Information Technology Reference
In-Depth Information
When customers initially link their brokerage accounts to their bank account to allow
the transfer of funds, firms such as E*Trade and Schwab.com use a test procedure to
make micro-deposits of a few cents to a few dollars to the bank account to ensure that
the account numbers and routing information are correct. A hacker took advantage of a
backdoor to this procedure by opening tens of thousands of banking accounts with the
brokerages and linked them to fraudulent brokerage accounts to collect the micro-
deposits. The hacker stole more than $50,000 over six months. 17
Although no one really knows how pervasive cybercrime is, according to the 2007 FBI
Internet Crime Report, 206,844 complaints of crime were perpetrated over the Internet
during 2007 with a dollar value of $240 million in losses. 18 Unfortunately, this represents a
small fraction of total computer-related crimes as many crimes go unreported because com-
panies don't want the bad press or don't believe that law enforcement could help. Such lack
of publicity makes the job even tougher for law enforcement. Most companies that have been
electronically attacked won't talk to the press. A big concern is loss of public trust and
image—not to mention the fear of encouraging copycat hackers.
The Computer Security Institute, with the participation of the San Francisco Federal
Bureau of Investigation (FBI) Computer Intrusion Squad, conducts an annual survey of
computer crime and security. The aim of the survey is to raise awareness of security as well
as to determine the scope of computer crime in the United States. The following are a few
of the highlights of the 2007 Computer Crime and Security Survey based on responses
from 494 companies and government agencies that are members of the Computer Security
Institute 19 :
Financial fraud, followed by virus attacks, is the leading cause of financial loss from
computer incidents.
For the respondents, the average annual loss from computer incidents was $350,424.
A full 46 percent of the respondents said they had suffered a security incident, though
only 29 percent of the respondents reported computer intrusions to law enforcement.
(Surprisingly, 10 percent responded that they did not know if they had been subjected
to an incident.)
The tenth annual InformationWeek Global Information Security survey reveals that the
number one tactical security problem for U.S. companies in 2007 was creating and enhancing
user awareness of security policies. 20
Today, computer criminals are a new breed—bolder and more creative than ever. With
the increased use of the Internet, computer crime is now global. It's not just on U.S. shores
that law enforcement has to battle cybercriminals. Regardless of its nonviolent image, com-
puter crime is different only because a computer is used. It is still a crime. Part of what makes
computer crime so unique and difficult to combat is its dual nature—the computer can be
both the tool used to commit a crime and the object of that crime.
THE COMPUTER AS A TOOL TO COMMIT CRIME
A computer can be used as a tool to gain access to valuable information and as the means to
steal thousands or millions of dollars. It is, perhaps, a question of motivation—many people
who commit computer-related crime claim they do it for the challenge, not for the money.
Credit card fraud—whereby a criminal illegally gains access to another's line of credit with
stolen credit card numbers—is a major concern for today's banks and financial institutions.
In general, criminals need two capabilities to commit most computer crimes. First, the crim-
inal needs to know how to gain access to the computer system. Sometimes, obtaining access
requires knowledge of an identification number and a password. Second, the criminal must
know how to manipulate the system to produce the desired result. Frequently, a critical
computer password has been talked out of a person, a practice called social engineering . Or,
the attackers simply go through the garbage— dumpster diving —for important pieces of
information that can help crack the computers or convince someone at the company to give
social engineering
Using social skills to get computer
users to provide information to
access an information system or its
data.
dumpster diving
Going through the trash cans of an
organization to find secret or
confidential information, including
information needed to access an
information system or its data.
 
Search WWH ::




Custom Search