Social Control of Cyberspace B. Pereyra
Our nation’s infrastructure is daily becoming much more of an abstract environment due to the use of organized cyber criminals hacking away at our super computer information systems. They are generating unpredictable challenges for law enforcement in discovering the unethical abuse on computer systems and a concentration on the young topic of cyber terrorism threatening our criminal justice system. Our law enforcement continues to invent newer methods to function and learn from this new social phenomenon and define cyber terrorism activity as motivation by the rapid growth of technology as a challenge, dominance, and as pleasure to obtain privileged information for illegal use to intentionally harm others and our information networks as well. Therefore, it is of relevance to explore the behavior of a computer hacker and a cracker; including the control, response, and the appropriate measures to combat this new crime wave, and how the academic community, courts, police, and the scientific government are approaching this radical form of crime.
On October 25th, 1983, a hearing was formed by the U.S. Congress on the issue of computer security in the federal government and the private sector. The hearing discussed the level of importance on how serious the United States Government must become in learning to monitor the use of computers and Internet through several knowledgeable witnesses. Susan H. Nycum, an attorney representing Gaston, Snow and Ely Barlett firm’s computer high technology group defined computer crime as: …any illegal act where a special knowledge of computer technology is essential for its perpetration, investigation, or prosecution” (Nycum, 15). Nycum also added before the committee that computer abuse falls into four categories that follow.
The first category is abuse like financial fraud and theft, incidents of theft of money from financial institutions or goods from businesses. The second is information fraud and theft. Information can be data, such as business secrets stored in computer systems, valuable to computer programs and data about individuals. The third category is theft of services. For example, systems hackers who use computer time to look around or employees who run entire profitable computer enterprises, such as service bureaus on the company or agency computer systems are examples of this kind of abuse. Lastly, vandalism, where computers have been damaged or destroyed as have databases and programs to perpetrate crimes. In addition, Nycum also points out that computers are involved in several ways as tools or objects for an attack. For example, international terrorists have used bombs and submachine guns to attack at least 28 computer centers of multi national companies and government agencies in Italy and France over the past years. A misguided employee of a U.S. company firebombed a computer of a competing company for the purpose of giving his employer a competitive business advantage. Furthermore, a computer can be the subject of crime by providing the automated mechanism to modify and manipulate new forms of assets, such as computer programs and information representing money. For example, bank frauds have been accomplished by manipulating the system to transfer small amounts of money from one account, which is later withdrawn. This is known as the salami effect, where near the end, after slicing the intruded account, the complete account is exhausted by all the small transfers or withdrawals. Bogus accounts have been created in computerized delivery or accounts payable systems to which goods have been shipped or money paid by financial institutions and retailers. Changes to computerized data have resulted in inflation of inventories in credit ratings, employment reviews, college and school grade records, etc. Lastly, a person can use a computer as an instrument for conducting or planning a crime. A perpetrator modeled his crime on a computer to alert him to the amount of activities he could engage in without attracting attention to his deeds, and later used the computer as a management tool to keep track of the activity, or even aid a stockbroker to produce forged investment statements to show huge profits to deceive his client and steal millions. Thus, the cyber criminal can only use the symbol of the computer to intimidate or deceive others. An example would be to convince his victim that he possess a very unique money making program or application able to do wonders like to hack classified information.
Amazingly, it is difficult for agencies, institutions, or the private sector to know the extent of computer crime and abuse. Like other crimes, cyber terrorism is very difficult to detect until it has already struck, causing millions, if not billions of dollars, or even life.
In June 1999, tens of thousands of computer systems in several major U.S. companies (including AT&T, Boeing, and General Electric) had their files infected, damaged, or destroyed by a software virus, Explore. Zip worm. This file-destroying but, first detected in Israel, arrived as an e-mail message and utilized MAPI commands and Microsoft Outlook on Windows systems to propagate itself. It has been estimated that damages from the Explore. Zip worm and other viruses (e.g., Melissa macro virus) topped $7 billion during the first two quarters of 1999. By the end of the year, computer intrusions will cost private industry more than $20 billion (Alexander & Swetnam, 4).
It may seem Internet bandwidth connections have advanced way beyond what the program creators of File Transfer Protocol (FTP) ever imagined. Complete files can be sent across the globe at the click of a mouse into other hard-drives in less than 45 million bits per second on a T-3 connection. Currently, the T-3 is one of the fastest digital lines available for any person who could cast an effective attack in less than 0.06 seconds. Scary, don’t you think? Unbelievably so, attacks did come about during the Kosovo War. Serb entities attempted to overwhelm NATO computers by ping attacks which establish communication with a target computer and occupies its functions by continuing to stay linked and feeding the computer system information. Recently, similar attacks were made towards the online auction website EBAY, and other electronic commerce websites using the same technique. Devices, such as an amplifiers assist the hacker in resending the signal repeatedly, causing vulnerable servers to lag or crash, making it disabled for blameless users to visit the website for the information they seek justifiably.
Whether or not the attempts by the user are to just visit the website or surf unto the information and cause a crime, it is difficult to really suspect them in committing an illegal operation or an attempt to cause major inner structural damage to the providers server until it has already been done. For instance, in 1970 Susan Nycum was director of Stanford University’s Computer Facility when her office was entered by a person saying, I think we are about to have a problem. In her own words, What had happened was that someone from a remote terminal using telephone lines had attempted to enter the vast campus computer facility system to destroy the volume table of contents of all the data that was stored in that facility” (Nycum, 4). Luckily, an alert operator forestalled the attack and they were not damaged, but if they had been, $50,000 in 1970 U.S. dollars would have been necessary for the repairs towards the system and recovery of modified or lost data. Since then, institutions around the United States have scattered for solutions to protect themselves from unlawful intrusions and the borderless threats from cyber space.
In 1991, the Computer Emergency Response Team at Carnegie Mellon University, also known as C.E.R.T., reported more than 500 incidents of computer account attacks. Five years later, Carnegie Mellon University would report 2,500 incidents of such attacks. Frightening enough, University of Delaware faced its first experience of cyber crime with nearly 2,000 students’ and professors’ passwords were compromised and had to be changed. This matter was reported to C.E.R.T. security specialists and it was later discovered these attacks were part of a larger pool of experienced online vandals, which involved other computers around the country terrorizing databases and fragile unsecured networked computer systems. Now, not only the schools, banks, businesses, and the military are feeling this terror, but also the federal agencies and local police departments are experiencing the work of computer attacks. Awareness grew of a new form of crime striking the nervous system of courts and the criminal justice sector. A push for secure software protection became the solution for most law enforcement agencies, corporations, and the government. Firewall programs were developed to protect server Internet protocol or “i.p.” numbers to secure the integrity of data. Unfortunately, programs can only protect specific intrusions, but still, there are forms of viruses that exploit systems by transferring codes through wireless, phone, and fiber optic cable connections. For example, e-mail acceptance of an effected file can cause an over-depended system to become paralyzed, disabling total access and reconstruction of a network. Usually this form of an attack is produced with the intention to break a system, test, or challenge in search of flaws in the application or system by a hacker. Very knowledgeable computer engineers or skilled users write programs like viruses or exploit codes. We can simply call them hackers because they have successfully broken into a file or the gate that secures company information. Those who have broken through this gate and have altered this data are considered crackers because they have not just successfully broken into the system, but have exposed malicious behavior on their property. Examples of a cracker is negligence to deface a website, alter, or erase valuable information from their file management, and/or sell, transfer information, such as funds into other accounts for withdrawal. Therefore, crackers are considered dangerous, possess a lack of computer skills, knowledge, and usually are profiled as juveniles by federal authorities.
Recently, authorities apprehended a 16-year-old cracker who perpetrated the CNN database deleting files, also known as a procedure in hacker lingo as modifying the residue in the kernel memory of the system. The juvenile cracker is believed to have struck several worldwide websites, dropping Dow Jones for more than 500 points and losing more than tens of millions of investment dollars. This case is an example by the U.S. Justice Department to send a message across to the hacker community -announcing the act will no longer be tolerated. As authorities heighten their investigations, more and more companies like Sprint, MCI, Abovenet, and Exds are all working together to put the flow of suspicious information together. Furthermore, they are able to assist law enforcement agencies in correlating information from a number of different sources as logging access lists off layer four connections and routers to pin point who recently visited the network system (Master, 1). As well, information off chat rooms, direct i.p to i.p. matchmaking, unique remote file transfers, and suspicious transactions made by users over cyber space are being reported. This is all possible by the advancement of technology and the participation of all government agencies and private corporations coming together.
No doubt, authorities have had to adjust to two decades of a new crime trend by educating themselves and hiring knowledgeable computer specialist to assist them in controlling the intrusions and wrongful acts caused by cyber criminals. As more cyber crimes surface, supreme court judges will have to depend on the severity of the crime and carefully interpret the law giving the proper consequence for the illegal act. In addition, governmental control over Internet usage can only go so far. This has been noticed recently when three judges on the U.S. Court of Appeals for the Sixth Circuit in Cincinnati ruled in favor that computer encryption programs are a form of expression and therefore are protected by the First Amendment. Does this mean it protects virus programs and or applications that can do harm to computer information systems? Chief Judge, Boyce F. Martin Jr. of the Sixth Circuit wrote in favor stating that this protects computer programs:
Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment” (Kiernan, 2).
Shockingly, now, composers of computer programs are protected by actual case laws for reasons that it falls under free speech, and raising the possibility that restrictions on such programs may be deemed unconstitutional. If three judges on the U.S. Court of Appeal ruled that computer programming is a form of expression, then where are we headed? Certainly, we have two points of the spectrum attempting to circumvent the issue, and the other side protecting the technological epidemic.
In conclusion, we clearly see the social control in our society of how our government whose interest is to protect information, contradicts itself by saying it is right to produce computer scripts or program codes that increases harm to our nation’s infrastructure. Furthermore, I am convinced the crimes of tomorrow (cyber perpetrating), and its consequences are not fully enforced, but I accept that we as a nation are doing our best to learn from this fascinating transgression of events. We are learning from it and we are creating limitations, while at the same time, out-dates the rapid advancement of technology making today’s legislation obsolete while the hacker’s vulnerability assessment tools become more sophisticated. Lastly, our hopes, as the criminal justice community, is to quickly detect and predict these modernistic attacks, investigate individually, and circumvent this new trend of cyber criminology and understand its sociological behavior.
Class: Social Control (Sociology 313)