Chapter 11: Computer Crime, Fraud,

Ethics, and Privacy

Introduction

Computer Crime, Abuse, and Fraud

Three Examples of Computer Crimes

Preventing Computer Crime and Fraud

Ethical Issues, Privacy, and Identity Theft

Chapter
11-1
 Computer Crime,
Abuse, and Fraud

High level of public interest

Data on incidents is limited

Sources of information
Computer Security Institute (CSI) annual survey
KPMG surveys
Association of Certified Fraud Examiners
(ACFE) survey
Chapter
11-2
 Computer Crime,
Abuse, and Fraud

Computer Crime
Manipulation of a computer or computer data
Dishonestly obtain money, acquire property, or
something of value, or cause a loss

Computer Abuse
Unauthorized use of, or access to, a computer
Against the wishes of the owner

Chapter
11-3
Computer Crime Examples

Chapter
11-4
 Computer Crime,
Abuse, and Fraud

Fraudulent Financial Reporting

Intentional falsification of accounting records
Intend to mislead analysts, creditors, investors

Misappropriation of Assets
Misuse of company assets
Committed by employees within an organization

Chapter
11-5
Asset Misappropriation
Examples

Chapter
11-6
 Federal Legislation of
Computer Crimes

Computer Fraud and Abuse Act of 1986

(CFAA)
Amended in 1994 and 1996

Computer Fraud Definition

An illegal act
Computer technology essential for perpetration,
investigation, or prosecution

Chapter
11-7
 CFAA Fraudulent Acts

Unauthorized theft, use, access, modification,

copying, or destruction of software or data

Theft of money by altering computer records or

the theft of computer time

Intent to illegally obtain information or tangible

property through the use of computers

Chapter
11-8
 CFAA Fraudulent Acts

Use, or the conspiracy to use, computer

resources to commit a felony
Theft, vandalism, destruction of computer
hardware
Trafficking in passwords or other login
information for accessing a computer
Extortion that uses a computer system as a
target
Chapter
11-9
Federal Legislation Affecting
the Use of Computers

Chapter
11-10
Federal Legislation Affecting
the Use of Computers

Chapter
11-11
 State Legislation

Every state has a computer crime law

State law provisions

Define computer terms
Define some acts as misdemeanors
Declare other acts as felonies

Chapter
11-12
 Study Break #1

Which of the following pieces of computer legislation is

probably the most important?

A. Cyber Security Enhancement Act of 2002

B. Computer Security Act of 1987
C. The Computer Fraud and Abuse Act of 1986
D. Federal Privacy Act of 1974

Chapter
11-13
 Study Break #1 - Answer

Which of the following pieces of computer legislation is

probably the most important?

A. Cyber Security Enhancement Act of 2002

B. Computer Security Act of 1987
C. The Computer Fraud and Abuse Act of 1986
D. Federal Privacy Act of 1974

Chapter
11-14
 Study Break #2

Which legislation might help discourage computer hacking?

A. Federal Privacy Act of 1974

B. Computer Fraud and Abuse Act of 1986
C. USA Patriot act of 2001
D. CAN-SPAM Act of 2003

Chapter
11-15
 Study Break #2 - Answer

Which legislation might help discourage computer hacking?

A. Federal Privacy Act of 1974

B. Computer Fraud and Abuse Act of 1986
C. USA Patriot act of 2001
D. CAN-SPAM Act of 2003

Chapter
11-16
 Computer-Crime Statistics

Limited availability of data

Private companies handle abuse internally
Most computer abuse is probably not discovered

Growth of computer crime

Exponential growth in use of computer resources
Continuing lax security
Availability of information about how to
perpetrate computer crimes
Chapter
11-17
 Importance of Computer
Crime and Abuse to AISs

Impact on AISs
Favored target due to control of financial resources
Prized target for disgruntled employees
Responsible for designing, selecting, and implementing
controls that protect AISs
Reliance on auditors to verify financial statement

Additional Items
Ability to mislead public if information is incomplete or
inaccurate
Difficulty in detecting fraudulent activities
Large amount of losses Chapter
11-18
Compromising Valuable Information:
The TRW Credit Data Case

Summary
Credit rating company
Altered company credit ratings for a fee
Clients relied on inaccurate information

Analysis
Data diddling proprietary data
Fair Credit Reporting Act protection of
consumer
Chapter
11-19
 Wire Fraud and Computer Hacking:
Edwin Pena and Robert Moore

Summary
Voice over Internet Protocol (VoIP)
Hacked into other providers network
Billed those companies

Analysis
Growth of hacking
Importance of education and prevention
Utilize ethical hackers for instrusion testing
Chapter
11-20
 Denial of Service:
The 2003 Internet Crash

Summary
Slammer worm
Identified weakness in Microsoft SQL Server
2000 software

Analysis
Denial of Service (DOS) attacks
Computer Viruses
Computer Worms and Worm Programs
Boot-sector Viruses and Trojan Horse Programs Chapter
11-21
 Protecting Systems

Preventing Viruses
Firewalls
Antivirus software
Antivirus control procedures

Organizational Control Procedures

Discourage free exchange of computer disks or external
programs
Require strong passwords to limit unauthorized access
Use antivirus filters

Chapter
11-22
Common Types of Computer
Crime and Abuse

Chapter
11-23
 Preventing Computer Crime
and Fraud

Enlist Top-Management Support

Increase Employee Awareness and Education

Assess Security Policies and Protect Passwords

Strong passwords
Social engineering
Lock-out systems
Dialback systems

Chapter
11-24
10 Simple Steps to Safer PCs

Chapter
11-25
10 Simple Steps to Safer PCs

Chapter
11-26
 Preventing Computer Crime
and Fraud

Implement Controls
Identify Computer Criminals
Nontechnical Backgrounds
Noncriminal Backgrounds
Education, Gender, and Age

Dont Forget Physical Security

Employ Forensic Accountants
Chapter
11-27
Occupations of Computer
Abuse Offenders

Chapter
11-28
Fraud Losses and Education
Level of Perpetrator

Chapter
11-29
 Recognizing Symptoms of
Employee Fraud

Accounting Irregularities

Internal Control Weaknesses

Unreasonable Anomalies

Lifestyle Changes

Behavioral Changes
Chapter
11-30
 Study Break #3

Which of these is not helpful in attempting to thwart

computer crime and abuse?

A. Enlist the support of top management

B. Keep employees in the dark so that they cannot perpetrate
them
C. Use strong passwords
D. Design and test disaster recovery programs

Chapter
11-31
 Study Break #3 - Answer

Which of these is not helpful in attempting to thwart

computer crime and abuse?

A. Enlist the support of top management

B. Keep employees in the dark so that they cannot perpetrate
them
C. Use strong passwords
D. Design and test disaster recovery programs

Chapter
11-32
 Study Break #4

Most computer criminals:

A. Have nontechnical backgrounds

B. Have noncriminal backgrounds
C. Have little college education
D. Are young and bright
E. Have probably not been caught, so we dont know much
about them

Chapter
11-33
 Study Break #4 - Answer

Most computer criminals:

A. Have nontechnical backgrounds

B. Have noncriminal backgrounds
C. Have little college education
D. Are young and bright
E. Have probably not been caught, so we dont know much
about them

Chapter
11-34
 Ethical Issues, Privacy, and
Identity Theft

Ethics
A set of moral principles or values
Governs organizations and individuals

Ethical behavior
Making choices and judgments that are morally
proper
Acting accordingly

Chapter
11-35
 Ethical Issues, Privacy, and
Identity Theft

Ethical Issues and Professional Associations

Codes of Ethics/Professional Conduct
Certification programs and Ethics committees

Meeting the Ethical Challenges

Inform employees of importance of ethics
Ethics training
Lead by example
Utilize reward system
Chapter
11-36
Ethical Issues in Computer
Usage

Chapter
11-37
 Ethical Issues, Privacy, and
Identity Theft

Company Policies with Respect to Privacy

Who owns the computer and data stored on it?
What purposes the computer may be used?
What uses are authorized or prohibited?

Identity Theft
Dumpster diving
Phishing
Smishing
Chapter
11-38
Identity Theft Methods

Chapter
11-39
 Study Break #5

Smishing is a form of:

A. Dial-back system
B. Local area network
C. Computer worm
D. Identity theft

Chapter
11-40
 Study Break #5 - Answer

Smishing is a form of:

A. Dial-back system
B. Local area network
C. Computer worm
D. Identity theft

Chapter
11-41
 Copyright

Copyright 2012 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser
may make backup copies for his/her own use only and not for distribution
or resale. The Publisher assumes no responsibility for errors, omissions,
or damages, caused by the use of these programs or from the use of the
information contained herein.

Chapter
11-42
Chapter 11

Chapter
11-43