Embed Size (px)
Citation preview
Information Systems and Computer Crime
ITGS
Information
What is information ?
Is information the same thing as data?
Information: Data combined with units of measure (quantitative) or combined with accompanying meaning (qualitative).
Data + meaning = information
What is data then?
Data: Numbers, codes, words or phrases without units, or other items that define or give meaning to these original elements
Knowledge
An understanding that humans derive by reasoning based on data and associated information. Examples of data are simple numbers, such as 123 and 456. Examples of information are $1.23 per dozen eggs and $4.56 per dozen eggs. Knowledge is an understanding that $1.23 is a better buy than $4.56. Wisdom may include judgements about the nutritional and health value of eggs, or about the relative value of eggs as a source of protein compared with other sources.
Wisdom
Knowing what is true, correct, proper or fair as the result of learning and experience. The application of common sense and good judgment. The sum of human learning through all times
Data, Information, Knowledge and Wisdom
Data + meaning = Information
Information + evaluation = Knowledge
Knowledge + value judgment = Wisdom
CASE Study: swastika
DATA: The pattern of lines in the swastika.
INFORMATION: Knowing that the swastika represents the nazi party.
KNOWLEDGE: Analysing the nazi harm or benefits to society.
WISDOM: Stating that you will reject the nazi belief.
Information SystemA system, usually computer based, into which data is placed, in which data may be processed, from which data is selected and maybe analysed, and from which reports may be produced
Datainput
Process(selection, analyisis)
Data output / reports
Information Retrieval System
A computer system used to store data and from which data may be selected and retrieved for use in reports and for analysis. Inf. system + storage capacity = Inf. Ret. Sys.
“Landing” Inf. SystemsConsider a Sports Club System. What can be the data input? Name Age Address, etc. Hobbies
Output: A member card Discount tickets for nearby hobbies related shops Sports schedule according to age and hobbies
What may the output be for the same input if the system was made for a bank ?
Four components of an Inf. System
1. INPUT
2. PROCESSING DEVICE
3. STORAGE DEVICE
4. PROCESSING SOFTWARE
Processing functions of software
Input with value checking
Searching or selecting
Analysing
Reporting
Computer AbuseWith respect to computer systems, using computers and networks to perform irresponsible or unacceptable acts.
Abusive acts may include: unauthorized access; sending messages or making available files
containing offensive language or pornographic materials;
repeated sending of unwanted messages; any act considered unacceptable by the
community sharing the resources
Computer CrimeAny illegal or unauthorized behaviour in connection with computers and computer networks. Examples of computer crime include: computer sabotage unauthorized access computer forgery damage to computer data or programs computer fraud computer espionage unauthorized use of a computer unauthorized use of a protected computer
program
Computer Crime vs. Normal Crime
Crime happened before computers, but computers “help” criminals:Some crimes are easier to commitThe results can be devastatingA an average armed bank robber gets
$5.000 un the USAAn average bank hacker gets $100.000A credit card is more valuable than a wallet
Who are the Computer Criminals ?
Hackers and crackers
Dishonest employees(that were trusted)Some facts:
Volkswagen lost more than $200 million in a foreign exchange fraud by high-level employees
Three employees of Britannica sold the customer list to another company (containing 2 million names).
Some solutions to employee's fraud
Rotation of trusted employees
Transactions should ask for an ID & password
Transactions should be named and recorded
There is a trade off between security and efficiency.
Credit card fraudsFACT: Losses from credit cards are estimated to be between 1 and 4 billion dollars per year.Ways of obtaining credit card numbers: Hacking via internet Calling people (lying and asking the number) Credit bureau databases Receipts from garbage cans near stores
Security: before they used printed books, now they use special telephone devices. Lets analyse the change!Card delivery issues
Automated Teller Machines (ATM)
Examples here are BancoMat, RedBank, RedBROU, etc.
Losses from ATM scams have been estimated at $60 million a year.''
READ this!!:The first is an "insider" case. A man who worked for a company that installed ATM machines had access to the machines using the installer's password. He wrote software to capture the account numbers and PINs (personal identification numbers) used by customers, then made fake cards encoded to mimic the real ones. He and a small group of friends planned to withdraw cash from the accounts on a holiday weekend, when they would have time to raid many accounts and get away. A tip from a friend who had been told of the plan led to a raid where 6000 counterfeit cards were found.12
Another group of thieves, lacking insider access to a real ATM system for the capture of account numbers, set up their own machine. They installed an ATM in a shopping mall in Connecticut. Initially, to gain customer confidence, the machine gave out cash. Later, after reading each customer's card and requesting the customer's PIN, it displayed a message saying that the transaction could not be processed. After about two weeks, the machine was removed. It had served its purpose, which was to read the account numbers magnetically recorded on the cards and store the PIN typed by the customer. It was not connected to any banking system. They stole U$S107,000 from their victims.
Old problems or new problems?
Supermarket or taxi bills can be corrupted easily by software. NEWThe butchers used to hold down the balance with their thumb to increase the weight reading. OLDSome of the problems are not new, they existed before computers were even imagined.
Sabotage & information theft
Sabotage = wilful damage to machinery or materials; or damage at work.Often done by angry employees, they leave logic bombs on computers.Industrial espionage by unethical competitors (this can be done remotely)Information Theft often involves: Plans for new products Market research Customer lists Pricing policies
Hackers and Crackers
Hacker:A person who enjoys the details of programming, is often obsessive about programming and can work quickly. The term cracker should be used for the negative application of programming skills.Cracker: A person who attempts to gain unauthorized access to a computer system, often for malicious purposes. The term was coined by hackers to defend against misuse of the term ‘hacker’
Facts on Ha & Cra-ckersThe targets of hackers include individuals, businesses, universities, and government (including military) agencies. Here is a sampling of hacking activities, illustrating their range.
In 1986, a hacker broke into at least 30-60 computers on the Stanford University campus, several other universities, 15 Silicon Valley companies, three government laboratories, and several other sites. It appeared that his goal was simply to get into as many computers as he could.
Hackers spoofed mail from the premier of Ontario, Canada, sending out unflattering comments about Ontario's parliament. A World Wide Web page set up by a British government department was hacked within minutes after it went online; the hackers redesigned the page. Kevin Poulsen manipulated telephone connections so that he would win thousands of dollars in prizes in a radio station contest. Poulsen also broke into a computer and got a list of undercover businesses operated by the FBI.'4
Using programs called "sniffers" hackers can read information travelling over computer networks and extract passwords. Some security analysts estimate that one million passwords may have been compromised in 1994. In only one day at the University of California at Berkeley, a hacker program collected more than 3000 passwords
The Secret Service reported that a 15-year-old hacked a credit reporting service and the telephone system in a scheme to get Western Union to wire money to him from other people's accounts. He is also believed to have hacked a McDonald's payroll computer and given raises to his friends.
A Little Web Research
Find who was Kevin Mitnik and in what ways did he commit Computer Crime ?
Non malicious HackingArguments
No harm is done. The hacker is just curious to see what is there. Hacking is harmless recreation, an intellectual challenge.
Hackers are performing a service by exposing security weaknesses in the system.
If the owners of the system want to keep outsiders out, it is their responsibility to provide better security. (This argument is used sometimes when harm is done as well.)
"Information wants to be free. Copying information does not deprive anyone else of the use of it; hackers who read or copy files are not stealing anything. Hackers are providing a public service by exposing internal documents of corporations and government.
Phone companies are ripping us off. Getting a few free calls is different from selling access codes. Hackers are not doing it for profit.
Homework
Bring counterarguments to the non-malicious hacking points.
Sources
ITGS Syllabus
A Gift of Fire by Sara Baase
