Summary

This document provides a review of computer crime and security topics. It covers different types of computer crimes, including those facilitated by a computer and those where the computer is the target. It discusses physical security, internal misuse, and various examples of cyberattacks and security breaches.

Full Transcript

The term "computer crime" could reasonably include a wide variety of criminal offenses, activities, or issues. It can be separated into two categories: crimes facilitated by a computer; and crimes where the computer is the target. Physical Security – The first and perhaps the easi...

The term "computer crime" could reasonably include a wide variety of criminal offenses, activities, or issues. It can be separated into two categories: crimes facilitated by a computer; and crimes where the computer is the target. Physical Security – The first and perhaps the easiest rule of computer security. Everyone knows that you need to lock your doors to keep your TV, refrigerator, and other appliances safe at home. The same idea applies to your computer as well. We have to make sure that our computers are attended, watched, or locked behind our doors. Internal Misuse – Occasionally, some people use your computer and some files may be intentionally or unintentionally deleted. When permanently deleted from the system, this may mean that you will have to redo the work. System crashes can also occur when files needed by a program are deleted or altered. Shamoon (2012) – It is a computer virus discovered in 2012 that attacks computers running the Microsoft Windows operating system. It is also known as Disttrack. Shamoon is capable of wiping files and rendering several computers on a network unusable. A script kiddie is a derogatory term for inexperienced crackers who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems. Elite hackers are people who are not only capable of writing scripts to exploit known vulnerabilities, but also capable of discovering new ones. A hacker is a person who enjoys computer technology and spends time learning and using computer systems. A criminal hacker, also called a cracker, is a computer-savvy person who attempts to gain unauthorized or illegal access to computer systems. In many cases, criminal hackers are people who are looking for fun and excitement – the challenge of beating the system. The Morris Worm (November, 1988) – Robert Morris released what has become known as the Internet Worm. This was the first large-scale attack on the Internet and the worm infected roughly 10 percent of the machines then connected to the Internet and caused an estimated $100 million damages. Citibank and Vladimir Levin (June-October, 1994) – Levin reportedly accomplished the break-ins by dialing into Citibank‘s cash management system. This system allowed clients to initiate their own fund transfers to other banks. Solar Sunrise (February, 1998) – A series of computer intrusions occurred at a number of military installations in the U.S. Over 500 domain name servers were compromised during the course of the attacks. Making it harder to track the actual origin of the attacks was the fact that the attackers made a number of ―hops between different systems, averaging eight different systems before arriving at the target. Freedom of Information Act of 1970. Ensures access of individuals to personal data collected about them and about government activities in federal agency files. Cybersex. — The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration. Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same RA 10173 protects and maintains the right of customers to confidentiality by setting a legal list of rules for companies to regulate the collection, handling, and disposal of all personal information. Companies legally responsible for keeping their customers‘ data protected from third parties or any form of misuse, internally or externally. The Supreme Court (SC) of the Philippines upheld the constitutionality of most parts of the Cybercrime Prevention Act of 2012, including the contentious provision that punishes online libel. A person or entity who posts something (in words or pictures) — which can be proven false, and is intended to harm the reputation of another by tending to bring the target into ridicule, hatred, scorn or contempt of others — may be arrested, detained, and imprisoned because of libel. Illegal access - The access to the whole or any part of a computer system without right Criminal Organizations – Attacks by criminal organizations can fall into the structured threat category, which is characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and possibly, corruption of or collision with insiders. Section 3. (1) of Article III - The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law. Anonymous Remailers - Internet users who want to remain anonymous can send e-mail to an anonymous remailer service, where a computer program strips the originating address from the message. An internet filter is software that can be Installed with Web browser to block access to certain Web sites that contain inappropriate or offensive material. The best Internet filters used a combination of URL filtering, keyword filtering, and dynamic content filtering. Mandatory Access Control – It is a means of restricting access to objects that is based on fixed security attributes assigned to users and to files and other objects. A patent is a grant of a property right to inventors. A patent permits its owner to exclude the public from making, using, or selling a protected invention, and it allows legal action against violators. Hacker poses the greatest threat to the company’s trade secrets, as they might either accidentally disclose these trade secrets or steal them for monetary gain. Plagiarism is the theft and passing off of someone's ideas or words as one's own. The explosion of electronic content and the growth of the Internet have made it easy to cut and paste paragraphs into term papers and documents without proper citation or quotation marks. Open source code refers to any program whose source code is made available for use or modification as users or other developers see fit. Bugs or misconfiguration problems that allow unauthorized remote users to: Steal confidential documents Execute commands on the host machine, allowing them to modify the system Gain information about the host machine, allowing them to break into the system Launch denial-of-service attacks, rendering the machine temporarily unusable Ergonomics is an approach which puts human needs and capabilities at the focus of designing technological systems. Layered Security - It is important that every environment have multiple layers of security. Those layers may employ a variety of methods such as routers, firewalls, network segments, IDSs, encryption, authentication software, physical security, and traffic control. The elements of libel are: imputation of a discreditable act or condition to another; publication of the imputation; identity of the person defamed; and, existence of malice. Personal information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual Under Article 355 of the Revised Penal Code, libel may be committed by means of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition, or any similar means. If punishable acts in Section 4(a) of Article III are committed against critical infrastructure, the penalty of reclusion temporal or a fine of at least Five hundred thousand pesos (PhP500,000.00) up to maximum amount commensurate to the damage incurred or both, shall be imposed. Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1) of this Act shall be punished with imprisonment of prison mayor or a fine of at least Two hundred thousand pesos (PhP200,000.00) but not exceeding One million pesos (PhP1,000,000.00) or both. Computer-related Forgery. — The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible Illegal Interception. – The interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data. The right to privacy is a constitutional right, granted recognition independently of its identification with liberty. It is recognized and enshrined in several provisions of our Constitution The term "obscene" refers to material, content, or speech that is considered highly offensive, particularly in a sexual or prurient context. Obscenity typically involves explicit or graphic depictions of sexual conduct or explicit sexual content that goes beyond what is generally considered acceptable within a particular community or society. Another filtering system is available through the Internet Content Rating Association (ICRA), a nonprofit organization whose members include Internet industry leaders such as AOL Europe, BellSouth, British Telecom, IBM, Microsoft, and Verizon. Biometry or biometrics is “the science of the application of statistical methods to biological facts; a mathematical analysis of biological data.” The methods or forms of biological encoding include finger-scanning and retinal scanning, as well as the method known as the “artificial nose” and the thermogram. A.O. 308 does not state what specific biological characteristics and what particular biometrics technology shall be used. An internet filter is software that can be Installed with Web browser to block access to certain Web sites that contain inappropriate or offensive material. Section 4 of Article III. No law shall be passed abridging the freedom of speech, of expression, or of the press, or the right of the people peaceably to assemble and petition the government for redress of grievances. Legal recourse is possible only when hate speech turns into clear threats and intimidation against specific hate citizens. Competitive intelligence is not industrial espionage, which employs illegal means to obtain business information that is not available to the general public. Industrial espionage is a serious crime that carries heavy penalties Intellectual property is a term used to describe works of the mind, such as art, books, films, formulas, inventions, music, and processes, that are distinct and "owned" or created by a single person or group. Business ethics is the “code of morals of a particular profession” and “the standards of conduct of a given profession”. Many networks have audit controls to track which files were opened, which programs and servers were used, and so on. This creates an audit trail, a record of how a transaction was handled from input through processing and output. An effective competitive intelligence operation requires continual gathering, analysis, and evaluation of data with controlled dissemination of the useful information to decision makers. Mail Fraud Law General prohibition on pen register and trap and trace device use Pen Registers and Trap and Trace Devices Standards against fraud by wire, radio, or television Standards against Interception and disclosure of wire, oral, or electronic communications prohibited Wire and Electronic Communications Interception and Interception of Oral Communications Time- Information systems make it possible to commit unethical acts quickly. All personal information used must also be relevant solely used for its intended and state purposes. Companies must protect customer information from collection to proper disposal, avoiding access from unauthorized parties. Rights to Financial Privacy Act of 1978. Regulates government access to certain records held by financial institutions. Viruses and Worms – A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A worm is a type of malware and is a self-replicating program similar to a virus. Computer Abuse Amendments Act of 1994. Prohibits transmissions of harmful computer programs and code, including viruses. Elite hackers are people who are not only capable of writing scripts to exploit known vulnerabilities, but also capable of discovering new ones. Terrorists and Information Warfare – An information warfare is conducted against information and information processing equipment used by an adversary. The Internet enables worldwide exchange of news, ideas, opinions, rumors, and information. Its broad accessibility, open-minded discussions, and anonymity make the Internet ideal communication medium. Integrity is the security principle that requires information to not be modified except by individuals authorized to do so. Confidentiality refers to the security principle that states that information should not be disclosed to unauthorized individuals. Authentication deals with the desire to ensure that an individual is who they claim to be. On the other hand, non-repudiation deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified the security principles. A macro virus is a virus that uses an application‘s own macro programming language to distribute itself. Keyword filtering uses keywords or phrases such as sex, Satan, and gambling to trigger the blocking of websites. Network security is a protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Other Internet users would like to ban Web anonymity because they think that its use increases the risks of defamation, fraud, libel, and exploitation of children. Any person found guilty of the punishable act under Section 4(a)(5) of Article III shall be punished with imprisonment of prison mayor or a fine of not more than Five hundred thousand pesos (PhP500,000.00) or both. Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Note also that under Section 7, Article III of the Constitution, the right of the people to information on matters of public concern shall be recognized. The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer system An oral defamatory statement is slander, and a written defamatory statement is libel. In a John Doe lawsuit, the identity of the defendant is temporarily unknown. Such suits are common in Internet libel cases, where the defendant communicates using a pseudonym or anonymously. Zones of privacy are also recognized and protected in our laws, including certain provisions of the Civil Code and the Revised Penal Code, as well as in special laws Software copyright protection is a legal mechanism that provides creators of original software with exclusive rights to their work. In 1995, the government of the People's Republic of China established the country's first Internet service provider (ISP). A standard is a definition or format that has been approved by a recognized standards organization or is accepted as a de facto standard by the industry. A patent permits its owner to exclude the public from making, using, or selling a protected invention, and it allows legal action against violators. Applications software, business software, expert systems, and system software have been patented, as well as software processes such as compilation routines, editing and control functions, and operating system techniques. Even electronic font and icons have been patented. Reverse engineering is the process of taking something apart in order understand it, build copy of it, or improve it. Decompilers and other reverse engineering techniques can be used to analyze a competitor's program by examining its coding and operation to develop a new program that either duplicates the original or that will interface with the program. Industrial espionage is a serious crime that carries heavy penalties. Because organizations can risk losing trade secrets when key employees leave, they often try to prohibit employees from revealing secrets by adding nondisclosure clauses to employment contracts. Prior art is the existing body of knowledge that is available to a person of ordinary skill in the art. Cybersquatters registered domain names for famous trademarks company names to which they had no connection, with the hope that the trademark’s owner would buy the domain name for a large sum of money.

Use Quizgecko on...
Browser
Browser