Computer Abuse Case Studies

Case Study 1. New South Wales (NSW) Police

There have been many cases of male police officers accessing the police database to satisfy their curiosity about people, particularly young women, in whom they have a personal or sexual interest (Enders & Enders, 2000). There has also been further indiscreet disclosure of the information about those people. For example, one officer accessed personal details about his dentist s receptionist since he liked the look of her and wanted to find out her age, which he then passed on to his male colleagues (NSW Ombudsman, 1992).

In another case, a detective senior constable accessed personal information about his ex-wife to ascertain her financial situation and the people she was associating with (NSW Ombudsman, 1993). Another detective, an inspector, accessed the criminal history details of his former daughter -in-law s new husband, while another officer, charged with assault, accessed details of witnesses due to appear in his own court hearing (NSW Ombudsman, 1993). In the case of police officers abusing their powers, these matters are aggravated by the extent and privileged nature of the information stored on the Police Service s computer system and accessible to police officers (NSW Ombudsman, 2000). The Police Service has a genuine need for information from members of the public and other agencies to investigate crime. The public has a right, supported by legislation, to expect that information they give to any agency will be used lawfully. The misuse of computer access by a substantial number of police officers can only reduce public confidence in the police service (Brammer, 2000). The ethical issue relates to the fact that an organisation that has been put in a position of trust within society can easily abuse that trust.

Case Study 2. Computer Abuse in Western Australia

The following case study was based upon work undertaken within Western Australia (Valli, 2002) and was based upon a problem in which computer abuse is harder to define ” abuse of company resources. The case study looked at three organisations. Organisation A was a large university department with 846 users who consumed 121 gigabytes of traffic in four calendar months. Organisation B was a large state government agency with 1,995 users who accessed 142 gigabytes of material in six months. Organisation C was a medium- sized state government agency with 309 users who downloaded 33 gigabytes of material in eight calendar months.

The level of unacceptable usage was determined from the final output from the Web log file analysis tool. This metric measured the level of usage and was based on the allocation of the categories as acceptable, neutral, or unacceptable, as a result of applying the policy on approved Internet usage of each of the three organisations to the actual Web sites that were visited. A summary of the analysis is shown in Table 1.

It should be noted that not all non-business usage was a result of user action via direct request and download of content. In all of the case organisations examined, the banners/ads category consumed significant bandwidth. Much of this material serves no purpose other than to advertise products; it is typically graphical in nature and comprises non-cacheable objects. In some pages, banners and ads can account for up to 80-90% of downloaded page volume (Valli, 2001).

The issue of computer abuse was further complicated by the actions of users and the way they tried to mask their behaviour.

In Case 1, users were trying to avoid detection by accessing the material early in the morning; for example, between 1 a.m. and 4 a.m., when the probability of detection through natural surveillance, such as the use of active audit trail monitoring or a walk-in, would be low. This behaviour was a result of the users having intimate knowledge of the workings of the organisation and socially engineering their activities to reduce the probability of detection.

In Case 3, users were trying to mask non-business use by hiding their activity amongst large volumes of legitimate traffic, which could be called the needle-ina-haystack approach. Unlike the previous cases of detection avoidance , the users actively researched the sites they were visiting, but did so in a stilted and controlled manner. The threads of evidence were there to be found, but they were buried under considerable amounts of legitimate traffic generated by the misuser. This needle-in-a-haystack approach is simple and exploits a weakness in the modus operandi of Web log file analysis tools. The role of a Web log file analyser is to reduce the thousands, sometimes millions, of log file entries into a neat, reduced executive report that a system administrator analyses to interpret trends and patterns in traffic.

The ethical dilemma comes with trying to prove that employees are using the Internet for non-business purposes and whether that would constitute computer abuse.

Case Study 3. Example of an Australian Hacking Case “ Ethical Implications

The following is an example of a typical Australian hacking case in chronological order. The case study shows how a hacking incident can develop, how the press becomes the focal point, and how the ethical issues are overlooked (Lopez-Fernandez & Warren, 2002):

Carr defends MP in hacking case, Australian Financial Review , 7 Aug 2001. The New South Wales (NSW) Labor MP at the centre of a hacking scandal said yesterday he had once trained as a computer programmer, after initially saying he wouldn t know the first thing about hacking into a computer. It also emerged yesterday that the computer of a senior Liberal MP, Mr. Peter Debnam, had been unlawfully accessed at Parliament on a public holiday. A computer belonging to the Labor MP, Mr. Tony Kelly, was seized by NSW Police yesterday after allegations that confidential files belonging to the Opposition were found on a computer in the parliamentary office of the State Government s leading Upper House strategist Mr. Tony Kelly.

Office ban on computer MP s son. Sydney Morning Herald , 7 Aug 2001. The son of the Labor MP at the centre of computer hacking allegations at State Parliament was barred from his father s parliamentary office last month, the Herald has been told. The Upper House MP, Mr. Tony Kelly, who admitted training as a computer programmer in the 1970s and 1980s, refused to comment on reports his son had extensive computer skills. It is understood Mr. John Kelly has been a regular visitor to his father s office.

Hacking skills denied . Illawarra Mercury, 7 Aug 2001.

The NSW Labor MP at the centre of a parliamentary computer hacking scandal has revealed he had been a computer teacher at a TAFE college.

Political espionage. Sydney Morning Herald, 8 Aug 2001.

Sometimes security is only noticed when there is none. The discovery that a State Government MP s office computer may have been used to hack into Opposition computer files has shaken the customary quiet sense of security that pervades parliamentary life.

MP in hacking affair steps aside. Sydney Morning Herald , 08 Aug 2001. The controversy surrounding the alleged hacking of an Opposition MP s computer deepened yesterday as the Carr Government politician at the centre of the allegations was forced to stand aside from his parliamentary positions .

Hacking claims: MP steps aside. Illawarra Mercury , 8 Aug 2001.

The NSW Labor MP at the centre of a parliamentary computer hacking scandal stood aside from his Upper House duties yesterday as the search for the hacker continued .

NSW Labor MP steps aside during inquiry into hacking. Australian Financial Review, 8 Aug 2001.

The NSW Labor MP Mr. Tony Kelly stood aside from parliamentary duties yesterday amid a police investigation into computer hacking at State Parliament.

Labor MP steps down from duties. Newcastle Herald, 8 Aug 2001.

The NSW Labor MP whose office computer is at the centre of a parliamentary computer hacking scandal stood aside from his Upper House duties yesterday as the police investigation continued.

Hacking software found in MP s computer. Sydney Morning Herald , 9 Aug 2001.

A computer in the office of the Labor MLC Mr. Tony Kelly was loaded with password sniffing software that could have been used to break into the personal files of the Liberal MP Mr. Charlie Lynn, a consultant hired to investigate hacking allegations inside the NSW Parliament has found. The Herald has confirmed that the 12-page preliminary report by a Melbourne firm, Sec, commissioned by parliamentary staff and handed to police on Tuesday, recommends a more detailed analysis of the computer files.

Staff kept suspicious software under wraps. Sydney Morning Herald , 10 Aug 2001.

The NSW Parliament hackergate controversy deepened last night when parliamentary staff revealed they had covered up for nine days the discovery of suspicious software on an MP s computer.

Carr denies Labor not cooperating. Illawarra Mercury , 13 Aug 2001. NSW Premier Bob Carr has denied Labor members were unwilling to cooperate with the police inquiry into State Parliament s computer hacking scandal.

MPs House rules frustrate police hunt for hackers. Sydney Morning Herald, 14 Aug 2001.

Police investigations into computer hacking allegations at the NSW Parliament are being frustrated by parliamentary privilege.

Hacker squad get the go-ahead on MPs files. Sun Herald , 19 Aug 2001. Detectives from the Commercial Crime Agency will return to Parliament House in Macquarie Street tomorrow following a major breakthrough in the computer hacking investigation.

MP clear in hack inquiry. Illawarra Mercury , 31 Aug 2001.

NSW Labor MP Tony Kelly was cleared yesterday of any criminal activity by police investigating allegations of computer hacking at State Parliament.

Police clear MP of hacking allegations. Sydney Morning Herald, 31 Aug 2001.

The mystery surrounding the NSW Parliament hackergate controversy remained yesterday when police cleared the Upper House Labor MP Mr. Tony Kelly. They found that there were computer files belonging to Liberal Party MLC Mr. Charlie Lynn on a computer from his office.

MP s son admits: I loaded software. Sun Herald , 2 Sep 2001.

John Kelly, son of embattled Labor MP Tony Kelly, has told police investigators that he loaded hacker software on to his father s Parliament House computer.

Parliament insecurity. Sydney Morning Herald , 3 Sep 2001.

The police inquiry into State Parliament s so-called hackergate controversy has done nothing to restore faith in a system that should guarantee MPs unconstrained freedom in representing the public effectively. After a month-long investigation police have confirmed that unauthorised copies of computer files belonging to the Liberal MP, Mr. Charlie Lynn, were found on a computer in the parliamentary office of the State Government s leading Upper House strategist Mr. Tony Kelly. This is a serious finding.

IT blamed for secret downloads. Sydney Morning Herald , 4 Sep 2001. Questions continue to be raised in the mystery over the NSW Parliament hacker scandal after a report blamed parliamentary IT staff for accidentally loading confidential files belonging to the Opposition MLC, Mr. Charlie Lynn, on to the computer of the NSW Labor MP, Mr. Tony Kelly.

Kelly no computer hacker. Illawarra Mercury, 4 Sep 2001.

NSW Labor MP Tony Kelly has demanded an apology from Opposition leader Kerry Chikarovski after being cleared yesterday of hacking into confidential Liberal Party computer files.

MP s son loaded hacking software. Illawarra Mercury, 5 Sep 2001. The NSW Labor MP embroiled in a computer hacking scandal has confirmed his son was responsible for loading suspect software on his PC.

Revealed: How MP s son used computer in hacking scandal. Sydney Morning Herald , 5 Sep 2001.

The son of Mr. Tony Kelly, the Labor MP at the centre of hacking allegations, was using a computer in his father s parliamentary office late one Friday night to run software that can scan computer networks for security weaknesses while his father was overseas on parliamentary business.

No evidence of hacking, says clerk of Parliament. Sydney Morning Herald, 7 Dec 2001.

The clerk of the NSW Parliament did not contact police after security software was found on an MP s computer because he had no evidence that any offence had been committed, he revealed last night. In a final report on the hacker controversy sparked after suspicious software and files were found on the computer of Legislative Council member Tony Kelly in July the clerk of the NSW Parliament, John Evans, said it would have been inappropriate of him to assume an offence had occurred without independent evidence.

This case study shows the main aspects of a hacking crime:

• the actual attack and determination that an attack had taken place;

• the response to the attack by the organisation;

• involvement of legal authorities;

• outcome of investigation.

From an ethical viewpoint, it is interesting how the press reported the incident and raised unconnected issues; that is, an MP had been a computer teacher at a TAFE college. The case study showed two main ethical issues:

• The MP s son has access to his father s Parliament House work computer and was able to install computer software. The aim of the software was to scan the network for security vulnerabilities (e.g., government network). An ethical solution would be to ensure that users do not allow other people to use their computers.

• The accusation that IT staff had accidentally downloaded sensitive computer files upon another user s computer. The ethical dilemma is that if it happened , then why? If the IT staff did download the material accidentally, then it is an issue of professionalism ; if they did it with the intention to cause harm, it is an issue of unethical behaviour.

At the end of the day, no criminal charges were laid, and the matter was resolved. If some simple ethical guidelines had been applied, the whole series of events would never have occurred in the first place.