Issues of Computer Security, Term Paper Example

Internet Crime and particularly illegal entry into other computer systems i.e. hacking is deemed to be a Federal Offence in the USA and falls under the investigative jurisdiction of the Federal Bureau of Investigation (FBI).  Criminal computer hacking has been legally defined as any person who willingly and knowingly commits an act of cyber terrorism, credit card fraud, malicious vandalism, identity theft or other cyber-crime by hacking into a Corporate or Government system.  Such criminal acts are treated very seriously in the USA and will be subject to harsh penalties.  Such intrusions are capable of creating a tremendous amount of malicious damage. They may potentially threaten national security, may cause serious service disruptions e.g. hospitals, emergency services etc.  May create economic and financial instability by intrusions to Banks or large Corporate Offices.

One such example is that of David Smith a computer hacker launched the Melissa Virus in March of 1999. The virus that he placed into the internet spread to over 1.2 million computers causing an estimated $80 million in financial damages to businesses. Smith was convicted of computer hacking and the courts sentenced him to 40 years in prison.  He was release some 20 months later after agreeing to work with the FBI in their fight against cyber-crime. (Criminal Law Lawyer Source, 2011).

Garry McKinnon in the UK has been found guilty of hacking into 96 US Military and Defence systems and could face up to 70 years imprisonment. He is currently awaiting extradition from the UK.  In general terms’ hacking is a form of cyber terrorism and as such is a criminal act. There is no legal justification for this and even those individuals that attempt this for an intellectual challenge are breaking the law.  It is not only a gross invasion of privacy but a complete act of irresponsibility that potentially can unleash very serious and grave consequences for the public.

The only ethical concept of permitting hacking within a computer security firm might be that of testing a computer firewall or security system in place.  The services of a hacker may prove useful in probing and testing for points of vulnerability.  Mobile and wireless devices were particularly vulnerable and had gaping security breaches in them. Hackers working in a controlled environment were able to identify these and thus compile a dossier on the vulnerabilities and weaknesses of the system.  The FBI have seen fit to use Hackers that they have turned from the dark side to the light and as such use their services to help track and locate other hackers that are involved in criminal activities. Similarly security firms can use such teams in order to check the robustness of their security systems.

A person ethically engaged as a hacker to improve Computer Security is termed a ‘White Hat’  This is the only legitimate means of ethical responsibility for hacking. Such conditions may be applied as follows:

• The work will be monitored under the supervision of the security firm and the tests carried out under strict supervision
• Such vulnerabilities and intrusions will be logged and reported. The White Hat undertakes to commit no harm or malicious act as a result of the testing
• The testing will be confined to the security parameters laid down
• The White Hat will sign a confidentiality agreement not to disclose any information resulting from the security testing
• The White Hat will carefully document all aspect of the security tests being carried out together with a detailed results report
• The White Hat will make recommendations as to how security improvements might be made by improved security protocols.

Perhaps most people think of computer hacking as the ability to decipher code and invade other systems through the internet.  Unfortunately some of the worst recent incidents have been amazingly simple.  Consider the massive amount of damage that was caused by Wiki Leaks where 90,000 classified military documents were downloaded onto a USB pen drive and smuggled out of a secure establishment.  The leak of this information into the media was an act of insane criminal irresponsibility and may have resulted in putting thousands of active duty service men and women in harm’s way.  Media Companies need to be more responsible in the handling of such information.  The freedom of the press and publishing sensationalist material must have some bounds.  The view that the people have a right to know what is going on is not realistic where Defence or National Security information is concerned.  It is an act of social responsibility and a duty to the country and those who serve the country in the military.  –It was Mike Mullen of the Joint Chiefs of Staff who announced in Iraq that leaked US military documents place soldiers’ lives at risk(Knickerbocker, 2010)

Gawker Media are a San Francisco based firm that have a reputation for outspoken sensationalist material with little concern for social responsibility.  It enables the collection of people’s blogs and the distribution of these through other social media sites like Facebook and Twitter.  In this instance they were the victims of a hacker who intruded their systems and extracted a large amount of information from their database that included names, addresses, e-mail addresses,  passwords, source code, internal chats and even gateways into other personal accounts. A group called gnosis claimed responsibility for the attack. The obvious danger here is that of identity theft and possible fraudulent use of credit card information.

There are also more sinister implications in terms of what this information could be used or exploited for. (Jason, 2010)

The following factors should be considered in a computer security breach:

Protection of the Assets:  Includes recording of assets, insurance coverage of assets, secure environment of assets, and back-up of assets;

Disaster Recovery:  Disaster Recovery Plan (emergency plan), Business Continuity Plan, security of secondary site;

System Security:  Access to the systems, Password protection, control of authorized users (restrictions), security of information (data vaults, secure back-up site);

Corporate Security policy:  Ensuring that corporate security policy measures are carried out and enforced.

In recent years there have been a number of serious incidents that give rise to concern.  Surveys have illustrated that many firms risk assessments have shown them vulnerable to loss of data incidents. Further, few firms actually monitor the effectiveness of their security procedures. (Financial Services Authority, 2008).  What has made this a nightmare for the security manager is the fact that data can be easily copied onto small storage devices, laptop and portable computers.  This has intensified the need for improved security techniques over data and particularly that of data encryption.One method being the increased use of data encryption which uses algorithms and mathematical constructs to scramble the data into a non-readable format and can only be decrypted by having the relevant unlock key.(Spamlaws, 2009).

Computer Security is normally classified into the following areas, as such enabling isolation of any potential breach

• Management Services: Management of the computer risks and security of information technology in the firm. The function works closely with the IT Executive of the Bank and Head of Internal Audit. The objective to ensure that all corporate security policies are properly carried out and fully implemented.
• Operational Services: These are more focused upon the human interface and the controls that are the responsibility of people.  Automated control functions are also examined. It is the man/machine interface and the security controls of same.
• Technical Services: Focuses on the in depth security controls within the overall Information Technology and computer systems of the banks. Ensuring there are no loop holes or potential breaches in security for any potential breach:

Re: Security Breach

We regret to advise that the firm was recently the victim of a security breach.  An external hacker penetrated our security system and gained access to a number of client information files.  We have now formally requested a police fraud squad investigation into this matter in order to track down and apprehend the perpetrators of this act.  In the interim we have upgraded the security levels across the entire system; this has included data encryption across all of the customer data files.  In the meantime we will keep you fully updated on additional measures that will be taken to further enhance the system security measures

Regards,  F.Olson  Security Manager

Works Cited

Criminal Law Lawyer Source. (2011). Computer Hacking. Retrieved 5 27, 2011, from Criminal Law Lawyer Source: http://www.criminal-law-lawyer-source.com/terms/computer-hacking.html

Financial Services Authority. (2008). Data Security in. London: Financial Services Authority.

Jason, M. (2010, 12 14). Daily Tech. Retrieved 5 27, 2011, from Gawker Media Suffers Massive Data Breach Courtesy of Gnosis: http://www.dailytech.com/Gawker+Media+Suffers+Massive+Data+Breach+Courtesy+of+Gnosis/article20384.htm

Knickerbocker, B. (2010, 7 9). WikiLeaks: How did the Pentagon lose track of 91,000 documents? Retrieved 5 27, 2011, from Christian Science Monitor: http://www.csmonitor.com/USA/Military/2010/0729/WikiLeaks-How-did-the-Pentagon-lose-track-of-91-000-documents

Spamlaws. (2009). What is data security. Retrieved 8 20, 2010, from Spam Laws: http://www.spamlaws.com/data-security.html