Computer Crime

Computer systems and software have helped the world become a highly productive place. We can educate ourselves with just about any topic in minutes using our little windows to the world. We can reach thousands of people with just a couple of clicks. We can make money, get a job, and do other productive things such as quickly help other people in under privileged countries use money and computers.

Computers and the Internet have provided a gift to us human beings. Or is the flip side of the coin true? Are computers and the Internet the battleground on which future wars will be waged?

It is becoming apparent, in this technical age in which we live, that computers are becoming the weapons of choice for criminals, terrorists, disgruntled geniuses, and highly educated little kids that are bored with electronic games.

Based on the recent dramatic increase in computer-related cyber crimes, it is likely that the future CompTIA Security+ certification exam might include an entire section of questions dedicated to computer crime and associated computer crime attacks. For the current Security+ exam, it is important for you to have a basic understanding of the following attack categories and computer crimes, which are considered illegal.

Fun Attacks

Computer Fun attacks are computer-related attacks or breaches of computer security generally committed by younger people or script kiddies-college students or the average Joe with a little more knowledge than they should have, sitting at home experimenting with a computer system and a hacker's guide usually purchased at a local bookstore. Fun attacks are not typically meant to cause damage or harm. They are not generally used as a means to steal or gain specific information that would jeopardize the welfare or health of a business. Instead, these types of attacks are generally all about ego.

The person carrying out the Fun attack is usually interested in seeing if they can first break into a system or network, then seeing how far they can get. The goal of the Fun attacker is of a boastful nature. 'What can I get?' 'How far can I get?' and 'Who can I tell how special I am for getting there?' are usually the interests of this individual or group. If you did your homework in the earlier section regarding computer law, you are aware that unauthorized entry into a personal or business system or network is a crime. Therefore, those waging Fun attacks that mean no harm are still breaking the law and committing punishable crimes. In simple terms, if you go into a locked store and do not steal anything, you are still breaking the law whether or not you meant any harm to anyone.

Grudge Attacks

A grudge attack is an attack on a program, system, or network that is usually initiated by a disgruntled employee or former employee who feels they have a score to settle with a certain company or employee. These types of attacks are usually launched from remote locations using existing VPN connections, or in the form of a particular type of malicious code, such as a logic bomb. It is difficult to protect inside information and systems from newly released or currently disgruntled employees. Strict company policies and fast communication methods should be in place to quickly notify network and security personal of employees who have left the company or employees who exhibit particular behavior.

Business and Financial Attacks

It makes sense that hackers and would-be thugs often target profitable businesses and financial institutions for information and possible profit. It is highly important for these types of businesses to employ strict policies and use only the most effective security defense mechanisms. Because these types of organizations are high profile and are generally accessible by the public for commercial purposes, they are tempting targets for cyber criminals.

Terrorist Attacks

Recent terrorist actions have prompted governments and individuals to scrutinize their physical as well as logical defense mechanisms. It is obvious that computerized terrorist attacks will eventually target information systems and Enterprise networks more frequently. Terrorists use computers and software to manipulate funds, trade information, and carry out other tasks that inevitably result in destruction and crime. Important legislation is enacted and more legislation is pending to protect the welfare and privacy of certain governments. An important act that addresses many of the growing concerns regarding the protection of information systems by deterring and obstructing terrorism is the U.S. Patriot Act. Public information is available regarding the Act at http://www.cdt.org/security/010911response.shtml.

Data Diddling

Data diddling is one of the most commonly committed computer crimes of the day. An internal company employee typically carries out this type of crime. It involves the changing of data or information before or as it is entered into a system or program. The data is usually changed back to original form after it has been processed or calculated. Data diddling is common in financial institutions, businesses, schools, and government. It costs companies, organizations, and ultimately taxpayers a fortune every year to cover the losses of this difficult-to-detect attack.

Salami Attacks

A salami attack is a computer-related attack with intention of making a financial gain using very small increments of information and money that usually go unnoticed. For example, if a program is written to deduct 10 cents from the separate automatic payroll deductions of 400,000 employee paychecks before the paychecks are deposited into the proper bank accounts, the program writer can devise a scheme where the selected amount is deposited into a separate account and make quite a profit. Most of the employees will not notice that they were missing 10 cents. It would be possible for utility companies to carry out a similar salami attack. For example, say 700,000 people were 'accidentally' overcharged $1.00 on their utility bill for one month. Most people would not notice a thing. The amount of $700,000 would be a big mistake, wouldn't it?

Software Piracy

Software piracy can be defined as the illegal duplication, use, and distribution of software. It is now estimated that 40 to 50 percent of all currently used software is pirated or stolen. Chances are that you, the company you work for, or the school you are enrolled at are using illegal software in one form or another.

Many private companies that sell computers or clones will build computers and load one licensed copy of an operating system on many systems. They make an illegal profit by only purchasing one legal license. When you purchase a system from a seller or computer dealer, make sure you get the software and a legal license from the manufacturer to use that software.

The best way to fight piracy is to use only licensed software and report uses of counterfeit or illegal software usage to the original manufacturer of the software.

There are strict punishments for those convicted of software piracy. Stealing software is no different than stealing anything else. In other words, when you burn a copy of that really neat game, top-ten music CD-ROM, or copyrighted schoolbook, you are committing a felony punishable by up to five years in prison.

Espionage

Espionage is considered the act of spying on someone or something with the intent of gaining secret, personal, or classified information. More specifically, computer and information related espionage is the act of spying on computer systems, networks, and stored information with the intent of obtaining confidential information. Where it applies, most governments and financial business institutions are required by law to institute certain intrusion detection systems, monitoring and other devices in order to protect themselves from unauthorized access as well as espionage.

Embezzlement

Embezzlement is the illegal use of or stealing property that belongs to someone else that has been entrusted to your care. For example, someone trusts you to take care of his or her bank accounts. You, in turn buy a new a car with his or her money. Embezzlement crimes typically involve an element of trust of confidence. Many embezzlement cases involve lawyers, bank employees, business leaders, trustees, and agents. These are just a few examples of those entrusted with Due Care and moral responsibilities.

There are many laws in place to protect society from embezzlement. Company policies often include statements that potential employees must read and sign regarding embezzlement and the punishments that exist for those caught embezzling.

Fraud

Fraud is the intentional misrepresentation of the truth in order to gain a business edge, financial profit, or something considered valuable. Fraud can also be defined as trickery, deception, and lying in order to position oneself for illegal gain.

The Internet provides a huge playing field for scammers and cheaters to carry out fraudulent activities. Fake auctions, deceiving providers of goods and services, false advertisements, and many other illegal fraudulent booby traps await innocent web surfers who believe what they read and what they click on.

Fraudulent activities at work should be reported to Human Resources and company management. Fraudulent activity on the Internet should be reported to your Better Business Bureau and possible local or state government or representative.

The following public Internet site contains some excellent information that can help you become better educated and assist you with avoiding computer fraud and other threats: http://www.techtv.com/cybercrime/aboutus/story/0,23008,3339221,00.html.