Computer Forensics and Cybercrime Overview

Questions and Answers

What is one of the traditional challenges faced by law enforcement administrators?

Smaller agencies lacking resources (correct)

Over-abundance of resources available

Rapid legislative action

Apathy towards violent crime

Which of the following crimes is specifically addressed under Title 18 related to cybercrime?

Child Seduction & Exploitation (correct)

Tax Evasion

Assault

Identity Theft

What does the Computer Fraud and Abuse Act of 1986 primarily focus on?

Unauthorized access to a computer (correct)

Data encryption issues

Financial transaction fraud

Software licensing enforcement

Which additional federal law addresses credit card fraud and software piracy?

Title 15 (D)

Which of the following is NOT included in the list of traditional statutes related to cybercrime?

Murder (D)

What was a significant limitation observed in the initial application of the Computer Fraud and Abuse Act of 1986?

It overemphasized access to financial information. (B)

Which aspect was specifically added to the National Information Infrastructure Act of 1996?

Offenses committed using computer technology. (C)

What type of intrusion was included in the expansion of the Computer Fraud and Abuse Act of 1986?

Intentional intrusions only. (B)

What type of activity is classified under the expanded version of the National Information Infrastructure Act of 1996?

Transmitting classified government information. (B)

Which of the following was NOT covered under the expansions of the Computer Fraud and Abuse Act of 1986?

Fraud related to legitimate business practices. (A)

What does the PROTECT Act mandate for repeat child sex offenders?

Mandatory life penalty (D)

What is illegal under the Identity Theft and Assumption Deterrence Act of 1998?

Transferring or using someone else's identification without lawful authority (C)

Which of the following is NOT included in the definition of identifying information under ITADA?

Family member's maiden name (A)

What is a requirement of the Financial Modernization Act of 1999?

Financial institutions must disclose their privacy practices (C)

What can individuals do under the Financial Privacy Rule of the Financial Modernization Act?

Opt-out of disclosure of certain personal information (C)

What type of checks are required for volunteer organizations under the PROTECT Act?

Criminal history/background checks (B)

What is the penalty for possessing another person’s personal identifying information under ITADA?

It is a violation of federal law (C)

Which of the following acts provides for electronic eavesdropping in cases of child abuse?

PROTECT Act (A)

Which form of identification is NOT considered identifying information under ITADA?

Bank account number (C)

What intent must be established for unlawful use of another's identification under ITADA?

With fraudulent intent (B)

The Computer Fraud and Abuse Act of 1986 is also known as the Hacking Statute.

True (A)

Title 15 of federal law relates to crimes such as fraud and embezzlement.

False (B)

Law enforcement administrators historically face challenges such as apathy towards violent crime.

False (B)

The Hobbs Act addresses various crimes, including kidnapping.

True (A)

Legislative action regarding cybercrime has historically been very fast-paced.

False (B)

The Computer Fraud and Abuse Act of 1986 only applied to intentional intrusions.

True (A)

The National Information Infrastructure Act of 1996 solely focused on financial records.

False (B)

Only one successful prosecution occurred under the original Computer Fraud and Abuse Act.

True (A)

The expanded version of the Computer Fraud and Abuse Act includes offenses committed with computer technology.

True (A)

The Computer Fraud and Abuse Act of 1986 was considered highly effective with broad enforcement success.

False (B)

The PROTECT Act mandates mandatory life penalty for repeat child sex offenders.

True (A)

The Identity Theft and Assumption Deterrence Act of 1998 allows for the possession of another’s personal identifying information without consequence.

False (B)

The Financial Privacy Rule requires financial institutions to provide an opt-out option for some personal information disclosures.

True (A)

The identifying information under ITADA includes a person's television license number.

False (B)

The Financial Modernization Act of 1999 addresses issues related to identity theft.

False (B)

Electronic eavesdropping is included in the measures proposed by the PROTECT Act.

True (A)

The Identity Theft and Assumption Deterrence Act makes it legal to use someone else's identification if you have their permission.

True (A)

Child sex offenders must undergo criminal history checks under the PROTECT Act.

False (B)

A passport number falls under the definition of identifying information in ITADA.

True (A)

The Financial Modernization Act of 1999 prohibits all disclosures of personal information by financial institutions.

False (B)

Flashcards

Federal Cybercrime Laws

Federal laws, primarily under Title 18 of the U.S. Code, handle crimes like fraud, terrorism, child exploitation, and stalking related to computers.

Computer Fraud and Abuse Act (CFAA)

A U.S. law that criminalizes unauthorized access to computers. It's part of Title 18 of the U.S. Code, and was initially focused on unauthorized computer access.

Traditional Challenges (Law Enforcement)

Law enforcement struggles with limited resources in smaller agencies, slow legislative action, and sometimes apathy towards nonviolent crimes.

Title 15 Cybercrime

Federal law (Title 15) covers specific cybercrimes like credit card fraud, and software piracy.

Title 17 Cybercrime

Federal law (Title 17) addresses internet copyright violations or infringement.

Computer Fraud and Abuse Act (CFAA) of 1986

A law initially focused on computer intrusions, later expanded to encompass computer use in commerce and communication, particularly emphasizing intentional intrusions but not inadvertent ones.

National Information Infrastructure Act (NIIPA) of 1996

A law designed to fill gaps in the CFAA by addressing accidental intrusions, computer-facilitated offenses (where the computer isn't the primary target), and situations involving non-commercial computers connected to the internet.

CFAA Ineffectiveness

Early versions of the CFAA were deemed ineffective due to ambiguity and a focus on financial/government computer access. Only one successful prosecution is noted.

Expanded CFAA activities

The CFAA later expanded to include activities like transmitting classified information, and interfering with government computer use.

NIIPA focus

NIIPA focused on areas not covered by the CFAA, like accidental intrusions, offeneses involving computers that were not the main target, and computers that weren't part of commercial activities but were connected to the internet.

PROTECT Act

A law that mandates life sentences for repeat child sex offenders, requires background checks for volunteer organizations, and allows for electronic eavesdropping in child abuse/kidnapping cases.

ITADA (Identity Theft & Assumption Deterrence Act)

A law making it a crime to possess someone else's identifying information (public or private) with the intent to commit a federal crime or state felony.

Identifying Information

Personal data that uniquely identifies an individual, including name, SSN, date of birth, driver's license, alien registration, passport, and tax ID.

Financial Privacy Rule

Part of the Financial Modernization Act, requiring financial institutions to disclose privacy practices and allow customers to opt-out of sharing some personal data.

Financial Modernization Act of 1999

Legislation encompassing provisions concerning financial privacy.

Repeat Child Sex Offenders

Individuals convicted of child sex offenses more than once

Mandatory Life Penalty

A sentence of life imprisonment that is automatically imposed for certain crimes.

Electronic Eavesdropping

Surveillance of communications electronically

Volunteer Organizations

Organizations comprised of volunteers.

Criminal Background Checks

Verifying an individual's past criminal record.

Why did early CFAA prosecutions struggle?

The CFAA initially focused on unauthorized access to computers, making it difficult to prosecute cases where financial or government computers weren't involved. The law's ambiguous language also posed challenges.

What did the NIIPA address?

The National Information Infrastructure Act (NIIPA) extended the reach of the CFAA, addressing accidental intrusions, computer-facilitated offenses (where the computer wasn't the primary target), and situations involving non-commercial computers connected to the internet.

How does the PROTECT Act help protect children?

The PROTECT Act helps prevent child abuse and exploitation by mandating life sentences for repeat child sex offenders, requiring background checks for volunteer organizations, and allowing for electronic eavesdropping in child abuse/kidnapping cases.

ITADA & Identity Theft

The Identity Theft & Assumption Deterrence Act (ITADA) makes it a federal crime to possess someone else's identifying information with the intent to commit a federal crime or state felony.

Financial Privacy Rule - Opting Out

The Financial Privacy Rule requires financial institutions to disclose their privacy practices and allows customers to opt-out of sharing some personal data.

CFAA's Focus

The Computer Fraud and Abuse Act (CFAA) initially focused on unauthorized access to computers used in commerce and communication, particularly emphasizing intentional intrusions but not inadvertent ones.

NIIPA's Purpose

The National Information Infrastructure Act (NIIPA) aimed to fill gaps in CFAA by addressing accidental intrusions, computer-facilitated offenses, and situations involving non-commercial computers connected to the internet.

Why was the initial CFAA considered ineffective?

The initial CFAA proved ineffective due to its broad and vague wording, leading to only one successful prosecution despite the increase in cybercrime.

What did the CFAA expansion cover?

The expanded CFAA included activities like transmitting classified information, obtaining information from financial institutions, and interfering with government computer use.

What did the expanded CFAA address?

The expanded CFAA addressed hacking, malicious programming, unintentional damages, trafficking in passwords, and extortion related to these activities.

ITADA

The Identity Theft and Assumption Deterrence Act of 1998, making it a crime to possess someone else's personal identifying information with the intent to commit a federal crime or state felony.

What does ITADA consider 'identifying information'?

It includes names, Social Security numbers, dates of birth, driver's licenses, alien registration numbers, passport numbers, and employer or taxpayer identification numbers.

What is the purpose of the Financial Modernization Act of 1999?

It contains the Financial Privacy Rule, which aims to protect the privacy of financial data.

Study Notes

Computer Forensics and Cybercrime Avenues for Prosecution and Government Efforts

• Law enforcement faces challenges like smaller agencies lacking resources, leading to reliance on state and federal agencies, often overburdening them. Historically, there's been apathy towards nonviolent crime and a slow pace of legislative action.

Traditional Statutes

• Primary federal cybercrime provisions are under Title 18, covering various crimes like fraud, embezzlement, terrorism, child exploitation, stalking, kidnapping (Hobbs Act), forgery, extortion, RICO violations, access device fraud, and illegal wiretapping.
• Supplemental federal laws related to cybercrime include Title 15 (credit card fraud and software piracy) and Title 17 (copyright infringement).

The Evolution of Computer-Specific Statutes (CFAA)

• The 1986 CFAA initially focused narrowly on unauthorized computer access, but was deemed ineffective due to vagueness.
• Later expansions of the CFAA addressed computers used in commerce and communication, focusing on intentional intrusions and all financial records.

National Information Infrastructure Act (NIIPA) 1996

• NIIPA addressed loopholes in the CFAA by covering accidental intrusions, offenses via computer technology, cases where computer data is not the primary target, and computers attached to the internet but not involved in commerce.

Expanded Scope of Existing Statutes to Address Cybercrimes

• Cybercrime statutes were expanded to include transmitting classified government information, obtaining information from financial institutions (private sector computers/U.S. government), affecting government use of non-public computers, fraud related to cyber activities, hacking, malicious programming (including unintentional damages) and extortion or password trafficking related to these activities.

Evolving Child Pornography Statutes

• The PROTECT Act introduced mandatory life sentences for repeat child sex offenders, mandatory criminal history/background checks for volunteer organizations, and electronic eavesdropping for child abuse or kidnapping cases.

Identity Theft and Financial Privacy Statutes

• The Identity Theft and Assumption Deterrence Act (ITADA) of 1998 criminalizes possessing another person's identifying information (public or private).

• Identifying information includes name, Social Security number, date of birth, official IDs, alien registration, passport, and employer/taxpayer IDs.

• The Financial Modernization Act of 1999 includes the Financial Privacy Rule, requiring disclosure of privacy practices by financial institutions, and allowing customers to opt-out of information disclosure.

• The Fair and Accurate Credit Transactions Act (FACTA) of 2003 mandates free credit reports, fraud alerts, truncation of account numbers (to address dumpster-diving attacks), truncation of Social Security numbers, one-call fraud alerts, and improved victim resolution processes.

• Additional efforts include the mandate for card issuers to investigate address changes and new card requests, blocking and eliminating fraudulent information, addressing fraud alert requirements for consumer reporting agencies, requiring reporting of consumer credit scores, and limiting the comingling of medical and financial information. Debt collectors are also obliged to disclose identity theft issues.

Federally Funded Initiatives and Collaborations

• The President's Working Group on Unlawful Conduct on the Internet assessed the adequacy of existing laws, the need for new technological tools, and the efficacy of education and empowerment tools to curb internet crimes.

Law Enforcement Operations and Tools

• Packet sniffers (like Carnivore, Packeteer, Coolminer) reconstruct web-surfing trails, while keyloggers (like Magic Lantern) record keystrokes and mouse clicks.
• Data mining employs statistical models, algorithms, and AI to analyze large datasets, identify associations, sequences, classify data, cluster related data and forecast future activities.

Conclusions

• The recognition of cybersecurity problems has increased significantly, but there's still considerable work needed.
• Traditional laws will be used alongside new regulations for encouragement by policymakers.
• International cooperation is growing, but sovereignty issues hinder global cybercrime prevention.

Description

Explore the complexities of computer forensics and the prosecution of cybercrime within the legal system. This quiz covers traditional statutes, the evolution of computer-specific laws, and the challenges faced by law enforcement agencies. Test your knowledge on how government efforts have evolved to tackle these issues.