1 / 30

The Computer Misuse

The Computer Misuse. Definition. The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed in 1990. CMA is designed to frame legislation and controls over computer crime and Internet fraud. The legislation was created to: Criminalize unauthorized access to computer systems.

amma
Download Presentation

The Computer Misuse

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Computer Misuse

  2. Definition The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed in 1990. CMA is designed to frame legislation and controls over computer crime and Internet fraud. The legislation was created to: • Criminalize unauthorized access to computer systems.

  3. Computer Misuse Act 1990 • 4 key points you need to learn/understand/revise

  4. Computer Misuse Act - Reasons • No laws specifically to deal with computer crime prior to 1990 • The Misuse Act is often labeled “anti-hacking legislation” • It was enacted to respond to the growing threat of hacking to computersystems and data • Previously hacking was not illegal in theUK. Act now covers much more.

  5. Levels of Offence • The Act specifies 3 levels of offence • In summary these are:- • Unauthorised Access • Unauthorised access with intent to commit another offence • Unauthorised modification of data (writing viruses comes under this level)

  6. Penalties • Unauthorised Access (level 1) is called a summary offence and penalties are limited to 6 months imprisonment and/or a maximum fine of £5000 • The other two offences (levels 2 and 3) are more serious and carry jail terms of up to 5 years and unlimited fines

  7. Example 1 • A student hacks into a college database to impress his friendsunauthorised access • Later he decides to go in again, to alter his grades, but cannot find the correct fileunauthorised access with intent • A week later he succeeds and alters his gradesunauthorised modification of data

  8. Example 2 • An employee who is about to made redundant finds the Managing Director’s password; logs into the computer system using this and looks at some confidential filesunauthorised access • After asking a friend, he finds out how to delete files and wipes the main customer databaseunauthorised modification • Having received his redundancy notice he goes back in to try and cause some damage but fails to do sounauthorised access with intent...

  9. Prosecutions A disgruntled IT supplier hacked estate agency website and replaced pictures of houses with Animals pictures. £1250 fine. Ex-employee stole 1,700 customer records on backup tape before setting up competitive PC networking company. Conditional discharge and £15 fine Ex-employee made unauthorised use of his former employer's Mercury telephone account to make "free" calls. £900 fine

  10. Problems • However, prosecutions under the Computer Misuse Act are rare for a number of reasons • Offences difficult to prove • Evidence difficult to collect - firms do not co-operate with police • Firms embarrassed by hacking - particularly banks • Employees often simply sacked/demoted • Police lack expertise; time; money • Offence perceived as ‘soft crime’ no one injured/hurt

  11. SCOPE Computer Crime Trends Definition of Computer Crime Case Studies Computer Misuse Act

  12. INTRODUCTION Computer Crimes Trend No. of reported cases relatively low Increasing trend 1993/1994 - 1 1995 - 3 1996 - 7 1997 - 37 1998 - 116 1999 - 185

  13. INTRODUCTION Definition of Computer Crime When there is unauthorized access into a computer system in order to : Destroy data or programs Commit other offences

  14. CASE STUDY ONE The Perfect Computer CrimeSystem Analyst used Trojan horse program to capture colleagues password and used it to modify the Lucky Draw Program. Also gained root access whilst auditing computer system and replaced Lucky Program with fake program that allowed 3 friends to ‘win’ $485,000

  15. CASESTUDYTWO Crashing of Factory Computer SystemDisgruntled system administrator inserted logic bomb that replaced system files with damaged files during backup process. Also used another logic bomb to time backing up process while he was on holiday. Caused entire company’s system to crash and halted production lines. After his dismissal, he asked a computer illiterate colleague to crash system files.

  16. CASE STUDY THREE Smart Card Scam - Managers of Cinema Chain modified Daily Cashiers’ Reports on computer system and siphoned off cash. Also topped up used Smart cards illegally and sold them to cinema touts. Enlisted help of a computer service engineer to load program into a branch so as to further the crime.

  17. CASE STUDY FOUR Distribution of user-ids and passwords - Two youths stole user-ids and passwords of unsuspecting users of an ISP during a sessions and displayed the user-ids and passwords on a web site stating that the ISP’s system security had been breached.

  18. CASE STUDY FOUR Hacking of Television's Stations web-site Two teenagers obtained illegal access to a Television Station web-site by accident and modify several of the web pages with “hacker slogans”.

  19. LESSONS LEARNT Lack of • Physical Security • Electronic Security • Good Security Practices • Regular System Audit • Computer Incident Management

  20. COMPUTER MISUSE ACT Section 3 - Unauthorised Access to Computer Material Section 4 - Access with Intent to Commit or Facilitate Commission of Further Offence Section 5 - Unauthorised Modification of Contents of Computer

  21. COMPUTER MISUSE ACT Section 6 - Unauthorised Use/Interception of Computer Service Section 7 - Unauthorised obstruction of Use of Computer Section 8 - Unauthorised Disclosure of Access Code Section 9 - Enhanced punishments - Territorial Scope

  22. International Co-operation • Asian Working Party (Computer Crime) • Links with • FBI • Hong Kong • Malaysia • Taiwan • Sweden • U.K.

  23. COMPUTER CRIME INVESTIGATIONS Report Lodging What to prepare? Who should do the reporting?

  24. COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Interviews (Facts gathering) Complainant / Victims System Administrators Customer Service Engineer Other Witnesses

  25. COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Evidence Collection Physical evidence (eg computer system, storage media) Supporting evidence (eg system logs, callerID records)

  26. COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Evidence Analysis Forensic laboratory and staff for examination of storage media Technical Support from Industry experts Vendors’ information

  27. COMPUTER CRIME INVESTIGATIONS Implications of Police Investigation’ • Evidence in police custody till conclusion of the case • Commitment of time and resources • Adverse publicity

  28. PREVENTION & INCIDENT MANAGEMENT Setting up a Security Team Implement Preventive Measures Incident Management

  29. PREVENTION & INCIDENT MANAGEMENT Preventive Measures Simulation Exercises Tracking software/hardware for bugs & vulnerabilities

  30. PREVENTION & INCIDENT MANAGEMENT Incident Management - Respond swiftly Collation of essential information and facts Gathering of evidence caller id records, system access logs

More Related