Chapter 11: Computer Crime, Fraud,
Ethics, and Privacy
Introduction
Computer Crime, Abuse, and Fraud
Three Examples of Computer Crimes
Preventing Computer Crime and Fraud
Ethical Issues, Privacy, and Identity Theft
Chapter
11-1
Computer Crime,
Abuse, and Fraud
High level of public interest
Data on incidents is limited
Sources of information
Computer
Security Institute (CSI) annual survey
KPMG surveys
Association of Certified Fraud Examiners
(ACFE) survey
Chapter
11-2
Computer Crime,
Abuse, and Fraud
Computer Crime
Manipulation of a computer or computer data
Dishonestly obtain money, acquire property, or
something of value, or cause a loss
Computer Abuse
Unauthorized use of, or access to, a computer
Against the wishes of the owner
Chapter
11-3
Computer Crime Examples
Chapter
11-4
Computer Crime,
Abuse, and Fraud
Fraudulent Financial Reporting
Intentional falsification of accounting records
Intend to mislead analysts, creditors, investors
Misappropriation of Assets
Misuse of company assets
Committed by employees within an organization
Chapter
11-5
Asset Misappropriation
Examples
Chapter
11-6
Federal Legislation of
Computer Crimes
Computer Fraud and Abuse Act of 1986
(CFAA)
Amended
in 1994 and 1996
Computer Fraud Definition
An
illegal act
Computer technology essential for perpetration,
investigation, or prosecution
Chapter
11-7
CFAA Fraudulent Acts
Unauthorized theft, use, access, modification,
copying, or destruction of software or data
Theft of money by altering computer records or
the theft of computer time
Intent to illegally obtain information or tangible
property through the use of computers
Chapter
11-8
CFAA Fraudulent Acts
Use, or the conspiracy to use, computer
resources to commit a felony
Theft, vandalism, destruction of computer
hardware
Trafficking in passwords or other login
information for accessing a computer
Extortion that uses a computer system as a
target
Chapter
11-9
Federal Legislation Affecting
the Use of Computers
Chapter
11-10
Federal Legislation Affecting
the Use of Computers
Chapter
11-11
State Legislation
Every state has a computer crime law
State law provisions
Define
computer terms
Define some acts as misdemeanors
Declare other acts as felonies
Chapter
11-12
Study Break #1
Which of the following pieces of computer legislation is
probably the most important?
A.
B.
C.
D.
Cyber Security Enhancement Act of 2002
Computer Security Act of 1987
The Computer Fraud and Abuse Act of 1986
Federal Privacy Act of 1974
Chapter
11-13
Study Break #1 - Answer
Which of the following pieces of computer legislation is
probably the most important?
A.
B.
C.
D.
Cyber Security Enhancement Act of 2002
Computer Security Act of 1987
The Computer Fraud and Abuse Act of 1986
Federal Privacy Act of 1974
Chapter
11-14
Study Break #2
Which legislation might help discourage computer hacking?
A.
B.
C.
D.
Federal Privacy Act of 1974
Computer Fraud and Abuse Act of 1986
USA Patriot act of 2001
CAN-SPAM Act of 2003
Chapter
11-15
Study Break #2 - Answer
Which legislation might help discourage computer hacking?
A.
B.
C.
D.
Federal Privacy Act of 1974
Computer Fraud and Abuse Act of 1986
USA Patriot act of 2001
CAN-SPAM Act of 2003
Chapter
11-16
Computer-Crime Statistics
Limited availability of data
Private companies handle abuse internally
Most computer abuse is probably not discovered
Growth of computer crime
Exponential growth in use of computer resources
Continuing lax security
Availability of information about how to
perpetrate computer crimes
Chapter
11-17
Importance of Computer
Crime and Abuse to AISs
Impact on AISs
Favored target due to control of financial resources
Prized target for disgruntled employees
Responsible for designing, selecting, and implementing
controls that protect AISs
Reliance on auditors to verify financial statement
Additional Items
Ability to mislead public if information is incomplete or
inaccurate
Difficulty in detecting fraudulent activities
Large amount of losses
Chapter
11-18
Compromising Valuable Information:
The TRW Credit Data Case
Summary
Credit
rating company
Altered company credit ratings for a fee
Clients relied on inaccurate information
Analysis
Data
diddling – proprietary data
Fair Credit Reporting Act – protection of
consumer
Chapter
11-19
Wire Fraud and Computer Hacking:
Edwin Pena and Robert Moore
Summary
Voice
over Internet Protocol (VoIP)
Hacked into other provider’s network
Billed those companies
Analysis
Growth
of hacking
Importance of education and prevention
Utilize ethical hackers for instrusion testing
Chapter
11-20
Denial of Service:
The 2003 Internet Crash
Summary
Slammer
worm
Identified weakness in Microsoft SQL Server
2000 software
Analysis
Denial
of Service (DOS) attacks
Computer Viruses
Computer Worms and Worm Programs
Boot-sector Viruses and Trojan Horse Programs
Chapter
11-21
Protecting Systems
Preventing Viruses
Firewalls
Antivirus software
Antivirus control procedures
Organizational Control Procedures
Discourage free exchange of computer disks or external
programs
Require strong passwords to limit unauthorized access
Use antivirus filters
Chapter
11-22
Common Types of Computer
Crime and Abuse
Chapter
11-23
Preventing Computer Crime
and Fraud
Enlist Top-Management Support
Increase Employee Awareness and Education
Assess Security Policies and Protect Passwords
Strong passwords
Social engineering
Lock-out systems
Dialback systems
Chapter
11-24
10 Simple Steps to Safer PCs
Chapter
11-25