While estimates of losses from the use of computers to commit crimes vary from a few hundred million dollars to billions of dollars, there is little doubt in the law-enforcement community that computer crime is on the rise.
"It's increasing naturally, and the more computers there are out there, the more potential there is to use one [to commit a crime]," said Alan Benitez, a special agent with the California Department of Justice who specializes in computer crime investigations. "There are many ways to use a computer, and many ways to misuse one."
"I think the problem is growing a lot faster than the criminal justice system can handle it," said Gary Cooper, executive director of Sacramento, Calif.-based Search, a nonprofit law-enforcement research organization. "I don't think we understand it or know the extent of the problem."
Computers can be a target, facilitator or tool for illegal activity. Crimes being committed using computers include embezzlement, trade-secret theft, fraud, and child pornography trade and possession. While the crimes themselves are nothing new, the way they are committed is.
COMPUTERS MAKE IT EASIER
Computer-based crime can be executed more easily and more anonymously than was possible even a few years ago. An employee can shift company money to his personal accounts more easily with networked computers than with pencil and paper accounting systems and stand-alone computer terminals because discrepancies are often difficult to trace to a particular person. Tracks can also be covered up by clever criminals who don't even have to go to a bank to commit robbery - they can do it online. Criminals often have another advantage - companies don't realize how vulnerable they are, and security systems are often inadequate for thwarting both internal and external threats.
But the major threats to companies is from the inside. Because employees know how particular systems work, and have access to passwords and other information, they are usually the people most capable of breaching security measures.
In some areas, such as Silicon Valley, theft of trade secrets is the biggest white-collar crime problem. "In dollar loss, the biggest [crime] is employees walking off with a program," said Julius Finkelstin, a Santa Clara County, Calif., deputy district attorney who prosecutes high-tech crime.
Disgruntled employees, for example, can pull off an inside job and walk out with a soon-to-be-released software program, ruining a company. Audit trails are placed on many systems, such as those in a bank or accounting firm, but there are ways around them. And the employee is often the one who knows best how to operate a company's computer systems and gain access to data and money.
Document fraud is also on the rise, said Bill Spernow, a computer crimes specialist with Search. In a multimillion dollar fraud case involving theft from a pair of California banks last year, for example, thieves used desktop publishing software and equipment to create false payroll checks. The system, including software, was turnkey, and copies of it may exist and be in use elsewhere, Spernow said.
DIFFICULT INVESTIGATIONS
Investigating an alleged computer crime can be much different from other types of cases. One reason for the difference is that large networks often don't have a physical location, unlike a typical bank robbery or murder.
With an armed robbery, location is easy. But criminals operating online can use anonymous forwarding of messages and data to prevent the data from being traced to its origin. And once an illegal act - such as embezzlement - occurs on a network, the perpetrators can vanish easier than if they had to escape an area through an airport or train station.
Another issue with computer crime is that location - and even jurisdiction - can be called into question. With pornography, for example, community standards define what is obscene. The legal question when porno is traded online can boil down to which community standard - the sender's or the receiver's - is used to define obscene.
TIME-CONSUMING INVESTIGATIONS
Investigating a computer-based crime normally takes much longer than other types of investigations. Computer crimes are called paper cases because the record - whether a database or piece of paper - becomes the witness and cannot be cross examined.
"They are put together tediously," said Bob McKenna, chief of the economic crimes division of the Suffolk County, Mass., District Attorney's Office. "They are time consuming to put together, and you need people who know [technology] to put it together."
Investigating computer-based crime can be costly, and law enforcement normally doesn't have the resources. "Crime against people takes priority," Benitez said. "When a company comes in and says they lost money and need our help, they are probably real low on the list" compared with response to a violent crime victim. "It is a question of how much time an agency wants to pursue a case," he said.
TRAINING AND SPECIAL UNITS
The law-enforcement community is responding to computer crime in several ways. Several groups, including Search, the Portland, Ore.-based International Association of Computer Investigative Specialists, and the Brunswick, Ga.-based Federal Law Enforcement Training Center, conduct classes and seminars getting investigators up to speed on technology, procedures for securing evidence and interrogating suspects, among other matters.
Another response is the formation of computer crime units to handle the investigating and prosecuting of computer-based crimes. The Santa Clara County, Calif., District Attorney's Office has had a unit for investigating and prosecuting high-tech crimes for about 10 years, and the San Jose, Calif., Police Department has a couple of officers in a high-tech crimes unit. The U.S. Justice Department also has units, as do many states, to investigate computer crime.
The law enforcement community is taking a shot at dealing with computer crimes, but is far from the point where it can be said to be on equal footing with its adversaries. A good analogy to the current situation is the introduction of the automobile to crime earlier this century. It took law enforcement some time to develop responses to bank robbers using cars rather than horses to escape a crime scene.
"We're just not used to it," Benitez said. "Law enforcement is set up for responding to a robbery at a residence."
Another problem with investigating and prosecuting high-tech crime is that victims are often reluctant to come forward. Executives at a defrauded company may not want the stock-buying public to know about a theft, or may hesitate to go to trial on a trade secrets case because proprietary information about the company may be made public.
WORKING IT OUT
While training officers and forming special units in some police and sheriff departments should make life more difficult for criminals, getting law-enforcement resources allocated to this phenomenon may not be forthcoming in the near future.
The impact of training has been "very positive," said Spernow. "But the problem now is that these cases are labor intensive." An investigator may only work on one high-tech case in a week, while other, less complex types of investigations generally don't take as much time and effort.
It may take a catastrophic event before a comprehensive response to computer crimes matches the problem, Spernow said. A scenario such as someone hacking into and interfering with the Federal Aviation Administration's air traffic control networks, for example, could cause society to rethink the importance of investigating computer crime and cause more resources to be spent on responding to it. "Now, we're just managing to keep up with what's going on," Spernow said.
