Computer misuse

• As every one know that computer as a machine has evolved

the daily life of people.
• But this machine has also changed the way people can commit
crime.
• Computer crimes or in other words cyber crimes has now
spread very quickly because nearly every person alive has
access to a computer system so it is bound that some people
may misuse it.
 contd
• Given the statistics on crimes involving
computer must have started from a base of
zero in the not to distant past, it is hardly
surprising that there has been a sharp rise in
the number of crimes involving computing, and
internet has undoubtedly started a new
security risk.
 Cybercrime
l Cybercrime is defined by British police as the use of any computer network for crime and
the high-tech criminals of the digital age have not been slow to spot the opportunities.

l The term hacking was originally used to describe an audacious practical joke, but has
become better known as a term for the activities of computer enthusiasts who uses their
skills against IT systems of governments and big corporations.

l The love-bug virus crippled at least 45 million computers worldwide and caused billions of
dollars worth of damage. Information systems managers have long been aware of the
need to maintain system security, particularly against computer fraud and sabotage.
However, Information system managers may not consider their own programmers and
analysts as possible perpetrators of computer fraud and sabotage.

l In addition, other programmers and analysts may be in prime positions to initiate other
forms of security problems, such as computer hacking, viruses and software copyright
violations. Yet it is tempting for managers to believe that most such security problems
come from outside the organisation.
The Misuse of Computers
In the United Kingdom, the Law Commission looked at
the extent to which existing criminal laws covered the use
of computers in five areas:
1.computer fraud;
2.unauthorised obtaining of information from a computer;
3.unauthorised alteration or destruction of information stored on a computer;
4.denying access to an authorised user.
Computer Fraud
The Law Commission defined computer fraud as:
. . . conduct that involves the manipulation of a computer, by
whatever method, in order dishonestly to obtain money, property, or
some other advantage of value, or to cause loss.
The main offences currently covering computer fraud:
• fraud and theft;
• obtaining property by deception;
• false accounting;
• common law conspiracy to defraud.
Unauthorised Obtaining of Information
The Law Commission identified three particular abuses:
1. computer hacking;
2. eavesdropping on a computer;
3. making unauthorised use of computers for personal benefit.

Historically, it has been difficult to convict anyone of computer

hacking:
– penetration of computer systems;
– alteration/destruction of data.

Under Section 1 of the Computer Misuse Act 1990, a person is

guilty of an offence if:
(a) he causes a computer to perform any function with intent
to secure access to any program or data held on any computer;
(b) the access he intends to secure is unauthorised;
(c) he knows at the time when he causes the computer to
perform the function that this is the case.

Section 2 makes it a more serious offence to commit the Section 1

offence with a view to further crime.
Eavesdropping
Eavesdropping involves:
– secret listening;
– secret watching.
The aim is the acquisition of information.
Historically, there has been no right to privacy in the UK. The recently
introduced UK Human Rights Bill incorporates the European Convention on
Human Rights into UK law. Privacy is now recognised as a basic human right. For
instance, listening to mobile telephone calls is now illegal.

Most people who misuse computers for personal benefit are in

some form of legal relationship with the owner of the computer.
For example, an employee who does private work on their employer’s
computer. Here employment law can be applied.
The unauthorised use of the computer is not a special issue.
Unauthorised Altering of Information
Computers store vast amounts of information about us:
– what we have in the bank;
– who we call on the telephone;
– what we buy in the shops;
– where we travel;

Criminals who alter or destroy such information can be dealt with by

– the law on Criminal Damage;
– the Computer Misuse Act 1990 (in Section 3).

The law on Criminal Damage seems to apply to physically stored data that would survive a power off-
on. Some examples:
– erasing programs from the control card of a circular saw;
– writing a program that shakes a hard disk to pieces.

But not:
– switching off a monitor so that the display is lost.
Unauthorised Modification
Section 3 of the Computer Misuse Act 1990 provides that a person
is guilty of a criminal offence if:
(a) he does any act which causes unauthorised modification
of the contents of a computer, and
(b) at the time when he does the act, he has the requisite
intent and the requisite knowledge.
The requisite intent is an intent to cause a modification to the contents of any
computer and by doing so:
(i) to impair the operation of any computer;
(ii) to prevent or hinder access to any program or data held
on any computer;
(iii) to impair the operation of any such program or the reliability of any such
data.
Forgery
The unauthorised alteration or destruction of data may amount to forgery.
The Forgery and Counterfeiting Act 1981 says:
A person is guilty of forgery if he makes a false instrument,
with the intention that he or another shall use it to induce
somebody to accept it as genuine, and by reason of so accepting
it, to do or not to do some act to his own or any other
person’s detriment.
An “instrument” is usually a written document.
However, it can also be “any disk, tape, sound-track or other device
on which information is stored by mechanical, electronic or
other means.”
E.g: a forged electronic mail message.
Denying Access to an Authorised User
There are many ways to deny access to an authorised user
of a computer:
– shut the machine down;
– overload the machine with work;
– tie up all the machine’s terminal/network connections;
– encrypt some system files….etc;
Various offences deal with these:
– hacking;
– unauthorised abstraction of electricity;
– improper use of telecommunications services;
– unauthorised modification of computer material;
 IFCC
l The Internet Fraud Complaint Center (IFCC) was set up in 2000. The IFCC’s primary mission is to
address fraud committed over the Internet. This is done by facilitating the flow of information
between law enforcement agencies and the victims of fraud, information that might otherwise go
unreported.

l The IFCC Internet Fraud Report is the first annual compilation of information on complaints received
and referred by the IFCC to law enforcement or regulatory agencies for appropriate action.

l The results provide an examination of key characteristics of 1) complaints, 2) perpetrators, 3)

complainants, and 4) the interaction between perpetrators and complainants.

The European Cyber crime Convention also covers computer intrusion, forgery andcopyright but
extends current law to:

l define offences related to ‘aiding and abetting’ other offences covered in the treaty;

l formalize the procedure for the search and seizure of computers

l incorporate many of the features of the Regulation of Investigatory Powers (RIP) Act 2000 in relation
to forcing the disclosure of decryption keys;

l incorporate UK proposals for the monitoring of networks under proposals for the acquisition and
storage of traffic data
 Fraud Defined
• Fraud is any and all means a person uses to
gain an unfair advantage over another person.
• Typically, a fraudulent act must involve:
– A false statement
– A material fact
– Knowledge
– Reliance
– Injury or loss
 contd
• PHISHING E-MAILS
• This is the name given to e-mails that claim to be from your bank
or other financial organizations but are actually sent to you by
fraudsters.
• These e-mails typically urge you to click on a link that takes you to
a fake website which is often identical to the one you would
expect to see.
• You are then asked to verify or update your personal security
information.
• The fraudster who has created the fake website will then have
your security and other personal information. A genuine
organization will never send you this type of e-mail.
• These e-mails aren't normally addressed to you by name; they are
sent to millions of recipients in the hope that some will respond,
the aim of the e-mail is to trick you into providing your details.
 contd
TROJANS
• Trojans are usually received in e-mails that may contain files,
pages or attachments to open.
• Once opened, they can secretly install a program that can
monitor your online activity, down to what keys you're pushing
on your keyboard.
• This could mean the next time you enter your credit/debit card
details on your favorite on line shop, the fraudsters would be
alerted.
• This is one of the reasons why it is important that your
computer security is kept up to date.
 contd
MONEY MULE/ADDITIONAL INCOME E-MAIL SCAM
• One of the many scams around involves someone offering, via
an e-mail or website; to pay funds into your account on the
understanding you then transfer them overseas.
• In return, you supposedly get a commission. Some of these
want an up front deposit; once you have paid, you will never
hear anything again and more likely than not have lost your
money.
 Intro To virus
• Virus : A true virus is capable of self replication on a machine. It
may spread between files or disks, but the defining character is
that it can recreate itself on it’s own with out traveling to a
new host
• Computer virus have become today’s headline news
• With the increasing use of the Internet, it has become easier
for virus to spread
• Virus show us loopholes in software
• Most virus are targeted at the MS Windows OS
 Background

• There are estimated 30,000 computer

viruses in existence
• Over 300 new ones are created each
month
• First virus was created to show loopholes in
software
 Virus Languages

• ANSI COBOL
• C/C++
• Pascal
• VBA
• Unix Shell Scripts
• JavaScript
• Basically any language that works on the system that is
the target
 Symptoms of Virus Attack

• Computer runs slower then usual

• Computer no longer boots up
• Screen sometimes flicker
• PC speaker beeps periodically
• System crashes for no reason
• Files/directories sometimes disappear
• Denial of Service (DoS)
 Virus through the Internet
• Today almost 87% of all viruses are spread through
the internet (source: ZDNet)
• Transmission time to a new host is relatively low, on
the order of hours to days
• “Latent virus”
 Classifying Virus - Types

• Trojan Horse
• Worm
• Macro
 contd
Trojan Horse
• Covert
• Leaks information
• Usually does not reproduce
Worms
• Spread over network connection
• Worms replicate
• First worm released on the Internet was called Morris
worm, it was released on Nov 2, 1988.
 Macro
• Specific to certain applications
• Comprise a high percentage of the viruses
• Usually made in WordBasic and Visual
Basic for Applications
• Microsoft shipped “Concept”, the first
macro virus, on a CD ROM called "Windows
95 Software Compatibility Test" in 1995
THE END