Security

1
Security

• By Valencia Hike
• CST 515
• March 16, 2007

2
Computer Security
There are a variety of ways the security of your
computer can be compromised. By the end of this
presentation you will have a better understanding
of the various security risks for computers,
which include viruses, identify theft, and
computer fraud. I will also explore the legal
issues and possible remedies to these security
issues.
3
Legal Aspects
IT is becoming part of all areas of society. From
your car taking directions from GPS satellite
navigation systems to the terrific advances in
personal computing technology in relation to
speed and cost. IT law treads on the toes of
other more traditional areas constitutional,
criminal and civil law. It mingles with them all.
There are computer-specific crimes such gaining
unauthorized access to a system or releasing a
virus. As IT integrates further it becomes used
in more regular criminal activity, such as fraud
and theft.
4
Current Legislation

• Data Protection Act 1998
• Control personal information
• Regulate data processing
• Criminal Damage Act 1991
• Actual or threatened damage to property
• Unauthorized access to computers
• Possession with intent to damage property
• Criminal Evidence Act 1992
• Regulates admissibility of computerized records
  into evidence
• SOURCE The Journal of Information Law and
  Technology (JILT)

5
Current Legislation

• Principles of DPA
• Data is obtained and processed fairly
• Held for its specified purpose only
• Must be relevant to purpose and non-excessive
• Must be accurate and current (up-to-date)
• Help for no longer than is required
• Extra safeguards for sensitive data (race,
  religion, politics)
• Prudent security measures to protect personal
  information
• Subject has right to view, correct and erase such
  data
• Designed to provide adequate safeguards to
  individuals
• against any abuse of their privacy arising from
  the
• automatic processing of personal data concerning
  them.
• SOURCE The Journal of Information Law and
  Technology (JILT)

6
Current Legislation

• Data information in a form which can be
  processed.
• Personal Data data relating to a individual who
  can be identified either from the data or from
  the data in conjunction with other information in
  the possession of the data controller.
• Data subject person who is the subject of
  personal data.
• Data Controller person who controls contents and
  use of personal data.
• Data Processing automatic logical operations on
  data
• including extraction of constituent data.
• SOURCE The Journal of Information Law and
  Technology (JILT)

7
Current Legislation

• Is the computerized information only provision a
  loophole? .you be the judge.
• Provisions
• Computerized files only
• Personal data must be living (does not include
  dead),
• individual (not company) and identifiable
• Exceptions
• Computerized files only
• Security of the state
• Must be available by law/court order
• Kept by individual for family affairs/recreational
  purposes
• Required urgently to prevent injury or serious
  loss/damage
• SOURCE The Journal of Information Law and
  Technology (JILT)

8
Current Legislation

• Criminal Damage Act 1991
• A person who without lawful excuse damages any
  property, shall be guilty of an offence
• Accidental/coincidental damage
• Recklessness
• Damage must me intentional
• Outlaws
• Damage to property which endangers life
• Damage to property with intent to defraud
• Data damaged within the State by persons outside
• SOURCE The Journal of Information Law and
  Technology (JILT)

9
Current Legislation

• Provisions
• Wide ranging powers of arrest Arrest of person,
  by anybody whom they suspect with reasonable
  suspicion of guilt or committing a crime, or
  having committed a crime except for unauthorized
  access
• Compensation Order Order to reimburse and loss
  incurred.
• Additional to fine/jail
• SOURCE The Journal of Information Law and
  Technology (JILT)

10
Current Legislation

• Criminal Evidence Act 1992
• Hearsay or real evidence calculations/analyses
  generated by the computer itself are real
  evidence.
• Recorded evidence that is generated in the normal
  course of a business, without the intervention of
  humans provided the machine is reliable.
• SOURCE The Journal of Information Law and
  Technology (JILT)

11
Identity Theft

• What is Identity Theft?
• Identity theft occurs when someone uses your
  personally identifying information, like your
  name, Social Security number, or credit card
  number, without your permission, to commit fraud
  or other crimes.
• The potential for damage, loss, and stress is
  considerable. Consumers victimized by identity
  theft may lose out on job opportunities, or be
  denied loans for education, housing,
• or cars because of negative information on their
  credit
• reports. They may even be arrested for crimes
  they did
• not commit.
• SOURCE Federal Trade Commission

12
Identity Theft

• How is Your Information Stolen?
• Dumpster Diving. They rummage through trash
  looking for bills or other paper with your
  personal information on it.
• Skimming. They steal credit/debit card numbers by
  using a special storage device when processing
  your card.
• Phishing. They pretend to be financial
  institutions or companies and send spam or pop-up
  messages to get you to reveal your personal
  information.
• Changing Your Address. They divert your billing
  statements to another location by completing a
  change of address form.
• Old-Fashioned Stealing. They steal wallets and
  purses mail, including bank and credit card
  statements pre-approved credit offers and new
  checks or tax information. They steal personnel
  records for their employers or bribe employees
  who have access.
• SOURCE Federal Trade Commission

13
Identity Theft

• What Do You Do to Defend Yourself?
• Place a Fraud Alert on your credit reports, and
  review the reports carefully. Call one of the
  three (Equifax, Experian, or TransUnion)
  nationwide consumer reporting companies to place
  a 90-day fraud alert.
• Close any accounts that have been tampered with
  or established fraudulently.
• File a report with law enforcement officials to
  help you with creditors who may want proof of the
  crime.
• Report your theft to the Federal Trade Commission
  
• (Online, call or by mail). Your report helps
  law
• enforcement officials across the country in
  their
• investigations.
• SOURCE Federal Trade Commission

14
Identity Theft
Resources to Deterring, Detecting and Defending
yourself from Identity theft. The Federal Trade
Commission has an abundance of resources on
their website which also includes print
materials. These resources are structured
around the premise of deterring, detecting, and
defending yourself from identity theft. Test
your knowledge of about identity theft Take the
online quiz at http//onguardonline.gov/quiz/idthe
ft_quiz.html SOURCE Federal Trade
Commission
15
Computer Viruses

• What exactly is a COMPUTER VIRUS?
• Computer viruses are called viruses because they
  share some of the traits of biological viruses.
  A computer virus passes from computer to computer
  like a biological virus passes from person to
  person.
• A computer virus must piggyback on top of some
  other program or document in order to get
  executed. Once it is running, it is then able to
  infect other programs or documents (spread).
• For example, a virus might attach itself to a
  program
• such as a spreadsheet. Each time the spreadsheet
  
• program runs, the virus runs, and it has the
  capability to
• reproduce (by attaching to other programs) and
• wreak havoc.
• SOURCE Marshall Brain, HowSuffWorks.com

16
Computer Viruses

• Where do viruses originate from?
• The answer is simplepeople. A person has to
  write the code, test it to make sure it spreads
  properly and then release the virus. A person
  also designs the viruss attack phase, whether
  its as simple as a silly message or the
  destruction of a hard disk.
• I bet you are asking yourself WHY?
• There are at a number of reasons someone creates
  may want to create viruses some of which are
• Thrill, mustering energy into the creation of
  destructive viruses (similar to what drives
  vandals and arsonists)
• Bragging rights, exploitation of a security hole
• Revenge, creating a virus to cause harm to an
  individual or company with the intentions of
  revenge
• Personal gain

17
Computer Viruses

• Different Forms of Infection
• E-mail viruses An e-mail virus moves around in
  e-mail massages, and usually replicates itself by
  automatically mailing itself to dozens of people
  in the victim's e-mail address book.
• Trojan horses A Trojan horse a computer program.
  The program claims to do one thing (it may claim
  to be a game) but instead does damage when you
  run it (it may erase your hard disk). They can
  not be replicated automatically.
• Worms A worm is a small piece of software or
  operating system that uses computer networks and
  security holes to replicate itself. A copy of the
  worm scans the network for another machine that
  has a specific security hole. It copies itself to
  the new machine using the security hole, and then
  starts replicating from there.
• SOURCE Marshall Brain, HowSuffWorks.com

18
Computer Viruses

• How do worms work?....Hint hint CODE RED
• A worm called Code Red made huge headlines in
  2001. Experts predicted that this worm could
  clog the Internet so effectively that things
  would completely grind to a halt.WOW who'd a
  thought a tiny worm could do that much damage.
• Using computer networks the worm can move around
  and infect other machines, it can expand from a
  single copy incredibly quickly. The Code Red worm
  replicated itself over 250,000 times
• in approximately nine hours on July 19, 2001.
• SOURCE Marshall Brain, HowSuffWorks.com

19
Computer Viruses

• CODE RED (Was designed to do three things)
• Replicate itself for the first 20 days of each
  month
• Replace Web pages on infected servers with a page
  that declares "Hacked by Chinese"
• Launch a concerted attack on the White House Web
  server in an attempt to overwhelm it
• Oh and yes to add fuel to the fire please do not
  forget about mutated strains. These strains of
  worms mutate into new worms or variations, which
  are as harmful if not more harmful as
• their original strains.
• SOURCE Marshall Brain, HowSuffWorks.com

20
Computer Viruses

• Wondering just how many could their be?
• A LOT!!!
• Whos Who Some of the most famous viruses.
• (Some of the most famous viruses have names after
  celebrities i.e. Avril Lavigne, Anna Kuornikova
  and Angelina Jolie, but the most famous virus is
  Melissa, one of the first big viruses).
• Who made the top four?
• Melissa
• Chernobyl virus
• Lovletter virus (Also known as the, I Love You
  virus)
• Klez Virus
• SOURCE Bullguard Famous Computer Viruses

21
Computer Viruses

• Protection..PLEASE
• Run a secure operating system, like UNIX.
  Security features of operating systems like UNIX
  keep viruses (and unwanted human visitors) away
  from your hard disk.
• If you are using an unsecured operating system,
  then buying virus protection software is a good
  safeguard.
• If you simply avoid programs (like the Internet)
  and instead stick with commercial software
  purchased on CDs.
• You should never double-click on an e-mail
  attachment that contains and executable.. A file
  with an extension like EXE, COM or VBS is an
  executable, and an executable can do any sort of
  damage it wants. Once you run it, you have given
  it permission to do anything on your machine. The
  only defense is to never run executables that
  arrive via e-mail. Also never open e-mails from
  unknown sources.

22
Computer Viruses

• Protection..PLEASE
• You should make sure that Macro Virus Protection
  is enabled in all Microsoft applications, and you
  should NEVER run macros in a document unless you
  know what they do. There is seldom a good reason
  to add macros to a document, so avoiding all
  macros is a great policy.

23
Computer Security
There are a variety of ways the security of your
computer can be compromised. I hope this
presentation has reached its goal of educating
and informing you of the various security risks
for computers, which included viruses, identify
theft, and computer fraud. Now that you have a
better understanding of what security entails
you will be able to deter, detect and defend
yourself and loved ones more effectively. Please
keep in mind technology is developing rapidly
while, typically, legislation tends to lags
behind, so quite often there are loop-holes or
gray areas so please use the tips you learned in
this presentation to protect yourself as well as
your loved ones.
24
Links to Additional Information

• http//www.ftc.gov/bcp/edu/microsites/idtheft/
• http//www.ftc.gov/bcp/conline/pubs/credit/cards.h
  tm
• http//onguardonline.gov/index.html
• http//computer.howstuffworks.com/virus.htm/printa
  ble
• http//computer.howstuffworks.com/security-channel
  .htm
• http//www.alw.nih.gov/Security/security.html
• http//www.usdoj.gov/criminal/cybercrime/reporting
  .htmcc
• http//europa.eu.int/ISPO/legal/en/comcrime/sieber
  .html1

25
References

• Goodwin, Bill. High-tech crime is put on
  trial. Computer Weekly (2007) LexisNexis. 30,
  January 2007.
• Mallery, John. Will Privacy Tolls Hamper
  Investigations? Security Technology Design
  Pg. 46 Vol. 17 No. 1 LexisNexis. January 2007.
• Low-Bryan, Cassell. To Catch Crooks in
  Cyberspace, FBI Goes Global. The Wall Street
  Journal 21, November 2006.
• Heavy Penalities to be Introduced for Computer
  Crimes. Turkish Daily News Source Financial
  Times Information Limited Global News Wire 4,
  December 2006
• Federal Trade Commission
• http//www.ftc.gov/bcp/edu/microsites/idtheft/
• http//www.ftc.gov/bcp/conline/pubs/credit/cards.h
  tm
• The Journal of Information, Law and Technology
  (JILT)
• http//elj.warwick.ac.uk/jilt/
• Brain, Marshall. How Computer Viruses Work
  HowStuffWorks.com
• http//computer.howstuffworks.com/virus.htm/printa
  ble