PAMANTASAN NG CABUYAO

College of Education, Arts, and Sciences

Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

Course Code: ITE101

Course Title: Living in the IT ERa
Learning Material for Week #: 7
Course Intended Learning Outcomes:
1. Discuss the concepts, frameworks, and components of information and computing
systems.
2. Discuss social, legal and ethical issues in information technology era.
3. Differentiate system and application software; software evolution and function.
4. Identify different computer networks and topologies.
5. Explain emerging technologies in information system.

Computer and Internet Crimes

Lesson Objectives:

1. Recognize the internet and cybercrimes terms introduced in this lesson;

2. Understand the consequences of inappropriate online behavior;
3. Determine what information to share and not to share online;
4. Figure out how to protect their offline identity; and
5. Understand how important it is to protect your personal information online.

Security

Governments, businesses, and people around the world have been affected
immeasurably by the unprecedented advancement force of computer technology. The
already enormous and exponentially growing capacities of electronic storage,
transmission, and rapid manipulation of binary data changed the modern landscape
virtually overnight. However, such fundamental restructuring in the society also resulted
in certain disadvantages, on all levels. Our vulnerability increased with the perceived
value of and reliance on this technology. Increased opportunities for the industrious to
be more productive also allow the less-upright new avenues for malevolence.

The term "computer crime" could reasonably include a wide variety of criminal
offenses, activities, or issues. It can be separated into two categories: (1) crimes
facilitated by a computer; and (2) crimes where the computer is the target.

1
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

The different computer security issues and their effects

We usually keep files containing a month's worth of work or confidential

information in our computers. Protecting these data should be given careful attention.
Almost every day, computer systems are being broken into, or computer viruses turn up
on someone's computer. They are constant threats, making security even more critical.

There are basically three overlapping types of risks:

1. Bugs or misconfiguration problems that allow unauthorized remote users to:
 Steal confidential documents
 Execute commands on the host machine, allowing them to modify the system
 Gain information about the host machine, allowing them to break into the system
 Launch denial-of-service attacks, rendering the machine temporarily unusable

2. Browser-side risks, including:

 Active content that crashes the browser, damages the user's system, breaches
the user's privacy, or merely creates an annoyance
 The misuse of personal information knowingly or unknowingly provided by the
end-user

3. Interception of network data sent from browser to server or vice versa via network
eavesdropping.

The aspects of computer security

There are several aspects of computer security: physical security, viruses, malicious
logic, hacking, internal misuse, and spoofing.

Physical Security – The first and perhaps the easiest rule of computer security.
Everyone knows that you need to lock your doors to keep your TV, refrigerator, and other
appliances safe at home. The same idea applies to your computer as well. We have to
make sure that our computers are attended, watched, or locked behind our doors.

Viruses – Once you've started using your computer, viruses can start working on your
computer too. The computer virus is one of those programs you don't want that usually

2
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

gets sent to you by people through email. But just as there are medicines for common
colds, there are also remedies for computer viruses. Your computer's antibiotic shots
take the form of AntiVirus programs, which you install to combat the viruses. McAffee
and Norton AntiVirus are two commonly used anti-virus programs.

Malicious Logic – This usually affects your computer system while you are on the net.
Commands are frequently present in web pages we visit while surfing the net. Most of
the time, those commands are beneficial and are designed to help keep your visiting
experience a good one. But sometimes, somebody puts in a bad command that will do
something bad to your computer or have some funny side effects. This type of
computer security problem is usually deliberately created. Symptoms may include slow
response time, system crashes, or uncooperative programs.

Hacking – Hackers found ways to exploit holes in operating systems of local and remote
systems. They developed methods to exploit security holes in various computer
systems. As protocols become updated, hackers probe them on a never-ending mission
to make computing more secure. Hackers find and release vulnerabilities in computer
systems which, when not found, could remain secret and one day lead to the downfall
of our computer-dependent society.

Internal Misuse – Occasionally, some people use your computer and some files may
be intentionally or unintentionally deleted. When permanently deleted from the system,
this may mean that you will have to redo the work. System crashes can also occur when
files needed by a program are deleted or altered.

Spoofing – Network spoofing is an ingenious way for an intruder to gain access to the
system. The intruder sets up a program that impersonates the sign-on routine of another
system. When you attempt to login to the system, the intruder's program collects your
password, then returns a message that the system is unavailable. Users usually defeat
this by regularly changing their passwords so that the collected passwords may no
longer work by the time the intruder tries to gain access to your system.

The following is a list of some of the noted computer crimes committed over the
past years:

 The Morris Worm (November, 1988) – Robert Morris released what has become

3
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

known as the Internet Worm. This was the first large-scale attack on the Internet and the
worm infected roughly 10 percent of the machines then connected to the Internet and
caused an estimated $100 million damages. The worm carried no malicious payload,
the program being obviously a “work in progress,” but it did wreak havoc since it
continually re-infected computer systems until they could no longer run any programs.
The worm took advantage of known vulnerabilities in several programs to gain access
to new hosts and then copy itself over.

 Citibank and Vladimir Levin (June-October, 1994) – Levin reportedly

accomplished the break-ins by dialing into Citibank’s cash management system. This
system allowed clients to initiate their own fund transfers to other banks.

 Kevin Mitnick (February, 1995) – Mitnick admitted to having gained unauthorized

access to a number of different computer systems belonging to companies such as
Motorola, Novell, Fujitsu, and Sun Microsystems. He also admitted to having used stolen
accounts at the University of Southern California to store proprietary software he had
taken from various companies.

 Omega Engineering and Timothy Lloyd (July, 1996) – The program that run on
July 30 deleted all the design and production programs for the company, severely
damaging the small firm and forcing the layoff of 80 employees.

 Jester and the Worcester Airport (March, 1997) – Airport services to the FAA
control tower as well as the emergency services at the Worcester Airport and the
community of Rutland, Massachusetts were cut off for a period of six hours. This
disruption occurred as a result of a series of commands sent by a teenage computer
hacker who went by the name “jester”.

 Solar Sunrise (February, 1998) – A series of computer intrusions occurred at a

number of military installations in the U.S. Over 500 domain name servers were
compromised during the course of the attacks. Making it harder to track the actual origin
of the attacks was the fact that the attackers made a number of “hops” between different
systems, averaging eight different systems before arriving at the target.

 The Melissa Virus (March, 1999) – Melissa is the best-known early macro type
viruses that attach themselves to documents for programs that have limited macro
programming capability. The virus, written and released by David Smith, infected about

4
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

a million computers. Melissa, which clogged networks with the traffic it generated and
caused problems for email servers worldwide, was attached to Microsoft Word 97 and
Word 2000 documents. If the user opened the file, the macro will run, causing it to infect
the current host and send itself to the first 50 addresses in the individual’s address book.

 The Love Letter Worm (May, 2000) – Also known as the “ILOVEYOU” virus and
the “Love Bug,” was written and released by a Philippine student named Onel de
Guzman. The worm was spread via email with the subject line of “ILOVEYOU.” The virus
spread via email attachments. When the receiver ran the attachment, it searched the
system for files with specific extensions in order to replace them with copies of itself.

 The Code-Red Worm (2001) – This infection took only 14 hours to occur. The
worm took advantage of a buffer-overflow condition in Microsoft’s IIS web servers. The
worm itself was memory resident so simply turning off an infected machine eliminated it.

 Adil Yahya Zakaria Shakour (August, 2001-May, 2002) – Shakour admitted to

having accessed several computers without authorization, including a server at Eglin Air
Force Base, computers at Accenture, a computer system at Sandia National
Laboratories, and a computer at Cheaptaxforms.com.

 The Slammer Worm (2003) – It exploited buffer- overflow vulnerability in

computers running Microsoft’s SQL Server or Microsoft SQL Server Desktop Engine.
Slammer-infected hosts were generating a reported 1TB of worm-related traffic every
second. The worm doubled its number of infected hosts every 8 seconds.

 July 2009 cyberattacks – These were a series of coordinated cyberattacks against

major government, news media, and financial websites in South Korea and the United
States. The first wave of attacks occurred on July 4, 2009 and the last wave of attacks
began on July 9, 2009.

 Shamoon (2012) – It is a computer virus discovered in 2012 that attacks

computers running the Microsoft Windows operating system. It is also known as
Disttrack. Shamoon is capable of wiping files and rendering several computers on a
network unusable.

5
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

There are a number of different threats to security and these are the following:

 Viruses and Worms – A virus is a self-replicating program that spreads by inserting

copies of itself into other executable code or documents. A worm is a type of
malware and is a self-replicating program similar to a virus. Its difference to a virus
is that it does not attempt to conceal itself in other programs but is a stand-alone
program. As of mid-2004, instances of worms written for mobile telephones have
emerged, focusing on distribution via Bluetooth and Wi-Fi connections. Given the
popularity of mobile telephones, it is likely that the number of telephone worms may
increase.

 Intruders – The act of deliberately accessing computer systems and networks

without authorization is generally referred to as hacking. It also applies to the act of
exceeding one’s authority in a system. This includes authorized users who attempt to
gain access to files or obtain permissions that they have not been granted.

A script kiddie is a derogatory term for inexperienced crackers who use scripts
and programs developed by others for the purpose of compromising computer accounts
and files, and for launching attacks on whole computer systems. Elite hackers are people
who are not only capable of writing scripts to exploit known vulnerabilities, but also
capable of discovering new ones.

 Insiders – They have the access and knowledge necessary to cause immediate
damage to an organization. They may also have all the access they need to perpetrate
criminal activity such as fraud. Moreover, they have knowledge of the security systems
in place and will be better able to avoid detection.
 Criminal Organizations – Attacks by criminal organizations can fall into the
structured threat category, which is characterized by a greater amount of planning, a
longer period of time to conduct the activity, more financial backing to accomplish it, and
possibly, corruption of or collision with insiders.

 Terrorists and Information Warfare – An information warfare is conducted

against information and information processing equipment used by an adversary.

6
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

Computer security and network security

Computer security is the effort to create a secure computing platform, designed so that
agents (users or programs) can only perform actions that have been allowed. This
involves specifying and implementing a security policy. The actions in question can be
reduced to operations of access, modification, and deletion. Computer security can be
seen as a sub field of security engineering, which looks at broader security issues in
addition to computer security.

Network security is a protection of networks and their services from unauthorized

modification, destruction, or disclosure, and provision of assurance that the network
performs its critical functions correctly and there are no harmful side-effects.

CIA of Security

The original goal of computer and network security is to provide confidentiality,

integrity, and availability. Confidentiality refers to the security principle that states that
information should not be disclosed to unauthorized individuals. Integrity is the security
principle that requires information to not be modified except by individuals authorized to
do so. Availability applies to hardware, software, and data. All of these should be
present and accessible when the subject (the user) wants to access or use them.
As a result of the increased reliance on networks for commerce, authentication, and non-
repudiation have been added to the original CIA of security. Authentication deals with
the desire to ensure that an individual is who they claim to be. On the other hand, non-
repudiation deals with the ability to verify that a message has been sent and received
and that the sender can be identified and verified the security principles. The three ways
an organization can choose to address the protection of its networks are:
- ignore security issues,
- provide host security, and
- approach security at a network level.

Host security focuses on protecting each computer and device individually instead
of addressing protection of the network as a whole the emphasis of network security is
placed on controlling access to internal computers from external entities.

The concept of least privilege is applicable to many physical environments as

7
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

well as network and host security. Least privilege means that an object should have only
the necessary rights and privileges to perform its task, with no additional permissions.

Issue in least privilege concept is the security context in which an application runs.
All applications, scripts, and batch files run in the security context of a specific user on
an operating system. They will execute with specific permissions as if they were a user.

Layered Security

It is important that every environment have multiple layers of security. Those

layers may employ a variety of methods such as routers, firewalls, network segments,
Intrusion Detection Systems (IDSs), encryption, authentication software, physical security,
and traffic control. The layers need to work together in a coordinated manner so that one
does not impede another’s functionality and introduce a security hole.

The layers are depicted, usually, starting from the top, with more general types of
protection, and progressing downward through each layer, with increasing granularity at
each layer as you get closer to the actual resource. This is because the top-layer
protection mechanism is responsible for looking at an enormous amount of traffic, and it
would be overwhelming and cause too much of a performance degradation if each
aspect of the packet were inspected.

Diversity of defense is a concept that complements the idea of various layers of

security. It means making the layers dissimilar so that if one layer is penetrated, the next
layer won’t be penetrated by the same method.

Access is the ability of a subject to interact with an object. Access controls refers to
devices and methods used to limit which subjects may interact with specific objects.
Authentication mechanisms ensure that only valid users are provided access to the
computer system or network.

The following are the various methods to implement access controls:

 Discretionary Access Control – It is a means of restricting access to objects

based on the identity of subject and/or groups to which they belong. The controls are
discretionary in the sense that a subject with certain access permission is capable of

8
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

passing that permission (perhaps indirectly) on to any other subject (unless restrained
by mandatory access control).

 Mandatory Access Control – It is a means of restricting access to objects that is

based on fixed security attributes assigned to users and to files and other objects. The
controls are mandatory in a sense that they cannot be modified by users or their
programs.

 Role-Based Access Control – It is an alternative to traditional access control

models (e.g., discretionary or non-discretionary access control policies) that permits the
specification and enforcement of enterprise-specific security policies in a way that maps
more naturally to an organization's structure and business activities.

Health Issues

Many computer-related health problems are minor and caused by a poorly

designed work environment. Keyboards and computer screens may be fixed in place or
difficult to move. Desks and chairs may also be uncomfortable. The computer screen
may be hard to read, with problems of glare and poor contrast. The hazardous activities
associated with these unfavorable conditions are collectively referred to as work
sensors. Although these problems may not be of major concern to casual users of
computer systems, continued stressors such as eyestrain, awkward posture, and
repetitive motion, may cause more serious and long-term injuries. If nothing else, these
problems can severely limit productivity and performance.

The study of designing and positioning computer equipment, called ergonomics,

has suggested a number of approaches to reduce these health problems. Ergonomics
is an approach which puts human needs and capabilities at the focus of designing
technological systems. The objective of ergonomics is to ensure that humans and
technology work in complete harmony, with the equipment and tasks aligned to human
characteristics. Another goal is to have “no pain” computing. The placement and design
of computer tables and chairs, the positioning and design of display screens, and the
slope of the keyboard have been carefully studied. Flexibility is a major component of
ergonomics and an important feature of computer devices. People of differing sizes and
preferences require different positioning of equipment for best results. Some people, for
example, want to have the keyboard in their laps; others prefer to place the keyboard on

9
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

a solid table. Because of these individual differences, computer designers are attempting
to develop systems that provide a great deal of flexibility.

Different essential implications to achieve productivity, efficiency, safety, and health in

work setting.

Ergonomics has various applications to everyday domestic situations, but there

are even more essential implications for productivity, efficiency, safety and health in work
settings. Here are the following examples:

 Designing equipment and work arrangements to improve working posture and

ease the load on the body, thus reducing instances of Repetitive Strain Injury/Work
Related Upper Limb Disorder.

 Information design, to make the interpretation and use of handbooks, signs, and
displays easier and less error-prone.

 Designing equipment and systems including computers, so that they are easier to
use and less likely to lead to errors in operation – particularly important in high stress
and safety-critical operations such as control rooms.

 Designing working environments, including lighting and heating, to suit the needs
of the users and the tasks performed. Where necessary, design of personal protective
equipment for work and hostile environments.

 Design of training arrangements to cover all significant aspects of the job

concerned and to take account of human learning requirements.

 The design of military and space equipment and systems – an extreme case of
demands on the human being.

 Designing tasks and jobs so that they are effective and take account of human
needs such as rest breaks and sensible shift patterns, as well as other factors such as
intrinsic rewards of work itself.

In developing countries, the acceptability and effectiveness of even fairly basic

technology can be significantly enhanced.

10
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

The multi-disciplinary nature of ergonomics, sometimes called ‘Human Factors’,

is immediately obvious. The ergonomist works in teams which may involve a variety of
other professions: design engineers, production engineers, industrial designers,
computer specialists, industrial physicians, health and safety practitioners, and
specialists in human resources. The overall aim is to ensure that our knowledge of
human characteristics is brought to bear on practical problems of people at work and in
leisure. We know that, in many cases, humans can adapt to unsuitable conditions, but
such adaptation leads often to inefficiency, errors, unacceptable stress, and physical or
mental cost.
Trace the origins of ergonomics.

Ergonomics, a relatively new branch of science, celebrated its 70th anniversary

in 2019. It relies on research carried out in many other older, established scientific areas,
such as physiology, psychology, and engineering.

It originated in World War 2, when scientists designed advanced, new, and

potentially improved systems without fully considering the people who would be using
them. It gradually became clear that systems and products would have to be designed
to take account of many human and environmental factors if they are to be used safely
and effectively. This awareness of people’s requirements resulted in the discipline of
ergonomics.

The checklist for a user-friendly workstation.

Example of a user-friendly workstation

11
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

The following are equipment checklist for a User-Friendly Workstation:

Buying Tips
 Ask for equipment that meets American National Standards Institute (ANSI)
standards. These are ergonomic standards applicable to computer terminals, associated
furniture, and the work environment.
 Try equipment out before purchasing whenever possible.

Computer Terminal
 Easy to use brightness and control knobs
 No perceptible screen flicker
 Detachable keyboard
 Reduced electromagnetic fields (EMF) emissions
 Tiltable screen
 Character size at least 3/16" Chair
 Back provides firm lower and mid-back support.
 Adjustable arm rests, if needed to prevent shoulder fatigue.
 Seat and back easily adjustable for height and tilt from seated position without use
of tools.
 Seat upholstered and padded curves down at front edge.
 Five (5) casters for stability. Table
 Easily adjustable from seated position without use of tools
 Bi-level to allow independent adjustment of screen and keyboard
 Adequate leg room
 Adequate table top space for required tasks

12
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

Accessories (As Needed)

 Foot rest for users whose feet don’t rest flat on the floor
 Adjustable keyboard tray, if table is too high
 Wrist rest that is padded, movable, same height as keyboard home row
 Document holder adjustable to screen height
 Glare screen with grounding wire
 Lumbar support cushion, if chair doesn’t support lower back
 Telephone headset
 Task lighting

Reduce Glare to Avoid Eyestrain

 Lower lighting level to about half of normal office lighting
 Avoid placing computer directly under a bank of lights
 Avoid light shining directly into your eyes or onto your screen
 Use window curtains or blinds if necessary
 Position screen at right angle to window
 Hold a mirror in front of your screen to identify sources of glare
 Use task lighting if necessary

Information Ethics

Ethics is a set of principles which involves systematizing, defending, and

recommending concepts of right and wrong behavior.

Information ethics can be regarded as part of normal business ethics since to do

otherwise would mean that normally unethical acts might be all right via computer.
Therefore, a definition of information ethics should start with a definition of business
ethics. Business ethics is the “code of morals of a particular profession” and “the
standards of conduct of a given profession”. Since morals are “principles if right and
wrong in conduct”, information ethics, therefore, can be defined as an agreement among
information systems professionals to do right and to avoid wrong in their work.

Four unique information systems attributes addressed by information ethics

Information ethics is a specific application of business ethics to information systems.

13
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

Thus, they may be mistakenly assumed to be identical to business ethics. However,

information ethics addresses issues unique to information systems. The following are
the four (4) unique I.S. attributes:

 Location – With a computer, an unethical act can be committed from many

locations. As an example, consider a bank robbery. Stealing cash requires the criminal
to be at the bank. On the other hand, an illicit electronic fund transfer (EFT) may occur
from any telephone with the use of a terminal and a modem. Thus, I.S. weakens location
as a hindrance to unethical behavior. Because of this, we need to see the value of their
adherence to high ethical standards in the face of relaxed constraints.

 Time – Information systems make it possible to commit unethical acts quickly.

Consider the same example, bank robbery. To steal cash “manually” from a bank
requires time to threaten people, obtain the cash, and elude capture. Also, the criminal
must be present when the crime is committed in order to commit it. However, to rob a
bank via unauthorized EFT requires only a few seconds to issue the computer command.
Furthermore, that command can contain a delay so as to be carried out at any time
convenient for the criminal. Thus, I.S. weakens the time element as an obstruction to
unethical behavior. We must therefore understand that their individual integrity becomes
a much more important issue than might otherwise be the case.

 Separation of Act from Consequences – Most people feel guilty when they see
someone hurt by their actions. In a bank robbery’s case, many people who want the
bank’s money would never actually rob the bank because doing so would hurt the
legitimate depositors—or because doing so might result in violence and injury (possibly
even to the robber). That is, undesirable consequences of an unethical act often deter
people from behaving unethically.

However, if the bank is robbed electronically, all sorts of rationalization are

possible. Computer criminals may steal only a part of any given transaction, deceiving
their selves that the theft is negligible. They may feel “legitimate” because they need
not frighten or threaten anyone—and because they need not be frightened or be
threatened by anyone else. It is, thus, easy for them to forget that they are still stealing
substantial sums of money and that the victims will still feel frightened and threatened
when they discover the loss.

14
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

Thus, a most subtle difference between electronic ethics breaches and “in-person”
misbehavior is that the consequences of the act are separated from the act itself. Given
this, I.S. professionals require an acute sense of ethics and possibly a lively imagination
as well.

 Individual Power – Would-be criminals often need help to misbehave. In the case
of the bank robbery, the criminal would likely need the (unwilling) cooperation of a teller
to stuff the cash in a bag; a get-away car and driver might also be needed to elude
capture. However, illicit EFT can be performed without help; the criminal has the power
to commit the crime alone. Again, I.S. weakens a formerly potent barrier to unethical
behavior—the need for collusion. Integrity among I.S. professionals, hence, becomes all
the more important.

Privacy refers to the right of people to not reveal information about them. It is the right
to keep personal information, such as personal email messages, medical histories,
student records, and financial information from getting into the wrong hands. However,
information technology puts constant pressure on this right. The issue of privacy is
important because data about an individual can be collected, stored, and used without
that person’s knowledge or consent.

The right to privacy at work is also an important issue. Some experts believe that there
will be a collision between workers who want their privacy and companies that demand
to know more about their employees. Recently, companies that have been monitoring
their employees have raised concerns. Workers may find that they are being closely
monitored via computer technology. These computer-monitoring systems tie directly into
computerized workstations; specialized computer programs can track every keystroke
made by user. This type of system can determine what workers are doing while at the
keyboard. The system also knows when the worker is not using the keyboard or
computer system. These systems can estimate what a person is doing and how many
breaks he or she is taking. Obviously, many workers consider this type of supervision
very dehumanizing.

Email also raises some interesting issues about work privacy. Federal law allows
employers to monitor email sent and received by employees. Furthermore, email
messages that have been erased from hard disks may be retrieved and used in lawsuits
because the laws of discovery demand that companies produce all relevant business

15
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

documents. Alternatively, the use of email among public officials may violate “open
meeting” laws. These laws, which apply to many local, state, and federal agencies,
prevent public officials from meeting in private about matters concerning the state or
local area.

Information Accuracy
For information to be accurate, it must be error-free, complete, and relevant to decisions
that are to be based on it. Professional integrity is one of the guarantors of information
accuracy. An ethical approach to information accuracy calls for the following:

a. Individuals should be given an opportunity to correct inaccurate information held

about them in database.
b. Databases containing data about individuals should be reviewed at frequent
intervals, with obsolete data discarded.
c. System safeguards, such as control audits, are necessary to maintain information
accuracy. Regular audits of data quality should be performed and acted upon.
d. A professional should not misrepresent his or her qualifications to perform a task.
e. A professional should inform his or her employer what consequences to expect if
his or her judgment is overruled.

Accessibility
Access to files, both online and offline, should be restricted only to those who have a
legitimate right to access – because they need those files to do their jobs. Many
organizations keep a transaction log that notes all accesses or attempted accesses to
data. Most LAN management software includes this function.

Property
Many networks have audit controls to track which files were opened, which programs
and servers were used, and so on. This creates an audit trail, a record of how a
transaction was handled from input through processing and output.

The following are the computer crime laws:

 Fair Credit Reporting Act of 1970 (FCRA). Controls operations of credit-reporting
bureaus, including how they collect, store, and use credit information.

 Freedom of Information Act of 1970. Ensures access of individuals to personal

16
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

data collected about them and about government activities in federal agency files.

 Tax Reform Act of 1976. Regulates the collection and use of certain information
by the Internal Revenue Service.

 Rights to Financial Privacy Act of 1978. Regulates government access to certain

records held by financial institutions.

 Electronic Funds Transfer Act of 1979. Enumerates the responsibilities of

companies that use electronic funds transfer systems, including consumer rights and
liability for bank debit cards.

 Computer Matching and Privacy Act of 1988. Regulates cross-reference between

federal agencies’ computer files.

 Video Privacy Act of 1988. Prevents retail stores from disclosing video rental
records without a court order.

 Telephone Consumer Protection Act of 1991. Limits telemarketers’ practices.

 Cable Act of 1992. Regulates companies and organizations that provide wireless
communication services, including cellular phones.

 Computer Abuse Amendments Act of 1994. Prohibits transmissions of harmful

computer programs and code, including viruses.

 Children’s Online Privacy Protection Act of 1998. Establishes standards for sites
that collect information from children. Its purpose is to prohibit unfair or deceptive acts
or practices in connection with the collection, use, or disclosure of personally
identifiable information from and about children on the Internet.

 Education Privacy Act. Restricts collection and use of data by federally funded
educational institutions, including specifications for the type of data collected, access
by parents and students to the data, and limitations on disclosure.

17
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

The following are the federal computer crime laws:

 Copyrights Law. Sets standards on copyrights and computer programs.

 Fraud and False Statements Law. Standards against fraud and related activity in
connection with access devices and computers.

 Espionage and Censorship. Sets standards in gathering, transmitting, or losing

defense information.

 Mail Fraud Law

o General prohibition on pen register and trap and trace device use
o Pen Registers and Trap and Trace Devices
o Standards against fraud by wire, radio, or television
o Standards against Interception and disclosure of wire, oral, or electronic
communications prohibited
o Wire and Electronic Communications Interception and Interception of Oral
Communications

Tips in preventing crimes on the Internet

Internet security can include firewalls and a number of methods to secure financial
transactions. A firewall includes hardware and software combinations that act as a
barrier between an organization’s information system and the outside world. A number
of systems have been developed to safeguard financial transactions on the Internet.

The following tips can be taken to help prevent crime on the Internet:
 Use of stand-alone firewall, including hardware and software with network
monitoring capabilities.

 Use Internet security specialists to perform audits of all Internet and network
activities.

 Develop effective Internet and security policies for all employees.

18
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

 Monitor managers and employees to make sure they are using the Internet for
business purposes only.

Even with these precautions, computers and networks can never be completely
protected against crime. One of the biggest threats is from employees. Some believe
that 60 percent or more of all computer attacks come from employees or managers
inside the company. Although firewalls provide good perimeter control to prevent crime
from the outside, procedures and protection measures are needed for personnel.
Passwords, identification numbers, and tighter control of employees and managers also
help prevent Internet-related crime. The theft of computer time is more common than
you might think. One example is when people use their employer’s computer time to play
games. Some also run sideline businesses. The biggest abuse, however, is probably
wasting time with electronic mail and the Internet. One analysis of e-mail logs of three
companies (IBM, Apple, At&T) found their employees visited Penthouse magazine
website 12,823 times in a single month. This is based on an average visit of 13 minutes
that works out to 347 eight-hour days, a considerable loss of work time.
Theft of telephone services has increased significantly. For example, high-tech
thieves use sophisticated radio scanners to pluck out of the air the phone numbers and
electronic serial numbers broadcast by cellular phones. These numbers are then
programmed into the microchips of other phones – a fraud called “cloning” – that enables
illegal users to make calls that are charged to innocent users. As a result, cellular phone
companies lose an estimated $2 million dollars every day.

Data alteration/theft

Data and information are valuable corporate assets. The intentional use of illegal
and destructive programs to alter or destroy data is as much a crime as destroying
tangible goods. Most common of these types of programs are viruses and worms, which
are software programs that, when loaded into a computer system, will destroy, interrupt,
or cause errors in processing. There are more than 53,000 known computer viruses
today, with more than 6,000 new viruses and worms being discovered each year.

Some viruses and worms attack personal computers, while others attack network
and client/server systems. A personal computer can get a virus from an infected disk,
an application, or e-mail attachments received from the Internet. A virus or worm that
attacks a network or client/server system is usually more severe because it can affect

19
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

hundreds or thousands of personal computers and other devices attached to the

network. Workplace computer virus infections are increasing rapidly because of several
viruses spread through e-mail attachments.

Malicious access

Crimes involving illegal system access and use of computer services are a
concern to both government and business. Federal, state, and local government
computers are sometimes left unattended over weekends without proper security, and
university computers are often used for commercial purposes under the pretense of
research or other legitimate academic pursuits. A 28-year-old computer expert allegedly
tied up thousands of US West computers in an attempt to solve a classic math problem.
The individual reportedly obtained the passwords to hundreds of computers and diverted
them to search for a new prime number, racking up ten years of computer processing
time. The alleged hacking was discovered by a US West Intrusion Response Team after
company officials noticed that computers were taking up to five minutes to retrieve
telephone numbers, when normally they require only three to five seconds. At one point,
customer calls had to be rerouted to other states, and the delays threatened to close
down the Phoenix Service Delivery Center.

Since the outset of information technology, computers have been plagued by

criminal hackers. A hacker is a person who enjoys computer technology and spends
time learning and using computer systems. A criminal hacker, also called a cracker, is a
computer-savvy person who attempts to gain unauthorized or illegal access to computer
systems. In many cases, criminal hackers are people who are looking for fun and
excitement – the challenge of beating the system.

Classification of computer viruses

The two most common types of viruses are application viruses and system viruses.

Application viruses infect executable application files, such as word processing

programs. When the application is executed, the virus infects the computer
system. Because these types of viruses normally attach themselves to
application files, they can often be detected by checking the length or size of the
file. If the file is larger than it should be, a virus may be attached.

20
 PAMANTASAN NG CABUYAO
College of Education, Arts, and Sciences
Katapatan Subd. Banay-Banay, City of Cabuyao, Laguna

A system virus typically infects operating system programs or other systems files.
These files of viruses usually infect the system as soon as the computer is started.

Another type of program that can destroy a system is a logic bomb, an application or
system virus designed to “explode” or execute at a specified time and date. Logic bombs
are often disguised as a Trojan horse, a program that appears to be useful but actually
masks the destructive program. Some of these programs execute randomly; others are
designed to remain inert in software until a certain code is given. When it detects the
cue, the bomb will explode months, or even years, after being “planted”.

A macro virus is a virus that uses an application’s own macro programming language
to distribute itself. Unlike the viruses mentioned earlier, macro viruses do not infect
programs, they infect documents. The document could be a letter created using a word
processing application, a graphics file developed for a presentation, or a database file.
Macro viruses that are hidden in a document file can be difficult to detect. As with other
viruses, however, virus detection and correction programs can be used to find and
remove macro viruses.

21