Types of Computer Crime
Computer crime, or cybercrime, is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. These categories are not exclusive, and many activities can be character- ized as falling in one or more categories. The term cybercrime has a connotation of the use of networks specifically, whereas computer crime may or may not involve networks.
The U.S. Department of Justice [DOJ00] categorizes computer crime based on the role that the computer plays in the criminal activity, as follows:
• Computers as targets: This form of crime targets a computer system, to acquire information stored on that computer system, to control the target sys- tem without authorization or payment (theft of service), or to alter the integrity of data or interfere with the availability of the computer or server. Using the terminology of Chapter 1, this form of crime involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability.
Computers as storage devices: Computers can be used to further unlawful activity by using a computer or a computer device as a passive storage medium. For example, the computer can be used to store stolen password lists, credit card or calling card numbers, proprietary corporate information, porno- graphic image files, or “warez” (pirated commercial software).
• Computers as communications tools: Many of the crimes falling within this category are simply traditional crimes that are committed online. Examples include the illegal sale of prescription drugs, controlled substances, alcohol, and guns; fraud; gambling; and child pornography.
A more specific list of crimes, shown in Table 23.1, is defined in the interna- tional Convention on Cybercrime.2 This is a useful list because it represents an international consensus on what constitutes computer crime, or cybercrime, and what crimes are considered important.Yet another categorization is used in the CERT 2006 annual E-crime Survey, the results of which are shown in Table 23.2. The figures in the second column indicate the percentage of respondents who report at least one incident in the corresponding row category. Entries in the remaining three columns indicate the percentage of respondents who reported a given source for an attack.