acct341, chapter 11 computer crime, ethics, and privacy introduction computer crime, abuse, and...
TRANSCRIPT
ACCT341, Chapter 11ACCT341, Chapter 11Computer Crime, Ethics, and PrivacyComputer Crime, Ethics, and Privacy
IntroductionComputer Crime, Abuse, and FraudExamples of Computer CrimesMitigating Computer Crime and FraudEthical Issues, Privacy, and Identity Theft
Computer CrimeComputer Crime
involvement of the computer in a criminal act◦ directly, or indirectly.
definition important◦ it affects how statistics are accumulated◦ It said “ hit any key to continue, so I did, just with a hammer.”◦ Is smashing a computer with a sledge hammer considered
computer crime?
only a small proportion of computer crime gets detected
Computer Crime & Abuse - Computer Crime & Abuse - the Differencethe Difference
Computer crime involves the manipulation of a computer or computer data
◦ to dishonestly obtain money, acquire property, or get some other advantage of value, or to cause a loss.
Computer abuse is when someone’s computer is used or accessed in a mischievous manner with a motive of revenge or challenge
◦ is punishable in extreme cases◦ Should Adrian Lamo have been arrested? Case 11.1,
p.343
Examples of Computer Crimes.Examples of Computer Crimes.A computer dating service was sued because
referrals for dates were few and inappropriate. The owner eventually admitted that no computer was used to match dates, even though the use of a computer was advertised.
Case 11.2, p.344: Donald Burleson, a disgruntled programmer, created a logic bomb that erased 168k of data records and held up paychecks for a month. Would have been more serious if not discovered early. [Logic bombs are programs that remain dormant until a circumstance or date triggers the fuse.]
Common Types of Computer Common Types of Computer Crime and AbuseCrime and Abuse
Federal LegislationFederal Legislation
The Computer Fraud and Abuse Act (CFAA) of 1986 which was amended in 1994 and 1996
Defines computer fraud as an illegal act for which computer technology is essential for its perpetration, investigation, or prosecution.
Defines 7 fraudulent acts; the first three are described as misappropriation
of assets and the last four as “other” crimes
CFAA Fraudulent ActsCFAA Fraudulent Acts
1. Unauthorized theft, use, access, modification, copying, or destruction of software or data. King Soopers p. 345
2. Theft of money by altering computer records or the theft of computer time. Salami technique, P#14 (salami is made from many small pieces of meat, salt, beef, garlic).
3. Intent to illegally obtain information or tangible property through the use of computers. Send office supplies invoices, Case 11.7, p. 357.
CFAA Fraudulent ActsCFAA Fraudulent Acts
4. Use or the conspiracy to use computer resources to commit a felony. Sjiem-Fat created bogus cashier checks to buy cptr equip. for resale in Caribbean, p. 345-6
5. Theft, vandalism, destruction of computer hardware. Disgruntled taxpayer shoots IRS cptrs, p. 346
6. Trafficking in passwords or other login information for accessing a computer.
7. Extortion that uses a computer system as a target. Disgruntled employee steals data for ransom, p. 34679
Federal Legislation Affecting the Federal Legislation Affecting the Use of ComputersUse of Computers
Fair Credit Reporting Act of 1970Freedom of Information Act of 1970Federal Privacy Act of 1974Small Business Computer Security and
Education Act of 1984Computer Fraud and Abuse Act of 1986
Federal Legislation Affecting Federal Legislation Affecting the Use of Computers (cont.)the Use of Computers (cont.)
Computer Fraud and Abuse Act(1996 amendment)
Computer Security Act of 1987USA Patriot Act of 2001Cyber Security Enhancement Act of 2002CAN-SPAM Act of 2003
The Lack ofThe Lack ofComputer-Crime StatisticsComputer-Crime Statistics
Data not available because(1)private companies handle abuse
internally to prevent embarrassment(2)surveys of computer abuse are
often ambiguous(3)most computer abuse is probably not
discovered (FBI estimates only 1% detected)
The Growth of Computer CrimeThe Growth of Computer Crime
Computer crime is growing because of◦ Exponential growth in computer resources
◦ Internet gives step-by-step instructionson how to perpetrate computer crime
◦ Continuing lax security (in one test, only 3 out of 2200 websites knew theywere being targeted -seeCase 11.3. p.347)
Importance for AccountantsImportance for Accountants
Computer crime and abuse important toaccountants because AISshelp control an organization’s financial resources are favored targets of disgruntled employees seeking financial gain or revengebecause they are responsible for designing, implementing, and monitoring the control procedures for AISs.
because firms suffer millions of dollars incomputer-related losses
due to viruses, unauthorized access, and denial of service attacks Avg cost to target co. of computer abuse per incident is $500k
Computer Crime CasesComputer Crime Cases
Compromising Valuable Information: The TRW Credit Data Case: Selling credit scores, data diddling
Computer Hacking: Kevin Mitnick and social engineering Reasons to hack: financial gain, revenge, challenge,
curiosity, pranks, industrial espionageMax. penalty is 5 years prison + $250k fine.
Denial of service: The 2003 Internet Crash◦ A very speedy computer worm, the Slammer worm
(cost > $1b and we don’t know who did it) Note: unlike a virus, a worm doesn’t destroy data, just
reproduces until system is overloaded
Robert T. Morris and the Robert T. Morris and the Internet Virus Internet Virus
Robert T. Morriscreated one of the world’s most famous computer virusesbecame first person to be indicted under the Computer Fraud and Abuse Act of 1986
The case illustrated vulnerability of networks to virus infections.
Computer VirusesComputer Viruses
Computer VIRUS is a program that disrupts normal data processing and that can usually replicates itself onto other
files, computer systems or networks.
WORM - In contrast to most viruses, a worm doesn’t destroy data but it replicate itselfuntil the user runs out of memory or disk
space.
Computer Virus ProgramsComputer Virus Programs
Trojan Horse programs reside in legitimate
computer programs.
Logic Bomb programs remain dormant until the computer
system encounters a specific condition.
A virus may be stored in an applet, which is a small program stored on a WWW server.
Methods for Methods for Thwarting Computer AbuseThwarting Computer Abuse
1. Enlist top management support 2. Increase employee awareness and education
and have a hotline3. Conduct security inventory4. Protect passwords
◦ Social engineering, phishing, smishing posing as bona fide when actually fake
◦ Prevented by: Lock-out systems
◦ Disconnecting users after a set number of unsuccessful login attempts
Dial-back systems ◦ disconnecting all login users, ◦ reconnecting legitimate users after checking their passwords
Methods for Methods for Thwarting Computer AbuseThwarting Computer Abuse
5. Implement controls6. Identify computer
criminals◦ Look at technical
backgrounds, morals, gender and age
7. Physical security-- secure location-- backup-- proper disposal (>1/3 of used hard drives for sale containedpersonal info – see Case 11.9)
Occupation of Ctpr Abusers
Methods for Methods for Thwarting Computer AbuseThwarting Computer Abuse
8. Recognize symptoms of employeefraud
◦ Five symptoms of employee fraud (Case 11.10, p. 360)
Accounting irregularities such as forged, altered or destroyed input documents
Internal control weaknesses Unreasonable anomalies that go
unchallenged Lifestyle changes in an employee Behavioral changes in an employee
Methods for Methods for Thwarting Computer AbuseThwarting Computer Abuse
9. Employ forensic accountants◦ Special training (>27k CFEs)◦ Special sleuthing tools◦ One of fastest growing professions
Methods Used to Obtain Your Methods Used to Obtain Your Personal Data – ID TheftPersonal Data – ID Theft
Shoulder surfingDumpster diving for documents & old
cptr hard drivesScanning credit card at restaurantFake apps for “preapproved” credit
cardsKey logging softwareSpam and other e-mailsPhishing & smishing
Privacy IssuesPrivacy Issues
Have a privacy policy for your websiteHave an audit done by professionals who
provide a privacy seal◦Truste◦BBB Online◦Webtrust
Dispose of old computers with careHave laptops password protectedUse encrypted USB drives only