forensic and investigative accounting chapter 15 cybercrime management: legal issues © 2007 cch....

Forensic and Investigative AccountingForensic and Investigative Accounting

Chapter 15

Cybercrime Management:

Legal Issues

© 2007 CCH. All Rights © 2007 CCH. All Rights Reserved.Reserved.

4025 W. Peterson Ave.4025 W. Peterson Ave.

Chicago, IL 60646-6085Chicago, IL 60646-6085

1 800 248 32481 800 248 3248

www.CCHGroup.comwww.CCHGroup.com

Chapter 15 Forensic and Investigative Accounting 2

Introduction to CybercrimeIntroduction to Cybercrime

Most common complaints:Most common complaints: Virus attacks ...............................................65%Virus attacks ...............................................65% Laptop/mobile theft ....................................47%Laptop/mobile theft ....................................47% Insider abuse of net access .........................42%Insider abuse of net access .........................42% Unauthorized access to information ...........32% Unauthorized access to information ...........32% Denial of service .........................................25%Denial of service .........................................25% System penetration ......................................15%System penetration ......................................15% Abuse of wireless network….......................14%Abuse of wireless network….......................14% Theft of proprietary information ...................9%Theft of proprietary information ...................9% Financial Fraud …….....................................9%Financial Fraud …….....................................9%


Net FraudsNet Frauds

Net fraudsNet frauds ensnare unsuspecting Internet ensnare unsuspecting Internet users into giving up their resources to an users into giving up their resources to an online criminal.online criminal.


Unauthorized Access to Unauthorized Access to Network AssetsNetwork Assets

Unauthorized access to steal proprietary Unauthorized access to steal proprietary information can be considered a distinct crime information can be considered a distinct crime from fraud.from fraud.


Types of Unauthorized AccessTypes of Unauthorized Access

Access using wardialers in modem attacks.Access using wardialers in modem attacks. Access via buggy software.Access via buggy software. Access via trusted server.Access via trusted server. Backdoor entry.Backdoor entry. Access via social engineering.Access via social engineering.


Intangible AssetsIntangible Assets

Information on the Internet and in computer Information on the Internet and in computer databases represents intangible assets databases represents intangible assets composed of bits and bytes.composed of bits and bytes.

The destruction of electronic representations The destruction of electronic representations or the erasure of data without physically or the erasure of data without physically damaging a tangible computer asset may not damaging a tangible computer asset may not be considered a crime.be considered a crime.

(continued on next slide)(continued on next slide)


Intangible AssetsIntangible Assets

If data is accessed but not used for any If data is accessed but not used for any purpose, then no crime may have been purpose, then no crime may have been committed.committed.

Statutes may not provide for the recognition Statutes may not provide for the recognition of criminal trespass, a property crime, based of criminal trespass, a property crime, based on a virtual presence (and no physical on a virtual presence (and no physical presence).presence).


1986 OECD Time Capsule Recommendations1986 OECD Time Capsule Recommendations

1.1. The input, alteration, erasure and/or The input, alteration, erasure and/or suppression of computer data and/or computer suppression of computer data and/or computer programmes made willfully with the intent to programmes made willfully with the intent to commit an illegal transfer of funds or of commit an illegal transfer of funds or of another thing of value;another thing of value;

2.2. The input, alteration, erasure and/or The input, alteration, erasure and/or suppression of computer data and/or computer suppression of computer data and/or computer programmes made willfully with the intent to programmes made willfully with the intent to commit a forgery;commit a forgery;




3.3. The input, alteration, erasure and/or The input, alteration, erasure and/or suppression of computer data and/or computer suppression of computer data and/or computer programmes, or other interference with programmes, or other interference with computer systems, made willfully with the computer systems, made willfully with the intent to hinder the functioning of a computer intent to hinder the functioning of a computer and/or telecommunication system;and/or telecommunication system;

4.4. The infringement of the exclusive right of the The infringement of the exclusive right of the owner of a protected computer programme owner of a protected computer programme with the intent to exploit commercially the with the intent to exploit commercially the programme and put it on the market;programme and put it on the market;




5.5. The access to or the interception of a The access to or the interception of a computer and/or telecommunication system computer and/or telecommunication system made knowingly and without the made knowingly and without the authorization of the person responsible for authorization of the person responsible for the system, either (i) by infringement of the system, either (i) by infringement of security measures or (ii) for other dishonest security measures or (ii) for other dishonest or harmful intentions.or harmful intentions.


Cybercrime or Not?Cybercrime or Not?

Spoofing.Spoofing. Use of bots.Use of bots. Chaffing.Chaffing. Steganography.Steganography.


International LawInternational Law

Although 249 countries have IP domain Although 249 countries have IP domain registrations, the countries with cybercrime registrations, the countries with cybercrime statutes are fewer.statutes are fewer.

Some countries have broad provisions for Some countries have broad provisions for computer crimes, some have limited computer crimes, some have limited provisions, and still some have no provisions provisions, and still some have no provisions at all.at all.



International LawInternational Law

In 2001, the Council of Europe Convention on In 2001, the Council of Europe Convention on Cybercrime issued a model law for its Cybercrime issued a model law for its member states including transactional member states including transactional cooperation recommendations. The Council’s cooperation recommendations. The Council’s model law has 48 sections for incorporation model law has 48 sections for incorporation into national laws on cybercrime.into national laws on cybercrime.


Federal Statutes Related to Federal Statutes Related to CybercrimesCybercrimes

18 U.S.C. 102918 U.S.C. 1029 Fraud and Related Activity in Fraud and Related Activity in Connection with Access DevicesConnection with Access Devices

18 U.S.C. 103018 U.S.C. 1030 Fraud and Related Activity in Fraud and Related Activity in Connection with ComputersConnection with Computers

18 U.S.C. 270118 U.S.C. 2701 Unlawful Access to Stored Unlawful Access to Stored CommunicationsCommunications


USA Patriot Act of 2001USA Patriot Act of 2001

The USA Patriot Act has strengthened U.S. The USA Patriot Act has strengthened U.S. cyber laws and expanded cybercrime cyber laws and expanded cybercrime definitions. definitions.

Under the Act, an activity covered by the law Under the Act, an activity covered by the law is considered a crime if it causes a loss is considered a crime if it causes a loss exceeding $5,000, impairment of medical exceeding $5,000, impairment of medical records, harm to a person, or threat to public records, harm to a person, or threat to public safety.safety.



USA Patriot Act of 2001USA Patriot Act of 2001

Amendments made by the Act make it Amendments made by the Act make it easier for an Internet service provider (ISP) easier for an Internet service provider (ISP) to make disclosures about unlawful to make disclosures about unlawful customer actions without the threat of civil customer actions without the threat of civil liability to the ISP.liability to the ISP.

Another revision made by the Act provides Another revision made by the Act provides that victims of hackers can request law that victims of hackers can request law enforcement help in monitoring trespassers enforcement help in monitoring trespassers on their computer systems.on their computer systems.


State LegislationState Legislation

Many of the states have separately enacted Many of the states have separately enacted money laundering, identity theft, online money laundering, identity theft, online gambling, cyberstalking and other Internet gambling, cyberstalking and other Internet statutes in their codes. statutes in their codes.

Many statutes do not refer to “cybercrimes” as Many statutes do not refer to “cybercrimes” as they were originally enacted when there was they were originally enacted when there was no Internet. Thus, legislative oversight in the no Internet. Thus, legislative oversight in the acts tends to focus on “computer crimes,” acts tends to focus on “computer crimes,” “unlawful access,” or “property crimes.”“unlawful access,” or “property crimes.”


Fighting CybercrimeFighting Cybercrime

The following list describes the skill set needed The following list describes the skill set needed to fight cybercrime:to fight cybercrime:

– Ability to build an Internet audit trail.Ability to build an Internet audit trail.

– Skills needed to collect “usable” courtroom Skills needed to collect “usable” courtroom electronic evidence.electronic evidence.

– Ability to trace an unauthorized system user.Ability to trace an unauthorized system user.(continued on next slide)(continued on next slide)



– Knowledge base to use in recommending or Knowledge base to use in recommending or reviewing security policies.reviewing security policies.

– Knowledge of the most recent computer fraud Knowledge of the most recent computer fraud techniques.techniques.

– Basic understanding of the information that can Basic understanding of the information that can be collected from various computer logs.be collected from various computer logs.

– Ability to place a valuation on incurred losses Ability to place a valuation on incurred losses from attacks.from attacks.




– Technical familiarity with the Internet, web Technical familiarity with the Internet, web servers, firewalls, attack methodologies, servers, firewalls, attack methodologies, security procedures, and penetration testing.security procedures, and penetration testing.

– Understanding of organizational and legal Understanding of organizational and legal protocols in incident handling to prevent protocols in incident handling to prevent employee rights violations.employee rights violations.

– An established relationship with law An established relationship with law enforcement agencies.enforcement agencies.


Filing Reports of CybercrimesFiling Reports of Cybercrimes

An investigator should know where, besides An investigator should know where, besides law enforcement, such crimes can be law enforcement, such crimes can be reported. There are a number of websites that reported. There are a number of websites that collect information about events that may be collect information about events that may be cybercrimes.cybercrimes.

forensic and investigative accounting chapter 15 cybercrime management: legal issues © 2007 cch....

Documents

slide slide

insider abuse of net

property crime

distinct crime

computer databases

erasure of data

modem attacks

virus attacks