As digital technology has advanced over the past 50-odd years with a force unprecedented in history, governments, businesses and people around the world have been affected immeasurably. The already enormous and still growing capacities for electronic storage, transmission and rapid manipulation of data changed the modern landscape virtually overnight, making the world unrecognizable in many ways to those of earlier generations. Perhaps with some of the bias that is part of the older generations, it is taken for granted that the changes have included substantial benefits.
However, such fundamental restructuring in society also results in certain disadvantages, on all levels. As we begin to rely on this technology more and more, we in fact become more vulnerable. A potential example of how damaging this reliability can be may become most evident in the next several months as we approach ever closer to the dreaded Y2K. This is a problem that resulted from human laziness and greed. However, it was not meant to be malevolent. Increased opportunities for the industrious to be more productive also allows the criminal mind new avenues for malevolence.
The explosion of the world of information technologies has a negative side: it has opened the door to antisocial and criminal behavior in ways that would never have previously been possible. Computer systems offer some new and highly sophisticated opportunities for law breaking, and they create the potential to commit traditional types of crimes in non-traditional ways. In addition to suffering the economic consequences of computer crime, society relies on computerized systems for almost everything in life, from air, train and bus traffic control to medical service coordination and national security.
Even a small glitch in the operation of these systems can put human lives in danger. Society’s dependence on computer systems, therefore, has a profound human dimension. The rapid transnational expansion of large-scale computer networks and the ability to access many systems through regular telephone lines increase the vulnerability of these systems and the opportunity for misuse or criminal activity. The consequences of computer crime may have serious economic costs as well as serious costs in terms of human security.
This paper will discuss various computer crimes, techniques, and tools, as well as dispense some advice on how to prevent it from happening. Some court cases and computer crime stories will also be reviewed. One of the first things that will be discussed is who exactly commits these crimes? Several different types of people commit computer crimes. In fact, the reader of this paper, as well as the author has probably committed some form of computer crime. It is not as impossible as one may think. If you have ever borrowed a friend or relative’s software and installed it on your computer, you are guilty of piracy.
The product was not purchased from the company, therefore resulting in a loss of their annual profits. No matter how trivial it may seem, a crime has been committed. This however, is not the type of computer crime that society should be concerned about. The two that many people are familiar with are “hackers” and “crackers”. According to The New Hacker’s Dictionary, “cracker” is defined as someone who breaks security on a system. “Hacker” is defined as a person who enjoys exploring the details of a programmable system and how to stretch their capabilities; one who programs enthusiastically, even obsessively.
Both crackers and hackers break into computer systems, but their motives are different. Hackers break in for the intellectual challenge, while crackers are more malicious and out to harm or cause damage to a computer system. There are sets of rules that hackers tend to follow. Also, crackers tend to be motivated by profits and/or revenge. As the number of hackers decrease, the number of crackers are increasing. The reason for this is because tools used for breaking into a system are becoming user friendly and are as easy as point and click.
Also, the number of computer users and businesses using computers are increasing, therefore there are more targets of crimes. Disgruntled employees often commit computer crimes. They are employers’ worst nightmares. Usually they are fired or leave on bad terms with their former employers. They try to seek revenge on their former employers by sabotaging their computer systems or network, causing expensive damage in downtime and repairs. Terrorists are becoming more computer literate now days. They realize that a tremendous amount of information regarding our National Defense are stored or found on computers.
Also, terrorists are now targeting technology and utility companies because damage can be more wide spread and devastating. Competitors will do whatever it takes to get an inside edge on their respective industry leaders. They bug telephone lines, airplane seats and now they are breaking into their competitors’ computer networks to see if they can find any insider information. I personally have been approached by companies to remain nameless to perform such a task. Although I had to decline, I will have to say that they are willing to pay a great deal of money for this service.
Companies need to protect themselves from such threats and take necessary security measures to protect themselves. Computer and technology related crime is a growth industry. The number of people using computers are growing and so is computer crime. The reason computer crime has risen in the past years can be related to the growing number of computer users, computer networks being more readily accessible, and more people are becoming computer literate. The more users of computers there are, the more targets for computer criminals. Also, many businesses use computer networks to communicate with offices in different areas.
IBM calls this “solutions for a small planet. ” A hacker would call this potential. Technology related crime is estimated at $8 billion a year. This includes stealing computer software, hardware, peripherals such as printers, and also fraud committed by hacking into a computer and stealing money or information that can be used to make a profit. Computer fraud is estimated at $555,000,000 a year and each individual case of fraud costs about $109,000. Banks have been the biggest victims of computer fraud. Their attacks are estimated at about $1 Billion a year.
These figures are only estimates by professionals and they are believed to be underestimated. Many cases of computer crime are unreported by victims. They are embarrassed and afraid that a crime can show that the company could have some weaknesses. Another reason that companies do not want to report a crime is that shareholders might threaten them with a lawsuit. Shareholder lawsuits can potentially cost more than the theft. There are six different types of attacks: military and intelligence, business, financial, terrorists, grudge, and “fun” attacks. The U. S.
Military has been broken into several times by computer criminals. Spies have learned that computers store intelligence information, such as military exercises, FBI investigations, satellite repositioning systems, and even a “how-to” eavesdrop on a telephone conversation. Espionage is becoming a game of computer break-ins, computer-based cryptography, and message traffic analysis. The U. S. Air Force hired a hacker to break into their systems. He was successful, and reported the break-in to military officials. He tried the same hack two weeks after the break-in and it only took him only 15 seconds to do it again.
Our national security is at jeopardy here and the U. S. needs to start protecting themselves and us more securely. Business attacks and industrial espionage are becoming threats. 54% of all companies in the U. S. reported financial losses because of computer problems, many of which were intentional. Competitors are always trying to gain an inside to their closest competitor. In a recent case, Boeing Aircraft accused Airbus, a French airline company, of bugging Boeing employees’ hotel rooms and airline seats and tapping their phone lines to get secret corporate information. Insiders often commit financial attacks.
People that are familiar with the systems and operations of a company can commit a crime and then cover their trails. Companies need to protect themselves from such attacks. An MCI switch assistant was arrested for sell thousands of credit card numbers he obtained over telecommunication lines. The total cost of the incident was $50 Million. Sometimes arresting these criminals does not work. Inmates at Metro Jails, in Tennessee were illegally accessing long distance telephone accounts. They would then sell the calls to other inmates for $5 dollars for a code or $1. 25 per call.
Computer facilities and technology companies are becoming the preferred choice of terrorists’ targets. The damage they can do to such a target is more wide spread and devastating. Thinking in the minds of terrorists, why would you only want to knock out the electricity in one city when you can knock it out for the entire state or region. Disgruntled employees who were recently fired or demoted often commit grudge attacks. They are intentional acts of destruction and are done for one reason, revenge. In one case a system security analyst was fired and planted a logic bomb to be detonated when he was fired.
He sabotaged his companies’ commission records and therefore preventing other employees from getting paid. It is essential that companies safeguard themselves from such attacks. “Fun” attacks are motivated by the challenge of breaking into a system rather than to cause destruction or profit. These are just as dangerous as any other type of attack. A 14 year-old boy used a small Apple and a modem to break into the Air Forces’ satellite repositioning system. This shows the potential for disaster if someone looking to cause damage hacks into these systems. Luckily in this case, the boy did it for fun.
Pacific Telephone is a good example of what can happen if someone finds out important details about a company’s computer operating system. In this particular case, a college student not only found out how to order equipment with Pacific Telephone but also where they delivered it. He was able to pick the delivery up and in most cases, he sold it back to Pacific Telephone. This college student was a smart person. He found the manuals for the operating system in a garbage can. By pretending to be a computer magazine reporter, he was able to enter the company and ask the people questions about their operating system.
They actually demonstrated the system to him. Nevertheless, it is unbelievable that this college student was actually able to obtain the access codes by telephone, pretending he was an employee. This company has a huge security problem. It is very important not to give anyone passwords, especially through the telephone. They should have created a secure department where one has to go when they lose their password. There, the employee should show a badge so security knows for sure that person is working there.
For Security Pacific National Bank, it is the same sad story, but this time a computer consultant and former college professor robbed the company. He learned, while he was visiting the bank’s wire room, the codes to authorize the computer. This way he was able to transfer money. Security Pacific National Bank had also security problems. It should not be possible for a client to see the access codes; as a result, it has to be in a restricted area. These are two examples of severe computer crimes that could have easily been avoided. The key element missing in these situations is security.
The bank certainly wouldn’t leave its vault open and unguarded. However, it did leave access to money in the vault open and unguarded. These two companies neglected the need for proper security, and paid a hefty price for it. There are several techniques that hackers and crackers use to commit computer crime. One technique is the Trojan Horse. A Trojan Horse is a set of unauthorized computer instructions, which performs an illegal act at a certain time or under certain conditions. An example is when a programmer instructed his bank’s computer to ignore overdrafts on his account.
The Salami Technique is used to steal money in small increments. An accountant used a computer to increase production costs by a fraction of a percent every few months. He then deposited the money into a dummy account which he later collected. A Trapdoor is a set of computer instructions that allows a user to bypass the system’s normal controls. A trapdoor is used during system development and should be removed before the system is in operation. Some times the trapdoor is left in place intentionally so that they can access a computer system very easily.
The Round Down Technique takes advantage of financial institutions that pay interest. A programmer can instruct a computer to round down all interest calculations to two decimal places and deposit the difference in their account. Software Piracy is an unauthorized copying of software. It is a very common and less severe form of computer crime. Masquerading is using a legitimate user’s identification number or password to gain access to a computer system. An example would be using someone else’s AOL or Prodigy password to gain access to the Internet.
Eavesdropping is listening to someone else’s transmission of information. In one wiretapping case, 5,500 fake ATM cards were obtained over telecommunications lines. The perpetrators were caught before they can use them. The tools used to hack into computer systems can be found on underground Internet sites, in Usenet discussions, or on private bulletin boards. Today the programs are becoming very user friendly, they allow you to point and click your way through a hack. A popular program that is used frequently is the “War Dialer”, which continuously dials phone numbers to find a possible hack.
They can be used to hack into private branch exchanges of a business, computer modems, or long distance carriers. A “Rootkit” is a package of software utilities and documentation that leads the user step by step through a hack. “SATAN’s” original purpose was to find weak spots in a computer system when used by a legitimate user. When SATAN falls into the hands of a hacker, they use it as a front end to find system vulnerabilities that can be exploited by add-on programs. When considering a security system for your computer system or network, there are many things one should consider. Threats should be determined first.
If you feel threatened or think your system is in danger, then you should estimate the risk of each threat. Next you must determine the consequences or exposure from each threat. Identify controls against each threat. If the threats are internal, take appropriate measures to protect yourself from employees, or if the threats are external, determine if the possible losses from an acted out threat costs more than a control system. If you have much to lose, then you might want to consider a control system. If not, the following tips might help you manage your employees in a way to reduce the possibility of fraud happening to you.
If you have segregation of duties within your organization, it will prevent one employee from having enough power to commit fraud and then to cover it up. Authorization, recording, and custody of assets should be segregated to prevent the possibility of covering fraud. System functions segregation can consist of separating application system analysis and programming, system programming, transaction authorization, file library maintenance and data control. Since many frauds require the constant attention of a perpetrator, enforced vacations or rotation of duties can lure an employee away from the system long enough to foil his plan.
Restricting access to computer terminals can be effective against fraud. Alarms, closed circuit televisions, machine-readable access cards can restrict physical access. Once an authorized user is at a terminal, passwords or identification numbers should be required. Biometric security can ensure you that no one is using someone else’s password or I. D. number. Biometric security measures the physical features of the user. For instance reading finger prints or facial features through a scanner can deny access to an unauthorized user. Whenever you transmit data over telecommunication lines or store data, you should always encrypt the data.
Encryption of data scrambles the data into an unreadable format to someone that intercepts or tries to read it. Usually the only people that can unscramble the data are the people that scrambled it. However, hackers or computer programmers can often crack these encryption codes, if the encryption program is primitive enough. Sensitive data should be controlled. You should always shred documents before you discard them. Sometimes hackers will go “Dumpster diving” to find something, like an employee’s password, that will lead them into your computer system in the garbage.
Some companies are hiring computer security officers to monitor their systems. Also, the security guard can disseminate information about improper computer use and also the consequences of violations if they are caught. Computer consultants are being used more frequently today to find flaws and holes in a company’s computer system. Former hackers often work for these companies and hack into a company’s system. But in this sense they are authorized by the company to do so and report their findings to the company so they can take the appropriate measures to prevent fraud.
At a certain school in Erie, Pa. , there is a security-type officer that monitors computer usage. He could actually be of benefit to the school, but he is incompetent, therefore making the system more difficult for the students to use, as well as leaving it quite vulnerable to hackers. Some other tips that might help you are to purchase insurance to protect yourself against fraud. This will reduce your losses in the event that lay you victim to a computer crime. Also keep back-ups of data files and programs in a secure, offsite location.
This will protect you in the event that your software or files are physically stolen; you will have back-ups to keep your business running. Using software that monitors system activity and attack scanning software will show you where you are most vulnerable. Computers are an important part of many of our lives. With the wide spread use of computers comes one more way society can be victimized by criminals. It is impossible to completely eliminate computer crime, just as it is impossible to eliminate crime in general. However, there are precautionary measures that can be taken to help reduce the risk of being victimized.
No security measure is foolproof. Some of the recommendations made can help reduce the chance of you being a victim of fraud, but they are not totally foolproof. Knowledge is the best defense. Become familiar with security journals which provide additional security tips. Get involved in newsgroups, or discussions, to see what other people are doing to help reduce their vulnerability. That is probably the best advice that can be administered to a potential victim. Basically, be aware of crimes and take necessary measures to protect yourself and your hard work. Bibliography
Some companies are hiring computer security officers to monitor their systems. Also, the security guard can disseminate information about improper computer use and also the consequences of violations if they are caught. Computer consultants are being used more frequently today to find flaws and holes in a company’s computer system. Former hackers often work for these companies and hack into a company’s system. But in this sense they are authorized by the company to do so and report their findings to the company so they can take the appropriate measures to prevent fraud.
At a certain school in Erie, Pa. , there is a security-type officer that monitors computer usage. He could actually be of benefit to the school, but he is incompetent, therefore making the system more difficult for the students to use, as well as leaving it quite vulnerable to hackers. Some other tips that might help you are to purchase insurance to protect yourself against fraud. This will reduce your losses in the event that lay you victim to a computer crime. Also keep back-ups of data files and programs in a secure, offsite location.
This will protect you in the event that your software or files are physically stolen; you will have back-ups to keep your business running. Using software that monitors system activity and attack scanning software will show you where you are most vulnerable. Computers are an important part of many of our lives. With the wide spread use of computers comes one more way society can be victimized by criminals. It is impossible to completely eliminate computer crime, just as it is impossible to eliminate crime in general. However, there are precautionary measures that can be taken to help reduce the risk of being victimized.
No security measure is foolproof. Some of the recommendations made can help reduce the chance of you being a victim of fraud, but they are not totally foolproof. Knowledge is the best defense. Become familiar with security journals which provide additional security tips. Get involved in newsgroups, or discussions, to see what other people are doing to help reduce their vulnerability. That is probably the best advice that can be administered to a potential victim. Basically, be aware of crimes and take necessary measures to protect yourself and your hard work.