Combating Computer Crime
Date: January 10, 2005Source: Computer Crime Research Center
By:
To better understand the situation, users and companies must be aware of the indicators that problems with computer crime exist. One of these indicators is that many companies are involved in computer crimes. Eighty-five percent of companies reported security breaches in their systems, and 94% detected viruses in their systems in 2001 (“Computer Crime Soaring,” 2002). Furthermore, the U. S. Defense Department was also hacked many times. It alone was hit by about 250,000 hacks in 1995 (Allbritton, 1998). These hacks aren’t minor, hacks cost a lot of money in damage. Hacking resulted in a cost of about 377 million dollars (“Computer Crime Soaring,” 2002). This problem is also rising and needs to be quelled. Break-ins are rising rapidly and double every year (“Experts: Computer Hacking,” 1999).
Companies and users must also be aware of who the hackers are and their victims. The victims of hacks come in an extensive range. The major targets for most hackers are fortune 500 companies, who are big names and make a lot of money (Allbritton, 1998). “If this [breach of security system] could happen to Microsoft, this can happen to anybody,” said Sandra England, president of PGP Security (Markoff, 2000, p. A5). The fact is, though, that every online--computer user is at risk. A hacker can penetrate virtually any computer on the Internet if he has the right tools (“Experts: Computer Hacking,” 1999). In addition to knowing the victims, users and companies should know who the hackers really are. The real bad guys are often just mischievous youth trying to steal credit cards or breaking into advanced systems. A hacker going by the pseudonym “Route” says the major hackers are generally “this tiny minority of 13- to 18-year olds who learned to make toll calls for free” (Allbritton, 1998, p. A4). Moreover, some people even hack in online gaming to steal another’s virtual items, which can also be sold over the Internet for money (Ward, 2003). Most hackers, though, are actually crackers and don’t hack to do real damage but only want to embarrass big-name companies (Ma, n.d.). However, many people are still accessing data with criminal intent. These people can vary from revengeful employees trying to backstab their company to foreign spies wanting to access government files. Some do it simply to steal money, valuable objects or code (Allbritton, 1998). Interestingly enough, half of unauthorized system intrusions involve insiders who actually have legitimate access to the system (Schindler, 2000).
Hackers have many ways of hacking and gaining access to systems. One common way of getting almost anything out of a computer is by utilizing a virus. By accessing the network a hacker can easily put a virus in the source code of big-name programs like Windows and Office, which will damage computers that run or use this software (Markoff, 2000). One of the types of viruses are Trojan horses, which are hidden instructions embedded in software or email that, once opened, may modify, damage or send important data. Another type of virus is the logic bomb, a virus that is placed on a computer to run after a specified amount of time, allowing time to clear up the evidence (Information Systems Unit, n.d.). Other ways that hackers hack are by using program bugs. Examining the original program’s instructions can let a vandal find vulnerabilities in programs not known to other people and use them to his benefit (Markoff, 2000). Another problem with these bugs is that even after bugs are found, a company may spend months before releasing a fix for it (“White Paper: Lies,” 1999). Furthermore, many hackers utilize vulnerabilities involving computer use. One of these methods is called data diddling. This is when a hacker modifies certain programs to send certain information such as passwords and names back to him when other people use these programs. Many hackers also gain access to systems by guessing passwords. Users often have simple passwords that someone could guess by knowing a few things about the person (Information Systems Unit, n.d.). A hacker may even simply pose as a member of a department to gain access to certain data (Schindler, 2000).
Computer crime can cause many damaging results. For one, computer crime can cause damage involving data. Once inside, a hacker can steal desired items such as credit-card number and passwords (“White Paper: Lies,” 1999). He can also manipulate and destroy crucial data such a bank accounts, legal files or personal information (Zikun, n.d.). In addition, hackers can take control of various services, including one time when hackers figured out how to control the phone service nationwide in order to win prizes on phone-related games (Schindler, 2000). Computer crime can also cause business failure. Hacking has caused government sites to temporarily and permanently shutdown, giving users and employees denial-of-service errors when trying to access them (“Experts: Computer Hacking,” 1999). Hacks resulting in losing credit-card numbers or social-security numbers can result in costly lawsuits, threatening bankruptcy for the company (Schindler, 2000). Moreover, after websites are hacked, businesses often lose their credibility, and consumers look elsewhere for the services (“White Paper: Lies,” 1999).
Stopping computer crime has many problems to it. For one, hacking is very easy to do for almost anyone. With so many freely available hacking tools, almost anyone can go around networks and attack machines (“Experts: Computer Hacking,” 1999). Furthermore, hackers identify themselves with anonymous names so that tracing a crime back to its source can be difficult (Allbritton, 1998). Even the government has a critical shortage of trained computer scientists for defense. Most go the private industry, and the current government systems designers haven’t been careful with protecting their sites (“Experts: Computer Hacking,” 1999). Current anti-virus protection is also another problem with stopping computer crime. Standard anti-virus protection is limited in that it can only find known viruses, leaving new viruses to devastate a user or companies systems (Kabay, 2000). Besides having bad protection against computer crime, companies have bad detection of computer crimes. A study by the U. S. Department of Defense, where they attacked 38,000 of their own computers and penetrated 65% of them, detected only 4% and only reported 1% of them (Schindler, 2000). Moreover, most hacks are detected only long after the attack took place (Allbritton, 1998). Prosecution of computer crimes is also inadequate. Getting evidence to prove a crime was committed can be hard since data is so easily manipulated before and after a crime takes place (Ward, 2003). In addition, computer crime has an inadequate punishment system. Even if a computer crime is committed, the hacker is given a punishment that doesn’t fit the crime, and the victim is required to take most of the action (Zikun, n.d.).
Although users have many problems facing them involving using the Internet, they also have several ways of preventing these problems. For instance, they have many ways to keep their passwords secret. To keep someone from guessing their passwords, they should use special characters, numbers and letters and use at least eight characters. In addition to keeping their passwords safe, they can use and upgrade certain software to prevent problems with their system. Firewalls allow the user to set policies on his system that will block unwanted data, hidden content or message attachments from his system. The user should also use anti-virus software that can detect logic bombs, Trojan horses and known viruses (Information Systems Unit, n.d.). Users need to upgrade their software whenever it is available to prevent the majority of problems (“White Paper: Lies,” 1999). Furthermore, hackers can help prevent problems. Many elite hackers now work to find weak spots in networks and publicly display them so companies will fix them (Allbritton, 1998).
In addition to having users prevent problems, companies have many ways to improve their security systems. Companies need to reevaluate their security systems and respond accordingly. “Companies need to re-evaluate their own security policies and infrastructure,” said Sandra England (Markoff, 2000, p. A5). A business should regularly assess its vulnerabilities and respond accordingly with buying firewalls, installing software or upgrading security (Schindler, 2000). Moreover, companies can undertake various actions to improve their security systems. A company should perform regular audits and supervise their employees well. It...
Next
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2007-01-25 11:02:29 - thanx for putting all this info on your... lizzy |
| 2005-09-17 07:12:46 - Your site is realy very interesting! Mond |
| 2005-03-11 12:38:23 - asdfasdfasdfasdf zxdfzsdf |
| Total 3 comments |
