Download presentation
Presentation is loading. Please wait.
1
A Gift of Fire, 2edChapter 7: Computer Crime1 Social, Legal, and Ethical Issues for Computers and the Internet By: Ramon Hernandez Eugene Flock Zhonghui Li Cuong Tham Alain De Lara
2
A Gift of Fire, 2edChapter 7: Computer Crime2 A Gift of Fire Computer Crime Overview:Hacking Online Scams Fraud, Embezzlement, Sabotage, Information Theft, and Forgery Crime Fighting Versus Privacy and Civil Liberties
3
A Gift of Fire, 2edChapter 7: Computer Crime3 Introduction Computers Are Tools Computers assist us in our work, expand our thinking, and provide entertainment. Computers Are Used to Commit Crimes Preventing, detecting, and prosecuting computer crime is a challenge. --Ex. “ A thief who steals a credit card gains access to a much larger amount of money than the thief who steals a wallet in the past with only cash.” Computers and the Internet provide an opportunity for fraud, embezzlement, theft, forgery, industrial espionage, etc.
4
A Gift of Fire, 2edChapter 7: Computer Crime4 Hacking The Phases of Hacking Phase One: The early years 1960s and 1970s. Originally, hacker referred to a creative programmer who wrote clever code. The first operating systems and computer games were written by hackers. The term hacking was a positive term. Hackers were usually high-school and college students. Hackers of this time “hacked” computers for the sake of learning and challenging their skill, not for the sake of causing damage of any kind. These hackers were against hacking for the purpose of disrupting services and causing damage of any kind.
5
A Gift of Fire, 2edChapter 7: Computer Crime5 Hacking The Phases of Hacking (cont’d) Phase Two: Hacking takes on a more negative meaning. 1970s through 1990s. Authors and the media used the term hacker to describe someone who used computers, without authorization, sometimes to commit crimes. Computers were still a mystery to most people and it became easy for these people to group together all the people that could use computers to their full potential and not distinguish between who used their skills for wrong doing or for learning. Early computer crimes were launched against business and government computers. Adult criminals began using computers to commit their crimes. The Internet Worm of 1988 showed people how vulnerable the Internet was.
6
A Gift of Fire, 2edChapter 7: Computer Crime6 Hacking The Phases of Hacking Phase Three: The Web Era Beginning in the mid-1990s. The increased use of the Internet for school, work, business transactions, and recreation makes it attractive to criminals with basic computer skills. Crimes include the release of malicious code (viruses and worms). Unprotected computers can be used, unsuspectingly, to accomplish network disruption or commit fraud. Hackers with minimal computer skills can create havoc by using malicious code written by others. At this time, web sites had many security weaknesses and were very vulnerable to hacker attacks. Several countries are planning hacking attacks to fight and defend against other hacking attacks from other countries.
7
A Gift of Fire, 2edChapter 7: Computer Crime7 Hacking Hactivism …is the use of hacking expertise to promote a political cause. This kind of hacking can range from mild to destructive activities. Some consider hactivism as modern-age civil disobedience. Others believe hactivism denies others their freedom of speech and violates property rights. Some people see the action of defacing a website or crashing a website the same as shouting down a speaker with whom one disagrees. There have been many cases where a hacker or a group of hackers have hacked computers of government organizations, etc. to protest against these organizations’ political views, research, and so on. This raised problems since other hackers seeking valuable information used the cover of hactivism to cover up there true motives. Organizations for stand for animal rights, other religions, etc. find a way to rally against something they believe to be wrong without using hacktivism but just by using their own web sites. So is hactivism needed?
8
A Gift of Fire, 2edChapter 7: Computer Crime8 Hacking The Law Computer Fraud and Abuse Act (CFAA, 1986) It is a crime to access, alter, damage, or destroy information on a computer without authorization. Computers protected under this law include: –government computers, –financial systems, –medical systems, –interstate commerce, and –any computer on the Internet. There are more than a dozen other federal laws that can be used to convict hackers of their activities. These laws range from prosecuting hackers from bank fraud to damage of government property. Anti-hacking laws provide for strong penalties such as: -1 to 5 years incarceration and up to a $25,000 fine for a 1 st offense
9
A Gift of Fire, 2edChapter 7: Computer Crime9 Hacking The Law (cont’d) USA Patriot Act (USAPA, 2001) The act raised the maximum penalty in the CFAA for a first offense from 5 to 10 years. Allows for recovery of losses due to responding to a hacker attack, assessing damages, and restoring systems. Higher penalties can be levied against anyone hacking into computers belonging to criminal justice system or the military. The government can monitor online activity without a court order.
10
A Gift of Fire, 2edChapter 7: Computer Crime10 Hacking Catching Hackers … requires law enforcement to recognize and respond to myriad hacking attacks. Computer forensics tools may include: Undercover agents, Security specialists who maintain logs of Internet Relay Chat channels used by hackers. Honey pots (sting operations in cyberspace), Archives of online message boards, Tools for recovering deleted or coded information. Computer forensics agencies and services include: Computer Emergency Response Team (CERT) - established in response to the 1988 Internet Worm. National Infrastructure Protection Center (NIPC) – formed by the FBI to protect against hackers. Private companies specializing in recovering deleted files and e-mail, tracking hackers via Web site and telephone logs, etc..
11
A Gift of Fire, 2edChapter 7: Computer Crime11 Hacking Questions About Penalties Which laws apply Hackers commit crimes both internationally and state by state, so which laws apply to them when they are caught. Sometimes hackers get away with what they did because where they committed the crime may have no laws against such activity. Intent Should hackers who did not intend to do damage or harm be punished differently than those with criminal intentions? What about amateurs who cause great damage because it was an accident, due to ignorance and so on. Age Should underage hackers receive a different penalty than adult hackers? There have been cases where many underage hackers were given light sentences but others weren’t so lucky Damage Done Should the penalty correspond to the actual damage done or the potential for damage? Also, depending on the severity of their actions, hackers who were convicted were given different punishments.
12
A Gift of Fire, 2edChapter 7: Computer Crime12 Hacking Security Security weaknesses can be found in the computer systems used by: businesses, government (classified and unclassified), and personal computers. The Defense Information Systems Agency reported that there were 500,000 hacker attacks on the Defense Department networks in 1996, that 65% were successful and less than 1% were detected. Some experts argue that targeted computer systems don’t have classified info, so the break-ins aren’t as serious. But knowing this doesn’t reassure people. This doesn’t mean systems should stay vulnerable. Causes of security weakness: characteristics of the Internet and Web. The Internet gave us open access, easy to use, and ease of sharing info, but it was not originally designed for security against intruders of any kind. human nature. People don’t tend to respond to a serious problem until after the problem has occurred. inherent complexity of computer systems.
13
A Gift of Fire, 2edChapter 7: Computer Crime13 Hacking Security can be improved by: Ongoing education and training to recognize the risks. There exist principles and techniques to develop safe systems and it software designers must learn to use them. Better system design. Use of security tools and systems. Challenging “others” to find flaws in systems. Some companies hire hackers to find flaws in the systems they are developing. Writing and enforcing laws that don’t stymie research and advancement. Recognizing the risk of being open for attack motivates network admins to install firewalls to monitor and filter out incoming communications and suspicious activity. Encryption and anti virus software are good tools to protect computer systems.
14
A Gift of Fire, 2edChapter 7: Computer Crime14 Online Scams Auctions Selling and buying goods online has become popular. Problems: sellers don’t send the goods, sellers send inferior goods, price is driven up by shill bidding (I.e. bidding on one’s own goods to drive up the price) illegal goods sold or items sold in an illegal way Some products, though legal, can be dangerous such as drugs Solutions: educate customers to be cautious Online auction companies made improvements such as adopting several practices and policies to deal with customer complaints. They recognized that customer confidence was crucial to there success and reputation. read seller “reviews,” (meaning looking at a sellers reputation) use third-party escrow, and more…
15
A Gift of Fire, 2edChapter 7: Computer Crime15 Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery Some Causes of Fraud Credit-Card Stolen receipts, mailed notices, and cards. Ex. Account numbers are stolen by store clerks or thieves who search through trash near store for receipts. Interception of online transaction or weak e-commerce security. On the web, credits card numbers can be stolen in transmission. Careless handling by card-owner. ATM Stolen account numbers and PINs. “inside jobs” – ex. Person who works for a company that installs ATM machines uses his access to the machine and software to steal people PINS, and account numbers. A counterfeit ATM, installed by a group of thieves. Telecommunications Stolen long-distance PINs from calling-card numbers entered at public places. Cloned phones by receiving the serial number, which is transmitted by a cell phone at the beginning of each call.
16
A Gift of Fire, 2edChapter 7: Computer Crime16 Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery Some Defenses Against Fraud Credit-Card Instant credit-card check. Credit-card companies print books of stolen credit card numbers and deliver them to merchants regularly. Analysis of buying patterns. Analysis of credit card applications (to detect identity theft). Verify user with Caller ID. ATM Redesigned ATMs so that the keyboard is not easily visible by anyone other than the person using it. Limited withdrawal. ATM software check for unusually high activity at a particular machine (I.e. someone is taking out more than they should) Telecommunications match phone “signature” with serial number. identify phone without broadcasting serial number.
17
A Gift of Fire, 2edChapter 7: Computer Crime17 Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery Embezzlement and Sabotage Some Causes Insider information. With the use of computers, trusted employees have stolen hundreds of thousands of dollars. Poor security on computer systems used by employees give employees opportunities to embezzle money. Complex financial transactions. Anonymity of computer users. Some Defenses Rotate employee responsibility. Require use of employee ID and password and ID’s should be encoded to allow access to the employees needed for a specific job. Implement audit trails, which provide a record of transactions and on the employee who authorized them. Careful screening and background checks of employees.
18
A Gift of Fire, 2edChapter 7: Computer Crime18 Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery Identity Theft Some Causes of Identity Theft Insecure and inappropriate use of Social Security numbers. Careless handling of personally identifiable information. Weak security of stored records. Insufficient assistance to identity theft victims. Some Defenses for Identity Theft Limit use of personally identifiable information. Appropriate response from government agencies whose documents are used for identification, better methods of identifying a person and so on. Increase security of information stored by businesses and government agencies. Improve methods to accurately identify a person. Educate consumers.
19
A Gift of Fire, 2edChapter 7: Computer Crime19 Fraud, Embezzlement, Sabotage, Identity Theft, and Forgery Forgery Some Causes Powerful computers and digital manipulation software. High-quality printers, copiers, and scanners allow people to make fake checks, money, passports and so on. Some Defenses Educate consumers and employees. Changes in the law. Use anti-counterfeiting techniques during production, such as microprinting and the use of paper with watermarks. Money contains a security thread that cant be reproduced in any way, to protect against counterfeiting. Use counterfeit detection methods. Create legal and procedural incentives to improve security. One example is for a business to send its bank a list of the number of accounts off all checks issues so that the bank can quickly verify incoming checks.
20
A Gift of Fire, 2edChapter 7: Computer Crime20 Crime Fighting vs Privacy and Civil Liberties Scams Crime Fighting Securities and Exchange Commission announced a plan to use automated surveillance software to look for suspicious Web activity in chat rooms and web sites. The software would build a database of these “suspicious” postings. Also the system monitors constantly. Privacy and Civil Liberties No search warrant nor proof of probable cause. Should the system need a search warrant to search through chat rooms and sites even though its automated? Biometrics Crime Fighting Exact match of biological characteristics to a unique person. They include fingerprints, voice prints, the face, hand geometry, retina scans and DNA. Privacy and Civil Liberties Some applications provide convenience that could appeal to consumers. Problems: If a credit card number is stolen, we can get another one. If a hacker steals a file with our digitized thumbprint or retina scan, we cant get a new one. Another problem is biometrics makes it easy to build complete dossier on people.
21
A Gift of Fire, 2edChapter 7: Computer Crime21 Crime Fighting vs Privacy and Civil Liberties Search and Seizure of Computers Crime Fighting Obtain evidence of a crime though a search warrant. Privacy and Civil Liberties Day-to-day business ceases; non-criminal contact with others ends. Seizure of a computer gives way to new problems for both law enforcement and suspects because of the computers multipurpose use. A warrant may allow law enforcement to search through the computer for what they are looking for but the computer may contain certain information not covered in the warrant which brings about problems with privacy and so on. The Cybercrime Treaty Crime Fighting U.S. and European governments agree to cooperate with investigations to prevent against copyright violations, distribution of child porn, and so on. Privacy and Civil Liberties Potential for government spying is great. The treaty gives wide range of powers to investigators to track online activity which places costly requirements on ISP’s to store logs and other data that law enforcement can use to makes arrests.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.