Unit 9 » Computer Crime and Safety Measure

1st Semester

1. Computer crimeCyber crime

Alternatively referred to as cyber crimee-crimeelectronic crime, or hi-tech crimeComputer crime is an act performed by a knowledgeable computer user, sometimes referred to as a hackerthat illegally browses or steals a company’s or individual’s private information. In some cases, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files.

2.Software piracy

A term used to describe the act of illegally using, copying or distributing software without ownership or legal rights. The majority of software today is purchased as a one-site license, meaning that only one computer may have that software installed on it at one time. Copying that software to multiple computers or sharing it with your friend without multiple licenses is considered software piracy, which is illegal.Software piracy penalties apply to users that illegally reproduce copyrighted works and/or users who are knowingly in possession of illegally reproduced works. Unknowingly accepting pirated software is another scenario, provided it can be proven. End users may notice red flags, which indicate pirated software, especially if the acquired digital media is encased in inconspicuous or generic containers, such as CD sleeves or unnamed disk packaging.

3.Defining viruses, worms, and Trojan horses

  • A computer virus is “a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying data)”.
  • Worms: Worms are very similar to viruses in that they are computer programs that replicate functional copies of themselves (usually to other computer systems via network connections) and often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. Unlike viruses, however, worms exist as separate entities; they do not attach themselves to other files or programs. Because of their similarity to viruses, worms also are often referred to as viruses.
  • Trojan horses: A Trojan horse is a program that does something undocumented which the programmer intended, but that users would not accept if they knew about it. By some definitions, a virus is a particular case of a Trojan horse, namely, one which is able to spread to other programs (i.e., it turns them into Trojans too). According to others, a virus that does not do any deliberate damage (other than merely replicating) is not a Trojan. Finally, despite the definitions, many people use the term “Trojan” to refer only to a non-replicating malicious program.
  • Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users.
    Spyware is used for many purposes. Usually it aims to track and sell your internet usage data, capture your credit card or bank account information, or steal your personal identity. How? Spyware monitors your internet activity, tracking your login and password information, and spying on your sensitive information.

    5. ETHICAL ISSUES

    The foundations of all secure systems are the moral principles and practices and the professional standards of all employ­ees of the organization, i.e., while people are part of the solution, they are also most of the problem. The following issues are examples of security problems which an organization may have to deal with:

    A. Ethics and Responsible Decision-Making

    The foundation of all security systems is formed by moral principles and practices of those people involved and the standards of the profession. That is, while people are part of the solution, they are also most the problem. Security problems with which an organization may have to deal include: responsible decision-making, confidentiality, pri­vacy, piracy, fraud & misuse, liability, copyright, trade secrets, and sabotage.

    B. Confidentiality & Privacy

    Computers can be used symbolically to intimidate, deceive or defraud victims. Attorneys, government agencies and businesses increasingly use mounds of computer generated data quite legally to confound their audiences. Criminals also find useful phony invoices, bills and checks generated by the computer. The computer lends an ideal cloak for carrying out criminal acts by imparting a clean quality to the crime.
    The basic law that protects our privacy is the Fourth Amendment to the United States Constitution, which mandates that people have a right to be secure in homes and against unreasonable search and seizure. In addition, many laws have been enacted to protect the individual from having damaging information stored in computerized databases.

    C. Piracy

    Microcomputer software presents a particular problem since many individuals are involved in the use of this soft­ware. Section 117 of the copyright laws, specifically the 1980 amendment, deals with a law that addresses the prob­lem of backup copies of software. This section states that users have the right to create backup copies of their soft­ware. That is, users may legally create a backup copy of software if it is to be held in archive. Many software com­panies provide a free backup copy to users that precludes the need for to users purchase software intended to defeat copy protection systems and subsequently create copies of their software.
    The software industry is prepared to do battle against software piracy. The courts are dealing with an increasing number of lawsuits concerning the protection of software. Large software publishers have established the Software Protection Fund to raise between $500,000 and $1 million to promote anti-piracy sentiment and to develop addi­tional protection devices.

    D. Fraud & Misuse

    The computer can create a unique environment in which unauthorized activities can occur. Crimes in this category have many traditional names including theft, fraud, embezzlement, extortion, etc. Computer related fraud includes the introduction of fraudulent records into a computer system, theft of money by electronic means, theft of financial instruments, theft of services, and theft of valuable data.

    E. Liability

    Under the UCC, an express warranty is an affirmation or promise of product quality to the buyer and becomes a part of the basis of the bargain. Promises and affirmations made by the software developer to the user about the nature and quality of the program can also be classified as an express warranty. Programmers or retailers possess the right to define express warranties. Thus, they have to be realistic when they state any claims and predictions about the ca­pabilities, quality and nature of their software or hardware. They should consider the legal aspects of their affirma­tive promises, their product demonstrations, and their product description.

    F. Patent and Copyright Law

    A patent can protect the unique and secret aspect of an idea. It is very difficult to obtain a patent compared to a copyright (please see discussion below). With computer software, complete disclosure is required; the patent holder must disclose the complete details of a program to allow a skilled programmer to build the program. Moreover, a United States software patent will be unenforceable in most other countries.
    Copyright law provides a very significant legal tool for use in protecting computer software, both before a security breach and certainly after a security breach. This type of breach could deal with misappropriation of data, computer programs, documentation, or similar material. For this reason the information security specialist will want to be fa­miliar with basic concepts of to copyright law.

    G. Trade Secrets

    A trade secret protects something of value and usefulness. This law protects the unique and secret aspects of ideas, known only to the discoverer or his confidants. Once disclosed the trade secret is lost as such and can only be pro­tected under one of the following laws. The application of trade secret law is very important in the computer field, where even a slight head start in the development of software or hardware can provide a significant competitive ad­vantage.

    H. Sabotage

    The computer can be the object of attack in computer crimes such as the unauthorized use of computer facilities, al­ternation or destruction of information, data file sabotage and vandalism against a computer system. Computers have been shot, stabbed, short-circuited and bombed.

    6.Cyber law

 IT is the part of the overall legal system that deals with the Internet, cyberspace, and their respective legal issues. Cyber law covers a fairly broad area, encompassing several subtopics including freedom of expression, access to and usage of the Internet, and online privacy. Generically, cyber law has been referred to as the Law of the Internet.

7.Firewall

It is a network device that isolates organization’s internal network from larger outside network/Internet. It can be a hardware, software, or combined system that prevents unauthorized access to or from internal network.All data packets entering or leaving the internal network pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
Firewall is categorized into three basic types −

  • Packet filter (Stateless & Stateful)
  • Application-level gateway
  • Circuit-level gateway

8. Encryption and Decryption

BASIS FOR COMPARISON ENCRYPTION DECRYPTION
Basic Conversion of a human understandable message into an unintelligible and obscure form that can not be interpreted. Conversion of an unintelligible message into a comprehensible form which could be easily understood by a human.
Process takes place at Sender’s end Receiver’s end
Function Conversion of plaintext into ciphertext. Conversion of ciphertext into plaintext.