The Criminal
Movies and newspaper stories might lead us to believe that most computer crimes are committed by teenage “hackers”—brilliant and basically good children who let their imagination and technical genius get them into trouble. But a realistic look at the crimes reveals that the offender is likely to be an employee of the firm against which the crime has been committed, i.e., an “insider”.
Difficulty of Detection and Prevention
Given the kind of person who commits a computer crime and the environment in which the crime occurs, it is often difficult to detect who the criminal is. First of all, the crime may be so complex that months or years go by before anyone discovers it.
Second, once the crime has been revealed, it is not easy to find a clear trail of evidence that leads back to the guilty party. After all, looking for “weapons” or fingerprints does not occur as it might in the investigation of more conventional crimes.
Third, there are usually no witnesses to the computer crime, even though it may be taking place in a room filled with people. Who is to say if the person at the next terminal, calmly keying in data, is doing the company’s work or committing a criminal act?
Fourth, not enough people in management and law enforcement know enough about computer technology to prevent the crimes. Authorities have to be familiar with the computer’s capabilities within a given situation to guard against its misuses. In some large cities, such as Los Angeles, police departments have set up specially trained computer crime units.
But even when an offender is caught, the investigators, attorneys (律师), judges, or juries may find the alleged crime too complicated and perplexing to handle. More attorneys are specializing in computer law and studying the computer’s potential for misuse.
After a computer crime has been discovered, many companies do not report it or prosecute (起诉) the person responsible. A company may not announce the crime out of fear that the pubic will find out the weaknesses of its computer system and lose confidence in its organization. Banks, credit card companies, and investment firms are especially sensitive about revealing their vulnerabilities (脆弱性) because they rely heavily on customer trust.
To avoid public attention, cautious companies will often settle cases of computer tampering out of court. And if cases do go to trial and the offenders are convicted, they may be punished only by a fine or light sentence because the judge or jury isn’t fully trained to understand the nature and seriousness of the crime.
Not all companies are timid in apprehending computer criminals. For example, Connecticut General Life Insurance Company decided it had to get tough on violators. So when the company discovered that one of its computer technicians had embezzled $200,000 by entering false benefit claims, it presented it findings to the state’s attorney and aided in the prosecution of the technician. The technician was found guilty and sentenced to prison, not just for the computer misuse, but also for grand theft and insurance fraud. Connecticut General now has a policy of reporting all incidents of theft or fraud, no matter how small.
