Impacts of computer crimes in Businesses 41736 Flashcard
Computer crimes are an economic let down in the business fraternity nowadays due to the sophistication of the technology being used by the criminals to avoid detection. During 1950s, computer programs as well as data were stored on cards with holes punched in them. If a criminal was to break into an office, damage or steal the punch cards, he/she could be severely punished under the laws of breaking and entering. However, after some two decades, it became the order of the day to enter programs and data using the keyboard via a modem and a telephone line (Richmond, S 2000 P. 26).
The same technology on the other hand allowed banks and other business ventures to retrieve a customer’s background information from the central computer. Merchants to process transactions without sending paper works to customers. This change in technology sophistication meant that, criminals could change data as well as programs from their homes, without physically entering into the victim’s building.
The Word Wide web is a medium used freely for sharing information and opinions. However, the actions of the criminals who trash people sites act as self-appointed leaders who deny freedom of speech if they disagree with you (Michael, T 2001). They often make the self serving excuse that, they only attack machines sponsored by bad organizations or people. However, their excuse makes them dreaded lots who operate as the judge, jury and executioner. Arrogantly, they determine what is in the best interests of society.
According to Rep, S (1986 P. 31), in 1970s, people reacted and referred to hackers as minor nuisances and often compared them to teenagers throwing toilet paper on trees. This was so until August 1983 when a group of young hackers hacked into a computer at the Sloan-Kettering Cancer Institute in New York City (Rep, S 1986 P. 24). They changed files on that computer and almost led to the deaths of the patients. This incident reminded many that, hacking is a serious problem which should be given the right concern in tackling.
To this end, these crimes are greatly affecting business returns although many are not concerned. According to De W. (2007), individuals and companies continue to underestimate the threat occasioned due to the loss of data and other cyber vulnerabilities which represent about 40 billion US dollars in loss to affected companies and individuals yearly. Further according to Joris, E (2006), a survey done by the FBI showed that, business spent a lot responding to worms, viruses and Trojan horses, followed by computer theft, financial fraud and network intrusion.
Further according to the survey, respondents spent nearly 12 million dollars dealing with virus-type incidents, 3.2 million dollars on theft, 2.8 million dollars on financial fraud and 2.7 million dollars on network intrusions. The survey further showed that, oorganizations are attacked despite the use of security products, with 90% saying they had experienced a security incident.
Currently, there are no precise and reliable statistical data which shows the amount of computer crimes as well as the economic losses to victims. This is partly because; many of these crimes are not detected by the victims as they are done secretly and professionally. Also because, many of them are never reported to authorities to take action while in others, the losses are at times difficult to quantify.
Despite this, there is agreement between law enforcers and computer specialists who deal with security that, both the number of computer crimes and their sophistication is increasing at a high speed. In almost all computer crimes, it is difficulty to get the criminal physically. This is because, the act of interfering with the operations of the machine mostly takes place via the networks.
Many businesses have been attacked at least once by interested parties. Some others are attacked from instructions by potential competitors who are envious of another businesses progress. According to Agnes, M (2002), a study done in February 2001 showed that, there are about 4000 denial of service attacks each day. Most of these are neither published in the news media nor the culprits prosecuted in courts. To show how serious this is, Agnes, M (2002) says that, the Yahoo website was attacked on Monday, 7 Feb 2000 (Agnes, M 2002) in an attack which lasted for three hours.
Also, according to her, the websites of Amazon, Buy, CNN, eBay were attacked on Tuesday, 8 Feb 2000. Each attack lasted for more than one hour. Further, the websites of E-Trade which is a stock broker and ZDNet which is a computer information company were attacked on Wednesday, 9 Feb 2000 (Agnes, M 2002).
In March 1997, a young teenager disabled the telephone operations at the Worcester, Massachusetts airport for as long as six hours. This vandalized the air-traffic control system as well as other critical services James (2004). According to James (2004), this same criminal copied records for various parents from a computer in a drug store on four separate occasions. January, February, and March 1997. Further, the criminal was the first juvenile to be prosecuted by the U.S. Government for computer crime (P. 101). He pleaded guilty and as a result was placed on probation for two years and ordered to provide 250 hours of community service. Later, he gave all of the computer accessories he had used during his criminal activity (James 2004 P. 103).
According to Carol, C. L (2006), in March, 2005, a man by the name Heim admitted that he had used the username and password assigned to Facility Automation Systems Company and redirected all company’s internet traffic, including electronic mail, to a server at his new employer (P.21).
Types of crimes
There are three major classes of criminal activity with computers which seriously affect businesses. First is the unauthorized use of a computer, which involves stealing a username and password or accessing the victim’s computer via the World Wide Web. Secondly, the releasing of a malicious computer program, viruses or worms, amounts to a crime. Lastly, harassment in cyber space is another serious crime. All the three above cause greater damages to the smooth operations of businesses thus affecting them economically.
For example, changing data from the original format or amount can be done from a distance. Unauthorized changing of data in general is a fraudulent act. Likewise, the denying of services to authorized users through the consumption or gobbling large amounts of the disc space amounts to crime. This is orchestrated by sending large amounts of bulk e-mails in a single day, by making the machine execute un-proper programs which puts the processing unit into an endless loop, by flooding an Internet server with vague requests for web pages there by denying potential customers the opportunity to download a page and possibly, crashing the server.
Here the organization gets loses in making the computers operational since they have been rendered useless. Also, since the threats have been brought into the fore by the attack, the organization again enters into the pace of looking for ways on how to shift bases and make thing a thing of the past.
Negative Impacts on Businesses
Hackers attack computer systems so as to gain access to the client or customer information and other business data which include credit card details and social security numbers. This is mainly for identity fraud and theft.
Computer crimes have negative impacts to businesses. To start with, the changing of existing data from a distance really affects them. Taking for example the interfering with account information of the customers of a certain business is a grave matter. The customer’s background once changed leads to unimaginable losses since you cannot tell for sure what the customer owned you. Also, important business files are attacked either by changing the contents or by deleting them completely. This has negative effects as it renders the organization the problem of book keeping which should be done in a manner for easy access and use if required thus loss of time in retrieving them.
The use of malicious programs is much practiced in mails and other computer software. In many instances, messages are sent in the name of a person who neither wrote the content nor gave authority of sending the message. For example as Barnes (2004) puts it, e-mails with bogus addresses were sent automatically through a malicious program in 1999, 2001 and 2002 causing much damages to computer software in many organizations.
Posting messages using the net to various newsgroup or online bulletin with a false author’s name with the intention of harming the reputation of the real person or business is another serious crime maiming businesses. These actions can be punished using the existing criminal laws which prohibit impersonation as well as forgery, deceit and fraud.
The use of computer malicious programs has been used to harm businesses in many instances. For example, in 1999 as Barnes (2004) puts it, Melissa virus infected a confidential document on a victim’s computer. Automatically, the program then re-sent that document and copy of the virus through e-mail to other people who definitely had losses due to the affection.
These malicious programs are a new invention used by criminals to sent confidential information from a person’s computer together with the confidential information, going not to the one who came up with the malicious program, but to some other party not known by the author of the program.
In 2003, a disgruntled employee in Nigeria used his legitimate computer account and password for unauthorized uses to hack into the computer of his employer. This had negative impact on the operation of the business man since the employee had time to change bank account numbers so that customers can deposit money into his account and not that of the employer. Before he came to notice what was happening, some four months had elapsed and he had accumulated a loss of millions naira.
This if applied in other businesses can be particularly damaging if the disgruntled employee is the system administrator, who knows the employers password and can enter any user file area. He/she can perpetrate and work from within the employer’s building, instead of accessing a computer via modem. This is another form of crime with adverse effects to the operations of a venture.
Sometimes back, many of the criminals have used technology to make long distance telephone calls for free. The sophisticated technology at their disposal conceals their location when they are hacking into computers. This has happened and continues to happen in many places around the globe. Businesses have suffered due to these intrusions as they have been forced to pay for phone bills accumulating from criminal calls making it a liability to many. As a case in hand, a business in London was forced to close down due to the huge bill they were supposed to pay. The accumulation of this is maiming many businesses.
In another incident, a criminal changed and deleted data deliberately from a computer in a cyber cafe causing immense damage. The data deleted was about the network and the customers connected via the server. The owner grudged that the incident had cost him a big chunk of his money as he had to act immediately so as to appease the customers so as to retain them.
The other crime which is orchestrated to cause damages in the business fraternity is the alteration of websites. In recent years, large numbers of attacks have occurred on websites by hackers pretending to be angry with the owner of the website. This is done by putting false information into the web site of an organization and is meant to cause confusion among the potential customers.
In a typical attack, the hacker will delete some pages and some graphics, then attach new ones with the same name as the old file, so that the he/she can controls the message conveyed by the site. Also, some hackers will affect the site with unwanted material like porn among others so as to frighten the customers who are cautious of such materials. And other will completely affect the login section such that, no one can log in authorized or not.
Victims of such attacks in recent times include various U.S. Government agencies, including the White House and FBI. However, this is not a worst kind of computer crime. As a security alert, the owner of the site can close it for a while and restore all of the files from backup media. At the same time, he/she can improve the site security and then re-open it. All in all, the criminal has committed a crime by making an unauthorized use of another person’s machine.
Denial of service attack occurs when the business server is filled with a continuous stream of vague requests for web pages, thereby denying potential users the opportunity to download a page possibly crashing the web server. To carry out this heinous crime, criminals first put in place remote controlled programs on a good number of computers that have access to the Internet.
This control program will, at the command of the hacker, issue a continuous sequence of pings to a specified site. When he/she is ready to attack, he instructs the programs to begin pinging a specific target address.
Security is core in accessing an online computer service for whatever purpose. One needs both a user name and a password to be able to access the same. In many instances, we select user names which at many times are as the last name. With this, the user names are easy to guess, therefore extra care should be taken when dealing with passwords.
. In choosing passwords, one should avoid using his/her name, anyone’s first name, nickname, telephone number or date of birth as this can be guessed with ease. On the same note, the above should not be written backwards as this is another threat.
According to Barnes, (2004), the best password has a random sequence of lower and upper case letters as well as digits. But he cautions that, such a password can be difficult to remember due to the complexity of the characters. As a suggestion, it is good to choose un-unusual foreign jargon which is not possible to get in the dictionary of the local language.
Having the password with you, do not write or scribble it down. Likewise, it should be a secret and should not be told to anyone. In case of a new computer, it is important to follow the instructions from the system administrator in choosing your own password.
To avoid hacking in the organizations site, use a different password for each site or computer account. Oloo, H (1987) argues that, changing password every few weeks is standard advice for all to follow although changing it every few weeks also makes it easier to forget your password. Further, according to him, it is your choice to decide the worth of changing passwords every few weeks.
Storing password either in script on their hard disk or in various programs as many do. This practice of storing the user name and password is convenient if only you can remember the storage site with ease. However, if name and password are stored as above, you should as a matter of security enable the password setting of the computer. This requires you to have it very time the machine is switched on.
If sometimes other people have access to your computer, in your presence or when you are not present, when your machine is running, a screen saver software which requires a password to return to the original operating system or applications software should be installed and fully operational. In addition, when a computer is stolen or vandalized, it is possible for the criminal to peep into all of your accounts. As a result, therefore, it is necessary to log into each of your accounts and change the password for each once the theft is discovered.
On private data, the same as what happens in passwords happen. The same steps about a password settings and a screen saver apply to confidential information on your computer. However as Oloo, H (1987) puts it, there is no easy way out in destroying the worth of confidential data in files on a stolen/vandalized machine. Businesses with very sensitive, reliable and tangible data should code/encrypt all of their data files (Oloo, H 1987 P. 45).
In the 1980s, it was the order for viruses to be generally passed from one user to another user via defective floppy disks. As result, business men/women in the 1980s did not need anti-virus software if they only purchased software from reputable sources and never copy pasted programs from these defective floppies provided by their friends and colleagues (Barnes, 2004 P. 34).
According to Barnes (2004), developments in the 1990s made anti-virus software a necessity for all computer users since, it became common for software to be distributed and updated using downloaded files from the Internet. Also since hacking criminals developed malicious programs that were delivered inside programs like Microsoft Word. Malicious program could be hidden inside a file sent via e-mail. Lastly, hackers developed viruses that were commonly conveyed as attachments to e-mail. Clicking on these files activates the malicious computer program thus infecting the computer (P. 35).
Since daily we use our e-mails and everyone will at a point download an executable software/file from the Internet, it is a good practice to have anti-virus program running on machines. Anti-virus programs scan all files for viruses and if infected, the file is automatically deleted from the machine or cleaned if it doesn’t offer much threat. Always, anti-virus software should be activated once new software is installed.
To protect the business from virus threats, the anti-virus software should be updated from time to time since because new malicious programs are discovered every day. The frequency of updating the software depends with someone’s tolerance to risk. If you feel the machines are prone to attack, update the software. When an epidemic of virus is reported in the news media, it deems wise to update the anti-virus software as soon as the one who developed your anti-virus software revises his/her definition files to recognize the new virus. If possible, the updates should be daily until variants of the new virus stop appearing.
To safe guard your business venture from this monster, never at any time open any executable file sent as an attachment in e-mail without first having the knowledge of the contents as well as the source of the file. Actually, it harms not in waiting a few minutes or hours or days and contacting the sender of the e-mail and try to learn the contents and source of the attached file.
According to Richmond, S (2000), the Melissa and I love you incidents, of March 1999 and May 2000 respectively, emphasized the fact that, it is possible to receive a malicious program from a person or organization that you have a lot of trust in. This is occasioned by the fact that, that person could be a victim of a virus that automatically sent an e-mail through his/her name.
Be extra cautious to any attached file that has a double extension and especially when the file extension in the right hand side is an executable file. According to James, (2004), examples of such files are: Filename.jpg.vbs, filename.doc.exe, filename.zip.com, filename.gif.bat, filename.txt.pif, filename.mp3.scr, filename.htm.lnk among many others (P. 105). As a note, attacked e-mails in many instances contain text with so many grammatical as well as punctuation errors and misspelled words. Mistakes of such magnitudes in from a person who purports to be an English speaker should alert you of the possibility of e-mail from a forged address, which may contain a virus.
In addition to the above control measures, it is possible to come up with a free e-mail account either a Yahoo, HotMail or any other provider such that, if someone harasses or tries to interfere with your operations, you simply close that account and chose another from the many at your disposal. In other words, this is like getting an identity which can be done away with in cyberspace.
In order to protect business files and other necessary materials from loss due to the various computer crimes, backing up the files is important as it protects them from threats such as accidental deletion or from hard disk failure. A full backup of all of your files should be considered at least two times in a year, and also it should be done with immediate effect once a major project is completed.
In order for the security measures mentioned above to be put into practice, employers as well as the employees should be taken step by step into the importance of computer security if the organizations and businesses are get good returns from their inputs. Success in the information and security work depends in the first place on developing good and basic working practices as well as establishing procedures meant to ensure that they are maintained. A security conscious atmosphere should be the established in a disciplined approach to ensure that all the staff is catered for.
If confidential information is to be handled in the day to day running of the businesses, it is extremely essential that the chosen few for that job are absolutely reliable and trustworthy. In addition, they should be screened security wise to a level equivalent to the confidential information they will likely be using to work on.
Access to the business entire information should be restricted up to that which he/she ‘needs to know so as to do his/her job. In particular, all sensitive material should be split and categorized that only authorized staff can lay hands on. In general, no member of staff should have access to all the information that pertains the entire organization.
Furthermore, security measures derived from the rules and regulations of the business will only be effective if all the staff members are properly trained. It is extremely essential that, the problem is understood to them all. This can be achieved mainly with in-house training of the staff. Individual users on the other hand must be trained on how to use the network, how to treat confidential information and on how to make back-ups.
To ensure minimal security threats, employees should be taught what to do in the event of a threat and how to counter such, what they should avoid to engage in, who they should make calls to and where they can get help if need be. Employees should be encouraged to report threat incidences so that steps can be taken by the relevant authorities to prevent any further damage.
New as well as temporary employees should be given introductory training once they join the venture. During such drills, data security and data integrity should take precedence and be explained. Lastly, it may be useful to include a section on security and confidentiality obligations in employee’s contracts to create awareness among them.
To achieve functional and cost effective computer security, a number of steps must be taken into consideration by the management. Firstly, it is important to analyze the risks associated with some threats so as to make it possible for the management to formulate policies which go along with the maiden security intentions of the venture. In it, the main security targets as well as information classification principles, responsible persons, and principles to reach the targets should be included.
In addition, the policy should be written and approved by management. This is because, if the management doesn’t approve, it means no resources. This said and done, a plan defining how the targets and the intentions in the policy document will be realized should be formulated. Further, a priority list must present as it may not be possible to realize everything in the policy at once. This plan has to be scrutinized by the person in charge of security in the organization.
The implementation phase is the most important part and that the main points that require attention should be inclusive. All senior managers should be sufficiently familiar with the computer security systems in use so as to know what is going on and why. Users should be given specific procedures about what is expected of them. The signed guidelines should be distributed to them in written form.
This is mainly to counter the arrogance that they were unaware of the contents of the guidelines. An example of the guide lines which ca be given to the users is as follows; Do not access information unless you have authority to do so, do not change any information on a computer system unless you have authority over such, do not use the company’s computers for personal matters if not permitted, do not leave a computer working-always switch off, make sure you know what to do in the event a malicious program is discovered on the system. Further, use anti-viruses, be aware of virus codes, when downloading files, mails etc. from the internet or other media, keep your log in details confidential, do not allow anyone whatsoever to use your password, and lastly, remember that anything done on the system using your ID and password can be your responsibility.
In conclusion, computer crimes against businesses are maiming their operations in that they consume up what has been produced. They take a lot of time repairing what has already damaged. Money is also spend to get the service of professional to put together the pieces left. Also, money in spent in the in-house trainings. Once sites are attacked, potential customers are scared away or are denied the information they would like to get concerning the venture. Files and data spoiled during the criminal activities cause many problems to the management.
Some of this information is sensitive and is the weapon of the business. When stolen, the businesses loose the honor. Thus, in the strongest terms possible, this actions should be condemned.
Agnes, M.2002. Internet in today’s world. Nairobi: General Printers, P. 101-131
Barnes. 2004. Hackers in the Business World. Why they intrude and how they can be bared. London: Longhorn, 20-41
Carol, C. L. 2006. Computer Security. The underlying issues. Ohio: Akron University Press, P. 21-27
De W. 2007. Cyber Crime is a $105 billion business now. http://www.crime-research.org/news/26.09.2007/2912 (Accessed September, 27 2007)
James. 2004. The future of Computer Security. What the future holds and the perceptions of it. Melbourne: Penguin, P. 102-110
Joris, E. 2006.Computer Crime costs $67billion, FBI says. The Daily Nation, September 25, 2007
Michael, T.2001.Securing your Computer from the Ever increasing Crime. Nairobi: General Printers, P.2-15
Oloo, H. 1978. Business Threats. How this threats can be dealt with. Baltimore, Maryland: John Hopkins University Press
Richmond, S. 200. Computer Crimes. How the criminals orchestrate the offence. Nairobi: Government Press, P.26
Rep, S. 1986. Is there any future in hacking? The modern world seems relaxed about the effects of hacking. London: Longhorn, P. 24-31