New times bring new crimes. It's a story as old as humanity and as new as the Internet. First comes cars, then car thieves follow. Telephones are followed by telephone fraud. Now we " ve got computers...
To make home, school, and office life easier, society relies on computers. As a result of this dependency, computer use grows everyday. Along with the growing use of computers comes widespread computer crime. With the Internet becoming increasingly popular, more and more people are becoming computer literate, and networks are becoming more readily accessible. The rise in computer crime can easily be blamed upon the increasing number of users. The Internet is widely deemed as a new community and "wild" electric frontier.
Either way you look at it, the Internet offers cover for con artists, ground for grifter's, and plenty of places where larceny can lurk. It provides the same opportunities for crime that the real world offers. Internet crimes, however, carry their own intricacies and innovations. These online crimes take advantage of the very same technologies that make the Internet possible. The most common crimes committed on the Internet are the same basic variations of the four main time-tested, real-world crimes: Forgery (of E-mail), assault (on your Web site, E-mail box, or computer system), fraud (cyber scams), and robbery (theft of valuable information). Various types of people commit computer crimes.
The two most familiar being hackers and crackers. A hacker is a person who enjoys exploring the details of a programmable system and how to stretch their capabilities; one who programs enthusiastically, even obsessively. A cracker is one who breaks security on a system. Although hackers and crackers both break into computer systems, their motives are different. Hackers seem to break into computer systems for the intellectual challenge. Crackers are considered malicious with the intention of harming or causing damage to a computer system.
The motivations behind crackers' actions are either profits, revenge, or a mixture of the two. Other computer criminals include terrorists, company competitors, and aggravated employees. Aggravated employees are a company's worst nightmare since they have easy access to the company's system, and are usually fired or leave on bad terms. Competitors will often do whatever is necessary to get an edge on their industry leaders by riffling through their competitors' trash, bugging phone lines, and now breaking into their competitors' networks in an attempt to gather inside information. Terrorists are becoming more computer literate because they realize the amount of information regarding the government defense are stored and found on computers. Terrorists are also targeting technology and utility companies because they realize the damage caused would be wide spread and devastating.
There are six common types of computer attacks: Military/Intelligence Attacks Business Attacks Financial Attacks Terrorist Attacks Grudge Attacks Reasonless Attacks Computer criminals have broken into the military's system many times and learned such valuable information as military exercises, satellite repositioning systems, FBI/CIA investigations, etc. Our national security is at jeopardy simply because the military's system is susceptible to computer crime just as is any network system. The U. S.
Air Force once hired a hacker to try to break into their systems. The hacker was successful at the break-in and reported it to military officials. Two weeks later, he was asked to try to break into the system again. This time it only took fifteen seconds to get back into the system. The government needs to find a way to protect their information, themselves, and us more securely. Attacks on businesses are rapidly becoming more widespread.
54% of U. S. companies reported losses related to computer crimes. Most of these crimes committed were intentional.
This raises the issue of competitors' attempts to gain information on their closest competitor. For example, Boeing Aircraft accused Airbus of bugging Boeing employees' hotel rooms and airline seats and tapping the telephone lines in order to get information. Financial Attacks are most often committed by people inside or close to the company. Obviously, people most familiar with a company's system and operations can commit a crime and easily cover their trails.
An MCI assistant was arrested for selling thousands of credit card numbers obtained over telecommunication lines. The total cost of the incident was $50 million. When these criminals are placed in prison, more financial attacks can occur. Prisoners at Metro Jails (Tennessee) were able to illegally access long distance telephone accounts in order to sell calls to other prisoners.
The motivation behind terrorist attacks is simple: why knock out electricity in only one city when you can do the same for an entire state Computer facilities and technology companies are a terrorist's choice attacks since the damage can be more widespread and devastating. Grudge attacks are committed for one reason only, revenge. Former employees often commit grudge attacks as the result of a recent firing or demotion. Reasonless attacks are committed just "for fun." The motivation of these attacks is merely challenge rather than trying to cause destruction or gain profit.
Although these attacks are done without the intention of doing harm they are just as dangerous as any other type of computer attack. One of the most dangerous individuals is one who has found himself in a place he doesn't fully understand or knows he doesn't belong. Technology-related crime loss is estimated at an annual $8 billion. The loss includes stealing computer hardware / software and fraud (breaking into a computer and stealing money or information to make a profit). Computer fraud loss is estimated at $555 million annually with each individual case of fraud costing approximately $100, 000.
Financial institutions, such as banks, are the biggest targets of computer fraud with an estimated annual loss of $1 billion. In most cases, computer crimes go unreported. The victims are often embarrassed. A computer related crime could show that a company might have some weaknesses. Another reason for a company not to report a computer crime is to avoid lawsuit threats shareholders may make, which can cost more than the computer theft itself. How are computer crimes committed Break-in methods include altering input, theft of computer time, software theft, data theft / modification and output theft.
The most common method of committing computer crimes is altering input. In order to alter input, the criminal only needs to know how the system works and how to cover their trail. A good example would be an employee in charge of payroll keeping another employee's record on the payroll after their termination in order to collect paychecks. Stealing business time occurs when one uses a company's computer for personal use such as an employee's running a side business or keeping personal records on an employer's computer or playing computer games at work.
This frequent occurrence in the workplace takes time from productivity, costing the company money. Software theft is a large problem in the software industry. Each year, software companies lose millions of dollars to this type of theft. Not only does software theft contribute to loss of sales, but it also adds to the spread of computer viruses. Two examples of software theft are the production of illegal copies of software and the creation of software used to break into systems. An example of how software theft causes software manufacturers to lose money is as follows: If Acme Company has a software package available for $300 and someone makes a copy of that software without purchasing it, Acme Company instantly loses $300.
Three hundred dollars may not seem to be that much money for one instance. However, if 1, 000 people copy this same package, then the company is out $300, 000 which is a large amount of loss in profits. Data theft is another way of committing a computer crime. For example, if an office manager of a stock law firm obtained merger and acquisition information from one of the company's files, he could then use that information to trade the securities of the companies involved with the merger. In this case, the criminal would make millions of dollars from trading the related securities, and the companies could end up at a huge loss. Output theft commonly occurs when information is taken from another's printout or screen.
This information is then used to profit unfairly. Various techniques are used to commit computer crimes including a trapdoor, round down, salami, masquerading, and eavesdropping. A trapdoor is a set of computer instructions that will let a user bypass the system's normal controls. It is usually used during system development and removed before system operation. If the trapdoor is left in place, it is done so in order to allow access to the system easily. The round down technique takes advantage of financial institutions, more specifically those that pay interest.
A user of the financial institution's system, such as a knowledgeable band teller, can program instructions into the business's system that will round down all interest calculations to two decimal places instead of carrying out half cents or even smaller amounts of "pocket change." The user then can deposit the difference into their account. While this may not seem very profitable, the fractional cents add up very quickly. The salami technique is also used to steal money in small amounts. For example, an accountant could use a computer to increase production costs by a fraction of a percent every few months and deposit the difference into a dummy account for himself to collect later. This technique is similar to the round down technique.
Masquerading relates to software theft. By using a legitimate user's login name and password to gain access to a computer system, a criminal could masquerade as a legitimate user without having to pay for his own account. Eavesdropping, listening to someone else's information, could result in devastating losses. A nosey eavesdropper can easily obtain credit card numbers, account numbers, and PIN numbers. Internet users should always be extremely cautious about releasing any important information on the web. Even "secured" transactions are not always safe from fraud.
Tools used to break into computer systems can be obtained easily. Many can be found on underground Internet sites, discussion groups, or private bulletin boards on the web. These break-in programs are becoming more and more user-friendly to allow perpetrators to point and click their way around any system. In this world of computer crimes, how does one go about protecting themselves For starters, a way to privatize your e-mail is to use an anonymous remailer. A remailer is a free service that allows you to send anyone an e-mail message without the recipient knowing who sent the message.
A person who may not want their identity to be known may send a message to someone through an anonymous remailer who, in turn, will assign them a different e-mail address through them. After assigning this new address, the remailer then sends the message to the intended recipient. If the recipient chooses to respond, they would send their message to the remailer, who would then relay the message to the anonymous party. The only problem with anonymous remailer is finding one that can be completely trusted.
Other more extreme security measures have recently been developed. Biometric systems use physical characteristics unique to each individual to grant-or deny- access to computer resources. These systems go a crucial step beyond traditional passwords or security-access cards, by ensuring that the individual trying to log on is actually the authorized person; not just someone who found a key card in a desk or the Post-It note with a password under the keyboard. Biometric concepts include fingerprint recognition, voice authentication, face recognition and retinal scanning.
These extreme measures of security show how important people consider their computer systems and information to be. One of the best ways to protect your information, however, is through data encryption as a possible solution. Data encryption comes from cryptography, which is the art and science of sending disguised messages so that only select people can see through the disguise. For everyone else the message appears as gibberish. Some encryption software includes DES, RSA, and PGP. DES (Data Encryption Standard) is the most well known cryptographic algorithm.
DES has been the United States Government's official data encryption standard for use in protecting "sensitive but unclassified" data since late 1976. DES is a "single key" system, which means that DES uses the same key to encrypt and decrypt a message. The most common use for DES is when banks wire money amongst themselves and when ATM machines communicate with their central computer. RSA is a software encryption algorithm that is gaining worldwide acceptance. Unlike DES, RSA uses a public key to encrypt data and a second (secret) key to decrypt the same data. This double key permits you to distribute your public key openly, such as a telephone number.
Anybody can send encrypted e-mail to you using your public key, but nobody can read your encrypted e-mail without your secret key and an accompanying secret "pass phrase." Similarly, anybody can call your telephone number, but only you can answer your telephone number. This double key feature makes RSA very practical and popular. PGP (Pretty Good Privacy) is an easy-to-use, highly secure computer program that encrypts and decrypts data. Unlike DES or RSA, PGP software gives the user a choice. He can use a single-key cryptography (useful for files that only he will read) or a public-key / secret-key (useful for encrypting e-mail and files that other people will read). Many people are fooled by the expression "Pretty Good Privacy." The name simply reflects the humor of PGP's creator, Phillip Zimmerman.
PGP is strong stuff, and is virtually uncrackable. Even U. S. Government snoopers can't break it. Critics of PGP like to state that the package is too sophisticated and too secure for anybody but paranoids. These naysayers are probably of the type who would dismiss an employee for being too educated.
Data encryption has a few legal barriers restricting it. The U. S. government fears the wide spread usage of encryption because they are afraid that they will not be able to crack encrypted transmissions. As a result, the government would not be able to snoop as effectively as in the past.
The Clipper Chip, an encryption chip, was proposed by the U. S. government to allow people to use encrypted device while still allowing the government to break the codes if necessary. The initiative behind this chip may be the boldest, practical technological assault against privacy ever proposed by a government. The U. S.
Government alleges that the Clipper has two purposes: 1) to prohibit (non-government) citizens and companies from eavesdropping on our voice communications, and 2) to permit U. S. law enforcement agents to eavesdrop on all voice communications, if these agents have "legal authorization." The Clipper Chip is placed into devices such as digital phones. The key to decoding the encrypted messages would be kept by two separate government agencies. Each agency would have half of the key to prevent abuse. Law enforcement agencies would be able to obtain the keys by obtaining a warrant.
When considering security for one's computer or network, there are many things to consider. Determine the threats. If the system is in danger, then estimate the danger of each threat. Determine the consequences from each threat. Identify controls against each threat. If threats are internal, take appropriate measures to protect the system from employees.
If threats are external, determine if the possible losses from an acted out threat cost more than a control system. Sensitive data should be controlled. Therefore, confidential documents should be shredded before being discarded. Access to computer terminals should be restricted. Another possibility is the implementation of alarms, closed circuit televisions, and access cards. And, very importantly, when transmitting data, encrypt it.
Although computers have become an important part of everyday life, with the widespread use of computers comes one more way we can be victimized by criminals. Although no security measure is fool proof, steps can be taken to reduce the chances of becoming a victim of fraud. Be aware of computer crimes and take the necessary precautions to protect yourself and your work. Bibliography REFERENCES Ba card, Andre. 1995 The Computer Privacy Handbook.
Berkley, CA. : Peachpit Press. Barr, Christopher. March 3, 1997 "Cybercrime: Be Careful Out There." web Cohen, Frederick B. 1995 Protection and Security on the Information Superhighway. Canada: John Wiley & Sons, Inc.
"Computer Crime." web "Computer Crime, Abuse, and Hacker Ethics." COS 291 Presentation on Computer Crime. web "Computer Fraud: What Can Be Done About It" The CPA Journal. May 1995. Ferrell, Keith. February 6, 1997 "Net Crime: Don't Be A Victim." web Gunners on, Gary.
February 23, 1999 "Are You Ready for Biometrics" PC Magazine. Vol. 18, issue 4. Johnson, Deborah G. 1993 Computer Ethics, 2 nd Ed. Prentice-Hall.
Spinelli, Richard. June 1997 Case Studies in Information and Computer Ethics. Prentice Hall. "Underground Tools Aid Fledgling Hackers." November 13, 1995 Computer World.
W eckert, John and Douglas Adney. May 1997 Computer and Information Ethics (Contributions to the Study of Computer Science, No. 4). Greenwood Publishing Group. Wolf, Mandy. "A Byte Outta Crime: Computer Crimes Rising With Technology." The Murray State News.