Computer & Internet Crime
This article examines how computer crime has changed over time with the emergence of Internet crimes (also referred to as cyber crimes). The types of internet criminal activity (identity theft, credit and debit card number theft, and money-laundering schemes) are examined. Child exploitation using the Internet is also discussed. International organizations and law enforcement agencies that are involved in the fight against Internet crime are profiled. The weaknesses in computer security as well as the easily exploited naiveté of Internet users are examined. In addition, the social backlash against new behaviors that are Internet specific and efforts to pass laws against banning those behaviors are also examined.
Keywords Child Exploitation; Cyber Crime; Computer Crime; Identity Theft; Internet Crime; Online Auction Fraud; Phishing; Spyware
Historically, computer crime was limited to computer systems and networks including hacking, data destruction, data theft, and system disruption. Many of those crimes were directed towards businesses, government agencies, or universities. In the 1990s, as the Internet came into widespread commercial use, the nature of computer crimes began to shift (Provos, Rajab & Mavrommatis, 2009). There are still crimes against computers in the traditional sense, but the vast majority of modern day computer crimes are those in which computers and the Internet are used to commit a wide variety of other types of crimes, against businesses as well as individuals (Fox, 2009)(Stansky, 2009).
An Increasing Threat
Internet crime is flourishing. In 2013, the Wall Street Journal reported that Internet crimes cost the United States up to $100 billion, accounting for 1 percent of the gross domestic product (GDP). Losses were measured in such terms as intellectual property loss direct loss, reputational loss, and the loss of sensitive information. Internet scams via e-mail have increased to the point that some users receive dozens of scam emails in the workplace and at home every week (Fox, 2009); the use of email blocks and filters can, however, minimize occurrences. Internet criminals can be found pretty much everywhere, including in social networking websites such as Facebook and Twitter. In addition, banks suffer huge losses every year involving e-mail scams and other identity theft methods which compromise account numbers, social security numbers, and passwords of bank customers (Silver-Greenberg, 2009). In the event that banking information of a small company is disclosed, it could cause several weeks of disruption to company operations.
There have been many big cases of Internet crime during the last decade and credit card and debit card number theft have been amongst the most dramatic and most costly. One case involved eleven perpetrators who allegedly hacked nine major retailers in the United States and stole over 40 million credit and debit card numbers. It was an international conspiracy with perpetrators from the United States, Estonia, Ukraine, the People's Republic of China, and Belarus. Much of the theft was accomplished by intruding into the wireless networks of retail outlets. The retailers included TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW. Some of the credit card and debit card numbers were sold in the United States and Eastern Europe (Brannen, 2008)("Department of Justice brings," 2008). As a result of these types of crimes, business have had to spend large sums of money to upgrade their network security. In another example, in January of 2012 the shoe retail company Zappos.com was attacked and customer billing/shipping information and credit card data were exposed.
Organized crime has certainly found a new home and expanded opportunity on the Internet (Choo, 2008)(Spafford, 2008). Organized criminal activity on the Internet includes identity theft, the movement of illegal drugs, and the movements of counterfeit pharmaceutical drugs and other counterfeit merchandise around the world. Many of these crimes are financial crimes — with credit card fraud, money-laundering schemes, and identity theft leading the list of thriving criminal enterprises. Many of these organized crime groups operate in multiple countries including the United States, Canada, Pakistan, Portugal, Romania, and dozens of others. Financial institutions that have been targeted in these schemes include Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay, and PayPal (Foltz, 2008).
Child exploitation is not an invention of the Internet age by any means. However, the Internet has become the new playground for consumers of child pornography and a market place for those who purvey it. Pedophiles have formed Internet communities and exchange materials. Another aspect of child exploitation on the Internet is when adults attempt to pick up minors; that is, engage minors in chats or discussions online and then attempt to meet them in person to expand their relationship (Baker, 1999). There have been several dramatic cases of adults facing arrest for this behavior (Preston, 2008)(Sheldon & Howitt, 2008). Many corporations have installed web browser filters to block employees from specifically surfing to websites that provide this illegal content.
Identity theft on and off the Internet is also a growing criminal enterprise. These scams usually involve misuse of existing credit card or bank accounts, opening new accounts using stolen identities, fraudulently obtaining government benefits or services, obtaining new documents to support the use of the stolen identity, and even health care fraud ("Scoping paper," 2008). Although many people consider identity theft as an Internet crime, it has become a cross over crime with stolen identities as well as stolen corporate credit cards being used online as well as off line.
Stalking, harassment, and bullying have also found their way to the Internet. Although these types of activities may not be as dramatic as other Internet crimes, they are still a personally frightening and often terrifying event for those who are targeted (Gillespie, 2006). Cyber stalking can include unsolicited emails of a threatening or intimidating nature or be repeated confrontation in chat rooms or on networking sites by a threatening person (Hewitt, Dodd, Ingrassia, Truesdell, York & O'Connor (2005). Cyber harassment can include repeated antagonistic, hostile, or false postings on blogs or other social sites.
Commonly termed cyberbullying, this kind of harassment can include sending angry or threatening emails designed to intimidate a person from participating in activities. There have been several high-profile cases of cyberbullying in the United States in the 2000s, many unfortunately affecting children and teenagers, with some tragically ending in suicide. The common use of social networks and the relative ease of online anonymity make this an increasingly serious issue for youth; the general consensus is that this form of bullying affects more than half of teens. Legal protections against cyberbullying and cyberstalking are in place in most US states. In some cases, perpetrators have been prosecuted for such crimes as criminal harassment, violation of civil rights, stalking, and electronic harassment; new and proposed cyberbullying legislation also takes into account the actions and policies of schools.
Intellectual Property Piracy
One of the biggest dollar-volume businesses on the Internet is piracy of intellectual property. This includes the illegal copying, distribution, and sales of copyrighted works including books, music, software, and videos (Einhorn, 2009). The FBI has pursed thousands of investigations and indictments of copyright infringement crimes and a large portion of these cases have been international in scope and resulted in thousands of arrest and the seizure of hundreds of millions of dollars in pirated works. Piracy has also cost businesses billions of dollars in lost revenue.
In the early 1990s most people were ecstatic about the potential of the Internet and most still are. However, the types of Internet crimes that have emerged have outraged many people and there are ongoing efforts to pass new laws to protect Internet users and to prosecute Internet criminals. Many people and organizations blame the Internet as the ubiquitous cause of these new crime waves. In reality, the Internet has just become the latest means of committing crimes.
What this Means to the World of Business
Corporations are on the frontline in the fight against Internet crime. In addition to spending more on computer and network security, corporations have also found it necessary to better train employees to identify potential scams as well as determine if corporate assets have been compromised. It has also become necessary to monitor and control employee Internet use to prevent intentional misuse as well as unintentional actions that may cause network security problems.
Corporations have been fighting spam since the mid 1990s. Spam email has clogged corporate email servers and bogged down communications within the company as well as between the company and its suppliers and customers. Businesses receive hundreds of billions of spam e-mails every year and spend billions of dollars per year getting rid of spam and spyware (Garcia, 2006)(Sun, 2008).
Many large and small companies alike have also installed various Types of filters and blocking software that prevents employees from accessing websites, social networks, or communication systems on the Internet. The process of blocking websites can improve security on the corporate network in two ways. First, it can prevent misuse of company computers and networks by disallowing certain types of Internet activity. Second, when employees are limited in their web use, they can be kept from accessing websites that may be spyware traps or that spread other types of malicious code (Taylor, 2008). Other companies have an ongoing effort to monitor Internet use of their employees and can warn employees about misuse or even terminate them (Fortier, 2007).
Internet crime has created several other perils for corporate information security including making the company laptops and tablets (and even smart phones) prime targets for theft. Many laptops and tablets have corporate information, user names, and passwords stored on them. If one is stolen and falls into the wrong hands, Internet criminals could too easily start gaining access to company computer systems and networks (Britt, 2009).
There have also been several cases where data stored on laptops and tablets included employee names, addresses, and even social security numbers. When these devices are stolen or lost, the potential for crimes like identity theft are high. If this type of data is on a company computer, it is essential that it be secured (Foster, 2008). Corporations as well as nonprofit organizations are facing a growing number of laws and regulations regarding the safety of employee and customer personal data. This is especially true for financial data and health care related data. Companies can be fined by the government but they also face the potential of class action suits by groups whose data have been compromised (Levenson, 2008).
The Fight Against Internet Crime
Just as the Internet has spawned new industries and new ways to make money for individuals as well as large companies, it has also giving rise to new products, new services, and new law enforcement efforts to fight Internet crime. The computer security products business has grown to over $80 billion annually and is expected to keep growing at a rapid rate.
Most countries have passed some law or regulation to address Internet crime. The Council of Europe's Convention on Cybercrime and relevant European Union legislation, for the most part, has been the primary reference model for many regulations. In addition, most countries have established some sort of central agency or agencies to fight Internet crime ("The promotion of," 2005). It is not known how well developed these agencies are or to what extent they are successful.
Regulation within the United States
In the United States, law enforcement agencies and government regulators have started several new initiatives to combat Internet crime. The FBI has hired more agents with computer skills and is training agents in computer forensics. The FBI has also established several computer forensics centers across the United States to help the bureau in Internet crime fighting and to assist local law enforcement organizations in their efforts (Mercer, 2004). The FBI works in conjunction with the United States Secret Service, the United States Immigration and Customs Enforcement (ICE), the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF)("Reporting computer hacking," 2009).
The Federal Bureau of Investigation
The FBI has worked to establish InfraGard, which is a joint effort between the FBI and private businesses, academic institutions, state and local law enforcement agencies, and other interested parties. The goal of InfraGard is facilitate "dialogue and communication between members and the FBI" that is helpful in countering cyber crime as well as other threats against the infrastructure of the United States ("About InfraGard," 2009). InfraGard is an important mechanism for the private businesses that are involved. It allows them to interact with the Internet crime fighting community and share information, and provides them assistance in their efforts to stop Internet criminals.
The Federal Trade Commission
The United States Federal Trade Commission (FTC) focuses on fighting identity theft, spyware, and Internet scams. The FTC provides information to consumers about identity theft and has an online compliancy reporting system. Spyware, software that is installed on your computer without your consent, can monitor and even control your computer use. The FTC has an initiative to fight spyware through law enforcement and consumer education. Internet fraud is also on the FTC's Internet crime fighting agenda ("Computers & the internet," 2009).
Internet Enforcement Program
The United States Securities and Exchange Commission has established the Internet Enforcement Program and Office (OIE). The OIE coordinates the investigation of enforcement-related cases generated from investor tips received in the SEC Complaint Center. The OIE also performs surveillance for potential Internet securities-related fraud and provides strategic and legal guidance to law enforcement agencies nationwide. The SEC is responsible for investigating...
(The entire section is 6618 words.)