One need not be a law-enforcement officer or a computer-security expert to realize that computer crime is on the rise. These crimes range from computer-network administrators hacking into the computers of current and/or former employees to major credit-card theft and fraud rings. Computer crimes can also include drug trafficking, harassment, sexual exploitation of minors, and a variety of types of theft. The increase of computer crime must be a significant concern for any law-enforcement agency or for anyone responsible for security on any network.
Computer crimes will always involve some type of computer-security breach. While this may seem obvious, Contrary to some people’s belief, “computer-security breach” and “computer crime” are not synonymous. They are related concepts, but not identical ones. When computer professionals begin working with computer crime and forensics, they often make the mistake of assuming the two terms mean the same thing. Most computer-security books, certification tests, and courses discuss types of security breaches. Those breaches are typically categorized as follows (or something very similar):
- Privilege escalation
- Malware (Trojan horse, virus, worm, logic bomb, rootkit, etc.)
- Social engineering
- Session hijacking
- Password cracking
- Denial of service
There are certainly other ways to categorize network-security threats; indeed, if one consults different sources, their lists might be slightly different. All categorizations of security breaches are similar, however, in that they describe the mechanism by which the attack was perpetrated. From a preventative security point of view, this is entirely appropriate. Only by realizing how the attack is perpetrated can you take steps to prevent that type of attack. Put simply, network administrators are primarily concerned with the mechanisms for perpetrating an attack so that they may prevent that attack. They are less concerned with the legal aspects of the act.
In contrast, computer crime is generally broken into categories that emphasize the specific criminal activity taking place rather than the technological process used to execute the attack. Such lists would be similar to the following:
- Identity theft
- Cyber stalking/harassment
- Unauthorized access to computer systems or data
- Non-access computer crimes
These are rather broad categories and encompass a great many activities. This book looks at all of these areas, how to properly investigate computer crime, and computer-forensics procedures, and we examine specific computer-related laws. But it is important for you to begin by realizing the difference between a computer-security breach and a computer crime. The difference is that a computer-security breach is a technique for circumventing normal computer operations, whereas a computer crime is the use of a computer in the furtherance of some criminal activity. A computer crime may be committed without circumventing the normal computer operations. In other words, it is entirely possible to have a computer crime that does not involve a security breach. A great example is cyber stalking. Cyber stalking, may not involve any actual security breach, but uses computers and computer systems in the furtherance of a crime.