ch07

Chapter 7-1

Chapter 7-2

Chapter 7Computer Crime, Ethics, and Privacy

Introduction

Computer Crime, Abuse, and Fraud

Examples of Computer Crimes

Mitigating Computer Crime and Fraud

Ethical Issues, Privacy, and Identity Theft

Chapter 7-3

Computer Crime

Computer Crimeinvolvement of the computer in a criminal act directly, or indirectly.

definition important because it affects how the statistics

are accumulated.

a small proportion gets detected even smaller proportion gets reported.

Chapter 7-4

Computer Crime & Abuse - the Difference

Computer crime involves the manipulation of a computer or computer data, to dishonestly obtain money, acquire property, or get some other

advantage of value, or to cause a loss.

Computer abuse is when someone’s computer is used or accessed a mischievous manner with a motive of revenge or

challenge is punishable in extreme cases

Chapter 7-5

Federal Legislation

The Computer Fraud and Abuse Act (CFFA) of 1986 which was amended in 1994 and 1996Defines computer fraud as an illegal act for which computer technology is essential for its perpetration, investigation, or prosecution.

Defines seven fraudulent acts, the first

three are described as misappropriation

of assets and the last four as “other” crimes

Chapter 7-6

CFAA Fraudulent Acts

Unauthorized theft, use, access, modification, copying, or destruction of software or data.

Theft of money by altering computer records or the theft of computer time.

Intent to illegally obtain information or tangible Property through the use of computers.

Chapter 7-7

CFAA Fraudulent Acts

Use or the conspiracy to use computer resources to commit a felony.

Theft, vandalism, destruction of computer hardware.

Trafficking in passwords or other login information for accessing a computer.

Extortion that uses a computer system as a target.

Chapter 7-8

Other Federal Legislation Affecting the Use of

Computers

Fair Credit Reporting Act of 1970

Freedom of Information Act of 1970

Federal Privacy Act of 1974

Small Business Computer Security and Education Act of 1984

Computer Fraud and Abuse Act of 1986

Chapter 7-9

Federal Legislation Affecting the Use of

Computers

Computer Fraud and Abuse Act(1996 amendment)

Computer Security Act of 1987

USA Patriot Act of 2001

Cyber Security Enhancement Act of 2002

CAN-SPAM Act of 2003

Chapter 7-10

Which of the following pieces of computer legislation is probably the most important?

a. Cyber Security Enhancement Act of 2002

b. Computer Security Act of 1987

c. The Computer Fraud and Abuse Act of 1986

d. Federal Privacy Act of 1974

Federal Legislation Affecting the Use of

Computers

Question

Chapter 7-11

The Lack ofComputer-Crime Statistics

Computer-crime statisticsGood data unavailable Three reasons

(1) private companies handle abuse internally

(2) surveys of computer abuse areoften ambiguous

(3) most computer abuse is probablynot discovered.

Chapter 7-12

The Growth of Computer Crime

Computer crime is growing because of Exponential growth in computer resources

Internet pages give step-by-step instructionson how to perpetrate computer crime

Chapter 7-13

Importance for Accountants

Importance of computer crime and abuseto accountants

because AISs help control an organization’s financial resources are favored targets of disgruntled employees

seeking financial gain or seeking revenge

Chapter 7-14

Importance for Accountants

because they are responsible for designing, implementing, and monitoring the control procedures for AISs.

because firms suffer millions of dollars incomputer-related losses due to viruses, unauthorized access, and denial of service attacks

Chapter 7-15

Three Representative Computer Crimes Cases

Compromising Valuable Information: The TRW Credit Data Case

Wire Fraud and Computer Hacking: The Edwin Pena and Robert Moore Case

Denial of service: The 2003 Internet Crash

Through a very speedy computer worm, the Slammer worm

Chapter 7-16

The TRW Credit Data Case

This computer crime is well knowninvolved computerized credit datahad two key issues: the propriety of the input information the protection afforded to both consumer

and user in the accuracy and use ofcredit information

Chapter 7-17

The TRW case is notable because

a. the amount of dollars involved was not significant.

b. no one got caught.

c. the fraud was detected by a surprise audit.

d. the real victims were TRW customers.

Question

The TRW Credit Data Case

Chapter 7-18

Methods Used by Criminals

Hackers people who break into the computer files of othersfor fun or personal gain.

Shoulder surfing stealing calling credit numbers at public phones

Password controls limiting computer access to bona fide users

Chapter 7-19

Methods Used by Criminals

Social engineering posing as bona fide employees

Lock-out systems disconnecting telephone users after a set number of unsuccessful login attempts

Dial-back systems disconnecting all login users,

reconnecting legitimate users after checking their passwords

Chapter 7-20

Examples of Computer Crimes.

A graduate student infected a computer network with avirus that eventually disrupted over 10,000 separate systems.

A company accused a computer-equipment vendor of fraudulently representing the capabilities of a computer system, that the full system was never delivered and that the software was inadequate.

In a fit of resentment, a keyboard operator shattered a CRT screen with her high-heeled shoe.

Some employees of a credit bureau sent notices to some individuals listed as bad risks in its files.

Chapter 7-21

Examples of Computer Crimes.

For a fee, the employees would withhold the damaging information, thereby enhancing the credit worthiness ofthe applicants.

A computer dating service was sued because referrals for dates were few and inappropriate. The owner eventually admitted that no computer was used to match dates, even though the use of a computer was advertised.

A programmer changed a dividends-payment program to reduce the dividends of selected stock-holders, and to issue a check to himself for the sum of the reductions—$56,000.

Chapter 7-22

Robert T. Morris and the Internet Virus

Robert T. Morriscreated one of the world’s most famous

computer viruses

became first person to be indicted under the Computer Fraud and Abuse Act of 1986

The case illustrated vulnerability of networks to virus infections.

Chapter 7-23

Computer Viruses

Computer virus is a program that disrupts normal data processing and that can usually replicate itself onto other files, computer systems or networks.

Boot-sector viruses hide in the boot sectors of a disk are accessed there by the operating system every time the system is booted.

Worm viruses replicate themselves until the user runs

out of memory or disk space.

Chapter 7-24

Computer Virus Programs

Trojan Horse programs reside in legitimate copies ofcomputer programs.

Logic Bomb programs remain dormant until the computersystem encounters a specific condition.

A virus may be stored in an applet, which is a small program stored on a WWW server.

Chapter 7-25

A computer program that remains dormant until some specified circumstance or date triggers the program toaction is called a

a. trojan horseb. logic bombc. data diddlingd. cookie

Question

Computer Virus Programs

Chapter 7-26

Thwarting Computer Viruses

Firewalls which limit external access to the computer.

Antivirus software.

Antivirus control procedures.

Chapter 7-27

Thwarting Computer Viruses:

Anti-Virus Software

Anti-virus software includes computer programs that can: scan computer disks for virus-like coding; identify active viruses already lodged

in computer systems; cleanse computer systems

already infected; perform a combination of

these activities.

Chapter 7-28

Drawbacks of Anti-Virus Software Programs

Anti-virus programs provide less-than- complete protection because

new, more powerful viruses are alwaysbeing written that can avoid knowndetection schemes.

anti-virus programs can contain virusroutines.

Chapter 7-29

Anti-Virus Procedural Controls

Buy shrink-wrapped software from reputable sources

Avoid illegal software copying

Do not download suspicious Internet files

Delete email messages from unknownsources before opening them

Maintain complete backup files

Chapter 7-30

Organizational Safeguards Against Computer Viruses

Educate employees about viruses.Encourage employees to follow virusprevention and detection techniques.Establish policies that discourage the free exchange of computer disks or externally acquired computer programs.

Chapter 7-31

Organizational Safeguards Against Computer Viruses

Use computer passwords to thwart unauthorized users from accessing the company’s operating systems and files.Use anti-virus filters on LANs and WANs.Have an approved and tested disaster recovery plan.

Chapter 7-32

Methods for Thwarting Computer

Abuse

Enlist top management support

Increase employee awareness and education

Conduct Security Inventory and protect passwords

Implement controls

Identify computer criminals Look at technical backgrounds,

morals, and gender and age

Chapter 7-33

Thwarting Computer Abuse

Recognize the symptoms of employee fraudAccounting irregularities such as forged, altered or destroyed input documentsInternal control weaknessesBehavioral or lifestyle changes in an employeeUnreasonable anomalies thatgo unchallenged

Employ forensic accountants

Chapter 7-34

Computers and Ethical Behavior

Ethics a set of moral principles or values governing an organization as well as individuals

Ethical behavior making choices and judgments that are morally

proper and then acting accordingly.

Chapter 7-35

Ethical Issues

Honesty

Protecting Computer Systems

Protecting Confidential Information

Social Responsibility

Rights of Privacy

Acceptable Use of ComputerHardware and Software.

Chapter 7-36

Encouraging Ethical Behavior

Inform employees that ethics are important.

Formally expose employees to relevant cases that teach how to act in specific situations.

Teach by example, that is, by managers acting responsibly.

Chapter 7-37

Encouraging Ethical Behavior

Use job promotions and other benefits toreward those employees who act responsibly.

Encourage employees to join professional organizations with codes of conduct such as Codes of Conduct and Good Practice for Certified Computer Professional.

Chapter 7-38

Computers and Privacy Issues

Company policies with respect to privacy issues Privacy policy should include

o who owns the computer

o for what purposes can the computer be used

o what uses are authorized or prohibited

o disposal of computers

Chapter 7-39

Methods Used to Obtain Your Personal Data

Shoulder surfing

Dumpster diving

Applications for “preapproved” credit cards

Key logging software

Spam and other e-mails

Chapter 7-40

Copyright

Copyright 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without theexpress written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchasermay make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

Chapter 7-41

Chapter 7