CYBERCRIME, CYBERLAW, AND CYBERCRIMINALS
"Cyberspace is not outer space. If you break the law, you will be found and you will be stopped." (Deborah Majoras)

    Cybercrime has many definitions (see Wall 2001 for a typical, academic essay over definitional issues), but most experts believe it is the wave of the future, and it's here to stay, not just a passing fad.  With over one trillion dollars moved electronically every week, the Internet is where the money is.  The rates of cybercrime are skyrocketing.  The annual "take" by theft-oriented cybercriminals is estimated as high as $100 billion, and 97% of offenses go undetected (Bennett & Hess 2001).  Then, there are those who just abuse the Internet and computer systems -- hackers or hooligans, whatever you want to call them -- but cybercriminals nonetheless.  Their shenanigans are often detected, resulting in an average cost of $104,000 per incident in damage, labor, and lost productivity (Brown et al. 2001).  In addition, there's corporate espionage (pdf), which some experts say is the real problem, with annual losses of proprietary information in the $60 million range. Toss in organized crime, terrorism, infowar, embezzlement, extortion, and a variety of other ways to offend or harm with computers, and it's anybody's guess what the real cost is.

    Criminological theory is weak in this area, but there are many typologies.  There are things that are criminally wrong, deliberately wrong, accidentally wrong, wrong for all the right reasons, and just plain annoying.  Legal systems everywhere are busy studying ways of passing new laws dealing with Internet misbehavior, so the arena has become a sort of "test-bed" or "mini-society" where all sorts of moral panics play out.  This ethereal realm we call CYBERSPACE is intriguing and full of potential.  Barney (2000), for example, finds it full of hope for democracy.  Others see imminent danger.  Two examples of danger are black economy and Internet addiction.

    The "black" or "shadow" economy refers to a growing cyber-economy of criminals who are making money at online crime.  The concept implies an evolution from hacking and virus writing for fun to creating malicious code for profit.  For instance, when malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors, one has a black economy.  In fact, currently there are plenty of Trojan creation sites out of Russia, Germany and the Eastern bloc where one can purchase kits and support for malware in yearly contracts.  It's something of a cottage industry now, but just wait.  One can buy compromised computers, or botnets, for spam runs or to perpetrate denial of service attacks.  One of the most successful of these was the massive Storm Botnet of 2007, which tricked millions of victims into opening emails about dead people from a storm in Europe, and where the perpetrators obtained control (and put up for sale) about 8% of the world Internet.  There are places where one can pay others to infect your enemies with spyware and Trojans (like a denial of service attack for $100), and, additionally, there is the emerging industry of digital espionage services, the growing cyber-extortion field, and the stolen credit-card market.  It's a wonder why anyone still bothers committing traditional crime nowadays when cybercrime is so much easier.

  The danger of "Internet Addiction" (being an "onlineaholic" or having the non-insurable diagnosis of "Internet addiction disorder") is insidious and personal.  In a world of news feeds, instant messaging, email, and games, Blackberry devices might as well be called "Crackberry" devices because of their addictive potential (like cell phones).  I personally feel that Internet addiction is indeed a disorder as destructive as any obsessive disorder, although I would be hard-pressed to describe the forensic or clinical outlines of it.  Specialists estimate that 6 percent to 10 percent of Internet users develop a dependency, at least according to some experts (e.g., Dr. Hilarie Cash, head of Seattle-based Internet/Computer Addiction Services; Dr. Kimberly S. Young, head of the Center for Online Addiction in Bradford, Pa.; & Dr. Maressa Hecht Orzack, the director of the Computer Addiction Study Center at McLean Hospital in Belmont, Mass., and an assistant professor at Harvard Medical School; but in contrast, Sara Kiesler, professor of computer science and human-computer interaction at Carnegie Mellon University calls it a "fad illness").  However, I think the following can be modestly stated -- Internet addiction exacts a toll on health and family life; it aggravates pre-existing disorders; it can lead to further addictions such as gambling or pornography; and it can lead to cybercrime.  The "hook" involves the ever-present hope of escape that the Internet offers to people who are longing for something.  Whether or not cybercriminals are addicted or not is a question that has not been adequately addressed by academics.

THE DEFINITION OF CYBER

    First of all, anytime you use the prefix cyber-, you're talking about something somebody is doing online.  In other words, there has to be a modem or networking involved somehow.  Motion is always involved. Anything related to the Internet falls under the cyber category when online.  Besides being a prefix, it's also a verb, not a noun.  So plugging in some 3D game and donning your goggles to go "cyber" doesn't count.  There's always action, motivation, movement, and interaction when you cyber.  It's impossible to just be cyber.  There's no steady state of being cyber.  To cyber means that you are constantly exchanging information, lots of information, and you are constantly using technology to the max.  You are doing both at the same time -- exchange of information technology is to cyber.  It's an activity unique to the Information or Knowledge Age we are entering, and by its very nature, it involves sharing or giving away things.  

    Cyber activity is very different from the use of computers for traditional activities where the purpose is to "stash" or "store" something and keep it from prying eyes.  Many criminologists don't grasp this distinction, and would argue that theft is theft regardless of the medium used.  However, I would argue that cyber theft is substantially different, and cyberterrorism is substantially different from terrorism.  Cybercrime is also substantially different from computer crime.  It's like the difference between people who use computers for all they can be versus people who use computers as a tool like a typewriter.  In each case, the motivation might be the same, but the action or movement is different.  One could even argue that the motivation is different.  Our criminal law simply hasn't got enough concepts to grasp the element of mens rea when it comes to cybercrime.  For example, there are different kinds of glee, elation, and glory involved in cyberspace that don't exist in the real world.  There is an excess of information, not a deficit or "coverup" of information.  Nor are the concepts of white-collar crime of any use, because you're dealing with something more revolutionary than just trying to make money -- you're dealing with cyberspace and technoculture, two concepts that are essential to any definition of cyber.

THE NATURE OF CYBERSPACE

    Cyberspace is a bioelectronic ecosystem that exists anywhere there are phones, coaxial cables, fiber optic lines, or electomagnetic waves (Dyson 1994). Nobody's really sure how big the Internet is (see CAIDA's map of Internet) for a map), but 135 countries have access, 54 world cities are the major hosts, and 72 million people logon every day.  You should get the idea that cyberspace is pretty big, in fact, bigger than anything that's ever happened before in human history, and it's constantly growing, tripling in size every year.  There are 13 main servers, numbered A thru M -- known as "root" servers -- which control all traffic on the Internet, and all but three of them are controlled by the US government, US companies, and/or located on US soil.  Notice I didn't say "owned" by the government.  Those 13 computers are in private hands, but they contain government-approved, master lists of the 260 or so Internet suffixes, such as ".com" and ".org."  The master lists serve as the Internet’s master directories and tell Web browsers and e-mail programs how to direct traffic. Internet users around the world interact with them every day, likely without knowing it.  If the U.S. government wanted to, it could render a policy decision that in one stroke could make all Web sites ending in a specific suffix essentially unreachable, or it could, if it wanted to, use two of the 13 root servers for cyberwar purposes, especially regarding the two that are still in US military hands.  Donated money keeps the 13 root servers operating (list available at www.root-servers.org), but today, because of anycast (cloning) technology, the functions of those servers have been replicated to more than 100 non-legacy root servers around the world, providing some level of security through redundancy.  The locations of the 13 root servers are not necessarily secret, but nondescript.  No signs or markers point the way to them.  They could look like any office building on the outside, but there is high security and Network Operations Centers (NOC) near them.  Not having any security at all visible from the outside is called "security through obscurity" and it's the main form of security for root servers.

Verisign's NOC (pictured at right) inherited the "A" root server via an acquisition, the "A" server being located near Dulles, VA, handling the .com and .net domains, two of the world's busiest domains, also owned by Verisign.  Root server operators have no contract with anyone and no guarantee of level of service. They do it all out of the kindness of their heart. Root operators are a collection of academic, non-profit, scientific and governmental institutions concerned with keeping the Internet running, and their sense of duty keeps them monitoring for natural and man-made disasters which might affect Internet performance.  

    The history is that in 1998, the Commerce Department selected a private organization with international board members (ICANN, at www.icann.org, for the Internet Corporation for Assigned Names and Numbers) to decide what goes on those lists.  Related ("Who governs the Internet") groups of significant note include IANA, or the Internet Assigned Numbers Authority, and the RFC-Editor Webpage, both of which are important repositories of information, and challengers to ICANN such as the UN-related initiative, IGF (Internet Governance Forum, or those who are helping ICANN work toward privatehood such as NTIA, or the National Telecommunications and Information Administration.  The US Commerce Dept., however, has kept veto power and stringent reporting control over anything ICANN decides or does, but Commerce indicated it would let go of control eventually, and maybe turn control over to an international organization such as something like the U.N. International Telecommunication Union, but in 2005, the U.S. reversed itself and said something like it would never cede control of the 13 main servers.  The U.S. government does, however, endorse having foreign governments manage their own country-code suffixes, such as “.fr” for France.

    In late 2006, it appeared that ICANN, or the Internet Corporation for Assigned Names and Numbers, would be getting more autonomy because the US government pledged to cede control of the net at some unspecified future point within the next three years.  ICANN is the private, non-profit, guardian of the underlying architecture of the net, overseeing allocation of domain names and the addressing system that links domain names to the numbers computers understand.  Observers have always said it is excessively controlled (i.e., bossed around) by the US government.  For example, in early 2006, ICANN came up with the idea of establishing an .xxx domain to move all the world's pornography there, but the US government nixed the idea.  With less US government control, ICANN hopes to one day achieve its goal of becoming a true "multi-stake holder organization."

Countries with the Most Hosts: Fastest Internet Growing Countries:

1. USA
2. Japan
3. Canada
4. Germany
5. UK

6. Italy
7. Netherlands
8. Taiwan
9. Australia
10. France

 1. China
2. Brazil
3. Iceland
4. Romania
5. Poland		 6. Argentina
7. Taiwan
8. Hong Kong
9. Canada
10. Portugal

    Hence, cyberspace has a certain "hippie" or free space connotation.  The thinking goes like this:  although humans created cyberspace, and are continually expanding it, the real inhabitants are data, information, ideas, and knowledge.  This is what is meant by the Information or Knowledge Age. The real estate, or property, is intellectual and public.  No one "owns" it, or operates it with any central authority.  Politically, it makes governments obsolete.  Economically, it can be replicated at zero cost, and unlike an industrial economy where you can only consume so many widgets, the average person in an information economy taps into all the world's knowledge and consumes information as fast as they can.  Humans can only benefit from this new medium if they exercise their freedom.

    Technoculture is best explained by reference to the CYBERPUNK movement that began in the mid-80s.  Hackers, crackers, and phreaks made up the cyberpunk movement.  Hackers could make magical things happen with computers, crackers would break into computer systems simply for the pleasure of it, and phreaks would do similar things with telephone systems.  Other groups that joined the movement later were cypherpunks, who popularized cryptography to get over on "the System", and ravers, who used computer music, art, and designer drugs at massive all-night dance parties and love-fests in empty warehouses.  Literature that glorifies cyberspace and the people on it is called cyberpunk literature. Here's a link to an online Dictionary of Cyberpunk Slang.  Technoculture is opposed to monoculture, the latter term being what hackers call the market dominance of Microsoft.             

THE CHALLENGES OF CYBERLAW

    A computer hooked up to the Internet is a publishing company, telephone, television, library, megaphone, and more all rolled into one.  This means that any administration of justice for suspected evil-doing with computers is covered by the First Amendment (freedom of speech) as much as the Fourth Amendment (freedom from search and seizure).  The traditional approach in this legal area involves thinking in terms of certain protected zones or spheres of privacy. No one's really sure where Internet freedom is protected in the Constitution. Cyberspace isn't really a zone or sphere. Nobody really owns it, nobody considers it "home," reasonable people shouldn't expect privacy from it, but not too many people want the government or anybody else sniffing, snooping, or regulating every part of this special place.  Those are the First Amendment issues. The Fourth Amendment issues, such as those contained in the Personal Privacy Act (PPA) and Title III of the Electronics Communications Privacy Act (ECPA), involve people, not places, but the distinction between wiretapping unread mail (which law enforcement can freely do) and wiretapping previously read mail (which requires consent via Acceptable Use Policies) is less than perfect.  When computer forensics specialists seize and search a hard drive for all its contents, the only Fourth Amendment issues they're concerned about are privileged relationships, work product, documentary materials, and/or whether or not the data was intended for publication or dissemination.  It seems like we are not only criminalizing a special place, but the person-based activity of having too much fun (with computers).   

    The other challenging legal question is when does Internet activity involve actus reus. In cyberspace, as in virtual reality, it's the impression that what one is experiencing is real. It doesn't require tactile sensation to be virtually raped in a chat room, but the consequences or trauma can be just as real. People can get married in cyberspace, obtain college degrees, and do other things that have real consequences. Plagiarism and copyright infringement is rampant on the web, and companies regularly install cookies and engage in data mining.  A lot of Internet content is inappropriate for children. Just how many crimes are possible to commit in cyberspace is difficult to determine, and to prove some harmful action took place.  Computer impressions, symbols, and persona do not make for anything more than conspiracy and inchoate offense charges.  When AI (Artificial Intelligence) systems come online, it will prove difficult who had the thought first -- the person or the machine.  

    Then, there's the whole problem of jurisdiction. Where exactly does cyberspace begin and end? In general, a government's jurisdiction extends to those individuals who reside within its borders or to transactions or events which occur within those borders. The Internet, like space, doesn't have any borders. A few states have been daring, claiming that the flow of commerce, or financial stream, across their Internet nodes gives them jurisdiction. However, it's unlikely that any state authority would issue a warrant for an overseas offender who has less than minimal physical contact with U.S. soil. The minimal contact requirement usually governs transborder technology-related commerce (International Shoe Co. v. Washington 1945). International law enforcement compacts also require dual criminality, which means that investigative cooperation only exists if the offense has similar meaning in both nations.  Sometimes, it's better to prosecute overseas, sometimes locally, sometimes federally, and this leads to a lot of disparities and inequities in the justice system.

    What and when to seize are also baffling issues.  Reactive response to hard drives have become a pattern in law enforcement because they conveniently record voyages in cyberspace.  However, it might be easier, and more proactive, to monitor bulletin boards, websites, posts, emails, finger and Usenet.  The computer's role should determine if the machine itself is to be seized or simply searched onsite.  If the computer was used to commit a crime, the entire system should be seized.  If the computer was used to store information about a crime, the hard drive, printer, and printout should be seized.  Other situations might call for a quick copy of the hard drive and all floppies.  The independent component doctrine requires that probable cause elements be present before any peripheral devices are seized.  Getting ISPs to turn over their log files in a timely fashion, and getting upstream carriers to cooperate, are additional problems.

    It must be remembered that this is an area, along with drugs, that helped develop the practice of no-knock warrants. Judges apparently felt that hackers could install time-delay devices or hot keys to permit quick disposal of evidence. A time-delay device destroys evidence if the keyboard is not accessed for awhile, and a hot key program erases data when a certain keystroke combination is depressed. Courts have also dealt with the time element for when a computer search warrant keeps from going stale, which is 3-6 months, the latter being the time when an unread message becomes a stored message, for legal purposes (Becker 2000).       

    Cyberspace law is a patchwork of loosely-articulated protections, liberally punctuated with loopholes and exceptions. Consider, for example, that there is privacy protection for bank records but not for medical records; protection for videotape rentals, but not magazine subscriptions; credit record protection, but not insurance records. New business practices and new technological developments often make good laws quickly obsolete.  It's no wonder that cyberspace is the perfect breeding ground for crime because cyberlaw is such a mess.  48 states have some version of the Computer Fraud and Abuse Act (Title 18, Section 1030 of the Federal Criminal Code).  This act was passed into law by Congress in 1986, and has been amended at least five times to touch up the language, including Patriot Act revisions.  There's also the Economic Espionage Act (Title 18, Section Chapter 90).  Most cybercrime is prosecuted at the federal level under either of these two acts. Let's take a look at these two laws.

Computer Fraud and Misuse Act: "Whoever knowingly accesses a computer without permission...to obtain information...defined as harmful to national defense, foreign relations..., or injury to the United States, intentionally accesses the financial record of a financial institution, any computer of any department or agency of the U.S., any protected computer involved in interstate or foreign communication, any nonpublic computer that conducts affairs for the government...with intent to defraud, extort, or cause damage...shall be punished by fine and imprisonment for five to twenty years."
Economic Espionage Act of 1996: "Whoever intentionally or knowingly steals, copies, receives, or conspires to benefit any foreign instrumentality by converting any trade secret related to interstate or foreign commerce shall be subject to criminal and civil forfeiture of all property used or derived from the offense as well a fine from $500,000 to $5,000,000 and imprisonment from ten to fifteen years." 

    State laws tend to be written as theft or fraud statutes, the evils being stealing and undermining confidence.  You might want to review the common law elements of theft and fraud law if you're unfamiliar with these offenses.  CardCops, a company that tracks and stings fraudulent (stolen) credit card use over the Internet, estimates online fraud at ten times the rate of real world fraud.  EscrowFraud.com estimates that 99% of web sites a seller of something on the Internet tries to "steer" you toward is "fake."  Virtual returns of merchandise are almost as costly as virtual purchases, and so-called carders regularly post sniffed credit card numbers in chat rooms and on web sites.  In the long run, it's the perception of dangerousness that hurts e-commerce, but in the short run, it's the speed of offenders and the slowness of law enforcement that is of concern.  The typical state-level cybercrime statute is long, often longer than federal code, and the wording is extremely general, but a short example might be as follows:

Typical State Cybercrime Statute (circa 2000): "A person commits computer theft or fraud when they knowingly and without authorization access or cause to be accessed any computer or network for obtaining goods, services or information with the intent to permanently deprive the owner of possession or use."

THE NATURE AND VARIETY OF CYBERCRIME

    Not everything computer-related is cybercrime, and not everything computer-related is computer crime. A person using a stolen telephone code to make free calls, even though the number is processed by a computer, is engaging in toll fraud, not computer crime. A person who embezzles $200 from the ATM of a company they work for still commits embezzlement, not cybercrime.  The use of computers as incidental to another offense is not cybercrime. There are plenty of laws on the books already to classify many types of cybercrime. One way to do this involves thinking along the lines of asset forfeiture, or whether computers make up the fruits or instrumentalities of crime.  This is a classification of cybercrime with the computer as target and computer as tool.

    Computer as Target:  This kind of activity is the wrongful taking of information or the causing of damage to information. Targeting a computer just to obtain unauthorized access is the hallmark of hacking, and the most serious criminal offense here is theft of information, followed by maliciousness, mischief, and wayward adventuring. Bypassing a password protected website to avoid payment would be theft of services, and foreign intelligence break-ins would be espionage. These are all familiar types of crimes, but hacking is typically done in furtherance of a larger scheme since the hacker wants to exploit all computational and encryption capabilities of a hacked system in order to weave through related computer systems. The activity can range from large-scale disruption to elegant hacking.  DNS rerouting and denial of service attacks are the most disruptive.  Subtle changes to a web page are elegant.  Hackers also generally collect password lists, credit card info, proprietary corporate info, and warez (pirated commercial software). A list of specific offenses in this category might include:

    Computer as Tool:  This kind of activity involves modification of a traditional crime by using the Internet in some way. The traditional analogue here is fraud. It can something as simple as the online illegal sale of prescription drugs or something as sophisticated as cyberstalking. Pedophiles also use the Internet to exchange child pornography, pose as a child, and lure victims into real life kidnappings.  Laws governing fraud apply with equal force regardless if the activity is online or offline, but a few special regulations apply at the federal level:

INSIDERS AND OUTSIDERS

    Another way of classifying cybercrime is to use a location-based approach that distinguishes between insiders and outsiders.  This is the approach the FBI uses (see Director Freeh's testimony 2000), which is also based on an evaluation of societal costs and the capabilities of law enforcement.  It is also the approach one is most likely to encounter in the published, scholarly literature (e.g. Nykodym, Taylor & Vilela 2005).  Such efforts are merely categorizations and are merely descriptive, but the geographic profiling of hackers has been a law enforcement pastime for quite some time (Taylor 1991), as has criminal profiling in general (Nykodym et al. 2005).  Opinions differ over the most effective form of the profiling process, but it's somewhat true that the rest of the country usually follows the lead of the FBI on such matters.  If one were to visit the now-defunct National Infrastructure Protection Center (now an office in DHS with many parts of it split into InfraGard and I3P), one could have seen how the problems of joint efforts reflect a changing set of priorities and emphases, but one could also easily see how about half the tips relate to insiders (using e-mail safely within your organization) and half to outsiders (cyberprotests by foreign nationals).  

    Insider Threats:  The disgruntled insider is the principle source of computer crime. As much as 75% of computer crimes are done by employees (note that this figure doesn't include virus or worm writing, which is primarily done by outsiders and is rarely counted as a computer crime).  This makes cybercrime against business the number one type of cybercrime, and it's growing, with the estimated loss to business running about $500 million per year, in the form of crimes like theft of proprietary information, theft of customer databases, and theft of product databases.  Their average age of an insider offender is 29, and they generally hold managerial or professional positions (USDOJ CCIPS data of 2003 puts the age profile like this -- 34% are between 20-29, 36% between 30-35, and 27% over 35).  Older offenders generally do more damage.  The FBI regards disgruntled employees as motivated by a perception of unfair treatment by management or snubs by co-workers.  Another fraction of incidents are caused by blunders, errors, or omissions. The FBI regards the insiders here as incompetent, inquisitive, or unintentional.  The difference appears to be in the intent to disrupt. Crimes involving the computer only incidentally are treated as traditional crimes -- theft, for example, if an employee tampers with the payroll system (called "data-diddling").  However, even the FBI is continually surprised, when under the plain view doctrine, they investigate an insider threat and find examples of child pornography, organized crime connections, and even recreational hacking.  Employees often waste a lot of company time using their network access to surf, shop, or engage in other instances of lost productivity.  It makes sense to profile the typical computer abuser.  Every organization has them, and here are some of the signs:

    Insider profiling (Nykodym et al. 2005) aims to help organizations understand the types of people that are likely to commit net abuse and/or cybercrime.  Some common characteristics of such people include: not showing fear from having managers around; inclination to break the rules; and perhaps a keen sports fan (in the case of net abuse by online gambling at work).  Such persons are usually fairly secretive, hard to communicate with, and quiet at work.  Workplace cybercrime committed by managers at work tends to adhere to the same profile, yet the amount of money "take" at work is higher.  Mid-or low-level employees, who commit the majority of cybercrimes at work, tend to have more restricted access and subsequently a lower "take."  However, alliances between a manager and employee at work can be a difficult case to investigate (detect and stop) because they are working on different levels of a hierarchy and have more ways to hide the crime.

    Insider cybercrime is generally divided into four (4) main categories (Nykodym et al. 2005): (1) espionage; (2) theft; (3) sabotage; and (4) personal abuse of the organizational network.  The espionage-oriented offender is similar to the outsider cybercriminal (discussed below), and generally is after confidential or sensitive information, and usually is part of the management team, sometimes the higher management (very senior) team.  Depending upon the race structure of the organization, the cybercriminal would be white or black, but they are usually secretive individuals who do not want to look different, and always try to blend in among others.  Theft-oriented cybercriminals are motivated by their own gain (despite what they might say about hate or revenge) with their only goal the selling or using of valuable information for money.  Such criminals are usually very comfortable with their position in the organization, and they tend to be young (either male or female) and still, relatively low in the organization's hierarchy.  The sabotage-oriented cybercriminal is like the espionage-oriented type (in being influenced by a competitor), but sabateurs are not necessarily employed by the organization, but consist usually of subcontractors, part-timers, and the like, who also usually have one things in common -- they have personal motives, like revenge for some mistreatment they perceive, like a layoff or missed promotional opportunity.  Age, race, and sex variation is quite diverse with this type.   

    Outsider Threats: Hackers are the most common group in this category. Their typical age is between 14 and 19, and they are generally part of the cyberpunk subculture. Hacking for illicit financial gain has been increasing, and less-skilled "script kiddies" (using point-and-click software instead of programming) are increasing in number.  Distributed Denial of Service Attacks are also increasing, which plant a tool such as Trinoo, Tribal Flood Net (TFN), TFN2K, or Stacheldraht (German for barbed wire) on a number of unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against the real target system.  2001 was also the Year of the Virus, and several large-scale hacks were accompanied by viruses released in the wild, which led authorities to suspect that hackers and virus writers were uniting.  The FBI uses the following typology to classify outsider threats:

    Industrial espionage is a very high-stakes game which the U.S. plays along with everyone else. There is a 1996 Anti-Economic Espionage law that defines "trade secret" quite broadly, but arrests usually involve sting operations conducted against foreign nationals attempting to bribe somebody.  It's the perfect example of an exception to the insider-outsider typology because sometimes, the crime originates with an employee who is in a position to sell trade secrets, and other times, the employee is tempted by an outsider.   

    Terrorists are known to use information technology to formulate plans, raise funds, spread propaganda, and to communicate securely. For example, Ramzi Yousef, mastermind of the first World Trade Center attack, stored detailed plans to destroy United States airliners on encrypted files in his laptop computer. Osami bin Laden was known to use steganography for his network's communications.  A website that was known as the Muslim Hacker's Club listed tips for things such as hacking the Pentagon.  A hacker known as DoctorNuker has been defacing websites for the last five years with anti-American, anti-Israeli, and pro-Bin Laden propaganda. Other than by using computers to communicate and coordinate, few examples exist of cyberterrorism, or politically motivated attacks on computer systems.  In fact, it is advantageous to a terrorist group to keep the Internet working, as a means of communication and outlet for propaganda.  The main tools of terrorism remain guns and bombs, not computers. There are a few instances of cyberterrorism, however, such as the 1998 attack on Sri Lankan servers by the Internet Black Tigers, or the Mexican Zapatista movement of the same year, which eventually teamed up with protesters of the World Trade Organization. We have yet to see a significant instance of "cyber terrorism" with respect to widespread disruption of critical infrastructures.  However, the FBI and many others, are concerned about the growth of something called hactivism, which is a word that combines hacking and activism. These are politically motivated attacks, but they may also be a form of electronic civil disobedience.  Such attacks are usually elegant.  For example, the Zapatistas target the URLs of companies they think don't support human rights. The attack is nothing more than adding the phrase "/human_rights" to the end of the URL.  The page returns a display that says "human rights not found on this server", which is also found in the server logs.  They don't actually flood the server, just enough times to make sure it's noticed in the server logs.

    Foreign intelligence services have adapted to using cyber tools as part of their information gathering and espionage tradecraft. In a case dubbed "the Cuckoo's Egg," between 1986 and 1989 a ring of West German hackers penetrated numerous military, scientific, and industry computers in the United States, Western Europe, and Japan, stealing passwords, programs, and other information which they sold to the Soviet KGB. Significantly, this was over a decade ago -- ancient history in Internet years. 

    Infowarfare usually involves foreign military forces against another foreign military force. We know that several nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the United States. China and Taiwan have been at infowar for years.  Foreign nations develop such programs because they feel they cannot defeat the United States in a head-to-head military encounter and believe that information technology is our Achilles Heel.

CYBEREXTORTION

    Cyberextortion is an outsider threat designed to obtain money, products, or favorable considerations from an organization or an organization's individual employees using illegal means of persuasion related to a computer intrusion or threatened computer intrusion that would make it impossible or difficult for that organization to do business.  The method of attack is most typically a Denial of Service (DoS) although theft of data or public ridicule (web defacement) are also common.  The crime takes advantage of the tendency for most businesses to NOT want their infrastructure vulnerability made public.  The target is typically a company that is involved heavily in e-commerce, and there is some tendency for targets to be companies that outsource their help desk function to places like India and Pakistan.  Not much is known about cyberextortionists, but a research study at Carnegie Mellon promises to shed some light on the subject.

    This crime is a good example of a transnational crime.  While it can occur within the boundaries of a single nation (Japanese businesses, for example, tend to be cyberextorted by Japanese criminals), it is more commonly found in the form of Russian or Eastern European hackers, hired or coerced by some organized crime group into finding American and European companies to break into.  Banking organizations are a particular target.  The Bank victim is threatened with having all or most of their customer's PIN numbers placed on the Internet somewhere, and a suprising number of victims "pay up" rather than report the problem to law enforcement.  Cyberextortion, in its organized crime variety, also represents an interesting division of labor among criminals since the hackers do specialized, technical work and their "handlers" do specialized, nontechnical work.  

A TYPOLOGY OF HACKERS

    At the heart of cybercrime are the hackers.  These people are the ones with the skills to commit the crimes, and an interesting way to look at them is to focus upon the lifestyles and personalities of hackers.  Take it for what it's worth.  None of these personality characteristics have been validated by any empirical tests.  The first typology comes from Maxfield (1985):

A second typology (Coutourie 1989) describes the relationship of a hacker to their computer:

    There have been no attempts (that I know of) to apply these typologies to real-life case studies, although allow me to give you some cases, and let you see if you can apply anything yourselves:
 

Case Studies of Hackers
"Captain Crunch" In 1972, "Capt. Crunch" aka John Draper, realized that by blowing the whistle that came in Capt. Crunch cereal boxes, he could replicate the tones necessary to place free long-distance phone calls. He spent some time on probation and in prison, then went to work for Apple Computer.
Kevin Mitnick In 1994, Mitnick was the world's most wanted hacker for breaking into Digital Equipment's computers and stealing source codes. He served some years in prison, then became a book author.
Kevin Poulsen In 1995, Poulsen, a friend of Mitnick's, broke into FBI computers. He spent some years in prison, and is now a computer security journalist.
"Mafiaboy" In 2000, this Canadian boy launched denial-of-service attacks on CNN, Yahoo, and other major websites. He ended up under house arrest and was restricted from using the Internet.
Onel DeGuzman In 2000, this Filipino computer science student unleashed the "ILOVEYOU" virus on the Net. He went unpunished because the Philippines had no law covering the crime.

INTERNET RESOURCES
Center for Strategic & International Studies (CSIS)
Cyberbullying Research, News, and Events
Cybercrime, Justice, Law and Society
Cybercrimes.net
Cyberpunk Top 100 Sites
Cyberspace and the American Dream
Cyberterrorism: How Real is the Threat?
DHS National Infrastructure Protection Center
Federal Guidelines for Searching & Seizing Computers (1994)
Federal Guidelines for Searching & Seizing Computers (2001)
InfoSec and InfoWar Portal
Institute for Advanced Study of Information Warfare
MSNBC's Hacker Diaries
National Cybercrime Training Partnership
National Strategy to Secure Cyberspace
Navy Postgraduate School White Paper on Cyberterror (pdf
Prof. Rob Kling's Social Informatics web page
Reality Bites: Cyberterrorism and Terrorist Use of the Internet
SocioSite: Power, Conflict, War, CyberWar, Cyberterrorism
The Zapatista Social Netwar in Mexico
U.S. Dept. of Justice Cybercrime Section
What is CyberTerrorism?
White House National Strategy to Secure Cyberspace

PRINTED RESOURCES
Arquilla, J. & D. Ronfeldt. (2001). Networks and netwars. Santa Monica: RAND.
Ballard, J., Hornik, J, & McKenzie, D. (2002). Technological facilitation of terrorism. American Behavioral Scientist 45(6):989-1016.
Barney, D. (2000). Prometheus wired. Chicago: Univ. of Chicago Press.
Becker, R. (2000). Criminal investigation. Gaithersburg, MA: Aspen. 
Bennett, W. & K. Hess. (2001). Criminal investigation. Belmont, CA: Wadsworth.
Biegel. S. (2003). Beyond our control: The limits of law in cyberspace. Cambridge, MA: MIT Press.
Brown, S., F. Esbensen & G. Geis. (2001). Criminology. Cincinnati: Anderson.
Clifford, R. (2001). Cybercrime. Durham: Carolina Academic Press.
Collin, B. (1996). "The future of cyberterrorism," paper presented at the 11th Annual International Symposium on Criminal Justice Issues, University of Illinois at Chicago, at http://afgen.com/terrorism1.html.
Coutourie, L. (1989). "The computer criminal" FBI Law Enforcement Journal 58: 18-22.
Denning, Dorothy. (2000). "Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Policy." Georgetown Univ. Workshop paper.
Denning, D. (2000). "Cyber terrorism: Testimony before the Special Oversight Panel on Terrorism," U.S. House of Representatives, Committee on Armed Services (23 May), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.
Denning, D. (2000). "Cyberterrorism," Global Dialogue (Autumn), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc.
Denning, D. (2001). "Is cyber terror next?" New York: U.S. Social Science Research Council, at http://www.ssrc.org/sept11/essays/denning.htm.
Deutch, J. (1996). "Statement before the U.S. Senate Governmental Affairs Committee, Permanent Subcommittee on Investigations" (25 June), at http://www.nswc.navy.mil/ISSEC/Docs/Ref/InTheNews/fullciatext.html.
Dyson, Esther et al. (1994). Cyberspace and the American dream. EFF [article website]
Embar-Seddon, A. (2002). Cyberterrorism: Are we under seige? American Behavioral Scientist 45(6):1033-43.
Garfinkel, S. (2004). "The FBI's cybercrime crackdown," Pp. 21-25 in J. Victor & J. Naughton (eds.) Annual Editions: Criminal Justice 04/05. Dubuque, IA: Dushkin.
Johnson, T. (Ed.) (2005). Forensic computer crime investigation. Boca Raton, FL: CRC Press.
Kalathil, S. & Boas, T. (2003). Open networks, closed regimes. Washington DC: Brookings.
Kopelev, S. (2000). "Cracking computer codes" Law Enforcement Technology 27(1): 60-67.
Lessig, L. (1999). Code and other laws of cyberspace. NY: Basic Books. [author's website]
Lipschultz, J. (1999). Free expression in the age of the Internet. Boulder, CO: Perseus Books.
Loader, B. & D. Thomas. (2000). Cybercrime, law enforcement, security and surveillance. London: Routledge.
Maxfield, J. (1985). "Computer bulletin boards and the hacker problem" the Electric Data Processing Audit, Control and Security Newsletter. Arlington: Automation Training Center, October.
Mena, J. (2004). Homeland security techniques and technologies. Hingham, MA: Charles River Media.
Meyer, J. & C. Short. (1998). "Investigating computer crime" Police Chief 65(5): 28-35.
Moore, R. (2005). Cybercrime. Cincinnati: LexisNexis Anderson.
Nykodym, N., Taylor, R. & Vilela, J. (2005). "Criminal profiling and insider cyber crime." Digital Investigation 2(4): 261-267.
Parker, T., Sachs, M., Shaw, E., Stroz, E. & Devost, M. (2004). Cyber adversary characterization. NY: Syngress.
Piper, T. (2002) "An uneven playing field: The advantages of the cybercriminals vs. law enforcement." SANS Reading Room, http://www.sans.org/rr/legal/uneven.php.
Pollitt, M. (n.d.) "Cyberterrorism: Fact or fancy?" http://www.cs.georgetown.edu/~denning/infosec/pollitt.html.
Power, R. (2000). Tangled web: Tales of digital crime from the shadows of cyberSpace. Indianapolis: Que.
Riem, A. (2001). "Cybercrimes of the 21st century." Computer Fraud & Security 4: 12-15.
Rose, L. (1995). Net law: Your rights in an online world. NY: McGraw Hill.
Speer, D. (2000). "Redefining borders: The challenges of cybercrime." Crime, Law & Social Change 34:259-73.
Sullivan, S. (1999). "Policing the Internet" FBI Law Enforcement Bulletin 68(6): 18-21.
Taylor, R. (1991). "Computer crime" in C. Swanson, N. Chamelin & L. Teritto, Criminal Investigation. NY: Random House.
Wall, David. (Ed.) (2001). Crime and the Internet. NY: Routledge.
Weimann, G. (2004). How modern terrorism uses the Internet, from http://www.usip.org/pubs/specialreports/sr116.html.
Weimann, G. (2006). Terror on the Internet. Dulles, VA: Potomac Books.
Unknown author (n.d.) What are Al Qaeda’s cyberterrorism capabilities? (n.d.), from http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/vulnerable/alqaeda.html.
Whine, M. (1999). Cyberspace: A new medium for communication, command, and control by extremists" Studies in Conflict and Terrorism 22:231-245.

Last updated: Dec. 14, 2007
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T.  (Date of Last Update at bottom of page). In Part of web cited (Windows name for file at top of browser), MegaLinks in Criminal Justice. Retrieved from http://www.apsu.edu/oconnort/rest of URL accessed on today's date.