As the Internet has expanded, so has its misuse. So-called cyber-criminals roam the virtual world largely at will, committing such crimes as unauthorized access or "hacking", fraud, computer sabotage, drug trafficking, dealing in child pornography, and cyberstalking.

 
    Computer criminals are as diverse as the offences they commit. They may be students, terrorists or members of organized crime. For economic crimes, such as fraud or stealing information, the biggest category is in-house employees, who commit over 90% of these offences, according to the 1997 UN Manual on the Prevention and Control of Computer-Related Crime.

 
    Cyber-criminals can zoom across international borders undetected, hide behind countless "links" or simply vanish, leaving no paper trail. They can route communications through or hide criminal evidence in "data havens"-- countries lacking the laws or expertise to track them down.

 
    In an effort to curb this growing threat, a special workshop will be held at the United Nations Tenth Congress for the Prevention of Crime and the Treatment of Offenders in Vienna, 10-17 April. The workshop, organized by the Tokyo-based UN Asia and Far East Institute for the Prevention of Crime and the Treatment of Offenders (UNAFEI), under the auspices of the UN Centre for International Crime Prevention (CICP), will focus on global cooperation to investigate and prosecute computer crime.

 
    "This workshop is intended to serve as a forum for sharing information about such things as investigative techniques and computer crime laws between countries with a wide range of experience, expertise and approaches to the problem", said Christopher Ram, Crime Prevention Officer (Computer Crime) at the CICP.

 

Hacking, sabotage and stalking

 
Hacking into unauthorized sites with the help of sophisticated techniques to mimic passwords or bypass other security measures has become a popular cyber offence. Once they have access, hackers may plant viruses, post insulting messages or steal valuable data, including credit card information and company secrets.

 
    Consumers lose about $500 million per year to hackers stealing credit card and calling card information from online accounts, according to recent estimates. These card numbers may be sold for sizeable amounts to counterfeiters, who use special programmes to encode them on credit and bankcard magnetic strips, the UN Manual notes.

 
    Other cyber-criminals may sabotage computers to gain an economic advantage over competitors or threaten to damage systems for extortion purposes. Offenders tamper with data or operations directly or use so-called "worms" and "viruses", which can stop systems completely or wipe out data on a hard disk. Randomly targeted computer viruses that originally passed from one computer to another via  "infected" diskettes are now also transmitted through networks, often concealed within e-mail messages or programmes "downloaded" from the Internet.

   Europe experienced its first known use of a virus to extort money in 1990, when the medical research community was threatened with a virus that would destroy increasing amounts of data if no ransom was paid for the "cure".

 
    E-mail is also used by cyberstalkers, who send threatening messages to others, especially women. Estimates suggest that about 200,000 people stalk someone each year, as reported in Cyberstalking: Crime, Enforcement and Personal Responsibility in the online World, a 1996 book by Barbara Jenson.

 
    One North American woman was stalked for several years via e-mail by an unknown person who threatened to kill her, rape her daughter and display her home address to others on the net, according to Ms. Jenson.

 
    Offenders have also used e-mail and Internet "chatrooms" to seek out vulnerable prey. For example, pedophiles have won the trust of children online and then set up real-life meetings aimed at exploiting or abducting them. According to the U.S. Department of Justice, Internet pedophilia is rising.

 
    In addition to raiding private web pages, criminals may open their own sites to defraud customers or sell forbidden goods and services, such as weapons, drugs, unprescribed or unregulated medicines and pornography.

 
    CyberCop Holding Cell, an online complaint service, recently warned about a classified auto ad service on the Internet. For a flat fee of $399, the service would put a description of the customer's auto on a web page and provide a money-back guarantee if the vehicle failed to sell within 90 days.

 
    Several customers’ cars advertised on the web page failed to sell during this period, but they could then find no one from the ad service to give them a refund, CyberCop reported. The web site for this "service" has since closed down.

 

Catching cyber-criminals

 
As cybercrime has mounted, many nations have passed laws outlawing new phenomena, such as hacking. Or they have upgraded old legislation to make traditional crimes, including fraud, vandalism or sabotage, illegal in the virtual world.

 
    Singapore, for example, recently amended its Computer Misuse Act (CMA), according to CNET Singapore. Penalties are now more severe for anyone tampering with "protected computers" -- those linked to national security, banking and finance as well as emergency and public services -- as well as for unauthorized entry, modification, use or interception of computer material.

 
    Some nations have specialized groups to track down cyber-criminals. One of the oldest is the U.S. Air Force Office of Special Investigations, which was set up in 1978. Another is the Australian Internet Investigators, made up of law enforcers and individuals with advanced computer skills. The Australian group gathers evidence and passes this to appropriate law enforcement agencies in the state where the crime originated.

 
    Despite these and other efforts, law enforcers still face several cyber problems. Key among them is that these offences can easily cross borders, making investigating, prosecuting and punishing offenders a jurisdictional and legal headache. And once offenders have been found, officials must then decide whether to extradite them for trial elsewhere or transfer evidence -- and sometimes witnesses -- to the place where the crimes were committed.

 
    In 1992, hackers from a European country attacked a computer centre in California. The police investigation was stymied due to lack of  "dual criminality" -similar laws in the two nations banning the behaviour- and this blocked official cooperation, according to the U.S. Department of Justice. Eventually, police from the hackers’ country offered to help, but shortly thereafter the hacking stopped, the trail went cold and the case was closed.

 
    Similarly, the U.S. Naval Criminal Investigative Service and the Federal Bureau of Investigation in 1996 tracked another hacker to a South American country. The hacker was stealing password files and altering log files in military, university and other private computer systems. Many of these contained sensitive research on satellites, radiation and energy-related engineering.

 
    Law enforcers from the South American country searched the hacker's apartment and seized his computer equipment, citing potential violations of that nation's law. But the two nations had no agreement on extradition for computer crimes, although they do for more traditional offences. In the end, the case was resolved only because the hacker agreed to a plea bargain, which led him to plead guilty in the United States.
 

 
Another major hindrance in prosecuting cybercrime is that offenders can easily destroy evidence by changing, erasing or moving it. If law enforcers move more slowly than offenders do, much of the evidence will be lost. Or data may be encrypted -- an increasingly popular way of protecting both individuals and businesses in computer networks.

 
    Encryption may hamper criminal investigations, but human rights may suffer if law enforcers gain too much technical power. Electronic businesses argue that privacy is essential to boost consumer confidence in the Internet marketplace, and human rights groups want protection for the reams of personal data now stored electronically.

 
    Businesses also stress that information could fall into the wrong hands, especially in corrupt countries, if governments can access encrypted messages. "If governments have the key to encrypted messages, this means unauthorized people -outside the government -- could obtain them and use them", said the Chief Executive Officer of a major North American security engineering company.
 

 
Challenges facing law enforcers worldwide point to an urgent need for global cooperation in updating domestic laws, investigative techniques, legal assistance and extradition to keep pace with cyber-criminals. Some efforts have already been made.

 
    The 1997 UN Manual urges nations to harmonize laws and cooperate in combating the problem. The European Working Party on Information Technology Crime (EWPITC) has issued a Computer Crime Manual, which lists relevant laws in different nations and describes investigative techniques as well as ways to search and secure electronic material.

 
    The European Institute for Anti-Virus Research (EICAR) joins universities, industry and the media as well as technical security and legal experts from government, law enforcement and privacy protection organizations to combat computer viruses or Trojan Horses. It is also working to combat computer fraud and the exploiting of personnel data.

 
    In 1997, the G-8 countries adopted a groundbreaking strategy to fight "high-tech" crime. The group agreed to develop ways of quickly tracing computer attacks and identifying hackers, use video links to interview cross-border witnesses and assist one another with training as well as equipment. It also agreed to join forces with industry in setting up bodies to secure computer technologies, develop information systems to pin down network abuse, trace offenders and collect evidence.

 

    The G-8 has now set up contact points that are available to law enforcers 24 hours a day, seven days a week. These points boost another state's investigation by providing vital information or helping with legal matters, such as interviewing witnesses or collecting computer data as evidence.

 
    A major hindrance to setting up a G-8-type strategy at the international level is that some nations lack the technical expertise or legislation that would allow law enforcers to speedily search for evidence in electronic venues -- before it is lost -- or move it to the place where offenders are being tried.

 

Network Nasties
 

Hackers may carry out sophisticated espionage for corporations or on their own, copying trade secrets ranging from technical or product information to marketing strategies.
 

Attacks such as "mail bombings" can send repeated messages to an e-mail address or website, denying legitimate users access to it. The mail influx could potentially overwhelm the receiver's personal account and shut down entire systems. Although a disastrously disruptive practice, it is not necessarily illegal.
 

Intruders could access websites or databases and erase or change data, damaging the data itself and causing further harm if incorrect data is later used for other purposes.
 

Offenders often dupe new and unsophisticated Internet users into revealing their passwords by pretending to be law enforcement officials or agents of the service-provider. Password sniffers use software to identify a user's password, which can then be used to hide their true identities and commit other crimes -ranging from unauthorized use of computer systems to economic crimes, vandalism or terrorist offences.
 

Spoofers use various techniques to disguise a computer to electronically "look" like another, so that access may be gained to a normally restricted system and crimes committed. Famous hacker Kevin Mitnick used spoofing in 1996 to access the home computer of security expert Tsutomu Shimomura, and then distributed valuable security tools on the Internet.
 

Child pornography sent around the world through the Internet is increasing. Over the past five years, convictions in one North American country for transmitting or possessing child pornography have risen from about 100 to 400 per year. Exacerbating the problem are new technologies, such as cryptography, which can be used to conceal pornography and other "offensive" material being transmitted or stored.
 

Electronic gambling has increased as commerce provides ways of establishing credit and transferring funds on the Internet. Problems have arisen in countries where gambling is a crime, or where domestic authorities require licenses. Also, fairness to players cannot be guaranteed, given the technical and jurisdictional hassles of monitoring games.

 
Fraud

Fraudulent offers have already been made to consumers in regions of electronic commerce, such as trading stocks and bonds or buying and selling computer equipment.
 

Electronic commerce is expected to provide a new venue for the electronic transfer of goods or money used to launder the proceeds of crime, especially if transactions can be concealed.
 

Published by the United Nations Department of Public Information

DPI/2088/H March 2000