Computer Crime

advertisement
Computer Crime
--------------------------------------------------------------------Learning Objectives
1. Understand types of computer crime
2. Understand areas of computer abuse
3. Understand methods of computer attack
4. Understand rule for security
5. Understand computer system security
--------------------------------------------------------------------Introduction
A computer crime is defined as an illegal act in which
knowledge of computer technology is used to commit the
offense. Computer manipulation crimes involve changing
data to create records in a system for the specific
advancement of another crime.
Computer crime commonly takes one of a few familiar,
highly general forms:
1. Fraud
2. Theft
3. Destruction
4. Disruption
5. Conspiracy
--------------------------------------------------------------------Fraud
Fraud is the misrepresentation of information. The end
goal of fraud may be monetary or some other type of
specific gain or it may grant a more general advantage to the
perpetrator. Depending on the exact circumstances, fraud
may be criminal in itself, whether it leads to any further
1
ends or not. This fact is particularly evident in certain areas
of legal and regulatory compliance
--------------------------------------------------------------------Theft
Theft is probably the most familiar type of computer
crime; in fact, identity theft has become a household word.
Theft is not restricted to only this type, however. Computer
related theft also may include theft of funds, theft of
information, theft of physical property, or theft of
intellectual property. This category can encompass anything
from the misappropriation of computer hardware to various
forms of industrial espionage. The end goal, however, is
typically a targeted, tangible, or economic gain of some
kind.
--------------------------------------------------------------------Destruction
Destruction is one of the most familiar forms of
computer crime. Information or the devices that it resides on
may be destroyed for any number of reasons. Most security
professionals encounter destruction of information in a more
familiar form: computer viruses and other kinds of malware.
Malware threats represent one of the most damaging and
costly areas of computer crime because malware threats are
both numerous and diverse.
A computer virus, Trojan, or worm may destroy files,
sectors on a disk, or entire file systems. Depending on the
specifics of the threat, it may spread by infecting other files
and drives, the local area network, a Web page, e-mail, or
any combination of these.
2
--------------------------------------- -----------------------------Disruption
The most common type of disruption in computer crime
is the denial of service attack. This type of attack typically
crashes a system by sending large amounts of network
traffic to it such that it is unable to process legitimate
requests, or simply fill up the system’s disk.
--------------------------------------------------------------------Conspiracy
At a conceptual level, a conspiracy is simply an
agreement between two or more individuals to commit an
illegal act. Legally, this type of crime may become a
computer crime whenever computers, networks, e-mail
systems, chat rooms, instant message agents, and other
systems are used to facilitate such an agreement or
consultation. The actual illegal act does not have to take
place for conspiracy itself to take place.
--------------------------------------------------------------------Areas of Computer Abuse
The following are the most likely areas where computer
abuse will occur.
1. Payroll, fictitious personnel can be created.
2. Inventory, fictitious accounts can be created and
records falsified to show bills were paid, while
inventory was delivered to fictitious persons and
locations.
3. Accounts receivable, this information can be
mismanaged by a loss of computer records of monies
owed to the firm.
3
4. Operations information, this data can be very valuable
to a firm’s competitors, especially in the areas of
growth plans and new designs.
--------------------------------------------------------------------Hardware and Software Thefts
These thefts characterize the illegal use of a computer.
Software piracy involves the duplication of programs
without authorization or payment. Virtually millions of
dollars are lost by software developers to this type of crime
each year, even though vendors are now attempting to
safeguard their programs through the use of copyright
protection devices.
--------------------------------------------------------------------Methods of Attack
There are many ways to compromise a computer. Some
are technical attacks, while others can be accomplished with
only a basic understanding of computer operations. The
following are the most common methods of attack.
--------------------------------------------------------------------Data Diddling
This is the simplest, safest, and most common method
used by insiders.
It involves putting false information into the computer. The
data are changed before or during input from a computer,
such as fraudulent payroll information.
--------------------------------------------------------------------Logic Bombs
These are illegal instructions that operate at a specific
time or periodically after being given to a computer. They
4
are often dependent upon date, time, or another operation
for execution.
--------------------------------------------------------------------Trojan Horse
The computer criminal can alter the computer program
by adding instructions unknown to the owner. As a result,
the computer performs unauthorized functions. For
example, it deletes accounts payable or receivable.
--------------------------------------------------------------------Design and Personnel Rules for Security
Certain commonsense steps, as follows, can greatly
reduce the possibility of computer crimes, if they are taken
into consideration from the very beginning:
1. Establish strong rules about who is allowed access to
computer facilities.
2. Establish strong controls about data preparation
equipment, and establish from the start who will have
access to it.
3. Provide for extensive background screening of
individuals who will do data processing.
4. Require that at least two persons be present when data
processing equipment is operated.
----------------------------------------------------------------------Computer System and Electronic Transactions Security
Maintaining the security of a computer system and
electronic transactions involves the following:
1. Adequate physical security to prevent accidental or
intentional damage to the computer system and related
equipment
5
2. Established techniques for maintaining transaction
data controls and for analyzing the reasonableness of
transactions to detect and report possible crime attempts
3. Use of customer identification methods to restrict
unauthorized individuals from initiating transactions to
customer accounts
-----------------------------------------------------------------------
6
Download