|Computer Crimes and Computer Related or Facilitated Crimes |
Computer Crimes and Computer Related or Facilitated Crimes
Statement of Charles L. Owens, Chief, Financial Crimes Section, Federal Bureau of Investigation, Before Subcommittee on Technology, Terrorism, and Governmental Information Committee on the Judiciary, United States Senate, Washington, D.C., March 19, 1997.
Good Morning, Mr. Chairman and members of the Subcommittee. As the Chief of the FBI's Financial Crimes Section, I am pleased to appear before you at this very important hearing to discuss the FBI's role in attacking Internet crimes affecting consumers.
Technology has evolved exponentially over the past several years and the FBI has worked diligently to prepare to investigate the new and innovative crimes taking advantage of these technological advances. Computer crimes and computer related or facilitated crimes are increasing at an alarming rate. Such crimes include network intrusions to alter, steal, or destroy information or to disable systems; financial crimes over the Internet; transmission of sexually explicit material including child pornography via computer; and intellectual property crimes facilitated by computer. In this statement, I will identify some of the types of crimes we are seeing, steps the FBI has taken to prepare to capably respond to such crimes, developments we anticipate in electronic commerce which will have an impact on our investigative role, and I will address the adequacy of existing criminal statutes to prosecute such crimes.
Computer and Internet Crimes
United States government agencies and businesses are vulnerable to attacks that are designed to alter, steal or destroy information contained in their computer systems. Attacks have also been launched for the purpose of disabling a system with the potential to shut the system down. Such attacks could be devastating if launched on critical systems such as those constituting the national critical infrastructures including telecommunications, transportation, government operations and emergency services.
Financial crimes facilitated by computers have grown substantially. These crimes include attempts to illegally transfer funds from financial institutions and a vast array of financial schemes perpetrated on the Internet including: investment opportunities, ponzi schemes, fraudulent toll transfers, fraudulent sales of goods such as computer hardware and illegally reproduced computer software, and bogus job opportunities.
The FBI has investigated illegal gambling over the Internet, unauthorized transfers of proprietary information, and transmission of pornographic material including child pornography. The child pornography problem was dramatically uncovered as being widespread in the FBI undercover operation "Innocent Images." Many other crimes investigated were facilitated through the use of the Internet.
FBI Actions in Response to Computer Crimes
In February 1992, the FBI completed an assessment of the national computer crime problem and established the National Computer Crimes Squad (NCCS) in the Washington D.C. field office. The NCCS was staffed with Agents knowledgeable and competent in computer systems who were available to investigate computer crimes throughout the United States. In view of the fact that many computer crimes are international in scope, the FBI planned and hosted the first International Computer Crimes Conference in Charleston, S. C. , in May 1992, which was attended by investigators from seven countries.
Also in 1992, the FBI established the Computer Analysis and Response Team (CART). CART is a specialized group of forensic examiners with the technical expertise and resources to examine computers, networks, storage media and computer-related materials in support of FBI investigations.
Since the establishment of the NCCS, the number and severity of computer intrusion incidents investigated by the FBI have increased significantly. In late 1995, additional regional computer crimes squads were created in New York and San Francisco. Computer crimes can both be criminal and affect national security. Because of the FBI's dual law enforcement and counter intelligence mission, the FBI is uniquely positioned to address these matters. The FBI is creating computer investigation teams in each of its 56 field offices that will respond to computer incidents within their geographical area of responsibility. A new National Security Threat List (NSTL) issue has been established within the FBI's National Foreign Intelligence Program, "Targeting the National Information Infrastructure," which the Attorney General approved in September 1995. With the new NSTL issue, our squads and teams have investigative responsibility for criminal violations involving computer networks and national security implications of such incidents.
The FBI has established the Computer Investigations and Infrastructure Threat Assessment Center (CITAC) with the mission of managing computer investigations and infrastructure threat assessment matters. On July 15, 1996, President Clinton signed Executive Order 13010 establishing, on an interim basis, an Infrastructure Protection Task Force (IPTF) within the Department of Justice, chaired by the FBI. The IPTF includes representatives of the Department of Defense, National Security Agency and other agencies. A unit within CITAC performs analysis and manages the FBI's coordinating role in the IPTF. The CITAC Watch Office proactively monitors threats to the U.S. Critical Infrastructures, provides front-end analysis of threats, and acts as a Crisis Action Team. CITAC manages the FBI's computer-related investigations and provides advice and assistance to all investigations within the FBI that involve the computer as a tool for committing a crime.
During the period March 4 through March 7, 1997, the FBI hosted the second International Computer Crime Conference in New York. Over 300 participants attended including 100 representatives of 39 foreign countries. FBI Legal Attaches throughout the world coordinated the attendance of the foreign representatives.
The FBI has investigated numerous computer and computer related crimes. The National Computer Crimes Squad arrested Kevin David Mitnick in February 1995, based on a criminal complaint in the Eastern District of North Carolina charging him with intrusion activity. Mitnick has pled guilty to charges in the Eastern District of North Carolina.
In the FBI's Operation "Innocent Images," 88 individuals have been arrested and 78 convicted for trading child pornography over the Internet and conspiring to lure minors to meetings by promising them gifts.
An investigation being conducted by the New York Computer Crimes Squad focuses on a website that offered a free "download" of a form of pornography. During the "free" download, software was placed upon the users system which unbeknownst to the user, disconnected them from the current provider and routed them to another country, which was in effect a 1-900 number, allowing the perpetrator to collect large sums of money and causing the user to incur excessive long distance bills. The FBI's criminal investigation is continuing and the FTC has taken civil action.
In "Cyber Strike", an FBI undercover operation coordinated by the San Francisco Computer Crimes Squad, simultaneous search warrants were recently executed in six cities. The search warrants were obtained to collect evidence in cases where individuals and groups have disseminated protected / restricted and copyrighted information and commercial copyrighted software through the use of computer bulletin board systems, Internet file transfer protocol sites and Internet relay chat channels. The illegal activities included trade not only in commercial software but stolen credit card and calling card numbers, theft of phone services and the spreading of destructive programs such as a computer virus.
In addition to the above schemes, traditional financial crimes, such as multi-level marketing frauds, investment frauds, stock manipulations, credit card frauds, and copyright violations, as well as gambling, have simply found a new medium in the Internet. Investment frauds comprise a vast amount of the financial crimes identified on the Internet. In one such example, investors were offered an annual return of 200% to 420% on "Prime Bank Instruments" - a security that does not exist. Losses from the scheme are believed to be $3.5 million.
Another area of crime that is experiencing a reemergence is gambling. A Northeast FBI field office has conducted search warrants on two suspected Internet gambling operations. The operations purported to be domiciled in an offshore location but actually were located in the suburb of this Northeast city. Proceeds in 1996 from the operations are estimated to be $56 million.
Emerging Electronic Commerce
The Internet is a collection of computer networks in nearly every country which share a format for routing to a computer, data from any other computer connected to one of these networks with connections made in part via telephone lines. A recent study conducted by Nielsen Media Research and CommerceNet concluded that in the United States and Canada alone about 50.6 million people are now using the Internet.
By all estimates, the level of commerce being conducted over the Internet, however, is but a tiny fraction of overall commerce. While the Internet offers tremendous potential for business, several factors are prohibiting its potential from being realized. The explosive growth of users has slowed the Internet, out pacing its capacity to maintain desirable service levels. Security concerns have persisted as development of secure payment systems continues in an effort to instill consumer confidence. Many consumers have been educated to consumer scams that are perpetrated via wire communications, such as telemarketing fraud, when consumers are not dealing in person with suppliers. This makes many consumers suspicious of offers made over the Internet by individuals or companies with which the consumer does not have a history.
Steps are being taken, however, which I believe will foster an environment in which electronic commerce will grow substantially. With the increase of legitimate electronic commerce, we will also see a substantial increase in illegal offers. The capacity of the Internet is being greatly expanded and security concerns are being aggressively addressed. Secure credit card payment systems are nearly at hand and security in on-line banking is rapidly being enhanced. The use of encryption to protect the confidentiality of transmissions and provide for the use of digital signatures will help protect electronic commerce. Encryption is extremely beneficial when used legitimately to protect commercially sensitive information and communications. The FBI fully supports a balanced encryption policy that satisfies both the commercial needs of industry while at the same time satisfies law enforcement's public safety and national security needs. With satisfactory levels of security, suppliers and consumers will not have to rely on providing a credit card number electronically which could be intercepted and misused, mailing a check or money order, or utilizing other less sophisticated methods to complete a transaction.
Computer and Internet crimes are investigated by the FBI utilizing many criminal statutes under our jurisdiction. The Computer Fraud and Abuse statute was amended during the prior Congress and is a comprehensive tool to address computer crimes. Internet crimes conducted to defraud consumers are addressed with myriad statutes including Fraud By Wire, Mail Fraud, Interstate Transportation of Stolen Property, and Money Laundering to name only a few. Other computer related crimes involving Intellectual Property can be addressed utilizing Copyright laws and the recently enacted Economic Espionage statute.
Generally speaking, traditional fraud statutes have proved to be very effective in addressing most financial crimes and, even though the Internet is a relatively new medium for conducting commerce, telecommunications lines continue to be utilized in a way which subjects criminals to the Fraud By Wire statute. Still, we need to make sure that existing laws are amended, where necessary, to address crimes involving emerging technologies. We will continue to assess the need for legislative changes and, if such changes are necessary, we will coordinate closely with other members of the Justice Department.