Chapter 12: The High-Tech Offender

High Technology and Criminal Opportunity

The twenty-first century has been described by some as representing the epitome of the postindustrial information age. Information, as many now recognize, is vital to the success of any endeavor, and certain forms of information hold nearly incalculable value. Patents on new products, the chemical composition of innovative and effective drugs, corporate marketing strategies, and the financial resources of competing corporations are all forms of information whose illegitimate access might bestow unfair advantages upon unscrupulous competitors. Imagine, for example, the financial wealth and market share which would accrue to the first pharmaceutical company to patent an effective AIDS cure. Imagine, as well, the potential profitability inherent in the information describing the chemical composition of that drug—especially to a competitor who might beat the legitimate originator of the substance to the patent desk, or who might use stolen information in a later bid to challenge patents already issued.

Such a scenario is not far fetched. In 1994, for example, the huge pharmaceutical manufacturer Merck announced(1) that it would file in 1995 with the federal government and the regulatory agencies of twenty-seven other countries a request for permission to market its new medicine, Fosamax. Fosamax, a drug intended to reverse the effects of osteoporosis in postmenopausal women, was described as a corporate centerpiece in the plan to ensure Merck's leadership position among pharmaceutical manufacturers worldwide. The introduction of Fosamax to the pharmaceutical marketplace, along with ongoing clinical trials, was announced only after years of guarded negotiations and developmental research. The carefully crafted introduction was intended to ensure Merck's clear claim to ownership of the chemical compound in Fosamax, which should prove highly profitable for the company. Merck officials estimated the osteoporosis health care market in the United States alone at $10 billion annually.

High-tech criminals seeking illegitimate access to computerized information, and to the databases that contain it, have taken a number of routes. One is the path of direct access, by which office workers, or corporate spies planted as seemingly innocuous employees, violate positions of trust and use otherwise legitimate work-related entry to a company's computer resources to acquire wanted information. Such interlopers typically steal data during business hours, under the guise of normal work routines.

Another path of illegal access is sometimes called computer trespass and involves remote access to targeted machines. Anyone equipped with a home computer and a modicum of knowledge about computer modems, telecommunications, and log-on procedures has easy access to numerous computer systems across the country. Many such systems have few, if any, security procedures in place to thwart would-be invaders. In one recent case, for example, a Silicon Valley software company learned that a fired software developer had been using her telephone to enter its computers.(2) By the time she was caught, the woman had copied million of dollars worth of the company's programs. It was later learned that the stolen software had been slated for illicit transmission to collaborators in Taiwan. Had the scheme succeeded, many thousands of "pirated" copies of the software would have been distributed at great financial loss to the legitimate copyright owners. In a similar scenario, a Florida television news editor was recently arrested after moving to a new job with a different station for allegedly entering the computer of his former employer via telephone and copying researched stories.(3)

More exotic techniques used to steal data stored in computers extend to reading the electromagnetic radiation produced by such machines. Electromagnetic field (EMF) decoders, originally developed for military purposes, are capable of scanning radio-frequency emanations generated by all types of computers. Key stroke activity, internal chip-processed computations, disk reads, and the like can all be detected and interpreted at a distance by such sophisticated devices under favorable conditions. Computers which have been secured against such passively invasive practices are rarely found in the commercial marketplace. Those which are available to commercial organizations generally conform to a security standard developed by the United States military called TEMPEST.

Some criminal perpetrators intend simply to destroy or alter data without otherwise accessing or copying it. Disgruntled employees, mischievous computer hackers, business competitors, and others may all have varied degrees of interest in destroying the records or computer capabilities of a company.

In what proved to be the first criminal prosecution of a person accused of creating a computer virus, Texas programmer Donald Gene Burleson was arrested in 1988 for allegedly infecting a former employer's computer with a program designed to destroy the information it contained. Since Burleson's arrest, many other would-be imitators have taken similar paths of revenge. According to Richard Baker, author of the respected Computer Security Handbook, "the greatest threat to your computers and data comes from inside your company, not outside. The person most likely to invade your computer," says Baker, "is not a gawky youngster in some other part of the country but an employee who is currently on your payroll."

Technically speaking, computer crime, which involves a wide variety of potential activities, is any violation of a federal or state computer crime statute. A recent estimate by the prestigious accounting firm Ernst & Young puts the cost of computer crime in the United States at between $3 billion and $5 billion a year.(5) According to some experts, "that may be just the beginning." As one technological visionary observes, "Our society is about to feel the impact of the first generation of children who have grown up using computers. The increasing sophistication of hackers suggests that computer crime will soon soar, as members of this new generation are tempted to commit more serious offenses."(6) Table 12.1 lists five major categories of computer crime, along with examples of each.

Thou shalt not steal thy neighbor's data.

—InterLockÆ security devices advertisement

While the theft or damage of information represents one area of illegitimate criminal activity, the use of technology in direct furtherance of criminal enterprise constitutes another. Illegal activity based upon advanced technologies is as varied as are the technologies themselves. Nuclear blackmail may represent the extreme technologically based criminal threat, while telephone fraud and phone "phreaking" are examples of low-end crimes that depend upon modern technology for their commission.

Phone phreaks use special dial-up access codes and other restricted technical information to avoid long-distance charges. Some are able to place calls from pay phones, while others fool telephone equipment into billing other callers. As a top telecommunications security expert explains it, "many organizations discover they have been victims of telephone fraud only after their telephone bill arrives in a carton instead of an envelop."(7)

As some companies have been surprised to learn, the responsibility for payment of stolen telephone time may rest with them. A year ago, for example, a U.S. district court ordered Jiffy Lube International, Inc., to pay AT&T $55,727 for long-distance calls made by computer hackers who had stolen the company's access codes. Judge Frank Kaufman said the law "squarely places responsibility upon a customer, such as Jiffy Lube, for all calls whether or not authorized."(8) In effect, Judge Kaufman sent a message to corporations nationwide that they can be held responsible for ensuring the security of their telephone services.

 

Categories of Computer Crime

Internal computer crimes

Trojan horses

Logic bombs

Trap doors

Viruses

Telecommunications crimes

Phone phreaking

Hacking

Illegal bulletin boards

Misuse of telephone systems

Computer manipulation crimes

Embezzlements

Frauds

Support of criminal enterprises

Databases to support drug distributions

Databases to support loan sharking

Databases to support illegal gambling

Databases to keep records of illegal client transactions

Money laundering

Hardware/software thefts

Software piracy

Thefts of computers

Thefts of microprocessor chips

Thefts of trade secrets

Source: Adapted from Catherine H. Conly and J. Thomas McEwen, "Computer Crime," NIJ Reports, January/February, 1990, p. 3.

Summary

High-technology crimes hold the potential to vastly change our understanding of crime. Illegal wire transfers of huge asset stores, nuclear subterfuge, and computer crime are all emerging as novel forms of criminal enterprise. Some forms of high-technology crime hold dangers never before imagined. Nuclear terrorism, for example, holds the potential to destroy more property and to claim more human lives than decades of traditional criminal activity.

The very nature of contemporary society dictates that crimes exploiting high technology will always be with us. It can only be hoped that enforcement technologies continue to keep abreast of technologies that serve criminal purposes. Unfortunately, however, no one is able to realistically assess even the current extent of high-technology crime, let alone accurately imagine the form future high-tech crimes will take.

Efforts to control high-technology crime open a Pandora's box of issues related to individual rights in the face of criminal investigation and prosecution. Such issues extend from free speech considerations to guarantees of technological privacy in the midst of digital interconnectedness. As we enter the twenty-first century, it is incumbent upon us to strike an acceptable balance between constitutional guarantees to continued freedom of access to legitimate activities based upon high technology, and enforcement initiatives which can deal effectively with the massive threat high-technology crimes represent.

Discussion Questions

Note: you may be requested by your instructor to e-mail the answers to these questions to his or her office. If so, be sure to add your name (or other identifying information) to your answers, since your e-mail address may not tell your instructor who you are.

Click here for e-mail homework form!

1. What is the difference between high-technology crime and traditional forms of criminal activity? Will the high-technology crimes of today continue to be the high-technology crimes of tomorrow? Why or why not?
2. What forms of high-technology crime can you imagine that this chapter has not discussed? Describe each briefly.
3. Do you believe that high-technology crimes will eventually surpass the abilities of enforcement agents to prevent or solve them? Why or why not?
4. What different kinds of high-tech offenders can you imagine? How best might each type be dealt with? Give reasons for your answers.

 

Notes

(1) Merck and Co., Inc., Interim Report for the Period Ended June 30, 1994, p. 4.

(2) Kenneth Rosenblatt, "Deterring Computer Crime," Technology Review, Vol. 93, no. 2 (February/March 1990), pp. 34-41.

(3) Ibid.

(4) This and most other definitions related to computer crime in this chapter are taken from Donn B. Parker, Computer Crime: Criminal Justice Resource Manual (Washington, D.C.: National Institute of Justice, 1989).

(5) Rosenblatt, "Deterring Computer Crime."

(6) Ibid.

(7) Stephen R. Purdy, "Protecting Your Telephone Systems Against Dial-Tone Thieves," Infosecurity News, July/August 1993, p. 43.

(8) "Out Slicked," Infosecurity News, July/August 1993, p. 11.

Back to Criminology Today Home Page
Back to Chapter Links

© Prentice-Hall, Inc. A Simon & Schuster Company Upper Saddle River, New Jersey 07458

Legal Statement