CyberCrime
Kelly R. Burke District Attorney
Houston Judicial Circuit
Contact at 478.218.4810 or E-mail at [email protected]
We’ll examine:
Definition of Cybercrime
Georgia Law on Computer Issues Federal Laws on Computer Issues Forensic Issues
Case Studies
Definition of Cybercrime
“any illegal act involving a computer, its systems, or its applications”
Must be intentional – not accidental
Types or categories of cybercrime- 3 T’s
Tool of the crime – traditional crime w/ a
computer
Target of the crime – Hacking
“Georgia Computer
Systems Protection Act"
The General Assembly finds that: (1) Computer related crime is a
“Georgia Computer
Systems Protection Act"
(2) Such crime occurs at great cost to the public, since losses for each
“Georgia Computer
Systems Protection Act"
(3) The opportunities for computer related
crimes in state programs, and in other entities which operate within the state, through the
introduction of fraudulent records into a computer system, unauthorized use of
“Georgia Computer
Systems Protection Act"
“Georgia Computer
Systems Protection Act"
(6) The prosecution of persons
engaged in computer related crime is difficult under previously existing
Georgia Law - Definitions
(1) "Computer" means an electronic, magnetic, optical, electrochemical, or other high-speed data processing
device or system performing computer operations with or on data and includes any data storage facility or
Georgia Law - Definitions
(1) ....but such term does not include an automated typewriter or typesetter,
portable hand-held calculator,
household appliance, or other similar device that is not used to communicate with or to manipulate any other
Georgia Law - Definitions
(2) "Computer network" means a set of related, remotely connected computers and any communications facilities with the function and purpose of transmitting data among them through the
Georgia Law - Definitions
(3) "Computer operation" means
computing, classifying, transmitting, receiving, retrieving, originating,
switching, storing, displaying,
Georgia Law - Definitions
(4) "Computer program" means one or more statements or instructions
composed and structured in a form acceptable to a computer that, when executed by a computer in actual or modified form, cause the computer to perform one or more computer
Georgia Law - Definitions
(5) "Data" includes any representation of information, intelligence, or data in any fixed medium, including
documentation, computer printouts, magnetic storage media, punched cards, storage in a computer, or
Georgia Law - Definitions
(6) "Financial instruments" includes any check, draft, money order, note,
certificate of deposit, letter of credit, bill of exchange, credit or debit card,
Georgia Law - Definitions
(7) "Property" includes computers, computer networks, computer
programs, data, financial instruments, and services.
Georgia Law - Definitions
(9) "Use" includes causing or attempting to cause:
Georgia Law - Definitions
(9) "Use" includes causing or attempting to cause:
(B) The obstruction, interruption,
malfunction, or denial of the use of a
computer, computer network, computer program, or data; or
Georgia Law - Definitions
(10) "Victim expenditure" means any
expenditure reasonably and necessarily incurred by the owner to verify that a
computer, computer network, computer program, or data was or was not
Georgia Law - Definitions
(11) "Without authority" includes the use of a computer or computer network in a manner that exceeds any right or
Computer Crimes
O.C.G.A. Sec. 16-9-93
Computer Theft
Computer Trespass
Computer Invasion of Privacy Computer Forgery
Computer Crimes
O.C.G.A. Sec. 16-9-93
All computer crimes are felonies:
Computer Theft (15 years, $50,000 fine)
Computer Trespass (15 years, $50,000 fine) Computer Invasion of Privacy (15 years,
$50,000 fine)
Computer Crimes
O.C.G.A. Sec. 16-9-93
Any person who uses a computer or computer network with knowledge that such use is
without authority and with the intention of: (1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;
Computer Crimes
O.C.G.A. Sec. 16-9-93
or (3) Converting property to such person's use in violation of an agreement or other
known legal obligation to make a specified application or disposition of such property
Computer Trespass
Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
(1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a
Computer Trespass
(2) Obstructing, interrupting, or in any way interfering with the use of a computer
program or data; or
(3) Altering, damaging, or in any way causing the malfunction of a computer, computer
network, or computer program, regardless of how long the alteration, damage, or
Computer Trespass
Computer Invasion of
Privacy
Any person who uses a computer or computer network with the intention of
Computer Forgery
Any person who creates, alters, or deletes any data contained in any
computer or computer network, who, if such person had created, altered, or deleted a tangible document or
instrument would have committed
Computer Forgery
The absence of a tangible writing directly created or altered by the
offender shall not be a defense to the crime of computer forgery if a creation, alteration, or deletion of data was
Computer Password
Disclosure
Any person who discloses a number, code, password, or other means of access to a
computer or computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim
Anonymity and the Internet
Computer False Identity
(a) It shall be unlawful for any person, any organization, or any representative of any organization knowingly to
transmit any data through a computer network or over the transmission
Anonymity and the Internet
Computer False Identity
for the purpose of setting up,
maintaining, operating, or exchanging data with an electronic mailbox, home page, or any other electronic
Anonymity and the Internet
Computer False Identity
if such data uses any individual name, trade name, registered trademark, logo, legal or official seal, or copyrighted
symbol to falsely identify the person, organization, or representative
Anonymity and the Internet
Computer False Identity
or which would falsely state or imply that such person, organization, or
representative has permission or is legally authorized to use such trade
Anonymity and the Internet
Computer False Identity
provided, however, that no
telecommunications company or Internet access provider shall
violate this Code section solely as a result of carrying or transmitting such data for its customers.
Anonymity and the Internet
Court Challenge
A court case challenged this Georgia law. In ACLU v. Miller, 977 F. Supp.
1228 (1997), the ACLU alleged that the misappropriation of identity portion of this law was overbroad and, thus,
Anonymity and the Internet
ACLU V. Miller
Plaintiffs were “a group of individuals and organization members who communicate over the internet, interpret it as imposing
unconstitutional content-based restrictions on their right to communicate anonymously and pseudonymous over the internet, as well as on their right to use trade names, logos, and other graphics in a manner held to be
Anonymity and the Internet
ACLU v. Miller
Plaintiffs argue that the act has
tremendous implications for internet users, many of whom "falsely
identify" themselves on a regular basis for the purpose of
communicating about sensitive
topics without subjecting themselves to ostracism or embarrassment.
Anonymity and the Internet
ACLU V. Miller
Anonymity and the Internet
ACLU V. Miller
“Defendants contend that the act prohibits a much narrower class of communications.
They interpret it as forbidding only fraudulent transmissions or the appropriation of the
Anonymity and the Internet
ACLU V. Miller
The State of Georgia: “...also ask the Court to abstain from exercising jurisdiction over this case on the grounds that the law is ambiguous and in need of state court
Anonymity and the Internet
ACLU V. Miller
Defendants allege that the statute's purpose is fraud prevention, which the Court agrees is a
compelling state interest. However, the statute is not narrowly tailored to achieve that end and
instead sweeps innocent, protected speech
within its scope. Specifically, by its plain language the criminal prohibition applies regardless of
Anonymity and the Internet
ACLU V. Miller
Defendants respond that the act does not mean what it says and that, instead, a variety of limiting concepts should be engrafted onto it. First,
defendants propose to add an element of fraud, or a specific intent requirement of "intent to
defraud" or "intent to deceive" to the act. None of these terms or phrases appears in the statute,
however, although they are expressly included in other Georgia criminal statutes which require
Anonymity and the Internet
ACLU V. Miller
“In construing a statute, the Court must "follow the literal language of the statute 'unless it produces contradiction,
absurdity or such an inconvenience as to insure that the legislature meant
something else.'"
Anonymity and the Internet
ACLU V. Miller
The Court concludes that the statute was not drafted with the precision
Anonymity and the Internet
ACLU V. Miller
On its face, the act prohibits such protected speech as the use of false identification to avoid social ostracism, to prevent
discrimination and harassment, and to protect privacy, as well as the use of trade names or logos in non-commercial educational speech, news, and commentary--a prohibition with
Computer Crimes - Venue
For the purpose of venue under this
article, any violation of this article shall be considered to have been committed:
Computer Crimes - Venue
(2) In any county in which any person alleged to have violated any provision of this article had control or possession of any proceeds of the violation or of
any books, records, documents, or property which were used in
Computer Crimes - Venue
(3) In any county in which any act was
performed in furtherance of any transaction which violated this article; and
(4) In any county from which, to which, or through which any use of a computer or computer network was made, whether by
More Georgia Computer Crimes
Remaining Georgia computer crimes are “crime specific,” such as
Sexual Offenses, Stalking Offenses and Theft Offenses
Federal Laws on
Cybercrime
Computer Fraud and Abuse Act of 1986
Three goals (page 309 in your textbook)
Confidentiality of data communications Integrity of data communications
Availability of data communications
Forensic Issues
Computer Seizures
Who will do seizure?
Who has the best forensic capability? What will be seized?
Computers, disks, tapes, books, etc. Education of officers executing search. Power issues, movement issues,
Forensic Issues
Computer Seizures
Backlogs in computer labs result in
searches that take months to get done. Therefore, we tend to limit search to
specific issues. If you’re looking for child porn, and you find it, don’t make
Forensic Issues
Computer Seizures
E-mail, or ICQ searches are more
problematic. Cost may force limiting search to known conversations,
however, you want to search through
Forensic Issues
Computer Seizures
GBI and FBI are generally the only agencies with qualified forensic
scientists. Even there, pay is an issue. It’s a new paradigm.
How do you start a “computer nerd” at twice or three times the salary of a
Forensic Issues
Computer Seizures
Local law enforcement officer can learn basic forensics, and probably appear educated before a jury.... until the
defense brings in a “real” expert who blows the officer out of the water.
Terroristic Threats and
Acts
A person commits the offense of a terroristic threat when he threatens to commit any crime of violence ... with the purpose of terrorizing another or of causing the evacuation of a
building... or in reckless disregard of the risk of causing such terror or inconvenience. No person shall be convicted under this
subsection on the uncorroborated testimony of the party to whom the threat is
Terroristic Threats and
Acts
Statute requires corroboration, which was generally difficult to do on a
telephone conversation. Hence, “I’m going to kill you...” communicated
during a telephone conversation may not be actionable, at least as a
Terroristic Threats and
Acts
However, that same threat,
Intercepting
Communications
O.C.G.A. Sec. 16-11-62
It shall be unlawful for (4) Any person
intentionally and secretly to intercept by the use of any device, instrument, or apparatus the contents of a message sent by telephone, telegraph, letter, or by any other means of
Intercepting
Communications
But, what if the police seize a computer and discover a conversation where a
crime is discussed. That conversation, if by telephone or telegraph, would have been protected. Not the case with a
Intercepting
Communications
Case Studies
Cyber Crime Comes To Life
Officer sets up a meeting with a suspected
cybersex perpetrator. Perp drives to Houston County, thinking he’s meeting the 13 year old girl he met on-line. Instead he’s meeting a 35 year old, 225 pound, detective. Whoops,
wrong move.
Case Studies
Cyber Crime Comes To Life
Recent Court of Appeals case of State vs. Dennard ruled that, so long as the State can prove that a substantial step was taken toward the commission of the crime, the State can proceed to trial.
Undercover Officer
Participation
OCGA 16-12-100.2 (f) The sole fact that an undercover operative or law
enforcement officer was involved in the detection and investigation of an
Case Studies
Cyber Crime Comes To Life
So mere speech can get someone in trouble?
Sure, it’s been that way for years. The only thing different is the computer is the means of communicating the
Computer Assisted Sexual
Exploitation
However, Legislature has recently enacted a
misdemeanor statute that makes the use of a
computer in the
Computer Assisted Sexual
Exploitation
This legislation is entirely new, recognizing the
uniqueness of computer assisted child exploitation which was not possible
Computer Assisted Sexual
Exploitation
O.C.G.A. Sec 16-12-100.2 (d) (1) Effective 7/1/99
It shall be unlawful for any person
intentionally or willfully to utilize a computer on-line service, Internet service, or local
Computer Assisted Sexual
Exploitation
(d) (1) .. to commit any illegal act ... relating to the offense of sodomy or aggravated
sodomy; ... relating to the offense of child
molestation or aggravated child molestation; ... relating to the offense of enticing a child for indecent purposes; ... relating to the
Computer Assisted Sexual
Exploitation
(d) (2) Any person who violates
Case Studies
Cyber Crime Comes To Life
Case Studies
Cyber Crime Comes To Life
In Dennard, the Court of Appeals ruled that the State can proceed on Criminal Attempt, even though the crime of
Sexual Exploitation has arguably been committed. The State commonly goes after the highest crime committed.
ISP Operators Beware
OCGA 16-12-100.2 (e) (1) It shall be unlawful for any owner or
operator of a computer on-line service, Internet service, or local
bulletin board service intentionally or willfully to permit a subscriber to
utilize the service to commit a violation of this Code section,
ISP Operators Beware
Anonymity Opportunity
In the “old days,” sexual perversion was certainly present, but the desire to not be caught diminished the opportunities to accomplish the crime. Hanging
around the neighbor park was too risky, especially for bank presidents,
Anonymity Opportunity
Today, a sexual pervert can “hang
around” in teenage chat rooms and find suitable victims with little risk of
Anonymity Opportunity
After awhile, the “friendship” will
develop to the point that the predator can talk about sex. Again, teenagers
Anonymity Opportunity
Once the predator has established a
trusting relationship, he/she will seek to make a physical encounter. Usually,
this encounter will be solely about sex for the predator. There is too much
Anonymity Opportunity
The child usually seeks to get out of the situation once she/he realizes that this “friend” is not what was portrayed on the Internet. However, in many instances, it is too late to back out or stop the
assault. If the child will tell about it,
Georgia Law - Issue
Last point on child sexual crimes. My office will not release videotapes of
interviews of child molestation victims to the defense. We are obligated by law to allow the defendant and his attorney see the tape. Those tapes contain
Winding Down
Hang On.
Cyber Stalking
A different twist on an old crime, Cyber Stalking. Stalking has been going on for centuries, having grown more
sophisticated as technology has advanced.
Cyber Stalking
OCGA 16-5-90. (a) A person commits the offense of stalking when he or she follows, places under surveillance, or contacts another person at or about a place or places without the consent of the other person for the purpose of
Cyber Stalking
For the purposes of this article, the term "harassing and intimidating" means a
knowing and willful course of conduct directed at a specific person which
causes emotional distress by placing
such person in reasonable fear for such person's safety or a family member’s
Cyber Stalking
by establishing a pattern of harassing and intimidating behavior, and which serves no legitimate purpose. This
Cyber Stalking
Cyber Stalking
Where in the World is Carmen
Cyber Theft is Theft…
Theft is nothing new,
computers have simply
Case Study – Cyber Theft
Houston County:
Saturday a.m. - Intruder breaks into local ISP, steals account names and
Case Study – Cyber Theft
Houston County:
Case Study – Cyber Theft
Houston County:
Case Study – Cyber Theft
Houston County:
Saturday p.m. - Police
Case Study – Cyber Theft
Proving the old adage:
If criminals weren’t stupid, we wouldn’t catch many of
Protecting Children
(& networks)
Keep Computer In Public Access Room Install Child Safe Software (NetNanny, CyberPatrol, etc.)
Know How To Track “History”
Watch Your Child At The Computer, Regardless of Age
Final points
You may see this material on an exam!
Number one fraud on the internet?
Auctions!! Ebay users, pay with a credit card!
Most common computer attack?
Viruses- “malicious logic” vs. worms
Worms are self-replicating, death by expansion, filling
harddrive or bandwidth
Denial of Service Attacks- it’s cybercrime
Floods the server with data, prevents access
Carnivore – FBI tool for internet wiretaps
Makes a copy of email for law enforcement
Money laundering – transfer of money from illegal
In Closing
Cyber Crime Is Still Crime
Computers Offer Widespread Havoc Computers Have Detection Issues, Good and Bad
Thank You for Coming!
Kelly R. Burke District Attorney
Houston County, Georgia 478.987.2450 or
