CRIME ENTERS THE INFORMATION AGE

Susan M. Anstead
University of Maryland University College, Fall 1997

INTRODUCTION

In recent years, our world has experienced significant changes brought on by the Internet. Data can be transferred between individuals and companies on opposite sides of the globe in mere seconds. One can browse a catalog and order a variety of products without ever leaving their home. Resources for quality research can be obtained without ever setting foot in a library.

But the Internet has also brought problems, such as new categories of crime that did not exist in the pre-computer age. Hacking and spreading computer viruses are everyday issues with computer users, and many other crimes are now being committed through the use of a remote computer, rather than in person. A criminal need no longer set foot in a bank to commit robbery -- there have been several examples of electronic bank robberies, using electronic transfers. In addition, the computer has been used to supplement already criminal behavior, such as child pornography and pyramid schemes.

The purpose of this paper is to outline types of crimes that have surfaced in this, the Information Age and to discuss technologies and procedures to minimize problems. In addition, topics of prevention and legislation which address the issue of Internet crime will be covered.

PROBLEMS RELATING TO COMPUTER CRIME

Prior to the introduction of computer networking, crimes were usually committed within one jurisdiction, be it a city, county, state, or country. But through the international networks that comprise the Internet, criminals have found a new medium. Laws, criminal justice systems, and international cooperation have not kept pace with technological changes, and only a few countries have adequate laws to address the problem. No country has resolved all the legal, enforcement, and prevention problems associated with computer crime.

On the International level, numerous factors hamper the effective prosecution of many computer crimes. First, there is no global consensus on what constitutes computer crime. Several organizations, such as the United Nations and the Organization for Economic Cooperation and Development (OECD) have attempted to address this, but their influence is sometimes limited. Given that computer crime is a relatively new phenomenon, there exists a lack of expertise on the part of police, prosecutors, and the courts in this field. Many people consider that current legal powers are inadequate for accessing computer systems in order to gain evidence in computer crimes, and there is a lack of consensus between different national procedural laws relating to the investigation of computer related crime. As with all crime, there is also a lack of global consensus on the legal definition of criminal conduct, and problems exist with extradition and law enforcement mechanisms that would permit international cooperation.[1]

FREQUENCY

It is very difficult to determine the amount of computer crime that occurs since it is a crime that often goes undetected. A recent General Accounting Office report estimated that Department of Defense computers alone are attacked some 250,000 times yearly, with 160,000 successful entries.[2] A similar study in May 1996 by the Defense Information Systems Agency found that as many as 250,000 attempts were made to breach defense department computer systems, and of those, 65% were successful.[3]

It is estimated that computer fraud in the United States alone exceeds $3 billion each year. This is significant considering that less than 1% of all computer fraud cases are detected, and over 90% of computer crime goes unreported. A study of BYTE magazine readers found that 53% have suffered losses of data that cost an average of $14,000 per occurrence.[4]

At any time, there are more than 2,500 viruses circulating worldwide, with new ones being developed daily. A survey of over 600 companies and government agencies in the United States and Canada showed that 63% found at least one virus on their computers in the past year.[5]

TYPES OF COMPUTER-RELATED CRIME

Computer-related crime can be classified into two areas: computer crime and all crimes other than direct computer crime. Computer crime consists of acts defined as criminal by Federal or State computer crime statutes and involve the use of a computer or computer information. Other crimes are those where the computer is used in the planning and/or execution of a crime. For the purposes of this paper, we will refer to all computer-related crimes as computer crimes.[6]

It is difficult to classify all the different types of computer crime. The Department of Justice defines computer crimes as "any violations of the law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution."[7] It may be a target or the object of a crime, it may be the physical site of the crime, or it may be the instrument used to commit the crime. Some of the most widely known include the following:
 

  1. Computer network break-ins. By using tools installed on a remote computer, an individual breaks in to computer systems to steal data, plant viruses or "Trojan Horses," or to create problems of a less serious nature by changing user names or passwords.[8] Sometimes, network break-ins are facilitated by individuals within the organization. Kevin Poulson was so good at cracking government and military systems that the defense industry offered him a job as a security-cleared consultant, testing the integrity of Pentagon security systems. However, Poulson continued to hack his way into these systems at night, and in 1989, he was convicted on 19 counts of conspiracy, fraud, wiretapping, and money laundering. He conspired to steal classified military orders, cracked an Army computer, and snooped into an FBI investigation of former Philippine president Fernando Marcos. His indictment was later amended to include charges of espionage and possession of classified documents.[9]
  2. Industrial espionage. The act of retrieving information about product development and marketing strategies.[10]
  3. Copyright infringement. With the numerous number of documents available through the Internet, enforcing copyrights is becoming difficult. One of the most controversial cases of copyright infringement on the Internet involves the Church of Scientology. Dennis Erlich, a former member of the Church, loaded copies of stolen works of the Church of Scientology onto an Internet bulletin board. He was accused of violating trademarks. Erlich continued to post such materials, despite orders to cease and desist.[11]
  4. Software piracy. Illegally copied and/or distributed software create serious financial problems for the originators of copyrighted software program. CYBERSTRIKE, an FBI investigation, recently collected evidence where individuals and groups had disseminated protected and/or restricted and copyrighted software through the use of computer bulletin boards systems, Internet FTP, and Internet IRC.[12] In addition there is a common problem with software licenses. According to the law, a license must exist for each copy of software installed on a computer. However, particularly in many office environments, programs are simply copied from one computer to another.
  5. Child pornography. This is one of the few computer crimes that is illegal both on and off the Internet. It involves images of children in varying stages of dress and performing a variety of sexual acts. A recent child pornography case involving Bulletin Board Systems (BBS) extended beyond the online world. Gene Howland and Daniel Van Deusen ran a BBS containing graphic sex stories and images, including child pornography. Using this bulletin board, they lured two teenage boys to their home and sexually assaulted them. Both Howland and Van Deusen were indicted on charges of sexual assault, aggravated sexual assault, and indecency with a child.[13]
  6. "Mail bombings" (assault). With the increase in the use of electronic mail has come the problem of individuals instructing a computer to repeatedly send electronic mail to a specified person's e-mail address, thus overwhelming the recipient's personal account and potentially shutting down the entire system. Many question if this is illegal, but it is certainly disruptive. An example of mail bombings involved Michelle Slatella and Josh Quittner. Someone jammed their mailboxes with thousands of unwanted pieces of e-mail, finally shutting down their Internet access. In addition, their telephone had been reprogrammed to forward calls to an out-of-state number, where callers heard lewd messages.[14]
  7. Password sniffers. Programs have been developed that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Security experts at Carnegie Mellon University estimated last year that more than a million passwords have already been stolen on the Internet.[15]
  8. Spoofing. In order to gain access to a system that might otherwise be restricted, one computer can be disguised to "look" like another. Accesses to the shadow Web are funneled through the attacker's machine, allowing the attacker to monitor all of the victim's activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim's name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web.[16]
  9. Credit card fraud. The United States Secret Service believes that half a million dollars may be lost annually by consumers who have credit card and calling card numbers stolen from online databases.[17] MSN Australia sent all local customers a warning e-mail in April 1997, alerting users to a "rogue message." This message demanded that subscribers' forward their credit card numbers, bank name, address and other confidential details to a source claiming to be the "MSN Credit Department." The fraudulent e-mail claimed: "Due to a complicated problem with our system, we have lost the information that links your account's sign-on name and password with our billing record." Customers were requested to provide their normally confidential details immediately. For complying, users were promised a 50 per cent discount on their next monthly bill. MSN denied sending the original message.[18]
  10. Viruses. A program that spreads by making copies of itself. It is generally spread by writing copies of themselves into other programs or into boot records of disks. Viruses can cause various types of problems, from making strange graphics appear on the screen to crashing an entire network.
  11. Fraud. Illegal entrepreneurs and businesses on the Internet have appeared throughout the Internet, including pyramids and other supposed money-making schemes.[25] An example of recent online fraud involved Fortuna Alliance, an alleged pyramid scheme run over the World Wide Web. The Federal Trade Commission (FTC) officials estimate that this scheme pulled in more than $6 million by promising investors $5,250 monthly for an investment of no more than $250 each month.[26] Another recent situation involved consumers having their computer modems switched automatically to expensive international numbers when trying to download special software to view sexually explicit images for free. Without the users' knowledge, their modem was disconnected, and then redialed a 900-type number routed through the former Soviet Republic of Moldavia and terminated in Canada. This resulted in the users getting hefty phone bills, often totaling hundreds or thousands of dollars. On November 3, 1997, the FTC ruled that these consumers will get full credit for the calls, totally more than $2.74 million.[27]
  12. Terrorism. Although this has not yet become a serious issue at this point, there is much concern that it will in the future. Some of the concerns include the possibility of individuals:
In 1986, the Organization for Economic Cooperation and Development (OECD) published the report Computer-Related Crime: Analysis of Legal Policy which surveyed the existing laws and proposals for reform in a number of Member States and recommended a list of abuses that countries should consider prohibiting and penalizing by criminal laws. These include: PREVENTION

At this point, it is impossible for networked computer users to guarantee they will be safe from computer crime. There are, however, many things they can do to lower their risk.

In order to keep access to the network limited to those with authorization, most networks now have firewalls. These hardware and software components are installed in the network and operate by checking and blocking selected incoming network traffic. Firewalls are still in their infancy, and are not foolproof.[30]

Another feature used to protect information traveling over networked systems is encryption. Through encryption, readable text is transformed into indecipherable text which can only be deciphered by the intended receiver. Currently, there is a great deal of controversy over encryption, specifically how advanced the encryption program can be, and whether legal authorities can or should have access to the encrypted data. Government agencies, particularly those involved in National Security, are concerned that the development of sophisticated encryption programs will hamper their efforts to intercept sensitive information. For example, such agencies are often involved in monitoring the activities of anti-government organizations through deciphering communications. If these organizations are permitted to use advanced encryption programs, government agencies are concerned that the result would be a national security threat.[31]

The biggest encryption controversy is over how tightly the government should regulate the technology. Law enforcement officials would like access, with a court order, to all systems. The Clinton administration has backed them and has supported tight controls on the export of encryption technology.

On the other side are most U.S. software companies. They maintain that export regulations make it difficult to compete with international companies that do not have to meet the same requirements. Also on this side are privacy advocates, who aim to keep the government from monitoring private conversations.[32]

Currently, there are two bills in Congress regarding encryption. The first is the Security And Freedom Through Encryption (SAFE) Act of 1997 sponsored by Rep. Robert Goodlatte (R-Va.), and is backed by software companies.[33] The following are specific points in the bill:

The second bill, sponsored by Sen. John McCain (R-Ariz) and Sen. Robert Kerrey (D-Neb.) is the Secure Public Networks Act (SPNA), which has the support of the Senate Commerce, Science, and Transportation Committee. According to the sponsors, this legislation relies on market incentives rather than strict mandates to enhance security on public networks, and punishes those who violate privacy laws. It creates a basis for using security measures necessary for network commerce and communications without compromising the government's ability to fight crime and terrorism.[35]

The bill includes the following provisions:

The bill also provides for speedy processing of individual licenses that permit the sale of controlled encryption products to foreign customers. The SPNA makes it easier to export encryption software than current law.[37]

The legislation is tough on those who would use encryption technology to commit crime or use their position to violate privacy and property rights. The bill also includes a voluntary system of federal registration for key recovery agents and certificate authorities. These service providers would be required to meet minimum standards that would give users confidence that their security is being protected when using a registered agent or authority.[38]

Another form of protecting networked data is through the use of an authentication program. These programs run checks to prove that the user or system is actually who or what it claims to be.[39] The process of identifying an individual is usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.[40]

Companies can reduce their risk by avoiding dial-in connections, or they should have trace-back protocols on the network so the network can ensure all access is authorized.[41] Businesses operating networked computer systems should consider instituting some or all of the following components to assist in preventing computer crime:

Those companies who provide Internet access should consider the following additional measures: Although much of the responsibility for preventing computer crime falls on businesses, individuals connected to networks should also undertake steps to protect themselves. These include: LAWS

The first comprehensive Federal computer crime statute was the Computer Fraud and Abuse Act of 1986.[45] This Act amended Title 18 of the United States Code Section 1030 to increase penalties for six types of computer activities:

Violations of this Act can result in result in fines and up to 20 years in prison.[47]

One of the most famous cases involving this statute was United States v. Morris (Second Circuit, 1991).[48] This case regarded the 1989 prosecution of Robert Tappan Morris, a Cornell University graduate student who released a computer "worm" across the Internet as an experiment to demonstrate the inadequacies of existing computer security networks. However, the worm replicated itself and re- infested computers at a much faster rate than Morris had anticipated, causing computers across the country to come to a halt. Morris was convicted of preventing the authorized use of a "federal interest computer". However, through this case, it was determined that the Computer Fraud and Abuse Act omitted references to what is called malicious code -- computer viruses that can alter, damage or destroy computerized information.[49]

As a result, the Computer Crime and Abuse Act was amended in 1992 to include the following acts:

In another attempt to legislate computer crimes, Congress amended the federal wiretap law in 1986, passing the Electronic Communications Privacy Act (ECPA) to expand federal jurisdiction and to criminalize the unauthorized interception of stored and transmitted electronic communications.[51] Specific provisions of the ECPA include the following acts: Depending on which provision of the ECPA is violated, penalties can include fines up to $250,000 and/or up to one year in prison.[53]

One noteworthy case involving the ECPA is United States v. Riggs (11th Circuit, 1992).[54] Riggs was a hacker who accessed a telephone company's system without authorization to download a text file detailing the operation of the company's 911 system. He then transferred the file to another computer through an interstate computer network. He was convicted, based on the ECPA, citing his use of fraudulent means to access the telephone company's system and his attempts to disguise his authorized access.[55]

GROUPS

In recent years, numerous organizations have been formed to study and combat computer crime. In February of 1992, the Federal Bureau of Investigation (FBI) instituted the National Computer Crime Squad (NCCS), whose purpose is to investigate violations of the Computer Fraud and Abuse Act.[56] Violations of the Computer Fraud and Abuse Act include intrusions into government, financial, most medical, and "Federal interest" computers. Federal interest computers are defined by law as two or more computers which involved in the criminal offense and are located in different states. Therefore, a commercial computer which is the victim of an intrusion coming from another state is a "Federal interest" computer.[57]

The National Computer Crime Squad investigates the following types of crimes:

New and evolving computer and information technologies present law enforcement with the challenge of protecting the nation's critical infrastructures and electronic networks from criminal and terrorist computer attacks. As a result, the FBI has established the Computer Investigations and Infrastructure Threat Assessment Center (CITAC) to coordinate the criminal, counterterrorism and counterintelligence responsibilities of the FBI relating to computer intrusions and threats.[59] Its creation allows the FBI to view cases from both law enforcement and counterintelligence perspectives. CITAC and the components under CITAC will provide support for law enforcement at all levels, and every Special Agent in Charge of an FBI field office has a working group of local officials identifying critical infrastructure vulnerabilities, as well as planning and preparing for foreseeable contingencies.[60]

In 1992, the Federal Bureau of Investigation established one of the most effective groups in handling computer crime, the Computer Analysis and Response Team (CART).[61] CART is specialized group of forensic examiners with the technical expertise and resources to examine computers, networks, storage media and computer-related materials in support of FBI investigations. The Computer Analysis and Response Team (CART) assists FBI field offices in the search and seizure of computer evidence and provides technical support for the investigation and prosecution of cases involving such evidence. CART includes a state-of-the-art forensic Laboratory comprised of computer specialists located at FBI Headquarters and a network of trained and equipped special agents assigned to both selected FBI field offices and the FBI Western Regional Computer Support Center in Pocatello, Idaho. CART conducts examinations in which information is extracted from magnetic, optical, and similar storage media and converted into a form which is usable to investigators or prosecutors.[62]

Groups have also been formed in the private sector to combat computer crime. The CERT Coordination Center is an organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during the Internet worm incident. CERT also works with the Internet community to facilitate its response to computer security events involving Internet hosts, takes proactive steps to raise the community's awareness of computer security issues, and conducts research targeted at improving the security of existing systems.[63]

CERT provides a number of services, including 24-hour technical assistance for responding to computer security incidents, product vulnerability assistance, technical documents, and seminars. In addition, the team maintains a mailing list for CERT advisories, and provides a web site, and an anonymous FTP server where security-related documents, CERT advisories, and tools are available.[64]

In order to increase the ability of law enforcement officials to handle computer crimes, the Federal Law Enforcement Training Center near Brunswick, Georgia now trains police officers in "cyber-sleuthing".[65] Some of the courses offered in this program include:

Even the White House has become involved in the study of computer crime. On July 15, 1996, President Clinton signed Executive Order 13010 establishing the President's Commission on Critical Infrastructure Protection.[67] The Commission was chartered to conduct a comprehensive review and recommend a national policy for protecting critical infrastructures and assuring their continued operation. A large part of the Commission's studies involve computer threats.

The Commission, in a report released in October 1997, concluded that the "development of the computer and its astonishingly rapid improvements have ushered in the Information Age that affects almost all aspects of American commerce and society".[68] A personal computer and a telephone connection to an Internet Service Provider anywhere in the world are enough to cause a great deal of harm. However, the Commission acknowledges that it has "not discovered an imminent attack or a credible threat sufficient to warrant a sense of immediate national crisis."[69] Yet, according to MSNBC Online, the Commission warned President Clinton that "some kind of sneak attack -- domestic or foreign -- is inevitable."[70]

The full text of the report is not available to the public for security reasons; therefore specific recommendations of the Commission are not available. We do know, however, that they have recommended a sector-by-sector cooperation and information sharing strategy, involving cooperation between owners and operators and appropriate government agencies, particular the National Institutes of Standards and Technology (NIST) and the National Security Agency (NSA).[71] The Commission also recommends creating a national warning center, with companies reporting all attempts at computer break-ins. However many believe that this will not materialize, as many businesses are reluctant to reveal exactly how vulnerable they are to computer sabotage.[72]

According to MSNBC Online, the Commission has also recommended that the government increase current spending to prevent hackers from using computer networks to sabotage U.S. infrastructure to $1 billion by 2004.[73] As a result of numerous attempts to break into the White House electronically (daily attempts according to some sources), a $10 million contract was recently awarded to improve and protects the computers there.[74]

CONCLUSION

It is clear that the proliferation of computers throughout the world poses numerous threats to personal, business, and national safety. Through the use of computer networks, we in the Information Age are witnessing a world without boundaries. These open communications provide citizens of the world unheard of opportunities to obtain information that would previously been unavailable. But in any society, there are individuals and factions that make use of beneficial resources for criminal means, and in this new global arena, we are faced with problems not encountered with earlier types of crime. Most laws and means of enforcement do not extend beyond governmental boundaries, making enforcement of computer crimes more difficult. Many agencies (both public and private) are working to find solutions to these problems, and progress is being made. At the same time, many governments are now cooperating when dealing with cross-national crimes.

The potential threat to individuals, businesses, and governments is substantial. Individuals could lose entire systems as a result of viruses. Businesses may be jeopardized if a competitor accesses their network and steals trade secrets. Government security could be threatened if critical systems, such as those controlling weapon systems, are illegally accessed. But the greatest threat could come as a result of attacks on critical infrastructures, such as pharmaceutical and food companies, utilities, and transportation systems.

It is vital that the nations of the world continue to work towards protecting computer networks and individual systems by enacting laws and punishments to deter potential computer criminals. They must agree on a minimum standard of what will be considered criminal so that enforcement can occur. At the same time, the computer industry must continue to develop ways to keep networks safe. This will occur through enhancing current security systems and working with the government to find an acceptable means of encryption.

However, I believe it is important for general computer users to keep the level of concern over computer crime to realistic levels. Yes, there are threats. When airlines began transporting people worldwide, there were few controls to ensure that passengers would not be subjected to terrorist acts, or that passengers would transport illegal items internationally. But over the years, we have developed safety and security measures to ensure that any risk is minimized. Yes, incomprehensible acts still occur, but those who travel realize that their risk of being involved in such a situation is slim. Our world will never be completely safe, and we should expect no more of computer networks than we do other forms of worldwide infrastructure.

The Internet is in its infancy. We are still in a learning stage. Through laws and technology, the networked computer world will continue to prosper and threats to computer security will be minimized.

@1997, Susan M. Anstead, University of Maryland University College.
(connysmom@yahoo.com)


ENDNOTES

[1] International Review of Criminal Policy -- United Nations Manual on the Prevention and Control of Computer Related Crime. (1997, September 23). [Online]. Available at http://www.IFS.univie.ac.at/~npr2gq1/rev4344.html.
[2] Rodger, Will. Cybercops Face Net Crime Wave. (1996, June 17). [Online]. Available at http://www.zdnet.com/intweek/print/960617/politics/doc1.html.
[3] Flick, Anthony R.. Crime and the Internet. (1997, October 3). [Online]. Available at http://www.rwc.uc.edu/bezemek/PaperW97/Flick.htm.
[4] Is There a Security Problem in Computing?. (1997, September 23). [Online]. Available at http://jaring/nmbu.edu/notes/security.htm.
[5] IBID
[6] Rose, Lance (1995). NetLaw. Berkeley, California: Osborne McGrall-Hill. pp. 201-202.
[7] A Crime By Any Other Name. Church of Scientology International. (1995). [Online]. Available at http://www.theta.com/goodman/crime.htm.
[8] IBID
[9] IBID
[10] IBID
[11] IBID
[12] Owens, Charles L.. Computer Crimes and Computer Related or Facilitated Crimes, Statement Before the Subcommittee on Technology, Terrorism, and Governmental Information, Committee on the Judiciary, United States Senate. (1997, March 19). [Online]. Available at http://www.fbi.gov/congress/compcrm/compcrm.htm.
[13] A Crime By Any Other Name
[14] Elmer-Dewitt, Philip. Terror on the Internet, TIME Domestic. (1994, December 12). [Online]. Available at http://www.pathfinder.com/@@mtzwqQQA*x06kbeS/time/magazine/domestic/1994/941212/941212.technology.html.
[15] University of Michigan Information Technology Policies and Guidelines. (1997, October 14). [Online]. Available at http://www.skyinet.net/noc/pw-security.html.
[16] Web Spoofing: An Internet Con Game. (1997, October 14). [Online]. Available at http://www.cs.princeton.edu/sip/pub/spoofing.html.
[17] Voss, Natalie D.. Crime on the Internet, Jones Telecommunications and Multimedia Encyclopedia. (1997, September 23). [Online]. Available at http://www.digitalcentury.com/encyclo/update/crime.html.
[18] MSN (Microsoft Network) Users Hit By Credit Card Fraud. (1997, October 14). [Online]. Available at http://www.creditnet.com/cgi-bin/netforum/scams-ripoffs/a/3--1.
[19] Is There a Security Problem In Computing?
[20] IBID
[21] IBID
[22] Chess, David. Things That Go Bump In the Net. (1997, September 23). [Online]. Available at http://www.research.ibm.com/xw-D953.bump.
[23] IBID
[24] IBID
[25] Aguilar, Rose. Pyramid Cases at Peak of Online Fraud. C/Net. (1996, June 4). [Online]. Available at http://www.news.com/news/item/0,4,1480,00.html.
[26] Rodger, Will.
[27] ABC News Online. Feds Clamp Down on Internet Fraud. (1997, November 4). [Online]. Available at http://www.abcnews.com/sections/scitech/internetfraud1104/index.html.
[28] Collin, Barry. The Future of CyberTerrorism: Where the Physical and Virtual Worlds Converge. (1997, September 23). [Online]. Available at http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm.
[29] International Review of Criminal Policy.
[30] Flick, Anthony R.
[31] IBID
[32] Digital Security: Who Holds the Keys?. Washington Post Online. (1997, September 25). [Online]. Available at http://www.washingtonpost.com/wp-srv/tech/analysis/encryption/encrypt.htm
[33] SUMMARY OF THE SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT OF 1997. (1997, October 30). [Online]. Available at http://www.house.gov/goodlatte/enc_sum.htm.
[34] IBID
[35] Kerrey, Bob (Senator). Private, Market-Based Key Recovery System Will Protect National Security and Personal Privacy. (1997, October 30). [Online]. Available at http://www.senate.gov/~kerrey/encrypt/rollcall.html
[36] IBID
[37] IBID
[38] IBID
[39] Flick, Anthony R.
[40] PC Webopaedia. (1997, October 30). [Online]. Available at http://www.pcwebopaedia.com/authentication.htm [41] Federal Bureau of Investigation National Computer Crime Squad. (1997, October 5). [Online]. Available at http://www.fbi.gov/programs/nccs/compcrim.htm.
[42] IBID
[43] Howard, John D.. An Analysis of Security Incidents On the Internet, Chapter 16, Conclusions and Recommendations. Carnegie Mellon University. (1997, April 7). [Online]. Available at http://www.cert.org:80/research/JHThesis/Chapter16.html.
[44] IBID
[45] Flick, Anthony R.
[46] IBID
[47] IBID
[48] Biros, Mark J. and Urban, Thomas F.. New Computer Crime Statutes Close Loopholes. National Law Journal. (1997, September 23). Available at http://www.ljx.com/securitynet/articles/0325nlj.htm.
[49] IBID
[50] Rasch, Mark D.. Computer Security: Legal Lessons in the Computer Age, Security Management. (1996, April). [Online]. Available at http://www-swiss.ai.mit.edu/6.805/articles/rasch-comp-law-html.
[51] Sandberg, Chris. Computer Crime and the Law, InfoNation. (1997, September 23). [Online]. Available at http://www.info-nation.com/comcrime.html.
[52] IBID
[53] IBID
[54] Biros, Mark J. and Urban, Thomas F.
[55] IBID
[56] Federal Bureau of Investigation National Computer Crime Squad
[57] IBID
[58] IBID
[59] Freeh, Louis J.. Statement Before the United States Senate Committee on the Judiciary and the United States House of Representatives Committee on the Judiciary, Subcommittee on Crime. (1997, June 4). [Online]. Available at http://www.fbi.gov/congress/oversight/clear.htm]
[60] IBID
[61] IBID
[62] Investigative Operations and Support Section, Federal Bureau of Invetigation. (1997, October 14). [Online]. Available at http://www.fbi.gov/lab/report/compana.htm
[63] The CERT Coordination Center FAQ. (1997, August 12). [Online]. Available at http://www.cert.org/cert.faqintro.html.
[64] IBID
[65] A Crime By Any Other Name.
[66] Federal Law Enforcement Training Center Catalog of Training Programs. (1997, October 14). [Online]. Available at http://www.ustreas.gov/treasury/bureaus/fletc/97fedcat.asc
[67] Report Summary: The President's Commission on Critical Infrastructure Protection. (1997, October). [Online]. Available at http://www.pccip.gov/summary.html.
[68] IBID
[69] IBID
[70] MSNBC Online. Report: Essential Computers at Risk. (1997, October). [Online]. Available at http://www.msnbc.com/news/117803.asp.
[71] Report Summary: The President's Commission on Critical Infrastructure Protection.
[72] MSNBC Online.
[73] IBID
[74] IBID


1