Forensic and Investigative Accounting Chapter 1

Forensic and Investigative Accounting
Chapter 15
Cybercrime Management:
Legal Issues
© 2011 CCH. All Rights Reserved.
4025 W. Peterson Ave.
Chicago, IL 60646-6085
1 800 248 3248
www.CCHGroup.com
Introduction to Cybercrime
Most common complaints:
 Virus attacks ............................................... 50%
 Insider abuse of net access ......................... 44%
 Laptop/mobile theft .................................... 42%
 Unauthorized access to information ........... 29%
 Denial of service ......................................... 21%
 System penetration ...................................... 13%
 Abuse of wireless network…....................... 14%
 Financial Fraud …….....................................12%
Chapter 15
Forensic and Investigative Accounting
2
Net Frauds
Net frauds ensnare unsuspecting Internet
users into giving up their resources to an
online criminal.
Chapter 15
Forensic and Investigative Accounting
3
Unauthorized Access to
Network Assets
Unauthorized access to steal proprietary
information can be considered a distinct crime
from fraud.
Chapter 15
Forensic and Investigative Accounting
4
Types of Unauthorized Access
Access using wardialers in modem attacks.
 Access via buggy software.
 Access via trusted server.
 Backdoor entry.
 Access via social engineering.

Chapter 15
Forensic and Investigative Accounting
5
Intangible Assets
Information on the Internet and in computer
databases represents intangible assets
composed of bits and bytes.
 The destruction of electronic representations or
the erasure of data without physically
damaging a tangible computer asset may not
be considered a crime.
(continued on next slide)

Chapter 15
Forensic and Investigative Accounting
6
Intangible Assets
If data is accessed but not used for any
purpose, then no crime may have been
committed.
 Statutes may not provide for the recognition
of criminal trespass, a property crime, based
on a virtual presence (and no physical
presence).

Chapter 15
Forensic and Investigative Accounting
7
1986 OECD Time Capsule Recommendations
1.
2.
The input, alteration, erasure and/or
suppression of computer data and/or computer
programmes made willfully with the intent to
commit an illegal transfer of funds or of
another thing of value;
The input, alteration, erasure and/or
suppression of computer data and/or computer
programmes made willfully with the intent to
commit a forgery;
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
8
1986 OECD Time Capsule Recommendations
3.
4.
The input, alteration, erasure and/or
suppression of computer data and/or computer
programmes, or other interference with
computer systems, made willfully with the
intent to hinder the functioning of a computer
and/or telecommunication system;
The infringement of the exclusive right of the
owner of a protected computer programme
with the intent to exploit commercially the
programme and put it on the market;
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
9
1986 OECD Time Capsule Recommendations
The access to or the interception of a
computer and/or telecommunication system
made knowingly and without the
authorization of the person responsible for
the system, either (i) by infringement of
security measures or (ii) for other dishonest
or harmful intentions.
5.
Chapter 15
Forensic and Investigative Accounting
10
Cybercrime or Not?
Spoofing.
 Use of bots.
 Chaffing.
 Steganography.

Chapter 15
Forensic and Investigative Accounting
11
International Law
Although approximately 240 countries have IP
domain registrations, the countries with
cybercrime statutes are fewer.
 Some countries have broad provisions for
computer crimes, some have limited
provisions, and still some have no provisions
at all.
(continued on next slide)

Chapter 15
Forensic and Investigative Accounting
12
International Law
In 2001, the Council of Europe Convention on
Cybercrime issued a model law for its
member states including transactional
cooperation recommendations. The Council’s
model law has 48 sections for incorporation
into national laws on cybercrime.
Chapter 15
Forensic and Investigative Accounting
13
Federal Statutes Related to
Cybercrimes
18 U.S.C. 1029 Fraud and Related Activity in
Connection with Access Devices
18 U.S.C. 1030 Fraud and Related Activity in
Connection with Computers
18 U.S.C. 2701 Unlawful Access to Stored
Communications
Chapter 15
Forensic and Investigative Accounting
14
USA Patriot Act of 2001
The USA Patriot Act has strengthened U.S.
cyber laws and expanded cybercrime
definitions.
 Under the Act, an activity covered by the law
is considered a crime if it causes a loss
exceeding $5,000, impairment of medical
records, harm to a person, or threat to public
safety.
(continued on next slide)

Chapter 15
Forensic and Investigative Accounting
15
USA Patriot Act of 2001
Amendments made by the Act make it
easier for an Internet service provider (ISP)
to make disclosures about unlawful
customer actions without the threat of civil
liability to the ISP.
 Another revision made by the Act provides
that victims of hackers can request law
enforcement help in monitoring trespassers
on their computer systems.

Chapter 15
Forensic and Investigative Accounting
16
Draft Legislation: Cybersecurity
Act of 2009
Gives the President power to shut down the
Internet in case of an national emergency
 Sets national standards for cybersecurity
and qualifications for cybersecurity
professionals
 The legislation is still pending.

Chapter 15
Forensic and Investigative Accounting
17
State Legislation
Many of the states have separately enacted
money laundering, identity theft, online
gambling, cyberstalking and other Internet
statutes in their codes.
 Many statutes do not refer to “cybercrimes” as
they were originally enacted when there was
no Internet. Thus, legislative oversight in the
acts tends to focus on “computer crimes,”
“unlawful access,” or “property crimes.”

Chapter 15
Forensic and Investigative Accounting
18
Fighting Cybercrime
The following list describes the skill set needed
to fight cybercrime:
– Ability to build an Internet audit trail.
– Skills needed to collect “usable” courtroom
electronic evidence.
– Ability to trace an unauthorized system user.
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
19
Fighting Cybercrime
– Knowledge base to use in recommending or
reviewing security policies.
– Knowledge of the most recent computer fraud
techniques.
– Basic understanding of the information that can
be collected from various computer logs.
– Ability to place a valuation on incurred losses
from attacks.
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
20
Fighting Cybercrime
– Technical familiarity with the Internet, web
servers, firewalls, attack methodologies,
security procedures, and penetration testing.
– Understanding of organizational and legal
protocols in incident handling to prevent
employee rights violations.
– An established relationship with law
enforcement agencies.
Chapter 15
Forensic and Investigative Accounting
21
Filing Reports of Cybercrimes
An investigator should know where, besides
law enforcement, such crimes can be
reported. There are a number of websites that
collect information about events that may be
cybercrimes.
Chapter 15
Forensic and Investigative Accounting
22