History of Computer Crimes
When writing about computer crime, one must ask, “Where to
start”? Since the beginning of digital 0s
and1s, computer crime has been prevalent.
Kaybay (2012), in his seminal Computer Security Handbook, details the
different way criminals have wreaked havoc.
In the early 1960’s and 1970’s, there were multiple instances of direct
damage against computer centers caused by saboteurs. There were credit card frauds, identity thefts,
logic bombs, phone phreaking, data diddling, and extortion. Then, the crooks started to get sophisticated.
In the 1970’s-1990’s, crimes caused by Trojan
horses, worms, viruses, spam, and denial of services events caused $ Billions in damages.
Types of Computer Crime
Computer crimes primarily involve the misuse of computer logic. Crimes against hardware and physical security
are relatively non-existent. The real criminal focus
were on logical security breaches and programmed threats. Spafford, Heaphy and Ferbrache (1986) divided
logical security breaches into the following major categories (excerpted below):
Privacy and confidentiality
Integrity , which assures that data and programs are
not modified without proper authority
Unimpaired service
Consistency, which ensures that the data and behavior we
see today will be the same tomorrow
Controlling access to resources
Programmed threats, also called malicious software, also pose
a significant threat to computer security, and also cause $Billions in damages. Spafford
(1992) lists the main types of programmed threats (excerpted below):
Viruses, which are inserted into other computer
programs
Worms, which can move from machine to machine
across networks, and may have parts of themselves running on different machines
Trojan
horses, which appear to
be one sort of program, but actually are doing damage behind the scenes
Logic
bombs, which check for
particular conditions and then execute when those conditions arise, and
Bacteria or Rabbits, which multiply rapidly
and fill up the computer's memory
In addition to logical
security breaches and programmed threats, there are “hackers”,
who sneak into a computer system without permission to compromise internal
data.
McAfee (2010),
the security software giant, developed a list of the latest, most insidious
computer crimes working their way around cyberspace. A survey of the top 5 crimes
involving the most people over the last decade include:
Scare-ware, which is the the sale of fake
antivirus softare
Phishing scams, which involves the
tricking of users into giving up personal information (in 2009 alone, over ½ of
a million sites were detected); via targeted emails, fake friend requests,
spam, and social networking.
Phony websites, which involves fake sites
that look real (phony banking sites, auction sites, and e-commerce
Online dating scams, involving viruses
such as the “I Love You” virus, whereby the crook creates a personal
relationship in order to ask for cash, merchandise or other favors
Nigerian scams, which involves advance
fees
Are these scams and malware only a tip
of the iceberg?
Who is winning?
FBI security guru Shawn Henry (now with a private security
firm) said in the Wall Street Journal (see Barrett, 2012) that companies need
to make drastic changes in the way computer systems are used to minimize damage
to national security and the economy. He
says that too many companies fail to recognize the extent of the risk –
financially & legally – and cost of operating vulnerable networks. “"I don't see how we ever come out of
this without changes in technology or changes in behavior, because with the
status quo, it's an unsustainable model. Unsustainable in that you never get
ahead, never become secure, never have a reasonable expectation of privacy or
security,'' Henry said. "In many cases, the skills of the adversaries are
so substantial that they just leap right over the fence, and you don't ever
hear an alarm go off. Companies need to
be hunting inside the perimeter of their network.” What should leadership do to combat
cybercrimes? Henry stated the obvious: "If
leadership doesn't say, 'This is important, let's sit down and come up with a
plan right now in our organization; let's have a strategy,' then it's never
going to happen…”
References
Barrett, D. (2012, March 28). U.S. Outgunned in
Hacker War. The Wall Street Journal.
Kabay, M. (2012). History of Computer Crime. In Computer
security handbook, 5th edition, 2, 27. Wiley.
McAfee. (2010). A good decade for cybercrime:
McAfee's look back at ten years of cypercrime. Santa Clara, CA: McAfee,
Inc.
Spafford, E. (1992). Are computer hacker break-ins
ethical? Journal of Systems and Software, 17, 41-47.
Spafford, E., Heaphy, K., & Ferbrache, D. (. (1989).
Computer viruses: Dealing with electronic vandalism and programmed threats.
Arlington, VA: ADAPSO (now ITAA).
