Recent personality analysis conducted in several countries enabled
the construction of a model of character traits typical to computer
criminals.
The model refers mainly to information systems department employees
and users of on-line computer services.
Age | 18 - 35 years old |
Gender | Mostly male |
Position | Manager or a high ranking clerk |
Traits | Bright, thorough, highly-motivated, diligent, trustworthy - the last to be considered suspect, hard working, stable, first to arrive and last to go, does not take vacations, apprehensive of intimate relationships and of losing prestige, individualist, solves problems independently. |
Criminal Record | None |
The Methods | Executing an apparently ordinary action in the course of normal and legal system operations such as: salary calculations, payments to suppliers, insurance payments, transferal of tax and V.A.T returns etc. |
Aftermath Reaction | It is not a crime, I hurt no one, everybody does that, the banks steal more, I only tried to prove to my employers that it is possible. |
The Law | Does not deal with it. Usually both sided compromise and the case is kept silent. |
The computer environment as a microcosm of modern society has created several options for different types of computer crimes; embezzlement, through the transfer of funds between accounts electronically, fraud, through changing computations or omitting transactions, information theft, through the access of data sources, and financial damage through malicious disruption of the central computing system of an organization.
Computer crimes and criminals are receiving increasing media coverage due to the rising numbers of companies and governmental agencies which are fully computerized and which give access to the system to an ever-increasing number of employees. In spite of this increased coverage, there is no clear indication of a strong negative societal attitude towards this type of crime. The lack of a clear social perception (norm) with regards to computer crimes could be attributable to the fact that computer crimes are a relatively new phenomenon, and public opinion is not yet sufficiently formulated. Other reasons could result from the technical nature of the crime, which many people lack an understanding of, and from the fact that frequently companies which have been subjected to a computer crime prefer not to publicize it in an attempt to minimize damages, and prevent harm to their credibility.
Few countries incorporate sufficient laws to regulate computer crimes. The drafting and enactment of such laws are hindered by the complexity of the information technology environment and by the difficulty in defining clearly terms such as "software"' "electronic media" etc.
In order for an actual computer related crime to take place, several factors must come into play. First, there must be an individual with the technical abilities to plan and execute the crime. Second, there are personal (subjective) grievances, which the perpetrator believes can be righted by instigating the crime. Third, the perpetrator must feel confident that the crime committed will be nearly impossible to trace (the perfect crime illusion). Last, the intended criminal must have ready and legitimate access to the system in both the physical and the logical sense, and the crime must be perpetrated in the course of ordinary system activity.
Computer crimes are hard to prevent, and yet prevention is possible through a combination of controlling the access and use to the system, and creating an "alert and prevent" policy directed at system users. While access controlling methods are rarely foolproof, security can be layered in such a way as to severely decrease the likelihood of a crime and to deter would be criminals by creating an auditing and monitoring system which will disclose the source, time and nature of a violation in the system.
Computer crime prevention is hinged on the existence of regular
backups which enable comparisons of information, and more importantly,
restorations of systems to their correct state if they were maliciously
or accidentally disrupted or destroyed. Similarly, every organization
today which provides employees with access to information stored
on the system, has an obligation to install a security system
complete with access control, encryption options, privilege definitions
and monitoring options to deter and prevent would be computer
criminals.