Chapter 9: Legal, Regulations, Investigations, and Compliance

• The Crux of Computer Crime Laws:
• Also referred to as cyberlaw
• Deals with core issues of unauthorized modification or destruction, disclosure of sensitive information, unauthorized modification or destruction, disclosure of sensitive information, unauthorized access, and the user of malware (malicious software).
• Laws were created to combat three categories of crime:
• Computer-Assisted Crime
• Computer-Targeted Crime
• Computer is incidental
• Computer-assisted crime:
• This is where the computers are used as a tool to help in carrying out a crime.
• Examples:
• Attacking financial systems to carry out theft of funds and/or sensitive information
• Obtaining military and intelligence material by attacking military systems
• Carrying out industrial spying by attacking competitors and gathering confidential business data
• Carrying out information warfare activities by attacking critical national infrastructure systems
• Carrying out hactivism, which is protesting a government or company’s activities by attacking their systems and/or defacing their web sites
• Computer-targeted crime:
• Computer-targeted crimes are where a computer was the victim of an attack that was meant to harm it (and its owners) specifically.
• Example:
• Distributed Denial-of-Service (DDoS) attacks
• Capturing passwords or other sensitive data
• Installing malware with the intent to cause destruction
• Installing rootkits and sniffers for malicious purposes
• Carrying out a buffer overflow to take control of a system 
• Computer-targeted crime:
• A computer is not necessarily the attacher or the attackee, but a computer was involved when the crime was carried out.