Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Computer Misuse.

Published byDominick Bishop Modified over 6 years ago

Similar presentations

Presentation on theme: "The Computer Misuse."— Presentation transcript:

1 The Computer Misuse

2 Definition The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed in CMA is designed to frame legislation and controls over computer crime and Internet fraud. The legislation was created to: Criminalize unauthorized access to computer systems.

3 Computer Misuse Act 1990 4 key points you need to learn/understand/revise

4 Computer Misuse Act - Reasons
No laws specifically to deal with computer crime prior to 1990 The Misuse Act is often labeled “anti-hacking legislation” It was enacted to respond to the growing threat of hacking to computer systems and data Previously hacking was not illegal in the UK. Act now covers much more.

5 Levels of Offence The Act specifies 3 levels of offence
In summary these are:- Unauthorised Access Unauthorised access with intent to commit another offence Unauthorised modification of data (writing viruses comes under this level)

6 Penalties Unauthorised Access (level 1) is called a summary offence and penalties are limited to 6 months imprisonment and/or a maximum fine of £5000 The other two offences (levels 2 and 3) are more serious and carry jail terms of up to 5 years and unlimited fines

7 Example 1 A student hacks into a college database to impress his friends unauthorised access Later he decides to go in again, to alter his grades, but cannot find the correct file unauthorised access with intent A week later he succeeds and alters his grades unauthorised modification of data

8 Example 2 An employee who is about to made redundant finds the Managing Director’s password; logs into the computer system using this and looks at some confidential files unauthorised access After asking a friend, he finds out how to delete files and wipes the main customer database unauthorised modification Having received his redundancy notice he goes back in to try and cause some damage but fails to do so unauthorised access with intent...

9 Prosecutions A disgruntled IT supplier hacked estate agency website and replaced pictures of houses with Animals pictures. £1250 fine. Ex-employee stole 1,700 customer records on backup tape before setting up competitive PC networking company. Conditional discharge and £15 fine Ex-employee made unauthorised use of his former employer's Mercury telephone account to make "free" calls. £900 fine

10 Problems However, prosecutions under the Computer Misuse Act are rare for a number of reasons Offences difficult to prove Evidence difficult to collect - firms do not co-operate with police Firms embarrassed by hacking - particularly banks Employees often simply sacked/demoted Police lack expertise; time; money Offence perceived as ‘soft crime’ no one injured/hurt

11 SCOPE Computer Crime Trends Definition of Computer Crime Case Studies
Computer Misuse Act

12 INTRODUCTION Computer Crimes Trend
No. of reported cases relatively low Increasing trend 1993/

13 INTRODUCTION Definition of Computer Crime
When there is unauthorized access into a computer system in order to : Destroy data or programs Commit other offences

14 CASE STUDY ONE The Perfect Computer Crime System Analyst used Trojan horse program to capture colleagues password and used it to modify the Lucky Draw Program. Also gained root access whilst auditing computer system and replaced Lucky Program with fake program that allowed 3 friends to ‘win’ $485,000 Case 1 This ex-employee was allowed entry into the working area of the bank. He then keyed in his account number and the bank over-riding code into an unattended terminal and credited S$1.2 m to his account. He was subsequently charged and convicted under the Computer Misuse Act. He was jailed 5 years. Case 2 The system analyst installed a trojan horse program to capture the password for accessing bank lucky draw program. He then used the password to gain access to the program. He modified it to include his wife as a winner. Subsequently the following year, he was tasked to assist the external auditor. The senior manager allowed him access to the system using the master password. The accused then replaced the original lucky program with his modified version. The modified program then chose 3 of his acquaintances as winners. He was charged and convicted under the CMA, jailed for 4 years.

15 CASE STUDY TWO Crashing of Factory Computer System Disgruntled system administrator inserted logic bomb that replaced system files with damaged files during backup process. Also used another logic bomb to time backing up process while he was on holiday. Caused entire company’s system to crash and halted production lines. After his dismissal, he asked a computer illiterate colleague to crash system files. Case 3 23 account holders of various banks reported that unauthorised withdrawals were made from their accounts. 5 persons including a cashier were arrested. The cashier supplied NETS receipts to the syndicate while the other members peered at customers keying in their ATM pins. They then made duplicate ATM cards by using a reader and software programs to re-encode these stolen information onto the cards. These cards were then used to made withdrawals from ATMs and purchases thru NETS. The total damage was about $96,000. They were charged and convicted and jailed between 16 months to 4 years. Case 4 A disgruntled employee was not happy with the management. He accidentally discovered the manufacturer’s default password was not removed. He used this default password and retrieved those s containing adverse financial information and sent it to the clients. He was charged and convicted, fined $10,000 Case 5 Another disgruntled employee (a system administrator) replaced original system files with damaged files during the backup process. He used a logic bomb to time the backup during his absence and as a result the company’s system crashed. Subsequently he left the company and he called a production worker on pretext of removing some personal files. The operator followed his instructions and deleted the system files and the system crashed for the second time.

16 CASE STUDY THREE Smart Card Scam - Managers of Cinema Chain modified Daily Cashiers’ Reports on computer system and siphoned off cash. Also topped up used Smart cards illegally and sold them to cinema touts. Enlisted help of a computer service engineer to load program into a branch so as to further the crime. Case 3 23 account holders of various banks reported that unauthorised withdrawals were made from their accounts. 5 persons including a cashier were arrested. The cashier supplied NETS receipts to the syndicate while the other members peered at customers keying in their ATM pins. They then made duplicate ATM cards by using a reader and software programs to re-encode these stolen information onto the cards. These cards were then used to made withdrawals from ATMs and purchases thru NETS. The total damage was about $96,000. They were charged and convicted and jailed between 16 months to 4 years. Case 4 A disgruntled employee was not happy with the management. He accidentally discovered the manufacturer’s default password was not removed. He used this default password and retrieved those s containing adverse financial information and sent it to the clients. He was charged and convicted, fined $10,000 Case 5 Another disgruntled employee (a system administrator) replaced original system files with damaged files during the backup process. He used a logic bomb to time the backup during his absence and as a result the company’s system crashed. Subsequently he left the company and he called a production worker on pretext of removing some personal files. The operator followed his instructions and deleted the system files and the system crashed for the second time.

17 CASE STUDY FOUR Distribution of user-ids and passwords - Two youths stole user-ids and passwords of unsuspecting users of an ISP during a sessions and displayed the user-ids and passwords on a web site stating that the ISP’s system security had been breached. Case 3 23 account holders of various banks reported that unauthorised withdrawals were made from their accounts. 5 persons including a cashier were arrested. The cashier supplied NETS receipts to the syndicate while the other members peered at customers keying in their ATM pins. They then made duplicate ATM cards by using a reader and software programs to re-encode these stolen information onto the cards. These cards were then used to made withdrawals from ATMs and purchases thru NETS. The total damage was about $96,000. They were charged and convicted and jailed between 16 months to 4 years. Case 4 A disgruntled employee was not happy with the management. He accidentally discovered the manufacturer’s default password was not removed. He used this default password and retrieved those s containing adverse financial information and sent it to the clients. He was charged and convicted, fined $10,000 Case 5 Another disgruntled employee (a system administrator) replaced original system files with damaged files during the backup process. He used a logic bomb to time the backup during his absence and as a result the company’s system crashed. Subsequently he left the company and he called a production worker on pretext of removing some personal files. The operator followed his instructions and deleted the system files and the system crashed for the second time.

18 CASE STUDY FOUR Hacking of Television's Stations web-site Two teenagers obtained illegal access to a Television Station web-site by accident and modify several of the web pages with “hacker slogans”.

19 LESSONS LEARNT Physical Security Electronic Security
Lack of Physical Security Electronic Security Good Security Practices Regular System Audit Computer Incident Management Case 3 23 account holders of various banks reported that unauthorised withdrawals were made from their accounts. 5 persons including a cashier were arrested. The cashier supplied NETS receipts to the syndicate while the other members peered at customers keying in their ATM pins. They then made duplicate ATM cards by using a reader and software programs to re-encode these stolen information onto the cards. These cards were then used to made withdrawals from ATMs and purchases thru NETS. The total damage was about $96,000. They were charged and convicted and jailed between 16 months to 4 years. Case 4 A disgruntled employee was not happy with the management. He accidentally discovered the manufacturer’s default password was not removed. He used this default password and retrieved those s containing adverse financial information and sent it to the clients. He was charged and convicted, fined $10,000 Case 5 Another disgruntled employee (a system administrator) replaced original system files with damaged files during the backup process. He used a logic bomb to time the backup during his absence and as a result the company’s system crashed. Subsequently he left the company and he called a production worker on pretext of removing some personal files. The operator followed his instructions and deleted the system files and the system crashed for the second time.

20 COMPUTER MISUSE ACT Section 3 - Unauthorised Access to Computer Material Section 4 - Access with Intent to Commit or Facilitate Commission of Further Offence Section 5 - Unauthorised Modification of Contents of Computer

21 COMPUTER MISUSE ACT Section 6 - Unauthorised Use/Interception of Computer Service Section 7 - Unauthorised obstruction of Use of Computer Section 8 - Unauthorised Disclosure of Access Code Section 9 - Enhanced punishments - Territorial Scope

22 International Co-operation
Asian Working Party (Computer Crime) Links with FBI Hong Kong Malaysia Taiwan Sweden U.K.

23 COMPUTER CRIME INVESTIGATIONS
Report Lodging What to prepare? Who should do the reporting?

24 COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation Interviews (Facts gathering) Complainant / Victims System Administrators Customer Service Engineer Other Witnesses

25 COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation Evidence Collection Physical evidence (eg computer system, storage media) Supporting evidence (eg system logs, callerID records)

26 COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation Evidence Analysis Forensic laboratory and staff for examination of storage media Technical Support from Industry experts Vendors’ information

27 COMPUTER CRIME INVESTIGATIONS
Implications of Police Investigation’ Evidence in police custody till conclusion of the case Commitment of time and resources Adverse publicity

28 PREVENTION & INCIDENT MANAGEMENT
Setting up a Security Team Implement Preventive Measures Incident Management

29 PREVENTION & INCIDENT MANAGEMENT
Preventive Measures Simulation Exercises Tracking software/hardware for bugs & vulnerabilities

30 PREVENTION & INCIDENT MANAGEMENT
Respond swiftly Collation of essential information and facts Gathering of evidence caller id records, system access logs

Download ppt "The Computer Misuse."

Similar presentations

By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force.

COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
GCSE ICT Computers and the Law. Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.

GCSE ICT Computers and the Law. Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
Hacking. Learning Objectives: At the end of this lesson you should be able to:

Hacking. Learning Objectives: At the end of this lesson you should be able to:
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Hacking, Viruses and the Copyright Law. Learning Objectives  Describe what Hacking is and what Viruses are.  List what viruses can do and describe how.

Hacking, Viruses and the Copyright Law. Learning Objectives  Describe what Hacking is and what Viruses are.  List what viruses can do and describe how.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Similar presentations

Ads by Google