System Security and Computer
Crimes
The increasing use of computers, along with the
expansion of the internet and the many services
available on it, have result in new types of crimes and
new methods of perpetrating old crimes. In an effort
to reduce the level of computer crimes, governments,
companies and organizations continuously have to find
new methods of dealing with systems security. System
security concerns the protection of hardware, software
and data.
Data Integrity and Security
Data integrity concerns the consistency,
accuracy and reliability of data. Data is said to
have integrity if it is accurate and complete
when it enters a system and does not become
inaccurate after further processing. The goal of
integrity is to protect against data becoming
corrupt – being changed, delete or substitute
without authorisation.
Data integrity can be compromised in a number
of ways:
• Human error(e.g. inaccurate data entry, accidental
deletion, accidental changing of data).
• Natural disaster such as fire, floods and earthquakes.
• Worms and viruses.
• Hardware malfunctions
• Fraud
• Malicious deletion or changing of data.
Data Security
This concerns protecting data from
unauthorised access and is one of the methods
used to ensure data integrity. Data can be
secured using both physical and software
safeguards.
Physical Data Security
Physical safeguards deal with the protection of
hardware and software from accidental or
malicious damage, destruction or theft.
Depending on the sensitivity of the data stored,
a combination of the following methods may be
used.
Physical ways to secure data
include:
1. Only allowing authorised personnel access to
computer facilities.
Locks
Security guards
Burglar alarms
Monitoring system using video cameras
Biometric scans
Electronic doors that can only be opened using
passwords or magnetic cards.
2. Outer structural security - This entails reinforcement
to doors, windows, walls and roofs to make the
building where data is stored more secure
3. Storing data in a fireproof safe or cabinet
4. Storing data in another building or another location.
5. Distributing work to a number of employees instead of
just one.
6. If data storage is more long-term it is known as
achieving, a form of physical data backup involving the
removal of inactive files from the computer.
Software-Based Data Security
Software safeguards are another equally
important method of protecting data. Data will
never be fully secure unless both the physical
and software safeguards are in place.
Some of the most common software safeguards are:
1. Passwords for the system.
2. Passwords for individual files or folders.
3. Audit trails or Access logs – Security software programs can audit
computer use by providing a comprehensive record of all the network or
system activity, including who is accessing what data, when and how
often.
4. Encryption – This is encoding (scrambling) data during storage or
transmission so that it cannot be understood by someone who does not
have the encryption key or software to convert it back to its original
form.
5. Firewall – This is a program, a hardware device or a combination of both
that filters the information coming in through your computer system’s or
network’s connection to the internet. It prevents unauthorised users
from gaining access. Firewall can also perform audit and alarm functions
that record all access attempts to and from a network.
Firewall can protect system from:
• Remote login – This is when someone is able to connect to your computer
and control it in some form, ranging from being able to view or access
your files to actually running programs on your computer.
• Spam (electronic junk mail) – By gaining access to a list of e-mail
addresses, a person can send unwanted spam to thousands of users.
• E-mail Bomb – This is when someone sends you the same e-mail hundreds
of thousands of times until your e-mail system cannot accept any more
messages.
• Viruses
• Anti-virus Software – this is a special type of software used to remove or
inactivate known viruses from a computer’s hard disk, floppy disk or
memory stick.
Worm and Viruses
Worm and viruses are two types of programs
that may cause destruction to data and
software. Worm and viruses differ in the they
spread and how they function. However, many
people simple refer to both by the term
computer virus.
Worms
A worm is a program that uses computer networks and
security holes (weakness in a security system) to
repeatedly copy itself into a computer’s memory or
onto a magnetic disk, until no more space is left. A
copy of the worm scans the network looking for
another machine that has a specific security hole, and
then starts to replicate itself again. For example, a
viruse name “code red” replicated itself over 250000
times in about nine hours on July 2001, causeing traffic
on the internet to slow down considerably.
Virus
A virus is a program purposefully written by someone
to activate itself unknown to the victim and destroy or
corrupt data. A virus must attach itself to some other
program or document in order to executed (executed
here means ‘started up’). Viruses are one of the main
threats to a computer system and have caused many
businesses to lose millions of dollars due to corrupted
data, lost data and computer ‘downtime’ (times when
your computers are unstable).
Types of viruses include:
• File virus – These are viruses that infect
program files. The viruses attach themselves
to executable program files and are started
each time the program is run. For example, a
virus may attach itself to a word processing
program. Each time the word processing
program is run the virus also runs.
• Email Virus – This type of virus comes as
either an attachment to an e-mail or as the email itself. It usually spreads by automatically
mailing itself to everyone on the address book
of its victim. For example in March 1999 the
Melissa virus replicated itself so many times
and so quickly that it forced Microsoft and a
number of large companies to completely turn
off their e-mail systems until the virus could
be contained. The ILOVE YOU virus in the year
2000 had the same effect.
• Trojan Horses – A Trojan horse is a computer
program that places destructive code in
programs such as games. When the user runs
the game the hidden code runs in the
background, usually unknown to the user; it
erases either their entire hard disk or some
programs on the disk.
• Boot-sector virus – The boot sector is a part of
the operating system; it holds a small program
telling the computer how to load the rest of
the operating system when the computer is
started up. A boot-sector virus corrupts or
replaces the instructions in the boot sector,
thereby preventing the operating system from
loading properly and the computer from
booting or powering up.
How viruses are spread
• Downloading infected programs and files from
the internet.
• Opening infected files received through emails
• Booting the computer with an infected disk in
the disk drive.
• Using a storage medium such as a floppy disk,
tape or CD that contains infected files.
Preventing viruses
The best way to protect a computer from viruses
is to:
• Install antivirus software
• Turn on program virus protection
• Try to know the origin of each program or file you
use.
• Never open an email attachment that contains an
executable file with an extension EXE.COM or VBS,
even if you know who sent the email.
Data Privacy
Many businesses, government bodies and other organizations
hold information on individuals. Information given to these
bodies is given for a specific purpose. In many cases the
information is personal to the individual and can be valuable to
any number of organizations, not least commercial organization
that want to approach you directly to offer a product or service.
The ease with which data stored on databases can be accessed,
cross-referenced and transmitted from one computer to the next
in a LAN, WAN or over the internet emphasises the need for data
privacy laws.
Computer Crimes
What are Computer
Crimes?
Computer Crime is when the computer is
used to carry out illegal activities; these
are:
 Hacking
 Software Piracy
 Frauds
 Industrial Espionage
 Electronic Eavesdropping
Types of Computer Crimes
Hacking is the act of
gaining unauthorized access to a
computer system or network and in
some cases making unauthorized use
of this access. The person who is
consistently engaging in hacking
activities, and has accepted hacking as
a lifestyle and philosophy of their
choice, is called a hacker.
Effects of Computer Hacking
• Client or customer information or other
business data
• Credit card details and social security
numbers, for identity fraud or theft
• Passwords for access to our online bank, ISP or
web services
• Email addresses, which may be used for
spamming
• Children's names, photographs, ages or other
of their personal details held on the computer
Reasons for Hacking
People get involved in such
activities:
 To steal important information
 To transfer money from one
account to another
 To destroy data
How to prevent Hacking
1. Install a firewall on your computer- Firewalls
forbid outside threats such as hackers and
viruses from gaining access to your system.
2. Change your passwords often- Use a
different password for each website you
regularly log into and make sure your
passwords are long , for this makes it harder
for the hackers to guess.
3. Purchase or download anti-virus software-
Anti-virus protects your computer from
viruses.
What is Software Piracy?
Software piracy is the unauthorized
copying, selling or distribution of
copyrighted software. This can be
done by copying, downloading,
sharing, selling, or installing multiple
copies onto personal or work
computers.
Types of Software Piracy
• Counterfeiting
This type of piracy is the illegal duplication,
distribution and/or sale of copyrighted
material with the intent of imitating the
copyrighted product.
• Internet Piracy
This occurs when software is downloaded
from the Internet.
• End User Piracy
This occurs when an individual reproduces copies of
software without authorization.
• Client-Server Overuse
This type of piracy occurs when too many users on
a network are using a central copy of a program at
the same time.
• Hard-Disk Loading
This occurs when a business sells new computers
with illegal copies of software loaded onto the hard
disks to make the purchase of the machines more
attractive.
Effects of Software Piracy
The losses suffered as a result of software piracy
directly affect the profitability of the software
industry. Because of the money lost to pirates,
publishers have fewer resources to devote to
research and development of new products, have
less revenue to justify lowering software prices
and are forced to pass these costs on to their
customers. Consequently, software publishers,
developers, and vendors are taking serious
actions to protect their revenues.
Advantages of Software Piracy
Using pirated software is also risky for users.
Aside from the legal consequences of using
pirated software, users of pirated software
forfeit some practical benefits as well. Those
who use pirate software:
• Increase the chances that the software will
not function correctly or will fail completely
• Forfeit access to customer support,
upgrades, technical documentation,
training, and bug fixes
• Have no warranty to protect
themselves
• Risk potential negative publicity and
public and private embarrassment
Internet Fraud
• A fraud is a crime in which
someone deliberately deceives
someone else in order to gain
money, goods or some other
advantage.
Internet Fraud is defined as any act using
computers, the Internet, Internet devices,
and Internet services to defraud people,
companies, or government agencies of
money, revenue, or Internet access.
There are many methods used to
perform these illegal activities.
Types of Frauds
• Credit Card Fraud- An e-commerce
business sells goods and services
on-line. The customer usually has to
pay over the internet, and the most
common method is to use credit
card. People can be worried about
security and fear that their credit
card may be used by criminals.
• Identity Theft- This is a form of fraud in which
the criminal pretends to be someone else.
Identity Theft can be used for a number of
purposes:
 To obtain money from an account
 To buy goods and services
 To get the benefits of medical and other
insurances
 To avoid being arrested for crime
 To obtain travel visas
What is Industrial
Espionage?
The term ‘espionage’ usually refers
to spies of work for one country
while trying to find the national
secrets of another country. Industrial
espionage is a similar concept but
applied to businesses. They do this to
find out plans of other companies.
Types or forms of Industrial
Espionage?
• Hacking- Computers are used by
major co-operations to store
information, including financial
information and product formulas.
Managers, employees or anybody
associated to a business can hack
into the other company’s computer
to find these information.
• Social Engineering- This is a much more
personal and hands-on method of
industrial espionage. Rival companies
may send employees to gain employment
at your business to ingratiate themselves
with people in high places. They can then
gain access to passwords via their
personal relationship.
• Dumpster Diving- This involves looking
through the garbage of a rival and looking
for any important information that may
have been thrown away. This can be done
by, literally, jumping into the dumpster
or by searching through an individual
garbage bins in the building itself. They
look for financial information, password
lists, social security number lists, memos
and research papers.
What is Electronic
Eavesdropping?
Electronic Eavesdropping, is the act
of electronically intercepting
conversations without the
knowledge or consent of at least one
of the participants.
Ways in which data can be misused
1. Surveillance- Using hidden microphones
and/or cameras to gain unauthorized
information from conversation.
2. Electronic eavesdropping- Intercepting email
and/or messages during the process of
reaching its designated receiver.
3. Propaganda- Is information distributed to
encourage or force a particular opinion on a
particular entity.
4. Inaccurate information- Entering and storing of
inaccurate information due to human error or
deliberately altering correct information.
What is Computer
Surveillance?
“ Computer surveillance" often refers to a type
of spying that tracks all activity on a computer.
The term also might refer to the use of a
computer to monitor security cameras and
audio feeds. Both types of computer
surveillance depend on specialized software
specifically geared toward the task. There are
professional systems for locations such as
casinos and banks, and there are home
security systems that also make use of this
technology.
Examples of Computer
Surveillance
• Video and Audio Feeds
The other type of computer surveillance
involves computers being used to monitor
security cameras or listening devices. The
video or audio feeds are run through a
computer system. They can be reviewed live
or might be stored on a hard drive and
reviewed later if necessary.
• Remote-Control Cameras
Computer surveillance of this type might even
allow the people who are monitoring a live feed to
reposition cameras to particular areas of interest.
This is especially true of casinos and banks, where
certain people might warrant more interest than
others. The computer is linked to the camera and
is controlled by remote control. This remote link
makes it easier to monitor activity without alerting
the people who are under surveillance that they
have aroused suspicion.
What is propaganda?
This is information, especially of a biased or
misleading nature, used to promote a
political cause or point of view.
Common Examples of
Propaganda
Building a mental image - A politician will
present an image of what the world would be
like with immigration or crime so that the
voters will think of that image and believe
that voting for him will reduce that threat.
Name calling - An example of name calling in
propaganda would be: "My opponent is an
alcoholic"
• Assertion - This is presenting a fact without any
proof, as in “This is the best cavity-fighting
toothpaste out there.”
Hope you all have
learnt something