Technology and Crime
High Technology and Criminal Opportunity
The twenty-first century has been described by some as representing the epitome of the postindustrial information age. Information, as many now recognize, is vital to the success of any endeavor, and certain forms of information hold nearly incalculable value. Patents on new products, the chemical composition of innovative and effective drugs, corporate marketing strategies, and the financial resources of competing corporations are all forms of information whose illegitimate access might bestow unfair advantages upon unscrupulous competitors. Imagine, for example, the financial wealth and market share which would accrue to the first pharmaceutical company to patent an effective AIDS cure. Imagine, as well, the potential profitability inherent in the information describing the chemical composition of that drug—especially to a competitor who might beat the legitimate originator of the substance to the patent desk, or who might use stolen information in a later bid to challenge patents already issued.
Such a scenario is not far-fetched. In 1994, for example, the huge pharmaceutical manufacturer Merck announced that it would file in 1995 with the federal government and the regulatory agencies of twenty-seven other countries a request for permission to market its new medicine, Fosamax. Fosamax, a drug intended to reverse the effects of osteoporosis in postmenopausal women, was described as a corporate centerpiece in the plan to ensure Merck’s leadership position among pharmaceutical manufacturers worldwide. The introduction of Fosamax to the pharmaceutical marketplace, along with ongoing clinical trials, was announced only after years of guarded negotiations and developmental research. The carefully crafted introduction was intended to ensure Merck’s clear claim to ownership of the chemical compound in Fosamax, which should prove highly profitable for the company. Merck officials estimated the osteoporosis health care market in the United States alone at $10 billion annually.
High-tech criminals seeking illegitimate access to computerized information, and to the databases that contain it, have taken a number of routes. One is the path of direct access, by which office workers, or corporate spies planted as seemingly innocuous employees, violate positions of trust and use otherwise legitimate work-related entry to a company’s computer resources to acquire wanted information. Such interlopers typically steal data during business hours, under the guise of normal work routines.
Another path of illegal access is sometimes called computer trespass and involves remote access to targeted machines. Anyone equipped with a home computer and a modicum of knowledge about computer modems, telecommunications, and log-on procedures has easy access to numerous computer systems across the country. Many such systems have few, if any, security procedures in place to thwart would-be invaders. In one recent case, for example, a Silicon Valley software company learned that a fired software developer had been using her telephone to enter its computers. By the time she was caught, the woman had copied million of dollars worth of the company’s programs. It was later learned that the stolen software had been slated for illicit transmission to collaborators in Taiwan. Had the scheme succeeded, many thousands of “pirated” copies of the software would have been distributed at great financial loss to the legitimate copyright owners. In a similar scenario, a Florida television news editor was recently arrested after moving to a new job with a different station for allegedly entering the computer of his former employer via telephone and copying researched stories.
More exotic techniques used to steal data stored in computers extend to reading the electromagnetic radiation produced by such machines. Electromagnetic field (EMF) decoders, originally developed for military purposes, are capable of scanning radio-frequency emanations generated by all types of computers. Key stroke activity, internal chip-processed computations, disk reads, and the like can all be detected and interpreted at a distance by such sophisticated devices under favorable conditions. Computers which have been secured against such passively invasive practices are rarely found in the commercial marketplace. Those which are available to commercial organizations generally conform to a security standard developed by the United States military called TEMPEST.
Some criminal perpetrators intend simply to destroy or alter data without otherwise accessing or copying it. Disgruntled employees, mischievous computer hackers, business competitors, and others may all have varied degrees of interest in destroying the records or computer capabilities of a company.
In what proved to be the first criminal prosecution of a person accused of creating a computer virus, Texas programmer Donald Gene Burleson was arrested in 1988 for allegedly infecting a former employer’s computer with a program designed to destroy the information it contained. Since Burleson’s arrest, many other would-be imitators have taken similar paths of revenge. According to Richard Baker, author of the respected Computer Security Handbook, “the greatest threat to your computers and data comes from inside your company, not outside. The person most likely to invade your computer,” says Baker, “is not a gawky youngster in some other part of the country but an employee who is currently on your payroll.”
Technically speaking, computer crime, which involves a wide variety of potential activities, is any violation of a federal or state computer crime statute. A recent estimate by the prestigious accounting firm Ernst & Young puts the cost of computer crime in the United States at between $3 billion and $5 billion a year. According to some experts, “that may be just the beginning.” As one technological visionary observes, “Our society is about to feel the impact of the first generation of children who have grown up using computers. The increasing sophistication of hackers suggests that computer crime will soon soar, as members of this new generation are tempted to commit more serious offenses.
“Thou shalt not steal thy neighbor’s data”.
While the theft or damage of information represents one area of illegitimate criminal activity, the use of technology in direct furtherance of criminal enterprise constitutes another. Illegal activity based upon advanced technologies is as varied as are the technologies themselves. Nuclear blackmail may represent the extreme technologically based criminal threat, while telephone fraud and phone “phreaking” are examples of low-end crimes that depend upon modern technology for their commission.
Phone phreaks use special dial-up access codes and other restricted technical information to avoid long-distance charges. Some are able to place calls from pay phones, while others fool telephone equipment into billing other callers. As a top telecommunications security expert explains it, “many organizations discover they have been victims of telephone fraud only after their telephone bill arrives in a carton instead of an envelope.
As some companies have been surprised to learn, the responsibility for payment of stolen telephone time may rest with them. A year ago, for example, a U.S. district court ordered Jiffy Lube International, Inc., to pay AT&T $55,727 for long-distance calls made by computer hackers who had stolen the company’s access codes. Judge Frank Kaufman said the law “squarely places responsibility upon a customer, such as Jiffy Lube, for all calls whether or not authorized. In effect, Judge Kaufman sent a message to corporations nationwide that they can be held responsible for ensuring the security of their telephone services.
Categories of Computer Crime
Internal computer crimes
Illegal bulletin boards
Misuse of telephone systems
Computer manipulation crimes
Support of criminal enterprises
Databases to support drug distributions
Databases to support loan sharking
Databases to support illegal gambling
Databases to keep records of illegal client transactions
Thefts of computers
Thefts of microprocessor chips
Thefts of trade secrets
Source: Adapted from Catherine H. Conly and J. Thomas McEwen, “Computer Crime,” NIJ Reports, January/February, 1990, p. 3.