4 Contemporary Computer Crime
Chapter Outline
•
I. Web-Based Criminal Activity
a. Interference with Lawful Use of Computer
II. Malware
o a. Viruses and Worms
o b. DoS and DDoS Attacks
o c. Botnets and Zombie Armies
o d. Spam
o e. Ransomware and the Kidnapping of Information
III. Theft of Information, Data Manipulation, and Web Encroachment
o a. Traditional Methods of Proprietary Information Theft
o b. Trade Secrets and Copyrights
o c. Political Espionage
IV. Terrorism
o a. Cyberterrorism
V. Neotraditional Crime: Old Wine in New Bottles
o a. Dissemination of Contraband or Offensive Materials
▪ i. Child Pornography
▪ ii. Child Enticement/Exploitation
▪ iii. Online Pharmacies
▪ iv. Online Gambling
o b. Threatening and Harassing Communications
▪ i. Cyberstalking and Cyberharassment
▪ ii. Cyberbullying
o c. Online Fraud
▪ i. Auctions
▪ ii. Online Credit Card Fraud
▪ 1. Skimming
▪ 2. RFID
▪ iii. Web-cramming/ISP Jacking
▪ iv. Fraud via Data Manipulation
o v. Securities Fraud and Stock Manipulation
▪ 1. False Information
▪ 2. Insider Trading
o d. e-Fencing
o e. Fraudulent Instruments
VI. Ancillary Crimes
o a. Money Laundering
▪ i. Process of Money Laundering
▪ ii. Fighting Money Laundering
VII. Conclusions
o
•
•
•
•
•
•
LEARNING OBJECTIVES
After reading this chapter, you will be able to do the following:
•
•
•
•
•
■ Explore the current state of Internet crimes in the United States and abroad.
■ Identify emerging trends in Web-based crime.
■ Develop a working knowledge of the six classifications of motive for modern computer
intruders.
■ Become familiar with more computer terms and recent laws that aid the government in
cracking down on computer criminals.
■ Gain knowledge of modern terrorists and their use of technology which is changing the face
of terrorism completely.
KEY TERMS AND CONCEPTS
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• anonymizer
• Can-Spam Act
• Classical era
• counterfeiting
• credit card fraud
• cyberbullying
• cyberharassment
• cyberstalking
• cyberterrorism
• data diddling
• day trading
• denial of service (DoS) attack
• distributed denial of service (DDoS) attack
• eco-terrorism
• e-Fencing
• erotomaniacs
• extortion
• false information
• finding
• Floppy Era
• forfeiture
• forgery
• fraud
• fraudulent instruments
• freezing
• insider trading
• Internet Era
• IP spoofing
• ISP-Jacking
• love-obsession stalker
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• Macro Era
• macro viruses
• malware or malicious programming code
• money laundering
• NAMBLA
• obsessional stalkers
• ransomware
• salami technique
• shoulder-surfing
• social engineering
• spam
• spamming
• stalking
• Unlawful Internet Gambling Enforcement Act of 2006
• VBS worm generator
• vengeance or terrorist stalker
• vicinage
• W32.Waledac
• Web-cramming
• zombies or bots
WEB-BASED CRIMINAL ACTIVITY
In the dawning hours of the computer age, the term “computer crime” usually referred to the
theft of computers or computer components. This distinction changed dramatically with the
introduction of the cyberage. Increasingly, criminals have targeted a far less tangible
commodity—information. At least 60 million residents of North America have online bank
accounts, and at least one-third of the American workforce, or 50 million individuals, are online.
In addition, big businesses and multinational corporations are increasingly relying on technology
systems and the Internet for the distribution of goods and materials, communication, billing, and
account management. In 2011, e-commerce amounted to nearly $200 billion in the United States
alone. This represents a 16.1 percent increase over 2010 figures.1 It should not be entirely
unexpected, then, that criminals are increasingly focusing their efforts in this realm.
Just as law enforcement tended to overlook the seriousness of hacking and phreaking in the
1980s, legislative bodies have been slow to respond to the potentiality of contemporary computer
crime in the twenty-first century. In fact, the strides made in electronic communications and the
increasing emphasis on point-and-click platforms have enabled a variety of criminally minded
individuals to expand their horizons. Traditionally, computer crime was comprised mainly of
trafficking in stolen equipment or falsification of records. Although certain types of computer
crime were possible prior to the introduction of cyberspace, the marriage of computer and
telecommunications has resulted in an explosion of the crime. The impression of anonymity has
proven all but irresistible to criminally minded individuals. In fact, it may be argued that some
individuals who had previously been deterred by the fear of exposure are more susceptible to the
temptations posed by this type of platform. Indeed, preliminary estimates of Internet gambling,
illegal in virtually every area of the country, suggest that the Web, with its promise of
anonymity, has encouraged criminal activity among the masses. To wit, individuals who would
never walk into an adult book store in search of photographs or videos of bestiality or child
pornography readily download those same materials in the privacy of their home. Those
unwilling to walk into a bank with a gun may feel comfortable altering bank records or
manipulating stock records. Those same individuals who were dissuaded from seeking revenge
through traditional avenues may feel completely confident in posting embarrassing or
compromising information on the Web.
Even hackers, whom many authorities believed to be a relic of the 1980s, are increasingly
dangerous. Recent cases indicate that computer dependency and globalization of communication
have been exploited by individual, group, and government hacking entities. A group known as
Global Hell, for example, is suspected of hacking into a variety of government sites including the
U.S. Department of the Interior, the United States Army, the Federal Bureau of Investigation,
and the White House. Although their motivations appear to be a simple quest for notoriety as
opposed to the destruction of government property, implications for national security are
tremendous. Other implications of computer crime include
•
•
•
•
•
1. financial losses,
2. personal security (i.e., identity theft),
3. industrial espionage,
4. international security, and
5. public safety.
In fact, threats to public welfare and personal safety may surpass national security concerns.
Generally speaking, there are six categories of online crime:
•
•
•
•
•
•
• Interference with lawful use of computers—DOS attacks, viruses, worms, other malware,
cybervandalism, cyberterrorism, spam, etc.
• Theft of information and copyright infringement—industrial espionage, ID theft, ID fraud,
etc.
• Dissemination of contraband or offensive materials—pornography, child pornography,
online gaming, treasonous or racist material, etc.
• Threatening communications—extortion, cyberstalking, cyberharassment, cyberbullying,
etc.
• Fraud—auction fraud, credit card fraud, theft of services, stock manipulation, etc.
• Ancillary crimes—money laundering, conspiracy, etc.
Interference with Lawful Use of Computers
Industrial or corporate competition has also escalated to the malicious destruction of data. This
eco-terrorism or corporate warfare is not unique, nor is it a new concept. Traditionally, other
methods of destruction included attacks on physical structures (i.e., headquarters, research
laboratories, etc.) or tangible objects (i.e., file cabinets, vials of chemicals, etc.). But just as the
virtuality of cyberspace has altered traditional modes of communication, education, and
commerce, it has transformed the competitive arena of big business. Indeed, the interconnectivity
of technological devices which have become so prized across the globe has exponentially
increased the vulnerability of those self-same corporations. While the impact of a traditional mail
bomb was limited to the physical area surrounding the packaging, the implications of e-mail
bombs are limitless in their application and may include a complete dismantling of a company’s
informational infrastructure.
The Toolkit of a Cybercriminal
Although methods and mechanisms of cybercriminals vary, the majority of online victimization
is perpetrated by employing one of the various tools.2
•
•
•
•
•
•
•
•
•
•
•
•
Bots or zombies—a computer which has been compromised by some form of malware which
enables the criminal to remotely control that computer. For the most part, bots or zombies are
employed collectively in a botnet.
Keyloggers—a software program or hardware device which records all keystrokes of a
compromised computer. Depending on the device or software employed, the information is
either locally stored or remotely sent to the perpetrator.
Bundlers—malware which is hidden inside what appears to be legitimate software or
download. Containers often include gaming software, freeware, image or audio files, or
screensavers.
DDoS—a concentrated attack on a system or service which employs botnets to disrupt or
deny access to the target.
Packet Sniffers—software programs which are capable of monitoring network traffic and
capturing specific data. They are often employed to “sniff” and capture passwords as they
travel across the network.
Rootkits—a compilation of tools which are employed by hackers on a compromised
machine. Among other things, rootkits allow criminals to maintain access, prevent detection,
build in hidden back doors, and collect information from the compromised system.
Spyware—a software which covertly collects information from a compromised system. It is
often bundled with legitimate software and can transmit the information collected to a
designated site or user.
Scripts—short programs or lists of command which can be copied, remotely inserted, and
used to attack a local computer or network.
Phishing—an e-mail or document which attempts to persuade the recipient to divulge
specific information, like passwords, account numbers, etc. (It will be discussed more
thoroughly in Chapter 5.)
Trojans—a general category which encompasses a variety of other cybertools. Covertly
installed, these programs are designed to collect information, provide control, or distribute
data.
Worms—wholly contained viruses that travel through networks, automatically duplicating
and mailing themselves to other systems.
Viruses—programs or pieces of malicious code which are intended to infect or compromise
random systems or machines.
MALWARE
As discussed in Chapter 2, malware or malicious programming code refers to code that
causes damage to computer systems. This broad-based category includes back doors, Trojan
horses, viruses, worms, and DoS attacks. All of these entities can be, and have been, employed
by terrorists, hacktivists, corporate spies, criminals, and pleasure seekers. The range of their
utilization includes blackmail, extortion, and espionage, while their payloads in destruction range
from nuisance to devastation. Some viruses, for example, may simply insert, delete, or scramble
text within MS Word documents (e.g., wm97thu and Anna Kournikova). Particularly destructive
malware like computer worm Conficker had already infected as many as 12 million computers
worldwide and seems almost invulnerable to containment. Unfortunately, occurrences of
markedly nasty malware continue to rise with the popularity of botnets.
Most Dangerous Celebrities of 2011
According to McAfee, Heidi Klum topped the list of the Most Dangerous Celebrities of 2011. As
cybercriminals often use the names of popular topics, searches for information on celebrities are
often used to spread malware. Rounding out the top ten are Cameron Diaz (2); Piers Morgan (3);
Jessica Biel (4); Katherine Heigl (5); Mila Kunis (6); Anna Paquin (7); Adriana Lima (8);
Scarlett Johansson (9); and Brad Pitt, Emma Stone, and Rachel McAdams (10).3
Viruses and Worms
Contrary to popular belief, computer viruses are not a new phenomena. Although early
mainframe users experienced anomalies, they necessarily credit such occurrences as malicious or
intentional. Loss of files or misplaced lettering was attributed to programming glitches. The first
recognized computer virus, the rabbit, appeared in the 1960s. These programs diminished the
productivity of computer systems by cloning themselves and occupying system resources. These
rabbits were strictly local phenomena, incapable of copying themselves across systems and were
the result of mistakes or pranks by system programmers. The first virus attached to an executable
file made its appearance in the 1970s on the Univax 1108 system.4 Pervading Animal was
attached to the end of an executable file and required the computer user to answer a series of
questions regarding animals. Since that time, viruses have continued to evolve and are currently
capable of network failure and mass destruction of data. Here is a brief timeline of some
significant evolutionary developments.
Although the proliferation of viruses often makes it difficult for users to comprehend their
evolution, there are four distinct eras of computer viruses. The first of these may be defined as
the Classical Era (1960s–1970s), in which system anomalies occurred accidentally or were a
result of pranks by programmers or system administrators. The second evolutionary era, known
as the Floppy Era (1980s–1990s), was largely characterized by infection of DOS machines
spread by removable media. During this period the spread of computer viruses was relatively
limited, and the evolution of viruses was relatively slow. Due primarily to their lack of
sophistication, viruses during this period were easy to detect, isolate, and eliminate. This began
to change with the introduction of polymorphic viruses which emerged in the early 1990s. These
viruses avoided detection by using indecipherable code, easily defeating early antivirus software
which identified potential viruses by looking for segments of known virus code.
Year Name
Elk Cloner (created by
1982
Richard Skrenta)
1986
Brain (created by Basit
& Amjad Frooq Alvi)
1987 Christmas Tree
1988
Morris Worm (created
by Robert Morris)
1990 Chameleon
1990
Murphy, Nomenclatura
Beast
1992 Michelangel
1996 Win.Tentacle
1997 Linux.bliss
Systems Targeted
Apple DOS 3.3
Various
European Academic
Research Network
and IBM Vnet
Unix for Vax; Sun
Microsystems
DOS
Windows
Windows
Windows 3.x
Linux
1997 Homer
1997 mIRC worms
Windows
1998 Win32.HLLP.DeTroie
Windows
1998 Back Orifice
Various
1998 VBScript.Rabbit
Windows
2000 LoveLetter
Windows
2000– Nimda, CodeRed,
2001 Sircam
Windows
Significance
Released “in the wild”—not locally
contained
First PC boot sector virus; first virus to
operate in stealth mode, replacing
infected sectors with clean ones.
First total epidemic of a network virus
Picked up user passwords; focused on
errors in OS
First polymorphic virus. Defeated
traditional platforms for virus detection
Creation of Bulgarian “virus production
factory” and first BBS devoted to virus
making
Causes boom in antivirus software
First Windows epidemic
First virus for Linux
First network worm virus using FTP to
propagate
Virus scripts are transmitted along
Windows IRC channels
Capable of transmitting information
from the infected computer to the
owner
Introduction of clandestine installation
of Trojans, enabling remote access to
infected computers
Creation of HTML virus—employing
the MS Windows and Office options,
infection of remote computers and Web
servers, replication via e-mail
First widely distributed virus making
use of the VBS extension. Considered
the costliest virus, as system
administrators were unprepared for it.5
Re-emergence of the worm. Replication
via e-mail and scans and infects Web
servers. Capable of infecting computers
by simply viewing of subject line in
Outlook. Originally touted as having
the capacity to bring down the Internet.
Year Name
Systems Targeted
2000 Liberty
Palm OS
2003 Slammer
Windows/Internet
2003 Lovesan
Windows/Internet
2003 Sobig
Windows/Internet
2003 Mimail
Windows/Internet
2004
Various (Sasser,
Windows/Internet
MyDoom, NetSky, etc.)
2008
Conficker, Kido,
Downadup
Windows
Significance
First harmful Trojan to target Palm
Pilot operating systems.6
First fileless or “flash” worm. Caused
several segments of the Internet to
crash.
Did not copy itself but remained in
memory.
Exploited weakness in Windows
2000/XP
Widespread DoS attack on selected
sites designed to facilitate spam
attacks.7
Exploited latest vulnerability in Internet
Explorer which allowed binary code to
be extracted from HTML files and
executed.8
Proliferation of viruses dedicated to
facilitating mass spam attacks.
Formed botnet and remains difficult to
control due to multiple advanced
malware techniques
By the mid-1990s, end users became aware of the risk of viruses, and many stopped sharing
programs or running executable files. At the same time, the explosion of the Internet, the
electronic mail, and the Windows OS proved irresistible to virus creators. As such, macro viruses
emerged, and the Macro Era (1990s–2000s) was born. Unlike viruses found in the first two
periods, macro viruses infect documents and templates, not programs. Embedding the malicious
code into the macro programming language found in popular Microsoft and Macintosh (e.g.,
Word, Excel) applications, the virus infects the system when the user opens the document. Once
executed, the virus will become embedded in both current and future documents. The virus is
then propagated via e-mail, networks, and the Internet. One of the first notable examples of a
macro virus appeared on the Internet in March 1999. The Melissa virus caused more than $80
million in damages to computers across the globe. In the United States, the viruses infected 1.2
million computers of one-fifth of the nation’s largest businesses. Created by David Smith, the
virus was embedded in a document posted on the Internet newsgroup Alt.sex. Proclaiming to
contain passcodes to various adult-content Web sites, users infected their computers by
downloading and opening the document. The virus then propagated itself by sending e-mail to
the first 50 addresses in the computer user’s address book. Smith was subsequently sentenced to
20 months in federal prison, three years of supervised release, 100 hours of community service,
and a fine of $5,000. In addition, he was prohibited from accessing a computer of any kind.9
In the wake of the Melissa virus and the prosecution of David Smith, investigators recognized
that the transmission of viruses was continuing to evolve. In mid-2000, two viruses heralded a
new period in virus sophistication and distribution. The Internet Era (2000–present) began
with the introduction of a group of publicized infections: CodeRed, SirCam, and w32/Nimbda.Amm. One of the group’s methods of propagation was similar to Melissa’s exploitation of
Microsoft Outlook. All were capable of using an infected system’s address book to infect other
computers. However, this new group demonstrated a variety of alternative methods of replication
that were not found in previous viruses. CodeRed, for example, scanned the Internet for
vulnerable machines, and then infected them, while Nimda (“admin” spelled backwards) infected
computers even when the infected e-mail was simply viewed through MS Outlook’s preview
window.10 Unfortunately, the re-emergence of network worms continues to plague users and
system administrators alike. An increasing proliferation of such worms is continuing to cause
untold damages, and worms are increasingly utilized to perpetrate large-scale DoS attacks. While
the motivations for their creation vary, more and more are being unleashed for economic gain.
Public Apathy and Increased Vulnerability
Especially popular among hackers in the 1980s, the threat of malicious programming code
created near hysteria among early computer users and spawned an entire industry. However, the
creation of antivirus and firewall programs has almost negated the unease experienced nearly
two decades ago. Unfortunately, they have also led to a false sense of security among the
American public, resulting in an apathetic approach to data security. In fact, malicious attacks or
information theft are so dangerous that even computer giants like Apple and IBM have not been
immune.
Regardless of the level of scrutiny afforded to computer viruses or other contaminants, their
threat remains genuine. In fact, virus creation and dissemination has become more pronounced
with the inception of made-to-order virus and worm tool kits readily available via the Internet.
The VBS Worm Generator (VBSWG 1.50b), for example, allows script kiddies (i.e., novice
users with malicious intentions) to create viruses quickly and painlessly. Reportedly created in
Buenos Aires, Argentina, VBSWG 1.50b creates VBS worms that infect Windows systems with
MS VB5 runtimes or Windows Scripting Host 5.0. Unfortunately, this includes Windows 95 SE,
98, and 98 SE. Although other toolkits exist (including Satanic Brain Virus Tools, 1.0; the
Instant Virus Production Kit; and Ye Olde Funky Virus Generator), this particular one has been
directly responsible for a variety of recent viruses, including the popular Anna Kournikova virus,
and is so specialized that users may name their own virus and select from a variety of payloads.
It even allows users to choose the manner of virus activation (i.e., timed, immediate, etc.).
DoS and DDoS Attacks
The primary objective in a denial of service (DoS) attack is to disable a large system without
necessarily gaining access to it. Traditionally, the most common DoS attack involved mailbombing (e.g., jamming a system’s server with voluminous e-mail). Other traditional methods
included the time-proven method of manipulation of phone switches or the more sophisticated
method of low-level data transmission. These attacks were directed at some of the Web’s most
popular portals, including www.amazon.com, www.eBay.com, and www.Yahoo.com.
Motivations varied from personal to organizational to political. During this period, national
infrastructures remained relatively unscathed, and attacking packets originated from a single
address or network.11
Botnets and Zombie Armies
Since their inception, criminals have now recognized and developed a new methodology for DoS
attacks. Known as DDoS (distributed denial of service) attacks, this emerging technology
employed zombie or robot (aka bot) machines to increase the effectiveness and efficiency of
their payload. Zombies or bots are compromised computers attached to the Internet which are
often used to remotely perform malicious or criminal tasks. They are often used in large batches
(i.e., zombie armies or botnets), and the majority of owners of zombie computers are unaware of
their usage. Their use is increasingly common as they effectively camouflage the perpetrator and
decrease the operating costs of their criminal operation associated with bandwidth. Motivations
for DDoS attacks range from boredom to theft to extortion. Hacktivists have also used zombie
computers in a variety of highly publicized attacks. For example, hacktivist group Anonymous
effectively shut down the Web site of the Westboro Baptist Church, the organization that is best
known for protesting at the funerals of soldiers. Anonymous was also responsible for the DDoS
that temporarily disrupted service for MasterCard and PayPal in late 2010 after the corporations
cracked down on Wikileaks.
Diagram of how DDoS attacks operate via compromised machines, remotely controlled by the
perpetrator.
In 1999, the first known DDoS attacks occurred, with tools known as Trinoo and Tribe Flood
Network (TFN). Since that time, such attacks have become commonplace and have been
employed by a variety of individuals or groups, such as extortionists, business competitors, and
terrorists. In fact, many businesses and corporations are so fearful of the potential economic loss
caused by such an attack, that they often acquiesce to the demands of cyberextortionists, even
before an attack has been launched. It is not uncommon, for example, for extortionists to threaten
online gambling sites with a DDoS attack in the days immediately preceding a popular sporting
event. Even the mafia has not proven immune to such strong arming tactics. In 2006, members of
New York’s Bonanno crime family were forced to pay “protection” money and beef up online
security for their online gaming site www.playwithal.com.
Cyberextortion—the use or the implicit threat of use of technological means to cause harm to the
physical being, reputation, or property of an individual, organization, or company as a means to
obtain the consensual exchange of property from that individual, organization, or company.
In June 2007, the Department of Justice and the FBI announced that an ongoing cybercrime
initiative, Operation Bot Roast, had identified over 1 million compromised computer IP
addresses. Recognizing that the majority of victims remained unaware of their computer’s
victimization, the FBI announced that they would join with industry leaders and other
government agencies (including Microsoft and the Botnet Task Force) to inform and educate
computer users of their vulnerability.12 Since that time, botnets and the use of zombie armies
have become increasingly popular. In 2010, the same Botnet Task Force, helmed by Microsoft,
took down one of the world’s largest spambots. The W32.Waledac botnet had the capability of
sending as many as 1.5 billion spam e-mails a day.
Spam
Although the term spam has long been a part of American language, its contemporary meaning
bears little resemblance to its original etymology. In today’s verbiage, the term spamming may
be defined as the abuse of electronic messaging systems to randomly or indiscriminately send
unsolicited bulk messages. While spam may be found in a myriad of electronic communications
(i.e., instant messaging, Usenet newsgroup, blogs, mobile phones, etc.), most users are familiar
with the term as it applies to e-mail. In fact, it seems unlikely that any regular user of e-mail has
escaped victimization. It is increasingly employed by some advertisers to reduce operating costs
and escape accountability. In addition, it can be employed by criminals launching DDoS attacks
irrespective of primary motivation. While many end users view spam as little more than a
nuisance, some of the direct effects associated with the practice of spamming include the cost in
human time of reading or deleting the messages; reduced productivity due to reduction of focus;
purchase of antispam software; and the consumption of computer and network resources. The
exact costs of spam are difficult to determine. According to a University of Maryland study,
spam resulted in almost $22 billion in lost productivity alone! They calculated this figure by
multiplying the average time which workers spent deleting spam each day (i.e., three minutes) by
the number of online adults by the average wage.13 The study further revealed that 11 percent of
individuals receive at least 40 such messages daily.
Traditionally, electronic spam was most commonly used by advertisers or by businesses
themselves. Not all of the spam was innocuous, and it was popularly employed by pornography
sites. Currently, an antispam backlash has significantly reduced the viability for legitimate
companies to employ the practice, and most have abandoned it altogether. However, the amount
of spam continues to increase, and is currently used to spread viruses; deliver Trojans or other
malware; initiate DDoS attacks; commit identity theft; facilitate Internet fraud; promote political
extremism; and further a variety of other online crime, like extortion and blackmail. In 2010, the
top three spam botnets were Rustock, Grum, and Cutwail.14
Smurfing, Fraggling, and DDoS Attacks
To avoid detection by authorities, some criminals are using two distinct methods of distributed
denial of service (DDoS) attacks. The first, known as smurfing, occurs when a perpetrator
utilizes Internet Control Message Protocol (ICMP) echo (ping) traffic at IP broadcast
addresses from spoofed source addresses. The second, known as fraggling, utilizes User
Datagram Protocol (UDP) UDP echo packets instead of ICMP. In both cases, the providers or
machines which are most likely to be victimized are IRC servers and their providers.
In 2006, Daniel J. Lin became the first person convicted of violating the Can-Spam Act and was
sentenced to three years in federal prison and imposed a $10,000 fine. Lin, along with his
partners, distributed millions of e-mail messages advertising various products, including weight
loss patches and “generic” Viagra. To increase sales and to advertise his wares, Lin sent bulk emails with fraudulent header information through a variety of zombie computers.15
In addition to the Can-Spam Act, the federal government has employed other contemporary
legislation to prosecute spammers. In May 2007, for example, Robert Soloway was indicted by a
federal grand jury on various charges, including multiple counts of mail fraud, wire fraud, e-mail
fraud, aggravated identity theft, and money laundering. Dubbed the “Spam King” by federal
authorities, Soloway operated numerous Web sites and domains which hid spam tools inside
software marketed as legitimate. Allegations also include the creation of a botnet of more than
2000 proxy computers. The indictment was a culmination of a joint operation conducted by the
U.S. Postal Inspection Service, the DOJ’s Computer Hacking and Intellectual Property unit, the
Internal Revenue Service, and the FBI.16
The Evolution of Viruses
Jon Hoskin
Clemson University
The first computer bug was an actual insect, which stopped a relay from working and thus had to
be “debugged.” There is no similar related origin for the computer malware terms virus, worm,
and Trojan. Nevertheless, the use of the word virus to describe a computer program that
perpetuates itself in a fashion similar to a biological virus is apt. Although relatively new, the
computer virus has become so ubiquitous that This Week in Virology (TWIV.TV), the foremost
podcast on biological viruses (B-viruses), has the subtitle “The kind That Make You Sick” so as
not to mislead listeners.
B-viruses are ancient and may even have been the progenitor of life as we know it. On the other
hand, the computer virus was first constructed in the early 1970s and can be defined as a
program created by intelligent design, a purposeful if not positively motivated human activity.
While the differences are dramatic, numerous similarities exist including how we eradicate them.
B-viruses don’t appear to be alive but exist by making use of the biological world around them
including utilizing biochemical processes present in host organisms to replicate and fend off the
host’s defenses. Similarly, computer malware can only use capabilities of the host computer and
is dependent on the knowledge and creativity of the programmer. Malware creators use all
available tools including security features and must constantly make changes for their products
to remain viable.
For example, malware which prevents access to a targeted machine through the use of
sophisticated encryption algorithms may be remotely installed on a victim’s device. Traditional
extortion scams may then require a preliminary payment of $79 to regain access. However, the
victim is later told that such payment does not necessarily assure that the data or machine hasn’t
been compromised. Like legitimate software companies, malware creators also push out updates,
which can be accomplished via large sophisticated botnets (networks of compromised
computers). Infected machines can thereby obtain updated information, protected by encryption
via increasingly sophisticated methods to hide and protect their source.
The intent of the computer virus is to do the bidding of its intelligent designer, usually for
financial gain. Malware of any type is frequently delivered as bogus “antivirus” spyware
(sometimes known as scareware), via compromised Web sites or spam—unsolicited e-mail
advertising. Spam has evolved from simple advertisements to targeting e-mail to specific people,
called spear-phishing. Such weaponized e-mail uses social engineering, such as referring to
events presumably only insiders would know about (e.g., click here to see my embarrassing
pictures of Friday’s company picnic or to view changes in your retirement benefits), thus
enticing users to open files or unintentionally go to compromised Web sites. One wonders what
this creative, if misguided, entrepreneurial spirit could add to civilization if harnessed in a
positive way, but the longer view is that it makes all software more secure by forcing
programmers to build in security measures. Computer security will likely always be a moving
target as malware creators necessarily become ever-more refined. The best recent example is the
Stuxnet worm, which targeted Iranian centrifuges and whose creation required a dramatic
increase in resources (knowledge about the centrifuge controllers, how the computers isolated
from the Internet might be breached, etc.), thus describing what might more accurately be
defined as Internet warfare.
At its most basic level, the cause of continued malware can be categorized in several ways, the
first until recently being a lack of security awareness by programmers and users alike. Second is
the misguided pressure to release software before it is ready. Inevitably, a stream of patches and
fixes follow, defining the initial product security as an afterthought. A final consideration is that
programmers are not taught to think like felons and don’t see their code as also having
potentially exploitable features.
For b-viruses to continue, they need a reservoir where they do little or no harm and continue to
survive. For example, a human virus infection transmitted via mosquitoes, its reservoir, does so
by overwintering in the nonfreezing sewers of New York City, an unintended disadvantage of
civilization. There is a similar computer concept. Connecting an unprotected and un-patched
computer directly to the Internet is courting disaster because of what has been described by Steve
Gibson as IBR—Internet Background Radiation. The Internet unintentionally acts as a computer
virus reservoir because many computers are not updated with security patches and/or cleansed of
malware yet remain connected to the Internet. Microsoft indicated in their semiannual report on
Internet security ending in the first half of 2010 that close to a third of machines are infected in
one fashion or another. Thus the large number of computers makes it impractical to consider
fixing and exasperating for anyone worrying about the enormity of the problem.
B-viruses also trend in the direction of becoming benign, at least for their reservoir hosts,
otherwise they risk eliminating all their hosts and hence themselves. Computer viruses are not
designed as such. The biological answer is inoculation with an appropriate vaccine or quarantine.
But just as some countries can’t afford to inoculate all of their citizens, not everyone can afford
to patch their computers or run antivirus programs. China apparently has millions of illegal
copies of Microsoft Windows running on computers which therefore aren’t able to get patches
from Microsoft.
Currently the simplest manner of creating malware is to take advantage of a software crash, an
all-too-prevalent occurrence. Once observed, the nature of the defective code can be determined
and exploited. Microsoft attempted to address some of these problems by instituting Data
Execution Prevention (DEP) which as defined was intended to prevent data from being executed.
Unfortunately, in some cases it was not turned on by default and was also creatively
circumvented. Additional patches and greater compliance may allow DEP to be more effective
but inevitably code that can be exploited will be exploited.
Another notable difference, related to evolution, is that computer viruses and malware thus far do
not evolve in the biological fashion. Virus evolution is a new area but suffers from limitations,
notably that computers have relatively limited systems unlike the complexity of biological
systems. While variations of computer viruses quickly follow their initial release, they are also
quickly identified. Progressively better antivirus heuristics may speed their discovery, thus
reducing the possibility of catastrophic copycat computer viruses.
Although b-viruses are generally regarded in a negative way, they are likely beneficial to life.
Like any parasite, the intent of the virus is to continue to exist and if it purposely helps the
infected organism, it also enhances its ability to exist. The singer Yul Brenner lived 11 years
with lung cancer which normally causes death very quickly. It’s believed his longevity can be
attributed to the trichinosis he contracted from eating at a restaurant. The parasite was competing
for the same resources as the cancer and it increased its chances of propagation by reducing the
viability of the cancer. However, computer viruses don’t have a positive side; even when
computer viruses are specifically designed to destroy harmful viruses, they nevertheless tend to
be more problematic and are generally illegal.
Parasites like the trichinosis convey another important point: although living via another
organism, they require more genes than so-called free-living organisms. Although the host
organism provides for their needs, they must circumvent various systems meant to protect that
host from invaders or parasites. Similarly, malware needing to modify or evolve in another
computer may need to use additional programs to protect themselves from antiviral/malware
programs, all of which make the “invasive” program larger and probably more noticeable.
In the first half of 2011, Apple users suffered a major problem with malware, the OakRidge
National Laboratory experienced an Internet break-in, the security company RSA lost control of
its certificate keys, and the Playstation network endured a sustained outage. Unfortunately, that is
just some highlights. These incidents might suggest that we are losing the war against computer
malware, but that need not be the case. Companies producing antimalware continue to develop
better software. They now systematically track malware across the globe and utilize ever-more
sophisticated honey-pots to capture nascent malware. Recently network hardware has been
focusing on the problem and may circumvent many problems. Another technique which is
beginning to be used is white-listing applications. White-listing or black-listing e-mail either
allows or blocks e-mails from a given user, company, or ISP. Likewise, white-listing of
applications allows only those program files to execute. A computer might therefore be riddled
with malware but because those files are not white-listed, they cannot run. Another new method
can protect unpatched programs from exploitation. And perhaps the most important lesson being
learned is that computer security is not an option if you care about your users and customers.
Perhaps the biggest problem is the way we approach malware. Companies, universities,
government entities, and individuals are essentially barricading themselves against malware.
While some would suggest starting over, the answer may be the Internet equivalent of
quarantine. A faster, virus-free Internet or protected Internet, necessarily monitored, is one
answer. By disconnecting perpetrators as soon as they are detected having any involvement with
malware including spam, the result would produce dramatically less traffic and benefit Internet
commerce. A simpler place to start is with secure e-mail—spam would dramatically decrease
and the required software is already available.
Ransomware and the Kidnapping of Information
In recent years, ransomware, a new type of malware, has come to the attention of law
enforcement authorities. Although it originally surfaced in late 1989 with the PC CYBORG/AIDS
Information Trojan, it remained largely under the surface to both criminals and law enforcement
until 2005.17 Ransomware may be defined as a malware program which encrypts or otherwise
renders computer or digital resources inoperable or inaccessible in furtherance of the illegal
compulsion of an action or exchange. Unlike the majority of malware, whose survival is almost
entirely contingent upon concealment, ransomware proclaims its existence at inception.
Ransomware is solely designed to further criminal interests and is used most often to extort
money from its victims.
The success of ransomware hinges on a variety of factors, including, but not limited, to user
education, sophistication of product, victim urgency, and secure method of payment.
•
•
•
•
• User education—Ransomware is most successful when the applicable victim lacks
knowledge of or is apathetic to system security. For example, users may protect themselves
from potential extortion efforts simply by employing good backup policies or by
implementing system restoration software.
• Sophistication of product—Ransomware is most successful when the level of data
destruction caused by sabotage is not recoverable using commercially available software or
simple backup practices. For example, ransomware which incorporates itself into a machine’s
operating system would require payment by the victim.
• Victim urgency—In order for ransomware to be successful, the compromised data must
have some worth to the victim. For example, a victim may be unwilling to pay a ransom for
the return of vacation photos, but may be willing to pay a small fortune for the return of taxrelated documents on April 14.
• Secure method of payment—The ultimate goal of ransomware (i.e., the collection of
ransom) can only be realized in situations where a secure method of payment is available.
Necessarily, such a method must be both readily accessible to the victim and the perpetrators
and disguisable from authorities. Herein lies the proverbial rub for many ransomware
developers. Although payment aggregators, like PayPal, have been successfully employed by
cybercriminals, they may only be utilized by account holders. As victims may not have access
to such sites, alternative methods like e-cash, wire transfers, and such might be more viable.
At the same time, each of these methods inherently contains some risk of discovery. Thus,
new forms of payment have emerged.
Just as with traditional ransoms, the greatest risk of discovery in ransomware cases always
concerns the transfer of money. Due to these risks, some developers are devising complex
schemes to facilitate their economic windfall. Some of these perpetrators, for example, will
funnel illegal funds through legitimate companies, thereby hiding the criminal act and laundering
the funds at the same time. These companies may be either willing accomplices or secondary
victims. Sophisticated criminals may develop multiple levels of concealment through the
development of e-shell companies. To further insulate themselves from detection and
prosecution, some ransomware developers will not accept a direct payment to themselves under
any circumstances. Instead, they may direct the victim to a legitimate online merchant with
whom they have established a referral-based system of commissions.18
Ransomware—Notable Examples
•
•
• PC CYBORG/AIDS Information Trojan—This Trojan was distributed through the U.S.
Postal Service in a socially engineered package which contained a seemingly innocuous
floppy. Once installed, the Trojan operated by replacing the autoexec. bat file. Upon the 90th
reboot of the machine, directories were hidden and file names encrypted. At the same time,
the victim was informed of the action and prompted to pay a $378 renewal of license fee to
recover the data.
• GPCoder—Although this Trojan originally surfaced in May 2005, updated versions have
consistently appeared. These updated versions of GPCoder, distributed via e-mail, employed
complex RSA encryption to predetermined file extensions. Upon execution, victims were
instructed to visit a particular site to purchase a decoder.
•
• CryZip—Surfacing in March 2006, CryZip attached itself to all running processes in the
form of a DLL file. It was similar to GPCoder, except that it collected all affected files into a
password-protected zip file and utilized an e-gold account for ransom collection.
THEFT OF INFORMATION, DATA MANIPULATION,
AND WEB ENCROACHMENT
While most American scholars (and citizens) recognize the impact of the Industrial Revolution
on American culture, norms, and means of production, they seem resolutely opposed to
embracing the concept of the Information Revolution. Without question, the introduction of
global communications, digital automation, and transnational commerce has brought profound
changes to every facet of American life. In this new age, traditional physical objects have been
transformed into virtual concepts, and tangible commodities have been replaced by things far
less concrete. In this new age, information has become the black market’s platinum currency. In
this section, we will discuss the criminal theft of information or data manipulation. However, the
crime of identity theft will be discussed in detail in the following chapter.
Traditional Methods of Proprietary Information Theft
Whether the motivation is personal, economic, or political, the method of theft of information
has remained remarkably unchanged over the past several decades. While many individuals
struggle to understand, for example, how President Clinton’s e-mail was compromised at least
twice during his presidency, security experts point to White House employees as the likely
culprit. Criminals usually prey on systemic vulnerabilities or employee weaknesses to steal or
gain unauthorized access to privileged information. While the first may seem the first line of
attack, research indicates that uninformed or careless employees may pose the greatest threat. In
fact, research indicates that data security and adequate training of personnel are a low priority for
all levels of institutions, including government entities. Unfortunately, the lack of prioritization
enables criminals to steal passwords and enter even the most complex systems almost at will.
Perhaps the easiest, and therefore the most popular, method for stealing passwords involves
social engineering. Using deceptive practices, criminals employ traditional confidence scams to
gain access to company computers or telephone systems. Most commonly acting as
representatives for a vendor’s security system or the company’s IT section, criminals persuade
employees to voluntarily provide their user names, passwords, or both! Information thieves may
also gather personal information about an employee from the employee themselves or their coworkers, as many, many individuals personalize their passwords despite the advice of their
supervisor or IT security administrator. Hometowns, birthdates, anniversaries, alma maters,
school mascots, nicknames, social security numbers, and maiden, children’s, spouse’s, or pets’
names are commonly used as passwords. (So, if Ellen Burnstein is single with two cats, chances
are her password won’t be hard to figure out.)
Either of these approaches has little danger of exposure and allows criminals to begin attempts at
breaching security measures immediately. Remember, employees (even honest ones) are a
company’s biggest liability in terms of data security. Even if institutional security measures
preclude personalized passwords, employees still pose a risk to data and system security due to
their lack of regard (often due to naiveté) for its importance. Failing to appreciate the value of the
data in their control, many employees will often post their passwords in conspicuous places—
sometimes taping them to their computer monitors! (Ironically, this may be most common in
situations where system administrators are attempting to tighten system security by routinely
changing passwords, requiring multiple or multilevel passwords, or preventing their
personalization.) In other cases, employees will be susceptible to shoulder-surfing (i.e., literally
watching over someone’s shoulder as he or she inputs a password).
Employees who fail to follow proper security procedures for disposing of personal
correspondence and company paperwork also pose a security risk to an institution’s digital
technology. Just as criminals of old would search trash containers for discarded credit card
receipts, payroll records, and the like, hackers often resort to diving through corporate trash sites.
Unfortunately, unwitting administrators and employees routinely dump sensitive information
into the nearest trash receptacle. Information such as old technical manuals, internal phone lists,
and organizational charts and correspondence provide a wealth of information for the malicious
hacker.
Recent studies indicated that the emergence of cloud computing and removable media is
increasingly responsible for theft of information or breaches in digital security. In fact, many
businesses have or are beginning to institute policies concerning the use of instant messaging and
e-mail, and many have prohibited the use of removable media, like thumb drives.19 These
policies have become increasingly necessary due to the increase in insider theft of proprietary
information and destruction of data, both in the United States and abroad. More sophisticated
approaches to gaining unauthorized access to “secured” data may be employed by computer
hackers. One approach involves systemic vulnerabilities created by vendors in which remote
access is allowed to perform routine maintenance, such as updating, on their systems. Hackers
may target these back doors in an attempt to gain superstar privileges. In addition, some
successful hacking attacks may be attributed to a system administrator’s negligence. Some
system administrators, for example, never change the defaults in their networks once they are
installed! By utilizing lists of default passwords, readily available on the Net, unauthorized users
are able to gain root access by simply using traditional network defaults.
Trade Secrets and Copyrights
The increasing commercialization of knowledge has exponentially increased the theft and
trafficking of proprietary information. While some criminals have chosen to actively extort
money from an organization by compromising their data, others have recognized the value
inherent in the sale of such information. Such perpetrators have ranged from corporate insiders to
crackers to organized cybergangs. For example, one employee at Gillette Company in Boston
was caught using company equipment to solicit bids for the design specifications for Gillette’s
Mach-3 razor.20 However, such practices are not limited to common criminals or corporate
insiders. It can also be committed by industry competitors or even government entities! Such
government agencies (and agents) engage in such behavior for personal gain and/or use patriotic
arguments to justify their behavior. For example, the former head of the French Secret Service
admitted on American television that his organization had planted electronic eavesdropping
devices on Air France flights from New York to Paris. Information collected was then forwarded
to the French corporation French Mirage. This information enabled the company to undercut the
bid of an American corporation. This multi-million-dollar contract was directly attributed to the
actions of their state-run intelligence service! This type of behavior, he argued, was necessary for
smaller countries who wished to compete in today’s global economy.21
Political Espionage
Technology has also escalated the potential for sophisticated attacks on a country’s national
security and public infrastructure. The most obvious, but not the most insidious, of such attacks
continues to be the theft of information. Like their corporate counterparts, government entities
have not invested adequate resources to protect secrets technologically stored or created. In fact,
many would argue that national security issues in general have become all but obscured since the
end of the Cold War. Unfortunately, there appears to be no such apathy on the part of foreign
governments. Indeed, the FBI estimates that at least 120 foreign governments are actively
working on intelligence operations currently targeting the United States.22 It has been widely
reported, for example, that the F-35 fighter jet program was plagued with spiraling costs
associated with Chinese hackers who illegally obtained confidential information on the plane’s
design.23 These threats are not only real but are also increasingly sophisticated.
CASE STUDY NASA & Compromised Secrets
In a report to the Subcommittee on Commerce, Justice, Science, and Related Agencies (housed
within the Committee on Appropriations) on January 25, 2012, Inspector General Paul K. Martin
outlined some examples of the loss of information, trade secrets, and even, equipment.24
•
•
•
•
• Between 2004 and 2005, NASA networks were compromised six times by a Swedish hacker
causing the agency to suffer $1 million in supercomputing downtime.
• An RL-10 Rocket Engine that had been posted on an online auction was recovered by the
Office of the Inspector General (OIG). The rocket engine was valued at approximately
$200,000.
• An OIG investigation revealed that a Chinese national had compromised seven NASA
systems, leaving a significant amount of data vulnerable to unauthorized access and theft.
• An OIG investigation was initiated after an individual who had purchased a Space Shuttle
Thermal Protection system from an online auction site requested information from NASA as
to the origin of the tile. The investigation revealed that the contractor responsible for the theft
had sold 12 Shuttle tiles on eBay for prices ranging from $41 to $912.
The theft of information using technological means is not a new phenomenon. In 1998, while
Benjamin Netanyahu was Israel’s prime minister, intelligence agents infiltrated Telrad
(subcontracted by Nortel, an American telecommunications conglomerate). By installing
undetectable chips during the manufacturing process, agents were granted access to top-secret
and otherwise classified information. Such data included communications between President
Clinton and senior staff officials within the National Security Council. This arrangement, which
included weekly reports to Tel Aviv, was made possible due to a multi-million-dollar contract to
replace communications equipment between Nortel, Telrad, and the Israeli Air Force. Curiously,
contract specifications granted access to manufacturing areas by members of the Israeli Air
Force to protect government secrets! As disconcerting as these activities may be, they are by no
means the most insidious. In fact, a simpler, far more popular, method of technological
espionage involves the physical theft of data storage containers (i.e., CPUs, diskettes, etc.).
Like most inventions created to increase the efficiency and effectiveness of corporate and
government employees, the introduction of laptop computers was heralded as the solution to
employee angst. Designed to facilitate home-based work environments, laptops were intended to
empower overburdened workers, enabling them to work at home, on vacation, or at the dentist’s
office. However, their introduction has not been accomplished without a myriad of associated
problems. In fact, their sheer portability, often seen as their greatest strength, is also their greatest
weakness, making them prime targets for the burgeoning data black market. Neither corporate
nor government entities have been unscathed, and all areas of the globe have experienced this
pattern of criminal activity. In London, for example, two government laptops filled with topsecret or classified information were stolen from the same railway station over a period of two
months. During the Gulf War, American officials were forced to tighten security measures after a
laptop containing secrets of the Allies’ war plans was stolen from an official car while the wing
commander it was assigned to was car shopping. In fact, a variety of laptops have been stolen in
recent times, usually as a result of employee carelessness (one was left in a taxi after a night of
heavy drinking!). One location which has proven to be particularly popular among thieves is
airports—a new variant of the classic briefcase switch. Simply replacing the targeted laptop with
one of their own, thieves often escape detection and leave few clues for investigators. Another
method which has proven successful involves a pair or team of thieves. While one thief stands at
the end of the electronic scanner located at security checkpoints, another intentionally creates a
diversion in front of the owner after the laptop has been placed on the moving belt. This method,
however, poses greater risk to the perpetrator as the likelihood of detection increases. Regardless,
both of these methods are only possible through an individual victim’s carelessness. Thus,
employers must address the vulnerability and subsequent security of laptops during training.
Unfortunately, other incidents are a result of systemic vulnerabilities. These thefts, while just as
costly, are more preventable once identified, as traditional methods of physical security may be
employed. This lesson was recently learned by the State Department after an audit by the Office
of the Inspector General revealed that the agency did not have an accurate accounting for (and
had not encrypted) all of the classified and unclassified laptop computers in the bureaus included
in the audit. This included the offices in the District of Columbia. Additional results of the audit
indicated that 27 laptops were missing, 35 were not available for inspection, and 57 had been
disposed of!! Of the 215 that were physically inspected, 172 were not encrypted.25
TERRORISM
Recent events have forced the realization and recognition of the country’s physical vulnerability
to religious and/or political zealots. In the wake of the events of September 11, 2001, American
citizens clamored for immediate retaliation against shadow targets. Unfortunately, such shadows
have proven to be extremely elusive, and undeterred in their fanaticism. However, the disaster
did awaken the American public and its corresponding government institutions to the dangers
posed by terrorism—a danger long recognized by leaders from other areas of the globe. In fact,
such hazards from extremists have existed for centuries.
Traditionally, terrorist actions involved physical actions directed at physical or human targets.
Intending to create chaos, public disorder, and, ultimately, government instability, terrorist
factions have long fantasized upon striking a mortal blow to their targets—temporarily shutting
down the entire society and causing widespread fear. With the possible exception of the World
Trade Center/Pentagon attacks of 2001, however, these sorts of “successes” have proven
unobtainable, especially in First World countries. In fact, many individuals, academics, and
institutions alike have declared that the positive environment (i.e., the rebirth of patriotism,
community solidarity, and government resolve) born in the wake of the 9/11 tragedy has all but
negated any victory which Bin Laden’s group may have originally claimed. Such American
resiliency has astounded residents across the globe, but several experts have suggested that the
phenomenon may be attributed primarily to the magnitude of human loss and the broadcasting of
the entire event, including clean-up and rescue. They suggest that a pattern of smaller attacks
may have been more successful in disrupting the targeted society, as the sheer magnitude of
destruction all but anesthetized the American public, releasing a collective rage at those
responsible. Thus, it may be argued that traditional notions (and methods) of terrorism, focusing
on mass mayhem and physical destruction, may be supplanted by a more sophisticated, subtler
approach.
Similar to their counterparts involved in organized criminal activity, international terrorist groups
are increasingly using advances in technology to increase their effectiveness and efficiency.
They are using the Internet, for example, to formulate plans, spread propaganda, elicit funding,
communicate, and terrorize their intended target. The Internet, in particular, is a wonderful tool
for creating fear because the potential for victimization increases. In addition, the threat feels
more real to individuals who were not directly involved than in a traditional attack. The widescale, sustained panic that has resulted from a variety of recent computer viruses, for example,
had far more impact on daily behavior and individual awareness than the events of September
11, 2001. Thus, a new day of terrorism which involves the theft or manipulation of data has
dawned.
Cyberterrorism
Cyberterrorism may be defined as a deliberate, politically or religiously motivated attack
against data compilations, computer programs, and/or information systems which is intended to
disrupt and/or deny service or acquire information which disrupts the social, physical, or political
infrastructure of a target. This general definition encompasses the complex myriad of
possibilities involving the implementation of computer technology in terrorist activities. Like
other activities involving the theft or manipulation of data, computers may be incidental to the
activity or serve as the target or the instrument or all of the above. It is anticipated that most
cyberterrorist acts will employ technology to target information systems, data, or the like. Thus,
in this sort of activity, computers will be both targets and weapons. Such instrumentality is
necessary to facilitate the acquisition of sensitive data, while the targeted device acts at best as an
information server and, at worst, as a self-imploding weapon of mass destruction.
Such implementation may take various forms, including, but not limited to, hacking, denial of
service attacks, and viruses or worms. Any of these forms could be successfully directed at
critical national and/or international infrastructures, causing electric blackouts, disrupted
communications, and the like. While not nearly as sensational as traditional weapons of mass
destruction, these targeted strikes could actually pose a greater danger to the American public,
due to the interconnectivity and ultimate reliance on public switch telecommunications. Think of
the devastation that could result from a simple (but sustained) electric blackout in Los Angeles.
Water purification systems, telecommunications, 911 emergency and central dispatch systems,
fuel outlets, financial institutions, public GPS systems, and so on could all become useless,
creating an untenable situation for public safety officials and health providers and destroying
public trust and social integrity.
Web of Hate and Destruction
One month after the Oklahoma City bombing, the Antiterrorism and Effective Death Penalty Act
of 1996 (AEDPA), providing for the study of terrorist-type information, was enacted.
Subsequent research conducted by the Department of Justice (1997) revealed a virtual plethora
of bomb-making information in both traditional publishing venues (e.g., Guerilla’s Arsenal:
Advanced Techniques for Making Explosives and Time Delay Bombs, Deadly Brew: Advanced
Improvised Explosives, The Anarchist Cookbook, The Anarchist Arsenal, etc.) and electronic
media. The proliferation of electronically accessible information is especially troubling, as the
sheer availability and affordability (i.e., free) creates a broader, less traditional audience, which
includes disgruntled teens and incarcerated felons. This information includes, but is not limited
to, instructional sites for a variety of bombs (thermite, pipe, mail, etc.), and newsgroups and
BBSs for exchanging information and soliciting advice.
Imagine the loss of life that could result if hackers successfully penetrated and manipulated data
sets located at major research centers or the Centers for Disease Control. Surreptitiously altering
a small portion of a formula for a vaccination, changing the labeling instructions for biological
contaminants, or systematically removing years of priceless research or patient records could
result in tens of thousands of deaths. The introduction of a computer virus or worm could also
wreak unforeseen havoc on public health, as officials across the globe have recently discovered.
In Britain and Italy, for example, computer viruses wiped out vital information from lengthy
hematology studies and one year’s worth of AIDS research. While in the United States, one large
hospital in the northeast lost over 40 percent of its patient records due to a particularly
destructive virus.
In addition to these highly focused attacks, terrorist organizations across the world are increasing
in strength by propagandizing their radical rhetoric to a global audience. Like many domestic
groups (e.g., Aryan Nations, White Aryan Resistance (WAR), Nation of Islam, etc.),
international organizations have found a safe, virtual platform where they can spew their
venomous dogma without fear of physical discovery or attack. These groups have also
effectively used the Internet to solicit funds and recruit new members—streamlining the hate
industry and reducing propaganda expenditures. In addition, groups such as Osama bin Laden’s
al Qaeda, Hezbollah, and Hamas are actively exchanging e-mail and utilizing strong encryption
algorithms to support their organizations. (In fact, Ramzi Yousef, one of the designers of the first
World Trade Center bombing, stored detailed plans to destroy U.S. airliners on encrypted files
on his laptop computer.) Other approaches include the launching of massive denial of service
attacks and defacement of Web sites against foreign governments.26
These attacks are perpetrated by amateurs and professionals alike. The “Internet Black Tigers,” a
group allegedly affiliated with the Tamil Tigers, have repeatedly attacked official sites of
numerous governments, while a variety of Chinese hacktivists announced their intention to
launch massive DoS attacks against American financial and government sites in the wake of a
crash involving a U.S. surveillance plane and a Chinese fighter. While American hackers vowed
to fight back, the long-term effects of such activity are often trivialized by officials, who claim
that tightened site security will eliminate the successes of such actors. They fail to recognize the
international conflicts or nuclear implications which may arise from the actions of cyberpunks.
Unfortunately, hacking activities appear to be gaining in popularity as how-to information is
freely distributed via the Internet (discussed in detail in Chapter 6).
NEOTRADITIONAL CRIME: OLD WINE IN NEW
BOTTLES
While Internet scams and the like have taken on a variety of appearances and may appear quite
innovative to the untrained investigator, many of them are simply new tricks from an old dog.
Get-rich-quick and work-at-home schemes have simply found a new home on the information
superhighway. Job, scholarship, and loved-one searches requiring advance fees have replaced the
sometimes nefarious gumshoes of the past. In fact, individuals and entities which have
traditionally preyed on the vulnerable within society have simply developed new, more
sophisticated modes of operation.
Dissemination of Contraband or Offensive Materials
Perhaps one of the most common, and certainly the most disturbing, criminal activities facilitated
through cyberspace is the sexual exploitation of children. From the onset of electronic bulletin
boards, pedophiles and child pornographers flourished with relative immunity in the virtual
world. The introduction of the World Wide Web has only increased the prevalence of such
activity, and a virtual explosion of child pornography has resulted. While traditional mechanisms
for enforcement against such persons included federal and state regulations, the virtual nature of
cyberspace has protected peddlers from traditional measures and has raised questions regarding
the legality of prohibitions. In addition, it has hampered law enforcement efforts by insulating
those inclined from enforcement by negating traditional methods of distribution which exposed
perpetrators to third parties.
CHILD PORNOGRAPHY
As stated previously, the Web’s advantages of increased knowledge, potential for self-education,
and global connectivity have been accompanied by significant disadvantages as well, and an
atmosphere most conducive to criminal networking has been a by-product. Where else could
pedophiles or child pornography peddlers meet and exchange information with little or no threat
of prosecution? Many individuals with deviant tendencies have found others similarly stimulated
via posting services or electronic bulletin boards, and they are protected under the umbrella of
the First Amendment because of their capability of performing “common carrier” functions—
like the telephone company or the post office. Such judicial perception, coupled with the increase
in Internet communications, has resulted in an explosion of child pornography and the
exploitation of children. In fact, this apathy has all but encouraged the development of
associations dedicated to the exploitation of children. NAMBLA (the National Association of
Men and Boy Lovers of America), for example, is an organization which proudly proclaims that
its mission is to forge relationships between men who love boys! Sponsoring a Web site, this
organization is no longer forced underground, but has an established presence on the Web.
Unfortunately, they are not alone. Numerous bulletin boards, newsgroups, Web sites, and chat
rooms are dedicated to this type of behavior, and remain hidden behind the First Amendment.
The possession or distribution of child pornography is jurisdictionally illegal in all 50 states and
in all territories under the umbrella of the United States. Apart from state statutes, it is also
illegal on the federal level. Although the Supreme Court ruled that the Child Pornography
Prevention Act was unconstitutional, the PROTECT Act has withstood constitutional challenges.
Additionally, there are other federal statutes that may be employed. To address the increasing
proliferation of online child pornography, the federal government has created the CyberTipline
(www.cybertipline.com), which is operated by the National Center for Missing and Exploited
Children, and the Innocent Images project which is coordinated by the Federal Bureau of
Investigation. It has also provided funding for collaborative efforts at the local level. However,
the definitions and parameters of child pornography legislation vary across jurisdiction, judicial
interpretation, and time.
Nambla—North American Man/Boy Love Association
In the 1970s, many civil rights advocates argued that the age of sexual consent be either lowered
or completely eradicated, as they argued that homosexual youths were being unfairly targeted by
law enforcement and society. In 1978, Tom Reeves convened a meeting titled “Man/Boy Love
and the Age of Consent.” At that time, David Thorstad and over two dozen men and boys formed
an organization known as the North American Man/Boy Love Association. While other groups
associated with gay rights originally championed the group’s efforts, they eventually abandoned
NAMBLA when it became clear that the organization’s stated agenda tended to portray all
homosexuals as child predators. (Harry Hay, a leader and pioneer of the gay rights’ movement,
originally protested the group’s exclusion from various gay rights marches and platforms.) In
fact, by the 1980s NAMBLA supporters had disappeared, and many gay rights organizations
openly rejected them and their platform.
In 2001, an undercover FBI agent joined the organization. Over a period of several years, the
agent met with various members and attended organizational gatherings. During the course of the
investigation, FBI agent Robert Hamer had various conversations with members involving the
illegal exploitation of minors, including some with the defendant regarding the development of a
travel agency that catered to trips to facilitate the sexual contact between NAMBLA members
and minors. Defendant Mayer was subsequently convicted of travel with intent to engage in
illicit sexual conduct in violation of 18 U.S.C. § 2423(b). On appeal, Mayer argued that the
investigation was initiated based upon his membership in NAMBLA—an action that violated his
First Amendment right to free speech and association. In addition, Mayer argued that the agent’s
undercover persona and subsequent actions violated his Fourth and Fifth Amendment rights.
Although the Ninth Circuit has a reputation of being “liberal,” they ruled that his claims were
without merit.
According to the Office of Juvenile Justice and Delinquency Prevention (OJJDP) and the
National Center for Missing and Exploited Children (NCMEC), almost all possessors of child
pornography are white males who are older than 25. The vast majority of them (83 percent) had
images of prepubescent children in a situation depicting sexual penetration. More than one-fifth
of these images depicted sexual violence to children, including bondage, torture, and rape. In
addition, more than 50 percent of the cases investigated by law enforcement were a result of
third party information. While the possession of child pornography cases mainly originated from
state and local agencies (60 percent), others were initiated by federal and international
authorities. Most frightening, however, is the fact that 40 percent of those arrested for child
pornography were considered to be “dual offenders” who had also sexually victimized children,
and an additional 15 percent had attempted to sexually victimize children by soliciting
undercover investigators who had posed online as minors.27 Unfortunately, the statistics revealed
in the National Juvenile Online Victimization Study are but the tip of the iceberg. It is important
to remember that they were based solely on those arrested for possession of child pornography.
Statistics that reveal the true extent of the online victimization and exploitation of children via
the Internet are all but impossible to estimate.
A Sampling of Teen Acronyms and Codes for Texting and
Messaging
OMG—oh my God
LOL—laugh out loud
IDK—I don’t know
411—information
ASL—age, sex, location
BF/GF—boyfriend and girlfriend
BRB—be right back
W/E—whatever
CD9—Code 9, parents are around
PAW—parents are watching
PRW—parents are watching
POS—parent over shoulder
MOS—mom over shoulder
PIR—parent in room
(L)MIRL—let’s meet in real life
GNOC—get naked on webcam
NIFOC—naked in front of computer
TDTM—talk dirty to me
Motivations for child pornography possession vary widely, ranging from sexual gratification to
economic gain. For the most part, however, the literature reveals four primary motivations for
such possession:
•
•
•
•
• pedophilia or hebephilia—possession is designed to satisfy sexual fantasies or provide
gratification for those individuals who are sexually interested in prepubescent children or
adolescents
• sexual miscreants—possession is designed to satisfy a desire for new and different sexual
stimuli
• curiosity seekers—possession is undertaken to satisfy a peculiar curiosity
• criminal opportunists—possession, and subsequent distribution, is designed for economic
profit.
International Efforts to Control Online Child Pornography
Among other things, the U.S. Constitution and Bill of Rights protect American citizens from
unreasonable searches and seizures and grants them the ability to freely express their thoughts,
ideas, and expressions. Without question, these guarantees provide Americans with the highest
degree of freedom without hindering quality of life aspirations. However, these same protections
allow many online criminals to advertise and sell illicit materials, as it is virtually impossible for
American authorities to monitor electronic communications within these parameters. In fact, any
attempts have resulted in wide-scale backlashes, hacktivism, and online blackouts. The best
example of such occurred over the introduction of the Stop Online Piracy Act (SOPA) and the
PROTECT IP ACT (PIPA). On January 18, 2012, thousands of Web sites, including
heavyweights Google and Wikipedia, went dark in a formal protest against the proposed
legislation which clearly advocates online censorship. However, other countries have
successfully combated child pornography through the passage of legislation which censors
online content.
In 2007, Swedish authorities announced that Picsearch, a popular Internet search engine, would
delete all current and future links to sites containing child pornography. In addition, the company
agreed to provide a listing of sites to law enforcement authorities. Swedish authorities believe
that a reduction in accessibility to such sites will reduce the proliferation of child pornography
and physical child exploitation.
CASE IN POINT The Death of Somer Thompson
In early 2012, Jarred Harrell pled guilty to the rape and murder of second grader Somer
Thompson. The seven-year-old victim had been abducted as she walked home from school with
her twin brother and older sister. She was last seen near a vacant house located just 500 yards
from her house. Authorities discovered her body days later in a landfill. More than three months
and thousands of leads later, Jarred Harrell, her former neighbor, was arrested on charges of
child pornography after his former roommates turned his computer over to the authorities. He
later pled guilty to her murder.
Although all child pornography possessors are a concern for society in general, and law
enforcement in particular, those posing the greatest immediate threat to the physical safety of
children are those motivated by pedophilia or hebephilia. Fortunately, pedophiles and hebephiles
may be the easiest to catch for law enforcement as they often find it necessary to maintain
trophies or visual stimuli of their victims and may graphically articulate elaborate fantasies
through writings or such.
CHILD ENTICEMENT/EXPLOITATION
Child pornography is insidious on its face, as the relationship between the possession of child
pornography and child molestation has been well documented both in the academic literature and
judicial opinions. In fact, almost 40 percent of arrested offenders who met victims online
possessed child pornography.28 It is used as both a tool for sexual gratification and, more
disturbingly, as a means to seduce or groom (i.e., overcome inhibitions about sexual activity)
potential victims. Just as the Web has streamlined the availability of and accessibility to such
materials, it has provided a social environment in which predators scan the landscape for
potential targets. Their typical prey includes those individuals who express frustration with
parental controls or who appear particularly naïve or vulnerable. These include children who are
confused about their own sexuality or who express feelings of ostracism. Typically, the victims
are youngsters who enjoy access to unsupervised computer communications. While many of
them are actively seeking associations with adult suitors, others are unsuspectingly lured into
fictional relationships that encourage dangerous liaisons. Such was the case with a Connecticut
teen who was raped by Francis Kufrovich, a California man posing as a teenager. Unfortunately,
it is anticipated that this type of behavior will increase in pace with the availability of Internet
communications. However, proactive law enforcement initiatives may result in the identification
and prosecution of offenders.
In 2002, David Westerfield was charged with the murder of seven-year-old Danielle Van Dam.
During the trial, prosecutors introduced evidence from Westerfield’s computer of images of
female children being raped. Westerfield was found guilty and sentenced to death by a California
judge. The case made headlines across the country. Unfortunately, the significance of
Westerfield’s predilection for child pornography was largely overlooked by the popular media
who focused on the lifestyle of the victim’s parents, avowed swingers who were engaging in
sexual activity with strangers the night of the child’s disappearance. (Pool/Getty Images)
Although many pedophiles searching the Internet for victims usually practice with the
expectation of limited enforcement, proactive, cursory investigations may allow investigators to
surprise the unsuspecting predators. Fortunately for law enforcement, many of these perpetrators
assume that (1) the individuals to whom they are communicating are accurately representing
themselves, and (2) their behavior is hidden behind a Web of anonymity. In fact, these
perceptions have proven to be shortsighted as even noncriminals mask their identity, and the
First Amendment does not protect anonymous communications. These characteristics may be
exploited by proactive law enforcement agencies like the San Jose Police Department, who may
create fictitious organizations or identities to seduce the seducer. (In addition, law enforcement
agencies may find evidentiary support in the forensic analysis of seized media from the suspect’s
home as most child pornographers keep their collections within arm’s reach.)
ONLINE PHARMACIES
The emergence of a worldwide marketplace and the lack of applicable regulations have resulted
in an explosion of questionable capitalist enterprises. Online pharmacies, for example, benefit
consumers by encouraging competitive pricing with noncyber outlets, but offer little protection
against fraud. Virtually all of the available online pharmacies claim legitimacy, arguing that
transactions require valid prescriptions. However, many of these sites operate illegally,
maintaining no license at all or dispensing medicines in states in which they are not licensed.
Some do not even require a valid prescription, prescribing medicine to individuals who complete
short questionnaires, while others simply dispense medicine upon demand.
Federal Statutes: Child Pornography and Exploitation
Mandatory Maximum
Minimum
Penalty
15 years—1st 30 years—1st
offense
offense
Section
Prohibits
18 U.S.C. §
2251(a)
Employing, using, or enticing a minor to engage
25 years—
in sexually explicit conduct for the purpose of
2nd offense
producing a visual depiction of that conduct
18 U.S.C.
2251(b)
18 U.S.C. §
2251(c)
18 U.S.C. §
2251(d)
18 U.S.C. §
2251A(a)
18 U.S.C. §
2251A(b)
18 U.S.C. §
2252(a)(1)
Parent or guardian permitting a minor to engage
in sexually explicit conduct for the purpose of
producing a visual depiction of that conduct
Employing, using, or enticing a minor to engage
in sexually explicit conduct outside the United
States to produce a visual depiction of that
conduct for the purpose of transporting it to the
United States
Advertising to receive, trade, buy, or distribute a
visual depiction of a minor engaging in sexually
explicit conduct or to participate in any act of
sexually explicit conduct with a minor for the
purpose of producing a visual depiction of that
conduct
Parent or guardian selling or transferring custody
of a minor knowing or intending that the minor
will be portrayed in a visual depiction of sexually
explicit conduct, or offering to do so
Purchasing or obtaining custody of a minor,
knowing or intending that the minor will be
portrayed in a visual depiction of sexually
explicit conduct, or offering to do so
Transporting a visual depiction of a minor
engaging in sexually explicit conduct
50 years—2nd
offense
35 years—
3rd offense
Life—3rd
offense
Same as
above
Same as above
Same as
above
Same as above
Same as
above
Same as above
30 years
Life
Same as
above
Same as above
5 years—1st
20 years—1st
offense
offense 40
Mandatory
Minimum
15 years—
2nd offense
Same as
above
Section
Prohibits
18 U.S.C. §
2252(a)(2)
Receiving or distributing a visual depiction of a
minor engaging in sexually explicit conduct
Selling, or possessing with intent to sell, a visual
Same as
depiction of a minor engaging in sexually explicit
above
conduct
None—1st
offense
Possessing a visual depiction of a minor
engaging in sexually explicit conduct
10 years—
2nd offense
5 years—1st
offense
Transporting child pornography
15 years—
2nd offense
Same as
Receiving or distributing child pornography
above
Reproducing child pornography for distribution,
or advertising material as an obscene visual
Same as
depiction of a minor engaging in sexually explicit
above
conduct or as a visual depiction engaging in
sexually explicit conduct
Selling, or possessing with intent to sell, child
Same as
pornography
above
None—1st
offense
Possessing child pornography
10 years—
2nd offense
18 U.S.C. §
2252(a)(3)
18 U.S.C. §
2252(a)(4)
18 U.S.C. §
2252A(a)(1)
18 U.S.C. §
2252A(a)(2)
18 U.S.C. §
2252A(a)(3)
18 U.S.C. §
2252A(a)(4)
18 U.S.C. §
2252A(a)(5)
Maximum
Penalty
years—2nd
offense
Same as above
Same as above
10 years—1st
offense
20 years—2nd
offense
20 years—1st
offense
40 years—2nd
offense
Same as above
Same as above
Same as above
10 years—1st
offense
20 years—2nd
offense
Like other areas of traditional commerce which have been impacted by the emergence of the
Internet, the sale of pharmaceutical drugs is changing dramatically. Although many Americans
shop at local drugstores for convenience in the processing of insurance claims, many argue that
there are a variety of reasons why they prefer the online sites. These include the following:
•
•
•
•
• the privacy and convenience of ordering medications from their homes
• greater availability of drugs for shut-in people or those who live far from the pharmacy
• the ease of comparative shopping among many sites to find the best prices
• greater convenience and variety of products
•
• easier access to written product information and references to other sources than in
traditional storefront pharmacies.
In 2005, a multiagency task force which included the Drug Enforcement Administration and the
Federal Bureau of Investigation arrested individuals in Canada, India, and 11 American cities for
operating a fraudulent online pharmacy that sold $20 million worth of controlled drugs to
individuals across the globe. Physically located in India, the Internet ring supplied drugs for 200
Web sites. Authorities involved in Operation Cyber Chase seized $7 million from various banks
and over 7 million doses of drugs. The pharmacy, which did not require a prescription, sold
Schedule II–V pharmaceutically controlled substances, including anabolic steroids,
amphetamines, and the painkiller Vicodin. In 2010, federal authorities closed down two
pharmacies responsible for shipping 30,000 packages of prescription drug in the first six months
of 2010. The majority of the prescriptions were authorized by a sole Utah physician who had not
seen or even talked with buyers. In March 2012, Senator Charles E. Schumer championed the
SAFE DOSES Act, which would target illegal drug dispensation.
ONLINE GAMBLING
American society has had a perverse relationship with gambling since the colonial period. While
some colonies, like the Puritan-led Massachusetts Bay Colony, treated it as a tool of the devil,
others viewed it as a harmless diversion. As such, early laws regarding gambling were
inconsistent, both in substance and application. However, even those colonies that outlawed
gaming relied on state-sponsored lotteries to raise revenue. (In fact, lottery revenues are directly
responsible for the development of some of the nation’s most prestigious universities, including
Harvard and Yale.) Eventually, even state-sponsored gambling became largely illegal as lottery
scandals and a religious zealotry swept the nation.29 Thus began the nation’s love/hate
relationship with the activity.
By the 1920s, state attitudes toward gambling had become entrenched. While some states,
especially those in the South, outlawed the activity in its entirety, other states developed more
selective approaches to prohibition, allowing parimutuel wagering in horse racing or church-run
bingo. Casinos, slot machines, and table games were prohibited in most areas, and organized
crime groups quickly stepped in to fill the public’s demand. Since that time, organized crime has
found a way to insinuate itself into all types of gaming and all geographic areas, even those
outside the United States.
In 1995, Internet Casinos, Inc. (ICI), launched the first online casino with 18 games. Since that
time, Internet gaming has been increasing exponentially, fueled in part by the increasing
visibility and idolatry of international poker stars. In 2005, one study estimated that the revenues
from online gambling were close to $10 billion.30 By 2015, that number is expected to rise to
over $180 billion31. In fact, the phenomenal success achieved by online gaming sites have been
duly noted by politicians, labor unions, and community groups. In 2013, for example, the New
Jersey legislature passed a bill (AS 2578) which would legalize Internet gambling. The bill was
proposed after Rational Group US Holdings, the parent company of online powerhouses
PokerStars and Full Tilt Poker, announced that it would consider the purchase of the Atlantic
Club. If successful, the acquisition would mark the first merger of an American based casino
with an online-gaming company32. There are several factors which make online gaming
attractive to consumers. These are the same factors which may increase the dangers of addiction,
bankruptcy, and crime. These include, but are not limited to, the following:
•
•
•
•
• The lack of physicality and geographical location makes online casinos accessible to any
user with a computer, PDA, or cell phone. Users can access a gambling site from home, hotel
rooms, libraries, sporting events—anywhere.
• The continuous operation of online casinos makes them accessible 24 hours a day.
• The accessibility to minors increases the consumer base for online gambling, as proper age
verification is not attempted.
• The increase in e-banking allows users to access and add funds without even leaving their
chair. This lack of a cooling off period is exacerbated by the psychological intangibility of ecash and encourages customers to overspend.
In addition to the dangers to individuals, online gambling is also detrimental to American society
as a whole as they fail to create jobs or other revenue, and provide avenues for money
laundering.
Threatening and Harassing Communications
Combating Illegal Online Gambling through Denial of
Financing
Long before the passage of the Unlawful Internet Gambling Enforcement Act (UIGEA), eight of
the largest banks had implemented policies to deny payment authorization of Internet gambling
transactions.33 While such strategies were initially successful, gaming operators developed
mechanisms for avoiding blockages—some legal, some not.
•
•
• Fraudulent methods: miscoding of transactions, development of third party companies,
submission through nongambling merchants, and so on.
• Legal methods: online payment aggregators, wire transfers, online debit cards, and e-cash.
Irrespective of motivation, the proliferation of Internet communications has provided criminals
with a safer, more effective environment in which to threaten their victims. Perceived anonymity
and the convenience of online communication have resulted in a virtual explosion of online
victimization. While many of the criminals involved in such activity have simply altered their
method of exploitation or harassment, the increase in the same suggests that the medium has
created an entirely new breed of perpetrators. In either category, aggressors are engaged in
activities which promote fear and insecurity among those targeted.
Victims of harassment and stalking are overwhelmingly females or children, while most stalkers
are white males between the ages of 18 and 35.34 Although motivations of individual stalkers
vary, there are four general categories. The first, and most common, are known as obsessional
stalkers. On average, these individuals seek to re-establish a relationship with an unwilling
partner and are considered to be the most dangerous of stalkers. In fact, their pattern of
intimidation, coercion, and harassment are almost parallel to that of the perpetrators of domestic
violence. The second most common category involves individuals who have low self-esteem and
target a victim whom they hold in high regard. An example of this love-obsession stalker is
John Hinkley, Jr.—who shot President Reagan to gain the attention of actress Jodie Foster. The
third category of stalkers is referred to as erotomaniacs. These stalkers are delusional and
believe that their victim is in love with them or has had a previous relationship with them. When
arrested, these individuals often garner much media attention, as their intended targets are often
celebrities or high-profile people. Perhaps the best example of this type of stalker was Margaret
Mary Ray, a middle-aged mother who repeatedly broke into David Letterman’s home. Ray, a
diagnosed schizophrenic, told investigators and responding officers that Letterman was her
husband. While it is not clear what motivates this particular group of stalkers, academics suggest
that mental illness or tragic events precipitate this sort of behavior. (Ray eventually ended her
own life by placing herself in front of a locomotive.) The final category of stalkers is the newest
and most unique. Unlike the previous categories, the vengeance or terrorist stalker does not
seek or fantasize about a personal relationship with the victim. Rather, these individuals are
motivated by either economic gain or revenge.35
CYBERSTALKING AND CYBERHARASSMENT
In addition to increasing the viability of vice crimes to assorted individuals, computers have also
provided the means for many individuals to more effectively stalk and harass their targeted
victims. Just as its real-world counterpart, the insidious nature of this type of activity has
remained unrecognized. In fact, individuals were free to verbally, physically, and sexually harass
and terrorize objects of their attentions. However, Congress enacted a legislation in 1994 which
prohibited this type of behavior, due primarily to the attention garnered in the wake of the
stalking and murdering of actress Rebecca Shaeffer in 1990. In the most general sense, stalking
may be defined as the willful, malicious, and repeated following and/ or harassing another person
in an effort to inflict or cause fear of actual harm through words or deeds. By extension,
cyberstalking is the same form of activity committed via electronic communications.
Cyberharassment, on the other hand, focuses on actual harm suffered, including defacement of
character, and the like. In fact, the distinctions between the two are subtle at best. In a general
sense, the primary differences between the two involve actual harm suffered. Cyberstalking
statutes, for example, are directed at activities which may be threatening or may result in injury.
Cyberharassment statutes, on the other hand, focus on activities that are threatening, harassing,
or injurious on their face. Due to the lobbying of many Hollywood heavyweights, stalking is
often treated more harshly and is usually treated as a felony. Fortunately, federal authorities and
many state legislators have passed antistalking legislation. However, both have failed to fully
incorporate all of the activities which may be committed in this increasingly sophisticated age.
For example, the Interstate Stalking Punishment and Prevention Act of 1996 (18 U.S.C. §
2261A) made it a federal offense to travel across a State line or within the special maritime and
territorial jurisdiction of the United States with intent to injure or harass another person, and in
the course of, or as a result of, such travel places that person in reasonable fear of, or serious
bodily injury to… that person or a member of that person’s immediate family shall be punished
as provided in section 2261 of this title.
Although this has been used successfully, other federal legislation directly targeting online
stalking have not passed congressional muster (two bills, introduced in the 103rd and 104th
Congress, died in committee). These bills would have amended the Federal Telephone Harassing
Statute to include communications by modem or other two-way wire and would have forbidden
anonymous interstate or foreign communications made with the intent to annoy, abuse, threaten,
or harass any person at the called number.
In the past several years, most states have attempted to modernize traditional statutes, and 44
states specifically incorporate electronic communications in their stalking and harassment
statutes.36 In addition, other states have passed legislation or rendered traditional statutes
technology-neutral. However, there appears to be a lack of consensus regarding the insidious
nature of harassment and stalking activities overall, and third-party harassment and/or stalking
has not been addressed. Thus, new legislation at all levels is desperately needed as online
stalking will almost certainly outpace offline stalking due to the perceptions of confidentiality
and the empowerment of anonymity.
Many individuals, including both law enforcement and civilians, continue to perceive that
cyberstalking is less dangerous than physical stalking. However, cyberstalking has the potential
to be far more insidious and pervasive as the popularity of remailers, anonymizers, ease of
access, mass distribution capability, and the like increase. As with other crimes, individuals who
may not be tempted to engage in physical retribution or stalking of a particular victim may be
lured into cyberstalking. In addition, such activities may lead to physical or real-world stalking
activities.
Eight percent of women and 2 percent of men in America are stalked each year. In the general
public, these numbers would represent over 1 million women and 370, 990 men in the United
States every year.37 However, the LAPD District Attorney’s Office and NYPD’s estimates of
cases that include physical stalking predicated on previous electronic communications are 20
percent to 40 percent, respectively. (In Great Britain, the figures were 58 percent of men and 41
percent of women as victims.) Generally speaking, empirical e...
Purchase answer to see full
attachment