Computer crimes are on the rise at Ohio University, just ask OU Police Department officer George Anderson. Anderson, who has handled everything from harassing e-mail messages to computer hackers, said crimes in which an outside person breaks into a personal computer or network have increased.

"I had one case where someone opened an e-mail that had an attachment, and the attachment let someone control her computer," he said.

These crimes are affecting more than just the police department.

"It's becoming a really big issue; it's become a significant drain on our resources given that security efforts have become such a priority," said Tom Reid, director of Computer Network Services.

Douglas Lawrence, interim associate provost for information and technology, said as the university plans next year's budget, it will consider increasing funds for network security that include hiring additional staff members to monitor network activity. He said CNS would conduct security. Because computer crimes at OU use financial and personnel resources, OUPD officers are beginning to take a closer look.

Ted Jones, director of the Department of Campus Safety, said if the increase in computer crimes continues, he might have to request additional officers to specialize in computer-related crimes.

Tony Camechis, assistant director of the Department of Campus Safety, said computer crimes are not a statistical crime according to federal regulations, but OUPD might begin keeping local statistics.

Identifying types of crime

Computer crimes are not just limited to college campuses. In fact, last week they even hit the Pentagon.

Computer crimes also are not limited to hacking, which is the unauthorized use of a computer. These crimes include copyright infringement, flooding and denial of service, Reid said.

"Copyright infringement is someone taking a CD and downloading it into their computer," Reid said. "Then they make it available on the Internet for other people to download."

The compact discs most commonly affected include those with music, software, books or magazines, he said.

Reid said while many crimes are isolated incidents, organized groups of people breaking copyright laws exist. Hacking also has made its presence known at OU, he said.

Hackers, such as the ones who broke into the Pentagon computers, will break into a system to steal information and then distribute the software or data, he said.

Hacker activity can be conducted anywhere from off-campus to off the continent.

"That's one of the negative sides of the Internet," Reid said. "Of course the hackers work very hard to hide where they are coming from."

The other two types of computer crimes - denial of service and flooding - involve swamping computer systems so they cannot perform their regular functions.

When perpetrators fail to get into another system, they sometimes can swamp a system's server with information requests, Reid said.

People can flood a system by sending repetitive e-mail messages to a computer until someone shuts down the e-mail service.

"It isn't too hard to figure out where the flooding is coming from, but it is hard to prevent because they just launch it from someplace else," Reid said.

Tracking computer crimes

Computer crime in the area is exploding, Reid said.

"It has quadrupled in the last 18 months," he said. "I think we've got two issues: One is the Internet has become so commonplace; the other is that some hacker techniques have become automated."

Automated hacking allows the hacker to run a program to search for certain criteria in vulnerable systems and break in once it finds a system matching the criteria, Reid said. CNS contacts the OUPD as soon as it is aware of criminal activity involving OU computers.

Camechis said the OUPD has investigated at least 13 computer crimes in the past year.

"We're trying to stay up to date, but many times the perpetrator doesn't live in this jurisdiction and we somewhat depend on assistance from other law-enforcement agencies," Camechis said.

Taking security measures

Computer security is a complex issue and depends on the person in charge of the particular system, said John Tysko, the network administrator for electrical engineering and computer science.

"Security also depends on the network," he said. "The easiest way to break in is to get someone's password."

The biggest concern is juggling user availability and computer security, Tysko said. Reid said security mainly is a detection process.

"Usually, one thing you do is just to watch and see what's going on," Tysko said. "When you see it, you try to correct the problem."

Charlie Harp, director of software development at the First DataBank Inc. Indianapolis office, said many computer administrators use "patches" to update software and protect it from further hacking. Reid said, "There's a constant effort to keep the operating systems more secure, so as hackers figure out vulnerabilities, there's an effort to patch those vulnerabilities.

"Other than monitoring, we are seeking funding to step up our network security by installing systems that can look for patterns of activity that appear to be a hacker," he said.