Cyber Crime

The Internet is a worldwide electronic computer network that connects people and information. It has changed the way Americans communicate, purchase goods and services, educate, and entertain themselves. Possibilities for Internet use seem unlimited. Communication anywhere in the world takes only seconds with electronic mail, or email. Pictures and sound files are easily sent by email. People in areas far from cities can buy as many goods off the Internet as are available in shopping malls. Those who live far from colleges can take courses through the Internet or do research without going to a library. Searching databases such as encyclopedias or directories takes only minutes. News is available online almost as soon as it happens.

Anyone can set up a Web site and post information for the whole world to see. The Internet has also become a major way for companies and the government to conduct business and provide information. By 2004 a serious disruption of computer systems in either a business or government agency can virtually stop all transactions until the problem is corrected. In 1998 65 million Americans at work and at home used the Internet. This figure grew to 149 million by 2001 and 530 million worldwide. With the number of Internet users expected to keep climbing, the prospects for electronic commerce (buying and selling of goods) looked bright as sales topped $56 billion by U.S. firms in 2003.

Criminalizing the Internet

While there are many benefits from the Internet, it has also become a powerful tool in the hands of those wishing to engage in criminal activities. Each time an advance in technology becomes available to the public—the telegraph, telephone, automobile, airplane, or the Internet—criminal opportunities increase as well. The Internet provides worldwide, rapid, inexpensive connections, and can be used without revealing one's identity.

Internet crime is also referred to as cyber crime. Existing federal laws that apply to criminal activities committed by traditional means apply to those same activities committed with use of the Internet. For example, existing federal laws for identity theft, credit card theft, securities fraud, and gambling apply to both online and offline activities. Internet crime, however, presents major challenges to law enforcement agencies. Internet criminals not only can hide their identities but can use numerous Internet pathways to make tracking their activities very difficult.

Collecting evidence and prosecuting a cyber criminal requires highly skilled computer sleuths, who must be well equipped and trained. Cooperation is essential between local, state, federal, and international officials since Internet communication moves across many traditional law enforcement regions or geographic areas. The speed of an investigation is also very important since tracing anonymous emails that contain threats of violence can save innocent lives. At the beginning of the twenty-first century, the U.S. government made keeping the Internet safe and secure a top priority.

Computers as targets or criminal tools

Computers can be the target of a criminal activity, a storage place for data about a criminal activity and/or the actual tool used to commit a crime (planning criminal activity). One of the most publicized crimes targeting computers involves unleashing a virus through email. A virus is a computer program that disrupts or destroys existing computer systems. A virus spreads rapidly around the world destroying computer files and costing companies and individuals millions in downtime (time when the computers or networks are shutdown). Most viruses are released by hackers as pranks. A hacker is someone who gains unauthorized access to a specific system. Sometimes hackers may target law enforcement or military computers and read or copy sensitive (secret or private) information. Some are concerned that terrorists will unleash viruses to cripple computer systems that control vital transportation networks.

Computers are also targets for thieves to steal important information. Theft of information takes many forms. A frequent hacking crime involves accessing databanks where credit card numbers are stored. The hacker then uses the credit card numbers for purchases or to charge fake services. Hackers also commit theft-of-service crimes, like accessing telephone equipment systems to get free long distance calling.

Some individuals hack into systems to obtain specific information about another person. Medical records or credit history are favored targets. Using the stolen information, a hacker may attempt to extort or threaten the victim with the release of the information. To keep information quiet the hacker demands a monetary payment.

Another common offense involves illegally using copyrighted materials. A copyright gives an author or publisher the sole right to publish, sell, or distribute original material like computer software programs. Copyrighted material is copied from the computer then offered for sale at a low price to anyone willing to pay. Yet another crime targeting computers is known as "denial of service" or in computer language, "mailbombing." Mailbombing was on the increase in the early 2000s and occurs when a targeted site is flooded with massive amounts of email so the site becomes overloaded and crashes. Popular Web sites such as Yahoo.com, eBay.com, and Amazon.com have all been victims.

The second general type of criminal computer use is the storage of unlawfully obtained data such as stolen credit card numbers. Names and addresses of illegal drug purchasers, pornographic files, and stolen information from corporations are just a few examples of the many types of information stored in computers that involve criminal activities. Even if an offender has deleted his illegal computer files, a trained law enforcement computer expert can usually still obtain the deleted information.

The third general way a computer is used in cyber crime is as a tool used to plan or commit an offense. Most any kind of unlawful act can be planned by way of email. Internet criminal activities include fraud, online child pornography, sale of prescription drugs and controlled substances, sale of firearms, gambling, securities (stocks and bonds) fraud, and stealing or copying software and intellectual property.

Page-Jacking

Page-jacking is another cyber crime that came into common use in the late 1990s and early twenty-first century. Page-jacking involves using the same key words or Web site descriptions of a legitimate site on a fake site. Search engines like Yahoo or Dogpile use these words to categorize and display sites on a specific topic requested by online users. When users type key words into a search engine, the legitimate site appears on a list along with the bogus site. If users click on the bogus site, they are frequently led to a pornographic site. To make matters worse, when users try to close the window or use the "back" or "forward" keys, they are sent to another pornographic site. Users are "trapped," which is why this kind of online rigging is called "mouse-trapping." Users usually have to crash their computers to get out of the page-jacked sites.

Internet fraud

The electronic marketplace allows consumers to purchase a wide variety of goods without ever leaving their homes. Just about anything available in stores is available online. The e-market allows businesses, at low or no cost, to reach consumers worldwide. By the early 2000s people with Internet access were becoming more and more comfortable purchasing items online. At first, many online customers were afraid to give out their name, address, telephone number, email address, and a credit card number to the Internet seller.

As the number of Internet transactions increased, the Federal Trade Commission (FTC), which is in charge of recording consumer complaints, received complaints of fraud. Fraud is the intentional deception of a person or group for the purpose of stealing property or money. Internet fraud includes any scheme using Web sites, chat rooms, and email to offer nonexistent goods and services to consumers or to communicate false information to consumers. Customers then pay for the fraudulent goods over the Internet with their credit cards. Internet fraud involves a wide variety of schemes limited only by the imagination and creativity of a seller intent on deceiving a buyer. Bogus products such as magnets for pain therapy and weight loss products can be purchased over the Internet.

Online auction fraud is one of the most common complaints received by the FTC. Online auction schemes get thousands of consumers to bid on items, then notifies them that they have the winning bid and should send their money to the seller. The item they bid on and paid for never arrives.

Identity theft has also become a growing concern for Americans as more and more give out their credit card numbers to purchase items from the Internet. There are frequent news reports about people falling prey to online identity theft. Electronic thieves, or e-thieves, access an individual's personal information including credit card numbers. The e-thief then uses the stolen card numbers for services or purchases. Valid credit card holders are responsible for only $50 of unauthorized charges, so the merchant or company selling the products or services becomes the victim.

Online child pornography

Child pornography, images of children involved in sexual activities, is traded on the Internet around the clock. Child pornographers use the Internet's ease of distribution to sell their material to pedophiles (adults who are sexually attracted to children). In addition to purchasing child pornography, pedophiles also visit online chat rooms hoping to lure children into situations for sex. Luring or tricking a minor into sexual activity is prohibited. For example, chatting with a fifteen-year-old girl over the Internet, then suggesting a meeting is illegal conduct. Traveling to a minor's home to engage in sex after meeting by way of Internet chat rooms is also criminal activity that will be prosecuted.

The U.S. Department of Justice prosecuted an increasing number of people for Internet child pornography. The existing federal laws against child pornography are extensive and apply to all kinds of child pornography and the luring of minors (persons under the age of eighteen) online and offline. They prohibit the production, interstate transportation, receiving or distribution of visual images of a minor engaged in sexual conduct, and luring a minor into sexual encounters.

During a child pornography investigation, the FBI, the Criminal Division of the Department of Justice, and the U.S. Attorney General's Office have authority to gain access to subscriber information from an Internet service provider (ISP), such as America Online (AOL), MSN, or Hotmail. If an ISP becomes aware of violations, they must report them to the National Center for Missing and Exploited Children, who then notifies federal law enforcement agencies.

The biggest challenge to law enforcement in child pornography cases is the anonymous nature of Internet communication. The offenses also occur at high speeds across the entire nation crossing many law enforcement jurisdictions. Generally seller and buyer are in different states or could be anywhere worldwide. As in other Internet criminal activities, the coordination between state, local, and federal law enforcement officials is essential.

Sale of prescription drugs and controlled substances

The Internet is used to sell legal prescription drugs and controlled substances such as various narcotic painkillers or steroids used in bodybuilding. Increasingly, dealers of illegal drugs or controlled chemicals such as steroids that only a licensed pharmacy may dispense are using the Internet for their transactions. Three types of online pharmacies exist on the Internet:

1. Legitimate online pharmacies—they operate in a traditional manner by requiring a valid prescription from a licensed physician. These pharmacies employ state licensed pharmacists.
2. Diagnose and prescribe pharmacies—they ask customers to fill out online medical questionnaires and prescribe medications based on the questionnaire.
3. Illegitimate pharmacies—they allow customers to purchase prescription drugs without any prescriptions at all.

The first type of online pharmacy legally dispenses drugs. Various forms of criminal intent may possibly exist in the second and third types. Consumers may not be able to confirm whether or not the pharmacy is legitimate. Some of these pharmacies are scams, taking customer names and credit card numbers but never sending any products. Some dispense mislabeled, diluted (watered down), or fake drugs.

The Federal Food, Drug, and Cosmetic Act (FDCA) prohibits the manufacture and distribution of mislabeled or altered drugs. Keeping Americans safe from fraudulent online pharmacies is a challenge to law enforcement since both federal and state officials have jurisdiction over the sale of prescription drugs. In addition to federal laws, each state has its own set of laws and legal requirements for prescription drug sales. Online pharmacies sell in all states but what may be legal in one state may not be legal in another. Further complicating an already complicated situation, many pharmacy Web sites are based outside the United States and offer drugs, both legal and illegal, to customers living in the United States.

Online sale of firearms

The Gun Control Act of 1968 requires whoever imports, manufactures, or deals in firearms to obtain a federal firearms license. The Brady Act of 1993 requires all federal firearms licensees (FFLs) who sell firearms to perform background checks on customers and maintain careful records of gun sales. A criminal, fugitive from the law, or drug addict would not pass the background check. Under the Brady Act, the U.S. government estimates 400,000 such individuals have been turned down for gun purchase since 1993.

The Internet provides an easy alternative to a gun store for acquiring a firearm. Unlicensed dealers, however, may advertise and sell guns over the Internet without keeping records. Anyone willing to pay can obtain a gun online without a background check. If the gun is later used to commit a crime, it usually cannot be traced to the purchaser—who is most likely the offender or directly associated with the offender.

A violation of the Gun Control Act occurs when a gun offered online is sold to an individual in another state from where the online advertisement originates. The act prohibits selling a handgun to a resident of another state. Shipping across state lines is also banned. Yet guns for sale online reach people across the country. Online state to state sales and shipping occurs continuously in violation of federal law.

Online gambling

Federal law prohibits individuals from betting on sports or gambling contests using a "wire communication facility," which includes the Internet. Yet the Internet allows immediate and anonymous communication that makes it difficult to trace gambling activity. Internet sites can be altered or removed in a matter of minutes. For these reasons organized crime operates Internet gambling sites.

Online Encryption

Encryption is the use of secret codes that can be translated into meaningful communications only by authorized persons who have knowledge of the code. Encryption has been studied and employed for decades by governments and militaries. For example, a primary function of U.S. intelligence agencies during World War II (1939–45; war in which Great Britain, France, the Soviet Union, the United States, and their allied forces defeated Germany, Italy, and Japan) involved deciphering German military codes that had information about the movements and missions of German submarines.

The Internet has opened up new uses for encryption, many of which are designed to deter online criminal activity. Companies add encryption into important files like trade secrets. If a hacker gets into their network, the files will be meaningless to him. Companies can encrypt important data such as credit card numbers to protect their customers. This tactic is being used on an increasing basis to reduce Internet fraud and identity theft.

Just as encryption is beneficial to Internet users, its features attract cyber criminals. Cyber criminals encrypt communication and the stored files of their activities. Law enforcement agencies cannot usually obtain wiretaps for a criminal's phone, so encryption often keeps the secrets of cyber criminals safe. Public safety is at risk when criminals including terrorists encrypt communication. Should a code be broken by a law enforcement agency, the criminal can easily and quickly switch to another coding system. In 2004 U.S. law enforcement agencies, including the FBI, constantly asked Congress to designate more and more money for technology to fight cyber criminal encryption.

Operators alter gambling software to be in their favor so the customer always loses. Unlike real casinos that are highly regulated, Internet gambling is unregulated and dangerous. Individuals gambling on the Internet risk providing credit card numbers and money to criminal gambling operators. Further, minors can gamble on the sites since the Internet is unaware of the age of its users. All a minor needs is access to a credit card number. Internet gambling also lures compulsive gamblers who may suffer devastating financial losses.

Internet securities fraud

Investors consider the Internet a primary tool for researching and trading securities. Securities are stocks and bonds, both financial investments. The number of individuals opening online investment accounts increases every year. With a few mouse clicks investors can gather a great deal of information about a company's stock and decide what to buy and sell. Online they can buy or sell quickly and cheaply.

The same benefits investors enjoy can be used by those intent on committing securities fraud. Easy access, speed, and operating anonymously all create a favorable atmosphere for securities fraud. Law enforcement must deal with three basic types of security fraud:

1. Market manipulation—the most common fraud scheme, involves creating fake or misleading information on a particular stock to run the price up. For example, the owner of a lower priced stock puts fake highly positive announcements about the stock in online newsletters, message boards, and other Internet securities information sites. Investors read this information and begin buying the stock, which in turn makes its price go up rapidly. The owner who made up the phony information sells his stock as soon as the price goes up and makes a large profit. The information is discovered to be false, the stock price falls, and everyone who bought the stock loses money. This scheme is referred to as "pump and dump."
2. Bogus stock—this involves offering stock that does not really exist. For example an unregistered criminal stock dealer may offer phony stock in eel farms in Oregon, pineapple plantations in Hawaii, or most anything else the dealer imaginatively creates. To hundreds of people cruising the Internet looking for investments, they invest their money only to lose it all. The bogus dealer deposits the money in a foreign bank account and leaves the country.
3. Touting—this occurs when a certain individual or group, often a stock investment advisor known and trusted in the investment community, is paid to "tout," or highly recommend, a particular stock as an excellent investment. The touters, however, do not reveal that they are being paid to tout the stock. Investors think they are receiving honest information when in fact they are victims of a scheme called "bought and paid for," meaning the advisor was paid to put out the positive information resulting in an increase or run-up of the stock price.

The Securities and Exchange Commission (SEC) is charged with overseeing stock transactions and brings criminal charges against violators. The Securities Act of 1933 and Securities Exchange Act of 1934 are the primary laws governing securities fraud. Federal laws also require anyone acting as a stockbroker or dealer, either online or offline, to register with the SEC. The biggest challenge for the SEC is keeping up with rapid growth of the Internet. SEC staff investigators find it difficult to keep pace with the many securities scams that originate not only in the United States but from anywhere in the world. Many Internet fraud criminals target U.S. investors without ever coming into the United States.

Intellectual property theft

Intellectual property (IP) theft is defined as theft of material that is copyrighted, the theft of trade secrets, and trademark violations. A copyright is the legal right of an author, publisher, composer, or other person who creates a work to exclusively print, publish, distribute, or perform the work in public. The United States leads the world in the creation and selling of IP products to buyers nationwide and internationally. Examples of copyrighted material commonly stolen online are computer software, recorded music, movies, and electronic games.

Theft of trade secrets means the theft of ideas, plans, methods, technologies, or any sensitive information from all types of industries including manufacturers, financial service institutions, and the computer industry. Trade secrets are plans for a higher speed computer, designs for a highly fuel-efficient car, a company's manufacturing procedures, or the recipe for a popular salad dressing, cookie mix, or barbeque sauce. These secrets are owned by the company and give it a competitive edge. Theft of trade secrets damages the competitive edge and therefore the economic base of a business.

A trademark is the registered name or identifying symbol of a product that can be used only by the product's owner. A trademark violation involves counterfeiting or copying brand name products such as well-known types of shoes, clothing, and electronics equipment and selling them as the genuine or original product.

The two forms of IP most frequently involved in cyber crime are copyrighted material and trade secrets. Piracy is a term used to describe IP theft—piracy of software, piracy of music, etc. Theft of IP affects the entire U.S. economy. Billions of dollars are lost every year to IP pirates. For example, thieves sell pirated computer software for games or programs to millions of Internet users. The company that actually produced the real product loses these sales and royalties rightfully due to the original creator.

Historically, when there were no computers, IP crimes involved a lot of time and labor. Movie or music tapes had to be copied, physically produced, and transported for sale. An individual had to make the sale in person. To steal a trade secret, actual paper plans, files, or blueprints would have to be physically taken from a company's building and likewise sold in person.

In the twenty-first century software, music, and trade secret pirates operate through the Internet. Anything that can be digitized—reduced to a series of zeroes and ones—can be transmitted rapidly from one computer to another. There is no reduction of quality in second, third, or fourth generation copies. Pirated digital copies of copyrighted work transmitted over the Internet are known as "warez." Warez groups are responsible for illegally copying and distributing hundreds of millions of dollars of copyrighted material.

Pirated trade secrets are sold to other companies or illegal groups. Trade secrets no longer have to be physically stolen from a company. Instead, corporate plans and secrets are downloaded by pirates onto a computer disc. The stolen information can be transmitted worldwide in minutes. Trade secret pirates find pathways into a company's computer systems and download the items to be copied. Companies keep almost everything in their computer files. Pirated copies are sold over the Internet to customers who provide their credit card numbers then download the copy.

Cyberstalking

Cyberstalking is use of the Internet and email to "stalk" another individual. The crime of stalking has existed for decades; stalking refers to repeated harassment of someone where the stalker acts in a threatening behavior toward the victim. Threatening behaviors include following the victim, appearing at the victim's place of work or near his or her home, then making eye contact so the victim knows someone is following, and leaving threatening messages on paper or the telephone. Stalking leaves its victims fearful of bodily harm or death.

The use of the Internet provides easy pathways for stalking. In 2000 the Working Group on Unlawful Conduct Involving the Use of the Internet, an agency appointed by President Bill Clinton (1946–; served 1993–2001) reported on a recent example of Internet stalking: a fifty-year-old security guard used the Internet to stalk a woman who had rejected his sexual advances. He retaliated to her rejection by posting her personal details to the Internet. These included her physical description, address and telephone number, and even included details about how one could bypass her home security system. As a result of the posted message, at least six men came to her house and knocked on her door. The security guard was arrested, pled guilty, and sentenced to prison for Internet stalking.

Intellectual property pirates use the computer to steal vast amounts of copyrighted material and cause severe damage to the victimized companies. IP pirates never have to make sales in person or travel, their costs are minimal, and profits are huge. Internet pirates target the online shoppers who look for discounted, but legitimate, products. They do so by emails and Internet advertisements that seem to be the real thing. Not just individuals, but companies, educational institutions, and even government agencies have been tricked by IP pirates into buying stolen goods.

Arrest and prosecution of IP crimes is difficult for U.S. law enforcement agencies. U.S. laws combating this new type of crime were only beginning to be written by the early twenty-first century. Very little stops IP pirates, and organized crime groups have become involved as well. The profits they generate from IP crimes finances many other criminal activities such as drug trafficking, illegal gun sales, gambling, and prostitution (see chapter 7, Organized Crime).

Intellectual property pirates also come from many foreign countries such as China, South Korea, Vietnam (Southeast Asia), and Russia. International IP law is practically nonexistent. While offline IP violations can be investigated by the traditional law enforcement tactics such as using undercover agents, cyber IP criminals operate only in cyberspace and can disappear in seconds.

Challenges for law enforcement

As lawful use of the Internet expands, so does cyber crime. Law enforcement agencies must deal with crime unheard of a decade earlier. Online crimes range from chat room threats of violence against a person or property to organized, complicated schemes by those who know their way around cyberspace. While a chat room threat made by someone making no effort to hide their identity is generally easy to trace, highly organized schemes can be nearly impossible to track. Two major challenges to law enforcement include jurisdiction issues and discovering the identity of a cyber criminal.

Jurisdiction

Traditional offline crimes are committed at a particular geographic location by a person with a street address at a precise point in the United States or in another country. Which law enforcement agency investigates the crime is easily determined by jurisdictional or geographical boundaries—city, state, or country. Internet crimes are committed in cyberspace, on worldwide computer linkages. Local, state, national, or international boundaries do not exist for cyber crime.

A phony online pharmacy in New York, for example, might sell prescription drugs to residents in a number of states such as Florida, Alabama, and Georgia. Each state would have to subpoena (call for) records from New York, and New York would have to agree to help each state investigate the scam. One state might refer its case to New York, but if no one was victimized in New York, the case might never be investigated.

Jurisdictional problems are more severe when they involve international cyber crime. A group selling nonexistent items might be based in India or Thailand but targets buyers in the United States. It is possible to route communication through several countries before reaching the United States. State law enforcement agencies would have to get assistance from the Department of Justice's international affairs officers who in turn would contact each foreign country involved. All of this is made more difficult because a criminal's trail ends as soon as he or she disconnects from the Internet.

Identity

Another problem facing cyber investigators is identification of the cyber criminal. Cyberspace is considered an anonymous medium where someone's identity is unknown and cyber criminals can completely hide their real identities. They can change origination sites almost instantaneously or proceed through many sites before targeting a victim. Experienced cyber criminals alter both the source and destination of their communications. Further transmission information may be kept by Internet providers like AOL and MSN for only a short period of time.

Cyber criminals can easily hide their identities; they create false personal information and work on the Internet under many screen names, or aliases. With billions of people using the Internet, it can be nearly impossible to trace a skilled cyber criminal.

In 2004 the FBI and Computer Criminal Intellectual Property Section (CCIPS), both in the Department of Justice, had become the lead law enforcement agencies dealing with cyber crime. The FBI Investigative Programs, Cyber Investigations Unit is charged with protecting the nation from cyber crime. It investigates terrorist activities on the Internet as well as cyber criminals, including sexual predators. The FBI provides training to local, state, and federal law enforcement agencies at its headquarters in Quantico, Virginia, and other locations nationwide.

The CCIPS has a team of about forty lawyers who concentrate on all types of cyber crime. CCIPS prosecutes cases and advises and trains prosecutors and law enforcement agents in combating cyber crime. They also advise on and propose needed legislation to help control cyber crime and coordinate international efforts to deal with computer crime. The CCIPS oversees the National Cybercrime Training Partnership (NCTP), composed of local, state, and federal law enforcement agencies. The NCTP provides education in the latest law enforcement techniques for fighting cyber crime.

The FBI and National White-Collar Crime Center (NW3C) together established the Internet Crime Complaint Center (IC3) to receive, develop, and refer complaints of cyber crime to the proper law enforcement agency. The IC3 receives complaints of all types of cyber criminal activities.

For More Information

Books

Clifford, Ralph D., ed. Cybercrime: The Investigation, Prosecution, and Defense of a Computer-Related Crime. Durham, NC: Carolina Academic Press, 2001.

Sherman, Mark. Introduction to Cyber Crime. Washington, DC: Federal Judicial Center, 2000.

Wallace, Jonathan, and Mark Mangan. Sex, Laws, and Cyberspace. New York: M&T Books, 1996.

Web Sites

Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice.http://www.cybercrime.gov (accessed on August 19, 2004).

"Cyber Education Letter." Investigative Programs: Cyber Investigations.Federal Bureau of Investigation.http://www.fbi.gov/cyberinvest/cyberedletter.htm (accessed on August 19, 2004).

"The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet." U.S. Department of Justice.http://www.usdoj.gov/criminal/cybercrime/unlawful.htm (accessed on August 19, 2004).

Internet Crime Complaint Center.http://www.ic3.gov (accessed on August 19, 2004).

Investigative Programs: Cyber Investigations. Federal Bureau of Investigation.http://www.fbi.gov/cyberinvest/cyberhome.htm (accessed on August 19, 2004).

"Online Child Pornography Innocent Images National Initiative." Investigative Programs: Crimes against Children. Federal Bureau of Investigation.http://www.fbi.gov/hq/cid/cac/innocent.htm (accessed on August 19, 2004).