Computer Crimes and their Avoidance - Report Example

Computer Crimes and their Avoidance Computer crimes are offenses that pertain to computers and computer based technologies. These crimes exploit weaknesses in computers systems and computer networks. The perpetrators of this cybercrime intend to commit fraud, steal the identity of the users, and illegally share information and software, and embezzlement over the internet. Some of the criminal activities perpetrated against computer systems and computer networks are hacking, phishing, spamming, brute force attacks and identity theft. The present work examines these activities and suggests precautionary measures. Thereupon, a discussion is taken up regarding firewalls and their use; and thereafter, a discussion is appended regarding the nature and importance of a disaster recovery plan. 1.Hacking Several nations have set out a number of norms to classify and identify illegal activities relating to computers. (Computer Crime Research Center, 2005). Hacking is a very common computer crime, in which hackers control computer systems in a network and operate them for their own illegal purposes. Hacking is an unlawful activity, irrespective of its form. Nevertheless, hacking is helpful in determining the vulnerability of computer systems in a network or in respect of an individual PC. Such attacks enable their perpetrator to determine the scope for clandestinely programming computer systems and their consequent exploitation. Some individuals employ hacking attacks to gain access to computers maintained by corporations or the government, so as to reveal the openness of the security systems and to prove their ability of accessing highly protected computer networks. For these individuals, hacking is an art that enables them to access other computers (Stone, 2002). Hackers often share their knowledge and strategies among themselves. Some of them form groups for this purpose and even organize conferences. Hacking dates back to the mid 1950’s, when hackers made telephone calls free of cost, by exploiting loopholes in the telecommunication networks. To avoid the adverse effects of hacking, it is necessary to install and implement effective security systems in computers. More importantly, the software must be safe, stable and dependable. The enforcement authorities need to test the software and certify that is safe and reliable. Furthermore, computer users have to install firewalls and utilize encryption methods. In addition, computer users have to be wary of hacking attacks (Stone, 2002). 2.Phishing Phishing is a computer crime, in which the offender steals the identity of online computer users. Subsequently, the offender impersonates the original user and carries out financial and other online transactions. In phishing, the perpetrator sends an email message to the vulnerable computer user and allures the user to provide personal details, bank account number and other information. The emails sent by the offender appear to be from a legitimate source, with which the victim enters into regular transactions. These offenders provide a link to a website, which upon being clicked by the user redirects the latter to the faked website maintained by the phishing offender. That website will require victims to furnish their personal and financial information. Afterwards, the offender uses this information for his purposes. This is identity theft and offenders usually send mass emails to a large number of targeted victims. The emails state that the user has to provide his or her details in order to update his bank account, claim the amount purportedly won in some lottery or for some such specious reason. The links in the email direct the users to a faked website, which resembles the website of the service provider. These bogus websites employ the same fonts and logos of the official websites. Lured by these emails, naïve users provide their personal details in the website, which then sends the information to the phishing criminal directly. The criminals use this information and withdraw the money from the bank accounts of the victims. (Phishing Overview , 2005). 3.Spamming Spamming constitutes the transmission of mass emails to millions of computer users by cybercriminals. If any computer user, who receives such emails, replies to them, then that user will be subjected to further attacks by spammers. Unwittingly, several users send reply messages to the spam emails, and this allows spammers to acquire the mailing lists of the users and to send emails to the persons on those mailing lists. In this manner, spamming spreads to millions of users within a very short time. As such, it is extremely difficult to prevent spamming, and any person with a valid email address can send unlimited spam emails to other email addresses. Similarly, persons with valid email account can access newsgroups or other social engineering services. It is the practice of spammers to send a large number of emails to a website targeted by them. The large number of email attacks create overload on networks, which would be depleted of the resources necessary to function properly. The recipient’s hard disk would be filled with multiple postings of emails. Eventually, there will be syslog errors in the networks. However, the latest versions of web browsers are equipped with anti – spam tools, which allow the user to identify and block emails from a spamming source (CERT Coordination Center, 2002). 4. Brute Force Attack In the past, there were no electronic systems to encrypt vital information, in order to prevent unauthorized access; there were several methods of scrambling the information such as coding and decoding. Initially, even after the introduction of computers, data was stored in the same forms that were used to encode it. Subsequently secret key cryptography developed and this allowed date to be kept safe and secure to a much greater extent. However, this system proved to be unsafe as there were brute – force attacks against important data. Hence, public key cryptography is now used to protect information. Under this security system, a public key is associated with a private key. This method of integration of public and private keys has proven to be much more effective and has lesser disadvantages, in comparison to the previous methods. The public key system established on the Internet provides for secure digital certification, which is essential for online business. This cryptographic technique has emerged as the mainstay of internet commerce, and constitutes the core technology of security systems. It is the most favored security system, because data can be encrypted using one key of association, whereas to decrypt the encrypted data, the private as well as the public key are required. (Benantar, 2001, p648). 5. Identity Theft The internet has become the haven of cybercriminals, which allows them to steal the identity of individuals, their passwords and their financial information such as bank account numbers and credit card information. Spamming lures users, by promising them with gifts, prizes and other incentives if they furnish their personal details. In addition, offenders use new technological tools to intrude into large online databases maintained by banks or other service providers, and obtain the personal details of the individuals in those databases (U.S. Department of Justice). The offender uses this information for criminal activities, in the name of the individual whose identity was stolen. For instance, they can apply for bank loans or credit cards that will be sent to the person whose personal information was stolen, without the latter’s request. Moreover, these offenders can apply for credit cards and give the address of the victim’s friends or colleagues for billing purposes. The victim may not know about these developments, until he is held responsible for these acts (U.S. Department of Justice). There are services that monitor the credit balances of individuals upon request. Individuals can hire these services to prevent identity theft and unauthorized access to their bank accounts or other financial transactions. The credit – monitoring services send warning messages to users if they detect any abnormal changes in their account balances. This constitutes the best preventive measure against attacks by offenders Shredding documents is another effective preventive measure, because documents that are disposed intact can be stolen from the garbage collecting bins. More importantly, individuals should refrain themselves from clicking on the links in the emails, in their inbox, if these emails require them to furnish the details of their accounts or other financial information (Londrie). 7. Firewalls The fundamental purpose of a firewall is to block the entry of malware into the computer system. If there is no firewall, then the malware enters the system and checks for vulnerabilities. After that the malware identifies the weak points in the computer and provides entry points for the malware creator. Thereupon, the malware creator gains control over that particular computer. Subsequently, that malware creator uses such a computer for online crimes. Connecting to the internet invites cybercriminals to control the personal computer or networked computers. Thus, to make a computer more secure, it is recommended to disconnect from the internet connection. Otherwise, home computers must be protected with a firewall, anti-virus software and anti-malware software. However, these have to be updated frequently (Home PC Firewall Guide ). 8. Recovery Plan Data recovery is a measure that recovers data after a disaster that affects the stored date occurs. In the event of a natural disaster such as a storm or an earthquake, the computer gets physically damaged and the data stored in it will be damaged. Similarly, other disasters would damage or destroy the storage device of a computer or a server. Loss or theft of a computer could result in the loss of a data storage device. The data recovery plans provide multiple solutions to backup the data. If the computer and the secondary storage device are damaged, destroyed or lost, then the data recovery plans would come to the rescue as they store backups of the entire data on the computer or file server. In some instances, it is possible to retrieve the complete data. Thus, backing up data is essential, because it is crucial for restoring the system, in the event of the data being destroyed. Data recovery plans back up the data and restore it, as and when required. In data recovery plans, data is stored as a copy on other secondary data storage devices, like CDs, DVDs and hard disks. In addition, there are offsite data backup systems that simultaneously save copies of the data on an office PC or home PC, in some other location. Furthermore, there are several agencies that offer online data backup facilities. These services are of immense use in retrieving the entire data, in the event of a disaster (Data Recovery Plan and Offsite Data Recovery Information ). The internet has engendered a virtual world, where distances are no longer of any significance. Financial transactions across the globe take place in seconds. However, this convenient way of doing things has attracted the attention of cybercriminals. The use of proper safety measures and adequate data recovery strategies can circumvent most of the problems posed by this environment. List of References Benantar, M. (2001, p648). The Internet public key infrastructure. IBM Systems Journal , Vol. 40 Issue 3, 18p, 15 diagrams; (AN 5081444). CERT Coordination Center. (2002, August 14). Email Bombing and Spamming. Retrieved July 17, 2008, from http://www.cert.org/tech_tips/email_bombing_spamming.html Computer Crime Research Center. (2005, November 26). Types of computer crimes . Retrieved July 16, 2008, from http://www.crime-research.org/news/26.11.2005/1661/ Data Recovery Plan and Offsite Data Recovery Information . (n.d.). Retrieved July 17, 2008, from http://www.datarebound.com/datarecovery/7-datarecoveryplan.html Home PC Firewall Guide . (n.d.). Retrieved July 17, 2008, from http://www.firewallguide.com/ Londrie, K. (n.d.). Identity Theft Prevention Measures . Retrieved July 17, 2008, from http://www.customdesignpostcards.com/articles7/identity-theft-prevention-measures.html Phishing Overview . (2005, August 16). Retrieved July 17, 2008, from http://www.crime-research.org/news/16.08.2005/1431/ Stone, D. M. (2002, August 02). Computer Hacking . Retrieved July 16, 2008, from http://www.ed.uiuc.edu/wp/crime-2002/hacking.htm U.S. Department of Justice. (n.d.). Identity Theft and Identity Fraud. Retrieved July 17, 2008, from http://www.usdoj.gov/criminal/fraud/websites/idtheft.html Read More