Computer-specific Offenses

Previous page
Table of content
Next page
I l @ ve RuBoard

Computer-specific Offenses

Many countries have passed laws that address computer-specific crime, defining new offenses related to unauthorized access to computer systems (e.g., hacking, computer sabotage and distribution of viruses, computer espionage, computer forgery, and computer fraud) and new forms of committing the offences. Computer-specific offenses also includes the theft of computer equipment as well as unauthorized utilization of resources, such as CPU, disk, memory, network, and access. The object of the crime is often intangible, e.g., consumption of computer resources, or computer source code or passwords, or running up a company's telephone bill by using its modems to dial long distance.

There is a wealth of valuable information inside computers and they are generally easier to break into than a building. Criminals can perform their crimes from a distance with a level of anonymity and without detection. Even if they are caught, computer crimes are far less likely to be successfully prosecuted and often result in a lesser penalty.

Denial of Service

Denial-of-service attacks are always ongoing on the Internet. Most attacks are too small to make headlines. Small companies, who have little recourse, are often the victims of denial-of-service attacks. Most ISPs are unable or unwilling to assist in stopping an attack. If a single site is targeted , the traffic may not be enough to impact the ISP directly. It the attack is coming from outside your ISP, which it usually is, your ISP will usually help locate the apparent source of the attack, but little more. The ISP at the source has little incentive to help you with the problem since you are not a customer. Falsified addresses in the packets which are causing the flood make tracking and stopping the attack even more difficult.

Hackers can deny services to valid users by altering access permissions, altering network configurations, overloading services, or sending invalid data to a server. Merely filling a system's disk or memory to capacity may be enough to deny service to the system. Some security procedures that were created to keep hackers from gaining access to the system may keep authorized users from accessing the system.

In any case, these outages mean the loss of productivity to a company and loss of business, either directly or indirectly. They cost time and money to fix and can damage a company's image irreparably.

Denial-of-service attacks may be due to consuming system resources, as mentioned above, or a direct attack that makes it difficult to access the computer. This may be disabling all of the users' accounts, or changing their passwords, or disabling all the terminal ports to a system, or just shutting the system down.

Police in Surrey (UK) suspect local computer hackers may have played a role in orchestrating attacks on popular IRC (Internet Relay Chat) servers in Europe and the U.S.

Two major IRC channel networks in particular, Undernet and EFnet, have come under attack in recent months. This has affected servers based in the UK, the U.S. and elsewhere in Europe. The attack involves taking over numerous machines ” often located in different countries ” in order to bombard a server with an avalanche of fake information, rendering it inoperable. It is particularly hard to combat.

Surrey police say that numerous servers hosting IRC channels have become the focus of distributed denial of service (DDoS) attacks apparently in retribution after hackers were removed from certain channels for promoting illegal activity. [62]

[62] Knight, Will, "UK Police Crack Down on Local Hackers," ZDNet UK ( www.zdnet.co.uk ) , 24 January 2001.

Can your business survive without access to its computer? How much lost business and lost revenue will your business experience from a computer outage ? Disaster plans usually address these issues if the computer system is destroyed by fire or flood. Your disaster plan must also address computer outages caused by hackers.

A system may be compromised so that it can be used to attack other sites. The use of an intermediary increases the difficulty in tracking the attack back to its originator. Numerous compromised sites can be used to attack another site simultaneously , creating a distributed attack which is under the control of a single individual.

Denial of Access to Information

There have been a number of cases where the information was not destroyed, it was only made unavailable, sometimes through the use of encryption, other times by the destruction of the indexing method on the storage media. In any case, the owner of the information was deprived of the ability to gain access to the information.

Norway's Ivar Aasen Centre of Language and Culture called for a hacker's help after the creator of its database died without passing on his password. It took a 25-year-old Swedish hacker just five hours to succeed in getting into the system.

With more than 11,000 titles it would have taken the Centre about four years to recreate the catalogue if it had failed to find the password.

The incident sparked a serious debate among computer experts about how passwords should be taken care of. [63]

[63] Farrell, Nick, "Hacker Cracks "Dead" Password," Computing , 12 June 2002.

Cases such as this, along with the difficulty in defining what constitutes the theft or destruction of information, have lead a number of laws which address "denial of access" as a crime. They have been used in cases where access was denied to either services or information.

Viruses

E-mail viruses have become the most costly area of computer attacks, even though the full destructive capabilities of sending unknown code from untrusted sources has not yet been utilized. With active content, the ability to automatically run a program or macro without any intervention by the recipient, every e-mail message can be a threat. Viruses can live in the e-mail attachments or can utilize the macro capability of your e-mail program. E-mail attacks not only attack your site, but they can also use your address book to send themselves to your friends with your return address. The ability to widely distribute dangerous code so rapidly has led to specific laws addressing e-mail viruses.

A New Jersey man was sentenced to 20 months in prison for unleashing the "Melissa" virus in 1999, causing millions of dollars in damage and infecting untold numbers of computers and computer networks.

In a cooperating federal plea agreement, David L. Smith acknowledged that the Melissa virus caused more than $80 million in damage by disrupting personal computers and computer networks in business and government. [64]

[64] "Creator of Melissa Computer Virus Sentenced to 20 Months in Federal Prison," U.S. Department of Justice Press Release , 1 May 2001.

I l @ ve RuBoard

Previous page
Table of content
Next page
Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210
Authors: Donald L. Pipkin
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Network Security Architectures
C++ GUI Programming with Qt 3
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
GO! with Microsoft Office 2003 Brief (2nd Edition)
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy