The Hacker & Cyber Crimes
He was a man on the run and until his arrest in 1995, Kevin Mitnick was known as “the most dangerous hacker in the world”. The FBI hunted Mitnick for three years as he hacked into the computer networks of companies like Pacific Bell, IBM, Motorola, Sun, Fujitsu, Siemens and Nokia. Although not confirmed, Mitnick allegedly also hacked into systems belonging to the FBI, the Pentagon and other governmental agencies. Part of his five year prison sentence was served in solitary confinement. Mitnick stated that that was because law enforcement believed he could “start a nuclear war by whistling into a pay phone”. Now out of prison, Mitnick runs a computer security firm.
Since the relatively recent dawn of the digital age, crimes are occurring in a new, virtual setting. Hacking, although it is probably one of the most common examples discussed in media and popular culture, is just one form of cyber crime.
Types of Cyber Crimes
According to Marc D. Goodman and Susan W. Brenner in “The Emerging Consensus on Criminal Conduct in Cyberspace,” there are two types of cyber crimes: those that specifically target computer systems and networks and those ‘traditional crimes’ that are facilitated by way of the virtual world. As follows are some examples of cyber crimes.
Hacking: Criminal computer hacking essentially involves a hacker intentionally breaking computer security protocols or breaking into computer systems that they are not permitted to access. ‘Black hat hackers’ usually have malicious or greedy motives. For example, they might hack into a system to access confidential information, destroy or steal valuable information, vandalize a website or paralyze a network.
Malicious Programs (Malware): Offenders in this case develop and/or release viruses and other malicious programs to destroy, steal information or even blackmail. For example, a Trojan Horse is a malicious program that is often disguised as a service, such as an anti-virus program, and is designed to delete files, copy valuable information, such as passwords, or to release destructive viruses. Worms, viruses that self-replicate to consume or overthrow a computer system, are another example. The Stuxnet worm, for instance, was discovered in 2010 and was designed to target Siemens industrial software. While systems in several countries were attacked by the worm, it is believed that Iran’s nuclear program was essentially what the developers of Stuxnet were after. (60% of the attacks were among Iranian factories). A New York Times article by David E. Sanger from June 1, 2012, suggests that computer specialists from the U.S., Israel and some European countries were involved in the attack in order to slow down Iran’s production of nuclear weapons.
Cyber Terrorism: Cyber terrorism, according to the FBI, is “the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents”. Goodman and Brenner cite many cyber terrorist agendas, such as to interfere with a country’s stock exchanges and banking systems, disrupting the plans or functions of factories and utility services, manipulating air traffic control systems and more.
Fraud & Theft: According to Goodman and Brenner, “Fraud represents what is probably the largest category of cybercrime”. It can happen 24 hours a day, seven days a week via websites, e-mail, chat rooms and message boards. One common example is ordering something online, paying for it but never receiving it because the person advertising the item is running a scam. Fraudulent insurance companies and “419 Fraud” (receiving e-mails from so-called foreign officials asking to help them transfer large amounts of money to bank accounts) are other examples, states the FBI. Common cyber thefts involve stealing credit card numbers or retrieving bank account numbers in order to withdraw money from victims’ accounts. Phishing is a term to describe perpetrators sending e-mails, posing as a legitimate figure, to retain private information, such as social security, credit card, bank account and other numbers for the purposes of identity theft or profit.
Child Pornography and Pedophilia: In 1993, FBI special agents investigating a missing child case discovered that pedophilia had extended to a new forum. They discovered that the Internet was being used to send and pass on pornographic images of children and that pedophiles were using chat rooms to lure potential victims. This sparked the FBI to create an online undercover operation (the Innocent Images National Initiative) in 1995. Although cyber predators have the ability to cryptically stalk, lure and view from their homes, the FBI has cracked down on many of them. From 1995 to 2012, the Innocent Images program has convicted over 11,000 offenders. As of 2012, FBI agents across the country working as part of the operation have been dealing with nearly 6,000 cases.
Harassment: The virtual world has also become a forum for various forms of harassment including stalking, bullying and hate speech. The Internet has allowed for some of these types of behaviors to spread to a wider audience. The news has been flooded with cases discussing the criminal/legal implications of such acts. One notable case was the conviction of Dharum Ravi of charges bias intimidation, invasion of piracy and others. Ravi was charged for spying on his roommate Tyler Clementi with a webcam, while Clementi was kissing another man, and encouraging others to watch the live feed. Clementi took his own life that same week. Ravi was sentenced to 30 days in prison, three years probation, a hefty fine, community service and counseling sessions related to his acts. When it comes to cyber-bullying, it depends on the state whether such acts are deemed criminal offenses. Some states have bullying laws that include all forms of harassment (online and in person) while others do not include cyber bullying; some states do not have any bullying laws.
The Hacker’s Motives
Not all hackers are bad. Terms like “white hat hacker” or “ethical hacker” are used to describe those that break into computer systems for moral or legal reasons. For example, they may be working for a company, agency or organization with the task of breaking into a system and identifying security vulnerabilities so they can fix them.
Then there are non-ethical hackers that are motivated by a number of factors to break into systems they are not entitled to access. In their book Psychology of Cyber Crime: Concepts and Principles, Grainne Kirwan and Andrew Power discuss several theories that motivate these kind of hackers. Some motives are not malicious at all but simply driven by sheer curiosity. A hacker who has considerably more knowledge and expertise with computer systems than the average person may simply seek to feel self-gratification for being able to penetrate secure documents or servers without the intent to use the information they retrieve. It also may be a way to compensate for feelings of inferiority and to raise self esteem. These types of motives “include feelings of addiction, the urge of curiosity, boredom with the education system, enjoyment of feelings of power, peer recognition [in the hacker community],”state Kirwan and Power.
On the other side of the scale, some hackers are motivated to harm systems for political, financial or emotional reasons. A disgruntled former employee who was fired may wish to interfere with his former employer’s servers or find confidential information that could tarnish their reputation. Political hackers or cyber activists may wish to interfere with an organization’s services, web presence or release information that could impede their influence. (The controversial actions of WikiLeaks come to mind). Then of course there are those who hack purely for financial gain and work carefully to retrieve banking, credit card and other personal information for profit; they may be working as part of an organized unit.
Social psychologist, Dr. Max Kilger, developed the acronym “MEECES” to describe hacker motives:
- M – Money
- E – Ego
- E – Entertainment
- C – Cause (ideology)
- E – Entrance into social groups
- S – Status
Case Study – Kevin Poulsen aka ‘Dark Dante’
When Kevin Poulsen was arrested in 1991 and then convicted, he was sentenced to the longest imprisonment ever given to a computer hacker up until that point (just over five years in prison).
In the virtual world he was known as ‘Dark Dante’ and he had been a fugitive for 18 months before being caught. What prompted the FBI to pursue him was his alleged hacking of their databases, purportedly to look into an investigation they had conducted on Ferdinand Marcos, former President of the Philippines.
He is most known for his radio station contest crimes. On several occasions, he was able to penetrate the systems that controlled their phone lines. “By taking over all the phone lines leading to Los Angeles radio stations, he was able to guarantee that he would be the proper-numbered caller to win, for example, $20,000 in cash, and a Porsche 944 S2 Cabriolet,” stated Stanford Law School.
During the man hunt to catch Poulsen, he was featured on the television show Unsolved Mysteries. According to Mental Floss, Poulsen hacked the network’s phone line systems so that nobody could call in and provide tips. The show did end up leading to the capture of Poulsen however. Two people working in a supermarket notified authorities when they saw the man they recognized from the episode.
After Poulsen finished his prison term, he became a journalist specializing in stories on hacking and security. He is currently news editor for Wired.com. His new found career has seen many successes including initiating a federal investigation of sex offenders on MySpace and breaking the news story about the arrest of Private Bradley Manning who allegedly leaked confidential military documents to WikiLeaks.