ACCT341, Chapter 11
Computer Crime, Ethics, and Privacy





Introduction
Computer Crime, Abuse, and Fraud
Examples of Computer Crimes
Mitigating Computer Crime and Fraud
Ethical Issues, Privacy, and Identity Theft
Computer Crime

involvement of the computer in a criminal
act
◦ directly, or indirectly.

definition important
◦ it affects how statistics are accumulated
◦
◦

It said “ hit any key to continue, so I did, just with a hammer.”
Is smashing a computer with a sledge hammer considered
computer crime?
only a small proportion of computer crime
gets detected
Computer Crime & Abuse the Difference

Computer crime involves the manipulation of a
computer or computer data
◦ to dishonestly obtain money, acquire property, or get
some other advantage of value, or to cause a loss.

Computer abuse is when someone’s computer is
used or accessed in a mischievous manner with a
motive of revenge or challenge
◦ is punishable in extreme cases
◦ Should Adrian Lamo have been arrested? Case 11.1,
p.343
Examples of Computer Crimes.

A computer dating service was sued because
referrals for dates were few and inappropriate.
The owner eventually admitted that no
computer was used to match dates, even
though the use of a computer was advertised.

Case 11.2, p.344: Donald Burleson, a
disgruntled programmer, created a logic bomb
that erased 168k of data records and held up
paychecks for a month. Would have been more
serious if not discovered early. [Logic bombs
are programs that remain dormant until a
circumstance or date triggers the fuse.]
Common Types of Computer
Crime and Abuse
Federal Legislation
The Computer Fraud and Abuse Act (CFAA) of
1986 which was amended in 1994 and 1996
 Defines computer fraud as an illegal act for
which computer technology is essential for its
perpetration, investigation, or prosecution.
 Defines 7 fraudulent acts; the first
three are described as misappropriation
of assets and the last four as “other” crimes
CFAA Fraudulent Acts
1. Unauthorized theft, use, access,
modification, copying, or destruction of
software or data. King Soopers p. 345
2. Theft of money by altering computer
records or the theft of computer time.
Salami technique, P#14 (salami is made from many small
pieces of meat, salt, beef, garlic).
3. Intent to illegally obtain information or
tangible property through the use of
computers. Send office supplies invoices, Case 11.7, p.
357.
CFAA Fraudulent Acts
4. Use or the conspiracy to use computer
resources to commit a felony. Sjiem-Fat created
bogus cashier checks to buy cptr equip. for resale in Caribbean,
p. 345-6
5. Theft, vandalism, destruction of
computer hardware. Disgruntled taxpayer shoots
IRS cptrs, p. 346
6. Trafficking in passwords or other login
information for accessing a computer.
7. Extortion that uses a computer system as
a target. Disgruntled employee steals data for ransom, p.
34679
Federal Legislation Affecting the
Use of Computers





Fair Credit Reporting Act of 1970
Freedom of Information Act of 1970
Federal Privacy Act of 1974
Small Business Computer Security and
Education Act of 1984
Computer Fraud and Abuse Act of 1986
Federal Legislation Affecting
the Use of Computers (cont.)





Computer Fraud and Abuse Act
(1996 amendment)
Computer Security Act of 1987
USA Patriot Act of 2001
Cyber Security Enhancement Act of 2002
CAN-SPAM Act of 2003
The Lack of
Computer-Crime Statistics
Data not available because
(1)private companies handle abuse
internally to prevent embarrassment
(2)surveys of computer abuse are
often ambiguous
(3)most computer abuse is probably not
discovered (FBI estimates only 1%
detected)

The Growth of Computer Crime
Computer crime is growing because of
◦ Exponential growth in computer resources
◦ Internet gives step-by-step instructions
on how to perpetrate computer crime
◦ Continuing lax security (in one test, only 3
out of 2200 websites knew they
were being targeted -see
Case 11.3. p.347)
Importance for Accountants
Computer crime and abuse important to
accountants because AISs
help control an organization’s financial resources
 are favored targets of disgruntled employees
seeking financial gain or revenge
 because they are responsible for designing,
implementing, and monitoring the control
procedures for AISs.
 because firms suffer millions of dollars in
computer-related losses




due to viruses,
unauthorized access, and
denial of service attacks
 Avg cost to target co. of computer abuse per incident is
$500k
Computer Crime Cases

Compromising Valuable Information:

Computer Hacking:
The TRW Credit
Data Case: Selling credit scores, data diddling
Kevin Mitnick and social engineering
Reasons to hack: financial gain, revenge, challenge, curiosity,
pranks, industrial espionage
Max. penalty is 5 years prison + $250k fine.
Ethical Hackers: strengthen controls by finding & disclosing
weaknesses

Worm: The 1/25/03 Internet Crash
◦
A very speedy computer worm, the Slammer worm, created
55 million data requests
(cost > $1b and we don’t know who did it)

Note: unlike a virus, a worm doesn’t destroy or alter data, just
reproduces until system is overloaded and runs out of memory
or disk space
Robert T. Morris and the
Internet Virus
Robert T. Morris
created one of the world’s most
famous computer viruses
 became first person to be indicted under
the Computer Fraud and Abuse Act of
1986

The case illustrated vulnerability of networks
to virus infections.
Computer Viruses
Computer VIRUS is a program
 that disrupts normal data processing and
 that can usually replicates itself onto other
files, computer systems or networks.
WORM - In contrast to most viruses, a worm
doesn’t destroy data but it replicate itself
until the user runs out of memory or disk
space.
Computer Virus Programs
Trojan Horse programs
 reside in legitimate
computer programs.
Logic Bomb programs
 remain dormant until the computer
system encounters a specific condition.
A virus may be stored in an applet, which is a
small program stored on a WWW server.
Methods for
Thwarting Computer Abuse
1.
2.
3.
4.
◦
Enlist top management support
Increase employee awareness and education &
have a hotline
Conduct security inventory
Protect passwords
Social engineering: posing as bona fide in order to trick
people into disclosing passwords, etc. E.g. Kevin Mitnick see
https://www.youtube.com/watch?v=Q7G3kKRdUl4
◦
◦

Kevin Mitnick
Phishing: using email/web to trick user into disclosing data
Smishing (short for SMS phishing): tricked into downloading
malware onto cell phones
Prevented by:


◦
◦
◦
Lock-out systems
Disconnecting users after a set number of unsuccessful login attempts
Dial-back systems
disconnecting all login users,
reconnecting legitimate users after checking their passwords
Methods for
Thwarting Computer Abuse
Occupation of Ctpr Abusers
Implement controls
6. Identify computer
criminals
5.
◦
7.
Look at technical
backgrounds,
morals, gender and age
Physical security
-- secure location
-- backup
-- proper disposal (>1/3 of used
hard drives for sale contained
personal info – see Case 11.9)
Methods for
Thwarting Computer Abuse
8.
Recognize symptoms of employee
fraud
◦
Five symptoms of employee fraud (Case
11.10, p. 360)





Accounting irregularities such as forged,
altered or destroyed input documents
Internal control weaknesses
Unreasonable anomalies that go
unchallenged
Lifestyle changes in an employee
Behavioral changes in an employee
Methods for
Thwarting Computer Abuse
9.
◦
◦
◦
Employ forensic accountants
Special training (>27k CFEs)
Special sleuthing tools
One of fastest growing professions
Methods Used to Obtain Your
Personal Data – ID Theft







Shoulder surfing
Dumpster diving for documents & old
cptr hard drives
Scanning credit card at restaurant
Fake apps for “preapproved” credit
cards
Key logging software
Spam and other e-mails
Phishing & smishing
Privacy Issues
Have a privacy policy for your website
 Have an audit done by professionals
who provide a privacy seal

◦ Truste
◦ BBB Online
◦ Webtrust
Dispose of old computers with care
 Have laptops password protected
 Use encrypted USB drives only
