Criminal Law in Cyberspace Page 25 a trojan horse, by contrast, is a computer program that performs some apparently useful function that also contains hidden code that is malicious. b3 The malicious code may introduce a virus or other computer bug, or it may permit unauthorized access by an outside user. Indeed, trojan horses are he most common way in which viruses are introduced into computer systems. 4 In general, the horses are placed in software programs, but they may also be placed in hardware, as was done in Sweden in the early 1980s Distributed Denial of service Distributed Denial of Service(DDOS)attacks overwhelm websites and stop them from communicating with other computers. To carry out a ddos attack, a hacker obtains unauthorized access to a computer system, and place software code on it that renders that system a"master. The hacker also breaks into other networks to place code that turns those systems into agents(known as zombies"or"slaves"). Each Master can control multiple agents. In both cases, the network owners become third-party victims, for they are unaware that dangerous tools have been placed and reside on their systems. The Masters are activated either remotely or by internal programming(such as a command to begin an attack at a prescribed time) and are used to send information to the agents.After receiving this information, the agents make repeated requests to connect with the attack's ultimate target, typically using a fictitious or"spoofed "IP (Internet Protocol)address, so that the recipient of the request cannot learn its true source. Acting in unison, the agents generate a high volume of traffic from several sources. This type of attack is referred to as a sYn flood(SYn is the initial effort by the sending computer to make a connection with the destination computer). due to the volume ofSYN Denning, supra note 56, at 286 ld at 288 PARKER, supra note 19, at 90
Criminal Law in Cyberspace Page 25 63Denning, supra note 56, at 286. 64Id., at 288. 65PARKER, supra note 19, at 90. A trojan horse, by contrast, is a computer program that performs some apparently useful function that also contains hidden code that is malicious.63 The malicious code may introduce a virus or other computer bug, or it may permit unauthorized access by an outside user. Indeed, trojan horses are the most common way in which viruses are introduced into computer systems.64 In general, the horses are placed in software programs, but they may also be placed in hardware, as was done in Sweden in the early 1980s.65 4. Distributed Denial of Service Distributed Denial of Service (DDOS) attacks overwhelm websites and stop them from communicating with other computers. To carry out a DDOS attack, a hacker obtains unauthorized access to a computer system, and place software code on it that renders that system a "master.” The hacker also breaks into other networks to place code that turns those systems into agents (known as "zombies" or "slaves"). Each Master can control multiple agents. In both cases, the network owners become third-party victims, for they are unaware that dangerous tools have been placed and reside on their systems. The Masters are activated either remotely or by internal programming (such as a command to begin an attack at a prescribed time) and are used to send information to the agents. After receiving this information, the agents make repeated requests to connect with the attack’s ultimate target, typically using a fictitious or "spoofed" IP (Internet Protocol) address, so that the recipient of the request cannot learn its true source. Acting in unison, the agents generate a high volume of traffic from several sources. This type of attack is referred to as a SYN flood (SYN is the initial effort by the sending computer to make a connection with the destination computer). Due to the volume of SYN
Criminal Law in Cyberspace Page 26 quests the destination computer becomes overwhelmed in its efforts to acknowledge and complete transactions with each sending computer. As a result, it loses all or most of its ability to serve legitimate customers-thus the term Distributed Denial of Service 66 In February of this year, a 15 year-old Canadian youth known as"MafiaBoy allegedly used a DDOS attack to shut down popular Internet sites such as Y ahool, Amazon. com, Buy. com, ETrade Cnn.Com and others The youth used three computers to flood the target sites including a computer at the University of California. Mafia Boy's attack revealed to many consumers the vulnerability of Internet business, thus contributing to a 258 44-point slide in the Dow Jones and ending a string of record-high closes on the NaSdaQ Composite Index. It is typically very difficult to track DdOS hackers because the flood of illegitimate requests comes from remote computers, not the hacker's own computer. Indeed, Mafia Boy set up" dummy websites to make the original source of the requests even more difficult to trace. FBI agents only learned of Mafia Boy through his bragging in Internet chat rooms about shutting down the worlds leading Internet sites; had he remained silent, he may never have been caught. C. Theft of Identity Identity theft occurs when one's identity is wrongfully appropriated by another. Some forms of identity theft via computer are familiar. Joe may pose as Frank on Buy. com, and use Frank's credit card to purchase a stereo, or Frank may pose as Joe and send hurtful emails to Joe's girlfriend to dissolve Joe's relationship. These situations are computer versions of familiar crimes(credit card theft and forged letters), cyberspace simply makes them easier to commit. Vatis, supra note 26
Criminal Law in Cyberspace Page 26 66Vatis, supra note 26. requests the destination computer becomes overwhelmed in its efforts to acknowledge and complete transactions with each sending computer. As a result, it loses all or most of its ability to serve legitimate customers–thus the term Distributed Denial of Service.66 In February of this year, a 15 year-old Canadian youth known as “MafiaBoy” allegedly used a DDOS attack to shut down popular Internet sites such as Yahoo!, Amazon.com, Buy.com, ETrade, CNN.com and others. The youth used three computers to flood the target sites, including a computer at the University of California. MafiaBoy’s attack revealed to many consumers the vulnerability of Internet business, thus contributing to a 258.44-point slide in the Dow Jones and ending a string of record-high closes on the NASDAQ Composite Index. It is typically very difficult to track DDOS hackers because the flood of illegitimate requests comes from remote computers, not the hacker’s own computer. Indeed, MafiaBoy set up “dummy” websites to make the original source of the requests even more difficult to trace. FBI agents only learned of MafiaBoy through his bragging in Internet chat rooms about shutting down the world’s leading Internet sites; had he remained silent, he may never have been caught. C. Theft of Identity Identity theft occurs when one’s identity is wrongfully appropriated by another. Some forms of identity theft via computer are familiar. Joe may pose as Frank on Buy.com, and use Frank’s credit card to purchase a stereo, or Frank may pose as Joe and send hurtful emails to Joe’s girlfriend to dissolve Joe’s relationship. These situations are computer versions of familiar crimes (credit card theft and forged letters); cyberspace simply makes them easier to commit
Criminal Law in Cyberspace Other types of identity theft via computer, such as cross-site scripting, Internet protocol spoofing, and page-jacking, do not have clear realspace analogues. Cross-site scripting occurs when code is placed into a website to force it to send out information against the will of its owners. With Internet protocol spoofing, a perpetrator, using software, impersonates a computer trusted by the victim. As a result, the attacker computer-believed by the victim computer to be a different, friendly computer-achieves entry into sensitive areas or even control of the victim computer by operating privileged protocols 67 Page-jacking occurs when a link, logo or other Internet address Is reprogrammed to bring a customer not to the intended site, but to some other one. For example, when I click on the Buy. com"logo when I visit the Cnn website, and it brings me not to Buy. com but rather to an Internet gambling website, the page has been jacked Carrying out a Traditional offense Computers can be used to carry out virtually any offense in realspace, from carrying threats to furthering organized crime to the manipulation of stocks. Here, I will focus on four exemplars of criminal activity in this category: pornography, copyright piracy, cyberstalking, and the illegal sale of firearms. Each reveals the advantages, from the criminals perspective, of cybercrime-widespread quick distribution and minimizing costs Child pornograph 67Cross, supra note 63"An increasing number of illegal drug traffickers. , are also using the Internet. With portable computers and online connections, illegal drug traffickers can transmit text, audio, and video; track shipments; and engage in financial transactions virtually anywhere in the world. In short, .. drug traffickers are turning to innovative technologies to conduct their businesses, disguise their activities, and avoid law enforcement scrutiny. " DOJ Report, supra note 5, at D2
Criminal Law in Cyberspace Page 27 67Cross, supra note 55. 68 “An increasing number of illegal drug traffickers . . . are also using the Internet. With portable computers and online connections, illegal drug traffickers can transmit text, audio, and video; track shipments; and engage in financial transactions virtually anywhere in the world. In short, . . .drug traffickers are turning to innovative technologies to conduct their businesses, disguise their activities, and avoid law enforcement scrutiny.” DOJ Report, supra note 5, at D2. Other types of identity theft via computer, such as cross-site scripting, Internet protocol spoofing, and page-jacking, do not have clear realspace analogues. Cross-site scripting occurs when code is placed into a website to force it to send out information against the will of its owners. With Internet protocol spoofing, a perpetrator, using software, impersonates a computer trusted by the victim. As a result, the attacker computer–believed by the victim computer to be a different, friendly computer–achieves entry into sensitive areas or even control of the victim computer by operating privileged protocols.67 Page-jacking occurs when a link, logo or other Internet address is reprogrammed to bring a customer not to the intended site, but to some other one. For example, when I click on the “Buy.com” logo when I visit the CNN website, and it brings me not to Buy.com but rather to an Internet gambling website, the page has been jacked. D. Carrying out a Traditional Offense Computers can be used to carry out virtually any offense in realspace, from carrying threats to furthering organized crime to the manipulation of stocks.68 Here, I will focus on four exemplars of criminal activity in this category: pornography, copyright piracy, cyberstalking, and the illegal sale of firearms. Each reveals the advantages, from the criminals’ perspective, of cybercrime–widespread, quick distribution and minimizing costs. 1. Child Pornography
Criminal Law in Cyberspace Page 28 Whereas a piece of child pornography might have only reached a few thousand people who bought a magazine, with the Internet it can reach millions very quickly 69 The child pornographer in realspace is constrained by all kinds of production costs(film, printing, distribution) but thes constraints do not pose the same difficulty to the pornographer in cyberspace. Ease of distribution is a standard feature of cybercrime. Even financial crimes, such as stock market manipulation, take dvantage of this feature. For example, someone holding XYZ stock will announce on message boards he likelihood of a hostile takeover of XYZ, thousands will read the message and purchase XYZ, and the person who posted the messages will then quickly sell the stock at a high profit. o Child pornography also underscores the international aspect of cyberspace, which permits transactions to occur when the buyer and seller are thousands of miles apart. Criminal activity is thus multi-jurisdictional, making law enforcement tougher. For example, in 1997 a major computer child orography ring operating in 21 countries was uncovered. To bring law enforcement to bear on the ring required an unprecedented level of cooperation between the police and investigators in many different countries. While the operation was successful, that may not always be so. Child pornographers may seek haven in countries that have no laws against child pornography, or no laws against the extraterritorial distribution of such material. If so the U.s. government will have an 69LESSIG, supra note 4, at 170; Niva Elkin-Koren Eli M. Salzberger, Law and Economics in Cyberspace, 19 INTL REV.LAW&BCON.553,556(1999) For example, in April 1999, an e-mail posted on a Yahoo message board under the subject line"Buyout News" said that Pair Gain, a California company, was being taken over by an Israeli company. The e-mail also provided a link to what appeared to be a website of Bloomberg News Service, which in turn contained a lengthy story on the purported takeover. As the news spread, the companys stock increased by more than 30 percent, and the trading site. When the hoax was uncovered, the stock plummeted. DOJ REPORT, supra note 5, at ot actually Bloomberg's volume grew to nearly seven times its norm. Yet the story was false, and the website was 7The operation simultaneously executed search warrants in 17 countries. DOJ REPORT, supra note 5, at CI
Criminal Law in Cyberspace Page 28 69LESSIG, supra note 4, at 170; Niva Elkin-Koren & Eli M. Salzberger, Law and Economics in Cyberspace, 19 INTL REV. LAW & ECON. 553, 556 (1999). 70For example, in April 1999, an e-mail posted on a Yahoo message board under the subject line "Buyout News" said that PairGain, a California company, was being taken over by an Israeli company. The e-mail also provided a link to what appeared to be a website of Bloomberg News Service, which in turn contained a lengthy story on the purported takeover. As the news spread, the company’s stock increased by more than 30 percent, and the trading volume grew to nearly seven times its norm. Yet the story was false, and the website was not actually Bloomberg’s site. When the hoax was uncovered, the stock plummeted. DOJ REPORT, supra note 5, at 1. 71The operation simultaneously executed search warrants in 17 countries. DOJ REPORT, supra note 5, at C1. Whereas a piece of child pornography might have only reached a few thousand people who bought a magazine, with the Internet it can reach millions very quickly.69 The child pornographer in realspace is constrained by all kinds of production costs (film, printing, distribution) but these constraints do not pose the same difficulty to the pornographer in cyberspace. Ease of distribution is a standard feature of cybercrime. Even financial crimes, such as stock market manipulation, take advantage of this feature. For example, someone holding XYZ stock will announce on message boards the likelihood of a hostile takeover of XYZ, thousands will read the message and purchase XYZ, and the person who posted the messages will then quickly sell the stock at a high profit.70 Child pornography also underscores the international aspect of cyberspace, which permits transactions to occur when the buyer and seller are thousands of miles apart. Criminal activity is thus multi-jurisdictional, making law enforcement tougher. For example, in 1997 a major computer child pornography ring operating in 21 countries was uncovered. To bring law enforcement to bear on the ring required an unprecedented level of cooperation between the police and investigators in many different countries.71 While the operation was successful, that may not always be so. Child pornographers may seek haven in countries that have no laws against child pornography, or no laws against the extraterritorial distribution of such material. If so, the U.S. Government will have an
Criminal Law in Cyberspace increasingly difficult time trying to gain jurisdiction over such defendants, who need not even physically enter American soil to distribute materials here Through computers, the way in which child pornography is produced may be altered as well Obviating the need to find live children, producers may use their computers to draw such images from scratch, or may digitally alter photographs of clothed children so that they appear nude. The question whether the law should still extend to depictions that do not involve live children forces us to confront its very purpose: whether the law exists solely to protect minors, or, among other things, to prevent related molestation or because child pornography is immoral. 72 The example of child pornography also sheds light on some of the intermediate parties that exist in cyberspace. In particular, an ISP may be used to transfer child pornography from one person to another, particularly when the Internet is used to create mass distribution postings. For this reason, criminal law may usefully enlist ISPs to aid in its enforcement. Indeed, federal law currently requires ISPs that become aware of an apparent violation of any federal child exploitation statute to report the iolation. In addition, law enforcement is currently permitted to subpoena an isP to provide subscriber information to obtain the identity of a child pornographer who lurks behind the veneer of anonymIty The Net, however, can make it easier to be an informant. In realspace, those with information about potential crimes are often afraid to give that information to the police. Retaliation may ensue against ones family, health, or property. Cyberspace can make such retaliation impossible not even 12 Federal law currently forbids the distribution and possession of child pornography, and the prohibition specifically includes computers. 18 U.S.C.$ 2251 et seq. Even if the image is not one of an actual naked child, but rather a computer morphed or manipulated image, it violates federal law. 18 U.S.C.$ 2256(5)and( 8) 7See 42 U.S. C8 13032; see also 28 CFR$81.1 et seq
Criminal Law in Cyberspace Page 29 72 Federal law currently forbids the distribution and possession of child pornography, and the prohibition specifically includes computers. 18 U.S.C. § 2251 et seq. Even if the image is not one of an actual naked child, but rather a computer morphed or manipulated image, it violates federal law. 18 U.S.C. § 2256(5) and (8). 73See 42 U.S.C. § 13032; see also 28 C.F.R. § 81.1 et seq. increasingly difficult time trying to gain jurisdiction over such defendants, who need not even physically enter American soil to distribute materials here. Through computers, the way in which child pornography is produced may be altered as well. Obviating the need to find live children, producers may use their computers to draw such images from scratch, or may digitally alter photographs of clothed children so that they appear nude. The question whether the law should still extend to depictions that do not involve live children forces us to confront its very purpose: whether the law exists solely to protect minors, or, among other things, to prevent related molestation or because child pornography is immoral.72 The example of child pornography also sheds light on some of the intermediate parties that exist in cyberspace. In particular, an ISP may be used to transfer child pornography from one person to another, particularly when the Internet is used to create mass distribution postings. For this reason, criminal law may usefully enlist ISPs to aid in its enforcement. Indeed, federal law currently requires ISPs that become aware of an apparent violation of any federal child exploitation statute to report the violation.73 In addition, law enforcement is currently permitted to subpoena an ISP to provide subscriber information to obtain the identity of a child pornographer who lurks behind the veneer of anonymity. The Net, however, can make it easier to be an informant. In realspace, those with information about potential crimes are often afraid to give that information to the police. Retaliation may ensue against one’s family, health, or property. Cyberspace can make such retaliation impossible; not even