Computer Forensics and Cybercrime Overview

Questions and Answers

What is one of the traditional challenges faced by law enforcement administrators?

Smaller agencies lacking resources (correct)

Over-abundance of resources available

Rapid legislative action

Apathy towards violent crime

Which of the following crimes is specifically addressed under Title 18 related to cybercrime?

Child Seduction & Exploitation (correct)

Tax Evasion

Assault

Identity Theft

What does the Computer Fraud and Abuse Act of 1986 primarily focus on?

Unauthorized access to a computer (correct)

Data encryption issues

Financial transaction fraud

Software licensing enforcement

Which additional federal law addresses credit card fraud and software piracy?

Title 15

Which of the following is NOT included in the list of traditional statutes related to cybercrime?

Murder

What was a significant limitation observed in the initial application of the Computer Fraud and Abuse Act of 1986?

It overemphasized access to financial information.

Which aspect was specifically added to the National Information Infrastructure Act of 1996?

Offenses committed using computer technology.

What type of intrusion was included in the expansion of the Computer Fraud and Abuse Act of 1986?

Intentional intrusions only.

What type of activity is classified under the expanded version of the National Information Infrastructure Act of 1996?

Transmitting classified government information.

Which of the following was NOT covered under the expansions of the Computer Fraud and Abuse Act of 1986?

Fraud related to legitimate business practices.

What does the PROTECT Act mandate for repeat child sex offenders?

Mandatory life penalty

What is illegal under the Identity Theft and Assumption Deterrence Act of 1998?

Transferring or using someone else's identification without lawful authority

Which of the following is NOT included in the definition of identifying information under ITADA?

Family member's maiden name

What is a requirement of the Financial Modernization Act of 1999?

Financial institutions must disclose their privacy practices

What can individuals do under the Financial Privacy Rule of the Financial Modernization Act?

Opt-out of disclosure of certain personal information

What type of checks are required for volunteer organizations under the PROTECT Act?

Criminal history/background checks

What is the penalty for possessing another person’s personal identifying information under ITADA?

It is a violation of federal law

Which of the following acts provides for electronic eavesdropping in cases of child abuse?

PROTECT Act

Which form of identification is NOT considered identifying information under ITADA?

Bank account number

What intent must be established for unlawful use of another's identification under ITADA?

With fraudulent intent

The Computer Fraud and Abuse Act of 1986 is also known as the Hacking Statute.

True

Title 15 of federal law relates to crimes such as fraud and embezzlement.

False

Law enforcement administrators historically face challenges such as apathy towards violent crime.

False

The Hobbs Act addresses various crimes, including kidnapping.

True

Legislative action regarding cybercrime has historically been very fast-paced.

False

The Computer Fraud and Abuse Act of 1986 only applied to intentional intrusions.

True

The National Information Infrastructure Act of 1996 solely focused on financial records.

False

Only one successful prosecution occurred under the original Computer Fraud and Abuse Act.

True

The expanded version of the Computer Fraud and Abuse Act includes offenses committed with computer technology.

True

The Computer Fraud and Abuse Act of 1986 was considered highly effective with broad enforcement success.

False

The PROTECT Act mandates mandatory life penalty for repeat child sex offenders.

True

The Identity Theft and Assumption Deterrence Act of 1998 allows for the possession of another’s personal identifying information without consequence.

False

The Financial Privacy Rule requires financial institutions to provide an opt-out option for some personal information disclosures.

True

The identifying information under ITADA includes a person's television license number.

False

The Financial Modernization Act of 1999 addresses issues related to identity theft.

False

Electronic eavesdropping is included in the measures proposed by the PROTECT Act.

True

The Identity Theft and Assumption Deterrence Act makes it legal to use someone else's identification if you have their permission.

True

Child sex offenders must undergo criminal history checks under the PROTECT Act.

False

A passport number falls under the definition of identifying information in ITADA.

True

The Financial Modernization Act of 1999 prohibits all disclosures of personal information by financial institutions.

False

Study Notes

Computer Forensics and Cybercrime Avenues for Prosecution and Government Efforts

• Law enforcement faces challenges like smaller agencies lacking resources, leading to reliance on state and federal agencies, often overburdening them. Historically, there's been apathy towards nonviolent crime and a slow pace of legislative action.

Traditional Statutes

• Primary federal cybercrime provisions are under Title 18, covering various crimes like fraud, embezzlement, terrorism, child exploitation, stalking, kidnapping (Hobbs Act), forgery, extortion, RICO violations, access device fraud, and illegal wiretapping.
• Supplemental federal laws related to cybercrime include Title 15 (credit card fraud and software piracy) and Title 17 (copyright infringement).

The Evolution of Computer-Specific Statutes (CFAA)

• The 1986 CFAA initially focused narrowly on unauthorized computer access, but was deemed ineffective due to vagueness.
• Later expansions of the CFAA addressed computers used in commerce and communication, focusing on intentional intrusions and all financial records.

National Information Infrastructure Act (NIIPA) 1996

• NIIPA addressed loopholes in the CFAA by covering accidental intrusions, offenses via computer technology, cases where computer data is not the primary target, and computers attached to the internet but not involved in commerce.

Expanded Scope of Existing Statutes to Address Cybercrimes

• Cybercrime statutes were expanded to include transmitting classified government information, obtaining information from financial institutions (private sector computers/U.S. government), affecting government use of non-public computers, fraud related to cyber activities, hacking, malicious programming (including unintentional damages) and extortion or password trafficking related to these activities.

Evolving Child Pornography Statutes

• The PROTECT Act introduced mandatory life sentences for repeat child sex offenders, mandatory criminal history/background checks for volunteer organizations, and electronic eavesdropping for child abuse or kidnapping cases.

Identity Theft and Financial Privacy Statutes

• The Identity Theft and Assumption Deterrence Act (ITADA) of 1998 criminalizes possessing another person's identifying information (public or private).

• Identifying information includes name, Social Security number, date of birth, official IDs, alien registration, passport, and employer/taxpayer IDs.

• The Financial Modernization Act of 1999 includes the Financial Privacy Rule, requiring disclosure of privacy practices by financial institutions, and allowing customers to opt-out of information disclosure.

• The Fair and Accurate Credit Transactions Act (FACTA) of 2003 mandates free credit reports, fraud alerts, truncation of account numbers (to address dumpster-diving attacks), truncation of Social Security numbers, one-call fraud alerts, and improved victim resolution processes.

• Additional efforts include the mandate for card issuers to investigate address changes and new card requests, blocking and eliminating fraudulent information, addressing fraud alert requirements for consumer reporting agencies, requiring reporting of consumer credit scores, and limiting the comingling of medical and financial information. Debt collectors are also obliged to disclose identity theft issues.

Federally Funded Initiatives and Collaborations

• The President's Working Group on Unlawful Conduct on the Internet assessed the adequacy of existing laws, the need for new technological tools, and the efficacy of education and empowerment tools to curb internet crimes.

Law Enforcement Operations and Tools

• Packet sniffers (like Carnivore, Packeteer, Coolminer) reconstruct web-surfing trails, while keyloggers (like Magic Lantern) record keystrokes and mouse clicks.
• Data mining employs statistical models, algorithms, and AI to analyze large datasets, identify associations, sequences, classify data, cluster related data and forecast future activities.

Conclusions

• The recognition of cybersecurity problems has increased significantly, but there's still considerable work needed.
• Traditional laws will be used alongside new regulations for encouragement by policymakers.
• International cooperation is growing, but sovereignty issues hinder global cybercrime prevention.

Description

Explore the complexities of computer forensics and the prosecution of cybercrime within the legal system. This quiz covers traditional statutes, the evolution of computer-specific laws, and the challenges faced by law enforcement agencies. Test your knowledge on how government efforts have evolved to tackle these issues.