GPSolo Magazine - January/February 2006
Criminal Liability in Cyberspace
Criminal liability in cyberspace encompasses a wide range of illegal activities. The proliferation of the Internet and the decreased cost of technology provide millions of users access to enormous resources. A few simple keystrokes or mouse clicks can download music, open e-mail, purchase goods and services—or facilitate a crime. An ex-lover cyber-stalks and sends criminal threats via e-mail. A thief commits credit card fraud and identity theft by making purchases on the Internet using a fraudulently obtained credit card number. A hacker sits at a keyboard in a foreign country and terrorizes a business with extortion after compromising the business’s computer database. A prominent individual is found to be in possession of child pornography. The list goes on and on.
These are only a few types of cybercrimes that are highly publicized. Unknown to many, probably because of little media interest, a large percentage of reported cyber-crimeis actually an “inside job,” committed by trusted employees or former employees. Such crimes can devastate a business and cause considerable losses. In addition, the actions performed by an insider can subject a legitimate business to the inconvenience of a criminal investigation. This article cannot address every type of criminal activity committed in cyberspace but will focus on the more common crimes.
Disgruntled employees. Disgruntled employees subject themselves to criminal liability by senseless acts committed out of anger, revenge, or even what they view as “harmless” mischievousness. The destruction of computer data is addressed under most state and federal laws. What some consider mischief or annoyances are actually serious crimes. A useful example can be found in the recent case involving an aspiring accounting graduate from a prominent California university. This young woman was hired by an art gallery for basic bookkeeping duties. When she learned she would not be promoted to an accountant’s position, she deleted the customer database and spoofed an e-mail (sent a false e-mail purporting to be from the art gallery) to all of the gallery’s clients announcing that the gallery was under investigation by the Internal Revenue Service. The e-mail also indicated that a major upcoming gallery event was canceled. As the result of her actions, the art gallery incurred losses exceeding $400,000 and was unable to successfully operate for weeks. This young woman’s dreams of becoming a certified public accountant were more than diminished; she was arrested and convicted on felony charges.
Unauthorized taking or copying of data. Work product in digital form and contact information, such as a customer database, is normally owned and protected by a business. Large businesses have computer-use policies and agreements that clearly address this area. A salesperson’s involvement in the development of that database or a programmer’s development of a specialized application does not, under normal circumstances, give them the right to control, take, or copy such data. Problems arise when individuals are termi-nated, move to other employment, or establish competing businesses. In many cases, employees assume that contacts in the database, created by them during their employment, belong to them. Some believe they have the right to copy the client data and delete these contacts from the main database. In doing so, they violate computer crime statutes that address the unauthorized taking, copying, or destruction of data.
Investigations involving the destruction or deletion of data become extremely confusing when a business allows employees to use their personally owned, licensed software for the development of work product. When the employee resigns or is terminated and uninstalls that software from the computer system, issues arise regarding the removal of the application and the associated data that is considered work product.
Business resources used to facilitate a crime. Employees sometimes find themselves the subject of a criminal investigation stemming from their use of computer resources in the workplace. Most frequently these cases involve an employee who used a company computer to annoy, harass, or stalk another individual. Or the employee might have used a company computer to store contraband items such as credit card numbers or child pornography.
Even if an investigation is begun as the result of an employee’s actions at his or her residence, the nexus to the workplace can sometimes be established by forwarded e-mails or file transfers between home and workplace computers via external devices. Once this nexus is established, workplace computers used by the suspected employee can be subjected to seizure and search. It is extremely difficult for employers to safeguard against an insider’s actions. Employee computer use policies must be clearly defined and enforced.
Cyber-stalking, threats, and annoyances. The Internet is commonly used by individuals to harass, annoy, and stalk others. Annoying e-mails are reported and handled in the same manner as annoying telephone calls. In California, they are both covered under the same section of the Penal Code. Similarly, an individual can be subjected to criminal liability for placing or posting information on the Internet that causes a credible threat to a victim.
In one recent example of cyber-stalking, an ex-boyfriend pretended to be the victim and posted information to a website. The posted information provided the victim’s telephone number, address, photograph, and desired sexual activities. The post also stated that the victim wanted to be raped and provided the access code to the controlled entry gate of the victim’s residence. Clearly, the suspect placed the victim in harm’s way and committed a felony: stalking.
Another instance is that of a bomb threat posted to an online community made by a 15-year-old high school student in the Los Angeles area. The student threatened to bomb the cafeteria and shoot students and teachers during the lunch hour. The student was tracked to his home via the Internet protocol address (a unique identifier of a computer on the Internet) he maintained while logged onto the online community. He was arrested for the bomb threat, and his home computer was seized. A forensic examination of the computer revealed the posted threats—even though the student had “deleted” them.
Fraud. The largest area of reported crime on the Internet is fraud. There are numerous ways in which individuals commit fraudulent acts and find themselves the focus of a criminal investigation. One such area is auction fraud, wherein a seller posts and advertises the sale of an item on a popular auction site. At the conclusion of the bidding, seller and buyer agree upon final arrangements and the buyer forwards the money for the item. The seller then fails to deliver the product, owing either to bad business practices or outright theft.
Simple fraud such as this becomes more complicated when sophisticated individuals or organized groups get involved. For example, a sophisticated scheme commonly known as “phishing” is used to glean personal information from unsuspecting individuals in order to commit identity theft and crimes associated with the fraudulent use of one’s identity, such as credit card fraud and false applications for additional credit cards.
There are numerous other variations of fraud on the Internet, resulting in thousands of individuals’ being victimized. The identity theft victim’s information is used to establish seller or buyer accounts at popular auction sites. In addition, the victim’s information is used to establish accounts at legitimate Internet service providers. When the crime is completed, the trail leads to the identity theft victim. (For more, see the articles “Identity Theft: Crime du Jour” and “Phishing, Pharming, and Other Scams” in the December 2005 issue of GPSolo , volume 22, number 8).
Rogue application usage. Instructions on how to commit cyber-crimes such as phishing, spamming, intrusions, and identity theft are just sitting out there in cyberspace, waiting for use by the curious explorer or the enterprising criminal.This information comes in the form of written instructions, articles, and software applications. Most of the software applications are easy to install and use.
Some users find themselves subject to criminal liability by using rogue applications that can damage a computer’s operating system or perform other unlawful acts such as eavesdropping, keystroke logging, or system monitoring. In a recent investigation, a prominent individual noticed his computer was functioning slower than normal. An examination by a civil computer technician revealed the installation of a rogue application, later identified as a keystroke logger, an application that once installed captures all keystrokes typed. The capture keystrokes are then placed into a text file and forwarded to a pre-established e-mail account set up by the criminal, in this case a free Hotmail account. A search warrant served on the suspect’s Hotmail account revealed the captured keystrokes and determined that the suspect was able to discover passwords and user identifications for the victim’s bank account, online trading accounts, and e-mail accounts. Installing and using such an application violates the relevant portions of laws governing eavesdropping, wire fraud, and the installation of a virus or contaminant to a computer system.
The false shield of cyberspace. To many,the magical and intriguing aspects of the Internet lie primarily in its anonymous nature. Only a small percentage of people would actually go to a physical adult book store to view pornography or even rent pornographic videos. But a larger percentage will visit and browse a virtual adult porn site on the Internet without hesitation. Similarly, words or comments or threats one would never speak face-to-face or in public emerge via the Internet without consideration of the consequences. This occurs primarily because of the false security provided by a sense of anonymity.
Most computer users believe their actions committed over the Internet or a local area network will be hidden from others. Nothing could be further from the truth. In fact, the trace evidence of computer usage is abundant. Individual computers normally contain residue of electronic communications even after the data has been deleted. Forensic examination can easily retrieve the record of past usage from this residue. In addition, Internet service providers and network administrators can also document, store, and maintain the record of computer usage, and such records can be instrumental in a criminal investigation.
For example, take the case of Bufford O. Furrow, a self-proclaimed white supremacist, who in 1999 killed a U.S. mail carrier and attempted mass murder at a Jewish community center in Los Angeles. In preparing for trial, the prosecutors found evidence of Internet newsgroup postings wherein Furrow proclaimed his hatred for non-whites. (The U.S. Attorney’s Office never needed to use the evidence in court because Furrow pled guilty.) Furrow’s postings were stored and archived on a newsgroup’s server. Unknown to many users, newsgroup postings are stored and archived for extended periods of time. Through these postings an investigation can determine the Internet protocol address maintained by the user at the time the posting was made. This subsequently leads to a subscriber, and other data such as user identification and content. Furrow probably never considered the fact that these postings would be stored, retrieved, and used against him.
Another example is a double-murder case in Los Angeles, People v. Henry Hayes. Hayes had an affair that started via Internet chat and e-mail. After his wife learned of the affair, Hayes killed her and their 13-year-old daughter in an attempt to disguise the murders as a home invasion robbery. When he was arrested and investigators learned of the affair, his computer was seized. A forensic examination of the computer recovered e-mail that the prosecution used to lay a foundation for Hayes’ motive. This e-mail was eventually suppressed because the investigating officers seized the computer without a search warrant, even though a search warrant was obtained in order to search the computer. The deputy district attorney was able to recover from this loss of e-mail evidence by obtaining consent to search the mistress’s computer, four years after the crime. A forensic examination of the mistress’s computer located the same e-mails that were lost in suppression, along with additional damaging information. The e-mail was recovered intact fours years from the time it was “deleted” from the mistress’s computer.
These examples illustrate only a fraction of the ways that information sent through cyberspace can be stored. Data sent or stored on a computer used to facilitate a crime is viewed as a “digital crime scene,” wherein it is processed and thoroughly examined to determine its content, source, and creator. This digital crime scene can span cyberspace to reach any computers used by the sender or receiver and any Internet service provider involved.
Conclusion. Cyberspace creates more opportunity for career criminals, organized crime, and first-time offenders through its ease of access. Most cyber-crimes, with the exception of sophisticated computer attacks and exploits, are traditional crimes facilitated via computer technology or the Internet.Businesses, small and large, must ensure that their computer usage policies are clearly known and that employees understand both the civil and criminal consequences of misuse. While in cyberspace, computer users must exercise the same cautions as they would in the physical world. Good, old-fashioned common sense should be applied. Criminal activity associated with transactions, communications, and other computer-related activity is governed by state, local, and federal laws. It is extremely important that computer users understand the consequences of their actions—including associated criminal liabilities—while in cyberspace.
Detective Terry D. Willis has 29 years of law enforcement experience and is currently officer-in-charge of the computer crimes and computer forensic unit for a major police department in southern California.