Electronic Crime

Introduction

In the past decade, computer and networking technology has seen enormous
growth. It is now possible for people all over the world to communicate and
share information from virtually anywhere. This growth however, has not come
without a price. With the advent of the "Information Highway", as it\'s
coined, a new methodology in crime has been created. Electronic crime has been
responsible for some of the most financially devastating victimizations in
society.

In the recent past, society has seen malicious editing of the Justice
Department web page unauthorized access into classified government computer
files, phone card and credit card fraud, and electronic embezzlement. All these
crimes are committed in the name of "free speech." These new breed of
criminals claim that information should not be suppressed or protected and that
the crimes they commit are really not crimes at all. What they choose to deny is
that the nature of their actions are slowly consuming the fabric of our
country\'s moral and ethical trust in the information age.

Federal law enforcement agencies, as well as commercial computer companies,
have been scrambling around in an attempt to "educate" the public on
how to prevent computer crime from happening to them. They inform us whenever
there is an attack, provide us with mostly ineffective anti-virus software, and
we are left feeling isolated and vulnerable. I do not feel that this defensive
posture is effective because it is not pro-active. Society is still being
attacked by highly skilled computer criminals of which we know very little about
them, their motives, and their tools of the trade. Therefore, to be effective in
defense, we must understand how these attacks take place from a technical
stand-point. To some degree, we must learn to become a computer criminal. Then
we will be in a better position to defend against these victimizations that
affect us on both the financial and emotional level. In this paper, we will
explore these areas of which we know so little, and will also see that computers
are really extensions of people. An attack on a computer\'s vulnerabilities are
really an attack on peoples\' vulnerabilities.

Today, computer systems are under attack from a multitude of sources. These
range from malicious code, such as viruses and worms, to human threats, such as
hackers and phone "phreaks." These attacks target different
characteristics of a system. This leads to the possibility that a particular
system is more susceptible to certain kinds of attacks.

Malicious code, such as viruses and worms, attack a system in one of two
ways, either internally or externally. Traditionally, the virus has been an
internal threat (an attack from within the company), while the worm, to a large
extent, has been a threat from an external source (a person attacking from the
outside via modem or connecting network).

Human threats are perpetrated by individuals or groups of individuals that
attempt to penetrate systems through computer networks, public switched
telephone networks or other sources. These attacks generally target known
security vulnerabilities of systems. Many of these vulnerabilities are simply
due to configuration errors.

Malicious Code

Viruses and worms are related classes of malicious code; as a result they are
often confused. Both share the primary objective of replication. However, they
are distinctly different with respect to the techniques they use and their host
system requirements. This distinction is due to the disjoint sets of host
systems they attack. Viruses have been almost exclusively restricted to personal
computers, while worms have attacked only multi-user systems.

A careful examination of the histories of viruses and worms can highlight the
differences and similarities between these classes of malicious code. The
characteristics shown by these histories can be used to explain the differences
between the environments in which they are found. Viruses and worms have very
different functional requirements; currently no class of systems simultaneously
meets the needs of both.

A review of the development of personal computers and multi-tasking
workstations will show that the gap in functionality between these classes of
systems is narrowing rapidly. In the future, a single system may meet all of the
requirements necessary to support both worms and viruses. This implies that
worms and viruses may begin to appear in new classes of systems. A knowledge of
the histories of viruses and worms may make it possible to predict how malicious
code will cause problems in the future.

Basic Definitions

To provide a basis for further discussion, the following definitions will be
used throughout the report;

Trojan Horse - a program which performs a useful function, but also performs
an unexpected action as well;

Virus - a code segment which replicates by attaching copies to existing
executables;

Worm - a program which replicates itself