Computer Forensics and Cyber Crime Overview

Questions and Answers

What is a significant challenge faced by law enforcement agencies regarding cybercrime?

• Limited technological tools available
• High rates of violent crime overshadowing cybercrime
• A lack of public awareness about cybercrime
• Smaller agencies lacking resources (correct)

Which of the following crimes is explicitly defined under Title 18 related to cybercrime?

• Software Piracy
• Copyright Infringement
• Child Seduction & Exploitation (correct)
• Data Breach Prevention

What does the Computer Fraud and Abuse Act of 1986 primarily focus on?

• Unauthorized access to a computer (correct)
• Child exploitation online
• Cyberstalking offenses
• Identity theft laws

Which statutory framework addresses credit card fraud and software piracy?

Title 15 (B)

Which of these challenges is NOT typically faced by law enforcement in prosecuting cybercrime?

Efficient legislative processes (C)

What was a significant limitation of the original Computer Fraud and Abuse Act of 1986?

It was considered ineffective due to its vagueness. (B)

Which of the following was NOT a focus of the National Information Infrastructure Act of 1996?

Cyberbullying incidents. (C)

What type of intrusions did the Computer Fraud and Abuse Act of 1986 specifically target?

Intentional and willful intrusions. (B)

What does the term 'trafficking in passwords' relate to in the context of computer-specific statutes?

Selling access to restricted areas of a network. (C)

Which of the following activities is covered under the expanded provisions of the National Information Infrastructure Act of 1996?

Obtaining classified government information unlawfully. (C)

What does the PROTECT Act mandate for repeat child sex offenders?

Mandatory life penalty (A)

Which of the following is a requirement under the Identity Theft and Assumption Deterrence Act of 1998?

It is now a crime to knowingly use someone else's identification (C)

What must financial institutions do according to the Financial Modernization Act of 1999?

Disclose their privacy practices and allow opt-out of some disclosures (A)

Which of the following is NOT considered identifying information under the Identity Theft and Assumption Deterrence Act?

Email address (B)

What type of checks does the PROTECT Act require for volunteer organizations?

Criminal history/background checks (D)

To commit identity theft under ITADA, which of the following actions is prohibited?

Transfer someone else’s identifying information without proper authority (D)

Which of the following is included in the definition of identifying information under ITADA?

Official state or government-issued driver's license number (D)

Which statute requires electronic eavesdropping in cases related to abuse or kidnapping?

The PROTECT Act (A)

What is NOT a requirement of the Financial Privacy Rule enacted by the Financial Modernization Act?

Guarantee absolute confidentiality of information (C)

Which of the following is a consequence for repeat child sex offenders under the PROTECT Act?

Mandatory life penalty (D)

The Computer Fraud and Abuse Act of 1986 primarily aims to prevent access to computers without authorization.

True (A)

Title 18 of federal law includes provisions for child seduction and exploitation under cybercrime.

True (A)

Glacially slow legislative action has been a challenge for law enforcement regarding cybercrime.

True (A)

The Hobbs Act exclusively covers cybercrime offenses such as hacking and internet fraud.

False (B)

Credit card fraud is included under Title 17 of the federal criminal law related to cybercrime.

False (B)

The Computer Fraud and Abuse Act of 1986 was tailored to apply to intentional intrusions only.

True (A)

The National Information Infrastructure Act of 1996 applies to all computers regardless of their involvement in commerce.

True (A)

The Computer Fraud and Abuse Act of 1986 has led to numerous successful prosecutions since its inception.

False (B)

The expansion of the Computer Fraud and Abuse Act also focused on unintentional damages caused by hacking.

True (A)

The National Information Infrastructure Act of 1996 focused solely on unauthorized access to financial institutions.

False (B)

The PROTECT Act mandates a mandatory life penalty for first-time child sex offenders.

False (B)

According to the Identity Theft and Assumption Deterrence Act, it is illegal to knowingly use another person's identifying information for lawful purposes.

False (B)

The Financial Modernization Act of 1999 requires financial institutions to provide privacy practices disclosures.

True (A)

Electronic eavesdropping is permitted under the PROTECT Act for any case related to child welfare.

False (B)

The Identity Theft and Assumption Deterrence Act allows individuals to possess another person's identifying information for any purpose.

False (B)

A Social Security number is considered identifying information under ITADA.

True (A)

The Financial Privacy Rule allows customers to completely opt-out of all disclosures made by financial institutions.

False (B)

The PROTECT Act includes provisions for criminal background checks for volunteer organizations.

True (A)

The Identification Theft and Assumption Deterrence Act was enacted in 2001.

False (B)

The Financial Modernization Act was passed in 1999 to enhance the privacy of consumer financial information.

True (A)

Flashcards

Computer Fraud and Abuse Act (CFAA)

A 1986 law that deals with unauthorized computer access and abuse.

Traditional Cybercrime Statutes

Existing laws, mainly in Title 18 of the US Code, addressing crimes like fraud, terrorism, and child exploitation, applicable to cybercrimes.

Title 18, US Code

A Title of the US Code that contains laws related to common crimes including some cybercrimes, such as fraud, kidnapping, and extortion.

Title 15, US Code

A title of the US Code covering credit card fraud and software piracy.

Title 17, US Code

A section within the US Code concerning copyright infringement (also applicable to cybercrime situations).

CFAA (Computer Fraud and Abuse Act)

A law designed to protect computers used in commerce and communication from intentional intrusions.

NIIPA (National Information Infrastructure Act)

A law that addresses loopholes in the CFAA, expanding protection to cover accidental intrusions and offenses using computers.

CFAA Ineffectiveness

The original CFAA was criticized for being too vague and focusing too much on access to financial information and government computers.

NIIPA Expansions

NIIPA broadened protection to include offenses like transmitting classified information, hacking, malicious programming, and extortion.

Limited CFAA Success

Only one successful prosecution was recorded under the original CFAA.

PROTECT Act

A law providing mandatory life sentences for repeat child sex offenders, requiring background checks for child-related volunteer organizations, and allowing electronic eavesdropping in child abuse or kidnapping cases.

ITADA (Identity Theft & Assumption Deterrence Act)

A law making it illegal to possess someone else's identifying information with the intent to commit a crime.

Identifying Information (ITADA)

Personal details like name, Social Security number, date of birth, driver's license, and more, used to identify someone.

Financial Modernization Act of 1999

A law requiring financial institutions to disclose privacy practices and allow customers to opt out of certain information sharing.

Financial Privacy Rule

A part of the Financial Modernization Act that details how financial institutions handle customer privacy.

Child Pornography Statutes

Laws addressing child pornography. Often a part of the broader PROTECT Act.

Repeat Child Sex Offenders

Individuals convicted of child sex offenses multiple times.

Identity Theft

Stealing a person's identifying information to commit crimes.

Criminal Background Checks

Verification of a person's past criminal record for safety and reliability.

Electronic Eavesdropping

Monitoring communications electronically, often used in investigations.

Traditional Statutes vs. Cybercrime

While laws like those in Title 18 cover general crimes, specialized laws have been created specifically for cybercrimes, like the Computer Fraud and Abuse Act.

What is a 'traditional' Cybercrime Statute?

Legal provisions that existed before the rise of modern computers and the internet, often focusing on activities like fraud, extortion, and child exploitation, but applicable to cybercrimes.

NIIPA (National Information Infrastructure Protection Act)

A federal law enacted in 1996 that expanded the scope of the CFAA, particularly targeting offenses related to information infrastructure, like hacking and malicious programming.

CFAA (1986)

A law passed to protect computers used in commerce and communication from unauthorized access, particularly focused on intentional intrusions.

NIIPA (1996)

A law that expanded on the CFAA to address loopholes and cover accidental intrusions and offenses using computers.

Why Was the Original CFAA Considered Ineffective?

The original CFAA was considered ineffective due to its vagueness and overemphasis on access to financial information and government computers. It only resulted in one successful prosecution.

Mandatory Life Sentence

This refers to a legal requirement that someone convicted of certain crimes, like repeated child sex offenses, must serve a life sentence without the possibility of parole.

Background Checks

This involves reviewing someone's past criminal record to assess their suitability for specific roles, such as working with children.

ITADA

The Identity Theft and Assumption Deterrence Act makes it illegal to possess or use someone else's identifying information for unlawful purposes.

Identifying Information

This refers to personal details, such as your name, Social Security number, or driver's license number, that can be used to identify you.

Financial Modernization Act

This law, enacted in 1999, introduced the Financial Privacy Rule, requiring financial institutions to disclose their privacy practices and allow customers to opt out of sharing certain information.

Opt-Out

This refers to the right for individuals to choose not to participate in certain activities, such as sharing their personal information with third parties.

Study Notes

Computer Forensics and Cyber Crime

• Law enforcement faces challenges like smaller agencies lacking resources, leading to dependence on state and federal agencies, resulting in overload.
• Traditional apathy towards non-violent crime and slow legislative action also pose obstacles.

Traditional Statutes

• Cybercrime laws primarily exist under Title 18, encompassing offenses like fraud, embezzlement, terrorism/espionage, child exploitation, stalking, kidnapping (Hobbs Act), forgery, extortion, RICO, access device fraud, and illegal wiretapping.
• Additional federal statutes dealing with cybercrime include Title 15 (credit card fraud and software piracy) and Title 17 (copyright infringement).

The Evolution of Computer-Specific Statutes

• The Computer Fraud and Abuse Act of 1986 (CFAA) initially focused narrowly on unauthorized computer access, but proved ineffective due to vagueness and overemphasis on financial and government computer access.
• Subsequent amendments broadened the CFAA to cover computers used in commerce and communication as well as all financial records.
• Intentional intrusions are now the focus, rather than accidental ones.
• The National Information Infrastructure Act of 1996 (NIIPA) addressed loopholes in the CFAA. This focused on accidental intrusions, offenses committed via computer, cases where computer data isn't targeted, and all computers connected to the Internet, not just those used for commerce.
• Cybercrime laws expanded to include transmitting classified government information, obtaining information from financial institutions and government entities, affecting government computer use and prior activities, hacking, malicious programming, unintentional damages, trafficking in passwords, extortion.

Evolving Child Pornography Statutes

• The PROTECT Act introduced measures to combat child sexual exploitation, including mandatory life sentences for repeat offenders, background checks for volunteer organizations, and electronic surveillance for cases of child abuse or kidnapping.

Identity Theft and Financial Privacy Statutes

• The Identity Theft and Assumption Deterrence Act (ITADA) of 1998 criminalized possessing another person's identifying data (public or non-public) and knowingly transferring or using such information without lawful authority to commit or aid a violation of federal or state/local law.
• Identifying information includes name, social security number, date of birth, official state/government issued documents.
• The Financial Modernization Act of 1999 introduced the Financial Privacy Rule, requiring financial institutions to disclose their privacy practices and offer opt-out choices for some personal data.

Fair and Accurate Credit Transactions Act of 2003 (FACTA)

• Provisions of the FACTA encompass free credit reports, fraud and active-duty alerts, credit/debit account number truncation (to curb dumpster diving), truncation of Social Security numbers, one-call alerts for fraud, and streamlined victim resolution processes.

Further Efforts to Protect Personal Information

• The Driver's Privacy Protection Act restricts the use of social security numbers and other personal data from motor vehicle records, except when specifically allowed.
• The Health Insurance Portability & Accountability Act limits health care organizations' disclosure of social security numbers and health information.

Federally Funded Initiatives and Collaborations

• President's Working Group on Unlawful Conduct on the Internet brings together businesses, government and advocacy groups. Focus areas include verifying the sufficiency of existing federal laws and creating, if needed new technologies and "empowerment tools".

Law Enforcement Operations and Tools in the United States

• Packet sniffers and keyloggers (e.g. Carnivore) reconstruct online activity (packets of data).
• Data mining in law enforcement applies statistical models, algorithms, and AI to analyze large data sets. This involves measures such as associating connected events, sequencing path analysis of events, clustering groups of new/previously unknown facts, and forecasting future activity.

Conclusions

• Recognition of the extent of cybercrime has grown dramatically, but challenges remain in enacting specific legislation, international cooperation, and sovereignty issues.

Description

Explore the evolving landscape of computer forensics and cyber crime laws. This quiz covers challenges faced by law enforcement, key traditional statutes, and the evolution of computer-specific statutes like the CFAA. Test your knowledge on how these elements interplay in addressing cybercrime.