|
by Natalya
Akhtyrskaya
Crimes classification in the sphere of
computer technologies as individual and pesthole
(methodological questions of
investigation)
The processes of world globalization have captured
practically all spheres of human activity: economy, culture, information space,
technologies and management. It has allowed to speak about development of an
open information society. The network way of interaction between the people in all
directions of their activity is peculiar for it. Result of this process is the
creation of the virtual companies which employees can be in different places
all over the world and make joint business with the help of " virtual
office »; occurrence of mass media of new type; development of electronic
commerce; occurrence of «individual advertising ». To use advantages of an open
information society, it is necessary to be a member of an information network,
to have a corresponding infrastructure and modern means of the communications.
This factors are a necessary condition of familiarizing of Ukraine to these
achievements, however at the same time new information technologies have called
to a life the new kind of crimes named by scholars as the crimes of "new
generation» (Matusovskij G.A.) - the question is computer crimes.
From
the beginning of 1990th law enforcement bodies of the states all over the world
began to notice significant distribution of criminal activity. It is necessary
to recognize that fact, that alongside with tendencies to globalization, with
falling the Warsaw Agreement and association of Europe,
the boundary and customs control the development of information technologies
branch became the factor of its «criminal distribution». The organized crime,
possessing the significant financial opportunities, not only began to use
information technologies before law-enforcement departments of the states all
over the world, but also used them "more professionally" at the
expense of involving experts on information technologies in criminal activity.
Especially it is actual for Ukraine. It is obvious, that for qualitative
struggle against the organized crime it is necessary to use tools if not
better, then corresponding to a level of the tools used in the criminal
purposes.
For today
information technologies are used by the organized criminal groups for:
-
Realization of illegal activity in credit and financial sphere (illegal
operations with electronic payments, a fake of credit cards, the illegal transactions
through a network "Internet", penetration, information setting and
change of the data in information systems of credit and financial
establishments);
- Carrying out of illegal
transaction and communicative actions of criminal elements by means of
commercially accessible information technologies (realization of fast
communication and transfer of the information with use of satellite, cellular,
facsimile, paging services);
Penetrations,
setting information and changes of the data in confidential archives and the
state databases (for example, special archivesof the Ministries of Defence,
databases of State Committee of the Statistics, a database of law
enforcement bodies).
The
crimes in the sphere of information technologies are transnational. More than
four millions Russians are constant
"Internet" users. And grows not only quantity of new users,
but also quantity of the crimes made by the Russian users (on data of Governing Service to safety, they are near 400 in 2000).
In the majority of crimes though group of persons on preliminary arrangement or
the organized group, criminal intention, as well as structure of a crime also
has accomplished them, in many cases are extremely difficultly demonstrable
within the framework of developed system of criminal-law rules. Unfortunately,
in connection with a huge share of latent criminality in sphere of information
technologies and relative novelty of «information crimes» structure the law
enforcement bodies until recently did not give the attention to problems of
struggle against criminality in this sphere, despite of the tendency to
burdening made crimes, but now they have real legal tools for struggle against
the organized crime in the sphere of information technologies.
As is
known, crimes of the given group cause a significant material damage and
possess a high degree of latebt. By the lead researches it is established, that
known there are only 10-15 % of the crimes made in the field of information.
Besides the tendency to use of information technologies by the organized
criminal groups and their distribution at an interstate level was outlined. The
world community extremely worried about a status of national information
resources protection. It can be the channel of the future information illegal
encroachments. Probably, today it is necessary to bring an attention to the
question on acceptance of the corresponding international Convention on
prosecution of the citizens who have made information crimes, without
dependence from national borders as it is done. For example, concerning the
persons who have made capture of air courts, applying a universal principle of
action of the criminal law in space.
Taking into account, that information conducts to
creation of uniform information space, there is a necessity to reconsider some
approaches to a technique of investigation of the given kind of a crime. With
the help of computers people operate the information in interests of national
defense, transfer billions dollars on networks of the financial organizations,
carry out medical procedures, operate movement of passenger planes. The user of
a computer, having received the control over these systems, can cause huge
damage both to systems, and people.
So, some kinds of sabotage are obvious. In January,
1995 someone has disconnected the computers supporting a life more of 12
patients in one hospitals of London. They have been rescued only as a result of
heroic efforts of the medical personnel supporting their life manually, while
computers have not been switched on again. To others, less obvious it is
possible to relate introduction of a virus in a computer of the organization.
Nothing the suspecting employee finds a new free-of-charge software package
which, in her opinion, can facilitate her job inside which there is a virus.
She copies the given program and next day loads her on the working computer at
office, the virus at once is distributed to all computers of a local area
network, that potentially can lead to
loss of valuable files and programs.
Considering structure of the common theory of
criminalistics, it is possible to note, that its contents consists of the
system of individual criminalistics theories reflecting separate elements (or
makes groups of elements) of a subject of criminalistics and inextricably related
among themselves. The specified system, being the closed conceptual system, at
the same time represents open system which number is final only at present as
development of science assumes occurrence new individual criminalistics
theories. Arising individual theories can replace existing, becoming their
development, continuation or consequence of integration or differentiation of
theoretical knowledge.
Definition of a subject of everyone criminalistics
theories is connected to division of the common subject domain of
criminalistics. Therefore presence of cognitive receptions of such division is
the necessary precondition of occurrence of any individual theory.
Characterizing value of individual theoretical constructions it is necessary to
note, that they are used for ordering knowledge in this or that area of
science, an establishment of connection of various branches of knowledge,
development of the common point of view, specification of the produced concepts
and principles as a method of the decision of the certain kinds of problems, or
as means of creation of conditions for deduction of proofs and a condition of
application of the mathematical device.
Individual criminalistics theories can differ
depending on as far as the common character carries their subject. They can be
« more the common » and « less the common », reflecting accordingly the biger
or smaller subject domain, more or less significant group of the phenomena and
processes. So, for example, the theory of criminalistics identification possesses
the greater degree of generalization, rather than the theory of graphic
identification as considers laws and concepts, the common for graphic
identification, and, for example, for tracing identification. Not casually in
the legal literature it is possible to meet the term « the general theory »,
expressing higher degree of generalization of the positions sold then in all
their individual updatings.
From
the point of view of logic, individual criminalistics theory can be imagined as
a certain functional system with the certain modes and laws of functioning.
Such theory as the component of science, in the logic plan is set of the offers
responding the following conditions:
-
Their cognitive role should consist that they fix the basic connections
(laws), properties and relations of objects;
-
Each offer should have the logic form of statements, that is it approves
something (or denies) concerning any object, a situation, and process;
- Offers should be deduced by deductive way.
The
technique of investigation of crimes is initially formed of the analysis and
generalization of elements criminalistics characteristics which represents
system of the data on the person of the criminal, ways of preparation,
fulfilment and concealment of crimes, a place and time of criminal event, etc.
In the field of the computer information the ways of criminal activity can be
divided into two big groups. The first group of criminal acts is carried out
without use of computer devices as the tool for penetration into information
systems or influences on them. It can be:
- Plunders of
machine data carriers as the elements of the COMPUTER;
- Use of visual,
optical and acoustic means of supervision over the COMPUTER;
- Reading and
decoding of various electromagnetic radiations of the COMPUTER and in the
providing systems;
- Photographing the
information during its processing;
- Manufacturing
paper duplicates of entrance and target documents, copying of listings;
- Use of visual,
optical and acoustic means of supervision over the persons concerning the
information necessary for the malefactor and interception of their
conversations;
the introduction
into direct contact to the persons concerning the information necessary for the
malefactor and reception of necessary data under the invented pretext.
For
such actions a local traces picture determined by standard understanding of a
place of incident (a place of fulfilment criminal actions and sites of object
of a criminal encroachment are close from each other or coincide), traditional
receptions on their research are characteristic.
The
second group of criminal acts is carried out with use of computer and
communication devices as the tool for penetration into information systems or
influences on them.
Prominent
feature of the given kind of criminal activity is that circumstance, that the
place of fulfilment is direct criminal acts and a place where their results are
observed and materialized, can be on significant distance from each other. It
can be:
- Wrongful access to the computer information - reception of an
opportunity to get acquainted and carry out operations with the another's
information which is taking place on machine carriers, i.e. the actions
directed first of all on infringement of confidentiality of the information;
- Manufacturing and
distribution of the nocuous programs interfering integrity, or directed on
infringement of confidentiality of the information;
- The actions
connected to infringement about use of means, the integrity that have entailed
infringement and (or) confidentiality of the information.
The
nocuous program is any program specially developed or modified for
non-authorized destruction, blocking, updating or copying of the information,
infringement of usual job of the COMPUTER.
Actions with
nocuous programs include:
- Production of a
problem;
- Definition of the
environment of realization and the purpose of the program;
- A choice of means
and languages of realization of the program;
- A spelling
directly the text of the program;
- Debugging the
program;
- Start and direct
action of the program.
In
sphere of the computer information the conditions of fulfilment of crimes are
characterized by a number of essential factors. Discrepancy of a place of
fulfilment of illegal actions and a place of approach of socially dangerous
consequences are typical of it.
Considered crimes are made, as a rule, in specifically
intellectual area of professional work. All these crimes are usually made in
conditions of various infringements of the established operating procedure from
the COMPUTER about which persons will know in a course of their corresponding
vocational training. The mechanism of possible infringements of use policies is
clear for offenders in the given area information resources and connection with
the events which have entailed a criminal result. In this connection it is
expedient to speak about necessity of creation of the individual theory and a
technique of professional crimes investigation.
The
professional criminality is, by A.I.Gurova's definition, set of the crimes made
with the purpose of extraction of the basic or additional income by persons for
whom it is characteristic the criminal professionalism.
The
criminal trade can be considered as a version of the activity supposing
presence of certain criminal preparation (specializations and qualifications),
necessary for fulfilment and concealment of crimes.
The
criminal professionalism is a version of criminal employment, which:
- Is a source of
means of existence for the subject;
- Demands necessary
knowledge and skills for achievement of a ultimate goal;
- Causes the
certain contacts to the antisocial environment;
Determines a steady kind of criminal employment (fulfilment of mainly
homogeneous crimes).
Criminal
professionalism is a version of the steady and thought over, organizational
prepared social parasitism. It enables to prepare, make and cover qualitatively
traces of a crime, and as a rule, to leave from the criminal liability, to have
the constant material income.
Specialization is defined as a kind of employment
within the framework of one trade. Criminal specialization is a presence
limited professional skills and the skills directed on qualitative preparation,
fulfilment and concealment of the same or one-specific crimes of a mercenary orientation.
Perfection
of a criminal trade of the subject, with simultaneous passage of the certain
vital way connected to achievement of popularity and authority on the criminal
world, it is necessary to define as criminal career. Each criminal-professional
basically knows same, as well as he, persons. Successful criminal is proud of
his trade and has original criminal thinking. And it does not depend on a
general educational level.
Fulfilment of some
serial computer crimes gives the basis to draw a conclusion about necessity of
such division of criminal activity on individual and pesthole (or system).
On a
parameter of universality and scales of distribution computer networks can be
divided into three groups:
1. The global
computer network the Internet is a worldnet, information and intellectual
filling which covers all spheres of human activity.
2. National
computer networks, as a rule are created within the limits of one country and
fill with the information and the knowledge concerning to a certain field of
activity of this country. The most widespread examples of such networks created
in many advanced countries of the world, the national networks of science and
education, the networks concerning to space activity, a network of special
purpose are. In particular, in Europe 23 scientific - educational networks are
totaled. They are united in the all-European scientific networks, main from
which are GEANT, SINSEE/Scientifik Information Network South East Ewrope/.
3. The corporate
computer networks created for group of the companies or the organizations and
filled with the data and knowledge, concerning specific sphere of their
activity.
Characterizing
scales of distribution of a global network the Internet, it is necessary to
predict splash in crimes in sphere of information technologies, recognizing
that now total of its individual users has exceeded 800 million, and the
quantity of so-called hosts - servers (the main servers) - 197 million. It is
important to note, that these figures were predicted only for the end of 2003.
Studying
and the critical analysis domestic and foreign criminalistics literatures,
references from other branches of knowledge, research and generalization of
investigatory practice of struggle against series of similar crimes, (including
in sphere of information technologies), allow to formulate concept of pesthole crimes. It is a set of deliberate, homogeneous criminal encroachments
which analogousness is determined by the system of objective criteria
criminal-legal and criminalistics attributes (similarity of territorial - time
characteristics, a way of fulfilment and concealment of criminal acts and their
traces), allowing to put forward versions about fulfilment of crimes by the
same person or the same group of criminals.
In the given definition it is necessary to pay
attention to probability of character of a conclusion concerning the crime
center of a concrete type. The centers of crimes can be as homogeneous which will consist only of one kind (sort),
and complex (combined) which arise from set of various kinds and sorts of
criminal encroachments and similar among themselves on criminal attributes.
Pesthole computer crimes should be divided into groups on the
several bases:
- Concerning a
patrimonial, specific and group accessory;
- Their operative
importance;
- Territorial
prevalence;
- Degrees of intensity and dynamics of development.
Such classification enables to approach to a various
sort to the centers of crimes differentiated, to allocate among them such which
have criminalistics value from the point of view of their application as
objects, being guided on which separate techniques of investigation of crimes
should be developed in the future. For process of diagnostics of the center of
a crime by the most basic and the correct decision of a question concerning
criteria that can be used by the inspector or the operative employee is
important. We suggest these criteria to name significative attributes.
Significative attributes specify not only presence of
concrete structure of a crime and characterize criminal action with
criminalistics positions separately, but also represent itself as criteria as
criminal - legal and criminalistics plan that allows to put forward and check
the version about existence of the center of crimes, that is to unite on the
basis of similarity the revealed set of crimes in a single whole, the center as
there is an assumption that a source of their occurrence are same people.
From the judicial point of view the given circumstance
can find the reflection in association of criminal cases, materials of checks
of messages and statements for similar crimes in certain.
Classification
significative attributes of computer crimes are expedient for spending on the
basis of studying criminalistics characteristics of the given kind of crimes.
In this connection it should have the following kind:
- The attributes
specifying application of similar or identical ways of fulfilment or
concealments of crimes.
-The main source of
the information on them is the same traces;
- The attributes
specifying uniformity of conditions of fulfilment of crimes;
- The similar
attributes concerning to the characteristic of objects and subjects of a
criminal encroachment;
- The similar
attributes concerning to the person of victims;
- The similar attributes concerning to the person the criminal
(professionalism).
In
practice of the Odessa Scientific research institute of judicial examinations
there is not one case of carrying out of examination on the fact of threat of
terrorism act with use of a network the Internet, when from a separate personal
computer or a workstation of a local area network the messages of menacing
character was transferred.
Investigatory
bodies brought an attention to the question, whether the output of a personal
computer in the Internet during certain time for a concrete post site was.
The
basic difficulties at carrying out of similar researches are that there are
inclusions of a computer before its performance on research.
Let's consider one of aspects of carrying out of
research on the basis of operational system Windows ' 98 and browser Microsoft
Internet Explorer 5.0. intended for an output of a personal computer to
Internet.
Browser
Microsoft Internet Explorer saves the information on the reference to Web pages
in Magazine - special means for storage of chronological sequence of job in the
Internet. Thus the period of storage (in days) is defined during adjustment of
a browser (Start-up - the Control panel - Properties of an observer - the
General - Magazine). In the system registry this value gets parameter
DaysToKeep that is taking place in branch HKEY_CURRENT_USER (in a researched
case an option value - twenty days).
During
job Microsoft Internet Explorer on a hard disk in the catalogue subdirectories
(folders) which names are formed of initial and final date of a period of
storage are created. In each of folders files index.dat with the structured
data containing the links to electronic addresses of pages the Internet, date
of the manipulation to them and a name of a computer (a name of a structure)
from which the manipulation was carried out are created.
So, by
the end of the current week the folders corresponding to each day of week will
be generated, and the data for the previous period are generalized in folders
for a week if the period of storage of links to Web pages exceeds seven days.
Conducting Magazine by browser Microsoft Internet
Explorer is carried out in such a manner that folders with the dates exceeding
a period of storage, leave, and instead of them the folders corresponding to
the new time period are created. At restoration (if it is still possible)
removed data conformity between files is not restored and, hence, the natural
kind of Magazine for the corresponding time period also is not restored. The
information on the manipulation to sites can be investigated the Internet only
by consideration of a binary code of the given files.
Thus, at to switching on of a computer after
withdrawal the information interesting the investigation can be lost and
restore it will not be possible. In our opinion, in order to prevent the
specified situation at withdrawal of computer technics, and also in
preinvestigation actions with its application the experts of judicial - expert
establishments should take part necessarily.
The primary goals of technical expert appraisal on
such affairs are - an establishment of
characteristics of means of computer technics, their quality, character and the
reasons of available defects; ocurrences of concrete system in the certain
computer network; an establishment of technical opportunities for abusing in
computer systems and the facts of such abusings; an establishment of the facts
of infringement of service regulations of the computer equipment promoting them
of circumstances and negative consequences of infringements; the officials,
obliged to provide information safety; definition of really carried out and
necessary measures on prevention of wrong functioning means of computer
technics, the various abusings connected to their application.
Objects
of research during the considered examination can be:
- Computers;
- Their separate
parts;
- Magnetic carriers
of the information;
- Computer
programs;
- Circuits of
creation of information files;
- Documents reflecting a job of the automated information systems,
including primary and target.
Materials
of investigation of corresponding criminal case, namely, the report of survey
of a place of incident, indications of the persons concerned operation of the
computer equipment can be necessary for the expert. Materials of departmental
investigation can represent the interest also.
Depending
on character of questions, as experts designers of the computer equipment,
experts on its operation, protection of the information against criminal
encroachments, programmers can be involved.
Expert persons of the necessary structure it is necessary to reveal
among employees of scientific research institutes and the design office,
designing the computer equipment, at the enterprises on manufacture or service
of computer systems, in the educational institutions, preparing corresponding
experts, the territorial centers determining politics in the field of
information and communication.
It is necessary to recognize necessary entering of
additions into a valid Provision about the order of appointment and carrying
out of judicial examinations in Ukraine, 08.10.1998 years authorized by the
Ministry of Justice, concerning appointment and carrying out of such researches
on crimes in sphere of information technologies, in particular, correctly,
uniformly to define the name of the examination, a circle of persons,
diagnostic in manufacture diagnostic and identification examinations, cases of
necessity of appointment and carrying out of repeated and additional
examination, the questions subject to the sanction.
At an
establishment of a status and functioning of computer technics to experts
questions are put:
- Whether there
corresponds the given computer of the design documentation (at the analysis of
deliveries) and if does not - in what this discrepancy is expressed?
- Whether the given
computer is serviceable and if it is not - what defects has and for what
reasons they have arisen?
- How it is
provided and whether the system of protection of the information from the
non-authorized access, used in the given computer system is reliable?
- Whether the given
computer is switched on in a computer network, and if yes, in which?
- Whether there correspond development and delivery in operation of the
given standart system (GOST)?
Ukraine where the first in continental Europe computer
has been created, on parameters of a computerization concedes to Russia at
15-30 time. Global distribution of the main servers on categories of users
shows, that the commercial organizations, providers of services and
establishments of science and education own more than 90 % of these systems in
comparison with any other categories. Among geographical domains of a
highest-level quantity of individual Internet users and quantity of the main
servers is the greatest in the USA, Japan, the Great Britain, and Germany.
In Ukraine in 2001 construction of National
scientifically educational information network of Ukraine is started. She
should have significant intellectual filling, contain databases and knowledge
on different directions of science and education, electronic libraries, systems
of information search, to provide the general remote use of powerful computing
resources, a job in a mode of virtual scientific and educational laboratories,
and also to carry out multiservice processing the information (graphic, video
and the audioinformation).
It is natural that separately taken resources of this
network named URAN, do not contain the information, which can represent the
state secret. But resources of users of a network can save the various
information, including the information of the limited access. Therefore the
non-authorized access to the generalized information on all networks or on its
segment is undesirable. For this reason the organization of a scientific -
educational network as national (an establishment of direct liaison channels
between net points, application of the corresponding specialized software and
means) is a necessary condition of prevention of the possible non-authorized
access to the information. As a whole, during creation of system of national
safety in information space of the state the networks similar URAN, should be
considered as segments of this system.
In case
of need establishments of the facts of abusing in computer system, for
examination it is possible to put the following questions:
- Whether there was
a technical opportunity with the help of an extraneous computer with certain
distance to provide the non-authorized access in the given computer system, and
if yes by means of what computer type and by what way it could be realized?
- Whether
deviations from normative technology of operation of the given computer system,
promoting the non-authorized penetration into system have been allowed, and if
yes what they consist of; what circumstances promoted the specified abusing?
- Whether the given
computer program is infected with a virus and what is its character?
- Whether probably
in the given computer system application of the program around of automatic registration
of its use?
- Whether was in the given computer program the place, for the
subsequent entering additional commands?
- Whether was the
anti-virus program used with the preventive purpose in the given computer
system and if yes, whether it promoted maintenance of appropriate protection of
the information?
- Whether additions
or changes are brought in a database, and if yes, at what stage of the
information processing?
- During what time
and from what terminal wrongful penetration into the given computer system is
carried out?
- Whether changes and additions were brought in the given computer
program, and if yes, what and when?
Generalizing
numerous directions of application of modern information technologies in
Ukraine, it is possible to lead their classification:
- The government
and economy;
- Ecology,
preservation of the environment, medicine, biology;
- Scientific
researches and critical technologies;
- Education;
- Culture;
- Mass media;
Internet - technologies.
Among scientific spheres where network technologies
are directly applied, it is possible to allocate the following: information
technologies in the field of ecology, preservations of the environment,
medicine, and biology. They are connected first of all to methods of a rating
of parameters of an environment, methods of the analysis and forecasting of
accidents, technologies of a rating of risk of ecologically dangerous
manufactures, the analysis of forecasting and decision-making in connection
with extreme situations, systems of designing of the ecological equipment,
systems of diagnostics and decision-making in medicine and biology, including
with application of telemedical technologies. These questions after Chernobyl
accident became especially sharp.
For
determine the computer equipment service regulations infringements, their
consequences and measures of preventive maintenance it is necessary to put the
questions:
- Whether any
service regulations of the computer equipment are broken in this case, and if
yes - which namely; what circumstances promoted their infringement?
- In what negative
consequences the infringement of service regulations of the computer equipment
has resulted?
- is there a causal relationship between some harmful
consequences and infringement of some service regulations of the computer
equipment?
- What official,
organizing a job of the given computer system, is obliged to provide
information safety?
What measures on strengthening of information protection are expedient
for carrying out on the given object?
The major
compound criminalistics characteristics of the given kind of a crime are data
on specific features of the persons making similar offences. Not possessing the
exact data as even pesthole crimes contain a part of latent offences, it is
impossible to build system effective and first of all, the address measures
directed on counteraction to this kind of crimes. This opinion finds
confirmation in daily job of the law enforcement bodies leading the struggle
against crimes in sphere of the computer information.
In one of interview of intelligencer, published in the
newspaper "Work" it is spoken: "The cases on computer crimes
often collapse, as «to reveal the person of the concrete criminal at times is
just impossible». Said above gives the basis to assert , that the structure of
the criminality focused on realization of wrongful access to the computer
information, is not so simple, as it seems at the first sight. For its solution
it is necessary:
1. it is expedient
to fill up the theory of criminalistics
with a new technique of investigation of computer crimes, having
presented it as the module pesthole crimes.
2. To define a
degree of utility of development of such technique with a view of definition of
decrease in rates of economic criminality.
3. To define a
circle of persons, the data participating in investigation has put as
specialists and as experts.
4. To make changes
to a valid Provision about the order of appointment and carrying out of
judicial examinations, having outlined a circle of powers of experts on the
given category cases.
5. At integration of Ukrainian
system URAN into trans-European scientific networks to provide the maximal
degree of protection from the non-authorized infringement of global information
systems job.
_________________________________________________
1. Pilipchuk A.A. Poblems of struggle against computer crimes //
Unification of the legislation of struggle against criminality in conditions of
the allied state. Moscow, 2001. p. 251.
2. Criminalistics. Under edition A.F.Volynskogo Moscow, 1999. p. 588.
3. Gurov A.I.professional
criminality. The past and the modernity. Ì., 1990. p. 40-41.
4. Alenin JU.P. Theoretical and
practical bases of disclosing and investigation pesthole crimes. Kharkov 1997.
p. 27.
5. M.Zgurovsky. Information
network technologies in science and education // the Mirror of week. #25
(400). July, 6 ' 2002. p. 15.
