The Growing Threat Of Computer Crime Running head: THE GROWING THREAT OF COMPUTER CRIME The Growing Threat of Computer Crime Diana Ritter Baker College of Cadillac May 9, 2001 Abstract Computers have been used for most kinds of crime, including fraud, theft, larceny, embezzlement, burglary, sabotage, espionage, murder, and forgery, since the first cases were reported in 1958. One study of 1,500 computer crimes established that most of them were committed by trusted computer users within businesses; persons with the requisite skills, knowledge, access, and resources. With the arrival of personal computers to manipulate information and access computers by telephone, increasing numbers of crimes–electronic trespassing, copyrighted-information piracy, vandalism–have been committed by computer hobbyists, known as hackers, who display a high level of technical expertise. For many years, the term hacker defined someone who was a wizard with computers and programming. It was a challenge to all hackers, and an honor to be considered a hacker.
But when a few hackers began to use their skills to break into private computer systems and steal money, or interfere with the system’s operations, the word acquired its current negative meaning. With the growing use of computers and the increase in computer crimes, early detection, deterring computer crimes, and new laws regulating and punishing these computer crimes are necessary. Without it, chaos will be the end result. The Growing Threat of Computer Crime Do you think your company’s computer systems are secure? Think again. Billions of dollars in losses have already been discovered due to computer crimes. Billions more have gone undetected.
Trillions more will be stolen, most without detection, by the emerging master criminal of the twenty first century –The computer crime offender. What’s worse yet is that anyone with a computer can become a computer criminal. Crimes such as embezzlement, fraud and money laundering are not new. However, each of these crimes now has a new partner in crime-the computer. Crimes that have become unique due to the availability and widespread use of computers include: a.
unauthorized use, access, modification, copying, and destruction of software or data; b. theft of money by altering computer records of theft of computer time; c. theft or destruction of hardware; d. use or conspiracy to use computer resources to commit a felony; e. intent to obtain information or tangible property, illegally through use of the computer. (Fraud Survey Results, 1993) Although incidents in this second category of crimes do present a serious problem, embezzlement is by far the major threat to small businesses.
This is evident by the frequency of reports in the local media. Cash is the most vulnerable asset as it is the easiest for the perpetrator to convert to personal use. Firms most vulnerable to theft of money are firms that must rely on one individual to perform the duties of office manager and bookkeeper. Having more than one employee in the office provides an opportunity to effect certain internal controls, particularly separation of duties. Small business owners should review their insurance coverage for employee dishonesty.
While there are no standards to determine precisely the amount of coverage necessary, the marginal cost of adding an extra $1,000 of coverage decreases as the coverage increases. A business owner should consult with an insurance agent and err on the side of caution, just to be safe. Although theft of money is a major subject when speaking of computer crime, there are also many other areas to be concerned about. Some of the computer crimes for the 21st century will include: Communication crimes (cellular theft and telephone fraud). Low-tech thieves in airports and bus terminals use binoculars to steal calling card access numbers. Thieves will park their vans along busy interstate highways and use specialized equipment to steal cellular telephone access codes from the air.
This is just the tip of the “iceberg”. Business. Most banking today is done by electronic impulse. Therefore, access to business computers equals access to money (and lots of it). Convicted computer hacker, John Lee, a founder of the infamous “Master’s of Deception” hacker group stated that he could change credit card records and bank balances, get free limousines, airplane tickets, and hotel rooms (without anyone being billed), change utility and rent rates, distribute computer software programs free to all over the internet, and easily obtain insider trading information. Imagine ..
.. .. this is just one person. Think of all the hundreds of “hackers” that are out there. Computer stalking.
One type of computer criminal rapidly emerging is the “cyber stalker”. One such stalker, the pedophile, surfs the net looking to build relationships with young boys or girls and then sets out to meet them in person to pursue his/her sexual intensions. This type of activity also leads to sellers of child pornography over the internet. Virtual crimes. Stock and bond fraud is already appearing on the internet. Stocks and bonds that appear on the market are actively traded (for a short period of time) and then disappear.
These stocks and bonds are nonexistent-only the electronic impulses are read. One must note, however, no matter how clever the hacker, the most serious security threat in most enterprises is password theft. Password stealing is the “holy grail” of hacking. Once a username/password combination has been found, the hacker has free rein to exploit that user account. Firewalls, intrusion detection systems, encryption, and other countermeasures are powerless. Here, hackers an get a hold of a valid user name and password, plus the right URL or dial up number, and can use these to steal your sensitive data.
Hackers can also use programs such as “sniffers” to steal your sensitive data. These programs look for particular information such as passwords or credit card numbers in which the hackers turn around and use to their benefit. Last year, a so-called “sniffer” was used to steal more than 100,000 credit numbers which were stored on the server of an internet service provider. The top ten types of high tech criminal activity are reported as: 1. Virus infection 83%; 2.
Abusive use of the internet 69%; 3. Laptop theft 58%; 4. Unauthorized insider use 40%; 5. Telecommunication fraud 27%; 6. Information theft 21%; 7. Network break-in 20%; 8.
Sabotage 14% 9. Financial fraud 12% 10. Active wiretap 4%. (Computer Security Institute for the FBJ) As you can see, computer crime isn’t limited to any one area or business. And nothing boosts awareness of computer security better than a few widely publicized breaches. In 1998, a federal prosecutor charged a former employee of Forbe’s Inc with sabotaging Forbes computers.
The accused sought revenge after his dismissal in 1997 by tying up one of Forbe’s computer lines, from his home telephone, for a total of 55 minutes. The company stated it was like putting Krazy Glue in the telephone line. Estimated damage $100,000. In 1999, despite Microsoft’s claims that it took “advanced” skills to create a hack in its free, web-based Hotmail service, which exposed millions of user’s accounts. Security experts said the hack was actually very “user friendly” and easily shared. In August, 2000, Supermarket great “Safeway” had failed to get its web site up and running two weeks after a suspected hacker attach led to its closure. The sight was shut down after numerous shoppers received an email hoax telling them to shop elsewhere.
In 1994-95, an organized crime group headquartered in St. Petersburg, Russia, transferred 10.4 million dollars from Citibank into accounts all over the world. Russian hacker, Vladimiv Levin, was charged with fraud and convicted by a federal grand jury in New York. He was sentenced to 3 years in prison and ordered to pay $240,000 restitution to Citibank. In February 2000 it was reported that hacker attacks on sites such as Yahoo and Ebay resulted in losses of 1.2 billion dollars.
The attacks were initiated by hackers who penetrated insecure servers hosted by large organizations like universities and research institutions. These sites were plagued by “denial of service” attacks. (routers connecting the site to the rest of the Internet have been flooded with so much fake traffic that the router becomes unable to cope. Once this is achieved, genuine users find themselves unable to get connected). Other sites affected by “denial of service” include CNN, Zdnet, Buy.com, and ETRADE group. These sites experienced slowdowns in service of 45 minutes up to 5 hours. With the never-ending threat to computer security, there are several different programs available to help guard your valuable information.
The following is an overview of some of these programs: SilentRunnerTM. SilentRunnerTM is an internal network security tool and is designed to detect and report network threats that originate from inside your network. SilentRunnerTM is a passive, multi-functional software tool that monitors network activity in real time, producing a virtual picture of network usage and vulnerabilities. Because SilentRunnerTM is passive and does not introduce additional traffic on a network, it remains undetected by network users, without violating a company’s privacy codes. It works as a complement to external devices, such as firewalls and intrusion detection, and provides the highest level of internal security available in the industry. Omniguard/ITA (Intruder Alert). Omniguard/ITA is a real time, security event monitor that enables security manages to detect suspicious activities and prevent security breaches before they occur. Omniguard/ITA monitors multiple streams of security audit trail information across the network, analyzes this data in real-time based on site-specified rules and responds automatically to critical events. If Omniguard/ITA system detects a significant threat, it can notify the security administrator by flashing a message on the management console, sending an email or beeping a pager.
Cisco Secure IDS (formerly NetRanger). Cisco Secure IDS is an enterprise-scale, real-time intrusion detection system designed to detect, report, and terminate unauthorized activity …