Computer Crime for Law Enforcement Professionals - a Glossary

One would be hard-pressed to come up with a segment more under-prepared for their challenge than law enforcement professionals faced with the task of policing the world of computing. Detective work was much simpler when everybody and his mother didn't have a computer. Herein, some basic terms to get you started.

HACKER: The meaning of the word hacker has been corrupted from its original intention. Originally, it meant somebody who was very good at programming. The members of the MIT labs, AT&T Bell labs, and Xerox Parc originally referred to themselves as 'hackers', in much the same way that a ranch worker would use the title 'cowboy'. Not everybody who calls themselves 'hacker' today is admitting to criminal activity. Nevertheless, there has been much awareness of how the term has changed, so that now a security professional working in computers may designate their specialty with a hat color system: e. g. a 'white hat hacker' programs security and encryption software, a 'black hat hacker' practices overcoming security and encryption, etc. Outside of the security field, the term hacker has fallen widely out of use.

CRACKER: What the public actually means when they say 'hacker'. A cracker breaks into networks and servers for all variety of crimes requiring access, ranging from identity theft to setting up a botnet. Contrary to the popular Hollywood image, a cracker in fact is not particularly adept at programming or computers in general, but is merely exploiting a widely-known (in the underground) security hole in a given system usually using a simple tool downloaded from a "hacking" website. A cracker is no more a computer wizard than a car thief is a master mechanic. In fact, the nature of breaking into computers and breaking into houses and cars is almost identical.

CYBERSTALKING: The most common complaint you will be dealing with in street police work. People will use the Internet to stalk and harass their intended victim. The tools for discovering personal details of someone are widely available on the web. It is suggested that you try to use online "people finder" services to see how much information there is available about yourself, for starters.

It is quite easy to find out last known address from a name, a name and location from a website address, a location and service provider for an IP address, personal details for a chat room screen nick or email address, and so on. A dedicated stalker will use every service at their disposal, compiling information from various sources until they at least have a way to contact their target, if not steal their target's identity.

PIRACY: This can be anything from the 'ripping' (breaking copy protection) of commercial software which is then posted online for resale or ratio-download (called 'warez') to the copying and distribution of media (CDs, DVD movie, etc.). If you thought the war on drugs was out of hand, you'll have a similar feeling about Internet piracy. There is effectively nothing that can be done to cure the problem, only half-measures to stifle it. The issue is mired in the international business and laws of the world, the hazy issue of how far copyright extends under what circumstances, the various definitions of fair use, and the blundering incompetency of such entities as the RIAA, which is more likely to harass innocent grandmothers (who accidentally received an unauthorized tune in their electronic greeting card) than go after a real pirate.

Furthermore, digital protections against piracy do nothing to stop real pirates, but are great for preventing you from watching the DVD movie that you paid for on your PC. It may be ten years yet before the world gets a handle on this. In the mean time, take piracy accusations with a grain of salt, and only pursue an investigation if you know the suspect is actually running a large-scale piracy operation for profit.

IDENTITY THEFT: Related to the above entry on cyber stalking, this has a different motive. Instead of the perpetrator having a personal grudge against the victim, this is for profit. Mainly credit card numbers and bank data are targeted, and then sold internationally for sums of money. The means of stealing the data can be anything from 'dumpster diving' for receipts and discarded paperwork, to theft of computers containing customer databases to online scams to con gullible users into surrendering personal data. A huge underground, international market exists for this activity, and it is even said that identity theft drives "the new mafia".

PHISHING: The number-one method of online identity theft. Phishing is a very basic process: you just build a web site that looks just like a bank web site, spam emails to potential bank customers with a link to the fake site and some kind of story about how they need to come to it and re-enter their data (frequently the story is that the bank's site crashed and they have to update their financial records), then record the data and sell it to the stolen identity market. A large segment of the population is shockingly trusting of phishing scams.

'419': This is the most common variety of online confidence scheme. Instead of posing as a bank site, the perpetrator poses as any variety of fanciful characters and tells a story hoping to get money out of the victim. The classic '419' scam is to pose as a foreign price who has a huge amount of money they need to store, and offers to give some to the victim. The victim is then gradually coerced through subsequent online correspondence to send the perpetrator money for some made-up reason like 'processing fees'.

This is also known as the 'advance fee fraud'. The variations range as far as human imagination permits, and includes posing as a lottery authority notifying the victim that they've 'won', a lawyer notifying the victim of an inheritance from a distant relative, soap-opera-like kidnapping plots where the victim is persuaded that they're rescuing a victim by paying a ransom, and highly fanciful plots worthy of a novel. In some countries, profits from '419' scams actually count as a sizable portion of their gross domestic product!

BOTNET: This involves infecting the target computer with a virus whose purpose is to take over the target computer, turning it into the criminal's puppet. These are always large-scale operations, with a global network of "zombie" computers operating at the criminal's whim, who then unites the machines in a botnet and uses it to perpetrate another crime such as spamming, attacks against web servers, identity theft, and so on. The "master" of a botnet is sometimes referred to as a 'herder'. The victim is never aware that their computer has become part of these zombie networks. This is again a part of the international cyber-crime scene.

Seed Newsvine

Bookmark this article in your preferred program

Comments

Add Comment

Popular Articles in this cathegory

This article is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.