COMPUTER AND INTERNET CRIME
QUESTIONS TO CONSIDER
1. Peter Gumble, European editor for Fortune magazine, comments, "Kerviel is a stunning example of a trader breaking the rules, but he's by no means alone. One of the dirty little secrets of trading floors around the world is that every so often, somebody is caught concealing a position and is quickly - and quietly - dismissed... [This] might be shocking for people unfamiliar with the macho, high-risk, high-reward culture of most trading floors, but consider this: the only way banks can tell who will turn into a good trader and who even the most junior traders to take aggressive positions. This leeway is supposed to be matched by careful controls, but clearly they aren't foolproof." What is your reaction to this statement by Mr. Gumble?
Answer:
When first starting to trade, you need to manage risk and to trade a well defined trading plan with clearly specified entry and exit strategies. You need a detailed risk management plan and a detailed money management plan. No building is built without a plan. Why would you attempt to trade without a detailed trading plan? Often the reason is that novice traders want to believe that a charting program or a trading program in itself will give them unlimited money.
2. What explanation can there be for the failure of SocGen's internal control system to detect Kerviel's transactions while Eurex detected many suspicious transactions?
Answer:
Jérôme Kerviel had put together a first portfolio (A) composed of futures and representing the evolution of the European stock indexes (Eurostoxx, Dax, FTSE….) while at the same time he was establishing a second portfolio (B) composed of warrants which had the same characteristics as those of the futures but with a different value, these variances in value explain the losses or the gains of such activities. Because of their close characteristics, these two portfolios compensate each other and lower the market risks. Société Générale had established internal controls to manage these risks. The fraud committed by Jérôme Kerviel has consisted of evading internal controls or making them inefficient. Jérôme Kerviel had registered and then cancelled fictitious transactions in the second portfolio. The fictitious transactions were registered in Société Générale systems but were economically unreal.
Within the framework of this fraud the financial instruments of portfolio (A) were seemingly compensated with the fictitious operations accommodated within portfolio (B) which showed only a very little residual risk. He gave to his fictitious operations some characteristics which limited the opportunities of control. He usurped computing access codes belonging to operators to cancel certain operations. He falsified the documents allowing him to justify his fictitious operations. He made sure that his fictitious operations related to a financial instrument different from those which he had just canceled to avoid control.
http://www.hg.org/article.asp?id=6028
Discussion Questions
1. Identify and briefly discuss four reasons why computer incidents have become more prevalent.
Answer:
Programming style while typos in the program code are often caught by the compiler, a bug usually appears when the programmer makes a logic error. Various innovations in programming style and defensive programming are designed to make these bugs less likely or easier to spot. In some programming languages, so-called typos, especially of symbols or logical/mathematical operators, actually represent logic errors, since the mistyped constructs are accepted by the compiler with a meaning other than that which the programmer intended. Programming techniques Bugs often create inconsistencies in the internal data of a running program. Programs can be written to check the consistency of their own internal data while running. If an inconsistency is encountered, the program can immediately halt, so that the bug can be located and fixed. Alternatively, the program can simply inform the user, attempt to correct the inconsistency, and continue running. Development methodologies There are several schemes for managing programmer activity, so that fewer bugs are produced. Many of these fall under the discipline of software engineering (which addresses software design issues as well). For example, formal program specifications are used to state the exact behavior of programs, so that design bugs can be eliminated. Unfortunately, formal specifications are impractical or impossible for anything but the shortest programs, because of problems of combinatorial explosion and indeterminacy [disambiguation needed]. Programming language support Programming languages often include features which help programmers prevent bugs, such as static type systems, restricted name spaces and modular programming, among others. For example, when a programmer writes (pseudo code) LET REAL_VALUE PI = "THREE AND A BIT", although this may be syntactically correct, the code fails a type check.
2. A successful distributed denial-of-service attack requires downloading software that turns unprotected computers into zombies under the control of the malicious hacker. Should the owners of the zombie computers be fined as a means of encouraging people to better safeguard their computers? Why or Why not?
Answer:
So, why do you need security? There are several reasons:
To prevent loss of data: You don’t want someone hacking into your system and destroying the work done by your employees (and remember, the hacking doesn’t have to be direct, it can be a computer virus, worm, or Trojan horse sent out against random targets). Even if you have good back-ups, you still have to identify that the data has been damaged (which can occur at a critical moment when an employee has an immediate need for the damaged data), and then restore the data as best you can from your backup systems. Downtime to fix damage costs you money. A lesser example of this category is when the data isn’t completely lost, but just partially corrupted.
To prevent corruption of data: A lesser example of loss of data is when the data isn’t completely lost, but just partially corrupted. This can be harder to discover, because unlike complete destruction, there is still data. If the data seems reasonable, you could go a long time before catching the problem, and cascade failure (where failure in one system taakes down an adjoining system, which in turn takes down another adjoining system) could result in serious problems spreading far and wide through your systems before discovery. Tracking down the initial problem could take substantial effort, delaying your ability to restore your systems from backups (and complicating the back-up, because some parts will be bad before other parts are).
To prevent compromise of data: Sometimes it can be just as bad (or even worse) to have data revealed than to have data destroyed. Imagine the consequences of key trade secrets, corporate plans, financial data, etc. ending up in the hands of your competitors. Or imagine sensitive personal data (such as pay records or other employee records) becoming public.
To prevent theft of data: Some kinds of data are subject to theft. An obvious example is the list of credit card numbers belonging to your customers. Just about anything associated with money can be stolen.
To prevent sabotage: A disgruntled employee, an unscrupulous competitor, or even a stranger with a mean streak could use any combination of the above activities to maliciously harm your business. Because of the thought and intent, this is the most dangerous kind of attack, the kind that has the potential for the greatest harm to your business.
3. Do you believe that spam is actually harmful? Why or why not?
Answer:
Yes!!! Spam can hurt people, companies and the Internet. Here are three reasons why:
- Phishing: Spam emails are often used in order to engage in phishing - a practice in which links are used to collect personal information (financial data, social security numbers, account information) from unsuspecting users. That information can then be used for Identity Theft.
- Malware: Another harmful thing that spam emails often include is malware - computer viruses, spyware, and malicious programs that can silently infiltrate a user's computer and cause major problems. Simply by clicking on a link, you can expose yourself (and your computer) to harmful viruses that can affect the functioning of your computer.
- Loss of Productivity:While checking and deleting spam emails can be annoying, it is the time consumption and loss of productivity that really costs you.
4. How ca installations of a firewall give an organization a false sense of security?
Answer:
Firewalls can be one of the most effective forms of computer security. In order to do this, they need to be configured properly, by someone with intimate knowledge both of the network and of computer security in general. Too many large organizations will buy a firewall, have it installed, and leave it at that. They feel that just because the firewall is "out there" that they will be safe.
5. Some IT security personnel believe that their organizations should always employ whatever resources are necessary to capture and prosecute criminals. Do you agree? Why or why not?
Answer:
In today’s digital world, many organizations heavily rely on computers to run their businesses efficiently every day. Without a good functioning of the computer systems, these organizations wouldn’t be able to deliver goods and services adequately. On large scale, the national or world economy would feel the pain of the disruptions. Just imagine the impact of a disruption of computers in a bank, at a school, at the airport or even in a supermarket!
Each organization must protect its major assets. There are no more valuable assets for any organization than information and data stored in computers. Should these assets be stolen, destroyed or mishandled, the organization will have tremendous difficulties to survive or to be trusted by the public. Consequently, anybody who would try to harm the organization through its computer system should be dealt with in the most aggressive way.
Discussion Questions
1. There are some who think that the techniques tools used in the Dark Web project could be used in a way that could negatively affect our way of life. The executive director of the Electronic Privacy Information Center, Marc Rotenberg fear "the very same tools that can used to track terrorist can also be used to track political opponents. " What are some negative ways such tools can be used against U.S citizens? Do you think that this is reasonable fear?
Answer:
All tools and techniques are really useful but it only depends on how the user uses it or handles it. Yes, it is reasonable fear because we are all a user of technology in order o make things possible but there is also a negative way that can also make other people miserable because of this there some people using this for blackmailing and other destructive intentions.
2. Identify three positive ways that this technology could be used to improve the performance organizations or to help us i our daily lives.
Grand Casino, Las Vegas - Mapyro
TumugonBurahinGrand Casino Hotel, Las 울산광역 출장샵 Vegas. Mapyro, Nevada. 3.9 mi (9.6 대구광역 출장안마 km) from Las 충청남도 출장안마 Vegas 논산 출장샵 Convention and Visitors Authority 포항 출장샵 Building; 13.2 mi (10 km) from McCarran Convention