Computer Crime and Security
Crime in the US
ONE VIOLENT CRIME OCCURS EVERY 22 SECONDS !!!
One aggravated ASSAULT occurs every 28 SECONDS.
One ROBBERY occurs every 47 MINUTES.
One forcible RAPE occurs every 5 MINUTES.
One MURDER occurs every 22 MINUTES.
ONE PROPERTY CRIME OCCURS EVERY 3 SECONDS!!!
One LARCENY-THEFT occurs every 4 SECONDS.
One BURGLARY occurs every 11 SECONDS.
One VEHICLE THEFT occurs every 20 SECONDS.
- 1995 Overall Crime Report, U.S. Department of Justice, Federal Bureau of Investigation, 1996.
- U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services (CJIS) Division, Uniform Crime Reports.
- "FBI: Cybercrime rising - Yet fewer companies reporting incidents", April 8, 2002 Posted: 1:58 PM EDT (1758 GMT), By Daniel Sieberg, CNN Sci-Tech. (local mirror)
Computer Crime
CRIME "TAKES"
(1984 FBI Figures -- would appreciate an update if anyone
has newer figures)
- A Bank holdup netted $1,500
- An embezzlement accrued $15,000
- Computer crime caused $150,000 worth of damage
From "Designing an E-Commerce Security Architecture", by Jody Patilla, Software Magazine, V21, I2, April-May 2001, p. 39, permission requested.
Year 2002 Figures:
DPMA Survey of Computer Crime -- 1985
- 50,000 membership survey
- 21% reported crime in the past three years
- 2.2% reported that crime to the authorities
- Reasons for the crime:
- Ignorance of law -- 27%
- Personal Gain -- 25%
- Playfulness -- 26%
- Malicious -- 22%
- Assets Impacted by Abuse
- Service -- Disruption 7%; Unauthorized Use 42%
- Programs -- 24%
- Data -- 22%
- Hardware -- 5%
Health and Human Services Survey -- 1985
- Profiles of Perpetrator:
- Young
- Good Employees
- New at Job
- College Degree (75%)
- Prior Record (25%)
- Methods Used:
- Exaggerating Data (50%)
- False Claims (25%)
- False Records (25%)
- Reasons:
- Stress
- Boredom
- Temptation
- Lack of Fear
Attack Methods
- Sabotage
- Piggy backing
- Impersonation/Simulation
- Superzapping/Asynchronous Attacks
- Scavenging
- Wire tapping
- Trap doors/Logic Bombs
- Trojan Horses/Viruses
- Data diddling
Access Methods
- Left-open doors
- Known weaknesses
- Electronic tools
- Shoulder surfing
- Internal collaboration
Networking Interconnections
- The risk of intrusion goes up as the square of the number
of connections
TECHNICAL SOLUTIONS
- Restricted access
- Cryptography
- Individual security
Points for concern
- Software development
- Physical protection
- Communication access
- Port protection
- Cryptography
- Emanations
- Audits
Access
- Insert Port Protection Devices in communications system
- Increase physical security
Cryptography
Experience in World War II shows codes CAN be broken
Problems include:
- Message Regularity
- Openness of communication
- But also costs processing time to encode and decode
Open Doors
- When Bell Telephone introduced tone dialing, the advertised
the tones to be used not only for the digits but also for the operator
actions. That led to the development of "blue boxes".
Recommendations
From Parker and Maxfield (1985):
- Improve system security
- Develop laws
- Enforce laws
- Change attitudes
SOLUTIONS
Legal Approaches
- State laws
- Federal laws
- Need definitions of property in electronic systems
- Define concept of trespass
- Need to coordinate penalties
- Define location of crime
- Laws tend only to keep honest people honest
- Restricted use of Social Security Numbers
- Social Security
- Taxation
- Military identification
- Federal prisoner identification
- Errant parent location
- Restricts passing of Federally acquired/required personal
information
- Restricts access to Federal personal information systems
- Provides access to Federal personal information systems
Risk Management
- Reliability
- Defn: The fraction of effective usage
- Security of a special case of reliability
- Reliability depends on good design
- The quantity and quality of built-in redundancy
is directly proportional to
the degree of concern about failure
Software Engineering
- Can it have an effect on reliability?
- Defn: A systematic approach to the initial acquisition
and the subsequent modification of production software
- W. W. Royce: The most difficult problem in software engineering
today
is getting the mistakes out --
if you don't share that view,
you don't know how difficult your job is!
Software Attributes
- Accuracy
- Completeness
- Robustness
- Reliability
- Usability
- Efficiency
- Security
- Understandability
- Testability
- Repairability
- Enhancability
- Reusability
- Portability
Priorities of Properties
|
SYSTEM CHARACTERISTICS
|
PRIORITY ATTRIBUTE
|
|
Human life at risk
|
Reliability
|
|
Long life cycle
|
Understandability
|
|
Classified information
|
Security
|
Levels of Correctness
- Syntactically correct
- Semantically correct
- Correct for a test set
- Correct for obtuse data
- Correct for all valid data
- Correct for all likely data
- Correct for all data
Last Updated 2002/04/10
© J.A.N. Lee, 1995-2002.