Lecture 03

Computer Crime and Security (cont..)

By: Dr. Qudsia Jabeen
[email protected]

Hacking, cracking and

computer security
 Hacking
Catching Hackers
… requires law enforcement to recognize and respond to
hacking attacks. Computer forensics is a
branch of Forensic
Computer forensics tools may include: Science pertaining to legal
• Undercover agents (spy, hidden investigator), evidence found in
• Honey pots (sting operations in cyberspace), computer systems and
• Tools for recovering deleted or coded information. digital storage medium.
Computer forensics agencies and services include:
• Computer Emergency Response Team (CERT),
• National Infrastructure Protection Center (NIPC),
• Private companies specializing in recovering deleted files and e-mail,
tracking hackers via Web site and telephone logs, etc..

A Gift of Fire, 2ed

Q: What computer forensics tools or agencies have been in the news
Chapter 7: Computer Crime 2
lately?
COMPUTER FORENSIC Investigation agencies
in Pakistan
• Intelligence Bureau.
• National Database & Registration Authority.
• National Response Center for Cyber Crime.
• Pakistan Air Force.
• Pakistan Navy.
• Ministry of Defense.

A Gift of Fire, 2ed Chapter 7: Computer Crime 3

 Hacking

Questions About Penalties

Intent
• Should hackers who did not intend to do damage or harm be
punished differently than those with criminal intentions?
Age
• Should underage hackers receive a different penalty than adult
hackers?
Damage Done
• Should the penalty correspond to the actual damage done or the
potential for damage?
A Gift of Fire, 2ed Chapter 7: Computer Crime 4
 Hacking
Security
Security weaknesses can be found in the computer
systems used by:
• businesses,
• government (classified and unclassified), and
• personal computers.
Causes of security weakness:
• characteristics of the Internet and Web,
• human nature,
• inherent complexity of computer systems.
A Gift of Fire, 2ed
Q: How secure
Chapter 7: Computer Crime
is your computer at home? At work? 5
 Hacking
Security can be improved by:
• Ongoing education and training to recognize the
risks.
• Better system design.
• Use of security tools and systems.
• Challenging “others” to find flaws in systems.
• Writing and enforcing laws.

A Gift of Fire, 2ed Chapter 7: Computer Crime 6

 Online Scams
Auctions
Selling and buying goods online has become popular.
Problems:
• sellers don’t send the goods,
• sellers send inferior goods,
• price high and
• illegal goods sold.
Solutions:
• educate customers,
• read seller “reviews,”
A Gift of•Fire,
use 2ed third-party. Chapter 7: Computer Crime 7
Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery

Some Causes of Fraud

Credit-Card
• Stolen receipts, mailed notices, and cards.
• Interception of online transaction or weak e-commerce security.
• Careless handling by card-owner.
ATM A cloned cell phone is one that has been
• Stolen account numbers and PINs. reprogrammed to transmit the ESN and MIN
• Insider knowledge. belonging to another cell phone. Scammers
can steal ESN/MIN combinations by illegally
monitoring the radio wave transmissions
Telecommunications from the cell phones of legitimate
• Stolen long-distance PINs. subscribers.
• Cloned phones.
A Gift of Fire, 2ed Q: WhatChapter
is the 7:legal definition
Computer Crime of fraud? Embezzlement? Sabotage? Theft?
8
Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery

Some Defenses Against Fraud

Credit-Card
• Instant credit-card check.
• Analysis of buying patterns.
• Analysis of credit card applications (to detect identity theft).
• Verify user with Caller ID.
ATM
• Redesigned ATMs.
• Limited withdrawal.

A Gift of Fire, 2ed

Q: Identify a business’ defense against fraud that you have witnessed.
Chapter 7: Computer Crime 9
Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery

Embezzlement and Sabotage Embezzlement takes place when a

person uses funds for a different
Some Causes purpose than they were intended to be
used. Embezzlers might create bills
• Insider information. and receipts for activities that did not
• Poor security. occur and then use the money paid for
• Complex financial transactions. personal expenses.
• Anonymity of computer users. With regard to
computers, sabotage is
Some Defenses the deliberate damage
• Rotate employee responsibility. to equipment. Infecting
a website with malware
• Require use of employee ID and password . is an example of
• Implement audit trails. information sabotage.
• Careful screening and background checks of employees.
A Gift of Fire, 2ed Chapter 7: Computer Crime 10
Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery
Identity Theft
Identity (ID) theft
Some Causes of Identity Theft happens when someone
• Insecure and inappropriate use of Social Security numbers. steals your personal
• Careless handling of personally identifiable information. information to commit
• Weak security of stored records. fraud.
• Insufficient assistance to identity theft victims.
Some Defenses for Identity Theft
• Limit use of personally identifiable information.
• Increase security of information stored by businesses and government agencies.
• Improve methods to accurately identify a person.
• Educate consumers.

A Gift of Fire, 2ed

Q: What measures do you take to reduce the risk of theft of your
Chapter 7: Computer Crime 11
identity?
Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery

Forgery involves the making,

Forgery altering, use, or possession of
a false writing in order to
Some Causes commit a fraud. It can occur in
• Powerful computers and digital manipulation software. many forms, from signing
• High-quality printers, copiers, and scanners. another person's name on a
check.
Some Defenses
• Educate consumers and employees.
• Use anti-counterfeiting techniques during production.
• Create legal and procedural incentives to improve security.

A Gift of Fire, 2ed QChapter

: How7: would
Computeryou educate your peers about the risks of digital forgery?
Crime 12 A
parent? A child?
 Hacking
 Hacking is the gaining of unauthorized access to data in a
system or computer.

 Electronic Breaking and Entering

 Hacking into a computer system and reading files, but
neither stealing nor damaging anything
 Cracker
 Cracking is when someone performs a security hack for
criminal or malicious reasons, and the person is called a
“cracker.” Just like a bank robber cracks a safe by
skillfully manipulating its lock, a cracker breaks into a
computer system, program
Cyber Theft
 Many computer crimes involve the theft of
money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have
been targets or victims of cybercrime
 Unauthorized Use at Work
 Unauthorized use of computer systems and
networks is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company
networks
 Sniffers
 Used to monitor network traffic or capacity
 Find evidence of improper use

A sniffer is a software or hardware tool that allows the user to “sniff” or monitor your
internet traffic in real time, capturing all the data flowing to and from your computer.
Internet Abuses in the Workplace
 General email abuses
 Unauthorized usage and access
 Copyright infringement (is the use of works
protected by copyright law without permission for a
usage)
 Transmission of confidential data
 Hacking
 Non-work-related download/upload
 Leisure use of the Internet
 Moonlighting (refers to the practice of working a
second job outside normal business hours).
Software Piracy
 Software Piracy
 Unauthorized copying of computer programs
 Licensing
 Purchasing software is really a payment
for a license for fair use
 Site license allows a certain number of copies

A third of the software

industry’s revenues are
lost to piracy
Theft of Intellectual Property
 Intellectual Property
 Copyrighted material
 Includes such things as music, videos,
images, articles, books, and software
 Copyright Infringement is Illegal
 Peer-to-peer networking techniques have
made it easy to trade pirated intellectual
property
 Publishers Offer Inexpensive Online Music
 Illegal downloading of music and video is
down and continues to drop
Adware and Spyware
 Adware or advertising supported software, is
software that displays unwanted advertisements
on your computer
 Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
 Spyware
 Adware that uses an Internet connection in
the background, without the user’s permission
or knowledge
 Captures information about the user and
sends it over the Internet
Privacy Issues
 The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
 Personal information is collected with every
visit to a Web site
 Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
Privacy Issues
 Violation of Privacy
 Accessing individuals’ private email conversations and
computer records
 Collecting and sharing information about individuals gained
from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is
 Mobile and paging services are becoming more closely
associated with people than with places
 Computer Matching
 Using customer information gained from many sources to
market additional business services
 Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
Protecting Your Privacy on the Internet

 There are multiple ways to protect your privacy

 Encrypt email
 Ask your ISP (Internet service providers) not
to sell your name and information to mailing
list providers and other marketers
 Don’t reveal personal data and interests on
online service and website user profiles
Privacy Laws
 Electronic Communications Privacy Act and Computer
Fraud and Abuse Act
 Prohibit stealing or destroying data, or trespassing in
federal-related computer systems
 Other laws impacting privacy and how much a company
spends on compliance
 Sarbanes-Oxley
 Health Insurance Portability and Accountability Act
(HIPAA)
 Securities and Exchange Commission rule
 Cyberlaw- Law of Internet
 Laws intended to regulate activities over the Internet or
via electronic communication devices
 Encompasses a wide variety of legal and political
issues
 Includes intellectual property, privacy, freedom of
expression, and jurisdiction
 Cyberlaw only began to emerge in 1996
 Debate continues regarding the applicability of legal
principles derived from issues.
 Other Challenges
 Employment
 IT creates new jobs and increases productivity
 It can also cause significant reductions in job
opportunities, as well as requiring new job skills
 Computer Monitoring
 Using computers to monitor the productivity and
behavior of employees as they work
 Criticized as unethical because it monitors
individuals, not just work, and is done constantly
 Criticized as invasion of privacy because many
employees do not know they are being
monitored
 Working Conditions
 IT has eliminated repetitive tasks
 However, some skilled craftsperson jobs have
been replaced

Individuality
 Dehumanizes and depersonalizes activities
because computers eliminate human
relationships (use of robots)
Health Issues
 Cumulative Trauma Disorders (CTDs)
 Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
 Carpal Tunnel Syndrome
 Painful, crippling ailment of the hand
and wrist
 Typically requires surgery to cure
 Ergonomics Ergonomics Factors
 Designing healthy work
environments
 Safe, comfortable,
and pleasant for
people to work in
 Increases employee
morale and
productivity
 Also called human
factors engineering
Societal Solutions
 Using information technologies to solve human
and social problems
 Medical diagnosis
 Computer-assisted instruction
 Governmental program planning
 Job placement
 The detrimental effects of IT
 Often caused by individuals or organizations
not accepting ethical responsibility for their
actions
Security Management of IT
 Business managers and professionals
are responsible for the security, quality, and
performance of business information systems
 Hardware, software, networks, and data
resources must be protected by a variety
of security measures
Security Management
 The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
Internetworked Security Defenses
 Email Monitoring
 Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
 Virus Defenses
 Centralize the updating and distribution of
antivirus software
 Use a security suite that integrates virus
protection with firewalls, Web security,
and content blocking features
Other Security Measures
 Security Codes
 Multilevel password system
 Encrypted passwords
 Smart cards with microprocessors
 Backup Files
 Duplicate files of data or programs
 Security Monitors
 Monitor the use of computers and networks
 Protects them from unauthorized use, fraud,
and destruction
 Biometrics
 Computer devices measure physical traits that make each
individual unique
 Voice recognition, fingerprints, retina scan
 Computer Failure Controls
 Prevents computer failures or minimizes its effects
 Preventive maintenance
 Arrange backups with a disaster recovery organization
Other Security Measures
 In A disaster recovery plan contains formalized
procedures to follow in the event of a disaster
 Which employees will participate
 What their duties will be
 What hardware, software, and facilities will be
used
 Priority of applications that will be processed
 Use of alternative facilities
 Offsite storage of databases
 Information System Controls
 Methods and
devices that
attempt to ensure
the accuracy,
validity, and
propriety of
information
system activities
Auditing IT Security
 IT Security Audits
 Performed by internal or external auditors
 Review and evaluation of security measures
and management policies
 Goal is to ensure that that proper and
adequate measures and policies are in place