Computer and Internet Crime

COMPUTER AND INTERNET CRIME

What is crime?

“A crime occurs when someone breaks the law by an overt act, omission or neglect that can result in punishment. A person who has violated a law, or has breached a rule, is said to have committed a criminal offense.” -crime.about.com

It’s an illegal offence done by a person that that breaks laws or made illicit acts. When associated by computer still implies the same definition though the misdeed was done through or with the help of a computer.

As such our teacher presented us a table indicating the increasing of IT security Incidents reported since year 1997 up to 2006.

IT Security Incidents become major concerns because of this, safeguarding important and confidential data is advice in order to prevent malicious acts and thefts or disruption for IT related cases are growing around the world.

Why Computer Incidents Are So Prevalent

It’s because of the complexity of technology, sometimes the reason is the sharing of ID’s and passwords between employees and also increased reliance on commercial software with known vulnerabilities. Exploit for example that takes advantage on the systems weakness, but there are Patch and Zero-Day Attack that can ‘fix’ such problems.

Types of Exploits

·         Types of attacks

o   Virus

o   Worm

o   Trojan horse

o   Distributed denial of service

o   Rootkit

o   Spam

o   Phishing (spear-phishing, smishing, and vishing)

VIRUS

“A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".  Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.”

- http://en.wikipedia.org/wiki/Computer_virus

It is according to our teacher a ‘part’ of a programming code that cause sudden and unwanted event. It conceals itself as something else and often attached to files.

In addition there are called MACRO viruses that use application language such as VBScript to infect documents and templates by replicating it.

WORMS

”a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.”- http://searchsecurity.techtarget.com/definition/worm

These harmful programs can spread itself without human involvement. Once it’s inside your computer it immediately start attacking by losing your data and programs, and slows down computer operation

Trojan Horses

“A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.”- http://www.webopedia.com/TERM/T/Trojan_horse.html

They are delivered by email attachments, downloaded from web site or contracted via a removable media device. Two types: Logics bombs and Time bombs.

Distributed Denial-of-Service (DDoS) Attacks

”a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, DDoS (Distributed Denial of Service) attacks are sent by two or more persons, or bots. DoS (Denial of Service) attacks are sent by one person or system.” - http://en.wikipedia.org/wiki/Denial-of-service_attack

This happens when a malicious hacker takes over a computer and use it to flood irrelevant data on the target site with use of internet and the process on which this attack could be prevented from happening it through; Filtering.

Rootkits

“A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,network connections, and the keyboard.” - http://www.webopedia.com/TERM/R/rootkit.html

It is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge

Spam

“ spamming is the use of electronic messaging systems to send unsolicited bulk messages (spam), especially advertising, indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, social spam, television advertising and file sharing spam”- http://en.wikipedia.org/wiki/Spam_(electronic)

This is rampantly shown on email accounts that abuses email systems to send unsolicited email to large numbers of people.

Phishing

“Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”- http://en.wikipedia.org/wiki/Phishing

Such as Incidents involving getting passwords on ATM machines using a device.

Types Of Perpetrators Includes:

·         Hackers

-white hat hackers are people who use hacking for good purpose.

·         BLACK HAT HACKER (Cracker)

-Clearly of criminal activity

·         Industrial Spies

-use illegal means of getting classified information for trade secret.

                =types : Competitive intelligence and Industrial espionage

·         Cybercriminals

-main goal is to steal

·         Hacktivists and Cyberterrorists

-Hacktivism, hacking for a specific goal

- Cyberterrorists,  cause harm than gather data.

Avoiding such case, there should be measures:

1.       Implementing Trustworthy Computing

-this delivers private and secure data.

-having security of ay system and network to avoid being attacked.

2.       Risk assessment

-to help identify security related risks

3.       Establishing a Security Policy

–to establish policy in the organization.

–includes additional security for the receiving and trading of information

4.       Educating Employees, Contractors, and Part-Time Workers

–training, for them to know the limitations and regulation in terms of guarding their passwords and etc.,

5.       Prevention

–having layered security, installing good anti-virus  and corporate firewall

6.       Detection

–this helps catch intruders in the act.

7.       Response

8.       –to develop well advance of any incidents

Computer Forensics

Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.

-http://en.wikipedia.org/wiki/Computer_forensics

Ethics: IT Professionals

Ethics comes in different meaning varying upon the line of work of an individual or just his own principle. Though as an IT student and soon to be IT professionals our teacher discuss about the ethics in Information technology enable for us to gain knowledge about the codes of ethics, professional organizations, certification, and licensing affect the ethical behavior of IT professionals, the key characteristics, the approaches to make that can support the ethical practices of IT users and etc.,

PROFESSION

- is a calling that requires specialized knowledge and long and intensive academic preparation. “An occupation, such as law, medicine, or engineering that requires considerable training and specialized study.”- www.thefreedictionary.com

It is also according to google.com is “a paid occupation, one that involves prolonged training and a formal qualification.” Thus, profession is a line of occupation or a calling per say that requires skill, training and an academic preparation.

Information Technology 

-refers to anything related to computing technology, such as networking, hardware, software, the Internet, or the people that work with these technologies.  is a course rampantly taken by individuals nowadays, but IT works is not recognized as professionals as it is not licensed, though IT professionals have many relationships with employers, clients, suppliers, other IT users, and professions and the society at large.

KIDS OF IT PROFESSIONALS

• IT consultant
• Cloud architect
• Computer forensic investigator
• Health IT specialist
• Web developer
• Software engineer
•  Information technology vendor manager

-http://www.experience.com/entry-level-jobs/news/top-10-jobs-in-information-technology/

Software piracy

- is an act of illegally making copies of software or enabling others access into software which they are not entitled to. It is the area which IT professionals are tempted to violate rules and policies as our teacher pointed out. Software piracy are done by not just IT professionals but also ordinary people, they think of it as ‘conveniently obtaining’ a software that supposed to cost a hefty amount of money, although it’s – in some circumstances –is practical in many ways it won’t change the fact that its illegal.

According to www.microsoft.com/en-us/piracy/default.aspx, “Software piracy is the mislicensing, unauthorized reproduction and illegal distribution of software, whether for business or personal use.”

They also point out the risks of software piracy; with the possibility of malware on pirated software as such they provided tips to identify such threat.

The Business Software Alliance (BSA) is a trade group that represents the world’s largest software and hardware manufacturers, with a mission of stopping the unauthorized copying of software.

As the lesson progresses we came into the legal overview, this includes:

Fraud, the crime of obtaining goods, services, or property through deception or trickery, this crime is proven in court.

“Fraud is a deception deliberately practiced in order to secure unfair or unlawful gain.  Defrauding people or organizations of money or valuables is the usual purpose of fraud, but it sometimes instead involves obtaining benefits without actually depriving anyone of money or valuables, such as obtaining a drivers license by way of false statements made in an application for the same.”  http://en.wikipedia.org/wiki/Fraud

When you say Fraud, it is the act of obtaining information by trickery, or what some called scamming.

Breach of contract, this happens when a party fails to meet the terms of a contract.

According to dictionary.law.com “failing to perform any term of a contract, written or oral, without a legitimate legal excuse, this may include not completing a job, not paying in full or on time, failure to deliver all the goods, substituting inferior or significantly different goods, not providing a bond when required, being late without excuse, or any act which shows the party will not complete the work ("anticipatory breach")”

The failing of compiling or following the written or even just oral contract between –for instance—an employer and employee is considered a civil wrong such following legal actions by the court. Breach of contract is the common causes of law suits.

This also associated in IT professionals, between a customers or vendors, such legal term is important to keep.

In relationship of an IT professionals and suppliers, our teacher indicates a fair dealing with them (suppliers) and of not making unreasonable demands. One of the usual doing of wrong approach is Bribery, providing money, property, or favors to someone in business or government to obtain a business advantage. This is done by not just ordinary businessman, IT professionals but also in politics; for me, this is a desperate move to be successful and a dirty way at that.

IT professionals should also hold a relationship between IT users, the persons for whom a hardware or software product is designed. It is the professionals’ duty to understand the user’s needs, delivering the product and services that best meet those needs, and establishing an environment that supports ethical behavior by user are some of the responsibilities our teacher highlighted during the discussion.

This relationship is important to set up a good image in the mind of a client or in this case the user. Also being attentive to the demands of the user can be added up too.

IT professionals in relationship with society is mentioned too, in here it is stated by our teacher that actions of IT professionals can affect society.

Professional code of ethics states that the principles and core values that are important to the work of a particular occupational group. Having this type of code of ethics is a good method to enhance trusts and respect from the people around, having this ethical approach in dealing with a client, supplier or other employee or IT user.

Certification, which indicates a professional, possesses a particular set of skills, knowledge and/or abilities in the opinion of certifying organization. This helps in landing a job one after another, as this serves as proof of a professionals list of capabilities.

Our teacher also tackled the different kinds of certificates: Vendor certifications, for IT workers, that require passing a written exam and the Industry association certifications, requires certain level of experiences and a broader perspective than vendor certifications.

A few slides before the end of the lesson, our teacher talked about, the malpractices IT professionals commits. Malpractice or Negligence not doing something that a reasonable man would do, or doing something that a reasonable man would not do for instance neglecting a task.

IT users misconducts, employees’ ethical issues --at that-- are a growing area of concerns.

Software piracy is inserted in this, inappropriate use of computing resources and sharing of information such as private data and confidential information. IT users made improper doings some for money or some is for gathering this private information.

And as countermeasure policies are establish, that protect against this abuses, boundaries of acceptable and unacceptable is build, initiating punishment to those violators. Components of this include setting boundaries for the protection of private data and information, firewalls are used too, and also limitations for obtaining resources to lessen the advances of these violators.

  

If we continue to develop our technology 

without wisdom or prudence,

our servant may prove to be our executioner.  

  --Omar N. Bradley