Computer crime, Identity theft, Internal threat and Software vulnerability

Computer crime: It is defined as “Any violations of criminal law that involves knowledge of computer technology for their protection, investigation. The magnitude of the computer crime problem is hard to define (i.e. how many systems are invaded? How many people is engaged or total economy of damage?

Computer crime is an act carry out by a well-informed and proficient computer user. Sometimes, computer crime referred to as a hacker that unlawfully steals or browses an organization's or individual's private data or information. In certain cases, this person as well as group of persons (individuals) may be malicious and destroy as well as corrupt the computer or data files.

Examples of computer crimes

Different types of computer crimes occur day to day with the rapid development of the information technology. Some of them are briefly discussed below:

1. Child pornography: Making unlawfully child pornography. They are distributing unlawfully.
2. Cyber terrorism: Hacking confidential information. Threats as well as blackmailing towards any organization or individual.
3. Cyberbully or Cyberstalking - Harassing unknown individual through online.
4. Creating Malware - Writing, creating, and distributing malware such as viruses and spyware
5. Denial of Service attack (DOS) - Overloading a system with so many requests. So, it cannot dish up normal requests.
6. Espionage - Spying on a individual or organization

Computer as a ‘target’ of crime

• Breaching of the confidentiality of protected computerized data, accessing a computer system without right.
• Deliberately accessing a unauthorized or protected computer to commit fraud.
• Knowingly entering into unauthorized or protected computer and resulting damage.
• Knowingly spreading a program, command or program code which deliberately causes damage or loss to a unauthorized (protected) computer.

Computer as ‘instrument’ of crime

• Theft of trade secret
• Unauthorized copying of program (software) or copyrighted intellectual property such as books, music, articles, video, etc.
• Using e-mail for harassment
• Intentionally attempting to intercept electronic communication
• Illegally accessing stored electronic communication including e-mail and voicemail.
• Transmitting or processing child pornography using a computer.

Wireless security challenges

• Radio frequency band essay to scan
• Service set identifiers (SSIDs): Identify access point

Identity theft: With the growth of internet and e-commerce, identity theft has become especially troubling. Identity theft is a crime in which a key piece of personal information such as social security identification no., diving license no., credit card no., etc. are theft to impersonate. The information may be used to obtain credit merchandise or service in the name of the victim or to provide the thief with false credential.

1. Phishing: It is a technique that is used for purpose of spoofing. It involve setting-up fake websites or sending e-mail that looks like those of real businesses to ask users for confidential personal data. There are two techniques for phishing which are as follows:

• Evil-twin: They are wireless networks that present to other trust worthy with connections to the internet in the public space. Using evil-twin, the fraudsters try to capture password or credit card no. for the purpose of crime into the network.
• Pharming: It redirects users to bogus (false) web-pages even when individual types correct webpage address into browser.

1. Click-fraud: It occurs when individuals or computer programs frequently click on online ads without any intention of learning more above the advertiser.

Internal threat: It is defined as a security problem from inside a company. Employees have access to privileged information and in the presence of certain internal security procedures; they are often able to roam throughout an organization’s system without leaving a trace.

Malicious intruder seeking system access sometimes tricks employees into revealing their password by pretending to be a real member of the company in need of information. This process is called social engineering.

Software vulnerability: Software vulnerability is a security flaw, weakness or glitch found in a OS (Operating system) or the software which can lead to security concerns. An example of a software flaw is a buffer overflow. This is when software becomes crashes or unresponsive when users open a file that may be "too heavy" for the program to read.

Business value of security and control

Though the investment on a security and control is directly related to revenue generation. Firm should spend on security and control. Protecting of Information System is so critical to the operation of the business. Companies have very valuable information assets to protect. System often has confidential information about individual taxes, financial assets, medical records and job performance review. System also can contain information of corporate operation including trade secret, new product development plan and marketing strategies. Security and control may result in a serious legal liability. Businesses must protect not only their own information asset but also those of customers, employees and business partners.

• Failed computer systems can lead to important or total failure or of business function
• Firms now more vulnerable than ever:
• Confidential individual as well as financial data
• Trade secret, strategies, new products
• A security breach may cut into firm’s market value almost immediately
• In adequate security and controls also bring forth issues of liability.

Legal and regulatory requirements for electronic records management and privacy protection

• HIPAA: Medical security and privacy rules and procedures
• Gramm-leach-Bliley Act: Requires financial institutions to ensure the security and confidentiality of customers date.
• Sar-bares-oxley Act: Imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally.

Electronic evidence

• Evidence for white-collar crimes often in digital form (Data on computers, e-mail , instant messages, e-commerce transaction)
• Proper control of data can save time and money when responding to legal discovery request.

Computer forensic

• Scientific collection, examination, authentication, presentation and analysis of data from computer storage media for use as evidence in court of law.
• Includes recovery of ambient and hidden data

Ambient data: electronic evidence resides on computer storage media, in the firm of computer files which is not visible to average user is known as ambient data. This data lies in file slack, unallocated clusters, virtual memory file and other areas not allocated to active flies. For example: a file that has been deleted on a PC hard drive.

Reference

Laudon, Laudon, "Management Information Systems Managing the Digital Firm", twelfth edition