CyberCrime
Kelly R. Burke
District Attorney
Houston Judicial Circuit
Contact at 478.218.4810 or
E-mail at burke@houstonda.org
Website: www.houstonda.org
We’ll examine:
Definition of Cybercrime
Georgia Law on Computer Issues
Federal Laws on Computer Issues
Forensic Issues
Case Studies
Sexual Predator
Cyber Stalking
Computer Theft
Definition of Cybercrime
“any illegal act involving a computer, its
systems, or its applications”
Must be intentional – not accidental
Types or categories of cybercrime- 3 T’s
Tool of the crime – traditional crime w/ a
computer
 Target of the crime – Hacking
 Tangential to the crime – drug records

“Georgia Computer
Systems Protection Act"
The General Assembly finds that:
(1) Computer related crime is a growing
problem in the government and in the
private sector;
“Georgia Computer
Systems Protection Act"
(2) Such crime occurs at great cost to
the public, since losses for each
incident of computer crime tend to be
far greater than the losses associated
with each incident of other white collar
crime;
“Georgia Computer
Systems Protection Act"
(3) The opportunities for computer related
crimes in state programs, and in other entities
which operate within the state, through the
introduction of fraudulent records into a
computer system, unauthorized use of
computer facilities, alteration or destruction of
computerized information files, and stealing
of financial instruments, data, or other assets
are great;
“Georgia Computer
Systems Protection Act"
(4) Computer related crime operations
have a direct effect on state commerce;
(5) Liability for computer crimes should
be imposed on all persons, as that term
is defined in this title; and
“Georgia Computer
Systems Protection Act"
(6) The prosecution of persons
engaged in computer related crime is
difficult under previously existing
Georgia criminal statutes.
Georgia Law Definitions
(1) "Computer" means an electronic,
magnetic, optical, electrochemical, or
other high-speed data processing
device or system performing computer
operations with or on data and includes
any data storage facility or
communications facility directly related
to or operating in conjunction with such
device;
Georgia Law Definitions
(1) ....but such term does not include an
automated typewriter or typesetter,
portable hand-held calculator,
household appliance, or other similar
device that is not used to communicate
with or to manipulate any other
computer.
Georgia Law Definitions
(2) "Computer network" means a set of
related, remotely connected computers
and any communications facilities with
the function and purpose of transmitting
data among them through the
communications facilities.
Georgia Law Definitions
(3) "Computer operation" means
computing, classifying, transmitting,
receiving, retrieving, originating,
switching, storing, displaying,
manifesting, measuring, detecting,
recording, reproducing, handling, or
utilizing any form of data for business,
scientific, control, or other purposes.
Georgia Law Definitions
(4) "Computer program" means one or
more statements or instructions
composed and structured in a form
acceptable to a computer that, when
executed by a computer in actual or
modified form, cause the computer to
perform one or more computer
operations...
Georgia Law Definitions
(5) "Data" includes any representation
of information, intelligence, or data in
any fixed medium, including
documentation, computer printouts,
magnetic storage media, punched
cards, storage in a computer, or
transmission by a computer network.
Georgia Law Definitions
(6) "Financial instruments" includes any
check, draft, money order, note,
certificate of deposit, letter of credit, bill
of exchange, credit or debit card,
transaction-authorizing mechanism, or
marketable security, or any computer
representation thereof.
Georgia Law Definitions
(7) "Property" includes computers,
computer networks, computer
programs, data, financial instruments,
and services.
(8) "Services" includes computer time
or services or data processing services.
Georgia Law Definitions
(9) "Use" includes causing or attempting
to cause:
(A) A computer or computer network to
perform or to stop performing computer
operations;
Georgia Law Definitions
(9) "Use" includes causing or attempting
to cause:
(B) The obstruction, interruption,
malfunction, or denial of the use of a
computer, computer network, computer
program, or data; or
(C) A person to put false information
into a computer.
Georgia Law Definitions
(10) "Victim expenditure" means any
expenditure reasonably and necessarily
incurred by the owner to verify that a
computer, computer network, computer
program, or data was or was not
altered, deleted, damaged, or destroyed
by unauthorized use.
Georgia Law Definitions
(11) "Without authority" includes the use
of a computer or computer network in a
manner that exceeds any right or
permission granted by the owner of the
computer or computer network.
Computer Crimes
O.C.G.A. Sec. 16-9-93
Computer Theft
Computer Trespass
Computer Invasion of Privacy
Computer Forgery
Computer Password Disclosure
Computer Crimes
O.C.G.A. Sec. 16-9-93
All computer crimes are felonies:
Computer Theft (15 years, $50,000 fine)
Computer Trespass (15 years, $50,000 fine)
Computer Invasion of Privacy (15 years,
$50,000 fine)
Computer Forgery (15 years, $50,000 fine)
Computer Password Disclosure (1 year,
$5,000 fine)
Computer Crimes
O.C.G.A. Sec. 16-9-93
Any person who uses a computer or
computer network with knowledge that such
use is without authority and with the intention
of:
(1) Taking or appropriating any property of
another, whether or not with the intention of
depriving the owner of possession;
(2) Obtaining property by any deceitful
means or artful practice;
Computer Crimes
O.C.G.A. Sec. 16-9-93
or (3) Converting property to such person's
use in violation of an agreement or other
known legal obligation to make a specified
application or disposition of such property
shall be guilty of the crime of computer theft.
Computer Trespass
Any person who uses a computer or
computer network with knowledge that
such use is without authority and with
the intention of:
(1) Deleting or in any way removing,
either temporarily or permanently, any
computer program or data from a
computer or computer network;
Computer Trespass
(2) Obstructing, interrupting, or in any way
interfering with the use of a computer
program or data; or
(3) Altering, damaging, or in any way causing
the malfunction of a computer, computer
network, or computer program, regardless of
how long the alteration, damage, or
malfunction persists
Computer Trespass
... shall be guilty of Computer Trespass.
Computer Invasion of
Privacy
Any person who uses a computer or
computer network with the intention of
examining any employment, medical, salary,
credit, or any other financial or personal data
relating to any other person with knowledge
that such examination is without authority
shall be guilty of the crime of computer
invasion of privacy.
Computer Forgery
Any person who creates, alters, or
deletes any data contained in any
computer or computer network, who, if
such person had created, altered, or
deleted a tangible document or
instrument would have committed
forgery under Article 1 of this chapter,
shall be guilty of the crime of computer
forgery.
Computer Forgery
The absence of a tangible writing
directly created or altered by the
offender shall not be a defense to the
crime of computer forgery if a creation,
alteration, or deletion of data was
involved in lieu of a tangible document
or instrument.
Computer Password
Disclosure
Any person who discloses a number, code,
password, or other means of access to a
computer or computer network knowing that
such disclosure is without authority and which
results in damages (including the fair market
value of any services used and victim
expenditure) to the owner of the computer or
computer network in excess of $500.00 shall
be guilty of the crime of computer password
disclosure.
Anonymity and the Internet
Computer False Identity
(a) It shall be unlawful for any person,
any organization, or any representative
of any organization knowingly to
transmit any data through a computer
network or over the transmission
facilities or through the network facilities
of a local telephone network
Anonymity and the Internet
Computer False Identity
for the purpose of setting up,
maintaining, operating, or exchanging
data with an electronic mailbox, home
page, or any other electronic
information storage bank or point of
access to electronic information
Anonymity and the Internet
Computer False Identity
if such data uses any individual name,
trade name, registered trademark, logo,
legal or official seal, or copyrighted
symbol to falsely identify the person,
organization, or representative
transmitting such data
Anonymity and the Internet
Computer False Identity
or which would falsely state or imply
that such person, organization, or
representative has permission or is
legally authorized to use such trade
name, registered trademark, logo, legal
or official seal, or copyrighted symbol
for such purpose when such permission
or authorization has not been obtained;
Anonymity and the Internet
Computer False Identity
provided, however, that no
telecommunications company or
Internet access provider shall
violate this Code section solely as
a result of carrying or transmitting
such data for its customers.
Crime is a misdemeanor.
Anonymity and the Internet
Court Challenge
A court case challenged this Georgia
law. In ACLU v. Miller, 977 F. Supp.
1228 (1997), the ACLU alleged that the
misappropriation of identity portion of
this law was overbroad and, thus,
unconstitutional.
Anonymity and the Internet
ACLU V. Miller
Plaintiffs were “a group of individuals and
organization members who communicate
over the internet, interpret it as imposing
unconstitutional content-based restrictions on
their right to communicate anonymously and
pseudonymous over the internet, as well as
on their right to use trade names, logos, and
other graphics in a manner held to be
constitutional in other contexts.”
Anonymity and the Internet
ACLU v. Miller
Plaintiffs argue that the act has
tremendous implications for internet
users, many of whom "falsely
identify" themselves on a regular
basis for the purpose of
Angellica?
communicating about sensitive
topics without subjecting themselves
to ostracism or embarrassment.
Anonymity and the Internet
ACLU V. Miller
The State had four primary
arguments....
Anonymity and the Internet
ACLU V. Miller
“Defendants contend that the act prohibits a
much narrower class of communications.
They interpret it as forbidding only fraudulent
transmissions or the appropriation of the
identity of another person or entity for some
improper purpose. Defendants ask the Court
to abstain from exercising jurisdiction in this
case in order to give the Georgia Supreme
Court an opportunity to definitively interpret
the act.”
Anonymity and the Internet
ACLU V. Miller
The State of Georgia:
“...also ask the Court to
abstain from exercising
jurisdiction over this case
on the grounds that the
law is ambiguous and in
need of state court
interpretation.”
Anonymity and the Internet
ACLU V. Miller
Defendants allege that the statute's purpose is
fraud prevention, which the Court agrees is a
compelling state interest. However, the statute is
not narrowly tailored to achieve that end and
instead sweeps innocent, protected speech
within its scope. Specifically, by its plain
language the criminal prohibition applies
regardless of whether a speaker has any intent to
deceive or whether deception actually occurs.
Anonymity and the Internet
ACLU V. Miller
Defendants respond that the act does not mean
what it says and that, instead, a variety of limiting
concepts should be engrafted onto it. First,
defendants propose to add an element of fraud,
or a specific intent requirement of "intent to
defraud" or "intent to deceive" to the act. None of
these terms or phrases appears in the statute,
however, although they are expressly included in
other Georgia criminal statutes which require
proof of specific intent.
Anonymity and the Internet
ACLU V. Miller
“In construing a statute, the Court must
"follow the literal language of the statute
'unless it produces contradiction,
absurdity or such an inconvenience as
to insure that the legislature meant
something else.'"
Hellooooo.... Isn’t that what the
Legislature does regularly???
Anonymity and the Internet
ACLU V. Miller
The Court concludes that the statute
was not drafted with the precision
necessary for laws regulating speech.
Anonymity and the Internet
ACLU V. Miller
On its face, the act prohibits such protected
speech as the use of false identification to
avoid social ostracism, to prevent
discrimination and harassment, and to protect
privacy, as well as the use of trade names or
logos in non-commercial educational speech,
news, and commentary--a prohibition with
well-recognized first amendment problems.
Computer Crimes - Venue
For the purpose of venue under this
article, any violation of this article shall
be considered to have been committed:
(1) In the county of the principal place of
business in this state of the owner of a
computer, computer network, or any
part thereof;
Computer Crimes - Venue
(2) In any county in which any person
alleged to have violated any provision of
this article had control or possession of
any proceeds of the violation or of any
books, records, documents, or property
which were used in furtherance of the
violation;
Computer Crimes - Venue
(3) In any county in which any act was
performed in furtherance of any transaction
which violated this article; and
(4) In any county from which, to which, or
through which any use of a computer or
computer network was made, whether by
wires, electromagnetic waves, microwaves, or
any other means of communication.
More Georgia Computer Crimes
Remaining Georgia computer crimes
are “crime specific,” such as
Sexual Offenses, Stalking Offenses and
Theft Offenses
We’ll cover later after the break.
Federal Laws on
Cybercrime
Computer Fraud and Abuse Act of 1986

Three goals (page 309 in your textbook)
Confidentiality of data communications
 Integrity of data communications
 Availability of data communications


CFAA is a general purpose cybercrime law
Forensic Issues
Computer Seizures
Who will do seizure?
Who has the best forensic capability?
What will be seized?
Computers, disks, tapes, books, etc.
Education of officers executing search.
Power issues, movement issues,
backup issues
Forensic Issues
Computer Seizures
Backlogs in computer labs result in
searches that take months to get done.
Therefore, we tend to limit search to
specific issues. If you’re looking for
child porn, and you find it, don’t make
lab look for every picture on the system.
It simply doesn’t matter to the jury. Get
ten most gruesome pictures and call it a
day.
Forensic Issues
Computer Seizures
E-mail, or ICQ searches are more
problematic. Cost may force limiting
search to known conversations,
however, you want to search through
the files far enough to determine if other
victims can be located.
Forensic Issues
Computer Seizures
GBI and FBI are generally the only
agencies with qualified forensic
scientists. Even there, pay is an issue.
It’s a new paradigm.
How do you start a “computer nerd” at
twice or three times the salary of a
toxicologist???
Forensic Issues
Computer Seizures
Local law enforcement officer can learn
basic forensics, and probably appear
educated before a jury.... until the
defense brings in a “real” expert who
blows the officer out of the water.
It’s a fact and it’s life in the computer
age.
Terroristic Threats and
Acts
A person commits the offense of a terroristic
threat when he threatens to commit any crime
of violence ... with the purpose of terrorizing
another or of causing the evacuation of a
building... or in reckless disregard of the risk
of causing such terror or inconvenience. No
person shall be convicted under this
subsection on the uncorroborated testimony
of the party to whom the threat is
communicated.
Terroristic Threats and
Acts
Statute requires corroboration, which
was generally difficult to do on a
telephone conversation. Hence, “I’m
going to kill you...” communicated
during a telephone conversation may
not be actionable, at least as a
terroristic threat.
Terroristic Threats and
Acts
However, that same threat,
communicated via e- mail or ICQ or
Instant Messenger or whatever, if a
written record is available, could very
well be prosecuted.
Intercepting
Communications
O.C.G.A. Sec. 16-11-62
It shall be unlawful for (4) Any person
intentionally and secretly to intercept by the
use of any device, instrument, or apparatus
the contents of a message sent by telephone,
telegraph, letter, or by any other means of
private communication;
Intercepting
Communications
But, what if the police seize a computer
and discover a conversation where a
crime is discussed. That conversation,
if by telephone or telegraph, would have
been protected. Not the case with a
computer. Courts have ruled that you
should know that a computer makes a
printed record, so it’s okay for police to
use it.
Intercepting
Communications
Okay, but what was a telegraph
anyway?
Case Studies
Cyber Crime Comes To Life
Officer sets up a meeting with a suspected
cybersex perpetrator. Perp drives to Houston
County, thinking he’s meeting the 13 year old
girl he met on-line. Instead he’s meeting a 35
year old, 225 pound, detective. Whoops,
wrong move.
But is it a crime?
Case Studies
Cyber Crime Comes To Life
Recent Court of Appeals case of State
vs. Dennard ruled that, so long as the
State can prove that a substantial step
was taken toward the commission of the
crime, the State can proceed to trial.
The case was affirmed on certiorari to
the Georgia Supreme Court.
Undercover Officer
Participation
OCGA 16-12-100.2 (f) The sole fact
that an undercover operative or law
enforcement officer was involved in the
detection and investigation of an
offense under this Code section shall
not constitute a defense to prosecution
under this Code section.
Case Studies
Cyber Crime Comes To Life
So mere speech can get
someone in trouble?
Sure, it’s been that way for years. The
only thing different is the computer is
the means of communicating the
offense.
Computer Assisted
Sexual Exploitation
However, Legislature has
recently enacted a
misdemeanor statute that
makes the use of a
computer in the
communication itself
illegal. It is directly on
point, but is it binding?
Computer Assisted
Sexual Exploitation
This legislation is entirely
new, recognizing the
uniqueness of computer
assisted child exploitation
which was not possible
even ten years ago.
Computer Assisted
Sexual Exploitation
O.C.G.A. Sec 16-12-100.2 (d) (1) Effective
7/1/99
It shall be unlawful for any person
intentionally or willfully to utilize a computer
on-line service, Internet service, or local
bulletin board service to seduce, solicit,
lure, or entice, or attempt to seduce, solicit,
lure, or entice a child or another person
believed by such person to be a child,
Computer Assisted
Sexual Exploitation
(d) (1) .. to commit any illegal act ... relating
to the offense of sodomy or aggravated
sodomy; ... relating to the offense of child
molestation or aggravated child molestation;
... relating to the offense of enticing a child
for indecent purposes; ... relating to the
offense of public indecency; or to engage in
any conduct that by its nature is an unlawful
sexual offense against a child.
Computer Assisted
Sexual Exploitation
(d) (2) Any person who violates
paragraph (1) of this subsection shall
be guilty of a misdemeanor of a high
and aggravated nature.
Case Studies
Cyber Crime Comes To Life
Back to the scenario where the perp
comes to Houston County. Can the
perp be charged with Attempted Child
Molestation, or is the State bound to
stick with the newly enacted Sexual
Exploitation statute?
Case Studies
Cyber Crime Comes To Life
In Dennard, the Court of Appeals ruled
that the State can proceed on Criminal
Attempt, even though the crime of
Sexual Exploitation has arguably been
committed. The State commonly goes
after the highest crime committed.
Nothing different here, just because
computer is involved.
ISP Operators Beware
OCGA 16-12-100.2 (e) (1) It shall
be unlawful for any owner or
operator of a computer on-line
service, Internet service, or local
bulletin board service intentionally or
willfully to permit a subscriber to
utilize the service to commit a
violation of this Code section,
knowing that such person intended
to utilize such service to violate this
Code section.
ISP Operators Beware
(2) Any person who violates paragraph
(1) of this subsection shall be guilty of a
misdemeanor of a high and aggravated
nature.
Anonymity Opportunity
In the “old days,” sexual perversion was
certainly present, but the desire to not
be caught diminished the opportunities
to accomplish the crime. Hanging
around the neighbor park was too risky,
especially for bank presidents,
stockbrokers, management types, and
such.
Anonymity Opportunity
Today, a sexual pervert can “hang
around” in teenage chat rooms and find
suitable victims with little risk of
detection. Kids are naturally curious
anyway, but teenagers are looking for
someone who listens to them, a need
which chat rooms seem to fill.
Anonymity Opportunity
After awhile, the “friendship” will
develop to the point that the predator
can talk about sex. Again, teenagers
are naturally curious, so this is not seen
as dangerous to the teenager.
Anonymity Opportunity
Once the predator has established a
trusting relationship, he/she will seek to
make a physical encounter. Usually,
this encounter will be solely about sex
for the predator. There is too much
danger in these encounters to make
“friendly” contacts.
Anonymity Opportunity
The child usually seeks to get out of the
situation once she/he realizes that this
“friend” is not what was portrayed on the
Internet. However, in many instances, it
is too late to back out or stop the
assault. If the child will tell about it,
capture is not difficult as the “paper trail”
is fairly easy to follow.
Georgia Law - Issue
Last point on child sexual crimes. My
office will not release videotapes of
interviews of child molestation victims to
the defense. We are obligated by law to
allow the defendant and his attorney
see the tape. Those tapes contain
descriptions of sexual abuse to children
that would continually victimize the child
should it be uploaded onto the Internet.
Winding Down
Hang On.
Almost Done.
Cyber Stalking
A different twist on an old crime, Cyber
Stalking. Stalking has been going on
for centuries, having grown more
sophisticated as technology has
advanced.
What is stalking?
Cyber Stalking
OCGA 16-5-90. (a) A person commits
the offense of stalking when he or she
follows, places under surveillance, or
contacts another person at or about a
place or places without the consent of
the other person for the purpose of
harassing and intimidating the other
person.
Cyber Stalking
For the purposes of this article, the term
"harassing and intimidating" means a
knowing and willful course of conduct
directed at a specific person which
causes emotional distress by placing
such person in reasonable fear for such
person's safety or a family member’s
safety
Cyber Stalking
by establishing a pattern of harassing
and intimidating behavior, and which
serves no legitimate purpose. This
Code section shall not be construed to
require that an overt threat of death or
bodily injury has been made.
Cyber Stalking
So, pretty obvious how someone could
commit “cyber stalking.” Identity and
jurisdiction becomes an issue, however.
Cyber Stalking
Where in the World is Carmen
Sandiego is a popular game. Finding a
Cyber Stalker is no game, however.
Cyber Theft is Theft…
Theft is nothing new,
computers have simply
changed the way the crime
is committed.
Case Study – Cyber
Theft
Houston County:
Saturday a.m. - Intruder breaks into local
ISP, steals account names and
passwords.
Case Study – Cyber
Theft
Houston County:
Saturday p.m. - Intruder attempts to sell
passwords to another “surfer” on- line.
Case Study – Cyber
Theft
Houston County:
Saturday p.m. - Unknown to intruder, he
was “selling” the stolen data to the ISP’s
security manager.
Case Study – Cyber
Theft
Houston County:
Saturday p.m. - Police
notified. Search warrant
issued. Computer seized.
Case solved.
Case Study – Cyber
Theft
Proving the old adage:
If criminals weren’t stupid, we
wouldn’t catch many of
them.
Protecting Children
(& networks)
Keep Computer In Public Access Room
Install Child Safe Software (NetNanny,
CyberPatrol, etc.)
Know How To Track “History”
Watch Your Child At The Computer,
Regardless of Age
Use a FIREWALL – #1 network protection
Final points
You may see this material on an exam!

Number one fraud on the internet?


Most common computer attack?



Floods the server with data, prevents access
Carnivore – FBI tool for internet wiretaps


Viruses- “malicious logic” vs. worms
Worms are self-replicating, death by expansion, filling
harddrive or bandwidth
Denial of Service Attacks- it’s cybercrime


Auctions!! Ebay users, pay with a credit card!
Makes a copy of email for law enforcement
Money laundering – transfer of money from illegal
operations to legal ones - $1M weighs 30- 50 lbs!
In Closing
Cyber Crime Is Still Crime
Computers Offer Widespread Havoc
Computers Have Detection Issues,
Good and Bad
Forensic Computer Specialists Are Vital
To Crime Fighting Efforts
Thank You for Coming!
Kelly R. Burke
District Attorney
Houston County, Georgia
478.987.2450 or
distatty@houstonda.org
Website: www.houstonda.org