Page 333 -
P. 333
332 Part Two Information Technology Infrastructure
Computer Crime
Most hacker activities are criminal offenses, and the vulnerabilities of systems
we have just described make them targets for other types of computer crime
as well. In November, 2010, New York resident George Castro was charged
with grand larceny for allegedly stealing nearly $4.5 million from Columbia
University over the course of two months. Castro had added a TD Bank account
belonging to him as a payee in the Columbia University Medical Center's
accounts payable system (El-Ghobashy, 2010). Computer crime is defined by
the U.S. Department of Justice as “any violations of criminal law that involve
a knowledge of computer technology for their perpetration, investigation, or
prosecution.” Table 8.2 provides examples of the computer as both a target and
an instrument of crime.
No one knows the magnitude of the computer crime problem—how many
systems are invaded, how many people engage in the practice, or the total
economic damage. According to the Ponemon Institute’s Second Annual Cost of
Cyber Crime Study sponsored by ArcSight, the median annualized cost of cyber-
crime for the organizations in the study was $5.9 million per year (Ponemon
Institute, 2011). Many companies are reluctant to report computer crimes
because the crimes may involve employees, or the company fears that publiciz-
ing its vulnerability will hurt its reputation. The most economically damaging
kinds of computer crime are DoS attacks, introducing viruses, theft of services,
and disruption of computer systems.
Identity Theft
With the growth of the Internet and electronic commerce, identity theft has
become especially troubling. Identity theft is a crime in which an imposter
obtains key pieces of personal information, such as social security identification
numbers, driver’s license numbers, or credit card numbers, to impersonate some-
one else. The information may be used to obtain credit, merchandise, or services
in the name of the victim or to provide the thief with false credentials.
TABLE 8.2 EXAMPLES OF COMPUTER CRIME
COMPUTERS AS TARGETS OF CRIME
Breaching the confidentiality of protected computerized data
Accessing a computer system without authority
Knowingly accessing a protected computer to commit fraud
Intentionally accessing a protected computer and causing damage, negligently or deliberately
Knowingly transmitting a program, program code, or command that intentionally causes damage to a
protected computer
Threatening to cause damage to a protected computer
COMPUTERS AS INSTRUMENTS OF CRIME
Theft of trade secrets
Unauthorized copying of software or copyrighted intellectual property, such as articles, books, music, and
video
Schemes to defraud
Using e-mail for threats or harassment
Intentionally attempting to intercept electronic communication
Illegally accessing stored electronic communications, including e-mail and voice mail
Transmitting or possessing child pornography using a computer
MIS_13_Ch_08 Global.indd 332 1/17/2013 3:10:20 PM
