Computer Crime Research Center

staff/gva2.jpg

Information protection in automated systems

Date: February 15, 2004
Source: Computer Crime Research Center
By: Vladimir Golubev

Information-communication technologies are the most important factor that affect forming of a society of 21 century. Its revolutionary influence concerns the way of life, education, work. Information technologies became vital stimulus for world economy development. They allow to solve economic and social problems more efficiently and inventively. The humanity entered a new age – age of information society. It is estimated, that in order to increase production of goods twice, fourfold increase in volume of information is needed. Yet two decades ago the volume of scientific information necessary for solving technological and social problems doubled each seven years. Since 1995 it was doubling annually or every two years.

Under such conditions, information that maintains crucial and historic directions of human activity becomes valuable product and main commodity. Its cost gradually approaches to the cost of material values. Under influence of the latest scientific and technological knowledge, production of goods radically modifies its technological basis. IT penetrate in mechanisms of mass social communications more profoundly: education, upbringing and training. IT influence formation of the personality, a way of living, system of legal relationship, etc.

The actuality of this article is determined by a process of active introduction of electronic payment and plastic cards systems that are using Internet networks in Ukrainian bank sphere. Besides, the number of threats is increasing, means of illegal interference and access to such information are being enhanced. Thus it is necessary to continue researches into this field and also improve legal and technical protection of information from unauthorized access.

Information is a strategic national resource nowadays, the main property of a state that plays increasing role in a system of government [1]. Information systems, information-analytic centers are functioning and being developed in state authorities and administrations, ministries and departments, regional and local authorities of USA, European countries, Russia. Information-inquiry and analytical systems positively affect sphere of state government and create new opportunities for its improvement and perfection.

Sure we can deny the fact that information technologies yet are not so widely used in all countries, prohibitive for many people and millions even do not know about satellites, PCs and the Internet. Humanity entered a new millennium having principally new instrument, simultaneously creative and destructive, therefore demanding very delicate treatment.

The global information civilization defined information as the main parameter. Publishing, press, radio, television, computers, other means of telecommunication became key factors of economy, manufacture, science, education, policy other spheres of social activities. It follows that various information systems and networks are reinforcing factors of society and state. Information society not only modifies the status of information as catalyst of positive shifts of social being (bulletin, knowledge, data), but also extends opportunities of information application for criminals on antisocial purpose [2].

The goal of this article is research into theoretical legal questions on information protecting in automated systems, examining of the main directions of state policy in this sphere and determining on this basis measures of state policy.

Threatening gap between levels of information technologies introduction and their legal, organizational and technical protection causes unusual anxiety of experts. According to UN estimations, losses from computer crimes all over the world have exceeded 1 trillion USD.

If we compare traditional and computer crimes, last are distinguished, first of all, by distribution in time and space of subject for infringement. In other words there is no need to penetrate in bank depository, cross borders or overcome security systems and alarms in order to steal money. It is enough to have a computer, initial data on access and protection of bank information systems, also a set of hacker programs and hacker experience.

The other important aspect of computer crimes lies in phenomena of information facelessness. Such traditional signs of criminalistic examination, as handwriting, fingerprints and other are not used in case of computer crimes.

One more specific character of computer crimes is the phenomena of software tools for computer infringements. Unlike traditional means of crime as: weapon, etc, tools of computer crimes are different software means of computer intrusion.

One of methods on computer crime committing is technical-technological method. Its main point lies in violating of information systems operation by influencing its vulnerable components. And though this kind of crime markedly differs from traditional terrorist crimes, its consequences may be similar to great man-caused disasters.

There is a great number of definitions of information security threats known that are similar by their main point in spite of differences in details: threat is danger (real or potential) of committing some action (activity or inactivity), directed to infringing main properties of information: confidentiality, integrity, accessibility.

Almost all researchers, while considering types of possible infringements of main properties of information, give one and the same list: theft (copying) and leakage of information, threat of accessibility - information blocking; integrity threats – alteration (deterioration) of information, denial of authentication or obtrusion of wrong information.

Tradition to emphasize three given types of threats comes, probably, from “Department of Defense Computer Security Evaluation Center; Trusted Computer System Evaluation Criteria (Orange Book); (1983, 1985)”. Such approach was held true in International standard ISO/IEC 15408-99 (historically named “Common Criteria”. These normative documents are dedicated to computer systems of information processing.

Civil legal, administrative, criminal proceedings may be instituted against guilty of illegal actions. At that, penalty degree depends on criminal sanctions when violation of the law according to their social amount, mass character, typical nature and firmness of display are criminalized as offences.

Today Ukrainian law that provides for criminal responsibility is becoming more adapted to tasks in conditions of information society development. Adoption of the new Criminal Code fundamentally changed approach to information as a subject of a crime. So, having recognized information as a subject of theft, appropriation, blackmail and other illegal acts, criminal law affirmed status of information as a subject of property right, it is adjusted with main regulations of Ukrainian information law. Until recently criminal legal doctrine excluded information from the list of possible subjects of thefts and other offences against property.

A new Criminal Code of Ukraine consists of Section 16 “Crimes in sphere of computers, computer systems and networks operation”. It includes three Articles:
Article 361 “Illegal interference with operation of computers, systems and networks”, that is an illegal interference with operation of automated computers, systems or networks resulted in distortion or erasing of computer information or destroying its carriers, and also to spreading of computer viruses by using software and hardware designed for illegal penetration into these machines, systems or networks and capable of distortion or erasing computer information or destroying its carriers”;
Article 362 “Theft, misappropriation, extortion of computer information or its capture by swindling or abusing official position”;
Article 363 “Violation of automated electronic computer operating rules”: violation of operating rules of automated computers, systems or networks on the part of a person responsible for their operation, if it entailed theft, distortion or erasing of computer information, security means, or illegal copying of computer information, or essential infringement of such facilities, systems or networks operation.

Undoubtedly with view of numerous threats in information field, high level of such crimes latency and difficulty of collecting evidence even on established facts – such kind of normative legal regulation in current law is not enough.

We may count some negative points that come along with information processes and cause difficulties of legal qualification: illegal sale of data bases of mobile communications subscribers, SMS archives, access to official information on subscribers location, hardware and software means with undeclared features; distribution of abusive or obscene materials in the Internet; copyright violations. This list may be continued. Unsuccessful dispositions of articles 361 and 362, where illegal acts are tied to computers, were criticized at discussions of the Criminal Code draft.

According to Information Week, development of a new project of high speed computer system will be finished soon. Its principle is based on a new quantum computer that will be much more powerful.

Ordinary computer thinks with help of numerous operations. It uses these small operations and bits of information, processor can remember figures and do all sortings of mathematical data in order to execute calculating commands. Quantum computer will be much more perfect than present models. It will use intra-atomic particles –...
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2004-08-04 11:42:17 - pointing the ways to an automated society sakina
Total 1 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo