Cybercrime has long been perceived to represent new crimes arising from the emergence of technological advancement, but an examination of the history of cybercrime reveal that its roots are as ancient as the crimes of fraud, harassment, and malicious property damage. The history of cybercrime is reviewed briefly here, as are the challenges faced by law enforcement efforts to curb cybercrime. Some gains have been realized, such as stemming the losses incurred from identity theft, but the virtual landscape changes so rapidly that new threats and criminal tactics are constantly emerging.
Cybercrime, Cybercriminals, and Cybercops
Cybercrime is formally defined by the Canadian Police College as illegal activity which depends materially on the use of computers to commit crimes or when computers are the object of the crime (Kowalski, 2008, p. 5-6). A contemporary example of the use of computers in criminal activity would be hacking into bank records over the internet to steal passwords and account numbers. This essay will briefly examine the history of cybercrime, how computer technology has changed the manner of criminal activity, and what law enforcement has been doing in response.
Over Forty Years of Violence
As soon as computers began to be put into use they became the targets of human frustration by disgruntled operators, employees, or business customers. Beginning in the 1960s, computer systems all over the world began to be shot with guns, bombed, held hostage, kidnapped for ransom, burned, stabbed, and sabotaged (Kabay, 2008, p. 5-6). Since this early period in computing history little has changed, as shown by a 2001 survey that revealed 25% of all computers have probably been physically assaulted. Although many of these assaults were committed by the computer's owner and therefore not a crime, there's no reason to believe workplace computers would be immune from this type of violence.
The current epidemic of identity theft has its roots in credit card fraud, which began almost as soon as they became widely available in the 1950s and 1960s (Kabay, 2008, p. 11-13). For example, victims would often find themselves facing a huge credit card bill from a bank they didn't remember requesting a card from. Although law enforcement quickly recognized the threat this criminal activity represented, the global losses to Visa and Master Card increased from 110 million in 1980 to 1.63 billion in 1995. With the advent of the internet, credit card fraud expanded into all aspects of the victim's financial life. By 2010, 8.6 million U.S. households were estimated to have been victimized by identity theft (Langton, 2011, p. 4-5). This represents an increase from an estimated 6.4 million households in 2005, yet the overall financial losses remained constant at 13.3 billion dollars.
As data banks of information began to accumulate on tape drives, and eventually hard drives, it was unavoidable that someone would want to access that information so that it could be altered. "Data diddling" exploits have involved bank records, payrolls, inventories, credit reports, school records, and billing data (Kabay, 2008, p. 17). Massive frauds have been committed through manipulation of data, sometimes yielding big paydays for the criminals. The ability of thieves to engage in this activity has only increased with the advent of the internet and is limited only by the security precautions taken by the targeted organizations. A form of data diddling, "Salami Fraud," involves stealing tiny sums from multiple accounts to avoid detection (Kabay, 2008, p. 19). Over a period of time, depending on how large the account data base is, vast sums can be stolen.
Malware - Malicious Software or Code
Logic bombs and the subcategory time bombs are used to activate destructive programs when certain conditions are met or on a specific date (Kabay, 2008, p. 20). One use of such programs was demonstrated by Michael Lauffenburger in 1992, after he left a logic bomb at General Dynamics that would be sufficiently destructive to result in call back. Trojan programs appear to be useful or at least harmless, but are instead malicious (Kabay, 2008, p. 23-24). Trojan programs began to appear as soon as user groups began to form in the 1970s. In 2005, Homeland security stated that Trojans buried in emails represent the biggest security threat facing computer users and networks. Some Trojans are designed to infiltrate a computer to record keystrokes, thus providing cybercriminals with security passwords and other valuable information. "Chipping" refers to unauthorized modifications of ROM instructions in otherwise innocuous hardware, which leads to the theft of information, interference with computers or network performance, or the destruction of information. The U.S. Defense Department's official policy is to avoid all Chinese software and hardware out of fear that they might contain Trojan programs. This policy is hard to enforce given the fact that non-Chinese programs and hardware are frequently counterfeited in China (Kabay, 2008, p. 27).
Viruses and worms are other forms of malware that mainly destroy the efficiency of computers or systems by clogging pipelines in denial-of-service attacks, or by destroying files. The authors of such programs claim they are revealing weaknesses in computer and network security, but the word "terrorist" seems more appropriate. Spam represents unsolicited emails sent to recipients all over the world, typically for the purpose of soliciting money legally or illegally, and began to emerge as the internet took off in the mid-1990s. By 2007, 88% of all email traffic content was spam.
Phone phreaking began as soon as telephone systems were put into use (Kabay, 2008, p. 14). Teenage boys were initially hired by AT&T in the late 1870s to act as switchboard operators, but the "… combination of power, technical mastery, and effective anonymity seemed to act like catnip on teenage boys." Eventually the bad behavior and pranks became so prevalent that AT&T stopped using boys as operators.
Josef Engressia (aka Joybubbles) was seven years old in 1957 when he began to mimic the 2600 Hz pitch AT&T used for its long distance phone system, which allowed him to make free calls to anywhere in the world. John Draper (aka Cap'n Crunch) began to use the whistles that came in the bottom of the cereal boxes of the same name to also gain access to AT&T's long-distance phone system, a tactic suggested to him by Josef Engressia. Rather than continue to use the toy whistles though, Draper built tone synthesizers that were called "blue boxes." The blue boxes quickly became prevalent among computer neophytes and others in the 1970s and the Apple founders Steve Wozniak and Steve Jobs even went through a period of phone phreaking the Vatican in Rome by pretending to represent Henry Kissinger.
Phone phreaking eventually evolved into computer hacking (Kabay, 2008, p. 15). One of the first hackers to gain notoriety was Kevin Poulsen, who at 17-year of age in 1982 found himself being raided by the Los Angeles County District Attorney's Office for gaining unauthorized access to the U.S. military's ARPANET computers, the precursor to the internet. Subsequent intrusion exploits at Pacific Bell garnered the attention of the FBI, based on the fear that he could be stealing state secrets by virtue of his secret security clearance. This forced Poulsen to go underground for about four years until he was eventually arrested, but during this underground period he was able to survive in part by 'gaming' radio station call-in contests by hacking Pacific Bell computers. Although the espionage charge was eventually dismissed, he served over five years in prison. Today Poulsen is an investigative journalist and editor for Wired News and SecurityFocus.
Law Enforcement Challenges
Local law enforcement agencies were the primary government bodies that investigated cybercrimes prior to the advent of the internet, but once the internet became widespread, cybercrimes took on an international character and forced cooperation between law enforcement agencies scattered around the world (Schjolberg, 2008, p. 2-6). This in turn revealed the various impediments facing law enforcement agencies investigating cyber crime, including inconsistent penal codes in different nations. The international principle of dual criminality, which states that an act must be criminal in both countries before extradition proceedings can begin, impeded initial attempts to investigate and prosecute cybercriminals (Kabay, 2008, p. 35). Such legal deficiencies have been gradually addressed through a large number of national and international efforts spanning over 30 years and has resulted in the establishment of national and international law enforcement 'expert' task forces to address the challenges faced when investigating cybercrime and prosecuting cybercriminals (Schjolberg, 2008, p. 2-6).
The Constantly Changing Virtual Landscape
In the United States, the magnitude of the threat motivated President Obama to declare the appointment of a CyberCzar to help coordinate law enforcement efforts to combat cybercrime (James, 2009). The threat of espionage and cyberterrorism is also so great that the Department of Defense has or will establish a new military command focused exclusively on cyber warfare. This is in response to a series of espionage attacks that many suspect China was behind. The Stuxnet worm, which attacked industrial…