COMPUTER AND INTERNET CRIME
In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that the computer has ever linked up to. * Dennis Miller, Saturday Night Live, U.S. television show QUOTE
Treatment of Sasser Worm Author Sends Wrong Message
Unleashed in April 2004, the Sasser worm hit IT systems around the world hard and fast. Unlike the most Computer viruses before it, the Sasser worm didn’t spread through e-mail, but moved undetected across the Internet from computer to computer. It exploited a weakness in Microsoft Windows XP and Windows 2000 operating systems. By the first weekend in May, American Express, the Associated Press, the British Coast Guard, universities, and hospitals reported that the Sasser worm had swamped their systems. Computer troubles led Delta Airlines to cancel 40 flights and delay many others.
Microsoft quickly posted a $250,000 reward, and by mid-May, authorities apprehended Sven Jaschen, a German teenager, Jaschen confessed and was convicted after a three day trial. Jaschen could have receives up to five years in prison, but because he was tried as a minor, the court suspended his 21-month sentence, leaving him with only 30 hours community service.
Authorities said that once Jaschen realized the havoc the Sasser worm was causing, he tried to author a new version that reverse the damage. His real intent, they said, had simmply been to gain fame as a programmer and perhaps to increase business for his mother, who owned a computer shop in his hometown. Although Jaschen’s sentence seemed like a crime to many in the IT industry, the real injustice occured just a few months after Jaschen’s indictment, when Securepoint, a German IT security company, hired Jaschen as a programmer. It appeared that the teen responsible for 70 percent of all computer virus infections during the first six months of 2004 got exactly what he wanted all along. LEARNING OBJECTIVES
As you read this chapter, consider the follwing questions:
1. What key trade-offs and ethical issues are associated with the safeguarding of data and information system? 2. Why was there been a dramatic increase in the number of computer-related security incidents in recent years? 3. What are the most common types of computer security attacks? 4. What are some characteristics of common computer criminals, including their objectives, available resources, willingness to accept risk, and frequency of attack? 5. What are the key elements of a multilayer process of managing security vulnerabilities, based on the concept of reasonable assurance 6. What actions must be taken in response to a security incident?
IT SECURITY INCIDENTS: A WORSENING PROBLEM
The security information technology used in business is of utmost importance. Confidential business data and private customer and employee information must be safeguarded, and systems must be protected against malicious acts of theft and disruption.
Although the necessity of security is obvious, it often must be balanced against other business needs and issues. Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security: * If their firm is victim of a computer crime, shouldthey pursue prosecution of the criminals for all coosts, should they maintain a low profile to avoid the negative publicity, must they inform their affected customers, or should they take some other action? * How much effort and moneyshould be spent to safeguard against computer crime(how safe is safe enough?) * If their firm produces software with defects that allow hackers to attack customer data and computers, what action should they take? * What tactics should management ask employees to use to gather competitive intelligence without doing anything...