February 1991 COMPUTER CRIMES: AN ESCALATING CRIME TREND By William S. Sessions Director Federal Bureau of Investigation Editor's note: This article is based on a speech given by FBI Director William S. Sessions. Artificial intelligence, laptops, PCs, vaxclusters, local area networks, cobol, bits, bytes, viruses, and worms. Most people recognize these words as computer terms. As computers have become a vital part of the American way of life, computer terminology has crept into the vernacular. There is no doubt that computers touch every aspect of our lives. Well over 80 percent of daily financial transactions nationwide take place via electronic funds transfers. However, many computer systems are highly vulnerable to criminal attack. In fact, computer- related crime costs American companies as much as $5 billion per year. When Clifford Stoll, an astrophysicist with an interest in computers, described computer crime, he likened computer networks to neighborhoods and small communities. He said cities and towns are tied together by streets, roads, highways, and interstates. Likewise, communities of computers are linked through local, regional, and national networks. Rather than transport food and equipment like highways do, computer networks move ideas and information. Unfortunately, just as American communities are threatened with drugs and violent crime, this Nation's computer networks are threatened as well. They are threatened by thieves robbing banks electronically; they are threatened by vandals spreading computer viruses; and they are even threatened by spies breaking into U.S. military systems. White-collar crimes in general--and computer crime in particular--are often difficult to detect and even more difficult to prosecute because many times they leave no witnesses to question and no physical evidence to analyze. And, because computer technology is such a rapidly evolving field, law enforcement has not yet developed a clear-cut definition of computer crime. Nevertheless, two manifestations of computer crime are obvious: The first is crime in which the computer is the vehicle or tool of the criminal, and second, crime in which the computer and the information stored in it are the targets of the criminal. COMPUTERS AS CRIME TOOLS When criminals use computers as their tools, the crimes they engineer are essentially traditional crimes, such as embezzlement, fraud, and theft, perpetrated by non-traditional means. The criminal uses a computer as an instrument, like the forger's pen or the terrorist's bomb. The vast majority of computer-related crimes that the FBI investigates falls into the category of using the computer as a tool. For instance, if a team of FBI Agents in one of its 56 field offices uncovers information that a disgruntled employee is tapping into a bank's computer to transfer funds illegally, those Agents will probably open up a bank fraud and embezzlement case and proceed from there. COMPUTERS AS CRIME TARGETS But what about the emerging crime trend that is unique to computers--in which the computer is the target? This type of crime occurs when a computer and the information it stores are the targets of a criminal act committed either internally by employees or externally by criminals. The external threat usually involves the use of telecommunications to gain unauthorized access to the computer system. In its investigations, the FBI has determined three groups of individuals involved in the external threat. The first, and the largest, group consists of individuals who break into a computer just to see if they can do it--without stealing or destroying data. The next group breaks into computer systems to destroy, disrupt, alter, or interrupt the system. Their actions amount to malicious mischief because they do not attack the system for financial gain, which is the motive of the last group. This group constitutes a serious threat to businesses and national security for these individuals are professionals who use specialized skills to steal information, manipulate data, or cause loss of service to the computer system. MEASURES TAKEN AGAINST COMPUTER CRIME Offenses committed through the use of computers include thefts, destruction of property, embezzlement, larceny, and malicious mischief, to name a few. For the most part, offenders have been prosecuted under Federal statutes (1) to address those particular crimes. However, to investigate and prosecute computer crimes not adequately covered by existing U.S. Federal laws, the Computer Fraud and Abuse Act was passed. One aspect of that act made it a crime for an unauthorized person--the hacker--to access a computer system. In 1986, this law was amended and expanded in scope and appears on the books as Title 18, U.S. Code, Section 1030. This statute contains essentially five parts--computer espionage, theft of financial information, trespass into U.S. Government computers, trespass into "Federal interest computers" (2) with intent to defraud, and trespass into a Federal interest computer to alter or destroy information. Both the FBI and the U.S. Secret Service have joint jurisdiction to enforce this statute. However, the statutes in the new computer fraud and abuse cases have seldom been interpreted by the courts. In fact, only 74 FBI cases with the computer as the target of the crime were identified between August 1987, and December 1989. CASE STUDY One particular case that captured much media attention demonstrated how complex and elusive computer crimes and computer criminals can be. In November 1988, a Cornell University graduate student designed the "Internet worm," a malicious code that spread to several hundred computers and affected the operations of several thousand U.S. Government, military, education, and commercial computer systems. This "worm" did not destroy data but caused massive disruption to the Defense Department's Advanced Research Project Agency Network and the computers connected to it. Investigators from several FBI field offices identified the man responsible for the attack, which attracted attention when it overloaded the system's capacity in numerous locations. This student was charged with devising and executing a computer attack on approximately 6,200 computers connected to the Defense Data Network. On July 26, 1989, he was indicted for violating the Computer Fraud and Abuse Act, a felony that carries a sentence of up to 5 years in prison. On January 22, 1990, a jury in the Northern District of New York returned a verdict of guilty. The student was ultimately sentenced to 3 years' probation, 400 hours of community service, and a $10,000 fine. This particular case raised many questions regarding the long-range impact of "malicious code." Malicious code is the general term for computer software designed to deliberately circumvent established security mechanisms or to take advantage of inadequate system policies or procedures. It is often difficult to trace and is frequently not discovered until it is too late to prevent the intended harm. Computer viruses and computer worms are malicious codes most frequently introduced into computer systems. Although some viruses have been known to carry benign code, more often they will have devastating effects, such as destroying files or corrupting data. EFFECTS OF COMPUTER CRIME Computer hacking and the unleashing of viruses are not harmless pranks. These products of computer criminal action have the potential for great harm, not only to large financial institutions but also to all citizens. Criminals who hack into a computer storing a doctor's patient and prescription information could, by electronically altering the drugs and dosages, inflict serious harm on patients. Criminals who hack into defense computers could compromise valuable intelligence information and possibly alter the world's balance of power. And, a fanatical terrorist could inflict devastating damage with a virus. These are very real possibilities. And the increase in the number of criminals who have the knowledge and capabilities to access computers are the reasons why this emerging crime trend is among the FBI's top priorities. INVESTIGATING COMPUTER CRIME Solving crimes that involve computers demands special investigative strategies, training, and skills. To conduct successful investigations in computer crime, the FBI uses a team approach. In most of the investigations that involve computers, the FBI Agent plays the role of the team leader, assisted by a computer technician--often drawn from the FBI support personnel ranks--when necessary. In addition, the FBI draws on knowledge from other government agencies, private sector computer firms, and universities to augment the level of expertise brought to these sometimes very complex investigations. COMPUTER CRIME TRAINING In order to fight the computer criminals of the next century, the FBI is providing investigators with the necessary training and expert support services to ensure that their efforts are well directed. For example, computer crime training classes for FBI Agents and National Academy students at the Bureau's facility at Quantico, Virginia, began in 1976. The FBI training philosophy is: To be a computer crimes investigator, you first must be a computer user. Specifically, the FBI offers two computer courses to FBI Agents and police investigators. In the 2-week basic computer course, students learn to use computers and become familiar with the various databases so they can recognize aberrations and crimes when they occur. In short, they are made computer literate. Another course is a 1-week advanced investigative course that zeroes in on viruses and other tricks of the trade. This course also covers searches and seizures of crime evidence found within computers. INVESTIGATIVE SUPPORT Not only are FBI Agents and police investigators trained in computer operations, but they are also supported with CASIAT--the FBI's computer-assisted security and investigative analysis tool. CASIAT is not a computer but a group of experts--members of the FBI's National Center for the Analysis of Violent Crime--who analyze computer crime patterns and develop profiles of computer criminals to assist investigators. For instance, as a result of their research, it has been determined that computer hackers are motivated by a variety of emotions--including revenge, retaliation, vandalism, and malicious mischief. The CASIAT experts are also establishing a national repository of malicious software or viruses. In addition, they are studying the methods used by various computer criminals in order to deal with crimes committed by these individuals. CONCLUSION In the continuing fight against computer crime, law enforcement must continue to strengthen its investigations, training, and support services. The education of prosecutors and investigators is necessary for them to know and to understand the elements of criminal conduct in computer crime. These crimes will be dealt with by using traditional laws and investigative techniques when possible, but new strategies must be adopted when needed in order to keep current with the computer crime trends of the future. However, the greatest point of control is removing the opportunity to commit computer crime. Computer security is first and foremost the responsibility of the system owner. Therefore, corporations must bring the issues of computer security to the management levels and create policies that establish security standards and response strategies to computer crimes. Cooperative efforts between the public and private sectors will prevent the computer criminal from causing serious damage in our Nation. FOOTNOTES (1) 18 U.S.C. sec. 1030 (Computer Fraud and Abuse Act of 1986); 18 U.S.C. sec. 2701 (unlawful access to stored communications); 18 U.S.C. sec. 1362 (malicious mischief); 18 U.S.C. sec. 2314 (interstate transportation of stolen property); 18 U.S.C. sec. 1343 (wire fraud); 18 U.S.C. sec. 641 (theft of government property); 18 U.S.C. sec. 793 (espionage). (2) A "Federal interest computer" is defined as either a computer used by the Federal Government or financial institutions, or affecting the use for the Government or institution, or a computer "which is one of two or more computers used in committing the offense, not all of which are located in the same state."