Computer Crime and the impending threat

The Island Feature – by Dappula De Livera (LLM-London)
Deputy Solicitor General – Attorney General’s Department

Certain criminal offences could be committed by the use of a computer which could in turn cause economic damage and even pose a threat to law and order and national security. A computer could either provide the means or the environment within which a crime may be committed.

In other words the computer may either constitute the instrument of the crime or the medium of the crime. It could be the’ object of the crime or the subject of the crime.

The Computer Crime Act No. 24 of 2007 defines a computer to be an electronic or similar device having information processing capabilities.

Most computer crimes are committed by computer hackers. Hacking itself is a computer crime.

Computer crime could be viewed in the context where computers have been used for certain fraudulent purposes, eg: stealing money or property by means, of a computer by dishonestly giving instructions (commands) to a computer to, transfer funds from one bank account to another and thereby withdrawing, the money by means of a stolen or forged bank card.

With the advancement and modernisation of global communication networks including the internet computer crime has reached international dimensions. In the case of In Re Levin (1997) banking computers, situated in the United States of America were penetrated by hackers in St. Petersberg and customer accounts namely accounts of a company from Indonesia were fraudulently debited and proceeds diverted to certain accounts of the perpetrator and his accomplices in Finland, Germany, Israel the Netherlands and US. The eventual sum involved was 12 million US dollars.

Further like the financial sector as described telecom companies have also become the target of computer fraudsters around the world who fraudulently penetrate and manipulate these telephone computer systems and networks to obtain free telephone calls and run fraudulent businesses providing call facilities around the world.

Secondly the computer environment could be used by criminal conduct such as the use of computer viruses to erase or alter, data or information held in a computer or computer network.

Computer crimes constantly threaten the survival of: computer networks and cause economic damage.

The internet could be accessed only by a computer and is vulnerable to computer crime and is one of the main areas of activity of fraudsters and computer hackers.

The computer networks of financial institutions, multi-national corporations and other business conglomerates, government institutions and defence installations and practically all other large scale computer users have become vulnerable and the target of computer crime.

The Computer Crimes Act No. 24 of 2007 identifies computer crime by the creation of several offences. It also provides for the prevention and investigation of such offences.

The two primary offences defined in the Computer Crime Act are basically securing unauthorised access to a computer and the aggravated form when unauthorised access is secured in order to commit a criminal offence.

Any person who intentionally does any act in order to secure access, to any, computer or information held in any computer knowing that he has- no authority to do so commits the offence of securing unauthorised access to a computer.

The House of Lords decision in R v. Bow Street Magistrate and Allison (1999) may find relevancy to explain the above. An employee of a bank who had access to the computer system of the bank used her access to the computer system to obtain personal identification numbers to encode certain credit cards. Counsel argued that since the accused employee was authorised to access the computer system no offence was committed. The court held that the evidence in the case showed that the employee accessed data in accounts that she was not authorised to access and therefore the access she obtained was unauthorised access.

Further any person who causes the unauthorised modification of information held in a computer or causes damage -by impairing the operation of any computer or computer system or computer programme or impairs the reliability of any data or information held in any computer or computer system or computer programme commits an offence under the said statute. This offence is commonly known as unauthorised modification.

In R v. Whitely (1991) the accused gained unauthorised access to a Academic Network and installed his status as Systems. Manager deleted and added files and changed passwords despite certain preventive features installed in the system. His activities caused serious disruption to the network and he was convicted for causing criminal damage of computer disks which had occurred during his operation.

In the case of Cox v. Riley (1986) the accused erased programs from a printed circuit card used to operate a computerised saw for- cutting timber owned by his employer. He was charged with causing criminal damage and was convicted on the basis that the printed circuit card had been damaged and could not be used.

A further offence has been created having national security and the maintenance of public order in the fore front.

Therefore any person who intentionally causes a computer to perform any function knowing that such function will result in danger or imminent danger to national security, the national economy or public order shall commit an offence. Illegal interception of data, communication or information from computers is also an offence under the law.

A person who knowingly and, without lawful authority intercepts any subscriber information (held by service providers relating to subscribers) or traffic data or any communication to or from or within a computer or any electromagnetic emissions from a computer that carries any information commits an offence.

Computer hackers who as referred to above, develop, use and distribute computer viruses which constantly disrupt and threaten the life of computer systems and networks. These hackers who gain unauthorised access to a computer system generally follow up their conduct by either corrupting, destroying, erasing or altering and manipulating data held therein to commit further offences. This conduct is generally achieved by the introduction or promulgation of computer viruses in to the Computer viruses are certain harm ful software which replicates itself and is readily transmitted.

The internet has become the most common method and medium for transmission of these viruses.

A virus can be transmitted when an unsuspecting individual visits a website and could also be easily transmitted and spread by attachments to e-mail messages. A virus starts its destructive work by immediately spreading throughout the system and corrupting and clogging the system. Viruses directed at computer networks of businesses engaging in e-commerce would certainly disrupt business activity and cause large scale economic losses, to these entities.

Actions described above will more often than not give rise to liabilities in civil law. A hacker who copies information stored in a computer could also infringe copyright under civil law.

From a criminal law context in the case of Oxford v. Moss (1978) it was held that confidential information does not come within the definition of property for the purpose of theft.

There is no doubt that computer crime has come to stay. The proliferation of computer crime has been compounded by the lack of reporting of victims such as large commercial entities who are concerned about their reputation and want to avoid adverse publicity. The lack of expertise in investigation and prosecution of these offences and lack of awareness among judges have contributed to the issue.

In recent times it has been seen that computer crimes are been committed by the very own employees of the organisation of which these employees are situate. An employee who uses an unauthorised password to gain access to information stored in a computer (when he knew he in fact had no authority to access) could be found guilty of gross misconduct and face probable dismissal from employment. Employers ought to take the initiative and clamp down on errant employees in order to stem the problem.

It would be more important to prevent computer crime. Therefore it is important for organisations to employ methods of prevention.

It is therefore important that organisations carry out mandatory risk based analysis and audit of their systems and conduct monitoring and review and implement strict IT security policies by developing secure and controlled environments taking into consideration all possible risk factors.

The changing of passwords regularly with hierarchical control access and the use of a double password system could just be one step in the preventive strategy. The use of anti-virus software, erection of firewalls, maintaining backups are some methods that could be employed in a preventive strategy and also the education, training and awareness afforded to employees in this regard could also serve as a positive vital step.

To demonstrate the risk and threat that computer crime could pose to the national security of a country is the case of a terrorist hacker who gains unauthorised access to the computer systems of a nuclear installation or air defence systems of a country or for instance air craft flight control and manipulates the systems to cause destruction.

In the backdrop of 9/11 countries should be mindful of possible terrorist threats associated with the use of computers and would be encouraged to develop legislation to compel relevant organisations and entities to adopt strict IT Security Policies and engage in mandatory preventive measures in order to prevent the likelihood of any catastrophic occurrences from happening in the future.