c





Computer fraud describes a diverse class of electronic crimes that involve some form of electronic information theft and often

monetary gains for the perpetrators. Common types of computer fraud include

j? mltering or falsifying corporate computer records for personal gains;

j? Jreaching a computer network (hacking) for sabotage or for obtaining sensitive information, such as passwords or data;

j? Yavesdropping on phone lines or network connections via computer programs in order to glean sensitive information; and

j? ‘ffering bogus products or services over a public computer network such as the Internet.

The spread of computers and networking revolutionized the business world and simplified life for many people. Unfortunately,

computers also contributed to an increase in fraud, which results in severe financial losses for businesses and individuals alike.

Ystimates suggest that U.S. computer fraud in the late 1990s amounted to $10 billion per year in losses. Computer thieves are not

content to steal small amounts of money at a time, either. The typical bank robber averages $6,100 a heist; electronic thieves average

over $100,000 per incident.?Computer fraud is rampant, as the use of computers becomes part of our daily lives, with greater and

greater frequency. The definition of what constitutes computer fraudbecomes ever more complex with the ingenuity of people who

intend to deceive, misrepresent, destroy, steal information, or cause harm to others by accessing information through deceptive and

illegal means. Just as you have to be careful when you¶re walking down the street, or in your own home when you lock up at night,

you¶ve got to be careful of the many examples of computer fraud that will make their way onto your computer.

Perhaps most significant is the extent to which computer fraud permeates contemporary business and government systems. Some

studies suggest that upwards of 90 percent of all major corporations (e.g., Fortune 500) have been targets of computer fraud, as have

numerous U.S. government agencies²including the Department of Defense. The vast majority of these cases have resulted in some

financial losses to the target organization. This high percentage apparently stems in part from the fact most computer crimes²up to

85 percent according to some studies²are committed by insiders like employees and contractors. However, some analysts believe

that this high rate is artificially inflated because internal breaches are the easiest to catch.

c c
 


Computer crimes that involve system breaches are difficult to detect, and indeed security experts believe that only a fraction of

them²perhaps only 5 percent as of 1998²come to light. ‘ften the problem arises when organizations fail to view their computer

systems from a holistic perspective: they place tight safeguards only on the systems housing the most sensitive information, but

ignore the potential weak link between high-security systems and their other systems, which are minimally protected. ‘ther times,

network administrators and other managers fail to grasp the security issues affecting their systems. m noteworthy example is in the
large number of network penetration incidents that could have been prevented if the company had installed the security upgrades

provided by the software vendor (often free of charge).

Still, if a company monitors its systems for potential fraud on a continuous basis, it greatly improves its chance of at least detecting

the break-in and tracing its source, if not preventing it. However, the best security measures can also be costly to implement, leaving

management to choose between the high overhead of a secure system and the uncertain costs of potential fraud.

Jy contrast, consumer fraud perpetrated via computer, especially through the Internet, is often detected in much the same way as

other forms of consumer fraud: when the consumers don't receive the goods or services they paid for. Finding and prosecuting the

offender, though, can be complicated because of the Internet's decentralized and international nature. Web sites can be up one day

and gone the next, and they can be hosted from foreign computers beyond the normal jurisdiction of U.S. courts.

 c c  c


 


Society has not always reacted strongly to computer fraud. Courts have often been reluctant to punish criminals who indulge in

computer crimes because they view such infractions as somewhat harmless compared to street crime. mccording to a study

conducted in Washington, D.C., of 82 people convicted of  50 percent received suspended sentences or

probation. mbout 8 percent received sentences ranging from one week to six months in prison. mpproximately 10 percent received

sentences ranging from six months to three years in prison. ‘nly about 20 percent received sentences exceeding three years in

prison. ‘ne of the first things that must happen if computer crime is to be taken seriously is to change judges' and juries' attitudes

about its importance.

‘ne of the problems in dealing with computer criminals is that, until recently, the people charged with detecting their activities,

apprehending them, and ultimately trying them in court have not been capable of dealing with the technological aspects of the

crimes. That is partly because computer crime is a relatively new phenomenon. Major cases of computer crime date back only to 1971

or so.

‘ne of the first major cases allegedly involving computer tampering was reported by the New York-Penn Central Railroad. ‘fficials

disclosed that more than 200 of the company's freight cars had been rerouted from Philadelphia to an obscure yard in Chicago. The

original markings on the cars were painted out and changed. The same thing happened to another 200 or so cars, which were also

reported missing. Yach lost car cost the railroad an average of $60,000.

The chief of the Federal ‘rganized Crime Strike Force at the time suggested that someone might have gained unauthorized access to

the railroad's computer and changed program instructions to misroute the cars to other locations. Since that case, and another

highly publicized case in California a year later in which an engineering student stole more than $1 million worth of electronic
equipment from the state's largest telephone company, computer crime has drawn more attention from business, law enforcement,

and judicial officials. It has also become a focus of home computer owners, many of whom have fallen prey to computer fraud.

[
c
 
 


The great increase in personal computers in people's homes has spawned a new era of crime. Investment scam artists in particular

are busy defrauding individuals of millions of dollars a year through sophisticated scams. ‘ften, scam artists operate across state

lines in perpetrating their schemes. While this presents them with larger audiences of potential victims, it also opens the door for

federal officials to hunt and prosecute them. However, the rampant growth of consumer Internet use has only fueled the potential

for nationwide computer scams.

In one Missouri case, an unlicensed stockbroker offered his services to unsuspecting victims. He made dubious claims about stocks

which were not licensed for sale in the state. He suggested fallaciously that Donald Trump was a major investor in a small cruise line

whose seldom-traded stock the unlicensed stockbroker was promoting. Fortunately, state regulators uncovered his scheme before he

could bilk state residents out of large sums of money. Not all criminals are detected so quickly, though.

In another scam, in New Jersey, computer criminals pushed the stock of a Canadian modular housing firm whose shares jumped

from 42 cents a share to $1.30 early in 1994. ms a result, activity in the stock among computer users rose quickly. The daily trading

volume reached 600,000 shares²for a stock which had an activity level of only 175,000 shares in all of December 1993. The stock

price dropped quickly from $1.30 to only 60 cents a share, which meant many people lost money on the deal. The criminals,

however, walked away with a healthy profit.

mnother popular activity of computer criminals is pyramid schemes. In these, people are encouraged to send sums of money ranging

from $1 to $2,000 each to the top five names on an chain list. mfter they send the money, their names go on the

bottom of the list. Yventually, they are led to believe, they will rise to the top of the list and will receive sums as high as $600,000

from people on the lower rungs. Needless to say, more people lose their few dollars than gain $600,000²or even recoup their

original investments.

c   c
c

 cc

Jusinesses have implemented a wide variety of techniques to forestall computer fraud. The primary goal of business executives in

fighting computer crime is to reduce its impact as much as possible and uncover fraud quickly. Specific security measures include

the following:
 1.? Companies can maintain a rigorous schedule of system traffic audits and logs to document access to the system and some

forms of file manipulation. mudits may include  surveillance to track movement of large quantities of

data in individual messages.

2.? mccess to key computers²both physical and through network connections²can be restricted to only the most essential

users. Physical security may include placing the computers in controlled access facilities. Ymployees can also be screened

through background checks before receiving access to critical data.

3.? Yxtensive data back-up policies, including off-site storage, can be implemented to minimize the loss of archival data to

sabotage.

4.? Ymployees may be trained in computer security issues and procedures to reduce inadvertent compromises of security.

5.? Formal computer security policies can be publicized to employees and contractors along with the associated disciplinary

measures for violations.

6.? mn individual or group of individuals can be charged with overseeing all computer security issues in order to ensure these

issues receive ongoing and undivided attention.

Jefore deciding on which measures to implement, managers may need to conduct a thorough review of past security problems and

potential risks. There is also a growing pool of security consultants who can assist with risk assessment and security strategy

development. Various software and consulting firms also sell software tools that can be used to tighten security and combat fraud;

demand for such programs and services rose sharply in the late 1990s.

[  c
  

c
 


Police departments are becoming more sophisticated in their approach to fighting computer crime. They are adding more computers

to their arsenals and establishing partnerships with local businesses. For example, representatives of the Lake Worth, Florida, Police

Department meet monthly with a coalition of people from the city's private businesses, !"#and $%other

law enforcement agencies, and government organizations. ‘ther departments are adopting similar partnership approaches.

Most police departments in the United States today have added people to their staffs who specialize in the investigation of computer-

related crimes. In fact, 80 percent of the departments polled by Law and ‘rder Magazine for an article in its July 1994 issue reported

that they had such specialists on their staffs. This is an indication that police departments are becoming more active in their

investigations into computer crimes²and more proficient besides. The federal government has encouraged heightened police

involvement in detecting computer-related crimes through special funding for such programs.
However, many obstacles to prosecuting computer crimes remain. mcceptable police tactics and the kinds of evidence needed to

prove a case are not yet well established, leading to many state and local variations in how computer fraud is handled. The relatively

thin case history also makes for inconsistencies in the courts.

&'$c'%%()c

??Computer fraud is one of the fastest growing crimes and is becoming more evolved each day. The methods used to commit
computer crime change frequently due to the technology available.

(&%(

Identity fraud is one of the most common types of computer fraud. Identity fraud is where a person assumes another identity, real
or false, to gain a victim's trust. mn example of this would be the Nigerian Scam. In the Nigerian Scam, persons will convey
themselves as someone who is trying to escape the dangers of where they live, in order to gain your trust. In this example, the thief
gains his victim's trust, the victim sends money, all the mean while, the thief could really be in a completely different country.

(&$

Identity theft occurs when someone uses your information such as name, Social Security number, bank or credit card numbers, date
of birth or even address. The most common way identity theft occurs is by phishing. Phishing is a process of a person, or group,
sending fictitious emails stating your account has been compromised and that you need to verify the account immediately. Victims
are prompted to click on links, enter their bank or credit card information, their personal information associated with the account
and submit it to ensure they are truly the account holder. What the victim has really just done is send the thief all of their account
and personal information so that the thief may use it.

%$

mnother common form of computer fraud is the use of malicious software to hack or access files from a computer. ‘nce the software
has entered the computer's operating system, it can take over the computer and processes, stealing files and information from the
computer. Suspects can gain access to emails, banking information, personal information and social networking sites.


c'%$%((!%*++ ,

The c'% %( ( !%  is a law passed by the United States Congress in 1986, intended to reduce cracking of

computer systems and to address federal computer-related offenses. The mct (codified as 18 U.S.C. § 1030 governs cases with a

compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the

crime itself is interstate in nature, or where computers are used in interstate and foreign commerce.

It was amended in 1988, 1994, 1996, in 2001 by the USm PmTRI‘T mct, 2002, and in 2008 by the Identity Theft Ynforcement and

Restitution mct. Subsection (b) of the act punishes anyone who not just commits or attempts to commit an offense under the mct, but

also those who conspire to do so.



c $$%(

1.? Ënowingly accessing a computer without authorization in order to obtain national security data

2.? Intentionally accessing a computer without authorization to obtain:

ù? Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting

agency on a consumer.

ù? Information from any department or agency of the United States

ù? Information from any protected computer if the conduct involves an interstate or foreign communication

3.? Intentionally accessing without authorization a government computer and affecting the use of the government's operation

of the computer.

4.? Ënowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value.

5.? Ënowingly causing the transmission of a program, information, code, or command that causes damage or intentionally

accessing a computer without authorization, and as a result of such conduct, causes damage that results in:

ù? Loss to one or more persons during any one-year period aggregating at least $5,000 in value.

ù? The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis,

treatment, or care of one or more individuals.

ù? Physical injury to any person.

ù? m threat to public health or safety.

ù? Damage affecting a government computer system

6.? Ënowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may

be accessed without authorization.