Computer Crime In The 1990's
We're being ushered into the digital frontier. It's a cyberland with incredible promise
and untold dangers. Are we prepared ? It's a battle between modern day computer cops and
digital hackers. Essentially just think what is controlled by computer systems,
virtually everything.
By programming a telephone voice mail to repeat the word yes over and over again a
hacker has beaten the system. The hacker of the 1990's is increasingly becoming more
organized very clear in what they're looking for and very, very sophisticated in their
methods of attack.. As hackers have become more sophisticated and more destructive,
governments, phone companies and businesses are struggling to defend themselves.
Phone Fraud
In North America the telecommunications industry estimates long distance fraud costs
five hundred million perhaps up to a billion every year, the exact the exact figures are
hard to be sure of but in North America alone phone fraud committed by computer hackers
costs three, four maybe even up to five billion dollars every year. Making an unwitting
company pay for long distance calls is the most popular form of phone fraud today. The
first step is to gain access to a private automated branch exchange known as a "PABX" or
"PBX". One of these can be found in any company with twenty or more employees. A "PABX"
is a computer that manages the phone system including it's voice mail. Once inside a
"PABX" a hacker looks for a phone whose voice mail has not yet been programmed, then the
hacker cracks it's access code and programs it's voice mail account to accept charges for
long distance calls, until the authorities catch on, not for a few days, hackers can use
voice mail accounts to make free and untraceable calls to all over the world. The hackers
that commit this type of crime are becoming increasingly organized. Known as "call cell
operators" they setup flyby night storefronts were people off the street can come in and
make long distance calls at a large discount, for the call cell operators of course the
calls cost nothing, by hacking into a PABX system they can put all the charges on the
victimized companies tab. With a set of stolen voice mail access codes known as "good
numbers" hackers can crack into any phone whenever a company disables the phone they're
using. In some cases call cell operators have run up hundreds of thousands of dollars in
long distance charges, driving businesses and companies straight into bankruptcy. Hacking
into a PABX is not as complicated as some people seem to think. The typical scenario that
we find is an individual who has a "demon dialer" hooked up to their personal home
computer at home that doesn't necessarily need to be a high powered machine at all but
simply through the connection of a modem into a telephone line system. Then this "demon
dialer" is programmed to subsequently dial with the express purpose of looking for and
recording dialtone. A demon dialer is a software program that automatically calls
thousands of phone numbers to find ones that are connected to computers. A basic hacker
tool that can be downloaded from the internet. They are extremely easy programs to use.
The intention is to acquire dialtone, that enables the hacker to move freely through the
telephone network. It's generally getting more sinister. We are now seeing a criminal
element now involved in term of the crimes they commit, the drugs, money laundering etc.
These people are very careful they want to hide their call patterns so they'll hire these
people to get codes for them so they can dial from several different calling locations so
they cannot be detected.
The worlds telephone network is a vast maze, there are many places to hide but once a
hacker is located the phone company and police can track their every move. The way they
keep track is by means of a device called a "DNR" or a dial number recorder. This device
monitors the dialing patterns of any suspected hacker. It lists all the numbers that have
been dialed from their location, the duration of the telephone call and the time of
disconnection. The process of catching a hacker begins at the phone company's central
office were thousands of lines converge to a main frame computer, the technicians can
locate the exact line that leads to a suspected hackers phone line by the touch of a
button. With the "DNR" device the "computer police" retrieve the number and also why the
call was made and if it was made for illegal intention they will take action and this
person can be put in prison for up to five years and be fined for up to $ 7500.00.
The telephone network is a massive electronic network that depends on thousands of
computer run software programs and all this software in theory can be reprogrammed for
criminal use. The telephone system is in other words a potentially vulnerable system, by
cracking the right codes and inputting the correct passwords a hacker can sabotage a
switching system for millions of phones, paralyzing a city with a few keystrokes.
Security experts say telephone terrorism poses a threat, society hasn't even begun to
fathom ! You have people hacking into systems all the time. There were groups in the
U.S.A in 1993 that shutdown three of the four telephone switch stations on the east
coast, if they had shutdown the final switch station as well the whole east coast would
have been without phones. Things of this nature can happen and have happened in the past.
Back in the old days you had mechanical switches doing crossbars, things of that nature.
Today all telephone switches are all computerized, they're everywhere. With a computer
switch if you take the first word "computer" that's exactly what it is, a switch
being operated by a computer. The computer is connected to a modem, so are you and all
the hackers therefore you too can run the switches.
Our generation is the first to travel within cyberspace, a virtual world that exists
with all the computers that form the global net. For most people today cyberspace is
still a bewildering and alien place. How computers work and how they affect our lives is
still a mystery to all but the experts, but expertise doesn't necessarily guarantee
morality. Originally the word hacker meant a computer enthusiasts but now that the
internet has revealed it's potential for destruction and profit the hacker has become the
outlaw of cyberspace. Not only do hackers commit crimes that cost millions of dollars,
they also publicize their illegal techniques on the net where they innocent minds can
find them and be seduced by the allure of power and money. This vast electronic
neighborhood of bits and bytes has stretched the concepts of law and order. Like
handbills stapled to telephone polls the internet appears to defy regulation. The
subtleties and nuances of this relatively new form to the words "a gray area" and "right
and wrong". Most self described hackers say they have been given a bad name and that they
deserve more respect. For the most part they say hackers abide by the law, but when they
do steal a password or break into a network they are motivated by a helping desire for
knowledge, not for malicious intent. Teenagers are especially attracted by the idea of
getting something for nothing.
When system managers try to explain to hackers that it is wrong to break into computer
systems there is no point because hackers with the aid of a computer possess tremendous
power. They cannot be controlled and they have the ability to break into any computer
system they feel like. But suppose one day a hacker decides to break into a system owned
by a hospital and this computer is in charge of programming the therapy for a patient
there if a hacker inputs the incorrect code the therapy can be interfered with and the
patient may be seriously hurt. Even though this wasn't done deliberately. These are the
type of circumstances that give hackers a bad reputation. Today anyone with a computer
and a modem can enter millions of computer systems around the world. On the net they say
bits have no boundaries this means a hacker half way around the world can steal passwords
and credit card numbers, break into computer systems and plant crippling viruses as
easily as if they were just around the corner. The global network allows hackers to reach
out and rob distant people with lightning speed.
If cyberspace is a type of community, a giant neighborhood made up of networked computer
users around the world, then it seems natural that many elements of traditional society
can be found taking shape as bits and bytes. With electronic commerce comes electronic
merchants, plugged-in educators provide networked education, and doctors meet with
patients in offices on-line. IT should come as no surprise that there are also
cybercriminals committing cybercrimes.
As an unregulated hodgepodge of corporations, individuals, governments, educational
institutions, and other organizations that have agreed in principle to use a standard set
of communication protocols, the internet is wide open to exploitation. There are no
sheriffs on the information highway waiting to zap potential offenders with a radar gun
or search for weapons if someone looks suspicious. By almost all accounts, this lack of
"law enforcement" leaves net users to regulate each other according to the reigningnorms
of the moment. Community standards in cyberspace appear to be vastly different from the
standards found at the corner of Markham and Lawrence. Unfortunately, cyberspace is also
a virtual tourist trap where faceless, nameless con artists can work the crowds.
Mimicking real life, crimes and criminals come in all varieties on the internet. The
FBI's National Computer Squad is dedicated to detecting and preventing all types of
computer -related crimes. Some issues being carefully studied by everyone from the net
veterans and law enforcement agencies to radical crimes include:
Computer Network Break-Ins
Using software tools installed on a computer in a remote location, hackers can break
into any computer systems to steal data, plant viruses or trojan horses, or work mischief
of a less serious sort by changing user names or passwords. Network intrusions have been
made illegal by the U.S. federal government, but detection and enforcement are
difficult.
Industrial Espionage
Corporations, like governments, love to spy on the enemy. Networked systems provide new
opportunities for this , as hackers-for-hire retrieve information about product
development and marketing strategies, rarely leaving behind any evidence of the theft.
Not only is tracing the criminal labor-intensive, convictions are hard to obtain when
laws are not written with electronic theft in mind.
Software Piracy
According to estimates by U.S. Software Publisher's Association, as much as $7.5 billion
of American software may be illegally copied and distributed worldwide. These copies work
as well as the originals, and sell for significantly less money. Piracy is relatively
easy, and only the largest rings of distributors are usually to serve hard jail time when
prisons are overcrowded with people convicted of more serious crimes.
Child Pornography
This is one crime that is clearly illegal, both on and off the internet. Crackdowns may
catch some offenders, but there are still ways to acquire images of children in varying
stages of dress and performing a variety of sexual acts. Legally speaking, people who
provide access to child porn face the same charges whether the images are digital or on a
piece of paper. Trials of network users arrested in a recent FBI bust may challenge the
validity of those laws as they apply to online services.
Mail Bombings
Software can be written that will instruct a computer to do almost anything, and
terrorism has hit the internet in the form of mail bombings. By instructing a computer to
repeatedly send mail (email) to a specified person's email address, the cybercriminal can
overwhelm the recipient's personal account and potentially shut down entire systems. This
may not be illegal , but it is certainly disruptive.
Password Sniffers
Password sniffers are programs that monitor and record the name and password of network
users as they log in, jeopardizing security at a site. Whoever installs the sniffer can
then impersonate an authorized user and log in to access restricted documents. Laws are
not yet up to adequately prosecute a person for impersonating another person on-line, but
laws designed to prevent unauthorized access to information may be effective in
apprehending hackers using sniffer programs. The Wall Street Journal suggest in recent
reports that hackers may have sniffed out passwords used by members of America On-line, a
service with more than 3.5 million subscribers. If the reports are accurate, even the
president of the service found his account security jeopardized.
Spoofing
Spoofing is the act of disguising one computer to electronically "look" like another
computer in order to gain access to a system that would normally be restricted. Legally,
this can be handles in the same manner as password sniffers, but the law will have to
change if spoofing is going to be addressed with more than a quick fix solution. Spoofing
was used to access valuable documents stored on a computer belonging to security expert
Tsutomu Shimomura (security expert of Nintendo U.S.A)
Credit Card Fraud
The U.S secret service believes that half a billion dollars may be lost annually by
customers who have credit card and calling card numbers stolen from on-line databases.
Security measures are improving and traditional methods of law enforcement seem to be
sufficient for prosecuting the thieves of such information. Bulletin boards and other
on-line services are frequent targets for hackers who want to access large databases or
credit card information. Such attacks usually result in the implementation of stronger
security systems.
Since there is no single widely-used definition of computer-related crime, computer
network users and law enforcement officials most distinguish between illegal or
deliberate network abuse versus behavior that is merely annoying. Legal systems
everywhere are busily studying ways of dealing with crimes and criminals on the internet.
TABLE OF CONTENTS
PHONE FRAUD..........................................Pg1
NETWORK BREAK-INS...........................Pg6
INDUSTRIAL ESPIONAGE......................Pg7
SOFTWARE PIRACY................................Pg7
CHILD PORNOGRAPHY..........................Pg7
MAIL BOMBING.......................................Pg8
PASSWORD SNIFFING............................Pg8
SPOOFING.................................................Pg9
CREDIT CARD FRAUD...........................Pg9
|