The section of XVI Criminal Code (CC) of Ukraine "Crimes and in field of use of electronic computers (computers), systems contains a number of standards which provide the criminal responsibility for committing of crimes in field of use of computer technologies. In particular the article 361 CC refers to them "Illegal interposition in work of electronic computers(computers), systems and computer net" [1], that is illegal interposition in work of automated electronic computers, their systems or computer networks which may result in distortion or destruction of the computer information or bearers of such information, and also propagation of a computer virus by application program and the means intended for illegal entry into these machines, systems or computer networks and capable to entail distortion or destruction of the computer information or bearers of such information; the article 362 CC "Theft, assignment, racket of the computer information or it occupancy by swindle or abuses service position" and the article 363 CC "Offence service regulations automated electronic computers system" ? breakdown of service regulations of automated lectronic computers, their systems or computer networks the person responsible for their operation if it has entailed abduction, distortion or destruction of the computer information, a means of its(her) protection, or illegal copying of the computer information, or material breach of work of such machines, their systems or computer networks.
Necessity of struggle against illegal acts in field of use of computer technologies in many respects is caused by prompt development of scientific and technical progress. The global computerization of the modern society which touch practically all sides of activity of people, the enterprises and the organizations, the states, has caused new field of public relations the national, unfortunately, becomes frequent object of criminal trespasses.
Novelty and specificity of crimes in field of use of computer technologies, variety of subjects and ways of criminal trespasses, their high latence made law-enforcement agencies essential barrier of rights and interests of the society and the state protection. Law-enforcement agencies of Ukraine extremely slowly adapt for new conditions of crime control. There ara a lot of reasons for that, but one of them a low professional standard of inspectors, operative workers in the field of criminalistics. In this respect while is the criminalistic science in the debt before practicals, invoked to develop scientifically proved recommendations appropriate to features of disclosure and investigation of crimes in modern conditions.
Study of problems of investigation of crimes acts in field of use of electronic computers(computers), systems and computer networks one of the sharpest problems of modern criminalistic science. One of such questions exacting special scientific investigation, the organization and tactics of search work of the inspector acts according to a category has put. has put By the Computer Crime Problems Research Center [2], was organized the investigation and conducted of questionnaire workers of departments of information security, system managers and employees of departments of security, more than 22 commercial banks of Ukraine (only 112 respondents). The purpose of which probing was study of problems of criminality in field of use of computer technologies. In view of absence of authentic state statistics on this category of crimes, was result to questionnaire, the analysis and to decide the following primary goals: has put
As most significant of problems of the criminal legal characteristic of crimes is the ambiguous determination of their subject in field of use of computer technologies. As a subject of the given crimes it is necessary to consider - automated electronic computers (computers) of their system and computer networks.
Systems of automated electronic computers (SAEC) are understood as operating systems (MS-DOS, Windows and others) which are established by the defined machine and with which help its work, and also different applied systems (that is information systems, including management systems) as established for local work by the defined machine, and open for access through a computer network is realized.
The computer network is the set of program and means with which help it is provided a possibility of access with one SAEC to program or to means another (others) SAEC and to the information which is stored in a system another (others) SAEC.
The computer information is textual, graphic or any other information (data) which exists in an electronic kind, is kept on the appropriate bearers and which can be established whether to change to use with help SAEC. With reference to process of proving it is the most expedient to define the computer information as the fact sheet processed by the computer, received its output in the form accessible to recognition of a computer or the person, or transmitting on telecommunication channels on the basis of which in the order defined by the law the circumstances important for correct adjudication are established.
Bearers of the computer information are understood as rigid magnetic disks of different types which are a part of system block AEVM or floppy disks (diskettes), optical disks (compact discs) etc. [3] accede it(him) with the help of special devices. The success of investigation of any crime depends not only on ability of the inspector to reveal and value the fact sheet included in the ultimate fact, but also substantially from his(its) skill to penetrate into criminalistic essence of investigated criminal activity, in knowledge and understanding of criminalistic characteristics of an investigated kind of crimes. As to the criminalistic characteristic of crimes in field of use of computer technologies it includes: data on the way of committing and concealment of a crime, other bucking to investigation; the data on a place and time of the criminal trespass; the data on motives and the purposes of the perfect particular act; data on the personality of the criminal. In opinion of writers, ways of committing of computer crimes are expedient for subdividing into three groups: ways of an immediate access to the computer information; ways of a remote access to the computer information; ways of propagation of the technical data carriers containing the nocuous computer programs, systems and computer networks. Existence of three essentially various on the character of ways of committing of crimes in field of use of computer technologies, each of which has the defined specificity, causes features of search activity on each of them. The immediate access to a computer, systems or their networks represents actions of the criminal on destruction, blocking, updatings, copying of the computer information, and also on breakdown of work of computer equipment or computer net by feedback from commands from the computer in which memory the information is found or which is planned to put out of action. The analysis of results of 112 respondents questionnaire has shown, that more often the immediate access to a computer, systems and computer networks is committed by workers of the organizations, the enterprises, establishments: programmers, engineers, the operators being users or the operation personnel of a computer (41,9 % from all investigated cases of an immediate access to a computer system). Almost twice less often such access was realized by other workers of the organizations, the enterprises, establishments (20,2 %), and in 8,6 % of cases the crime was accomplished by former workers. 25,5 % of the investigated cases were constituted with an immediate access to the computer information and a system of the computer, accomplished by former persons.
As remote attack usually understand information destroying influence on the distributed computing system, program realized on communication channels. The share of the criminal acts committed by a remote access to a computer, a system or a computer network, in common number of computer crimes steadily continues to grow and constitutes 39,2 %. However it hot facts of similar crimes that are definite that indicat their high latence.
The share of the crimes consisting in propagation of the nocuous computer programs on technical bearers, in common number of the computer investigated crimes has constituted 19,7 %. Propagation of the disks containing nocuous programs, is realized mainly at realization of the piracy software. Titles of similar compact discs do not differ a variety: "Hacker 2002", "Espionage doings", "Halyva Internet", "Always for Hacker" etc. In a composition of such disks, various sets of the programs intended for "breaking" of computer systems, and also nocuous programs - program bookmarks and viruses usually enter.
The information of search character can be received, studying typical ways of bucking to investigation on a construed category has put. The fundamental information load is born with the way of concealment of traces of a crime. Concealment on computer crimes may be expressed in destruction, suppression, masking, falsification as by ways traditionally studied by criminalistics (masking of appearance, giving of false indications etc.), and the particular ways coupled to computer equipment and the information (masking and falsification of software, masking of a location of the criminal at a remote access to the computer information, restoration of normal service capability of the computer and so forth). Bucking also may be expressed investigation in influence on his(its) participants or evasion from participation in investigation.
Special interest may exhibit study by the inspector during search activity of data on a place of committing of crimes in field of use of computer technologies as in some cases it coincides with a constant or often location of the criminal or other searched objects. As shows the conducted investigations, dependence of the crime scene on its way is watched. So, at an immediate access of the criminal to a computer, a system or a network, the crime scene and a place where the computer is constantly found, in fundamental coincide (50 % of the cases investigated to questionnaire). In particular, 41 % of the interrogated managers of information security, have confirmed cases of illegal interposition in work of a computer, systems and computer networks which was carried out by the remote way of access.
Alongside with traditional propagation of nocuous programs which is realized by propagation piracy the compact discs, the infected computer games, the significant place begins to borrow(occupy) propagation of computer viruses (so-called "worm") at work of users in a global information network system (the Internet) and with an electron mail.
As the fundamental purposes and motives of committing of crimes in field of the computer information are self-interest (56,8 % to questionnaire), hooligan impulses (17,1 %), revenge(12,7 %), commercial espionage or diversion (9,1 %).
Crimes in field of use of computer technologies in 5 times more are committed by men often. The overwhelming majority or uncompleted maximum(supreme) technical education (53,7 %), and also other maximum(supreme) or uncompleted higher education (19,2 %) have the majority of perpetrators. Among them persons in the age of from 30 till 45 years (46,5 %), and also from 16 till 30 years (37,8 %) prevail.
To number of the fundamental objects of search on affairs about crimes in field of use of computer technologies it is necessary to refer: the persons who have committed computer crimes; the instruments used for committing of a computer crime; the computer information; the special literature devoted to questions of committing of improper access to the computer information, various problems of computer security.
As search signs of the persons who have committed computer crimes, it is possible to allocate common signs (sex, age, a nationality, particularities, the habitation, profession and so forth) and special signs (possession with skills in programming, knowledge of computer equipment, possession the defined computer equipment, the data left by the criminal about in various computer systems and networks, and so forth).
Among the persons committing computer crimes, especially it is necessary to allocate so-called crackers ? the professionals of a high class operating the mental abilities for development of ways and accomplishment of criminal trespasses on the computer information (mainly "breaking" systems of computer protection and security).
It is necessary to note, that frequently used in criminalistics the term hackers [4], not absolutely precisely characterizes construed group of the persons committing computer crimes. Investigating the special literature on questions of computer security, we have paid attention to separation of all professionals - programmers into two groups: hackers and crackers. Actually both those, and others are engaged in search of weak spots in computing systems and accomplishment of attacks on the given systems ("breaking"). However the primary goal of hacker, investigating the computing system to detect weak places in its security system and to inform users and developers of a system with the purpose of the subsequent elimination of the found lacks, to make offers on its(her) improvement [5]. "Word hacker in many cases designates talented law-abiding programmer" [6]. "Cracker", realizing effraction of a computer system, acts with the purpose of receiving the non-authorized access to the another's information. Motives of it may be various: hooligan impulses, mischief, revenge, mercenary motives, industrial and other espionage and so forth Thus, in our opinion, for a designation of one of the fundamental groups of the persons committing crimes in field of the computer information to use the term "cracker" more correctly. It is possible three fundamental groups "cracker" are allocated:
There is a basic possibility of search of the computer equipment used at committing a crime. Thus as search signs may act: a configuration of the computer used for committing a crime; mobility of the used computer equipment; presence of the defined network or peripheral equipment; installation on the computer of the defined software.
Obligatory condition is that the computer information also should act as object of search during investigation of computer crimes. To number of search signs of the computer information and the software, refer: the title of the catalogue and separate files; date and time of creation or rewriting of files; date and time of reception of files on an electron mail; the sizes of a file; the contents of a file; character encode the computer information, specificity of work of computer programs and equipments which may be fixed in a broad gully files.
In the conclusion it is necessary to emphasize especially, that computer crimes more and more acquire the transnational, organized and group character. With use of a global information network system the Internet, such crimes have no borders, they may be accomplished, not leaving from a flat or office, from a computer system in territory of one state concerning subjects of other state, and the data contained in computer systems may be short-lived, that enables the criminal frequently to avoid punishment. In view of it, the further study of problems of investigation of crimes in field of use of computer technologies acts as one of the sharpest problems of modern criminalistic science.