Professional Issues

in IT – HNDIT2403

Chapter 5: Computer misuse and Computer Crime

 Introduction
• IT has changed the way in which crimes are
committed
• Valuable assets are stored as computer data
• Telecommunications have broadened the
geography of crime
• Computers have given rise to a new range of
criminal activities such as computer hacking and
viruses.
• Much of this activity has captured the imagination
of the public, but is computer crime really a big
Faroos Fashee 2
problem?
 Computer Crime
• Computer crime describes a very broad category of offenses.
• Some of them are the same as non-computer offenses, such as
theft or fraud, except that a computer or the Internet is used in the
commission of the crime.
• Others, like hacking, are uniquely related to computers.
• It is estimated that in the near future almost all crimes in the world
will be computer related, while documents will be computer based
documents.
• It must also be remembered that all computer related systems are
vulnerable to destruction and intrusion.
• Under these circumstances, the application of new methodologies
to investigate and seize data in such storage forms as computer
hardware, software, communication devices and computer
peripherals is essential. Faroos Fashee 3
 Examples of Computer Crimes
Computer crime laws in many states prohibit a person from
performing certain acts without authorization, including:
• Improperly accessing a computer, system, or network;
• Modifying, damaging, using, disclosing, copying, or taking
programs or data;
• Introducing a virus or other contaminant into a computer
system;
• Using a computer in a scheme to defraud;
• Interfering with someone else's computer access or use;
• Using encryption in aid of a crime;
• Falsifying email source information;
• Stealing an information service from a provider. 4
 Viruses
• Viruses are programs that are devised to be copied
carelessly. They are concealed in other programs or
data, and damage or slow the operation of their 'host'
systems.
• Found that viruses are the most common form of
computer abuse.
E.g.
• The ‘I Love You’ virus released in 2000 was estimated
to have a worldwide economic impact of $8.75 billion
(CSI/FBI Computer Crime and Security Survey, 2002)

Faroos Fashee 5
 Hacking
• Hacking – currently defined as to gain illegal or
unauthorized access to a file, computer, or
network
• The term has changed over time

• Phase 1: early 1960s to 1970s

– It was a positive term
– A "hacker" was a creative programmer who
wrote elegant or clever code
– A "hack" was an especially clever piece of
code Faroos Fashee 6
 Hacking (cont.)
• Phase 2: 1970s to mid 1990s
– Hacking took on negative connotations
– Breaking into computers for which the
hacker does not have authorized access
– Still primarily individuals
– Includes the spreading of computer worms
and viruses
– Companies began using hackers to analyze
and improve security
Faroos Fashee 7
 Hacking (cont.)
• Phase 3: beginning with the mid 1990s
– The growth of the Web changed hacking;
viruses and worms could be spread rapidly
– Political hacking (Hacktivism) surfaced
– Denial-of-service (DoS) attacks used to shut
down Web sites
– Large scale theft of personal and financial
information
Faroos Fashee 8
 Hacking (cont.)
Hacktivism, or Political Hacking:
• Use of hacking to promote a political cause
• Disagreement about whether it is a form of
civil disobedience and how (whether) it
should be punished
• Some use the appearance of hacktivism to
hide other criminal activities
• How do you determine whether something
is hacktivism or simple vandalism?
Faroos Fashee 9
 Hacking (cont.)
The Law: Catching and Punishing Hackers (cont.):
• A variety of methods for catching hackers
– Law enforcement agents read hacker newsletters
and participate in chat rooms undercover
– They can often track a handle by looking through
newsgroup archives
– Security professionals set up ‘honey pots’ which
are Web sites that attract hackers, to record and
study
– Computer forensics is used to retrieve evidence
from computers
Faroos Fashee 10
 Hacking (cont.)
The Law: Catching and Punishing Hackers (cont.):

• Penalties for young hackers

– Many young hackers have matured and gone
on to productive and responsible careers
– Temptation to over or under punish
– Sentencing depends on intent and damage
done
– Most young hackers receive probation,
community service, and/or fines
Faroos Fashee 11
 Hacking (cont.)
The Law: Catching and Punishing Hackers (cont.):

• Security
– Internet started with open access as a means of
sharing information for research
– Attitudes about security were slow to catch up
with the risks
– Firewalls are used to monitor and filter out
communication from untrusted sites or that fit a
profile of suspicious activity
– Security is often playing catch-up to hackers as
new vulnerabilities are discovered and exploited
Faroos Fashee 12
 Hacking (cont.)
The Law: Catching and Punishing Hackers (cont.):

• Responsibility for Security

– Developers have a responsibility to develop with
security as a goal
– Businesses have a responsibility to use security
tools and monitor their systems to prevent attacks
from succeeding
– Home users have a responsibility to ask questions
and educate themselves on the tools to maintain
security (personal firewalls, anti-virus and anti-
spyware)
Faroos Fashee 13
 Hacking
Discussion Questions

• Is hacking that does no direct damage or theft a

victimless crime?
• Do you think hiring former hackers to enhance
security is a good idea or a bad idea? Why?

Faroos Fashee 14
Identity Theft and Credit Card Fraud
Stealing Identities:
• Identity Theft –various crimes in which a criminal or
large group uses the identity of an unknowing,
innocent person
– Use credit/debit card numbers, personal
information, and social security numbers
– 18-29 year-olds are the most common victims
because they use the web most and are unaware
of risks
– E-commerce has made it easier to steal card
numbers and use without having the physical card
Faroos Fashee 15
 Identity Theft and Credit Card Fraud (cont.)
Stealing Identities (cont.):
• Techniques used to steal personal and financial
information
– Phishing - e-mail fishing for personal and financial
information disguised as legitimate business e-
mail
– Pharming - false Web sites that fish for personal
and financial information by planting false URLs in
Domain Name Servers
– Online resumes and job hunting sites may reveal
ID numbers, work history, birth dates and other
information that can be used in identity theft

Faroos Fashee 16
 Identity Theft and Credit Card Fraud (cont.)

Stealing Identities (cont.):

• Techniques used to protect personal and financial
information
– Activation for new credit cards
– Retailers do not print the full card number and
expiration date on receipts
– Software detects unusual spending activities and
will prompt retailers to ask for identifying
information
– Services, like PayPal, act as third party allowing a
customer to make a purchase without revealing
their credit card information to a stranger
Faroos Fashee 17
Identity Theft and Credit Card Fraud (cont.)
Responses to Identity Theft:

• Authentication of e-mail and Web sites

• Use of encryption to securely store data, so it is
useless if stolen
• Authenticating customers to prevent use of stolen
numbers, may trade convenience for security
• In the event information is stolen, a fraud alert can
flag your credit report; some businesses will cover
the cost of a credit report if your information has
been stolen
Faroos Fashee 18
Identity Theft and Credit Card Fraud (cont.)
Biometrics:
• Biological characteristics unique to an
individual
• No external item (card, keys, etc.) to be stolen
• Used in areas where security needs to be high,
such as identifying airport personnel
• Biometrics can be fooled, but more difficult to
do so, especially as more sophisticated
systems are developed
Faroos Fashee 19
 Identity Theft and Credit Card Fraud
Discussion Questions
• What steps can you take to protect yourself
from identity theft and credit card fraud?
• How can you distinguish between an e-mail
that is a phishing attempt and an e-mail
from a legitimate business?

Faroos Fashee 20
 Scams and Forgery (cont.)
• Click fraud - repeated clicking on an ad to either
increase a site’s revenue or to use up a competitor's
advertising budget
• Stock fraud - most common method is to buy a stock
low, send out e-mails urging others to buy, and then
sell when the price goes up, usually only for a short
time
• Digital Forgery - new technologies (scanners and high
quality printers) are used to create fake checks,
passports, visas, birth certificates, etc., with little skill
and investment
Faroos Fashee 21
 Whose Laws Rule the Web

When Digital Actions Cross Borders:

• Laws vary from country to country
• Corporations that do business in multiple
countries must comply with the laws of all the
countries involved
• Someone whose actions are legal in their own
country may face prosecution in another
country where their actions are illegal

Faroos Fashee 22
 Censorship on the Global Net
• Global Impact of Censorship:
– Global nature of the Internet protects against censorship (banned in one
country, move to another)
– May impose more restrictive censorship (block everything in an attempt to
block one thing)
– Yahoo, eBay and others make decisions to comply with foreign laws for
business reasons
• Censorship in Other Nations:
– Attempts to limit the flow of information on the Internet similar to earlier
attempts to place limits on other communications media
– Some countries own the Internet backbone within their countries, block at the
border specific sites and content
– Some countries ban all or certain types of access to the Internet
• Aiding Foreign Censors:
– Companies who do business in countries that control Internet access must
comply with the local laws
Faroos Fashee 23
– Google argued that some access is better than no access
 Anonymity
• Anonymity on the Internet applies to any interaction a user has on the Internet
that protects his or her identity from being shared with another user or with a
third party.
• Services available to send anonymous email (Anonymizer.com).
• Anonymizing services used by individuals, businesses, law enforcement agencies,
and government intelligence services.
• Different levels of anonymity exist and examples of anonymity can be seen all
over the Internet.
• Some basic examples of anonymity on the Internet
– Secure Billing: When a user purchases something with PayPal or on Ebay, the user
does not reveal his or her personal information to the distributor. Thus, PayPal
protects the user's anonymity.
– Question-And-Answer Sites: Users make use of anonymity with sites like Formspring,
which allows people to ask anonymous questions of known users, and obtain
responses.
– . Anonymous blogging and posting: Perhaps most importantly or prevalently, users are
able to blog anonymously (anonymous Twitter accounts), comment anonymously (on
blogspot), or post links anonymously.
Faroos Fashee 24
 Anonymity
Against Anonymity:
• Fears
– It hides crime or protects criminals
– Glowing reviews (such as those posted on eBay or
Amazon.com) may actually be from the author,
publisher, seller, or their friends

• U.S. and European countries working on laws that require

ISPs to maintain records of the true identity of each user
and maintain records of online activity for potential use in
criminal investigations
Faroos Fashee 25
 Net Neutrality
• Net neutrality, or open Internet, is the principle that
Internet service providers (ISPs) should give consumers
access to all legal content and applications on an equal
basis, without favoring some sources or blocking others.
• It prohibits ISPs from charging content providers for
speedier delivery of their content on "fast lanes" and
deliberately slowing the content from content providers
that may compete with ISPs.
• The Federal Communications Commission (FCC) in USA
passed new net neutrality regulations designed to
protect the free flow of content on the Internet.
Faroos Fashee 26
 Whose Laws Rule the Web
Discussion Questions

• What suggestions do you have for resolving

the issues created by differences in laws
between different countries?
• What do you think would work, and what do
you think would not?

Faroos Fashee 27