3:49 AM
TOPIC
CYBER CRIME
MASTERS OF LAWS IN INFORMATION AND
COMMUNICATION TECHNOLOGY LAW– (LL.M - ICT LAW)
WHO? REHEMA E. UROKI
QUESTION
What did you understand by Cyber Crimes? Analyse with supported
authorites.
1
TABLE OF CONTENTS 1. INTRODUCTION.......................................................................................3
2. MAIN BODY OF THE STUDY PAPER...............................................................4
3.
COMMITTING CYBER CRIMES INVOLVES THE
FOLLOWINGS...........................7 3.1 Unauthorized Access to
computer systems
(hacking)....................................................7 3.2
Unauthorised use by authorized
user.........................................................................9
3.3 Unauthorised modification of computer data or
program.............................................10 3.4 Denial of
service (DoS)
attacks................................................................................10
3.5 Computer Invasion of
Privacy..................................................................................11
3.6. Misuse of computer system
data..............................................................................11
3.7 Unauthorized Use of a Computer, Computer System, or Computer
Network...................11 3.8 Harmful Content
Crimes........................................................................................12
3.9 Online
Pornography.............................................................................................13
3.10 Online
harassment..............................................................................................13
3.11 Cyber
terrorism..................................................................................................13
4.
THE DIFFERENT TYPES OF CYBER CRIMES
...............................................13 4.1 Common Types of
Cyber
Crime.....................................................................13
4.1.1
Fraud..................................................................................................14
4.1.2 Computer
Trespassing..............................................................................14
4.1.3 Hardware
Hijacking.................................................................................14
4.1.4 Bullying, Harassment, And
Stalking..............................................................15
4.1.5
Spam...................................................................................................15
4.1.6 Information
Warfare................................................................................15
4.1.7
Piracy..................................................................................................16
5.
IMPORTANCE OF STUDYING AND UNDERSTANDING CYBER LAW...................16
5.1. Need and Importance of Cyber
Law...............................................................16
6. PERSONAL ASSESSMENT..........................................................................18
7.
WHAT TO DO FOR THIS CYBER
CRIMES......................................................21 7.1
Enactment of cyber
laws.........................................................................................21
7.2 Law makers must continuously respond to cyber
crimes...............................................21 7.3 Coordination
and
cooperation..................................................................................21
7.4 Training of the Judges, Lawyers and law
enforcers......................................................22 8.
CONCLUSION..........................................................................................22
9.
BIBLIOGRAPY.........................................................................................23
2
CYBER CRIME
1. INTRODUCTION
The past several decades have brought a vast increase in the availability of electronic resources.
With this increased availability has come a new form of criminal activity that takes advantage of
electronic resources, namely cyber or computer crime. Currently, these new forms of crime are
burgeoning and pose a new and lasting challenge to law enforcement agencies at all levels in
how to prevent, investigate, and prosecute these crimes. Law enforcement agencies from the
local to the federal level are beginning to institute specific units devoted to handling computer-
related offenses, but there does not currently exist a uniform method to define, explain or, and
address cyber or computer crime.
Crime is an act of commission or omission which is prohibited by the law of the land, Cyber
refers
to a computer or computer system, or a computer network, the electronic
medium in which online communication takes place1, Computer refers to
an electronic, magnetic, optical,
electrochemical, or other data processing or communications device, or grouping of such
devices, capable of performing logical, arithmetic, routing, or storage functions and which
includes any storage facility or equipment or communications facility or equipment directly
related to or operating in conjunction with such device. It covers any type of computer device
including
devices with data processing capabilities like mobile phones, smart
phones, computer networks and other devices connected to the internet2.
NOW: Cyber-Crime is the latest
category of the crimes by wire added to such a list of crimes. Though, many time dangerous and
affect millions of people in a matter of seconds, the fast changing nature of technologies
associated with it makes it the most difficult area of human behaviour to be controlled by law.
Though
cyber crimes travels Trans border to hit its victims, the most striking
drawback of the cyber law scenario is the absence of a set of all
encompassing set of cyber-laws.3
1TITLE
7, COMPUTER CRIMES, CHAPTER 33, section 33.01 (3) 2 Manila, M., Monday
the Twenty-fifth day of July two thousand eleven. [ Republic Act No.
10175 ], pg. 6 3 Dr. Baharul K. M., e-Commerce: Laws and Cyber Crimes.
In Road Map Towards a Cyber Crime Deterrent Mechanism (ed.), SAN,
Guwahati, India CEO, South Asia, 2008, pg.3
3
Cyber
crimes are a crime involving the use of a computer, such as sabotaging
or stealing electronically stored data4. The terms “Cyber crimes,”
"Computer crimes", "Information
Technology crimes," and "High-tech crimes" are often used inter-changeably to means the same.
Cyber crimes has sometimes been referred to as crimes committed using computer technologies
or using information technology such as phishing, hacking, spoofing attacks, defacement attack, data theft and payment fraud.5
2. MAIN BODY OF THE STUDY PAPER
There are many ways of defining cyber crimes or computer crime and for the purpose of this
study paper, different authors, articles, journals, research papers, conferences, cases,
organisations, meetings, departments, class studies, paper presentations, online or internet
materials and different books explains and give the following meanings of cybercrime;
The general heading of computer crime can potentially cover an array of offenses. By examining
several existing definitions of computer crime, as well as elements suggested as essential to a
uniform definition, a better understanding of what computer crime entails will be created. Some
have defined cyber crime as any offense that uses or somehow involves a computer. The U.S.
Department of Justice (DOJ), in its manual on computer crime has defined cyber crime as
“...any violation of the criminal law that involves the knowledge of computer technology for its
perpetration, investigation, or prosecution.” Understandably, critics have been quick to indicate
that
while this definition may encompass computer crimes, it doesn’t
necessarily exclude other forms of crime6. Similarly, definitions such
as the one utilized by the Business Software
Alliance, a public education and awareness organization, may be too restrictive. They classify
computer crime as illegal activities that make use of electronic systems as a means to affect the
security of computer systems and computer data. The organization delineates this from
computer-related offenses, which simply use or are related to computer resources.
4
Bryne Garner, Black's Law Dictionary, 8th Edition, New York: Amazon,
2004, P. 1120 5 Adam J. Mambi, ICT Law Book: A Source Book for
Information & Communication Technologies and Cyber Law, (Tanzania:
Mkuki na Nyota Publishers LTD, 2010), P. 177 6 Goodman, M. “Making
Computer Crime Count”. FBI Law Enforcement Bulletin, August 2001: p.
10-17.
4
Cyber crimes (Computer Crimes, e-crimes) refer to criminal activity that involves the use of a
computer and the internet. These crimes cover a very large and diverse range of offenses.
Computer-related and content-related crimes, Computer used as an instrument (or a storage
device) this includes Fraud, sale of illegal goods, illegal gambling, intellectual property and child
pornography. Also other types include data-related crimes, including interception, modification,
and theft; network-related crimes, including interference and sabotage; crimes of access,
including
hacking and virus distribution; and associated computer-related crimes,
including aiding and abetting cyber criminals, computer fraud, and
computer forgery7.
The U.S. Department of Justice expands the definition of cybercrime to include any illegal
activity that uses a computer for the storage of evidence. The growing list of cybercrimes
includes crimes that have been made possible by computers, such as network intrusions and the
dissemination of computer viruses, as well as computer-based variations of existing crimes, such
as identity theft, stalking, bullying and terrorism.
Additionally; Cyber crime refers to any crime that involves a computer and a network
8
. The computer may have been used in the commission of a crime, or it may be the target9. Cyber
crimes are defined as: "Offences that are committed against individuals or groups of individuals
with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental
harm to the victim directly or indirectly, using modern
telecommunication networks such as Internet (Chat rooms, emails, notice
boards and groups) and mobile phones (SMS/MMS)".10 Such crimes may
threaten a nation’s security and financial health.11 Issues surrounding
this type
of crime have become high-profile, particularly those surrounding cracking, copyright
infringement,
child pornography, and child grooming. There are also problems of
privacy when confidential information is lost or intercepted, lawfully
or otherwise12.
7Adam
J. Mambi, ICT Law Book: A Source Book for Information &
Communication Technologies and Cyber Law, (Tanzania: Mkuki na Nyota
Publishers LTD, 2010), P. 177- 8 Moore, R. "Cyber crime: Investigating
High-Technology Computer Crime," Cleveland, Mississippi: Anderson
Publishing. 2005 9 Warren G. Kruse, Jay G. Heiser. Computer forensics:
incident response essentials. Addison-Wesley, 2002 p. 392 10Halder, D.,
& Jaishankar, K. Cyber crime and the Victimization of Women: Laws,
Rights, and Regulations. Hershey, PA, USA: IGI Global , 2011 11 Internet
Security Systems, March-2005 12 Ibid
5
Cyber
crime is crime committed with the use of computer or relating computer
especially through internet.13 An offence connected with information
technology is amount to cyber crime.14 Any illegal act for which
knowledge of computer technology is essential is cybercrime.15 Any
unethical of unauthorised behaviour relating to unauthorized processing
and transmission of data is cybercrime.16 Additionally, cyber crime also
includes traditional crimes
conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud,
identity
theft, and credit card account thefts are considered to be cyber crimes
when the illegal activities are committed through the use of a computer
and the Internet17.
Other definitions have employed limitations to a broad definition to more narrowly define the
term. The working definition for the National Institute of Justice was created by incorporating
the idea that computers can be used as the means to commit a crime, be the target of the offense,
or act as a storage receptacle for the offense. Using these parameters, they defined computer
crime
as offenses committed in an “electronic environment” for economic gain
or to cause damage or harm to others18. An additional definition has
utilized existing criminological theory
to clarify what is meant by computer crime. Gordon and colleagues adapted Cohen and
Felson’s Routine Activities Theory – which says crime occurs when there is a suitable target, a
lack of capable guardians, and a motivated offender – to determine when computer crime takes
place. In their interpretation, computer crime is the result of offenders “...perceiving
opportunities to invade computer systems to achieve criminal ends or use computers as
instruments of crime, betting that the ‘guardians’ do not possess the means or knowledge to prevent or detect criminal acts.”19
A number of sources highlight important elements they believe essential to defining computer
crime. Examining these suggested elements and considering them in a unified context would be
beneficial in the creation of a uniform definition of computer crime. As defined by the
13
J. B. Schneewind, Samuel Pufendorf, in The Cambridge Dictionary,
University press ,1995, p.664 14 Council of Europe Recommendations 1989
15 Criminal Justice Resource manual 1978 16 OECD Recommendations 17 17
Internet Security Systems, March-2005 18 U.S. Department of Justice,
National Institute of Justice Research Report. Electronic Crime Needs
Assessment for State and Local Law Enforcement. National Institute of
Justice, March 2001. 19 Gordon, GR, Hosmer, CD, Siedsma, C, Rebovich D.
Assessing Technology, Methods, and Information for Committing and
Combating Cyber Crime. http://www/ncjrs.org/pdffiles1/nij/grants/198421,
(accessed 3 November 2004).
6
California
Penal Code, those who “...knowingly and without permission uses or
causes to be used...” any element of a computer or its service can be
held liable of committing an offense.20
In outlining computer crime, the inclusion of an element that clearly describes the unauthorized
use of computer resources is a reasonable first step. Additionally, a uniform definition should be
comprehensive enough to cover the different roles a computer may take in the offense, be it the
target
of the offender, the instrument used to commit the offense, or simply
incidental to the crime21. The definition should also be designed to
protect and indicate violations of the confidentiality, integrity and
availability of computer systems22. Thus, it should safeguard
against unauthorized access to computers and the data stored on them, not allow that data to be
altered, and ensure it remains fully accessible and properly functioning when needed by the
authorized user.
Using these parameters, the uniform definition for computer crime should clearly outline what
constitutes an offense. Compiling these resources leads to the following working definition that,
using or causing the use of a computer resource for the purpose of illicitly gaining goods, or
resources, or causing harm to another entity. The definition should be flexible enough to apply to
situations where the computer resource is the instrument of the perpetrator, the victim, or
auxiliary to the crime. The definition should also be adaptable to the rapidly changing face of the
digital world.
3. COMMITING CYBER CRIMES INVOLVES THE FOLLOWINGS
3.1 Unauthorized Access to computer systems (hacking)
Unauthorized access is a prerequisite to many forms of cyber or computer crimes. This form of
crime amounts to electronic intrusion, or gaining access to resources via a computer resource
without permission. Unauthorized access may occur both on individuals’ personal computers, as
well as in the workplace. One major form of unauthorized access is known as hacking. Hacking
is “...the act of gaining unauthorized access to a computer system or network and in some cases
20National
Security Institute. General Statutes of Connecticut (accessed 15
October 2004). 21Gordon, GR, Hosmer, CD, Siedsma, C, Rebovich D.
Assessing Technology, Methods, and Information for Committing and
Combating Cyber Crime. http://www/ncjrs.org/pdffiles1/nij/grants/198421.
(Accessed 3 November 2004). 22 Goodman, M. “Making Computer Crime
Count”. FBI Law Enforcement Bulletin. August 2001:10-17.
7
making unauthorized use of this access.”23As stated previously, unauthorized access may be a
gateway
to commit other offenses. An instance of unauthorized access recently
investigated by the Federal Bureau of Investigation involves United
States /Alexey V. Ivanov,24 who was
charged with computer intrusion, computer fraud, and extortion, among other things; it is
relatively easy to define the universe of individuals who lack any authorization to access a
computer. When someone from this group of people accesses the computer, the access is
necessarily “without authorization” for purposes it held inter alia that;
Those
charges stemmed from the activities of IVANOV (sic) and others who
operated from Russia and hacked into dozens of computers throughout the
United States, stealing usernames, passwords, credit card information,
and other financial data, and then extorting those victims with the
threat of deleting their data and destroying their computer systems.25
As can be seen in this case, unauthorized access to computer resources
was a charge in itself, as well as a method to commit larger more
elaborate computer-related crimes.
The case of McKinnon v Government of the USA and another26 he accessed 97 US Navy,
Army, NASA and Pentagon computers, and he was liable for cyber crime due to unauthorised
access to computer systems (Hacking). In South Africa, under s.86 (1) ECTA; Intentional
access or interception of any data in the computer system without authority or permission is
prohibited.
A person commits a “cyber crime” when he or she: Accesses a computer system without
authorization, accesses or uses a computer system to obtain unauthorized computer services
(including computer access, data processing, and data storage), intentionally or recklessly
disrupts, degrades, or causes disruption or degradation of computer services or denies or causes
denial
of computer services to an authorized user, or intentionally or
recklessly tampers with, takes, transfers, conceals, alters, or damages
any equipment used in a computer system.27
23
Rushinek, A, Rushinek, SF. “Using Experts for Detecting and Litigating
Computer Crime”. Managerial Auditing Journal. 8.7(1993):19-22. 24 175 F.
Supp. 2d 367 (D. Conn. 2001) 25 Department of Justice, 2003 26 [2008]
UKHL 59 27 Christopher Reinhart, Chief Attorney; Penalties for Computer
Hacking, June 28, 2012
8
3.2 Unauthorised use by authorized user
Unauthorised
use by authorized user of computer system was held in the case of R V
Douvenga,28 In this case, the Court had to decide whether an accused
employee GM Douvenga
of Rentmeester Assurance Limited (Rentmeester) was guilty of a contravention of section 86(1)
which (read with sections 1, 51 and 85) of the ECT Act. It was alleged in this case that the
accused, intentionally and without permission to do so, gained entry to data which she knew was
contained in confidential databases and or contravened the provision by sending this data per e-
mail to her fiancée (as he then was) to keep. The accused was found guilty of contravening
section
86(1) of the ECT Act and sentenced to a R1 000 fine or imprisonment for
a period of three months29. It follows that the crime commonly known
Hacking has now been entrenched in
our
law in section 86 (1) of the ECT which makes any unlawful access and
interception of data a criminal offence. United States V. John,30
(“Access to a computer and data that can be obtained
from
that access may be exceeded if the purposes for which the access has
been given are exceeded.” EF Cultural Travel Bv V. Explorica31,
(defendant exceeded authorized access by
disclosing
computer data in violation of confidentiality agreement). Motorola,
Inc. v. Lemko Corp,32 (“Allegations that an employee e-mailed and
downloaded confidential information for
an improper purpose are sufficient to state a claim that the employee exceeded her
authorization.”)
Some of cases further suggest that such a breach can occur when the user decides to access the
computer
for a purpose that is contrary to the interests of the authorizing
party. Example, Citrin,33 (defendant’s authorization to access computer
terminated when he resolved to destroy employer’s files); Vichip Corp.
V. Lee,34 (same); Ncmic Finance Corp. V. Artino,35“The
determinative
question is whether Artino breached his duty of loyalty to NCMIC when
Artino obtained information from NCMIC’s computers.”). DPP v Bignell36,
Police officers obtained
access to data for private purposes, and in the court of law it was held inter alia that; No crime
28 District Court of the Northern Transvaal, Pretoria, case no 111/150/2003, 19 August 2003,unreported 29
(Geredal,
2006, p.282) 30 597 F.3d 263, 272 (5th Cir. 2010) 31 274 F.3d 577,
582-83 (1st Cir. 2001) 32 609 F. Supp. 2d 760, 767 (N.D. Ill. 2009) 33
440 F.3d at 420 34 438 F. Supp. 2d 1087, 1100 (N.D. Cal. 2006) 35 638 F.
Supp. 2d 1042, 1057 (S.D. Iowa 2009) 36 (1998) 1 Cr App R 1
9
was
entitled to authorize use to gain access to data. R v Bow Street
Magistrates’ Court, ex p Allison37; Authorized access to certain data
but this enabled access to other data, does not reject
DPP
v Bignell. Authorization not only relates to type of data but also to
type of access (i.e. purpose of access) as United States v Czubinski38,
Accessed IRS records of friends and family
because of curious, and he was Not guilty of fraud because he did not make any gain.
3.3 Unauthorised modification of computer data or program
This includes impairing the operation of a computer preventing or hindering access to any
program
or data held in a computer, impairing the operation of a program or the
reliability of the data39, example, cracking, computer viruses and
malware. In s. 86(2) ECTA, South Africa;
Criminalizes the intentional and unauthorised modification or destruction of data to the computer
system.
Must data be rendered ineffective due to the modification? R v Whitaker
Scunthorpe Magistrates’ Court40, Developer (owner of the IPRs in the
software) initiated a logic bomb and
prevented access. Would have been permitted if it had been explicitly provided for in the
contract; Goulden
41
; G installed a security package which prevented access without use of a
password, and he was guilty of s.3 by the offence committed in the computer system. S.87 (1)
ECTA shows Computer-related extortion and Performance of s. 86 of act or threat to do so with
intent to obtain unlawful proprietary advantage.
3.4 Denial of service (DoS) attacks
A denial of service attack is a targeted effort to disrupt a legitimate user of a service from having
access to the service. This may be accomplished through a number of methods. Offenders can
limit or prevent access to services by overloading the available resources, changing the
configuration
of the service’s data, or physically destroying the available
connections to the information.42 Crimes of this type have been
perpetrated against major online entities, such as
Yahoo.com, eBay.com, CNN.com, and Buy.com. In these crimes, offenders most often attempt
37
[1999] 4 All ER 1 38 106 F.3d 1069 (1stCir. 1997) 39 S.3 UK Computer
Misuse Act 1990 40 1993 41 (The Times, 10 June 1992) 42 CERT. Denial of
Service Attacks, http://www.cert.org/tech_tips/denial_of_service.html
(accessed 22 November 2004).
10
0 comments:
Post a Comment