does a 13-year-old girl; a musician, an online banker and an intergovernmental organization have in common? The answer is they are all potential victims for criminal computer activity (Goucher, 2010). With the fast-growth of the use of the Internet and the World Wide Web, the world has been experiencing a rapid rise in the rate of computer-related crime. This rise has created controversy and commotion in regarding the courts’ involvement of cyberspace. Some even say that law enforcement is creating an overregulated cyberspace environment, an opinion contrary to that of the past. This paper examines the broad nature of the phenomena of computer crime and the actors behind it. Along with a description of different types of computer crime, this paper provides an introduction to the psychology of computer criminals and computer crime prevention techniques. This paper also provides statistical data on the most common types of computer crime experienced and the greatest concerns for future attacks by past and potential victims.
Definition and Classification of Computer Crime
One definition of computer crime, also known as cybercrime, divides crimes into three categories: where the computer is the target, where the computer is a tool used to execute the crime, and crimes where the computer is incidental to other crimes (Goodman, 1997). Carter (1995) gives a similar definition, but here he expands computer crime into a fourth category: crimes associated with the prevalence of computers. The following four categories of computer crime do not necessarily indicate that one crime must only fit in one category. Classifications may overlap as a criminal transaction takes place.
Computer as the Target- In this category, offenses include theft of intellectual property, medical information and marketing information. This theft can lead to blackmail based on information gained, by way of threat of sabotage. Sabotage of this type of data can impede business operations. Accessing government records is another common computer crime that falls under this category. Forms of this crime include changing criminal records and creating new and illegal documents such as a driver’s license or a passport. Techno-trespassing and techno-vandalism occurs when a criminal looks through a computer’s data without permission or when he or she damages the accessed data, respectively (Carter, 1995).
Computer As the Instrumentality of the Crime- This category refers to any crime that the processes of computers facilitate the crime. Crimes that fall under this category include credit card fraud, fraud from computer transactions, fraudulent use of ATMs, theft of money from different types of accounts, and telecommunications fraud (Carter, 1995).
Computer Is Incidental to Other Crimes- This category refers to crimes that could occur without a computer as well, however the presence of the computer has in one way or another contributed to the criminal act. Such crimes can include money laundering, unlawful banking transactions, BBSs supporting unlawful activity such as child pornography distribution (Carter, 1995).
Crimes Associated With the Prevalence of Computers- This category refers to new variations of traditional crimes such as software piracy, copyright violations, and black market computer equipment and programs. Counterfeit and piracy occurs with software such as word processing and database management system programs as well as with hardware, where manufactured products mimic those of other brands (Carter, 1995).
Psychology of Computer Criminals
Understanding the motivation for computer crime is the first step in long-term prevention. Looking at each type of crime and criminal individually is necessary in this process. For example, Willison (2009) analyzes motivation for employee computer crime and correlates it to disgruntlement. Wilson concludes that in before implementing appropriate safeguards, one must utilize organizational justice constructs, such as entitled distributive, in order to mitigate disgruntlement and in turn prevent employee computer crime (Willison, 2009). While the nature of the crime is a determining factor for the motivation of the criminal, there are some theories that categorize motivational theories in the aim to gain a better understanding of prevention methods.
The Computer Security Handbook devotes an entire section to the psychology of computer criminals. It explores the social psychology aspects of computer crime and provides various classifications of computer criminals. The section concludes that computer criminals tend to portray aggressive and antisocial behavior. Contributing factors that promote this behavior include anonymity, reduced social context cues, and a deindviduated-like state. Theories suggest different motivation for criminal computer activity. For instance, some follow the theory that computer crime is glorified by the perception of computer criminal trendsetters as Robin Hood type technological activists, a theory which can be backed by the more broad social learning theory. Nevertheless, given the broad nature of computer crime, one criminal may differ greatly from another in his or her psychological makeup. While one criminal’s actions may be attributed to the social learning theory, crimes such as stalking may be better explained by personality disorders, such as narcissism and an underdeveloped ethical maturity. In determining a criminal’s actions and reactions, personality variables, environmental factors, and the category of crime must all be thoroughly considered (Campbell & Kennedy, 2002).
Computer Crime Prevention
There are many ways by which cyber crime can negatively affect an individual’s life. Therefore it is important to understand how to combat cybercrime effectively. The National Institute of Justice sponsored a study in 1998 that addressed the needs of state and local law enforcement in order to minimize cybercrime and repel cyber criminals successfully. By 2001, ten priority needs were extracted. These strategic requirements were to be implemented in a speedy, centralized and coordinated manner. This section introduces these needs, as they appear in the Oxford Journal, Policing (Hinduja, 2004).
Hinduja (2004) states that raising (1) public awareness among representatives of government, corporations and society in general is classified as a top priority. (2) Data and reporting as well as (3) uniform training and certification courses are vital to tracking and prevention of cyber crime. Local (4) management assistance for onsite electronic crime task forces, (5) updated laws and (6) cooperation with the high tech industry are three more strategies that are dependent on one another, as well as the aforementioned strategies. For example, a new law requires a corporation specializing in new technologies to abide by certain data reporting standards, in order to coincide with the training programs provided to the electronic crime task forces. Rounding out the list is (7) special research and publications, (8) management and awareness support, (9) investigative and forensic tools, and (10) structuring a computer crime unit (Hinduja, 2004).
Alternative Prevention Methods
Although policies and legislative measures cover many areas of determent of computer crime, these measures are not always sufficiently effective. Utilizing alternative measures and exploring new methods is crucial. An entry in the Yale Law Journal proposes “A site where hackers are welcome, [the idea of] using hack-in contests to shape preferences and deter computer crime”. Such a tool can be used to capitalize on hackers’ culture of openness on the Internet. By nurturing the skills of hackers, it is possible to gain more insights that will assist in the creation of new and more effective policies. While this type of system focuses on a specific type of computer crime, that being unwarranted intrusions into private computer networks, this out-of-the-box type of thinking can be applied to other types of computer crime as well. (Wible, 2003)
2008 CSI Computer Crime & Security Survey
When one conducts research regarding computer criminal activity, it is of interest to the researcher which crimes are most common and which crimes are of greatest concern to the general public. In the 2008 CSI Computer Crime and Security Survey, respondents answered questions to provide this data. The table below lists the occurrence rate of each type of computer prime. As of 2008, the most common types of computer crime experienced were viruses, insider abuse, laptop theft, unauthorized access, denial of service, and instant messaging abuse (Richardson, 2008).
Nevertheless, the frequency that these crimes may occur to a victim does not necessarily outweigh the effect that these crimes may have. In other words, although some crimes occur more frequently, they are not necessarily of the greatest concern. This is evident in the respondents’ responses, where the top areas of concern were protecting data, the threat of loss of data on mobile and wireless devices, and the general area of management concerns. The 2007 data indicated more concern on legal issues and compliance and these concerns carried over to 2008 as well. However, a correlation between frequency of a criminal act and the public’s concern can be seen in responses that mention insider threats, botnet denial of service attacks, and the security of Web applications. Other topics such as next-generation identity management, the effect of virtualization on security, rootkits and malware, and implementing security policy are also prevalent areas of concern (Richardson, 2008).
Cybercrime or computer crime is a phenomenon that is becoming more and more important to explore and understand. The wide variety of crimes indicates that there is a lot to learn about information security systems for managers, law enforcers, engineers, and just about every other member of an industrialized society. For one who is in charge of cybercrime prevention, whether it is a local authority, a national authority or an intergovernmental one (Ferwerda, Choucri, & Madnick, 2010) it is important to understand the nature of the crime and therefore the motivation and psychology of the criminal. Only then can one focus on minimizing the crimes that are of great concern and danger to the various publics.