Computer Crime, Ethics and

Security

For K. S. School of Business management

Management Information System

- Ms. Dhumsi

Computer crime

Computer crime is defined by Association of Information Technology Professionals as including

1) The unauthorised use, access, modification & destruction of hardware, software, data or network resources.

2) The unauthorised release of information,

3) The unauthorised copying of Software,

4) Denying an end user access to his/her own hardware, software, data or network resources, and

5) Using or planning to use computer or network resources to illegally obtain information or tangible property.

Computer crime is increasing by criminal or irresponsible actions of individuals who take advantage of weaknesses of computer, internet and other networks.

It is a serious threat to the integrity, safety and survival of E-Business System.

Computer crimes like:

Stealing or compromising data

Gaining unauthorized computer access

Violating data belonging to banks

stopping communications

Threatening to damage computer systems

Disseminating viruses

Business security,

Ethics and Society

Employment

Health

Individuality

Crime

Privacy

Working conditions

Challenges in Working Conditions

Hacking

It is the obsessive use of computer or the unauthorized access and use of networked computer system.

Illegal hackers are called as Crackers also, apart from getting unauthorized access they also steal or damage data and programs.

Hacking Tactics

1) Password Tracker: software that cracks the password.

2) Scans : take advantage of loop wholes in the computer system or software program.

3) Dumpster diving: finding private info in garbage cans.

4) Spoofing: stealing passwords through a false login page/email address. It redirect a web link to an address different from the intended one.

5) Social engineering: tricking employees to gain access.

6) Denial of service: by making too many requests for information, an attacker blocks, slow down or crash the system.

7) Sniffer : a program secretly monitors information travelling on network. It helps identify potential network trouble spot and criminal activities on network.

Cyber theft

Many computer crimes involve theft of money.

Get unauthorized network entry and does alteration in database, track records etc in the office.

Companies can’t reveal theft information as the customers will be scared and there will be complains from them.

Eg. Theft from citi-bank account.

Unauthorized use of computer system and networks is also called time and resources theft. Eg. Playing games, personal shopping, personal business on office computer.

Other Computer Crimes

Identity theft - a fraud obtains key aspects of your personal information to take advantage of your name and take credit or service. Eg. Credit card number, license number.

Phishing – setting up fake websites or sending emails that looks like true website and asking personal information from you. It may instruct to update information, respond to email etc.

Evil twins – are wireless networks that pretends to offer good Wi-Fi.

Pharming – redirects users to a bogus webpage, even when a person types correct webpage address.

Click fraud – internet advertisement – pay per click. Click on ad shows intension to know more about the ad or intension to purchase.

Cyber Defamation: Defamation takes place with the help of computers and/or the Internet e.g. someone published defamatory matter about someone on a websites or sends e-mail containing defamatory information about a person.

Computer virus

It’s a fraud software program that attaches itself to other software programs or data files in order to be executed usually without user knowledge or permission.

Worms – independent computer programs that copy themselves from one computer to other over a network. It destroys data, disrupt it or halt the operations of computer networks.

Trojan horse – software program that appears good but does something other than expected. Its not a virus but it gives way to viruses to enter in the computer.

Key loggers – records every key stroke made on the computer to steal serial numbers of software, to gain access to email account etc.

Melissa – it prompts Microsoft outlook to send infected document to the first 50 entries in the user’s address book. It caused damage of around 600 millions in U.S.

Sobig.F –it was a worm. It spreads via email attachments and sends massive amounts of mails with false sender information.

Internet abuses at workplace

General email abuse – spam, spread virus/worms.

Unauthorized usage and access - sharing of password and access into network without permission.

Copyright infringement – using illegally or pirated software.

Transmission of confidential data – using internet to display or transmit trade secrets.

Non work related uploads/ downloads – use programs that allows transmission of movies, music etc.

Leisure use of internet – doing shopping, personal emails, chatting , gambling online, gaming, social networking.

Moonlighting – using office resources for personal business.

Computer ethics

Continue..

Information accessibility

Deals with what information a person has the right to obtain about others and how the information can be used. Eg. Finance dept has right to get info of marketing dept to know their exp and all.

Privacy

Protecting one’s personal information.

Information accuracy

Deals with authentication and reliability of information.

Information property

Deals with who owns information about individuals and how information can be sold and exchanged. Eg. Info relating to finance will be owned by finance dept.

Computer ethics at work

Business ethics – to protect intellectual property rights, to have privacy of customer and employee information, securing company’s confidential information etc.

If business ethics are taken care off then no computer crimes in the office will take place as all information are secure and there will be strict control to access it.

Businesses are working for the benefit of their stakeholder so if such issues are happening in the office then it will affect the business of the firm and cost a lot.

Eg. Customer data is getting leakage then competitors might take benefit of it and you will lose upon your business.

Continue..

Technological ethics – if the co. is to much dependent on computers then schedules of workers should be prepared in such a way that do not lead to health issues.

Benefits of the system should be more than the risk involved in it.

Workers should be aware about the risk involved in using the technology.

Benefits and burdens of the technology should be distributed fairly.

All unnecessary risks should be avoided.

Security of System A Corporate Firewall

They are like gatekeepers. The firewall is placed between the firm’s private network and the public Internet to protect against unauthorized traffic.

Security of system

Encryption : The process of transforming plain text or data into coded text that cannot be read by anyone other than the sender and the intended receiver

Encryption… Decryption

Pair of public key and private key which is unique to each individual.

Security of system

Public Key Encryption

A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.

Security of system

Antivirus Software

Continuous updation is the key! Securing Wireless Networks

A central authentication, server authenticates each user on the network.

WiFi + VPN Digital Signature

Used to verify the origin and contents of the message.

Helps to associate a message with a sender (similar to traditional signatures).

Biometric security Voice verification, hand geometry, retina scanning,

face recognition etc. Backup files

Duplicate file of data or programs.

System Control and Audits

Information System Controls attempt to ensure accuracy, validity and correctness of information.

It is designed to monitor and maintain quality and security of input, processing, output and storage activities of an IS.

Here control software indentifies incorrect or improper inputs that enters in your system.

Auditing with internal or external auditors. Try to evaluate whether adequate security measures and mgmt policies have developed and implemented or not.

Check of audit trail – a document that allows transaction to be traced through all stages of information processing.

Security measures in case of internet use

Use of anti-virus and firewall software.

Don’t allow anyone to store credit card information.

Send credit card numbers through secure sites.

Hard to guess password.

Different password in different sites.

Don’t open email attachments unless the sender is unknown.

Thank You