NCJ Number
61551
Date Published
1979
Length
22 pages
Annotation
BECAUSE COMPUTER CRIMES ARE NONTRADITIONAL, CARRIED OUT IN ENVIRONMENTS AND BY OFFENDERS WHO DO NOT FIT USUAL IDEAS OF THE CRIMINAL, THIS GUIDE DEFINES COMPUTER CRIME FOR BUSINESSES AND DISCUSSES PREVENTIVE STEPS.
Abstract
THE COMPUTER HAS SPAWNED CRIMINALS IN NEW OCCUPATIONS WHO USE NEW CRIME METHODS, TARGETS, TIMING, AND GEOGRAPHIC BOUNDARIES. ELECTRONIC, PAPER, AND PLASTIC MONEY (CREDIT CARDS) MAY BE THE TARGETS; TIME FOR ENACTMENT OF THE CRIME MAY BE LESS THAN A SECOND; AND THE PERPETRATOR USING A TELEPHONE WITH A COMPUTER TERMINAL ATTACHED MAY ENGAGE AN ONLINE COMPUTER SYSTEM IN ANY PART OF THE WORLD. A FIRM GRASP OF WHAT CONSTITUTES A COMPUTER CRIME IS NEEDED BY BUSINESSES AND CORPORATIONS DESIRING TO PREVENT OR DETECT IT, AS WELL AS ESTABLISHED POLICY TOWARD SUCH OFFENSES AND A PREVENTION PROGRAM. COMPUTER-RELATED CRIME IS BASICALLY ANY ILLEGAL ACT IN WHICH KNOWLEDGE OF COMPUTER TECHNOLOGY PLAYS A ROLE. COMPUTERS HAVE BEEN USED IN THESE ROLES: OBJECTS OF THEFT, MODIFICATION, UNAUTHORIZED USE, ETC.; SUBJECTS OR SOURCES OF UNIQUE FORMS AND KINDS OF ASSETS SUCH AS ELECTRONIC MONEY; INSTRUMENTS OR TOOLS OF CRIME, SUCH AS DEVICES FOR SCANNING TELEPHONE CODES IN ORDER TO MAKE UNAUTHORIZED USE OF THE TELEPHONE; AND SYMBOLS FOR INTIMIDATION OR DECEPTION. A COMPUTER SECURITY PROGRAM AIMED AT COUNTERACTING THESE DEEDS MUST INVOLVE THE ASSIGNMENT OF RESPONSIBILITY FOR COMPUTER SECURITY, PERFORMANCE OF A COMPLETE SECURITY REVIEW AT PERIODIC AND KEY TIMES (THE REVIEW SHOULD CONSIST OF ASSETS IDENTIFICATION, RECOGNITION OF POTENTIAL THREATS, ANALYSIS OF VULNERABILITY, AND SAFEGUARDS IDENTIFICATION AND IMPLEMENTATION); AND LIMITED UPDATES OF SECURITY REVIEWS IN ENVIRONMENTS UNDERGOING CHANGE. ABILITY TO AUDIT CONTROLS IN NEW AND MODIFIED COMPUTER APPLICATIONS, EQUIPMENT, AND PROGRAMS MUST BE MAINTAINED, TRUSTWORTHINESS OF EMPLOYEES MUST BE ESTABLISHED, AND REPORTING OF ALL LOSSES AND ACTIONS MUST BE REQUIRED. SUSPECTED CRIMINAL ACTS MUST BE REPORTED TO AUTHORITIES. STEPS FOR REPORTING AND A SUGGESTED REPORTING POLICY ARE INCLUDED. BUSINESSES WITH THE POTENTIAL FOR BEING VICTIMIZED ARE ADVISED TO MAKE PREVENTIVE CONTACTS WITH THE LOCAL CRIMINAL JUSTICE SYSTEM. (DAG)