Security and Privacy: Computers and the Internet

 networking has made data and information easier to access
 data and information must be protected from
– destruction
– accidental damage
– theft
– espionage
– unauthorized access

 most frequently reported computer crimes
– credit card fraud
– data communications fraud
– unauthorized access to computer files
– unlawful copying of copyrighted software

 hackers - people who attempt to gain access to computer systems illegally
 electronic pickpockets - people who use computers to illegally transfer money, goods, or other valuables
 white-hat hackers - professionals hired to try to break into a system before someone else does

 Some methods commonly used by computer criminals
– bomb - program designed to trigger damage under certain conditions
– data diddling - changing data before or after it is entered
– denial of service attacks - bombarding a site with requests for service
– piggybacking - accessing a system through someone else, may occur if the authorized user did not exit properly

– salami techniques - embezzlement technique that transfers small “slices” of money
– scavenging - looking through garbage for useful information
– trapdoor - an unauthorized means of entry into a legitimate program
– Trojan horse - potentially harmful instructions hidden inside an otherwise useful program
– zapping - software designed to bypass security systems

 discovery of computer crimes is often difficult
 many businesses do not report crimes for fear of bad publicity
 complexities of computer-related fraud often not fully understood by
– law enforcement
– prosecutors
– judges
– juries
 Computer Fraud and Abuse Act (1986)
– attempt to define computer crime at national level

 computer forensics - uncovering computer-stored information to be used in court
– used in both civil and criminal cases
– relatively new field
– each examination is unique

 authorized access - badges, passwords, biometrics
 disaster recovery plan
 software security - who do programs belong to?
 data security - secure waste, internal controls, audit checks, passwords, etc.
 personal computer security - surge protectors
 backup files

 virus program designed to “infect” a computer
– damage may include changed or deleted files, bizarre screen effects, sabotage entire computer system
 worm - program designed to transfer itself over a network
 retrovirus - program designed to attack antivirus software
 vaccine (antivirus) - program designed to detect and neutralize or remove viruses

 programs downloaded from the Internet
 diskettes
 attachments to e-mail
 program with the virus must be executed to activate the virus

 privacy - the right to control information about oneself
 greatly compromised by giant databases and the sharing and sale of information

 Fair Credit Reporting Act of 1970
– can access and challenge credit records
 Freedom of Information Act of 1970
– allows access to information gathered by federal agencies
 Federal Privacy Act of 1974
– no secret personal files maintained by federal government agencies and contractors

 Video Privacy Protection Act of 1988
– prevents retailers from disclosing a person’s video rental records without a court order
 Computer Matching and Privacy
Protection Act of 1988
– prevents the government from comparing certain records to find a match
– much of matching is still unregulated

 firewall - software designed to protect a network from unauthorized access from the outside world
 encryption - scrambling of messages to protect privacy, can be decrypted by receiver using a “key”
– public key encryption allows individuals to provide a public key for encryption then use a private key to decrypt messages

 many businesses monitor employee computer use
– check current screen display
– check e-mail
– count keystrokes per minute
 many Web sites collect information about about visitors
– cookies - files that store information about you, sent to the Web server by browser when a site is visited (browser can be set to refuse them)

 spamming - sending out mass e-mail messages for advertising purposes
 flaming - responding in anger to e-mail
 filter software - program that screens incoming e-mail

 the Internet provides a wide variety of useful resources for adults and children

 many sites are designed for an adult audience
– blocking software attempts to stop users from accessing inappropriate sites
– hard to keep list of sites to avoid up-to-date
Children’s Online Privacy Protection Act
(2000) - requires Web sites that target children under the age of 13 to post their privacy policy and obtain parental consent