Computer Crimes and Criminals

Article excerpt

The bank robber Willie Sutton is reported to have said the reason he robbed banks was "that was where the money was." If Willie were in business today, he might very well be committing computer crime rather than robbing banks. While the FBI estimates the average armed robbery to net the robber only $6,600, it speculates that the average size of a computer crime is between $100,000 and $500,000! The total extent of computer crime is unknown, but one estimate places it between $500 million and $5 billion. In addition, computer criminals are frequently not prosecuted because companies often do not want to disclose the extent of their loss or to give other computer criminals ideas.

Computer crime, which can be defined as using special knowledge of computer technology to commit an illegal act, includes the theft of money, damage or theft of data and software, and theft of services. In terms of the purpose of computer crime and the perpetrators, a 1988 survey by the National Center for Computer Crime Data (NCCCD) showed that 36 percent of computer crimes involved financial gain; 20 percent, theft of or damage to data or software; and 34 percent, theft of services. In all categories, the survey showed that about one-third of the perpetrators were employees or ex-employees.

Types of Computer Crime. Computer crimes may be classified into five categories: manipulation or theft of data or assets; direct attack on the computer, software, or data; use of the computer for conducting or planning a crime; deception or intimidation of people using the computer; and unauthorized use of the computer for personal gain. In the first case, the theft of data or assets is probably one of the most publicized types of computer crime. In it the computer is used to perpetrate a fraud so that assets or data may be stolen or data modified. An example of this crime occurred at the Toronto (Canada) Board of Education Credit Union, where an employee altered computer records to conceal a series of personal loans to her boyfriend totaling $7.8 million. The second type of computer crime, direct attack on the computer, software, or data, includes the recent Michelangelo virus scare and the 1988 case in which a Cornell graduate student sent a program through a nationwide academic research network--Internet--just to prove that it could be done. Unfortunately, the program contained an error that caused a replication of the program that took over available memory in the more than 6,000 computers infected by the virus. The cost of clearing up the resulting problems is conservatively estimated at $186 million. Other types of attacks on computers, software, and data include theft of personal computers from offices, water and fire damage to computers, and various other types of rogue programs.

An example of the third type of crime, using a computer to plan or conduct a crime, involved the Flagler Dogtrack in Florida, where a computer operator used two computers to generate bogus winning tickets. The tickets were then cashed in with a loss to the dogtrack of at least $2 million. Electronic forgery, which uses desktop publishing equipment to create phony work orders, receipts, bank checks, and even stock certificates, is another example of this type of crime. The equipment needed to carry out this criminal activity is fairly inexpensive--less than $5,000--and includes a personal computer, laser printer with typographic fonts, and scanner to capture photographs and drawings. The greatest potential for harm with electronic forgery is in the creation of phony versions of everyday forms of identification such as letters of reference, diplomas, or identification cards. In one case, forgers used a color copier to produce a large quantity of false ID cards.

The costliest computer crime of all, the Equity Funding case, was an example of the fourth type of electronic crime, one in which a computer was used to carry out a crime by intimidating or deceiving people. …