I l @ ve RuBoard |
Computer-specific OffensesMany countries have passed laws that address computer-specific crime, defining new offenses related to unauthorized access to computer systems (e.g., hacking, computer sabotage and distribution of viruses, computer espionage, computer forgery, and computer fraud) and new forms of committing the offences. Computer-specific offenses also includes the theft of computer equipment as well as unauthorized utilization of resources, such as CPU, disk, memory, network, and access. The object of the crime is often intangible, e.g., consumption of computer resources, or computer source code or passwords, or running up a company's telephone bill by using its modems to dial long distance. There is a wealth of valuable information inside computers and they are generally easier to break into than a building. Criminals can perform their crimes from a distance with a level of anonymity and without detection. Even if they are caught, computer crimes are far less likely to be successfully prosecuted and often result in a lesser penalty. Denial of ServiceDenial-of-service attacks are always ongoing on the Internet. Most attacks are too small to make headlines. Small companies, who have little recourse, are often the victims of denial-of-service attacks. Most ISPs are unable or unwilling to assist in stopping an attack. If a single site is targeted , the traffic may not be enough to impact the ISP directly. It the attack is coming from outside your ISP, which it usually is, your ISP will usually help locate the apparent source of the attack, but little more. The ISP at the source has little incentive to help you with the problem since you are not a customer. Falsified addresses in the packets which are causing the flood make tracking and stopping the attack even more difficult. Hackers can deny services to valid users by altering access permissions, altering network configurations, overloading services, or sending invalid data to a server. Merely filling a system's disk or memory to capacity may be enough to deny service to the system. Some security procedures that were created to keep hackers from gaining access to the system may keep authorized users from accessing the system. In any case, these outages mean the loss of productivity to a company and loss of business, either directly or indirectly. They cost time and money to fix and can damage a company's image irreparably. Denial-of-service attacks may be due to consuming system resources, as mentioned above, or a direct attack that makes it difficult to access the computer. This may be disabling all of the users' accounts, or changing their passwords, or disabling all the terminal ports to a system, or just shutting the system down.
Can your business survive without access to its computer? How much lost business and lost revenue will your business experience from a computer outage ? Disaster plans usually address these issues if the computer system is destroyed by fire or flood. Your disaster plan must also address computer outages caused by hackers. A system may be compromised so that it can be used to attack other sites. The use of an intermediary increases the difficulty in tracking the attack back to its originator. Numerous compromised sites can be used to attack another site simultaneously , creating a distributed attack which is under the control of a single individual. Denial of Access to InformationThere have been a number of cases where the information was not destroyed, it was only made unavailable, sometimes through the use of encryption, other times by the destruction of the indexing method on the storage media. In any case, the owner of the information was deprived of the ability to gain access to the information.
Cases such as this, along with the difficulty in defining what constitutes the theft or destruction of information, have lead a number of laws which address "denial of access" as a crime. They have been used in cases where access was denied to either services or information. VirusesE-mail viruses have become the most costly area of computer attacks, even though the full destructive capabilities of sending unknown code from untrusted sources has not yet been utilized. With active content, the ability to automatically run a program or macro without any intervention by the recipient, every e-mail message can be a threat. Viruses can live in the e-mail attachments or can utilize the macro capability of your e-mail program. E-mail attacks not only attack your site, but they can also use your address book to send themselves to your friends with your return address. The ability to widely distribute dangerous code so rapidly has led to specific laws addressing e-mail viruses.
|
I l @ ve RuBoard |