1 / 23

ACCT341, Chapter 11 Computer Crime, Ethics, and Privacy

Introduction Computer Crime, Abuse, and Fraud Examples of Computer Crimes Mitigating Computer Crime and Fraud Ethical Issues, Privacy, and Identity Theft. ACCT341, Chapter 11 Computer Crime, Ethics, and Privacy. involvement of the computer in a criminal act directly, or indirectly.

byron
Télécharger la présentation

ACCT341, Chapter 11 Computer Crime, Ethics, and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction • Computer Crime, Abuse, and Fraud • Examples of Computer Crimes • Mitigating Computer Crime and Fraud • Ethical Issues, Privacy, and Identity Theft ACCT341, Chapter 11Computer Crime, Ethics, and Privacy

  2. involvement of the computer in a criminal act • directly, or indirectly. • definition important • it affects how statistics are accumulated • It said “ hit any key to continue, so I did, just with a hammer.” • Is smashing a computer with a sledge hammer considered computer crime? • only a small proportion of computer crime gets detected Computer Crime

  3. Computer crime involves the manipulation of a computer or computer data • to dishonestly obtain money, acquire property, or get some other advantage of value, or to cause a loss. • Computer abuse is when someone’s computer is used or accessed in a mischievous manner with a motive of revenge or challenge • is punishable in extreme cases • Should Adrian Lamo have been arrested? Case 11.1, p.343 Computer Crime & Abuse - the Difference

  4. A computer dating service was sued because referrals for dates were few and inappropriate. The owner eventually admitted that no computer was used to match dates, even though the use of a computer was advertised. • Case 11.2, p.344: Donald Burleson, a disgruntled programmer, created a logic bomb that erased 168k of data records and held up paychecks for a month. Would have been more serious if not discovered early. [Logic bombs are programs that remain dormant until a circumstance or date triggers the fuse.] Examples of Computer Crimes.

  5. Common Types of Computer Crime and Abuse

  6. The Computer Fraud and Abuse Act (CFAA) of 1986 which was amended in 1994 and 1996 • Defines computer fraud as an illegal act for which computer technology is essential for its perpetration, investigation, or prosecution. • Defines 7 fraudulent acts; the first three are described as misappropriation of assets and the last four as “other” crimes Federal Legislation

  7. Unauthorized theft, use, access, modification, copying, or destruction of software or data. King Soopers p. 345 • Theft of money by altering computer records or the theft of computer time. Salami technique, P#14 (salami is made from many small pieces of meat, salt, beef, garlic). • Intent to illegally obtain information or tangible property through the use of computers. Send office supplies invoices, Case 11.7, p. 357. CFAA Fraudulent Acts

  8. Use or the conspiracy to use computer resources to commit a felony. Sjiem-Fat created bogus cashier checks to buy cptr equip. for resale in Caribbean, p. 345-6 • Theft, vandalism, destruction of computer hardware. Disgruntled taxpayer shoots IRS cptrs, p. 346 • Trafficking in passwords or other login information for accessing a computer. • Extortion that uses a computer system as a target. Disgruntled employee steals data for ransom, p. 34679 CFAA Fraudulent Acts

  9. Fair Credit Reporting Act of 1970 • Freedom of Information Act of 1970 • Federal Privacy Act of 1974 • Small Business Computer Security and Education Act of 1984 • Computer Fraud and Abuse Act of 1986 Federal Legislation Affecting the Use of Computers

  10. Computer Fraud and Abuse Act(1996 amendment) • Computer Security Act of 1987 • USA Patriot Act of 2001 • Cyber Security Enhancement Act of 2002 • CAN-SPAM Act of 2003 Federal Legislation Affecting the Use of Computers (cont.)

  11. Data not available because • private companies handle abuse internally to prevent embarrassment • surveys of computer abuse areoften ambiguous • most computer abuse is probably not discovered (FBI estimates only 1% detected) The Lack ofComputer-Crime Statistics

  12. Computer crime is growing because of • Exponential growth in computer resources • Internet gives step-by-step instructionson how to perpetrate computer crime • Continuing lax security (in one test, only 3 out of 2200 websites knew theywere being targeted -seeCase 11.3. p.347) The Growth of Computer Crime

  13. Computer crime and abuse important toaccountantsbecause AISs • help control an organization’s financial resources • are favored targets of disgruntled employees seeking financial gain or revenge • because they are responsible for designing, implementing, and monitoring the control procedures for AISs. • because firms suffer millions of dollars incomputer-related losses • due to viruses, • unauthorized access, and • denial of service attacks • Avg cost to target co. of computer abuse per incident is $500k Importance for Accountants

  14. Compromising Valuable Information: The TRW Credit Data Case: Selling credit scores, data diddling • Computer Hacking: Kevin Mitnick and social engineering Reasons to hack: financial gain, revenge, challenge, curiosity, pranks, industrial espionageMax. penalty is 5 years prison + $250k fine. • Denial of service: The 2003 Internet Crash • A very speedy computer worm, the Slammer worm (cost > $1b and we don’t know who did it) • Note: unlike a virus, a worm doesn’t destroy data, just reproduces until system is overloaded Computer Crime Cases

  15. Robert T. Morris • created one of the world’s most famous computer viruses • became first person to be indicted under the Computer Fraud and Abuse Act of 1986 The case illustrated vulnerability of networks to virus infections. Robert T. Morris and the Internet Virus

  16. Computer VIRUS is a program • that disrupts normal data processing and • that can usually replicates itself onto other files, computer systems or networks. WORM - In contrast to most viruses, a worm doesn’t destroy data but it replicate itself until the user runs out of memory or disk space. Computer Viruses

  17. Trojan Horse programs • reside in legitimate computer programs. Logic Bomb programs • remain dormant until the computer system encounters a specific condition. A virus may be stored in an applet, which is a small program stored on a WWW server. Computer Virus Programs

  18. Enlist top management support • Increase employee awareness and education and have a hotline • Conduct security inventory • Protect passwords • Social engineering, phishing, smishing • posing as bona fide when actually fake • Prevented by: • Lock-out systems • Disconnecting users after a set number of unsuccessful login attempts • Dial-back systems • disconnecting all login users, • reconnecting legitimate users after checking their passwords Methods for Thwarting Computer Abuse

  19. Implement controls • Identify computer criminals • Look at technical backgrounds, morals, gender and age • Physical security-- secure location-- backup-- proper disposal (>1/3 of used hard drives for sale containedpersonal info – see Case 11.9) Occupation of Ctpr Abusers Methods for Thwarting Computer Abuse

  20. Recognize symptoms of employeefraud • Five symptoms of employee fraud (Case 11.10, p. 360) • Accounting irregularities such as forged, altered or destroyed input documents • Internal control weaknesses • Unreasonable anomalies that go unchallenged • Lifestyle changes in an employee • Behavioral changes in an employee Methods for Thwarting Computer Abuse

  21. Employ forensic accountants • Special training (>27k CFEs) • Special sleuthing tools • One of fastest growing professions Methods for Thwarting Computer Abuse

  22. Shoulder surfing • Dumpster diving for documents & old cptr hard drives • Scanning credit card at restaurant • Fake apps for “preapproved” credit cards • Key logging software • Spam and other e-mails • Phishing & smishing Methods Used to Obtain Your Personal Data – ID Theft

  23. Have a privacy policy for your website • Have an audit done by professionals who provide a privacy seal • Truste • BBB Online • Webtrust • Dispose of old computers with care • Have laptops password protected • Use encrypted USB drives only Privacy Issues

More Related