What kinds of crimes are committed by computer?
The criminal acts are the same as they have always been—fraud, theft, larceny, embezzlement, extortion, sabotage, espionage—but computers have created a unique environment.
How have the rules changed?
Willie Sutton was once asked why he robbed banks. He said, "Because that's where the money is." Well, with computers we now have electronic money. Instead of paper and coins stored in safes, money now comes in the form of magnetic patterns and electronic pulses stored inside computers and squeezed through telephone lines. This is actually our money now in automated banking systems.
So computer crimes accomplish the old ends through new means?
Yes. You used to measure crime in hours or days or years. Now it takes a few milliseconds to commit a computer crime. The robber no longer breaks through bricks and mortar to get into the bank vault. In automated finance systems, the computer is the vault and a criminal is using a computer terminal or a telephone line to do his dirty work.
How do old-fashioned bank embezzlers compare with computer criminals?
Federal crime statistics show the average amount missing from financial institutions in conventional fraud or embezzlement is $19,000. The amount in 42 cases of computer-related crimes averaged $450,000. The U.S. Chamber of Commerce estimates that the loss through computer crimes is now $100 million a year.
Are banks and financial institutions often loath to prosecute?
Yes. I know of several computer-related crimes in banks that were not reported. One reason is that banks don't want to look as if their security is bad. Also, they worry that their insurance rates will rise. More than one bank has gone to prosecutors who refused to act because their offices did not have the technical knowledge to understand what had happened.
What is the biggest computer crime?
That's easy. The Equity Funding Corporation of America's insurance fraud in Los Angeles in 1973, which involved $2 billion. Some people argue that this is not really a computer crime, but rather a massive securities fraud by the chairman of the board on down. But the fraud involved creating 64,000 fake names inside the computer and writing phony insurance policies covering them. There was even fraud within fraud. Three of the executives declared the fake people dead and collected on their insurance policies by changing the records. When the chairman of the company learned this, he simply incorporated that fraud into the whole embezzlement scheme. The chairman and 21 others were convicted and sentenced up to eight years.
What are some other examples of computer crimes?
A Japanese graduate student got his advanced degree from MIT. When he returned to Tokyo, he still needed the computer. So he would dial up Boston from Japan and plug into a computer halfway around the world, paying nothing for the service. Another example: In Amsterdam, the supervisor of computer operations of a large multinational corporation got frustrated with his work. One Sunday morning he took 382 magnetic tapes and 48 disk packs—a complete set of the corporation's financial records. Then he broke into the storage area and took all the backup copies. He flew to London and demanded $450,000 for their return. It turned out he was very good at stealing data, but poor in collecting ransoms. He is still awaiting trial.
Why was he so frustrated?
Computers are very maddening devices to deal with. We have known of four cases where computers were shot with guns, and one woman got so mad she took off her shoe and smashed in the computer screen.
How many operators are skilled enough to manipulate computers?
I would estimate on the order of 100,000 in the world. Systems programmers are in almost total situations of trust. They know how to do anything to a computer without being detected. And occasionally some are untrustworthy.
Who commits computer crimes?
From my interviews with 22 so-called computer criminals, I find they are, first, just the kind of person a computer manager would be most likely to hire: young, between 18 and 30, highly motivated, very intelligent, all-around topnotch people. They accept and enjoy mental challenges and game playing. They also have a variation of the Robin Hood syndrome: stealing from the rich and keeping it. They believe strongly that doing wrong to people is highly immoral, but doing harm to an organization is easily rationalized. There is great satisfaction in ripping off a computer. By and large, they are amateur crooks.
Is organized crime or the Mafia involved in computer crimes?
Of the reported 550 cases, I know of only four that were actually committed by organized crime. But this could be a significant and growing problem in the next few years. An ideal environment for organized crime is the growth of electronic fund-transfer systems, networks of computers joining together financial institutions and retail businesses. There will be huge concentrations of volatile and mobile assets. There is also a great potential for foreign powers to do bad things to the U.S. as this country's financial systems become more highly automated.
How are computer criminals usually caught?
By accident, or when the criminal makes a stupid mistake. For example, police raided a bookie joint in New York City. They found an $11,000-a-year bank teller making up to $30,000 bets daily. They thought that was a little unusual and investigated. In another instance, a savings and loan computer programming manager punched a six instead of a seven on a card. Instead of embezzling from a dormant account, he had taken from an active one and was quickly caught.
Can auditors detect computer crimes?
Auditors say they are not responsible for detecting fraud. They claim that it is management's responsibility. However, auditors and security specialists have a responsibility to assist management. They are rapidly improving their capabilities, but it is a close race between them and the criminals. Computer technology has destroyed auditor independence. That is, there is always a technician between the auditor and the documents needed. The computer operator must work the system from which the auditor is trying to get information. In the 1980s, however, I think auditors will have their own independent computers, and thus will be able to check into the company's computer.
Is there a way of building protection from criminal acts into computers?
Computer systems have security now, and the potential is for even greater safeguards such as "electronic fences" inside the computer to separate one activity from another. But most commercial computers are not secure from sophisticated technologists. We don't yet know how to defend the system from these people.
How can U.S. defense secrets in computers be protected?
By the use of the most elaborate cryptographic and physical protection—such as isolating a computer where secret military information is being processed. It is expensive but essential.
How else can we protect ourselves from computer crime?
At universities, students learn that computers are to play games with. I am concerned that we are creating a new generation of technologists—an elite of amoral people. We need a code of ethics and the licensing and certification of both the technologists and the computers they operate.
So making computers secure is basically a people problem?
Yes. Data processors tend to be naive and easily conned. Many computer technologists still think they are functioning in a world of good guys. We must make people in positions of trust aware of their responsibilities and sensitive to the possibilities for crime.
Saved by the Bell Reunion
The hookups, the meltdowns, the memoires
The case reveals what was really going on what they think of each other now!
