|
Shelley Cashman Site | SAM | WebCT | Syllabus | Lecture Outline | Lab Assignments | Glossary | Helpful Links | Home |
|
Computer
Literacy On-Line: |
Learning Unit 11
Assignment11 | Quiz11 | Chapter Review | Answers
|
Shelley Cashman Site | SAM | WebCT | Syllabus | Lecture Outline | Lab Assignments | Glossary | Helpful Links | Home |
|
Computer
Literacy On-Line: |
Assignment11 | Quiz11 | Chapter Review | Answers
LEARNING OBJECTIVES
After completing this unit, you should be able to:
Kempelen's Amazing Chess-playing Machine
In 1760 Wolfgang Kempelen, a 49-year-old Hungarian inventor, engineer, and advisor to the Court of Austrian Empress Maria Theresa, built a mechanical chess player. This amazing contraption defeated internationally renowned players and earned its inventor almost legendary fame. Of course, the chess-playing machine was actually a clever hoax.
With his elaborate and elegant deception, Kempelen might be considered the forerunner of the modern computer criminal. We're expected to trust information technology with our wealth, our health, and even our lives. The many benefits of our partnership with machines are clear. But blind faith in modern technology can be foolish and, in many cases, dangerous.
Like other professions, law enforcement is being transformed by information technology. Computer tools help law enforcement officials ferret out criminals and stop criminal activities.
Like guns, computers are used to break laws as well as uphold them. Computers are powerful tools in the hands of criminals, and computer crime is a rapidly growing problem.
The Computer Crime Dossier:
Computer crime is often defined as any crime accomplished through knowledge or use of computer technology.
Nobody knows the true extent of computer crime. By conservative estimates, businesses and government institutions lose billions of dollars every year to computer criminals. According to the FBI, the average computer crime is worth about $600,000&endash;far more than most other crimes.
Most computer crimes are committed by company insiders who have no extraordinary technical ingenuity. Some are ex-employees seeking revenge on their former bosses. Some are corporate or international spies seeking classified information. A few are high-tech pranksters looking for a challenge. Organized crime syndicates are even turning to computer technology to practice their trades.
Theft by Computer
Theft is the most common form of computer crime. Computers are used to steal money, goods, information, and computer resources. The most widely practiced type of computer-related theft is software piracy.
Software Piracy and Intellectual Property Laws
Software piracy&endash;the illegal duplication of copyrighted software&endash;is rampant. Now that most software companies have given in to user demands and removed physical copy protection from their products, copying software is as easy as duplicating a cassette tape or photocopying a book.
Intellectual Property and the Law
Legally, the definition of intellectual property includes the results of intellectual activities in the arts, science, and industry. Copyright laws have traditionally protected forms of literary expression; patent law has protected mechanical inventions; and contract law has covered trade secrets. Most commercial software programs are protected by copyright laws, but a few companies have successfully used patent laws to protect software products.
The purpose of intellectual property laws is to ensure that mental labor is justly rewarded and to encourage innovation. Unfortunately intellectual property laws are difficult to enforce.
Software industry organizations such as the Software Publishers Association are working with law-enforcement agencies to crack down on piracy.
Laws, including the Computer Fraud and Abuse Act of 1984, clearly treat software piracy as a crime, but issues remain unresolved. Lawyers and judges aren't sure whether software should be protected by copyrights or patents. To complicate matters further, a few third-world nations refuse to abide by international copyright laws.
Look-and-Feel Lawsuits
When it comes to software, nobody is sure exactly what is protected by law. Creating and selling an exact duplicate of a program clearly violates the law, but what about creating a program that has the "look and feel" of a successful software program? So far, judges have issued rulings that suggest this kind of copying is legal, but details vary from case to case.
Trojan Horses
A Trojan horse is a program that performs a useful task, while at the same time carrying out some secret destructive act. Some network saboteurs use Trojan horses to pass secret data to other unauthorized users. To compound the problem, many Trojan horses also carry software viruses.
One type of Trojan horse, a logic bomb, is programmed to attack in response to a particular logical event or sequence of events.
Viruses
A software virus works in the same way as a biological virus, which can invade the cells of another organism and use the reproductive machinery of each host cell to make copies of itself. A software virus spreads from program to program, or from disk to disk, and uses each infected program or disk to make more copies of itself. Virus software is usually hidden in the operating system of a computer or in an application program. Some viruses do nothing but reproduce; others display messages on the computer's screen; still others destroy data or erase disks.
Vaccine (or disinfectant) programs are designed to search for viruses, notify users when they're found, and remove them from infected disks or files.
Worms
Like viruses, worms (named for tapeworms), use computer hosts to reproduce themselves. But unlike viruses, worm programs travel independently over computer networks, seeking out uninfected workstations to occupy. A typical worm segment resides in a workstation's memory rather than on disk, so the worm can be eliminated by shutting down all of the workstations on the network.
Hacking and Electronic Trespassing
In the late 1970s, timesharing computers at Stanford and MIT attracted informal communities of computer fanatics who called themselves hackers. In those days a hacker was a person who enjoyed learning details of computer systems and writing clever programs, referred to as hacks.
Although many people still use the term hacker to describe software wizardry, it more commonly refers to unauthorized access to computer systems. Today's stereotypical hacker, like his early counterparts, is a young, bright, technically savvy, white, middle-class male. But in addition to programming his own computer, he may break into others.
The most famous case of electronic trespassing was documented in Cliff Stoll's best-selling book, The Cuckoo's Egg. While working as a system administrator for a university computer lab in 1986, Stoll traced a 75-cent accounting error to a ring of hackers working for the KGB.
A more recent front-page story involved the 1995 capture of Kevin Mitnick, the hacker who had stolen millions of dollars worth of software and credit card information on the Internet.
Computer security refers to protecting computer systems and the information they contain against unwanted access, damage, modification, or destruction.
According to a 1991 report of the Congressional Research Service, computers have two inherent characteristics that leave them open to attack or operating error:
Physical Access Restrictions
One way to reduce the risk of security breaches is to make sure that only authorized personnel have access to computer equipment. Depending on the security system, you might be granted access to a computer based on
Because most of these security controls can be compromised&endash;keys can be stolen, signatures can be forged, and so on&endash;many systems use a combination of controls.
Passwords
Passwords are the most common tool for restricting access to computer systems. Passwords are effective, however, only if they're chosen carefully and changed frequently.
Access-control software doesn't need to treat all users identically. Many systems use passwords to restrict users so they can open only files related to their work. In many cases users are allowed read-only access to files that they can see but not change.
To prevent unauthorized use of stolen passwords by outsiders, many companies use call-back systems. When a user logs in and types a password, the system hangs up, looks up the user's phone number, and calls back before allowing access.
Firewalls, Codes, Shields, and Audits
Many data thieves do their work without breaking into computer systems; they intercept messages as they travel between computers on networks. Many organizations use firewalls to keep their internal networks secure while allowing communication with the rest of the Internet. In effect, a firewall is a gateway with a lock&endash;the locked gate is only opened for information packets that pass one or more security inspections.
To further protect transmitted information, many government and business organizations use encryption software to scramble their transmissions.
When a user encrypts a message by applying a secret numerical code, called an encryption key, the message can be transmitted or stored as an indecipherable garble of characters. The message can be read only after it's been reconstructed with a matching key. For the most sensitive information, passwords and encryption aren't enough.
Audit-control software is used to monitor and record computer transactions as they happen, so auditors can trace and identify suspicious computer activity after the fact.
Making Backups
For mainframes and PCs alike, the best and most widely used data recovery insurance is a system of making regular backups. For many systems, data and software are backed up automatically onto disks or tapes, usually at the end of each work day.
Most data processing shops keep several generations of backups so they can, if necessary, go back several days, weeks, or years to reconstruct data files. For maximum security many computer users keep copies of sensitive data in several different locations.
Emerging Security Solutions
Security experts are constantly developing new technologies and techniques for protecting computer systems from computer criminals. But at the same time, criminals continue to refine their craft.
Human Security Controls
Ultimately, computer security is a human problem that can't be solved by technology alone. Security is a management issue, and a manager's actions and policies are critical to the success of a security program. An alarming number of companies are lax about computer security.
Computer security measures can create problems of their own. Complex access procedures, virus-protection programs, and other security measures can, if carried too far, interfere with people getting their work done. In the extreme, security can threaten individual human rights.
When Security Threatens Privacy
When security measures are used to prevent computer crime, they usually help protect privacy rights at the same time. But in some cases security and law enforcement can pose threats to personal privacy.
One of the best examples of a new technology that can simultaneously improve security and threaten privacy is the active badge (sometimes called the smart badge). Each badge's code is picked up by a nearby network receiver and transmitted back to a badge-location database that is constantly being updated. Active badges are used for identifying, finding, and remembering.
Justice on the Electronic Frontier
Federal and state governments have responded to the growing computer crime problem by creating new laws against electronic trespassing and escalating enforcement efforts.
Some of the victims of hacker sting operations claim that they broke no laws. Questions have arisen about how civil rights apply on the "electronic frontier." How does the Bill of Rights apply to computer communications? Does freedom of the press apply to on-line magazines in the same way it applies to paper periodicals? Can an electronic bulletin board operator be held responsible for information others post on the BBS?
Even if every law-breaking hacker were arrested, computer crime would still be a major problem. The overwhelming majority of computer crimes are committed by insiders who are seldom reported to authorities, even when they are caught in the act. To avoid embarrassment, many companies cover up the computer crimes committed by their own employees and managers.
Security involves more than criminal activity. Some of the most important security issues have to do with creating systems that can withstand software errors and hardware glitches.
Bugs and Breakdowns
Computer systems, like all machines, are vulnerable to fires, floods, and other natural disasters, as well as breakdowns caused by failure of hardware components. But in modern computers, hardware problems are relatively rare when compared with software failures. By any measure, bugs do more damage than viruses and computer burglars put together.
Many computer professionals expect the year 2000 to produce a bumper crop of problems because for decades programmers commonly built two-digit fields into programs to save storage space. The year 2000 problem&endash;often abbreviated y2k&endash;will almost certainly cost billions of dollars and cause innumerable problems.
Given the state of the art of software engineering today, three facts are clear:
Computers at War
Nowhere are the issues surrounding security and reliability more critical than in military applications. Many modern military applications push the limits of information technology farther than they've ever been before.
Smart Weapons
The United States has invested billions of dollars in the development of smart weapons&endash;missiles that use computerized guidance systems to locate their targets. In theory, smart weapons could greatly reduce the amount of civilian destruction in war, although there's little evidence that this would actually occur in real battles.
One problem with high-tech weapons is that they reduce the amount of time people have to make life-and-death decisions. As decision-making time decreases, the chance of errors increases.
Autonomous Systems
Even more controversial is the possibility of people being left out of the decision-making loop altogether. Yet the trend in military research is clearly toward weapons that demand almost instantaneous responses&endash;the kind of responses that only computers can make.
An autonomous system is a complex system that can assume almost complete responsibility for a task without human input, verification, or decision making. A small error could result in a major disaster.
Is Security Possible?
Because computers do so many amazing things so well, it's easy to overlook the problems they bring with them and to believe that they're invincible. Security procedures can reduce, but not eliminate, risks. In today's fast-moving world, absolute security simply isn't possible.
Rules of Thumb: Practicing Safe Computing
You can protect your computer, your software, and your data from most hazards.
access-control software, active badge, audit-control software, autonomous system
backup, biometrics, computer crime, computer security, encryption, firewall
hacker, intellectual property, logic bomb, smart weapon, software piracy
Trojan horse, vaccine (disinfectant) program, virus, worm, year 2000 problem (y2k)
Computer Literacy On-Line
Shelley Cashman Site | SAM | WebCT | Syllabus | Lecture Outline | Lab Assignments | Glossary | Helpful Links | Home