The Net Works
Not too many years ago I ran a dial-- up bulletin board system (BBS) along with a friend. Our BBSs were heavily used. We did not have e-mail as we know it today. The Internet as we know it did not yet exist, but we did have e-mail exchange all over the world. It was slower than today's Internet e-mail, but it was cool. There were loads of chat areas on all topics-- even one entitled "buy and sell." Well, one day a user on my friend's BBS exchanged e-mail with someone in Georgia on the buy-sell chat area. The BBS user was going to buy a large-- capacity hard drive for $250 C.O.D. Eventually the package arrived at the local BBS user's home, and he paid the C.O.D charges. Upon opening the $250 package the purchaser found a block of wood-it was maple. Needless to say this was fraud. But the problem we faced was who to report this to. No one was sure who to call. We called the local police, but they were just as unsure. And worst of all, no one was sure how to gather evidence.
Now let me offer another example of the state of law enforcement in regard to cybercrime. At MIT a number of years ago, a student set up an Internet computer on campus for the purpose of exchanging commercial software with his friends, and the friends of those friends, and so on and so forth. You get the idea. The people who accessed the computer site freely exchanged the programs. No money was paid to the company that produced the software in question; no one paid anyone, actually.
The authorities eventually found out about this scheme, and the MIT student was charged with "fraud."
The problem was that this was not fraud; it was theft. Theft of property. To make a misunderstood story short, the MIT student was acquitted, as the authorities could not prove fraud. The simple reason was that his crime was not fraud, as I said. Oops!
The point is that, until recently, law enforcement did not understand how to relate computer crime to real-world crime. Before this time, my two examples were not isolated incidents by any means!
Well, times have changed. Law enforcement agencies are catching up with the computer criminals. These agencies are coming to understand how computer criminals operate. The first indication of this is when the FBI began to keep statistics and started to pay attention to trends and criminal events. The Internet Fraud Complaint Center (IFCC) [http://www1.ifccfbi.gov/ index.asp] has issued its first report, which covered January to December 2001. (Note: The full report is available at: http://www1.ifccfbi.gov/strategy/ IFCC_2001_AnnualReport.pdf.)
It's also time for schools to begin educating our students about Internet crime. So let me start by offering some insight into one area of computer crime that can easily reach out and touch any one of us.
What's hot is Internet fraud. What's hot is selling "blocks of wood" in place of valuable items (or buying a product and not paying for it). The situation seems to be at an epidemic levels, but it's difficult to know for sure if this trend is growing because 2001 was the first year statistics were kept on a national level.
Fraud is certainly not the only crime that is committed on the Internet, although it accounts for a major portion of Internet crime. Online fraud seems to be an area in which the general public is most vulnerable. For example, most of us would not give someone the time of day if they tried to sell us something over the phone. There is certainly a deep-seated suspicion of telemarketers. But this fear and suspicion do not transfer to the Internet. Just look at eBay for example. People will buy things over the Internet, apparently with no fear of fraud, with no fear of losing their money. The statistics seem to back me up on this.
In 2001 the IFCC received 49,711 complaints. This total included many fraud and nonfraud complaints, such as computer intrusions, SPAM/unsolicited e-mail, and child pornography. …