Computer Crime

Computer Crime

Computer crime and criminal information law are relatively young phenomena. A first historical analysis indicates that each new development of computer technology was followed by a corresponding adaptation of crime as well as by legislative changes. A short overview - using the example of Germany - illustrates this adaptation of crime and information law to the new information technologies, it also indicates that this process started gradually at first, but then continued at an increasing pace:

- From the beginning of the 1950s computers were introduced in industry and administration to control routine processes. As late as 20 years after that time, the first cases of computer manipulation, computer sabotage and computer espionage became known. Only in 1986 did the German legislator react with the Second Act for the Prevention of Economic Crime.

- On the other hand, the mass processing of personal data in electronic data banks since the 1960s was soon regarded as a danger to privacy. In Germany, the first law that took this development into account was enacted in 1970.

- The open networks of the 1970s soon led to corresponding misuses in the form of "hacking", which the Law Committee of the German Parliament could still consider in the Second Act for the Prevention of Economic Crime in 1986.

- The mass phenomenon of program piracy came along simultaneously with the spreading of personal computers in the 1980s, forcing the legislator to carry out different reform measures from 1985 onwards.

- The use of automated teller machines in the 1980s, too, was immediately followed by new ways of code card misuses, which already represented criminal offenses due to the reforms of the Second Act for the Prevention of Economic Crime.

- Today, electronic post services, mailboxes, ISDN as well as the development of close links between data processing and telecommunication are used by neo-nazi groups, perpetrators in the field of economic crime and organized criminals: Computer technology and telecommunication have not only become part of general life, but also of general crime. The changes that these new technologies caused in criminal procedural law do therefore not only concern traditional computer offenses, but all kinds of crime.

Starting from this historical background the first part of this paper will give an overview on the relevant forms of offenses and changes in computer crime. The second part deals with the corresponding reactions of the law. The third part asks for the change of paradigms and future prospects of the legal development. In the end, the analysis will show that the multitude of computer-related offenses has led to four waves of computer-specific reform laws in all countries, which are marked by the fundamental changes of our society.

I. Current Forms of Offenses

In most countries, the discussion about computer misuse began in the 1960s with the endangerment of privacy, which was discussed under the catchword of "data protection" and was at first not seen as a part of "computer crime" (see infra A). In the 1970s, scientific research concentrated on computer-specific economic crimes, especially computer manipulations, computer sabotage, computer espionage and software piracy (see infra B). Further research demonstrated rapidly that - along with the advance of information technology into new areas of life - criminals can use computers for almost all offenses and that - from a phenomenological point of view - homogeneous computer crime does not exist any more (see infra C). Today changes and differentiations that are characterized especially by the innovations of telecommunication technology are ascertainable in all areas mentioned.

A. Infringements of Privacy

The 1960s saw the beginning triumph of computers, and in many Western countries it was realized that the collection, storage, transmission and connecting of personal data endangers the personality rights of citizens. Orwellian visions and the mistrust of the revolting youth of the late sixties inspired the discussion about the dangers of the "Big Brother". However, today the old paradigm of the computer as an exotic instrument in the hands of the powerful became at the latest obsolete with the massive spreading of personal computers.

According to official statistics, data protection offenses are only of limited importance today. The cases that became known show different degrees of endangerment: The misuse of "STASI" documents, i.e. the documents of the Ministry for State Security of the former GDR, or the possible blackmailing of AIDS-infected patients prove that in the information society of the 20th century, data protection has become a central matter of concern. The storing of information about defaulting debtors by credit investigation agencies or the transmission of data within criminal prosecution authorities also show, however, that the ascertainment of infringements of privacy in numerous cases depends on a difficult assessment and evaluation of conflicting principles: The under'ying discussion on values does not only have to deal with the protection of privacy, but also with the freedom of information, which is the driving force of the cultural, economic and political development of an "open society".

"Clear" infringements of privacy became known especially in the area of traditionally protected (also by criminal law) professional secrets, especially concerning official secrecy as well as the requirement of confidentiality for officials, doctors, lawyers and banks. Such data constituted the object of the offense in a South-African case, in which the offender - presumably through theft of magnetic tapes - obtained medical data of persons which had undergone an AIDS-test; the data were passed on to the employers of the persons affected.

Another clear case of infringement of traditional regulations on protection of secrets happened in 1989 when two employees of one of the biggest Swiss banks helped the French tax authorities to decode magnetic tapes containing customers' data for a compensation of 500,000 FF.

In contrast, difficult problems on evaluation and assessment with regard to the ascertainment of infringements of privacy are illustrated by an Italian case. In 1986 IBM was accused that its security system RACF represented an inadmissible control over employees.

B. Economic Offenses

Since the 1970s, the discussion about computer misuse was not only marked by data protection crime but also by computer-related economic crimes, which today are regarded as the central area of computer crime and which were at first exclusively characterized by that term. In this field, the central offenses are those of computer manipulation, computer sabotage, computer extortion, hacking, computer espionage, as well as software piracy and other forms of product piracy.

1. Computer Manipulations

Computer manipulations were at the starting point of the discussion about computer-related economic offenses. During the time of the large mainframe computers, computer manipulations constituted a uniform group of crimes. Because of the diversification of computer systems in the 1980s, today the term computer manipulation describes a spectrum of different cases within the field of economic crimes.

a) Among the "classic" large-scale computer manipulations, invoice manipulations concerning the payment of bills and salaries of industrial

companies as well as the manipulations of account balances and balance sheets at banks are the predominant offenses. In the course of the recession of the last years, an extension of manipulations to increase the inventory could be perceived.

In Germany, a complicated invoice manipulation was committed as early as 1974 by a programmer who carried out salary manipulations of over 193,000 deutschmarks (DM) through changes of salary data as well as the book-keeping and balance sheet programs of his company.

Among the balance sheet manipulations, especially the case of the German Herstatt Bank of 1974 must be mentioned, in which balances totalling over one billion deutschmarks were manipulated.

An example for a typical account balance manipulation is the terminal-input of a Japanese bank accountant who put in a deposit of 1,800 million yen and withdrew 50 million yen in cash and cheques amounting to 80 million yen from a subsidiary of the affected Sanwa-Bank in 1981.

In 1994, a Russian group of offenders showed that these manipulations could also be carried out via data networks by external perpetrators. Operating from St. Petersburg, the group succeeded in making an American bank transfer over ten million dollars to them.

b) Numerous misuses of ATM-cards and similar means of payment have been added to these "big" manipulations since the end of the eighties. Even though these misuses often lead only to small sums of damage, statistics show that the misuses of cards surpass the number of classic manipulations by far and meanwhile constitute the most frequent computer crime cases. The protection of the respective cards - above all by chip technology - is gaining more importance in particular for the point-of-sales- systems, which are already common in Japan and which are being introduced in Europe at the moment. Suitable methods of protection are important especially because of the fact that meanwhile, the relevant classic credit card crimes are committed mostly by organized groups of criminals.

Today the forms of committing misuses of ATM-cards range from the simple use of stolen cards and the manipulation of cards with the help of computers to the independent manufacturing of card copies. Apart from the ATM-cards other magnetic cards are manipulated, e.g. phone cards or cards for horse betting.

The offenders get the PIN-code necessary for the use of the cards often by a phone call trick, by preparing the keyboard, by false keyboards or - as in a Japanese case - by bugging data telecommunication lines.

A Hungarian case was particularly remarkable due to a high sum of damage. Within one month, the respective maximum amount of approx. 250 US $ was withdrawn by the help of the copy of a single card in 1,583 cases.

c) The misuse of the telephone network, in the field of which considerable qualitative changes have occurred in recent years, is currently also becoming a "mass crime": In the 1960s, offenders only wanted to avoid expenditures for their own phone calls. Since the end of the 1980s, the techniques originally developed by young hackers were also used by "companies" which - in often changing apartments or with the help of mobile telephones - offered conversations especially in intercontinental telecommunications. In the 1990s, even financial manipulations resulting in the transfer of money were made possible by the telephone companies when the insufficiently protected telephone network, which was not developed for this purpose, was used in an incautious way for the accounting of services.

Blue boxing was already developed in the sixties and is based on the fact that in the traditional analogous telephone network, control tones for establishing a link are transmitted through the same line as the information and can therefore be manipulated with the help of the so-called "blue box". By using a telephone number free of charge (in Germany a 0130-number), e.g., an operator of an American telephone company is called. Then the conversation is ended with the help of a "break tone" and the free line is held with the help of a "seize tone". After the input of certain control impulses it is possible to dial the desired number in the USA free of charge. However, especially as a consequence of installed frequency blockers, the blue boxing technique now only works in a limited way, i.e. in telecommunications between certain countries only.

This is why young telephone hackers today predominantly use manipulation techniques which allow phone calls at the expense of other network participants. This is made possible by breaking into badly protected voice-mail-systems, the direct-dialing functions of which are exploited. A widespread form of manipulation is also the trade with foreign "calling card" numbers, which, e.g., are given away by insiders of the telephone companies, are obtained with the help of trick phone calls from the card holders, are "hacked" by intruding a computer or are found out by listening in on phone calls. Some of the phone calls are carried out at the expense of other users with the help of modified walkie-talkies or homemade devices.

Apart from that, phone cards for public phone-boxes are faked or manipulated. These manipulations can easily be effected in countries

where only magnetic strip systems are used. In other countries as in, e.g., Germany, the telephone companies use phone cards with integrated chips which are especially secured against "recharging" by hardware protections. However, German youths are currently working on a copy of phone cards. They decode the signals of the cards with adapter cables and small computers and then simulate the signals with their own "intelligent" cards. According to reliable sources, the first successful "copying" of a phone card with integrated chip which can be recharged after using it is said to have been completed in Germany in 1994. This card could therefore be used permanently.

Against the background of these forms of misuse one could foresee that the use of the telephone network for the accounting of services had to lead to a new wave of manipulations in the 1990s. In Germany, especially the "sex telephones" and "party lines" were used for this purpose, which can be called under the area code of 0190. Out of the 1.15 DM per minute to be paid to Deutsche Telekom, 52% remain with Deutsche Telekom whereas 48% go to the providers of the sen/ices (where they are divided between the provider of the service and the provider of the content); for foreign numbers, the revenue per minute amounts to over 3 DM. The perpetrators set up - partly with the help of specialized agencies - corresponding service numbers which were then called at the expense of Deutsche Telekom and of some clients by young telephone hackers who shared the profits. In doing this, they used the whole range of possibilities of misuse described above. Moreover, Deutsche Telekom got harmed worst when whole private offices were rented for the exclusive purpose of calling chargeable service numbers during a two-month period with the help of numerous (in a particular case up to 400) telephone connections and by using telephone computers before Deutsche Telekom claimed the outstanding invoices. Employees of Deutsche Telekom also misused telephone connections not yet given to clients by switching off the meter. Furthermore, clients of Deutsche Telekom were also charged when so-called "dialers" (i.e. electronic dialing machines, about the size of a cigarette box and distributed at 150 DM) were arbitrarily connected to some switchboxes, local telephone exchanges or wires, which called pre-programmed numbers especially at night at the expense of the affected telephone connection.

The first larger inquiries of telephone misuses were carried out in Germany in March 1994, when the apartments of 60 suspects were searched in nine German regions at the same time and four persons were arrested. In December 1994 and in January 1995 further searches were carried out at the request of the state attorney's office of Cologne (among others the head office of Deutsche Telekom at Bonn was searched) and some arrests because of financial manipulation in the field of service numbers were

made. Two employees of Deutsche Telekom were arrested who are suspected of having collaborated with foreign organized groups of criminals. It is estimated that more than 80% of the turnovers off all sex- phones result from such manipulations. According to their own reports some youths obtained monthly commissions of more than 100,000 DM. The total damage for Deutsche Telekom and its harmed clients is estimated at more than 100 million DM for 1994.

2. Computer Sabotage and Computer Extortion

a) Today in the field of computer sabotage, a similar "popularization" as in the field of computer manipulations occurs: Beside the formerly predominant major cases of sabotage which only rarely appear in the today's statistics, there are massive damages to personal computers caused by virus programs and worm programs. These programs are spread especially through illegally copied software or in networks, and therefore constitute a considerable share of the total number of computer crimes.

Computer viruses are programs which spread in other programs of a computer system and - possibly with a delay of time - often cause damages. The number and the variety of viruses in circulation have increased in recent years. In some cases, the original software as issued by the producing company was already infected with a virus.

While viruses only spread in "host programs", worm programs attack foreign computer systems independently. Widely known became the "Internet-worm" of an American student, which blocked approx. 6,000 computers of the Internet network within a few days in 1988.

The above mentioned merging of computer and telecommunication systems leads to the fact that acts of sabotage are increasingly being directed against telephone lines and other data lines. In the field of computer sabotage, the same development as in the sphere of the above mentioned manipulations and in the cases of hacking and espionage which are to be examined in more detail below) is occurring.

The latest example for sabotage in the field of data lines is an attack on the network of Deutsche Telekom in February 1995: The offenders cut seven underground glass fibre cables and thus interrupted approx. 7000 telephone and data lines around Frankfurt/Main airport. In a letter a group called "Keine Verbindung e.V." claimed responsibility and declared that they had wanted to disturb the deportation of persons seeking political asylum.

 

 

 

 

 

 

 

 

 

 

 

 

 

Компьютерное  преступление

 

Компьютерное преступление и преступно информационный закон - относительно молодое явления. Первый исторический анализ указывает, что каждая новая разработка компьютерной технологии сопровождалась соответствующей адаптацией преступления так же как законодательные изменениями. Краткий обзор - использование примера Германии - иллюстрирует эту адаптацию закона о преступлении и информации к новым информационным технологиям, это также указывает, что этот процесс начался постепенно сначала, но тогда продолжился в увеличивающемся темпе:

- С начала 1950-ых компьютеры были введены в промышленности и правительстве, чтобы управлять обычными процессами. Уже позже в 20 годах после этого первые случаи компьютерной манипуляции, компьютерного саботажа и компьютерного шпионажа стали известными. Только в 1986 немецкий законодательный акт, реагирует со Вторым законом для Предотвращения Экономического Преступления.

- С другой стороны, массовая обработка анкетных данных в электронных банках данных с 1960-ых была вскоре расценена как опасность для частной жизни. В Германии первый закон, который принимал это во внимание, был подписан в 1970.

- Открытые сети 1970-ых вскоре привело к соответствующему неправильному употреблению в форме "взламывания", которое Законодательный Комитет немецкого Парламента мог рассмотреть во Втором законе для Предотвращения Экономического Преступления в 1986.

- Массовое явление пиратства программ приходило одновременно с распространением персональных компьютеров в 1980-ых, вынуждая законодателя выполнить различные меры по реформе с 1985 вперед.

- Использование банкоматов в 1980-ых, также, немедленно сопровождалось новыми способами кодовых взломанных пластиковых карт, которые уже представляли уголовные преступления из-за реформ Второго закона для Предотвращения Экономического Преступления.

- Сегодня, электронные почтовые услуги, почтовые ящики, ISDN ((Integrated Services Digital Network) — цифровая сеть с интеграцией обслуживания.) так же как развитие тесных связей между обработкой данных и телекоммуникацией используются неонацистскими группами, преступниками в области экономического преступления и организованных преступников: Компьютерная технология и телекоммуникация не только стали частью общей жизни, но также и общего преступления. Произошло то, что эти новые технологии, вызвалиизменения в процессуальном, которые будут касаться не только традиционных компьютерных нарушений, но и всех видов преступления. Начиная с этого исторического факта первая часть этого текста даст краткий обзор соответствующим формам нарушений и изменений в компьютерном преступлении. Вторая часть представит соответствующими редакциями закона. Третья часть просит изменение парадигм и будущие перспективы юридического развития. В конце анализ покажет, что множество связанных с компьютером нарушений привело к четырем волнам определенных для компьютера законов о реформе во всех странах, которые отмечены коренными изменениями нашего общества.

 

1. Текущие Формы Нарушений

 

В большинстве  стран дискуссия о неправильном употреблении компьютера началась в 1960-ых с угрозы частной жизни, которая была обсуждена под модным словечком "защиты данных" и не была сначала замечена как часть "компьютерного преступления" (см. инфра A). В 1970-ых, научное исследование сконцентрировалось на определенных для компьютера экономических преступлениях, особенно компьютерные манипуляции, компьютерный саботаж, компьютерный шпионаж и пиратство программного обеспечения (см. инфра B). Дальнейшее исследование продемонстрировало быстро, что - наряду с прогрессом информационной технологии в новые области жизни - преступники могут использовать компьютеры для почти всех нарушений и что - с феноменологической точки зрения - гомогенное компьютерное преступление больше не существует (см. инфра C). Сегодня изменения и дифференцирования, которые характеризуются особенными новшествами телекоммуникационной технологии, являются устанавливаемыми во всех упомянутых областях.