The document provides an overview of cybercrime challenges in the United States. It discusses the history of cybercrime dating back to the 1960s and outlines some key statistics on cybercrime complaints and losses. It also summarizes the profiles of typical cybercriminals and describes some common cybercrimes that concern the US government and businesses, such as corporate espionage, insider threats, email extraction, and hacking. Finally, it outlines efforts by the US federal and state governments to combat cybercrime through executive action, legislation, and law enforcement agencies.

1. www.eLLblog.com
info@eLLblog.com
Where law, technology, and human error collide
Fernando M. Pinguelo, Esq.
Norris McLaughlin & Marcus, P.A.
New York | New Jersey | Pennsylvania
fmp@nmmlaw.com
Virtual Crimes – Real Damages
Challenges Posed By Electronic
Crimes In The United States

2. www.eLLblog.com
info@eLLblog.com
Email Questions
info@eLLblog.com

3. www.eLLblog.com
info@eLLblog.com
Tweet me
@ellblog_dot_com

4. www.eLLblog.com
info@eLLblog.com
“Cybercrime”
Criminal activity conducted through
the Internet

5. www.eLLblog.com
info@eLLblog.com
A brief history
 1967 “number-cropping operation” by a
New York bank employee.
 1970s rare and isolated:
 MIT student used university computer to
generate tones needed to access phone service.
 John Draper discovers whistle in Cap'n Crunch
cereal boxes and reproduces a 2600Hz tone.

6. www.eLLblog.com
info@eLLblog.com
A brief history
 1980s computer crimes grow:
 Ian “Captain Zap” Murphy - first felon convicted of
computer crime. Murphy hacked AT&T’s
computers and changed billing clock so as to
provide discounted rates during business hours.
 U.S. Comprehensive Crime Control Act gives
Secret Service jurisdiction over computer fraud.
 War Games introduces public to the phenomenon
of hacking (i.e., war-dialing).

7. www.eLLblog.com
info@eLLblog.com
A brief history
 After break-ins into gov’t and corporate
computers, Congress passes Computer Fraud
and Abuse Act, making it a crime. The law does
not cover juveniles.
 Computer Emergency Response Team (CERT)
created.
 First large-scale computer extortion case is
investigated (under the pretence of a quiz on
the AIDS virus, users download program which
threatens to destroy all their computer data
unless they pay $500 into a foreign account).

8. www.eLLblog.com
info@eLLblog.com
A brief history
 1990s
 16-year-old student (“Data Stream”) arrested by UK
police for penetrating computers at the Korean
Atomic Research Institute, NASA and several U.S.
government agencies.
 CIA Director John Deutsh testifies foreign organized
crime groups behind hacker attacks against U.S.
private sector.
 U.S. Communications Decency Act makes it illegal to
transmit indecent/obscene material over Internet.

9. www.eLLblog.com
info@eLLblog.com
A brief history
 2000s:
 Hackers break into Microsoft's corporate network and
access source code for the latest versions of
Windows and Office software.
 Cyberattacks have grown more frequent and
destructive in recent years.
 TODAY (Literally): September 27, 2010
 “U.S. Wants to Make It Easier to Wiretap Internet”
Federal law enforcement and national security officials are
preparing to seek sweeping new regulations for the Internet.

10. www.eLLblog.com
info@eLLblog.com
Traditional Investigations
• Fingerprints
• Blood
• Fibers
• DNA
• Soil, fluids, debris
• Etc.
Digital Investigations
• Emails
• Documents, spreadsheets, data
bases, images, etc.
• File attributes (i.e., metadata)
• Internet activity
• File transfer and copying
• More…
Forensics

11. www.eLLblog.com
info@eLLblog.com
Electronically Stored Information - EVERYWHERE
•Laptops/Desktops
•Servers
•Phone Systems (VoIP)
•Printers & Copiers
•PDA’s/Cell phones
•CDs/DVDs
•USB Thumb Drive

12. www.eLLblog.com
info@eLLblog.com
The Corporate Enterprise Network

13. www.eLLblog.com
info@eLLblog.com
Statistics
INTERNET CRIME COMPLAINT CENTER 2009
 Received 336,655 complaints
 22.3% increase from 2008
 Total dollar loss: $559.7M USD
 In 2008 amount was $264.6M USD
 Companies pay $3.8M USD annually

14. www.eLLblog.com
info@eLLblog.com
Statistics
 Most Popular Cybercrime Targets
 Financial sector
 Hospitality industry

15. www.eLLblog.com
info@eLLblog.com
Statistics
 Most Common Complaints
 FBI Scam
 Non-Delivery Merchandise Payment
 Advance Fee Fraud
 Identity Theft
 Overpayment Fraud
 Miscellaneous Scam & Fraud
 Credit Card Fraud
 Auction

16. www.eLLblog.com
info@eLLblog.com
Cybercriminal Profile
American consumers & businesses?

17. www.eLLblog.com
info@eLLblog.com
Cybercriminal Profile
Male from the
United States

18. www.eLLblog.com
info@eLLblog.com
Data Security Risk
Type of Data
Credit Card #
Social Security #
“Secret Sauce”
Personal Information X
D.O.B. X
Drivers License X
Customer Information

19. www.eLLblog.com
info@eLLblog.com
Case Examples
.
.

20. www.eLLblog.com
info@eLLblog.com
Cybercrimes causing concern
U.S. government and businesses:
1. Corporate or Foreign Espionage
2. Malicious Insiders
3. E-mail Extraction Programs & Spamming
4. Hacking

21. www.eLLblog.com
info@eLLblog.com
Cyber Insurance Protection
Protection for Internet and network exposures
1. Liability: privacy and confidentiality
2. Copyright, trademark, defamation
3. Malicious code and viruses
4. Business interruption: network outages,
computer failures
5. Attacks, unauthorized access, theft, website
defacement and cyber extortion
6. Technology errors & omissions
7. Intellectual property infringement
Marsh: http://global.marsh.com/risk/ecommerce/
Chubb: http://www.chubb.com/businesses/csi/chubb822.html

22. www.eLLblog.com
info@eLLblog.com
Corporate or Foreign Espionage
Regardless of how large a cyber defense
budget is, it is difficult to protect from
covert activity of cyber spies

23. www.eLLblog.com
info@eLLblog.com
Malicious Insiders
Proactive:
 Watch historical patterns, which may help
catch employee who, for example, regularly
accessed sensitive corporate information
when others within the company did not
 Train employees so as to raise staff
awareness about insider threats
 Implement effective security policies

24. www.eLLblog.com
info@eLLblog.com
Email Extraction & Spamming
Sending email to thousands of people in
effort to sell a product or for data
collection purposes.
According to the U.S. Attorney’s Office,
nearly every college and university in the
U.S. was impacted by this scheme. Schools
spent significant funds to repair damage
and implement preventive measures.

25. www.eLLblog.com
info@eLLblog.com
Hacking
Hackers break into government or
business networks for profit, for the pure
thrill, or for bragging rights.
While off-site hacking once required
expertise in computer programming,
hackers can now retrieve attack scripts
and protocols from the Internet and use
them against victim websites.

26. www.eLLblog.com
info@eLLblog.com
Hacking
Some of our U.S.’s most popular
websites are vulnerable to hacking.
September 21, 2010 Twitter ravaged
with posts that took advantage of a
programming weakness to play pranks,
distribute pornography, and spread
worms to victim-users.

27. www.eLLblog.com
info@eLLblog.com
Hacking
One of the victims was the wife of the
former British Prime Minister Gordon
Brown as a link on her Twitter page sent
visitors to a hard-core porn site.

28. www.eLLblog.com
info@eLLblog.com
GoDaddy sites Hacked: myblindstudioinfoonline.com and
Hilary Kneber
Posted on September 17, 2010

29. www.eLLblog.com
info@eLLblog.com
U.S. Federal & State Action to
Combat Cybercrime
What are federal & state governments doing
to protect the U.S. from cyber attacks?
 Federal: Executive, Legislative & Judicial
Action
 State: Most proactive states - VA & FL

30. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch

31. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
Executive Action
January 2008
President Bush issues Presidential
Directive establishing the
Comprehensive National Cybersecurity
Initiative (CNCI)

32. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
 CNCI directive established twelve cyber defense
projects, identifying lead agencies for each.
 Department of Homeland Security (DHS) becomes lead
agency to protect U.S. computer-reliant critical
infrastructure.
 Report reveals deficiencies in key responsibilities since
2005:
 Cyber analysis and warning capabilities, cybersecurity
infrastructure, recovery from internet disruption, secure
internal information systems, organizational inefficiencies.

33. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
President Obama
 February 2009 - Orders review of cybersecurity
plans and programs throughout federal
government (May 2009 report &
recommendations)
 April 2009 - Creates high-level Federal CIO
 Coordinate efforts to combat hackers and
cybercriminals
 June 2010 - Proposes National Cyber Identity law
 September 2010 - Seeks sweeping new regulations
for the Internet

34. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
2009 Report
 Significant weakness and
vulnerability in security controls
 23 of the 24 major federal agencies
report problems
 Problems include reauthentication of
users, encryption, monitor for
security-related events

35. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
Projects include
 Trusted Internet Connections
 Einstein 2, Einstein 3
 Research & Development Efforts
 Cyber Counterintelligence Plan
 Security of Classified Networks
 Expand Education
 Leap-Ahead Technology
 Deterrence Strategies and Programs
 Global Supply Chain Risk Management, and
 Public/Private Partnerships

36. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
 Despite these efforts, executive branch fell victim to
successful cyber attack in July 2009, when
coordinated assault over several days targeted
websites of several government agencies, causing
major disruptions.
 Much work still to be undertaken, but proactive
measures are being employed and progress
continues to be made.
 Recent attacks led to proposed legislation to
empower President to disconnect any federal or U.S.
critical infrastructure info system or network for
national security.

37. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Agencies with Cyber Crime Efforts
 Department of Justice and FBI lead
the effort to investigate and prosecute
 Secret Service
 Immigration & Customs Enforcement
Agency
 Postal Inspection Service
 Bureau of Alcohol Tobacco &
Firearms

38. www.eLLblog.com
info@eLLblog.com
FBI Mission on Cyber Crime
o The FBI's cyber mission is four-fold:
o Stop those behind the most serious computer
intrusions and the spread of malicious code.
o Identify & thwart online sexual predators who
exploit children & circulate child pornography.
o Counteract operations that target U.S.
intellectual property, endangering national
security and competitiveness.
o Dismantle national and transnational organized
criminal enterprises engaging in Internet fraud.

39. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
 February 2010 House of Representatives passed
(pending) the Cybersecurity Enhancement Act of 2010.
 Assist federal government efforts in developing skilled
personnel for its cybersecurity team
 Organize and prioritize various aspects of government’s
cybersecurity research and development
 Improve the shifting of cybersecurity technologies to the
marketplace, and
 Strengthen role of the National Institute of Standards &
Technology in developing and implementing cybersecurity
public awareness and education programs to promote best
practices.

40. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
 The Senate’s cybersecurity proposed legislation
(March 2010): Cybersecurity Act of 2009
 Authorize grants to enhance cybersecurity
through research and workforce development
 Impose intergovernmental and private sector
mandates on owner/operator of info systems
designated by president as U.S.-critical
infrastructure
 i.e., financial networks, electric providers, petro
industry
 U.S.-critical infrastructure “threat alerts”
 Expands DHS authority

41. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
 The Senate’s cybersecurity proposed legislation
(March 2010): Cybersecurity Act of 2009
 Problems:
 Industry opposition
 Upcoming election makes it unlikely that
comprehensive reform will pass this year
 Cost approximately $1.4 billion from 2011 to
2015

42. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Efforts
Computer Fraud and Abuse Act (CFAA):
Fraud and related activity in connection with computers
Internet Fraud:
Unfair or deceptive acts or practices; false advertising
Mail, wire, and bank fraud
Internet Sale of Alcohol or Firearms:
Firearms, Liquor traffic, and Shipments into states for
possession or sale
Online Child Pornography, Child Luring, and
Related Activities:
Sexual exploitation and other abuse of children; Transportation
for illegal sexual activity
CAN-SPAM Act 2003:
Delineates between unlawful spam and legal commercial email;
preempts states

43. www.eLLblog.com
info@eLLblog.com
Software Piracy and Intellectual Property
Theft:
Criminal copyright infringement
Frauds and swindles
Protection of trade secrets
Internet Sale of Prescription Drugs and Controlled Substances :
Unfair or deceptive acts or practices; false advertising
Smuggling goods into the United States
Mail, wire, and bank fraud
Federal Food, Drug, and Cosmetic Act
Drug Abuse Prevention and Control
Commonly Applied Federal
Laws

44. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Existing Legislative Efforts
•SOX - Sarbanes Oxley Act
•HIPAA – Health Insurance Portability &
Accountability Act
•FACTA - Fair and Accurate Credit
Transaction Act of 2003
•GLB – Gramm-Leach-Bliley Act
•FCRA – Fair Credit Reporting Act
•RFR - “Red Flags Rule”
•FRCP – Amended Federal Rules of Civil
Procedure “eDiscovery”
•Related Industry Regulations

45. www.eLLblog.com
info@eLLblog.com
State Government –
Legislative Efforts
 Play key role in security
 Suffer from problems experienced
by federal and private sectors
 Budget crisis
 Delicate balance between security
and constitutional rights
 Faulty & Conflicting laws

46. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Legislative Efforts
Virginia Computer Crimes Act
(“VCCA”)
 Takes a multifaceted approach to
cybersecurity that includes:
 Virginia anti-spam statute
 Virginia Cyber Strike Force works with
the U.S. Attorney’s Office, State Police,
and FBI to fight cybercrime

47. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Legislative Efforts
VCCA criminalizes use of
 computer/computer network
 with intent to falsify/forge electronic mail
transmission info or other routing info
 in any manner in connection with
transmission of spam through or into
computer network of an electronic mail
service provider or its subscribers.

48. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Enforcement Efforts
Virginia Computer Crimes Unit
 Formed July 1999
 Works in cooperation with the U.S.
Attorney’s Office, State Police, and FBI
 Investigates & Prosecutes under VCCA
 Illegal spamming
 Child pornography: production,
distribution & possession
 Online enticement of children
 Identity theft

49. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Enforcement Efforts
VCCA penalties
 Violation of a portion of the statute is a misdemeanor, but it
may be upgraded to a felony if either
 the volume of spam transmitted exceeds a number of
recipients or revenue generated from a specific transmission
of spam exceeds an amount.
 Makes it a misdemeanor to knowingly sell, give, or otherwise
distribute or possess with the intent to sell, give, or distribute
software that
 primarily designed for purpose of facilitating falsification of
transmission info or other routing info of spam;
 has only limited commercially significant purpose or use; or
 is marketed in facilitating or enabling the falsification of the
transmission information or other routing information of spam

50. www.eLLblog.com
info@eLLblog.com
Conclusion
Crime is a problem that is impossible to solve.
Statutes and law enforcement measures have been one
step behind the criminals in the cyber realm.
Nevertheless, our government and the nation’s
businesses must take whatever steps possible to
combat cybercrime.
Tools for deterrence: Awareness & Education
Cybercrime is NOT a technology issue, it’s a
business issue

51. www.eLLblog.com
info@eLLblog.com
Thank You for your attention!
Any
Questions?

52. www.eLLblog.com
info@eLLblog.com
Fernando M. Pinguelo, Esq.
fmp@nmmlaw.com
@ellblog_dot_com
www.eLLblog.com
721 Route 202-206
Bridgewater, NJ 08807-5933
908-252-4128
Contact Information

53. www.eLLblog.com
info@eLLblog.com
You’re Fired!