Escolar Documentos
Profissional Documentos
Cultura Documentos
Computer Misuse:
Hacking
Hacking, unauthorized access
Types of Computer Crime
Introduction of Viruses
Fraud and types of Computer Fraud
Cyber crime
What Is Hacking?
The act of forfeiting individual freedom of
action or professional integrity in
exchange for wages or other assured
reward
At first, “hacker” was a positive term for a
person with a mastery of computers who
could push programs beyond what they
were designed to do
Reasons For Hacking
Theft of services: The first reason is theft
of service, if a system offers some type of
service and a hacker has a use for it, they
will hack the system. Examples of such
systems are on-line information networks
(CompuServe, AOL etc)
Take valuable files: The second reason a
hacker may hack into a system is to take
valuable files, e.G., Credit card numbers,
or info on operation of telecommunication
systems
Vengeance and hate: another reason for
hacking is vengeance and hatred
E.g. Hacker pillaged US files to sell secrets
Saddam
Thrill and excitement: The fourth reason
hackers break into systems is for the thrill and
excitement of being somewhere you are not
authorized to be
Thefinal reason why hackers do what
they do is just for knowledge and
experiment. Hackers learn a great deal
every time they break into a new type of
system
Talking the Talk
Hackers have their own lingo and style of
writing
Hacker lingo is so pervasive, there’s even
the new hacker’s dictionary, recently
published in its third edition
Attacks on the Increase
A study released this spring by the
computer security institute and the FBI's
international crime squad found that nearly
two-thirds of more than 500 organizations
reported a computer security breach
(violation) within the past year, up from 48
percent a year ago and 22 percent the
year before that
Many hacker attacks go unreported
because companies want to avoid
negative publicity
Other companies stung by hackers feel
compelled to tell what happened
What’s Being Done?
While the internet has revolutionized
(uprising) business and communication
almost overnight, laws regulating its use
and misuse haven't developed as swiftly
But in the last few years congress and the
courts have started responding to the
threat posed by computer crime
There are laws in the federal statutes (act,
law) that have been applied to hacker
cases. These laws aren't designed
specifically to counter computer crime, but
have been applied to certain cases when
existing law has proved inadequate in
scope:
How to Be Vigilant
Get a copy of your credit report
Shred (cut up) all your information that you
have offline
Confidential information should be
encrypted
Another thing you should do is make sure
that you don't give confidential information
by cell phone, or by a remote phone, or on
the internet unless it's encrypted
And finally, you should put up firewalls so
someone can't come in and steal your
information from your computer
Unauthorized Access
Eavesdropping on a computer;
• Listening to a specific port, snooping the IP etc
Making unauthorized use of computers for
personal benefit;
• use of company computer for private work
Unauthorized alteration or destruction of
information stored on a computer;
Criminal damage
• Intentionally or recklessly destroys or damages property belonging to
another without lawful excuse.
Section 3 of the Computer Misuse Act 1990
• 1) A person is guilty of an offence if:
a) he does any act which causes unauthorized modification of the
contents of a computer; and
b) at the time when he does the act he has the requisite intent and the
requisite knowledge.
Denying access to an authorized user;
The unauthorized removal of information stored on
a computer.
U.S. Computer Fraud and Abuse Act
Unauthorized access to a computer containing data
protected for the national defense or foreign relations
concerns
Unauthorized access to a computer containing certain
banking or financial information
Unauthorized access, use, modification, destruction, or
disclosure of a computer or information in a computer
operated on behalf of the U.S. government
Accessing without permission a “protected computer,”
which the courts now interpret to include any computer
connected to the Internet
Computer fraud
Transmitting code that causes damage to a computer
system or network
Trafficking in computer passwords
Computer Crime
Business attacks
Financial attacks
Terrorist attacks
Grudge attacks
Fun attacks
Business attacks
Unauthorized access or hack the business documents
and reports of a company for any valid reason.
Financial attacks
Unauthorized access or hack the financial or account
related documents and reports of a company for any valid
reason.
Terrorist attacks
Unauthorized access or hack the any important records,
data or computer of a company for the purpose of
destruction only.
Grudge attacks
Unauthorized access or hack the any important records,
data or computer of a company for the feeling of dislike or
revenge.
Fun attacks
Unauthorized access or hack the any important records,
data or computer of a company for the feeling of fun.
Computer Virus and its types
Situational
Available
Pressures
Opportunities
an employee is
poor internal
experiencing
controls
financial difficulties
Personal Characteristics
personal morals of individual employees
Computer Fraud
Theft, misuse, or misappropriation of assets by
altering computer data
Theft, misuse, or misappropriation of assets by
altering software programming
Theft or illegal use of computer
data/information
Theft, corruption, illegal copying or destruction
of software or hardware
Theft, misuse, or misappropriation of computer
hardware
Data Collection Fraud
This phase of the system is most vulnerable because it is very easy to
change data as it is being entered into the system. Also called input fraud
(unauthorized alteration of data before it is entered, either directly or by
giving incorrect information to an innocent dupe).
Also, GIGO (garbage in, garbage out) reminds us that if the input data is
inaccurate, processing will result in inaccurate output.
Data Processing Fraud
Program Frauds
alteringprograms to allow illegal access to
and/or manipulation of data files
destroying programs with a virus
Operations Frauds
misuse of company computer resources, such
as using the computer for personal business
Database Management Fraud
Altering, deleting, corrupting, destroying, or
stealing an organization’s data
also called processing fraud
writing or altering the program to divert money
(e.g. salami slicing)
Oftentimes
conducted by disgruntled or
ex-employee
Information Generation Fraud
Identity theft
Stealing data
Industrial Espionage (spying)
Identity theft
Deleting data for fun
A lot of bored 16 year olds late at
night
Turning computers into zombies Mafia Boy
To commit crimes
Take down networks
Distribute porn
Harass (Irritate) someone
Ethical/white hat hackers exist too
Help break into networks to
prevent crimes
Wireless Fidelity (Wi-Fi)
Usingantennas to create “hot spots”
Hotspots – Internet Access (sometimes free)
Newport Harbor - All the boats in Harbor have internet access
San Francisco Giants Stadium – Surf the web while catching a
game
Wi-Fi High Jacking
60-70% wireless networks are wide open