Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Computer Crime & Abuse

Chapter
7-1
Chapter 7
Computer Crime, Ethics, and Privacy
Introduction
Computer Crime, Abuse, and Fraud
Examples of Computer Crimes
Mitigating Computer Crime and Fraud
Ethical Issues, Privacy, and Identity Theft
Chapter
7-2
Computer Crime
Computer Crime
involvement of the computer in a criminal act

directly, or
 indirectly.
definition important

because it affects how the statistics
are accumulated.
a small proportion


Chapter
7-3
gets detected
even smaller proportion gets reported.
Computer Crime & Abuse the Difference
Computer crime involves the manipulation of a
computer or computer data, to dishonestly

obtain money, acquire property, or get some other
advantage of value, or to cause a loss.
Computer abuse is when someone’s computer
is used or accessed

a mischievous manner with a motive of revenge or
challenge
Chapter is punishable in extreme cases
7-4
Federal Legislation
The Computer Fraud and Abuse Act (CFFA) of
1986 which was amended in 1994 and 1996
Defines computer fraud as an illegal act for which
computer technology is essential for its perpetration,
investigation, or prosecution.
Defines seven fraudulent acts, the first
three are described as misappropriation
of assets and the last four as “other” crimes
Chapter
7-5
CFAA Fraudulent Acts
Chapter
7-6
Unauthorized theft, use, access,
modification, copying, or destruction of
software or data.
Theft of money by altering computer
records or the theft of computer time.
Intent to illegally obtain information or
tangible Property through the use of
computers.
CFAA Fraudulent Acts
Chapter
7-7
Use or the conspiracy to use computer
resources to commit a felony.
Theft, vandalism, destruction of
computer hardware.
Trafficking in passwords or other login
information for accessing a computer.
Extortion that uses a computer system as
a target.
Other Federal Legislation
Affecting the Use of Computers
Fair Credit Reporting Act of 1970
Freedom of Information Act of 1970
Federal Privacy Act of 1974
Small Business Computer Security and
Education Act of 1984
Computer Fraud and Abuse Act of 1986
Chapter
7-8
Federal Legislation Affecting
the Use of Computers
Computer Fraud and Abuse Act
(1996 amendment)
Computer Security Act of 1987
USA Patriot Act of 2001
Cyber Security Enhancement Act of 2002
CAN-SPAM Act of 2003
Chapter
7-9
Federal Legislation Affecting
the Use of Computers
Question
Which of the following pieces of computer legislation is
probably the most important?
a. Cyber Security Enhancement Act of 2002
b. Computer Security Act of 1987
c. The Computer Fraud and Abuse Act of 1986
d. Federal Privacy Act of 1974
Chapter
7-10
The Lack of
Computer-Crime Statistics
Computer-crime statistics
Good data unavailable

(1)
(2)
(3)
Chapter
7-11
Three reasons
private companies handle abuse
internally
surveys of computer abuse are
often ambiguous
most computer abuse is probably
not discovered.
The Growth of Computer Crime
Computer crime is growing because of

Exponential growth in computer resources

Internet pages give step-by-step instructions
on how to perpetrate computer crime
Chapter
7-12
Importance for Accountants
Importance of computer crime and abuse
to accountants
because AISs


help control an organization’s financial resources
are favored targets of disgruntled employees

seeking financial gain or
 seeking revenge
Chapter
7-13
Importance for Accountants
because they are responsible for



designing,
implementing, and
monitoring the control procedures for AISs.
because firms suffer millions of dollars in
computer-related losses



Chapter
7-14
due to viruses,
unauthorized access, and
denial of service attacks
Three Representative
Computer Crimes Cases
Compromising Valuable Information:
The TRW Credit Data Case
Wire Fraud and Computer Hacking:
The Edwin Pena and Robert Moore Case
Denial of service:
The 2003 Internet Crash

Chapter
7-15
Through a very speedy computer worm, the
Slammer worm
The TRW Credit Data Case
This computer crime
is well known
involved computerized credit data
had two key issues:


Chapter
7-16
the propriety of the input information
the protection afforded to both consumer
and user in the accuracy and use of
credit information
The TRW Credit Data Case
Question
The TRW case is notable because
a. the amount of dollars involved was not
significant.
b. no one got caught.
c. the fraud was detected by a surprise audit.
d. the real victims were TRW customers.
Chapter
7-17
Methods Used by Criminals
Hackers
people who break into the computer files of others
for fun or personal gain.
Shoulder surfing
stealing calling credit numbers at public phones
Password controls
limiting computer access to bona fide users
Chapter
7-18
Methods Used by Criminals
Social engineering
posing as bona fide employees
Lock-out systems
disconnecting telephone users after a set number of
unsuccessful login attempts
Dial-back systems
disconnecting all login users,
reconnecting legitimate users after checking their
passwords
Chapter
7-19
Examples of Computer Crimes.
A graduate student infected a computer network with a
virus that eventually disrupted over 10,000 separate
systems.
A company accused a computer-equipment vendor of
fraudulently representing the capabilities of a computer
system, that the full system was never delivered and that
the software was inadequate.
In a fit of resentment, a keyboard operator shattered a
CRT screen with her high-heeled shoe.
Some employees of a credit bureau sent notices to some
individuals listed as bad risks in its files.
Chapter
7-20
Examples of Computer Crimes.
For a fee, the employees would withhold the damaging
information, thereby enhancing the credit worthiness of
the applicants.
A computer dating service was sued because referrals for
dates were few and inappropriate. The owner eventually
admitted that no computer was used to match dates, even
though the use of a computer was advertised.
A programmer changed a dividends-payment program to
reduce the dividends of selected stock-holders, and to
issue a check to himself for the sum of the reductions—
$56,000.
Chapter
7-21
Robert T. Morris and the
Internet Virus
Robert T. Morris
created one of the world’s most famous
computer viruses
became first person to be indicted under the
Computer Fraud and Abuse Act of 1986
The case illustrated vulnerability of networks
to virus infections.
Chapter
7-22
Computer Viruses
Computer virus is a program
that disrupts normal data processing and
that can usually replicate itself onto other files,
computer systems or networks.
Boot-sector viruses
hide in the boot sectors of a disk
are accessed there by the operating system
every time the system is booted.
Worm viruses
replicate themselves until the user runs
out of memory or disk space.
Chapter
7-23
Computer Virus Programs
Trojan Horse programs
reside in legitimate copies of
computer programs.
Logic Bomb programs
remain dormant until the computer
system encounters a specific condition.
A virus may be stored in an applet, which is a small
program stored on a WWW server.
Chapter
7-24
Computer Virus Programs
Question
A computer program that remains dormant until some
specified circumstance or date triggers the program to
action is called a
a. trojan horse
b. logic bomb
c. data diddling
d. cookie
Chapter
7-25
Thwarting Computer Viruses
Firewalls which limit external access to
the computer.
Antivirus software.
Antivirus control procedures.
Chapter
7-26
Thwarting Computer Viruses:
Anti-Virus Software
Anti-virus software includes computer
programs that can:




Chapter
7-27
scan computer disks for virus-like coding;
identify active viruses already lodged
in computer systems;
cleanse computer systems
already infected;
perform a combination of
these activities.
Drawbacks of Anti-Virus
Software Programs
Anti-virus programs provide less-than- complete
protection because

new, more powerful viruses are always
being written that can avoid known
detection schemes.

anti-virus programs can contain virus
routines.
Chapter
7-28
Anti-Virus
Procedural Controls
Buy shrink-wrapped software from
reputable sources
Avoid illegal software copying
Do not download suspicious Internet files
Delete email messages from unknown
sources before opening them
Maintain complete backup files
Chapter
7-29
Organizational Safeguards
Against Computer Viruses
Educate employees about viruses.
Encourage employees to follow virus
prevention and detection techniques.
Establish policies that discourage the
free exchange of computer disks or
externally acquired computer programs.
Chapter
7-30
Organizational Safeguards
Against Computer Viruses
Use computer passwords to thwart
unauthorized users from accessing the
company’s operating systems and files.
Use anti-virus filters on LANs and WANs.
Have an approved and tested disaster
recovery plan.
Chapter
7-31
Methods for
Thwarting Computer Abuse
Enlist top management support
Increase employee awareness and education
Conduct Security Inventory and protect
passwords
Implement controls
Identify computer criminals

Chapter
7-32
Look at technical backgrounds,
morals, and gender and age
Thwarting Computer Abuse
Recognize the symptoms of employee fraud
Accounting irregularities such as forged, altered
or destroyed input documents
Internal control weaknesses
Behavioral or lifestyle changes in an employee
Unreasonable anomalies that
go unchallenged
Employ forensic accountants
Chapter
7-33
Computers and Ethical Behavior
Ethics

a set of moral principles or values
 governing an organization as well as individuals
Ethical behavior

Chapter
7-34
making choices and judgments that are morally
proper and then acting accordingly.
Ethical Issues
Honesty
Protecting Computer Systems
Protecting Confidential Information
Social Responsibility
Rights of Privacy
Acceptable Use of Computer
Hardware and Software.
Chapter
7-35
Encouraging Ethical Behavior
Inform employees that ethics are important.
Formally expose employees to relevant cases
that teach how to act in specific situations.
Teach by example, that is, by managers acting
responsibly.
Chapter
7-36
Encouraging Ethical Behavior
Use job promotions and other benefits to
reward those employees who act responsibly.
Encourage employees to join professional
organizations with codes of conduct such as
Codes of Conduct and Good Practice for
Certified Computer Professional.
Chapter
7-37
Computers and Privacy Issues
Company policies with respect to privacy
issues

Chapter
7-38
Privacy policy should include
o
who owns the computer
o
for what purposes can the computer be used
o
what uses are authorized or prohibited
o
disposal of computers
Methods Used to Obtain Your
Personal Data
Shoulder surfing
Dumpster diving
Applications for “preapproved” credit
cards
Key logging software
Spam and other e-mails
Chapter
7-39
Copyright
Copyright 2008 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser
may make backup copies for his/her own use only and not for distribution
or resale. The Publisher assumes no responsibility for errors, omissions,
or damages, caused by the use of these programs or from the use of the
information contained herein.
Chapter
7-40
Chapter 7
Chapter
7-41
Related documents
Chapter 9
Chapter 9
Liv2 - Social Issues Involving Computers
Liv2 - Social Issues Involving Computers
Computer Crime
Computer Crime
statement on confidentiality - Cornerstone Behavioral Health
statement on confidentiality - Cornerstone Behavioral Health
Computer Crime & Abuse
Computer Crime & Abuse
PUBLIC ORDER CRIMES 13
PUBLIC ORDER CRIMES 13
Download