IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

Learning Objectives

• Explain why a security incident is a major concern

• Determine the different types of exploits
• Analyze the different types of computer perpetrators
• Identify the different steps to implement a trustworthy computing

Computer crime
- Alternatively referred to as cybercrime, e-crime, electronic crime, or hi-tech crime.
- The commission of illegal acts through the use of a computer or against a computer
system.
- Illegal activities carried out on or by means of a computer.
- Computer crime includes criminal trespass into another computer system, theft of
computerized data, and the use of an on-line system to commit or aid in the commission
of fraud.
- Computers or computer systems can be the object of the crime such as:
• Destroying a company’s computer center or a company’s computer files),
• Stealing computer lists by illegally gaining access to a computer system using a
home computer.
• Simply accessing a computer system without authorization or with intent to do
harm, even by accident, is now a federal crime.
- Computer crime is an act performed by a knowledgeable computer user, sometimes
referred to as a hacker that illegally browses or steals a company's or individual's private
information. In some cases, this person or group of individuals may be malicious and
destroy or otherwise corrupt the computer or data files.

Why do people commit computer crimes?

- In most cases, someone commits a computer crime to obtain goods or money. Greed and
desperation are powerful motivators for some people to try stealing by way of computer
crimes. Some people may also commit a computer crime because they are pressured, or
forced, to do so by another person.
- Some people also commit a computer crime to prove they can do it. A person who can
successfully execute a computer crime may find great personal satisfaction in doing so.
These types of people, sometimes called black hat hackers, like to create chaos, wreak
havoc on other people and companies.
- Another reason computer crimes are sometimes committed is because people are bored.
They want something to do and don't care if they commit a crime.

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

Computer abuse
- The commission of acts involving a computer that may not be illegal but that are
considered unethical.
- The popularity of the Internet and e-mail has turned one form of computer abuse-
spamming into a serious problem for both individuals and businesses.

Examples of computer crimes

Below is a list of the different types of computer crimes today. Clicking any of the links gives
further information about each crime.

• Intellectual property theft - Stealing practical or conceptual information developed by

another person or company.
• Copyright violation - Stealing or using another person's Copyrighted material without
permission.
• Cracking - Breaking or deciphering codes designed to protect data.
• Cyber terrorism - Hacking, threats, and blackmailing towards a business or person.
• Cyberbully or Cyberstalking - Harassing or stalking others online.
• Cybersquatting - Setting up a domain of another person or company with the sole
intention of selling it to them later at a premium price.
• Creating Malware - Writing, creating, or distributing malware (e.g., viruses and spyware.)
• Data diddling - Computer fraud involving the intentional falsification of numbers in data
entry.
• Denial of Service Attack - Overloading a system with so many requests it cannot serve
normal requests.
• Doxing - Releasing another person's personal information without their permission.
• Espionage - Spying on a person or business.
• Fake - Products or services that are not real or counterfeit. For example, a fake
antivirus and fake technical support examples of something fake.
• Fraud - Manipulating data, e.g., changing banking records to transfer money to an
account or participating in credit card fraud.
• Green Graffiti - A type of graffiti that uses projectors or lasers to project an image or
message onto a building.
• Harvesting - Collect account or account-related information on other people.
• Human trafficking - Participating in the illegal act of buying or selling other humans.
• Child pornography - Making, distributing, storing, or viewing child pornography.
• Identity theft - Pretending to be someone you are not.
• Illegal sales - Buying or selling illicit goods online, including drugs, guns, and psychotropic
substances.
• IPR violation - An intellectual property rights violation is any infringement of another's
Copyright, patent, or trademark.
• Phishing or Vishing - Deceiving individuals to gain private or personal information about
that person.

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

• Ransomware - Infecting a computer or network with ransomware that holds data hostage
until a ransom is paid.
• Salami slicing - Stealing tiny amounts of money from each transaction.
• Scam - Tricking people into believing something that is not true.
• Sextortion - Extortion where a victim's private data of a sexual nature is acquired illegally
by another person.
• Slander - Posting libel or slander against another person or company.
• Software piracy - Copying, distributing, or using software that was not purchased by the
user of the software.
• Spamming - Distributed unsolicited e-mail to dozens or hundreds of different addresses.
• Spoofing - Deceiving a system into thinking you are someone you're not.
• Swatting - The act of calling in a false police report to someone else's home.
• Theft - Stealing or taking anything (e.g., hardware, software, or information) that doesn't
belong to you.
• Typosquatting - Setting up a domain that is a misspelling of another domain.
• Unauthorized access - Gaining access to systems you have no permission to access.
• Vandalism - Damaging any hardware, software, website, or other object.
• Wiretapping - Connecting a device to a phone line to listen to conversations.

Computer Security Risks

Types of Perpetrators
1. Hacker - an individual who uses computer, networking or other skills to overcome a
technical problem.
Hacking currently defined as to gain illegal or unauthorized access to a file, computer,
or network

The term has changed over time

• Phase 1: early 1960s to 1970s
– It was a positive term
– A "hacker" was a creative programmer who wrote elegant or clever code
– A "hack" was an especially clever piece of code
• Phase 2: 1970s to mid-1990s
– Hacking took on negative connotations
– Breaking into computers for which the hacker does not have authorized access
– Still primarily individuals
– Includes the spreading of computer worms and viruses and ‘phone phreaking’
– Companies began using hackers to analyze and improve security
• Phase 3: beginning with the mid 1990s
– The growth of the Web changed hacking; viruses and worms could be spread
rapidly
– Political hacking (Hacktivism) surfaced
– Denial-of-service (DoS) attacks used to shut down Web sites

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

– Large scale theft of personal and financial information

Types of hackers

• Professional hackers
– Black Hats – the Bad Guys

– White Hats – Professional Security Experts

• Script kiddies
– Mostly kids/students
• User tools created by black hats,
– To get free stuff

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

– Impress their peers

– Not get caught
• Underemployed Adult Hackers
– Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern European countries
• Ideological Hackers
– hack as a mechanism to promote some political or ideological purpose
– Usually coincide with political events
• Criminal Hackers
– Real criminals, are in it for whatever they can get no matter who it hurts
• Corporate Spies
– Also known as industrial espionage
– Are relatively rare
• Disgruntled Employees
– Most dangerous to an enterprise as they are “insiders”
– Since many companies subcontract their network services a disgruntled
vendor could be very dangerous to the host enterprise

What Is Ethical Hacking, and Why Do We Need It?

Ethical hacking, also known as the white hat hacking type, tests a computer system or
network to assess its security and attack vulnerability. But why do we need ethical hacking?
Ethical hacking is essential to uncover your systems' weaknesses, so you can fix them before
malicious hackers do.
You might think this sounds common sense, but many companies overlook this crucial
step in their security protocols until they've been hacked. It's much easier (and cheaper) to fix
bugs in your system before they're exploited than after.
Ethical hacking often involves penetration testing or vulnerability scanning, and it helps
organizations to discover security vulnerabilities that hackers can exploit. These tests are usually
performed by skilled computer professionals who are not maliciously trying to break into a system
but want to help improve its defenses against real-world threats.
What is the Importance and the Key Concepts of Ethical Hacking?
Ethical hacking is crucial because it helps protect the network from cyber-attacks. Ethical
hacking is a special kind of penetration testing conducted for security purposes.
There is three central importance of Ethical Hacking:

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

• It helps find all the vulnerabilities in your network, so you can fix them immediately before
they get exploited by criminals or hackers.
• It helps identify the weak points in your network and improves its security by implementing
strong security measures.
• It also helps train employees about cybersecurity issues, so they don't fall for phishing
scams or other attacks.
However, to become an ethical hacker, you must first understand the three key concepts
of Ethical Hacking. The three main concepts of Ethical Hacking are:
➢ Scanning

Scanning identifies the target network, its devices, and their current configurations.
This information can be used to identify vulnerabilities and determine what type of
ethical hacking attack will work best on those devices.
➢ Enumeration

Enumeration is gathering information about the target network, such as usernames

and passwords, which can be used in later stages of an attack.
➢ Exploitation

Exploitation involves taking advantage of a device's vulnerability to gain access to

sensitive data or control over that device.
Types of Exploits
There are two different types of exploits.
– remote exploits – where hackers can gain access to the system or
network remotely
– local exploits – where the hacker need to access the system physically
and overpass the rights.
2. Cracker - an outdated term used to describe someone who broke into computer
systems, bypassed passwords or licenses in computer programs, or in other ways
intentionally breached computer security. Computer crackers were motivated by
malicious intent, for profit or just because the challenge is there.
3. Malicious insider – is a person who has insider knowledge of an organization's
proprietary information and intentionally misuses it to negatively impact the
integrity of the business. This person could be a current or former employee, contractor,
or business partner.
4. Industrial spies – someone who sell trade secrets, intellectual property, or other classified
information to competitors. Industrial espionage is the covert, and sometimes illegal,
practice of investigating competitors to gain a business advantage. The target of an
investigation might be a trade secret, such as a proprietary product specification or
formula, or information about business plans.

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

5. Cybercriminals - are individuals or teams of people who use technology to commit

malicious activities on digital systems or networks with the intention of stealing sensitive
company information or personal data, and generating profit.
– are known to access the cybercriminal underground markets found in the deep web to
trade malicious goods and services, such as hacking tools and stolen data.
Cybercriminal underground markets are known to specialize in certain products or
services.
6. Hacktivist - Derived from combining the words 'Hack' and 'Activism', hacktivism is the
act of hacking, or breaking into a computer system, for politically or socially motivated
purposes.
– these types of hackers intend to hack government websites. They pose themselves as
activists, so known as a hacktivist. Hacktivists can be an individual or a bunch of
nameless hackers whose intent is to gain access to government websites and
networks.
7. Cyberterrorists – is someone who unlawful attacks and perform threats of attacks against
computers, networks and the information stored therein when done to intimidate or coerce
a government or its people in furtherance of political or social objectives. Cyberterrorism
is the convergence of cyberspace and terrorism.

IMPLEMENTING TRUSTWORTHY COMPUTING

Microsoft defines their Trustworthy Computing Initiative as a label for a whole range of
advances that have to be made for people to be as comfortable using devices powered by
computers and software as they are today using a device that is powered by electricity.

Microsoft has specified four core areas in which makes up the Trustworthy Computing
Initiative known as the Four Pillars of Trustworthy Computing.

✓ Security
✓ Privacy
✓ Reliability
✓ Business Integrity

Four Pillars of Trustworthy Computing

1. Security
– measures taken to guard against espionage or sabotage, crime, attack, or escape
– Information Security- the protection of information systems against unauthorized
access to or modification of information, whether in storage, processing or transit,
and against the denial of service to authorized users or the provision of service to
unauthorized users, including those measure necessary to detect, document, and
counter such threats. (National Information Systems Security Glossary)

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

Information security applies to all aspects or safeguarding data in whatever form and is not
confined to just computer systems or information in electronic form.
Three widely accepted elements of Information Security are confidentiality, integrity, and
availability also known as the mnemonic “CIA”.

❖ Confidentiality is a central trust between information providers and information gatherers.

The Public Health Service Act (42 USC 242m) reads, no information, if an establishment
or person supplying the information or described in it is identifiable, obtained in the course
of activities undertaken may be used for any purpose other than the purpose for which it
was supplied unless such establishment or person has consented, thus providing
confidentiality.

❖ Integrity is derived from not only the organization but the individual team members.
Components such as trust, ability and character are the defining building blocks that create
an organizations integrity.

❖ Availability according to the U.S. Nuclear Regulatory Commission is the degree to which
information or processes are reasonably accessible and usable, upon demand, by an
authorized entity, allowing authorized access to resources and timely performance of time-
critical operations.
2. Privacy
– the quality or state of being apart from company or observation b) freedom from
unauthorized intrusion.
– Countries around the world have implemented privacy and data protection
legislation.
• In 2012 the Philippines passed the Republic Act. No. 10173 also known
as the Data Privacy Act 2012, comprehensive and strict privacy legislation
“to protect the fundamental human right of privacy, of communication while
ensuring free flow of information to promote innovation and growth.”
3. Reliability
– the extent to which an experiment, test, or measuring procedure yields the same
results on repeated trials.
– Reliability in the content of Trustworthy Computing is presented by Microsoft as
more than just reliable software and providing support. Microsoft believes it means
being a reliable business partner, maintaining an open dialogue with our customers

Compiled by: Marlyn M. Bermoza, MIT

Faculty
 IS 212 | Professional Issues in Information Systems

Chapter 3: COMPUTER AND INTERNET CRIME

and industry partners, and seeking feedback about how we can improve our
software and services.
4. Business Integrity
– Integrity- the quality or state of being complete or undivided
– Business integrity is the essence of a company and its team members.
– Basic integrity principles also displayed in 2004 article from WebProNews states
all the following maybe considered as some of the essentials of building business
integrity.
• A company must display and earn the trust with the client. Trust is assured
reliance on the character, ability, strength, of a business.
• Character feedback and opinions from clients and team members will
display leadership and open up ideas for improvement.
• Evaluate all print materials including advertising, brochures and other
business documents making sure they are clear, precise and professional.
• Remain involved in community related issues and activities. This will
demonstrate that your business is a responsible community contributor.
• Keep a hands-on approach in to accounting and record keeping. Gaining
control of accounting and record keeping allows you to end any dubious
activities promptly.
• Treat all others with the utmost of respect always.

References:
1. https://www.computerhope.com/jargon/c/compcrim.htm
2. https://www.knowledgehut.com/blog/security/types-of-ethical-hacking
3. https://www.trendmicro.com/vinfo/us/security/definition/cybercriminals
4. https://www.giac.org/paper/gsec/4243/pillars-trustworthy-computing-displayed-
patch-management/106837

Compiled by: Marlyn M. Bermoza, MIT

Faculty