A computer crime is a deliberate theft or criminal destruction of computerized data.
The following measures can be taken to detect and prevent computer crimes, and also seal security loopholes.
Audit trails
This is a careful study of an information system by experts in order to establish (or, find out) all the weaknesses in the system that could lead to security threats or act as weak access points for criminals.
Data encryption
Data being transmitted over a network faces the dangers of being tapped, listened to, or copied to unauthorized destinations.
To protect such data, it is mixed up into a form that only the sender and the receiver can be able to understand by reconstructing the original message from the mix. This is called Data encryption.
The message to be encrypted is called the Plain text document.
Firewalls
A Firewall is a device or software system that filters the data and information exchanged between different networks by enforcing the access control policy of the host network.
A firewall monitors and controls access to or from protected networks.
The use of computer hardware, software, or data for illegal activities, e.g., stealing, forgery, defrauding, etc.
Committing of illegal acts using a computer or against a computer system.
Types of computer crimes
Types of computer crimes
1) Trespass
Trespass refers to the illegal physical entry to restricted places where computer hardware, software and backed up data is kept.
It can also refer to the act of accessing information illegally on a local or remote computer over a network.
Trespass is not allowed and should be discouraged.
2) Hacking
Hacking is an attempt to invade the privacy of a system, either by tapping messages being transmitted along a public telephone line, or through breaking security codes and passwords to gain unauthorized entry to the system data and information files in a computer.
Reasons for hacking;
1) To copy or corrupt the information.
2) As a hobby to test their expertise. Some people like the challenge and they feel great after successful hacking.
3) Some do it for computer and software producing companies that want to secure their systems by reducing weaknesses discovered after professional hacking.
Hacking is done by skilled programmers referred to as Hackers.
Trespass refers to the illegal physical entry to restricted places where computer hardware, software and backed up data is kept.
It can also refer to the act of accessing information illegally on a local or remote computer over a network.
Trespass is not allowed and should be discouraged.
2) Hacking
Hacking is an attempt to invade the privacy of a system, either by tapping messages being transmitted along a public telephone line, or through breaking security codes and passwords to gain unauthorized entry to the system data and information files in a computer.
Reasons for hacking;
1) To copy or corrupt the information.
2) As a hobby to test their expertise. Some people like the challenge and they feel great after successful hacking.
3) Some do it for computer and software producing companies that want to secure their systems by reducing weaknesses discovered after professional hacking.
Hacking is done by skilled programmers referred to as Hackers.
A hacker is a person who gains unauthorised access to a computer network for profit, criminal mischief, or personal gain.
Such people are able to break through passwords or find weak access points in software.
They are also involved in propagating computer viruses.
3) Tapping
Tapping involves listening to a transmission line to gain a copy of the message being transmitted.
Tapping may take place through the following ways;
a) A person may send an intelligent program to a host computer that sends him/her information from the computer.
b) Spying on a networked computer using special programs that are able to intercept messages being sent & received by the unsuspecting computer.
4) Cracking
Cracking is the use of guesswork by a person trying to look for a weakness in the security codes of a software in order to get access to data and information.
These weak access points can only be sealed using sealed using special corrective programs called Patches, which are prepared by the manufacturing company.
A program patch is a software update that when incorporated in the current software makes it better.
NB: Cracking is usually done by people who have some idea of passwords or user names of the authorized staff.
5) Piracy
Software, information and data are protected by copyright laws.
3) Tapping
Tapping involves listening to a transmission line to gain a copy of the message being transmitted.
Tapping may take place through the following ways;
a) A person may send an intelligent program to a host computer that sends him/her information from the computer.
b) Spying on a networked computer using special programs that are able to intercept messages being sent & received by the unsuspecting computer.
4) Cracking
Cracking is the use of guesswork by a person trying to look for a weakness in the security codes of a software in order to get access to data and information.
These weak access points can only be sealed using sealed using special corrective programs called Patches, which are prepared by the manufacturing company.
A program patch is a software update that when incorporated in the current software makes it better.
NB: Cracking is usually done by people who have some idea of passwords or user names of the authorized staff.
5) Piracy
Software, information and data are protected by copyright laws.
Piracy means making illegal copies of copyrighted software, data, or information either for personal use or for re-sale.
Ways of reducing piracy;
i) Enact & enforce copyright laws that protect the owners of data & information against piracy.
ii) Make software cheap enough to increase affordability.
iii) Use licenses and certificates of authenticity to identify originals.
iv) Set installation passwords that prevent illegal installation of software.
6) Fraud
Fraud is the use of computers to conceal information or cheat other people with the intention of gaming money or information.
Fraud may take the following forms;
a). Input manipulation
Data input clerks can manipulate input transactions, e.g., they can create dummy (ghost) employees on the Salary file or a ghost supplier on the Purchases file.
b). Production & use of fake documents
E.g., a person created an intelligent program in the Tax department that could credit his account with cents from all the tax payers. He ended up becoming very rich before he was discovered.
Fraudsters can either be employees in the company or outsiders who are smart enough to defraud unsuspecting people.
Reasons that may lead to computer fraud;
1) For economic gain (i.e., to gain money or information).
2) To gain respect (self-worth)
Security measures to prevent fraud;
i) Careful recruitment of staff.
ii) Set up a clear and firm management policy on crimes and frauds.
Ways of reducing piracy;
i) Enact & enforce copyright laws that protect the owners of data & information against piracy.
ii) Make software cheap enough to increase affordability.
iii) Use licenses and certificates of authenticity to identify originals.
iv) Set installation passwords that prevent illegal installation of software.
6) Fraud
Fraud is the use of computers to conceal information or cheat other people with the intention of gaming money or information.
Fraud may take the following forms;
a). Input manipulation
Data input clerks can manipulate input transactions, e.g., they can create dummy (ghost) employees on the Salary file or a ghost supplier on the Purchases file.
b). Production & use of fake documents
E.g., a person created an intelligent program in the Tax department that could credit his account with cents from all the tax payers. He ended up becoming very rich before he was discovered.
Fraudsters can either be employees in the company or outsiders who are smart enough to defraud unsuspecting people.
Reasons that may lead to computer fraud;
1) For economic gain (i.e., to gain money or information).
2) To gain respect (self-worth)
Security measures to prevent fraud;
i) Careful recruitment of staff.
ii) Set up a clear and firm management policy on crimes and frauds.
iii) Restrict access to computer or terminal.
iv) Use transaction and fill logs to monitor access to sensitive areas of the system.
v) Monitor and investigate error logs and reports on regular basis.
vi) Carry out risk analysis to examine the exposure of the organization to possible fraud.
7) Sabotage
Sabotage is the illegal or malicious destruction of the system, data or information by employees or other people with an aim of crippling service delivery or causing great loss to an organization.
Sabotage is usually carried out by discontented employees or those sent by competitors to cause harm to the organization.
The following are some acts of saboteurs which can result in great damage to the computers;
1) Using Magnets to mix up (mess up) codes on tapes.
2) Planting of bombs.
3) Cutting of communication lines.
8) Alteration
Alteration is the illegal changing of stored data and information without permission with the aim of gaining or misinforming the authorized users.
Alteration is usually done by those people who wish to hide the truth. It makes the data irrelevant and unreliable.
Alteration may take place through the following ways;
a). Program alteration
This is done by people with excellent programming skills. They do this out of malice or they may liaise with others for selfish gains.
b). Alteration of data in a database.
This is normally done by authorized database users, e.g., one can adjust prices on Invoices, increase prices on selling products, etc, and then pocket the surplus amounts.
Security measures to prevent alteration
i) Do not give data editing capabilities to anybody without vetting.
ii) The person altering the data may be forced to sign in order for the system to accept altering the information.
9) Theft of computer time
Employees may use the computers of an organization to do their own work, e.g., they may produce publications for selling using the computers of the company.
10) Theft of data (i.e., commercial espionage).
Employees steal sensitive information or copy packages and sell them to outsiders or competitors for profit.
This may lead to a leakage of important information, e.g., information on marketing strategies used by the organization, research information, or medical reports.
Detection and Protection Against Computer Crimes iv) Use transaction and fill logs to monitor access to sensitive areas of the system.
v) Monitor and investigate error logs and reports on regular basis.
vi) Carry out risk analysis to examine the exposure of the organization to possible fraud.
7) Sabotage
Sabotage is the illegal or malicious destruction of the system, data or information by employees or other people with an aim of crippling service delivery or causing great loss to an organization.
Sabotage is usually carried out by discontented employees or those sent by competitors to cause harm to the organization.
The following are some acts of saboteurs which can result in great damage to the computers;
1) Using Magnets to mix up (mess up) codes on tapes.
2) Planting of bombs.
3) Cutting of communication lines.
8) Alteration
Alteration is the illegal changing of stored data and information without permission with the aim of gaining or misinforming the authorized users.
Alteration is usually done by those people who wish to hide the truth. It makes the data irrelevant and unreliable.
Alteration may take place through the following ways;
a). Program alteration
This is done by people with excellent programming skills. They do this out of malice or they may liaise with others for selfish gains.
b). Alteration of data in a database.
This is normally done by authorized database users, e.g., one can adjust prices on Invoices, increase prices on selling products, etc, and then pocket the surplus amounts.
Security measures to prevent alteration
i) Do not give data editing capabilities to anybody without vetting.
ii) The person altering the data may be forced to sign in order for the system to accept altering the information.
9) Theft of computer time
Employees may use the computers of an organization to do their own work, e.g., they may produce publications for selling using the computers of the company.
10) Theft of data (i.e., commercial espionage).
Employees steal sensitive information or copy packages and sell them to outsiders or competitors for profit.
This may lead to a leakage of important information, e.g., information on marketing strategies used by the organization, research information, or medical reports.
The following measures can be taken to detect and prevent computer crimes, and also seal security loopholes.
Audit trails
This is a careful study of an information system by experts in order to establish (or, find out) all the weaknesses in the system that could lead to security threats or act as weak access points for criminals.
Data encryption
Data being transmitted over a network faces the dangers of being tapped, listened to, or copied to unauthorized destinations.
To protect such data, it is mixed up into a form that only the sender and the receiver can be able to understand by reconstructing the original message from the mix. This is called Data encryption.
The message to be encrypted is called the Plain text document.
After encryption using a particular order (or, algorithm) called encryption key, it is sent as Cypher text on the network.
After the recipient receives the message, he/she decrypts it using a reverse algorithm to the one used during encryption called decryption key to get the original plain text document.
This means that, without the decryption key, it is not possible to reconstruct the original message.
Log files
These are special system files that keep a record (log) of events on the use of the computers and resources of the information system.
Each user is usually assigned a username & password or account.
This means that, without the decryption key, it is not possible to reconstruct the original message.
Log files
These are special system files that keep a record (log) of events on the use of the computers and resources of the information system.
Each user is usually assigned a username & password or account.
The information system administrator can therefore easily track who accessed the system, when and what they did on the system.
This information can help monitor and track people who are likely to violate system security policies.
Firewalls
A Firewall is a device or software system that filters the data and information exchanged between different networks by enforcing the access control policy of the host network.
A firewall monitors and controls access to or from protected networks.
People (remote users) who do not have permission cannot access the network, and those within cannot access sites outside the network restricted by firewalls.
Laws Governing Protection of Information
Laws have been developed that govern the handling of data and information in order to ensure that there is 'right of privacy' for all people.
The following rules must be observed in order to keep within the law when working with data and information.
1. Data and information should be kept secure against loss or exposure.
2. Data and information should not be kept longer than necessary.
3. Data and information should be accurate and up-to-date.
4. Data and information should be collected, used and kept for specified lawful purposes (i.e., it should not be used for unlawful gain).
5. The owner of the data has a right to know what data is held by the person or organization having it.
6. Data should not be transferred to other countries without the owner's permission.
7. Do not collect irrelevant and overly too much information for a purpose.
Laws Governing Protection of Information
Laws have been developed that govern the handling of data and information in order to ensure that there is 'right of privacy' for all people.
The following rules must be observed in order to keep within the law when working with data and information.
1. Data and information should be kept secure against loss or exposure.
2. Data and information should not be kept longer than necessary.
3. Data and information should be accurate and up-to-date.
4. Data and information should be collected, used and kept for specified lawful purposes (i.e., it should not be used for unlawful gain).
5. The owner of the data has a right to know what data is held by the person or organization having it.
6. Data should not be transferred to other countries without the owner's permission.
7. Do not collect irrelevant and overly too much information for a purpose.
