CASES ON COMPUTER CRIME

1
CASES ON COMPUTER CRIME

• MOHD BAHRIN OTHMAN

2
DIFFICULTY OF PROSECUTING EARLY COMPUTER CRIME
CASES IN THE UK

• LACK OF UNDERSTANDING OF THE RELEVANT LAW TO BE
  APPLIED
• TRADITIONAL LAW WAS APPLIED TO THE NEW CRIME
• LAW LAGS BEHIND TECHNOLOGY

3
R V GOLD SCHIFREEN (1988)

• DFS GAINED UNAUTHORISED ACCESS INTO BRITISH
  TELECOM COMPUTER NETWORK THROUGH ILLEGALLY
  OBTAINED PASSWORDS BELONGING TO BT EMPLOYEE
• THEY ALTERED SOME DATA INTRUDED INTO DUKE OF
  EDINBURGH COMPUTER FILES LEFT A MESSAGE
• DFS CHARGED WITH FORGERY UNDER S. 1 OF THE
  FORGERY COUNTERFEITING ACT 1981.

4
R V GOLD SCHIFREEN (1988)

• THEY WERE CONVICTED BY CROWN COURT AND APPEALED
  WHICH FINALLY WENT TO THE HOUSE OF LORDS
• MEANING OF FALSE INSTRUMENTIN S 8 INCLUDE ANY
  DISC, TAPE,SOUND TRACK OR OTHER DEVICES ON OR IN
  WHICH INFO IS RECORDED OR STORED BY
  MECHANICAL,ELECTRONIC OR OTHER MEANS

5
R V GOLD SCHIFREEN (1988)

• C/APPEAL ELCTRONIC IMPULSES GENERATED BY
  PHYSICALLY ENTERING THE CUSTOMER ID PASSWORD
  INTO THE PRESTEL COMPUTER SYSTEM COULDNT
  CONSTITUTE FALSE INSTRUMENT AS IT WAS AN
  INTANGIBLE IMPULSE. EXAMPLES UNDER THE 1981 ACT
  WERE ALL TANGIBLE IMPULSES

6
R V GOLD SCHIFREEN (1988)

• PROSN USER SEGMMENTOF THE COMPUTER BECOMES
  MOMENTARILY FALSE INSTRUMENT ONCE ID PASSWORD
  WERE ENTERED INTO FOR USER AUTHENTICATION
  PURPOSES
• C/AP REJECTED THIS ARGUMENT SINCE THE SIGNALS
  THAT CAUSED THE USER SEGMENT TO VERIFY THEM AS
  AUTHORISED USERS APPEARED ONLY MOMENTARILY BEFORE
  BEING DELETED, THEY WERE NEVER RECORDED OR
  STOREDWITHIN S 8 MEANING

7
R V GOLD SCHIFREEN (1988)

• H/L HELD THAT THE APPEAL SHOULD BE ALLOWED
• THE FACTS OF THE CASE COULD NOT FIT INTO THE OLD
  STATUTE THAT WAS NOT DESIGNED FOR THE NEW CRIME
  OF HACKING

8
R V LINDESAY 2001

• DF WAS CHARGED WITH 3 CHARGES OF CAUSING
  UNAUTHORISED MODIFICATION TO COMPUTER CONTENTS
  UNDER SEC 3 (1) (7) OF THE UK COMPUTER MISUSE
  ACT 1990
• HE WAS SENTENCED TO 9 MONTHS IMPRISONMENT TERM BY
  MAGISTRATES COURT
• HE APPEALED AGAINST SENTENCE AS BEING EXCESSIVE

9
R V LINDESAY 2001

• DF WAS A FREELANCE COMPUTER CONSULTANT WHO WAS
  DISMISSED WHEN FORMER EMPLOYER (IT COMPANY
  MAINTAINING WEBSITES FOR CLIENTS) UNHAPPY WITH
  HIS WORK. A DISPUTE OVER PAYMENT OF MONEY LATER
  ENSUED BETWEEN THEM
• BY USING PASSWORDS KNOWN TO HIM DURING HIS
  EMPLOYMENT, HE GAINED UNAUTHORISED ACCESS INTO 3
  WEBSITES BELONGING TO CLIENTS OF HIS FORMER
  EMPLOYER.
• HE DELETED SOME CONTENTS DATA AT ALL THESE
  SITES INTENDING TO CAUSE HIS FORMER EMPLOYER SOME
  INCONVENIENCES

10
R V LINDESAY 2001

• ON THE 2ND SITE (COMMUNICATIONS COMPANY) HE MOVED
  IMAGES AROUND
• ON THE THIRD SITE BELONGING TO A SUPERMARKET
  COMPANY, HE SENT E-MAILS TO CUSTOMERS INFORMING
  THEM ABOUT FUTURE INCREASES IN PRICES OF CERTAIN
  GOODS THEY COULD GO ELSEWHERE IF THEY DIDNT
  LIKE THAT FACT
• HE ALSO CHANGED SOME INFO ON RECIPES ON THIS SITE

11
R V LINDESAY 2001

• FORMER EMPLOYER HAD TO RESTORE THEIR CLIENTS
  SITES BACK TO NORMAL COSTING ABOUT 9000.
• ON SUPERMARKET SITES
• THEY HAD TO SEND APOLOGIES TO CUSTOMERS
• THEY HAD TO PUT UP EXTRA SECURITY TO MAKE THE
  SITES MORE SECURE
• THEY HAD TO CLOSE IT FOR 10 WEEKS AFTER THE
  BREACH
• THE OTHER 2 SITES HAD TO BE REPAIRED ABOUT 3
  HOURS EACH

12
R V LINDESAY 2001

• COURT CONFIRMED LOWER COURTS DECISION
  DISMISSED THE APPEAL
• COURTS DECISION TOOK INTO ACCOUNT
• DF CONFESSED EXPRESSED REMORSE
• DF PLEADED GUILTY AT BEGINNING
• DF COMMITTED THE OFFENCE AT THE SPUR OF THE
  MOMENT
• NO DAMAGE TO SOFTWARE
• NO TEMPERING WITH SENSITIVE DATA
• NO DIRECT REVENUE LOSS
• PURE REVENGE AGAINST FORMER EMPLOYER OVER
  PAYMENT OF MONEY

13
RE YARIMAKA 2002

• CASE CONCERNED APPLICATION FOR HABEAS CORPUS
  AGAINST EXTRADITION ORDER TO THE USA
• APP WORKED IN KAZAKSTAN WITH A COMPANY USING
  DATABASES PROVIDED BY BLOOMBERG
• HE MANAGED TO GAIN UNAUTHORISED ACCESS TO
  BLOOMBERG COMPUTER SYSTEMS IN NEW YORK E-MAIL
  ACCOUNTS OF THE DIRECTOR OF BLOOMBERG HEAD OF
  SECURITY ABLE TO ACCESS HIGHLY CONFIDENTIAL INFO

14
RE YARIMAKA 2002

• APP THEN SENT E-MAILS TO BLOOMBERG EXTORTED
  USD317,000 FROM HIM FAILING WHICH THEY WOULD
  DISCLOSE THE INTRUSION THAT WOULD RESULT IN LOSS
  OF CONFIDENCE IN BLOOMBERGS COMPUTER SYSTEMS BY
  CLIENTS
• THEY ALSO OFFERED TO SHOW HOW THEY HAD
  INFILTRATED THE SYSTEM

15
RE YARIMAKA 2002

• APP BLOOMBERG AGREED ATO MEET IN LONDON WHERE
  THE APP WERE SUPPOSED TO COLLECT THE MONEY
  DEMANDED ALSO WHERE THEY WERE ARRESTED BY THE
  FBI SCOTLAND YARD
• APP WERE CHARGED WITH 6 CHARGES INVOLVING
• 4 BLACKMAIL,
• CONSPIRACY TO GAIN UNAUTHORISED ACCESS WITH
  INTENT TO COMMIT/FACILITATE BLACKMAIL
• CONSPIRACY TO CAUSE UNAUTHORISED MODIFICATION OF
  COMPUTER MATERIAL IN BLOOMBERGS COMPUTER

16
RE YARIMAKA 2002

• HELD
• LOWER COURT WAS RIGHT IN FINDING APP GUILTY OF
  S.3
• 4 ELEMENTS OF MODIFICATION, LACK OF
  AUTHORISATION, INTENT RELIABILITY OF DATA IS
  IMPAIRED WAS IN EVIDENT
• APPLICATION DISMISSED