ITE101 MIDTERM REVIEWER PDF

Summary

This document provides a review of computer crime and security topics. It covers different types of computer crimes, including those facilitated by a computer and those where the computer is the target. It discusses physical security, internal misuse, and various examples of cyberattacks and security breaches.

Full Transcript

The term "computer crime" could reasonably include a wide variety of criminal offenses, activities,
or issues.

It can be separated into two categories:

crimes facilitated by a computer; and
crimes where the computer is the target.

Physical Security – The first and perhaps the easiest rule of computer security. Everyone knows that
you need to lock your doors to keep your TV, refrigerator, and other appliances safe at home. The
same idea applies to your computer as well. We have to make sure that our computers are
attended, watched, or locked behind our doors.

Internal Misuse – Occasionally, some people use your computer and some files may be intentionally
or unintentionally deleted. When permanently deleted from the system, this may mean that you will
have to redo the work. System crashes can also occur when files needed by a program are deleted
or altered.

Shamoon (2012) – It is a computer virus discovered in 2012 that attacks computers running the
Microsoft Windows operating system. It is also known as Disttrack. Shamoon is capable of wiping
files and rendering several computers on a network unusable.

A script kiddie is a derogatory term for inexperienced crackers who use scripts and programs
developed by others for the purpose of compromising computer accounts and files, and for
launching attacks on whole computer systems. Elite hackers are people who are not only capable of
writing scripts to exploit known vulnerabilities, but also capable of discovering new ones.

A hacker is a person who enjoys computer technology and spends time learning and using computer
systems. A criminal hacker, also called a cracker, is a computer-savvy person who attempts to gain
unauthorized or illegal access to computer systems. In many cases, criminal hackers are people who
are looking for fun and excitement – the challenge of beating the system.

The Morris Worm (November, 1988) – Robert Morris released what has become known as the
Internet Worm. This was the first large-scale attack on the Internet and the worm infected roughly
10 percent of the machines then connected to the Internet and caused an estimated $100 million
damages.

Citibank and Vladimir Levin (June-October, 1994) – Levin reportedly accomplished the break-ins by
dialing into Citibank‘s cash management system. This system allowed clients to initiate their own
fund transfers to other banks.

Solar Sunrise (February, 1998) – A series of computer intrusions occurred at a number of military
installations in the U.S. Over 500 domain name servers were compromised during the course of the
attacks. Making it harder to track the actual origin of the attacks was the fact that the attackers
made a number of ―hops between different systems, averaging eight different systems before
arriving at the target.

Freedom of Information Act of 1970. Ensures access of individuals to personal data collected about
them and about government activities in federal agency files.

Cybersex. — The willful engagement, maintenance, control, or operation, directly or indirectly, of
any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for
favor or consideration.

Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit,
mislead, destroy reputation, and deprive others from registering the same

RA 10173 protects and maintains the right of customers to confidentiality by setting a legal list of
rules for companies to regulate the collection, handling, and disposal of all personal information.
Companies legally responsible for keeping their customers‘ data protected from third parties or any
form of misuse, internally or externally.

The Supreme Court (SC) of the Philippines upheld the constitutionality of most parts of the
Cybercrime Prevention Act of 2012, including the contentious provision that punishes online libel. A
person or entity who posts something (in words or pictures) — which can be proven false, and is
intended to harm the reputation of another by tending to bring the target into ridicule, hatred,
scorn or contempt of others — may be arrested, detained, and imprisoned because of libel.

Illegal access - The access to the whole or any part of a computer system without right

Criminal Organizations – Attacks by criminal organizations can fall into the structured threat
category, which is characterized by a greater amount of planning, a longer period of time to conduct
the activity, more financial backing to accomplish it, and possibly, corruption of or collision with
insiders.

Section 3. (1) of Article III - The privacy of communication and correspondence shall be inviolable
except upon lawful order of the court, or when public safety or order requires otherwise, as
prescribed by law.

Anonymous Remailers - Internet users who want to remain anonymous can send e-mail to an
anonymous remailer service, where a computer program strips the originating address from the
message.

An internet filter is software that can be Installed with Web browser to block access to certain Web
sites that contain inappropriate or offensive material. The best Internet filters used a combination of
URL filtering, keyword filtering, and dynamic content filtering.

Mandatory Access Control – It is a means of restricting access to objects that is based on fixed
security attributes assigned to users and to files and other objects.
A patent is a grant of a property right to inventors. A patent permits its owner to exclude the public
from making, using, or selling a protected invention, and it allows legal action against violators.

Hacker poses the greatest threat to the company’s trade secrets, as they might either accidentally
disclose these trade secrets or steal them for monetary gain.

Plagiarism is the theft and passing off of someone's ideas or words as one's own. The explosion of
electronic content and the growth of the Internet have made it easy to cut and paste paragraphs
into term papers and documents without proper citation or quotation marks.

Open source code refers to any program whose source code is made available for use or
modification as users or other developers see fit.

Bugs or misconfiguration problems that allow unauthorized remote users to:

Steal confidential documents
Execute commands on the host machine, allowing them to modify the system
Gain information about the host machine, allowing them to break into the system
Launch denial-of-service attacks, rendering the machine temporarily unusable

Ergonomics is an approach which puts human needs and capabilities at the focus of designing
technological systems.

Layered Security - It is important that every environment have multiple layers of security. Those
layers may employ a variety of methods such as routers, firewalls, network segments, IDSs,
encryption, authentication software, physical security, and traffic control.

The elements of libel are:

imputation of a discreditable act or condition to another;
publication of the imputation;
identity of the person defamed; and,
existence of malice.

Personal information refers to any information, whether recorded in a material form or not, from
which the identity of an individual is apparent or can be reasonably and directly ascertained by the
entity holding the information, or when put together with other information would directly and
certainly identify an individual

Under Article 355 of the Revised Penal Code, libel may be committed by means of writing, printing,
lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic
exhibition, or any similar means.

If punishable acts in Section 4(a) of Article III are committed against critical infrastructure, the
penalty of reclusion temporal or a fine of at least Five hundred thousand pesos (PhP500,000.00) up
to maximum amount commensurate to the damage incurred or both, shall be imposed.
Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1) of this Act shall
be punished with imprisonment of prison mayor or a fine of at least Two hundred thousand pesos
(PhP200,000.00) but not exceeding One million pesos (PhP1,000,000.00) or both.

Computer-related Forgery. — The input, alteration, or deletion of any computer data without right
resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as
if it were authentic, regardless whether or not the data is directly readable and intelligible

Illegal Interception. – The interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including electromagnetic
emissions from a computer system carrying such computer data.

The right to privacy is a constitutional right, granted recognition independently of its identification
with liberty. It is recognized and enshrined in several provisions of our Constitution

The term "obscene" refers to material, content, or speech that is considered highly offensive,
particularly in a sexual or prurient context. Obscenity typically involves explicit or graphic depictions
of sexual conduct or explicit sexual content that goes beyond what is generally considered
acceptable within a particular community or society.

Another filtering system is available through the Internet Content Rating Association (ICRA), a
nonprofit organization whose members include Internet industry leaders such as AOL Europe,
BellSouth, British Telecom, IBM, Microsoft, and Verizon.

Biometry or biometrics is “the science of the application of statistical methods to biological facts; a
mathematical analysis of biological data.” The methods or forms of biological encoding include
finger-scanning and retinal scanning, as well as the method known as the “artificial nose” and the
thermogram. A.O. 308 does not state what specific biological characteristics and what particular
biometrics technology shall be used.

An internet filter is software that can be Installed with Web browser to block access to certain Web
sites that contain inappropriate or offensive material.

Section 4 of Article III. No law shall be passed abridging the freedom of speech, of expression, or of
the press, or the right of the people peaceably to assemble and petition the government for redress
of grievances.

Legal recourse is possible only when hate speech turns into clear threats and intimidation against
specific hate citizens.

Competitive intelligence is not industrial espionage, which employs illegal means to obtain business
information that is not available to the general public. Industrial espionage is a serious crime that
carries heavy penalties
Intellectual property is a term used to describe works of the mind, such as art, books, films,
formulas, inventions, music, and processes, that are distinct and "owned" or created by a single
person or group.

Business ethics is the “code of morals of a particular profession” and “the standards of conduct of a
given profession”.

Many networks have audit controls to track which files were opened, which programs and servers
were used, and so on. This creates an audit trail, a record of how a transaction was handled from
input through processing and output.

An effective competitive intelligence operation requires continual gathering, analysis, and
evaluation of data with controlled dissemination of the useful information to decision makers.

Mail Fraud Law

General prohibition on pen register and trap and trace device use
Pen Registers and Trap and Trace Devices
Standards against fraud by wire, radio, or television
Standards against Interception and disclosure of wire, oral, or electronic
communications prohibited
Wire and Electronic Communications Interception and Interception of Oral
Communications

Time- Information systems make it possible to commit unethical acts quickly.

All personal information used must also be relevant solely used for its intended and state purposes.
Companies must protect customer information from collection to proper disposal, avoiding access
from unauthorized parties.

Rights to Financial Privacy Act of 1978. Regulates government access to certain records held by
financial institutions.

Viruses and Worms – A virus is a self-replicating program that spreads by inserting copies of itself
into other executable code or documents. A worm is a type of malware and is a self-replicating
program similar to a virus.

Computer Abuse Amendments Act of 1994. Prohibits transmissions of harmful computer programs
and code, including viruses.

Elite hackers are people who are not only capable of writing scripts to exploit known vulnerabilities,
but also capable of discovering new ones.

Terrorists and Information Warfare – An information warfare is conducted against information and
information processing equipment used by an adversary.
The Internet enables worldwide exchange of news, ideas, opinions, rumors, and information. Its
broad accessibility, open-minded discussions, and anonymity make the Internet ideal
communication medium.

Integrity is the security principle that requires information to not be modified except by individuals
authorized to do so.

Confidentiality refers to the security principle that states that information should not be disclosed
to unauthorized individuals.

Authentication deals with the desire to ensure that an individual is who they claim to be. On the
other hand, non-repudiation deals with the ability to verify that a message has been sent and
received and that the sender can be identified and verified the security principles.

A macro virus is a virus that uses an application‘s own macro programming language to distribute
itself.

Keyword filtering uses keywords or phrases such as sex, Satan, and gambling to trigger the blocking
of websites.

Network security is a protection of networks and their services from unauthorized modification,
destruction, or disclosure, and provision of assurance that the network performs its critical functions
correctly and there are no harmful side-effects.

Other Internet users would like to ban Web anonymity because they think that its use increases the
risks of defamation, fraud, libel, and exploitation of children.

Any person found guilty of the punishable act under Section 4(a)(5) of Article III shall be punished
with imprisonment of prison mayor or a fine of not more than Five hundred thousand pesos
(PhP500,000.00) or both.

Consent of the data subject refers to any freely given, specific, informed indication of will, whereby
the data subject agrees to the collection and processing of personal information about and/or
relating to him or her.

Note also that under Section 7, Article III of the Constitution, the right of the people to information
on matters of public concern shall be recognized.

The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer system

An oral defamatory statement is slander, and a written defamatory statement is libel.

In a John Doe lawsuit, the identity of the defendant is temporarily unknown. Such suits are common
in Internet libel cases, where the defendant communicates using a pseudonym or anonymously.
Zones of privacy are also recognized and protected in our laws, including certain provisions of the
Civil Code and the Revised Penal Code, as well as in special laws

Software copyright protection is a legal mechanism that provides creators of original software with
exclusive rights to their work.

In 1995, the government of the People's Republic of China established the country's first Internet
service provider (ISP).

A standard is a definition or format that has been approved by a recognized standards organization
or is accepted as a de facto standard by the industry.

A patent permits its owner to exclude the public from making, using, or selling a protected
invention, and it allows legal action against violators.

Applications software, business software, expert systems, and system software have been patented,
as well as software processes such as compilation routines, editing and control functions, and
operating system techniques. Even electronic font and icons have been patented.

Reverse engineering is the process of taking something apart in order understand it, build copy of it,
or improve it.

Decompilers and other reverse engineering techniques can be used to analyze a competitor's
program by examining its coding and operation to develop a new program that either duplicates the
original or that will interface with the program.

Industrial espionage is a serious crime that carries heavy penalties.

Because organizations can risk losing trade secrets when key employees leave, they often try to
prohibit employees from revealing secrets by adding nondisclosure clauses to employment
contracts.

Prior art is the existing body of knowledge that is available to a person of ordinary skill in the art.

Cybersquatters registered domain names for famous trademarks company names to which they had
no connection, with the hope that the trademark’s owner would buy the domain name for a large
sum of money.