendant acted com!letel% without authori6ation (e*g*, a foreign hacer) aso!!osed to merel% e0ceeding his authori6ation (e*g*, an em!lo%ee who stum&led into thewrong s%stem)* "343(a)(4), for e0am!le, reuires the !rosecution to !ro'e thedefendant intentionall% accessed a go'ernment com!uter without authori6ation* +n o!tingfor the higher standard, Congress e0cluded nowing access and e0ceeded authori6edaccess from (a)(4) to a'oid !unishing federal em!lo%ees who inad'ertentl% accessed acom!uter s%stem the% were not authori6ed to use* See 5* 1e!* No* ::7E42, ::th Cong*,2d 5ess* = (":MA), reprinted in ":MA .*5* Code Cong* Q dmin* News 2E#:, 2EME7M=*

Type o% daage caused For some offenses, merel% accessing and o&taining informationfrom a !rotected com!uter can lead to lia&ilit% (e*g* "343(a)("), which !rotects nationalsecurit% information)* @ther offenses reuire at least =,333 in damage to a !rotectedcom!uter &efore the defendant can &e !rosecuted* "343(a)(E)7(=)*

3 1$"$

4++ense

r*hibited %*ndct Ath*ri&ati*n and

Access 5e6irement

7a8imm

enalt

(a)(1)

@&taining national securit%

information

nowing accesswithout authori6ation

or &% e0ceedingauthori6ed access

"3 %ears for firsttime offenders-

23 %ears forre!eat offenders

(a)()

@&taining informationfrom a !rotected com!uter

+ntentional accesswithout authori6ation


"7= %ears for firsttime offenders-

"3 %ears forre!eat offenders

(a)(")/res!assing in a

go'ernment com!uter+ntentional access

without authori6ation



(a)(')

ccessing a !rotectedcom!uter with the intent todefraud, where the o&8ect

of the fraud is worth atleast =333

nowing accesswithout authori6ation


= %ears for firsttime offenders-


(a)(/)(i)

+ntentionall% transmitting a!rogram, information,

code, or command which

nowing access* "3 %ears for firsttime offenders-

23 %ears for

E:

8/12/2019 Cyber Crime 1203

50/70

causes at least =333 indamage to a !rotected

com!uter(s)*re!eat offenders

(a)(/)(ii)

1eclessl% transmitting a!rogram, information,

code, or command whichcauses at least =333 indamage to a !rotected

com!uter(s)*


= %ears for first

time offenders-23 %ears for

re!eat offenders

(a)(/)(iii)

/ransmitting a !rogram,information, code, or

command which causes atleast =333 in damage to a!rotected com!uter(s)* (no

mens rea reuirement)




(a)()

/rafficing in a !asswordor similar information &%

which a !rotectedcom!uter can &e accessed

without authori6ation

nowingl% and withintent to defraud



(a)(#)

/hreatening to damage acom!uter to e0tortsomething of 'alue

None

= %ears for firsttime offenders-


*epresentative C 69 Prosecutions

C 69=a>=8>: The%t o% trade secrets %ro insider eployees o&taining trade

secrets and e-ailing secrets to copetitor +n Shurgard Storage 2trDs v Sa%eguard Sel%Storage! "nc, the !laintiff and defendant com!anies were com!etitors in the self7storage&usiness* See Shurgard Storage 2trDs v Sa%eguard Sel% Storage! "nc, "": F*5u!!*2d""2", ""22724 (W*>*Wash* 2333)* fter &eing a!!roached &% the defendant, one of the!laintiffHs em!lo%ees e7mailed the !laintiff com!an%Hs confidential &usiness !lans,e0!ansion !lans, and other trade secrets to the defendant* "dat ""24* >efending againsta ci'il "343(a)(2)(C) charge for im!ro!erl% o&taining information, the defendant arguedthat the !laintiffHs em!lo%ees had authori6ed access to the trade secrets on the !laintiffHscom!uters, and so the charge should fail* See idat ""2E* /he court disagreed, drawing

on the 1estatement (5econd) of genc% ""2 (":=M) to rule that the authorit% of the!laintiffHs em!lo%ees ended when the% &ecame the defendantHs agents* @nce anem!lo%ee &ecomes an agent of another com!an%, the em!lo%eeHs access of hisem!lo%erHs com!uters is without authori6ation for the !ur!oses of "343(a)(2)(C)* "dat""2=*

CC 69=a>=8>! =a>=E>! and =a>=@>: The%t o% trade secrets %ro pu&lic data&ases

using scraping so%tware and ro&ots When does authori6ation to access a !u&lic data&ase

=3

8/12/2019 Cyber Crime 1203

51/70

&ecoming criminall% unauthori6ed access for !ur!oses of "343 +n*egisterco! "nc v+erio! "nc, erio used search ro&ots to cull 1egisterHs online customer data&ase for massmareting !ur!oses* See *egisterco! "nc v +erio! "nc, "2A F*5u!!*2d 24M, 2E4(5*>*N*Y* 2333)* /he court noted that &ecause 1egister o&8ected to erioHs use of searchro&ots, the use of search ro&ots constituted unauthori6ed access for the !ur!oses of

sections "343(a)(2)(C) and (a)(=)(C)* "d at 2="* .nauthori6ed access was alsoesta&lished &ecause 1egister had e0!licitl% !rohi&ited access to its data&ase for massmareting !ur!oses in its terms of use* "dat 2=4* +n short, the court reasoned that accesscan &e unauthori6ed either &ecause of the waythe defendant accesses the information, or&ecause of the defendantHs !rohi&itedpurposein accessing the information*

C 69=a>=9>: ;overnent eployeesD lia&ility %or accessing a governent

coputer without authori=E>:;overnent eployee e0ceeding authori*Conn 233")* +'ano' then contacted thecom!an% and threatened to damage the com!an%Hs com!uters unless he was !aid"3,333* See id at 4A:* Prosecutors charged +'ano' with a "343 (a)(E) 'iolation foraccessing a com!uter without authori6ation with the intent to defraud and a "343 (a)(#)

="

8/12/2019 Cyber Crime 1203

52/70

'iolation for threatening to cause damage to a !rotected com!uter with intent to e0tortsomething of 'alue* See idat 4#3* >iscussing the reuirements of a (a)(E) charge, thecourt found that +'ano'Hs access was unauthori6ed and that he had o&tained something of'alue K the credit card num&ers* See id at 4#"7#2* +f +'ano' had merel% 'iewed theinformation and not taen the credit card num&ers, howe'er, he !ro&a&l% would not ha'e

o&tained something of 'alue and the (a)(E) charge would ha'e &een dismissed* 2% supradiscussion of 2rewHs con'iction, holding that the statuteHs unam&iguous language clearl% criminali6ed>rewHs conduct* See id /wo ci'il cases &rought &% merica @nline against unsolicited&ul e7mailers ha'e also held that sending large uantities of e7mails ma% constituteaccess without authori6ation* See Aerica 7nline! "nc v (2;M! "nc, EA F*5u!!*2dEEE, E=" (9*>*a* "::M) (holding that "343(a)(=) reuirement of access withoutauthori6ation satisfied &ecause defendant &ul e7mailer 'iolated !laintiff +5PHs /erms of5er'ice in har'esting +5P customersH e7mail addresses and sending &ul e7mails to thosecustomers)- c% Aerica 7nline! "nc v atDl ,ealth 2are $iscount! "nc, "#E F*5u!!*2dM:3, M:: (N*>* +owa 233") (court more eui'ocal on whether defendantHs sending &ul e7mails to !laintiff +5PHs customers in 'iolation of +5PHs /erms of 5er'ice was sufficientfor "343(a)(=) access without authori6ation, &ut ultimatel% ruled in fa'or of +5P)*

=2

8/12/2019 Cyber Crime 1203

53/70

C 69=a>=@>: GTie &o&sH and so%tware that daages a coputer time&om& refers to a disa&ling code that which maes a software !rogram ino!era&le at a!re7set time or date* +n the ci'il case of orth Te0 Preventive "aging! ((2 vIisen&erg M$, the defendant software manufacturer and !laintiff medical diagnosticscom!an% had a dis!ute a&out the e0tension of a software licensing agreement* See orth

Te0 Preventive "aging! ((2 v Iisen&erg M$ , "::A WL "4=:2"2 at G"7E (C*>* Cal*ug* ":, "::A)* /he software manufacturer sent an u!date flo!!% dis to the medicalcom!an% secretl% containing a time &om& to disa&le the software after a certain date,which the com!an% unwittingl% installed* See idat G2* When the com!an% found thetime &om&, the% sued the software manufacturer under "343(a)(=), claiming that the time&om& had accessed their com!uters without authori6ation and damaged their com!uters*See idat G4* /he uestion of authori6ation was contentious &ecause the !laintiffHs ownem!lo%ees had installed the defendantHs time &om&, so the defendant had not directl%accessed the !laintiffHs com!uters without authori6ation* See id at G=* >rawing on"343?s legislati'e histor%, howe'er, the court found that "343 !ro&a&l% criminali6ed theuse of disa&ling codes which were not s!ecified in a lawful licensing agreement or which

were installed without the nowledge and authori6ation of the affected com!uterHs owner*See id* Whether the use of a time &om& was illegal thus reuired a case7&%7case anal%sisof the defendantHs intent, the t%!e of com!uter in'ol'ed, and the magnitude of theresulting harm* "d ccordingl%, the court denied the defendantHs motion to dismiss the!laintiffHs "343 claim* See idat G:*

class action suit &% merica @nline consumers and com!etitor +5Ps &roughtsuit on a ci'il "343(a)(=) claim against @L, claiming that @LHs software was defecti'eand had damaged their com!uters &% interfering with an% non7@L communications andsoftware ser'ices* "n re Aerica 7nline "nc +ersion @ So%tware (itigation, "AMF*5u!!*2d "4=:, "4AE7A= (5*>* Fla* 233")* @L argued that its access to the consumersHcom!uters was not without authori6ation, &ecause the consumers had e0!ressl%authori6ed the installation of @L =*3 on their com!uters* "dat "4AM* @L contendedthat at most it had e0ceeded authori6ed access &% distri&uting defecti'e software, whichwas less than the unauthori6ed access reuired &% "343(a)(=)* "dat "4AM7A:* /he courtagreed with @L and found that Congress had deli&eratel% e0cluded e0ceeded authori6edaccess in articulating the act reuirement for "343(a)(=)* See id at "4A:7#2* >rawing on"343?s legislati'e histor%, howe'er, the court allowed the !laintiffHs "343 claims to goforward on the grounds that "343 co'ers an%one who intentionall% damages a com!uter,regardless o% whether they were an outsider or an insider otherwise authori

8/12/2019 Cyber Crime 1203

54/70

"M .*5*C* "343(g) (2332)* 5o while consumers ma% now sue authori6ed com!anieswhich cause unauthori6ed damage to their com!uters, the% cannot &ring actions for thenegligent design of software that damages their com!uter* ore case law is needed toresol'e the tension &etween these two !ro'isions*

:. %hild *rn*gra;h

O/o &e su!!lied*

=E

8/12/2019 Cyber Crime 1203

55/70

oroth% >enning of Ieorgetown .ni'ersit%

What is C%&erterrorism

C%&erterrorism is the con'ergence of c%&ers!ace and terrorism* +t refers to unlawfulattacs and threats of attac against com!uters, networs, and the information storedtherein when done to intimidate or coerce a go'ernment or its !eo!le in furtherance of!olitical or social o&8ecti'es* Further, to ualif% as c%&erterrorism, an attac should resultin 'iolence against !ersons or !ro!ert%, or at least cause enough harm to generate fear*ttacs that lead to death or &odil% in8ur%, e0!losions, or se'ere economic loss would &ee0am!les* 5erious attacs against critical infrastructures could &e acts of c%&erterrorism,de!ending on their im!act* ttacs that disru!t nonessential ser'ices or that are mainl% a

costl% nuisance would not*

Numerous scenarios ha'e &een suggested* +n one, a c%&erterrorist attacs the com!uters%stems that control a large regional !ower grid* Power is lost for a sustained !eriod oftime and !eo!le die* +n another, the c%&erterrorist &reas into an air traffic controls%stem and tam!ers with the s%stem* /wo large ci'ilian aircraft collide* +n a third, thec%&erterrorist disru!ts &ans, international financial transactions, and stoc e0changes*9conomic s%stems grind to a halt, the !u&lic loses confidence, and desta&ili6ation isachie'ed* While none of these or similar scenarios has !la%ed out, man% &elie'e it is nota uestion of if &ut when*

/errorists in C%&ers!ace

/errorists ha'e mo'ed into c%&ers!ace to facilitate traditional forms of terrorism such as&om&ings* /he% use the +nternet to communicate, coordinate e'ents, and ad'ance theiragenda* While such acti'it% does not constitute c%&erterrorism in the strict sense, it doesshow that terrorists ha'e some com!etenc% using the new information technologies*

B% "::A, the headuarters of terrorist financier @sama &in Laden in fghanistan waseui!!ed with com!uters and communications eui!ment* 9g%!tian fghan com!utere0!erts were said to ha'e hel!ed de'ise a communication networ that used the We&, e7mail, and electronic &ulletin &oards* ;amas acti'ists ha'e &een said to use chat roomsand e7mail to !lan o!erations and coordinate acti'ities, maing it difficult for +sraelisecurit% officials to trace their messages and decode their contents* /he 1e'olutionar%rmed Forces of Colum&ia (F1C) uses e7mail to field inuiries from the !ress*

/he We& is es!eciall% !o!ular as a medium for reaching a glo&al audience* For e0am!le,after the Peru'ian terrorist grou! /u!ac maru stormed the Ja!anese m&assadorHsresidence in Lima on >ecem&er "#, "::A and too E33 di!lomatic, !olitical, and militar%

==

8/12/2019 Cyber Crime 1203

56/70

officials as hostage, s%m!athi6ers in the .nited 5tates and Canada !ut u! solidarit% We&sites* @ne site included detailed drawings of the residence and !lanned assault*

+n Fe&ruar% "::M, ;i6&ullah was o!erating three We& sites$ one for the central !ressoffice (www*hi6&ollah*org), another to descri&e its attacs on +sraeli targets

(www*moawama*org), and the third for news and information (www*almanar*com*l&)*/hat month, Clar 5taten, e0ecuti'e director of the 9mergenc% 1es!onse Q 1esearch+nstitute (911+) in Chicago, testified &efore a .*5* 5enate su&committee that e'en smallterrorist grou!s are now using the +nternet to &roadcast their message andmisdirectDmisinform the general !o!ulation in multi!le nations simultaneousl%* ;e ga'ethe su&committee co!ies of &oth domestic and international messages containing anti7merican and anti7+sraeli !ro!aganda and threats, including a widel% distri&utede0tremist call for 8ihad (hol% war) against merica and Ireat Britain*

+n June "::M, US ews 5 4orld *eportnoted that "2 of the 43 grou!s on the .*5* 5tate>e!artmentHs list of terrorist organi6ations are on the We&* Now, it a!!ears that 'irtuall%

e'er% terrorist grou! is on the We&* Forcing them off the We& is im!ossi&le, &ecausethe% can set u! their sites in countries with free7s!eech laws* /he go'ernment of 5riLana, for e0am!le, &anned the se!aratist Li&eration /igers of /amil 9elam, &ut the%ha'e not e'en attem!ted to tae down their London7&ased We& site* G G G

an% terrorists are using encr%!tion to conceal their communications and stored files,com!ounding the difficulties of !ro'iding effecti'e counter7terrorism* ;amas, fore0am!le, re!ortedl% has used encr%!ted +nternet communications to transmit ma!s,!ictures, and other details !ertaining to terrorist attacs* 1amse% Yousef, a mem&er of theinternational terrorist grou! res!onsi&le for &om&ing the World /rade Center in "::E anda anila ir airliner in late "::=, encr%!ted files on his la!to! com!uter* /he files,which .*5* go'ernment officials decr%!ted, contained information !ertaining to further!lans to &low u! ele'en .*5*7owned commercial airliners in the Far 9ast* /he um5hinri%o cult, which gassed the /o%o su&wa% in arch "::=, illing "2 !eo!le andin8uring A,333 more, also used encr%!tion to !rotect their com!uteri6ed records, whichincluded !lans and intentions to de!lo% wea!ons of mass destruction in Ja!an and the.nited 5tates*

C%&ers!ace ttacs

G G G Io'ernments are !articularl% concerned with terrorist and state7s!onsored attacsagainst the critical infrastructures that constitute their national life su!!ort s%stems* /heClinton dministration defined eight$ telecommunications, &aning and finance,electrical !ower, oil and gas distri&ution and storage, water su!!l%, trans!ortation,emergenc% ser'ices, and go'ernment ser'ices*

/here ha'e &een numerous attacs against these infrastructures* ;acers ha'e in'adedthe !u&lic !hone networs, com!romising nearl% e'er% categor% of acti'it%, includingswitching and o!erations, administration, maintenance, and !ro'isioning (@QP)*/he% ha'e crashed or disru!ted signal transfer !oints, traffic switches, @QP s%stems,

=A

8/12/2019 Cyber Crime 1203

57/70

and other networ elements* /he% ha'e !lanted time &om& !rograms designed to shutdown ma8or switching hu&s, disru!ted emergenc% :"" ser'ices throughout the easternsea&oard, and &oasted that the% ha'e the ca!a&ilit% to &ring down all switches inanhattan* /he% ha'e installed wireta!s, rerouted !hone calls, changed the greetings on'oice mail s%stems, taen o'er 'oice mail&o0es, and made free long7distance calls at

their 'ictimsH e0!ense 77 sticing some 'ictims with !hone &ills in the hundreds ofthousands of dollars* When the% canHt crac the technolog%, the% use socialengineering to con em!lo%ees into gi'ing them access*

+n arch "::#, one teenage hacer !enetrated and disa&led a tele!hone com!an%com!uter that ser'iced the Worcester ir!ort in assachusetts* s a result, tele!honeser'ice to the Federal 'iation dministration control tower, the air!ort fire de!artment,air!ort securit%, the weather ser'ice, and 'arious !ri'ate airfreight com!anies was cut offfor si0 hours* Later in the da%, the 8u'enile disa&led another tele!hone com!an%com!uter, this time causing an outage in the 1utland area* /he lost ser'ice causedfinancial damages and threatened !u&lic health and !u&lic safet%* @n a se!arate

occasion, the hacer allegedl% &roe into a !harmacistHs com!uter and accessed filescontaining !rescri!tions*

Bans and financial s%stems are a !o!ular target of c%&er criminals* /he usual moti'e ismone%, and !er!etrators ha'e stolen or attem!ted to steal tens of millions of dollars* +none case of sa&otage, a com!uter o!erator at 1euters in ;ong ong tam!ered with thedealing room s%stems of fi'e of the com!an%Hs &an clients* +n No'em&er "::A, he!rogrammed the s%stems to delete e% o!erating s%stem files after a dela% long enough toallow him to lea'e the &uilding* When the time &om&s e0!loded, the s%stems crashed*/he% were !artiall% restored &% the ne0t morning, &ut it too another da% &efore the%were full% o!erational* ;owe'er, the &ans said the tam!ering did not significantl%affect trading and that neither the% nor their clients e0!erienced losses*

+n another act of sa&otage against a critical infrastructure, a fired em!lo%ee of Che'ronHsemergenc% alert networ disa&led the firmHs alert s%stem &% hacing into com!uters inNew Yor and 5an Jose, California, and reconfiguring them so the%Hd crash* /he'andalism was not disco'ered until an emergenc% arose at the Che'ron refiner% in1ichmond, California, and the s%stem could not &e used to notif% the ad8acent communit%of a no0ious release* >uring the "37hour !eriod in "::2 when the s%stem was down,thousands of !eo!le in 22 states and A uns!ecified areas of Canada were !ut at ris*

n o'erflow of raw sewage on the 5unshine Coast of ustralia in June was lined to aE:7%ear7old Bris&ane man, who allegedl% !enetrated the arooch% 5hire CouncilHscom!uter s%stem and used radio transmissions to create the o'erflows* /he man faced4#3 charges that included stealing, com!uter hacing, and use radio communicationseui!ment without authorit%*

Io'ernment com!uters, !articularl% >e!artment of >efense com!uters, are a regulartarget of attac* >etected attacs against unclassified >o> com!uters rose from #M3 in"::# to =,MEE in "::M and 22,"EE in ":::* G G G

=#

8/12/2019 Cyber Crime 1203

58/70

Politicall% and 5ociall% oti'ated C%&erattacs

O/here are a few indications that some terrorist grou!s are !ursuing c%&erterrorism,either alone or in con8unction with acts of !h%sical 'iolence* +n Fe&ruar% "::M, Clar5taten told the 5enate Jud

Cyber Crime 1203

Documents

Transcript of Cyber Crime 1203