Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would be categorized as incidental?

A.
Carrying out a buffer overflow to take control of a system

B.
The electronic distribution of child pornography

C.
Attacking financial systems to steal funds

D.
Capturing passwords as they are sent to the authentication server

Explanation:
B: Laws have been created to combat three categories of crime: computer-assisted, computer-targeted, and computer is incidental. If a crime falls into
the “computer is incidental” category, this means a computer just happened to be involved in some secondary manner, but its involvement is insignificant.
The digital distribution of child pornography is an example of “computer is incidental.” The actual crime is obtaining and sharing child pornography pictures
or graphics. The pictures could be stored on a file server, or they could be kept in a physical file in someone’s desk. So if a crime falls within this category,
the computer is not attacking another computer, and a computer is not being attacked, but the computer is still used in some manner. Thus, the computer
is a source of additional evidence related to the crime.
A is incorrect because carrying out a buffer overflow to take control of a system is an example of a computer-targeted crime. A computer-targeted crime
concerns incidents where a computer was the victim of an attack crafted to harm it (and its owners) specifically. Other examples of computer-targeted
crimes include distributed denial-of-service attacks, installing malware with the intent to cause destruction, and installing rootkits and sniffers for malicious
purposes.
C is incorrect because attacking financial systems to steal funds is an example of a computer-assisted crime. A computer-assisted crime is where a
computer was used as a tool to help carry out a crime. Other examples of computer-assisted crimes include obtaining military and intelligence material by
attacking military systems, and carrying out information warfare activities by attacking critical national infrastructure systems.
D is incorrect because capturing passwords as they are sent to the authentication server is an example of a computer-targeted crime. Some confusion
typically exists between the two categories, “computer-assisted crimes” and “computer-targeted crimes,” because intuitively it would seem any attack
would fall into both of these categories. One way to look at it is that a computer-targeted crime could not take place without a computer, while a computerassisted
crime could. Thus, a computer-targeted crime is one that did not, and could not, exist before computers became of common use. In other words,
in the good old days, you could not carry out a buffer overflow on your neighbor, or install malware on your enemy’s system. These crimes require that
computers be involved.