Jason Wood Feb. 16, 2001 Copyright (c) 2001 by Jason A. Wood (woodja@ieee.org). This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). COMPUTER CRIME New technologies bring new bandits. When ships became popular mode of transfer of property, people became pirates. Today the high seas have become digital. People are now becoming pirates or crackers in the digital age. They are attempting to compromise the security of systems for personal gain, whether financial, psychological, or otherwise. In order to protect digital information and the illegal modification of that data, such as bank transfers there needs to be an increase of protective measures. Just like there is no one governing body of the oceans, there is no one governing body of the Internet, at least at the level of sovereignty and punishment of illegal activity. The responsibility comes down to the individual company or person to protect their own data. Technologies such as encryption algorithms and certificates of authenticity are making this easier. One of the greatest problems that exists today is assumption of security. It is assumed that email, phone conversations, and any number of other digital transactions are secure. The greatest harm comes when a consumer buys a product from a vendor and lets it run without taking minimal security precautions. A couple of computers running RedHat Linux where compromised at Lehigh this past year when professors installed the system with an assumption of security. They failed to turn off insecure services and install vendor security patches. This often happens not out of shear ignorance, but rather lack of attention to security and the threats it posses. I am involved in a free ISP that provides dialup, email, and web hosting services to non-profit agencies and individuals. We recently had a security hole that I discovered. We had a guest user account, which allowed people to sign up for our service. When we upgraded our system we forgot about the guest account, which got handled like an ordinary user and anyone logging in on the guest account was able to have the same privileges as a registered user. About 20 people had logged on to account, including the security staff of the University providing our Internet connection. We heard nothing from anyone that the problem existed. Had they informed us of the problem we could have prevented potentially damaging effects. Good communication between technology providers can help limit attacks. I found the US News and World Report article (http://www.usnews.com/usnews/issue/970602/2crac.htm) very stimulating and made it very clear of the potential dangers of the Internet if things are not properly secured. When "script kiddies" or "warez doodz" are able to compromise highly secured government web sites and computer systems, a very real problem exists. It would be much too easy for a foreign government to hire one of these kids to obtain information for them. The next important issue in regard to computer crime is punishment. As we discussed near the end of class some of the punishments seem to harsh, while the worst criminals go unscathed. More money should be pumped into preventing attacks rather than attacking the attackers with high cost jail sentences. The sentences themselves would in the eyes of the court to be an incentive not to pick up the hobby of cracking into systems. In fact, for many of the already social dissidents who engage in these activities these punishments act as an incentive to do more and do it with more stealth. The current punishments also do not meet the crime. As a person who watches litigation of computer crimes and is interested in the level of fairness that they are carried out, I have observed that unfair sentences create a stronger sense of community and disapproval of government, increasing potential problems. Like many of the other topics that we have and will discus this semester, like intellectual property, computers are changing the world. Connectivity, the network effect, and information availability are going to require governments, organizations, and individuals to change there way of dealing with certain issues. Computer crime is certainly one of the issues that needs to be dealt with. Its ability to cross national borders and ability to occur at any time will require new laws for dealing with crime. It will also require a level of respect to arise between hackers and governing bodies. Each alerting the other of possible dangers and violations. Through cooperation and responsibility computer crime can be controlled.