Crime and Security in the Networked Economy

Part 4

The Changing Face of Crime

• IT Crime• IT Security• Types of IT Crime

– Theft– Fraud– Copyright Infringement– Attacks

TECHNOLOGY TRENDS & ETHICAL ISSUES

• Computing Power Doubles Every 18 Months

• Advances In Data Storage

• Advances In Data Mining Techniques

• Advances In Telecommunications Infrastructure

*

The Changing Face of Crime

• Types of IT Criminals– Employees– Outside Parties

• Hackers

– Organized Crime• Counterfeit Products• Intellectual Property Infringement

Risks to Information Systems

What causes damage to IS?Figure 17.4 What causes damage to ISs?

Human errors, accidents and omissions 50Ð80%

Dishonest employees 10Ð17%

Natural disasters 10Ð15%

Disgruntled employees 3Ð4%

Water 2Ð3%

Outsiders 1Ð3%

Source: Forcht, K.A, Computer Security Management, with the permission ofCourse Technology, Inc. Copyright 1992 by Boyd and Fraser Publishing Co.

Human errors, accidents, and omissions 50-80%

Dishonest employees 10 -17%

Natural Disasters 10-15%

Disgruntled employees 3-4%

Water 2-3%

Outsiders 1-3%

Changing Nature of Crime

Aspect of Crime IndustrialEconomy (1950)

NetworkedEconomy (2000)

Location Local Remote

Impact Low High

Format Physical Electronic

Risk High Low

Types of IT Crime• Theft of hardware, data or

information– National Computer Registry

• Fraudulent use of IT– Credit card fraud

– Investor fraud

– Medical and drug-related fraud

– Auction site fraud

Security

• Policies, protection, and tools to safeguard hardware, software, communication network, and data from unauthorized access, alteration, theft and physical damage.

Risks To Hardware

• Hardware Failure

• Natural Disasters

• Blackouts and Brownouts

• Vandalism

• Theft

Risks To Application and Data

• Software Failure

• Theft

• Alteration or Destruction

• Computer Virus

• Hacker

• Mishap– Training

Risks to Information SystemsCAUSE LOSSS IN

MILLIONSNUMBERSOF REPORTS

Theft $1,011 275,000

Power Failure $318 389,000

Accidents $246 276,000

Miscellaneous Causes $157 269,000

Lightening $86 91,000

Fire $72 19,000

Transit $53 54,000

Water $51 34,000

Total $1,994 1,407,000

Source: Software, The Insurance Agency, Inc., quoted in “1993 ComputerLosses,” MacWeek, Vol 8 No 36, September 12, 1994, p. 28.

Theft/Alteration of Information

• Secure Passwords– Biometric Controls

• Data Entry Controls• Audit Trails• Separation of Duties

• Back-up copies secured

• Shred Printouts• Secure diskettes

Protection from Disasters

• Fault-tolerant Systems– Extra hardware, software, and power supply

components that can back the system up and keep it running.

• Back-up of Data• Secure Area• Battery Back-up

– UPS

Copyright Infringement

• Software Piracy

• Business Software Alliance

• 1980 Software Copyright Act

• 1997 No Electronic Theft Act (NET)

Copyright Infringement• Music Piracy

• Motion Picture Experts Group

• MPEG version 3

• MP3 Rio Player

• NET Act Coverage

Computer Virus

• Software Program that spreads through system destroying data and Operating System.– Scan Disks with Current Antivirus Program– Know Origin of Software– Don’t Copy– Watch Downloads– Passwords for Access

Anti-Virus

Virus Generation Process

Virus is Createdat Terminal or PC

Virus is Transmitted to OtherComputers via Network or Disk

Virus ReplicatesItself on

New Computers,Taking Over

Main Memory

Virus Sends Copies of Itselfover Network or on Diskto More Computers

VIRUS Attacks• Worm

• Trojan Horse

• Time Bomb

• Logic Bomb

• Trapdoor

• Attacks on Web and E-mail Servers

Information Technology Security

• Threats to the Computer–Physical Security

• Controlled Access

–Data Security• Backups

–Internet Security

Information Technology Security

• Surge Protection• Uninterruptible Power Supplies

(UPS)• Password Policy and Use• Personal Identification Number

(PIN)• System Audit Software

• Person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure.– Passwords– Callback– Firewall– Encryption

HACKER

Data Encryption Systems• Plaintext

–Ciphertext

–Public Key Encryption Systems

–Private Key

SET EncryptionRequest is Sent toE-commerce Server

E-Commerce ServerVerifies Transaction

Types of IT CrimeSecure Electronic Transmission (SET)

Purchaseis Requested

MerchantSends Recordto Bank

Transactionis Approved Bank Credits

Merchant’s Account

Encrypting Communications Increases Security

Figure 17.10 Encrypting communications increases security.

Plain Text

LetÕs meet at11pm at theregular place

LetÕs meet at11pm at theregular place

Encrypted Message Decrypted Message

encryption decryption@#$%^&*)(hJKgfSed%$dE?><:Ó{><?V

Firewalls• Software to separate users from computing

resources.

• Allows retrieval and viewing of certain material, but blocks attempts to make any changes in the information or to access data that reside on the same computer.

• They are also used to keep unauthorized software away.

Firewall Around Network

Internet Security

• 4 Basic Firewall Actions– Packet can be dropped entirely

– Alert network administrator

– Return failed message to sender

– Action can be logged only