COMPUTER MISUSE AND CRIME

These are actions that cumulate to the abuse of computer systems. These actions can be said to compromise the integrity of
the computer system by either accessing it through unauthorized access or by inflicting some damages on the computer
system.

Information resources in computers have value to people. This value has two components: an exchange and an operational
value. The exchange is determined by market value and is quantifiable. It is the price someone is willing to pay for the
resources.
The value of resources to one party need not be the same as to another. For a particular player, it is a function of six factors:

o The player’s concern and commitment: a resource must contribute to action and processes that matter to the
player.
o The player’s capability: These include knowledge, skills, and tools but exclude accessibility of the resource.
o The availability of the resource to the player: The value of the resource is directly proportional to its availability
to the player. This is a measure of the degree to which the resource is accessible, to use in whatever way is
appropriate given its nature.
o The availability of the resource to other players: Operational value is usually inversely proportional to the
availability of the resource to other players.
o The resource integrity and time: The value of a resource can increase or decrease over time, depending on its role
in operations.

Due to the value of the resource in computer systems, they become major targets for misuse and crime.

COMPUTER MISUSE ACT 1990

Background
The Computer Misuse Act was created following some controversy in the mid to late nineteen eighties. At this time, hacking
was not an offense and the hacker was relatively free to attempt to break into computer systems, if he or she had the intellect
to bypass the various security measures employed by the system owners. Whilst hackers may have been viewed as a minor
irritation, some were becoming more daring while other were becoming downright mischievous. Damage to data was being
caused and there was perhaps an understanding concern that hacking could develop into something more serious as
computerization became more prominent within the society.

Birth of the Act

Due to the above problem, a Royal Commission was set up to look at the whole area of computer misuse. As a result of their
findings and recommendations, the Computer Misuse Act was enacted.

Computer Misuse Act 1990 – computer misuse offenses

The Act contains three main offenses, which are categorized under the following sections.

Section 1
1(1) A person is guilty of an offense if
a) He causes a computer to perform any function with intent to secure access to any program or data held in a
computer.
b) The access he intends to secure is unauthorized.
c) Or he knows at the time when he causes the computer to perform the function that this is the case. That is, he is
aware that he is not an authorized user.

Therefore, this makes it illegal to access a computing system unless authorized to do so. As such it makes the activity of
hacking a crime. It does not matter whether the hacker is remote, working from a distance over the remote area networks, or
local, where persons such as employees or students who may have limited authorization to use the computers but they
knowingly exceed that authority. The hacking need not be directed at a particular computer, program or data. For example, it
is unlawful, without proper authorization:

o To use another persons ID and password in order to access a computer, use data or run a program
o To alter, delete, move or copy a program or data, or simply to output a program or data
o To lay a trap to obtain a password.

A person guilty of an offense in this section shall be liable on summary conviction to imprisonment for a term not exceeding
6 months or to a fine not exceeding level 5 on the standard scale or both.

1
Section 2
2(1). A person is guilty of an offense under this section if he commits an offense under section 1 above (unauthorized
access) with intent
a) To commit an offense to which this section applies or
b) To facilitate the commission of such an offense (whether by himself or by any other person) and the offense he
intends to commit or facilitate is referred to in this section as the further offense.

This covers the situation where unauthorized access in gained with intent to commit a further offense. For example, a person
may gain unauthorized access to computer material in order to commit theft by re-directing funds from someone else’s bank
account.

A person guilty of an offense under this section shall be liable for 5 years in prison on indictment.

Section 3
3(1). A person is guilty of an offense if
a) He does any act which causes the unauthorized modification or the contents of any computer
b) At the time when he does the act he has the requisite intent and the
Requisite knowledge.

Requisite intent is an intent to cause a modification of the contents of any computer and by doing so
a) To impair the operations of any computer
b) To prevent or hinder access to any program or data held in any computer

Requisite knowledge is knowledge that any modification he intends to cause is unauthorized.

This offense includes the deliberate deletion or corruption of programs or data. It also includes the introduction of viruses
and so on where these results in the modification or destruction of data.

A person guilty of an offense under this section shall be liable for 6 months in prison on indictment.

The Computer Misuse Act was created to prevent unauthorized access to computer systems and also to deter the more
criminal elements in society from using a computer to assist in the commission of a criminal offence of from impairing or
hindering access to data stored in a computer.
Section 1 offence may be problematic to college staff and students alike. Students should be aware that this is an offense that
could lead to a period of imprisonment. It should be borne in mind that giving your user id and password for your college
system to a friend or acquaintance who is not an authorized user may well lead to a court appearance, should a complaint be
made to the police by the college authorities.

Scottish Law Commission Report

Report on Computer Crime No. 174 of 1987. This can also be cited as Computer Crime (Scotland) Bill 1987

1(1). A person commits an offence if, not having authority to obtain access to a program or data stored in a computer, or to a
part of such program or data, he obtains unauthorized access in order to inspect or otherwise to acquire knowledge of
the program or the data or to add to, erase or otherwise alter the program or the data with the intention: -
(a). Of procuring an advantage for himself or another person; or
(b). Of damaging another person's interests.

1(2). A person commits an offence if, not having authority to obtain access to a program or data stored in a computer, or to
a part of such program or data, he obtains such unauthorized access and damages another person’s interests by
recklessly adding to, erasing or otherwise altering the program or the data.

1(3). For the purposes of this section, a person does not have authority to obtain access to a program or data stored in a
computer, or to a part of such program or data, if he does not have the authority of a person entitled to control such
access.

1(4). Notwithstanding the foregoing provisions of this section, a person shall not commit an offence under this section if he
obtains such access as aforesaid in pursuance of a warrant issued by the Secretary of State under section 2 of this Act.

2(1). Subject to the provisions of this section, the Secretary of State may issue a warrant requiring the person to whom it is
addressed to obtain access to a program or data stored in a computer, or to any part of such program or data, for the

2
purpose of acquiring information; and such a warrant may also require the person to whom it is addressed to disclose
any information so acquired to such persons and in such manner as are described in the warrant.

2(2). The Secretary of State shall not issue a warrant under this section unless he considers that the warrant is necessary: -
(a). In the interests of national security;
(b). For the purpose of preventing or detecting serious crime
(c). For the purpose of safeguarding the economic well being of the United Kingdom.

2(3). The matters to be taken into account in considering whether a warrant is necessary as mentioned in subsection (2)
above shall include whether the information which it is considered necessary to acquire could reasonably be acquired
by other means.

2(4). A warrant shall not be considered necessary as mentioned in subsection 2.2.2(c) above unless the information which it
is considered necessary to acquire is information relating to the acts or intentions of persons outside the British
Islands.

2(5). A warrant under this section shall specify or describe an address or addresses, being an address or addresses used, or
likely to be used, to accommodate a computer containing a program or data the examination of which the Secretary of
State considers necessary as mentioned in subsection 2.2 above.

2(6). Sections 4 to 10 of the Interception of Communications Act 1985 and Schedule 1 of that Act shall, subject to the
adaptations set out in the Schedule of this Act, apply in relation to a warrant under this section.

3. A person guilty of an offence under this Act shall be liable: -

(a). On summary conviction, to imprisonment for a term not exceeding 6 months or to a fine not exceeding the statutory
maximum, or both; or
(b). On conviction on indictment, to imprisonment for a term not exceeding 5 years or to an unlimited fine, or both.

4. A court in Scotland shall have jurisdiction to entertain proceedings for an offence under this Act if at the time the offence
was committed: -

(a). The accused was in Scotland; or

(b). The program or the data in relation to which the offence was committed was stored in a computer in Scotland.

5(1). This Act may be cited as the Computer Crime (Scotland) Act 1987.

5(2). This Act shall come into force at the end of the period of 2 months beginning with the day on which it is passed.

5(3). This Act extends to Scotland only.

Pornography and computers

1). Pornography is writings or pictures dealing with sexual matters in a manner intended to incite lust, and therefore
considered obscene.
2). According to Arthur Schlesinger Jr, pornography is a description or portrayal of any activity regarded as obscene. He
said that ‘in recent years the movies and Television have developed a Pornography of violence far more demoralizing
than the Pornography of sex.

Computer misuse in relation to Pornography is widely practiced by the makers i.e. programmers of the computer software as
well as the users.

Forms of computer misuse by programmers through pornography

a). Trickery: Through use of ordinary domain names such as Whitehouse.com, mighty Africa.com, Godscreation.com. This
tricks innocent users to thinking that the sites are not Pornography related while in actual fact they do. This is abuse to
the users conscience.
b). Illegal computer operations: It is mostly done by changing the meaning of standard agreed upon widgets e.g. the close
button. In some sites it is actually used to open another page or site that has pornographic material.
c). Social engineering: A user is tricked to register to gain access to pornographic site. In the process details such as the
credit card numbers are entered which in turn are used to fleece the user's Bank account.
d). Computer memory: This is through use of large storage space to store irrelevant materials.

Forms of computer misuse by users

3
a). Time: A lot of useful time is spent accessing these pornographic sites.
b). Network congestion: Downloading graphics and video takes a lot of Bandwidth, which in turn congests the network.

Effects of pornography to:

Organizations
o Misuse of organizational productive time.
o Jamming of the corporate internet/ communication lines.
o Moral degradation.

Society
o Moral degradation.
o Exposure to minors to sexual material.

3.4.2 Individuals
o It's addictive, so it leads to addiction hence psychological slavery to pornography.
o Pornography is also a high contributor to sexual pervasion e.g. Homosexuality, masturbation, fetishism etc.
o In case of a minor, it could lead to punishment by the law- it's illegal.
o Also the individual could get conned by giving personal details to subscribe to a pornographic site.

3.5 Solutions to the above effects

o Packet filtering
o Use of firewalls on the pornographic site
o Taking disciplinary action (code of ethics)
o Monitoring of the staff at the work place.

EXAMPLE CASES OF COMPUTER MISUSE AND CRIME

Computer misuse and crime is in various form and is of varied variety. To enter a computer system a player must have
motive, means, and opportunity. Here are some known cases of computer misuse and crime under the following headings:

Misuse by insiders
Insiders consist of employees, former employees, temporaries, contractors, and others with inside access to an organizations
resource. This group is generally considered to be an organizations biggest threat. They act as information brokers, selling
sensitive information belonging to their organizations to foreign governments, competitors, and organized crimes. There
actions compromise business and military plans, intelligence operations, and individual privacy. Insiders sabotage their
employers computer system and walk out with trade secrets to start competing firms. Even if they are not the source of the
attack, they willingly or unwittingly help other malefactors. They are motivated by money, ideology, revenge, and the desire
to help the outsiders who exploit them.

Example case:
Harold J.Nicholson, the highest-ranking agent of Central Intelligence Agency ever charged for spying for Russia,
admitted to selling top-secret intelligence information to the Russians for $180,000. According to CIA audit, Nicholson
had attempted to locate sensitive information within the agency’s computerized database. He performed keyword
searches on “Russia” and “Chechnya” and tried to access databases for which he was not authorized. After the FBI
seized his notebook computer, they found files with classified documents on the computers hard drive. They also found
floppy disks that contained summary reports of CIA human assets.

Corporate Espionage
Corporations at one time or another engage in offensive information warfare when they actively seek intelligence about their
competitors’ trade secrets through illegal means, such as bribing insiders. They sell information about their customers,
sometimes violating their privacy. They are motivated by money and competitive position.

Example cases:
In February 1994, an employee of Ellery systems in Boulder, Colorado, allegedly used the Internet to transfer software
valued at $1 million to someone at a competing firm in China. The employee, who had worked for the firm for 3 years, was
highly trusted by Ellery. A Chinese national, he had been granted asylum in the United States following the incident at
Tiananmen Square. Shortly before transmitting the Ellery software, he traveled to Beijing, allegedly to visit his sick mother.
While he was there he signed a letter agreeing to transfer the source code in exchange for $550,000.

4
After his return, he tendered his letter of resignation. The next day, he transferred the software. Ellery decided to get public
and brought in the FBI. They tried to prosecute under the federal wire fraud statute, which they were able to use because
the Internet Transfer had been routed to California and back to Denver before leaving the country.
Unfortunately, however, the law proved inadequate and the charges were dropped, Ellery subsequently folded. The case
was one that led to Economic Espionage Act (EEA) in 1996.

Hackers
This refers to people who gain access to or break into electronic systems, particularly computers and telecommunications
systems. Their motives include thrill, challenge, and power. Although many hackers-perhaps most-do not seek financial
reward or to damage the system they attack, others hack for money or to shut down computers. However, even when there is
no malevolent intent, unauthorized hacking damages the integrity of the system and is more than a nuisance to system
owners.

Example case:
Passwords are regular targets of hackers. In Ottawa, Canada, a 16-year-old student and four of his friends were
suspended from computer classes for hacking into the emails of 1,300 customers of a Brockville-area Internet service
provider. The teen had downloaded user names and passwords and then distributed them to his friends. The suspension
was a serious blow to the young man, who hoped for a career in computers.

Criminals
Criminals target financial information resources such as banks and credit card numbers or intellectual property that can be
converted to money through underground sales. They frequently operate within criminal enterprises (organized crime), but
even individual criminals have succeeded in carrying out million-dollar heist. The main motivation is money. This group
includes information brokers and those who sell pirated software, compact disks (CDs), and videos.

Example case:
According to Neil Gallagher of the FBI’s criminal division, Internet scams were becoming “epidemic”. One pyramid
scheme, called Netware international, had recruited 2,500 members with promises of profit sharing in a new bank that
was to be formed, this turned out to be a fraudulent activity. Telemarketing fraud is estimated to cost U.S. consumers $40
billion a year, making it costliest form of information warfare after intellectual property theft.

Government Agencies
Several government agencies engage in offensive information warfare. Law enforcement agencies target the
communications, records, and organizational structures of criminals to collect evidence and intelligence in criminal
investigations. Intelligence agencies seek the military, diplomatic, and economic secrets of foreign governments, foreign
corporations, and foreign adversaries. They draw easily on inside moles and electronic surveillance to supply that
information. Military units destroy adversary command and control information systems during times of war. Government
regulators censor speech and restrict access to information technologies for national security and public safety objectives.

Example case:
According to one tale during the first moments of Operation Desert Storm when the allied forces were attacking Iraq in
1990, Iraqi military computers were disabled with a computer virus, shipped to Iraq in printers. U.S. government targeted
the virus at Iraqi’s air defense. A few weeks before Operation Desert Storm, a virus-laden computer chip allegedly was
installed in a dot matrix printer that was assembled in France and shipped to Iraq via Amman, Jordan. The virus was
said to have been developed by National Security Agency (NSA) and installed by the Central Intelligence Agency (CIA).
It apparently disabled Windows and mainframe computers. The operation was said to have worked.

Terrorists
Terrorists are of particular interest because of the potential damage that can result from attacks against critical infrastructure
such as emergency services and financial systems. Terrorists collect information about their targets, spread propaganda, and
sabotage physical equipment and buildings. So far there have been few reported cyber attacks by terrorists.

Example case:
In June U.S.News World Report note that 12 of the 30 groups on the U.S. State Departments list of terrorist
organizations are on the Web. Forcing them off the Web is impossible, because they set up their sites in countries with
free speech law. The government of Sri Lanka, for example, banned the separatist Liberation tigers for Tamil Eelam, but
they have not even attempted to take down the London-based Web site. Other Terrorist groups have used encryption as a
defensive information warfare tool. Ramsey Yousef, the mastermind behind the 1994 World Trade Center bombing and
1995 bombing of Manila Air airliner, encrypted files stored on his laptop computer. When authorities seized his
computer in Manila and decrypted the disks, they found information pertaining to further plans to blow up 11 U.S-
owned commercial airliners in the Far East.

5
6