Computer Fraud Essay Example

information network. This includes gaining access to sensitive security defense data and personal information held by government departments. However, it is crucial for individuals to use this accessible information responsibly. With an increasing number of computer users, each person will have multiple computers connected through a network. In the future, computers will be integrated into various devices such as home appliances, phones, televisions, offices, and cars. These interconnected computers will share information in order to optimize resource usage and enhance daily convenience but may also heighten the risk of computer fraud. Within this context, we will delve into a comprehensive definition of computer fraud along with its causes and various types of attacks. Additionally, we will explore preventive measures that extend beyond legal regulations alone. Lastly, we will analyze the significance and effectiveness of legal regulations in combating computer fraud.

Computer fraud is the unauthorized acquisition or theft of information carried out without consent or knowledge. This can happen in different ways, such as employees misusing their computers to embezzle money or data from their own company, or individuals deceiving others to gain access to personal resources. The specific type and method of computer fraud may vary depending on the motives of the perpetrator. Typically, financial gain is a primary motive for computer fraud, which involves stealing valuable information from large organizations or directly appropriating funds from them. However, some individuals are motivated by non-monetary reasons, like damaging the reputation of a specific organization. Additionally, there are hackers who engage in computer fraud or crime simply for the thrill it provides.

The various types of computer fraud can be categorized into the following: Internet auction/Bid sales fraud,

Retail sales fraud, Investment schemes fraud, Identity theft, Phishing, Credit card fraud, Information hacking, Email hoax, Virus/Worm attack, Letter scam, and Adware. These types of fraud occur due to technological advancements and are prevalent worldwide. In addition to legal regulation, there are basic precautions that can be taken to prevent computer fraud. It is important to remain vigilant of internet scams in order to protect the system and its stored information. Users should avoid publishing personal details on websites or forums, and organizations should refrain from disclosing excessive business information online.

Organizations and firms must follow security policies and procedures. Individuals, whether working remotely or within an organization, should confirm the existence of valid signatures prior to transmitting any personal information online. It is crucial to comprehend the functioning of internet auction/bid sales, including questioning the seller's motivations. Moreover, individuals should inquire about the measures that will be implemented by the online seller if any problems occur during the transaction and shipment.

When buying from a seller, it is important to gather more information about them. If you only have their business email, make sure to check the Better Business Bureau in their area. Also, look at the feedback from previous sales by this seller. If they have a good track record and positive feedback, there is no need to worry about the purchase. It is also crucial to know the seller's preferred payment method during the transaction process. Remember that auction rules may vary between countries like the U.K., U.S., and China. So if there is an issue with an auction involving a seller in one country and a buyer in another, it could lead to

a bad outcome where you end up with nothing.

When buying a product, it is important to ask the seller about the expected delivery time and details of the warranty or exchange policy. Additionally, find out if the auction price includes shipping and delivery costs or if they are separate. It is advised not to give your social security or driver's license number to the seller unless necessary. When it comes to credit card fraud, only provide your credit card information online when you are on a secure and trustworthy website. Keep in mind that seeing a small padlock icon does not guarantee complete security but can offer some reassurance.

Before using a website, it is crucial to verify the security software being used. Additionally, it is important to purchase products from a reputable and authorized source. It is advised to conduct thorough research on individuals and companies before making any transactions. Furthermore, obtaining a physical address rather than relying solely on a post office box is recommended. Lastly, validate the seller's phone number by contacting them.

To ensure the seller's email address is active, it is advisable to reach out via email. Caution should be exercised when dealing with sellers who utilize free email services and do not require credit card information during account creation. It is recommended to abstain from purchasing from sellers who decline to provide this information. Furthermore, checking the Better Business Bureau for any grievances against the seller is suggested. Additionally, examining other websites can provide further knowledge about the individual or company in question. Finally, it is essential to respond cautiously to special offers.

When collaborating with individuals or companies from other countries,

it is important to exercise caution. When making online purchases, it is recommended to use a credit card as it enables charge disputes if needed. Make sure the transaction is secure when sharing your credit card details. Keep a record of all your credit cards and account information, including the contact information of the issuer. If anything appears suspicious or if you misplace your credit card, promptly contact the issuer.

Exercise caution when investing and do not solely rely on appearances. Just because a visually appealing website does not guarantee legitimacy, as such sites can be quickly created. If a website collects funds and then disappears, there is a risk of losing your investment. Therefore, only invest if you are completely confident in its credibility.

It is important to thoroughly investigate individuals or companies to ensure their legitimacy. Checking out other websites related to the person or company can provide further information. When responding to special investment offers, caution should be exercised by inquiring about all terms and conditions regarding the investors and the investment.

The legal regulation of computer fraud is crucial. After discussing concepts and causes of computer fraud, we will now focus on legal regulation issues that address how these regulations help prevent or reduce the rising rate of computer fraud in today's technologically advancing world. Often, law reform involves modifying existing laws rather than introducing completely new legislation, which can make it challenging to find a comprehensive source for an entire area of law.

In 1990, the Computer Misuse Act was enacted as the primary UK legislation targeting computer system misuse. It covers acts such as hacking and intentional virus spreading. The act aims to

prevent unauthorized access or modification of computer systems, thwart criminal elements from using computers for criminal activities, and hinder interference with data stored in computers.

The All-Party Internet Group (APIG) conducted a review of the CMA in 2004, as this legislation was created before the Internet existed and needed to be updated [5]. The Act was criticized for its emphasis on individual computers rather than computer networks, and some of the definitions used in the 1990 Act were deemed outdated. The final report presented various recommendations to the government for amending the CMA.

In March 2005, APIG requested changes to the Computer Misuse Act (CMA) in response to the threat of denial of service attacks. The CMA, passed in 1990, was established to address issues like hacking and other computer system threats. Initially, these types of offenses were not viewed as serious by the law, with many perceiving them as mischievous acts rather than causing significant harm to organizations. However, as technology advanced, the severity of the issue increased, leading to the introduction of legislation that recognized three main offenses. These offenses include unauthorized access to computer material, such as accessing a computer system using someone's password without permission to view information. Another offense involves unauthorized access with the intent to commit further offenses. The addition of intent is crucial in this offense.

Computer fraud involves actions such as guessing or stealing passwords to access material or services without permission, and modifying computer material without authorization. This may include deleting files, altering the desktop setup, or intentionally introducing viruses to disrupt computer operations. The effectiveness of legal regulation in addressing computer fraud became apparent with the implementation of

the Computer Misuse Act. This law punishes all those who unlawfully use computer systems. An example of a consequence for "Unauthorized Access to system" is provided below.

Incident – Unauthorized Access to Communications Systems Provision – Computer Misuse Act Section 1 Description – Cause a computer to perform any function with the intention of securing access to any program or data held in a computer, if this access is unauthorized and if this is known at the time of causing the computer to perform the function.
Sanction – A fine and/or a term of imprisonment not exceeding 6 months was sentenced for the illegal user.
Total number of words in the Task1 report: – 2500
Signed [ ] Task 2 (2)Do legal developments in law relating to Software copyright and Patents help or harm the cause of information system security Information system security acts as the protection of information system against unauthorized access or modification of existing information whether in storage, processing or transit stage. The information system ensures to safeguard all the stored information. Information security covers not just information but the entire infrastructures that facilitate access and use of information. The primary concern to organizations is the security of valuable information which can be anything from a formula to a customer list or organizations valuable information to financial statements.

Three widely accepted elements of information system security are confidentiality, integrity, and availability. Confidentiality ensures that only authorized users can access information. Integrity is about safeguarding the accuracy and completeness of information. Availability ensures that authorized users have secure access to information whenever they need it.

In the early 1970s, there was a debate surrounding whether software required copyright protection.

However, it was later determined that all developed software should be copyrighted and, if necessary, patented under the UK Copyright, Design and Patents Act of 1988. The UK law for copyright and patent protection aids organizations in preventing the misuse of their developed software and concepts.

Some organizations attempt to replicate code from established software owned by other organizations for use in their own software products. However, prominent software organizations like 'Microsoft' have started copyrighting their code to safeguard their intellectual property, preventing other organizations from utilizing it for the development of other applications. This practice has helped numerous organizations in creating distinct software products.

Maintaining information security is not only recommended but also a legal obligation. Since 1999, all organizations in the UK and most parts of the world are legally required to uphold a minimum level of security. Failure to meet these requirements may result in enforcement action by the UK Government through the Information Commissioner's Office. The types of enforcement action can vary as there are no limitations on the powers possessed by the Information Commissioner.

Organizations can enhance their security by implementing the voluntary standard BS7799a??[2], which ensures that sensitive information is handled professionally and securely. This involves classifying the sensitivity of information and providing appropriate access controls. Additionally, legal developments in laws pertaining to software copyright and patents have had a positive impact on information system security. In the past, hackers faced few consequences for breaching systems and obtaining valuable information or software. However, with the introduction of legal laws, these actions are now considered criminal offenses that can result in imprisonment. Overall, the development of legal laws regarding software copyright and patents

has significantly contributed to creating a secure environment for information storage and processing.The Task2 report states that the total number of words is 500. The report also discusses Task 3, which evaluates the proposition that Data protection laws impose unnecessary burdens on legitimate public and commercial data collection. The initial Data Protection Act was established in 1984 but was later replaced by the new Data Protection Act of 1998 (DPA 1998). This new act implemented the EU Data protection Directive 95/46.

The Data Protection Act (DPA) of 1998 is concerned with safeguarding personal information such as names, email addresses, financial details, personal documents, and photographs. As personal information is typically intertwined with other organizational information, experts agree that the security standards mandated by the DPA are essential for protecting the IT systems of organizations as a whole. Many organizations prioritize information security to such an extent that they implement security measures that surpass the legal requirements, based on their budgets and available technology. According to Principle 7 of the Data Protection Act 1998, all organizations must adopt appropriate technical and organizational measures to prevent unauthorized or unlawful use, as well as accidental loss, damage, or destruction of information. This applies to all computerized processing of personal data, structured manual records, and some unstructured manual records. Additionally, the DPA 1998 grants individuals the right to access the data held about them.The DPA 1998, along with the FOIA 2000, has prompted organizations to reconsider their best practices in handling personal data. It has also led to new strategies in records management and has compelled organizations to carefully assess their responsibilities towards individuals whose data they possess.

The FOIA

2000 expands individuals' access rights to their data, which were already established under the DPA 1998. The definition of "data" is expanded for public authorities to include any "recorded information held by a public authority." However, there are limitations to the data subject rights that apply to this additional category of data. When an individual requests information about themselves, this falls under the exemption of the FOIA 2000 and should be treated as a "subject access request" under the DPA 1998. In certain situations, fulfilling such a request may require releasing associated information. In these cases, the provisions of sections 7(4) and (5) of the DPA 1998 should be used to determine whether it is appropriate to release the third party information. If an applicant specifically asks for information about a third party or if responding to the request would involve disclosing personal information about a third party that is not also personal information about the applicant, the request falls under the jurisdiction of the FOIA 2000.

However, the authority is required to adhere to the Data Protection Principles when considering the disclosure of information about individuals. If releasing third-party information would result in a violation of any of these Principles, the authority must not do so. In conclusion, although the Data Protection Act (DPA) safeguards personal information and data of users, there are certain challenges and burdens for legitimate users and the general public due to the Act. The DPA does not provide an exemption for data backup. In practice, it is unlikely that a data subject would request access to data backups, and there is no obstacle preventing a controller from confirming that a

data subject only wants to access the most recent records.

During the first transitional period ending on 23 October 2001, the exemption from section 7 applies to back-up data used for the automated replacement of lost, destroyed, or impaired data. However, it is important to note that this exemption is not a general exemption for traditional back-up data. The Task3 report contains a total of 500 words and is signed. Below is a bibliography of the sources referenced in the report, including their publication dates and locations:
- Andrew Terrett., The Internet, Business Strategies for Law firms, (2000, Law Society, London)
- Bobbie Johnson., 'UK computer laws are ridiculous’, April 30, http://technology.guardian.co.uk/news/story/0,,1763989,00.html
- 'Computer Fraud and its Acts’, April 30, http://www.itwales.com/999573.htm
- 'Concepts of Patent work’, May 1, http://www.patent.gov.uk/about/consultations/conclusions.htm
- 'Data protection effect on senior management’, May 2, http://www.jisc.ac.uk/index.cfm?name=pub_smbp_dpa1998
- 'Data protection law, The key change’, May 1, http://webjcli.ncl.ac.uk/1998/issue4/widdis4.html
- David Icove. and Karl Seger, Computer Crime, (1995, O’Reilly & Associates, USA)
- David S. Wall., Cyberspace Crime, (2003, Darmouth Publishing Company , Hants, England)
- Douglas Thomas.

and Brian Loader, Cyber crime, (2000, Routledge publication , London) o a??Facts on copyright’, May 1, http://www.intellectual-property.gov.uk/faq/copyright/what.htm o a??Fraud law reforms’, April 30, http://www.bcs.org/server.php?show=conWebDoc.1149 o a??Fraud Tips’, April 30, http://www.fraud.org/internet/intset.htm o a??Hacking and other computer crime’, April 30, http://www.met.police.uk/computercrime/#SO6 o Ian Lloyd., Information Technology Law, (1997, Reed Elsevier Ltd, Halsbury, London) o Joshua Rozenberg., Privacy and the Press, (2005, Oxford university press Inc , USA) o Michael Levi., Regulating Fraud, (1987, Tavistock Publication , London) o a??New laws for computer fraud’, April 30, http://www.thisismoney.co.uk/news/article.html?in_article_id=400895?_page_id=2 o a??Summary of Intellectual property rights’, May 1, http://www.copyrightservice.co.uk/copyright/intellectual_property o Susan Singleton.,

Data protection The New Law, (1998, Jordans Publication , Bristol) o a??UK Data protection laws are chaotic’, May 2, http://www.theregister.co.uk/2004/11/17/data_protection_laws_chaotic/