Computer Crime and Security Measures Chapter 7 Computer Crime ? Computers make activities easier ? including illegal activities ? New ways to commit old crimes ? Crimes against ? businesses - insiders and outsiders ? hackers, competitors, criminal gangs Crime ? Computers make the crimes ? easier to commit ? more devastating ? harder to detect ? doable from long distances Fraud and Embezzlement ? Embezzlement - fraudulent appropriation of property by a person to whom it has been entrusted ? Requires ? special knowledge ? special programming skill ? poor security Fraud and Embezzlement ? Aided by ? anonymity ? complexities of modern transactions increase the opportunities Defending Against Dishonest Employees ? Rotate responsibilities of employees with access to sensitive systems ? Unique ID and password ? Limit access to system ? Audit trails ? Screening and background checks of employees ? Good security policies Defending Against Fraud ? Immediate checks on legitimate cards ? Programs to detect unusual spending ? Holograms and photos on cards ? Magnetic or digital finger printing ? Physical hardware deterrents Why is the Problem so Big? ? Most customers do not want to verify ID ? Most merchants don’t check ? Security vs convenience Sabotage and Information Theft ? Unhappy employees ? Attacks by competitors ? Who else? Computer Criminals ? Hacker ? Phracker ? Cracker ? Phreak Nonmalicious Hacking ? No harm is done ? Service - exposes security weaknesses ? Help create need for tougher security ? Information want to be free ? Some companies are ripping us off Harmless? ? Time and effort are involved in tracking down the intruder and shut off means of access ? Verifications of no damage ? Uncertainty that system is preserved ? Trespassing is illegal Mechanisms of Protection ? Password protection How Serious is the Problem? ? CERT - Computer Emergency Response Team ? Federal government created ? Responds to security problems on Internet Internet ? Medium for researchers ? open access ? ease of use ? ease of sharing ? Security depended on trust ? Attitudes about security have not caught up with the risk Improving Security ? Awareness of extent of problem ? Education of users ? Acceptance of responsibility Internet Protection ? Firewall SATAN ? Security Administrator Tool for analyzing Networks Law Enforcement ? Special units to deal with crime ? Penalties are appropriate with crime Crime Laws ? Computer technology challenged existing laws and led to new ones ? Larceny ? Use of computer time ? New laws ? Access and use of computer without authorization is illegal