Computer Security - Part 3
More Essay Examples on Computer Rubric
The following paper explores the security issues that are highlight prominent on the internet nowadays - Computer Security introduction. Two main case studies are discussed where the computer security came under threat from the malicious behavior and actions of the third parties. The cases that are analyzed in the paper pertain to the theft of credit card information and identity in the United States from hackers who gained illegal access to the systems of nine major retailers in the US. The other case that is discussed as part of this paper is that pertaining to the Storm worm which was launched in 2007 and managed to infect 10 million computers due to the unsuspecting nature of the email to which the Trojan was attached
Credit/ Debit Card Theft and Fraud
The use of credit cards and debit cards has increased incrementally in the market which is supported by the consumerist nature of the citizens of the United States. The number of credit cards transactions that are conducted on the internet as a result have also significantly increased which have increased the likelihood of online credit/ debit card frauds and online credit/ debit card identity theft. “In 2000, North American e-merchants lost an average 3.6 percent of their sales to stolen or fraudulent credit cards. In 2007, that figure was down to 1.4 percent, according to the 2008 “Online Fraud Report” by CyberSource, a major credit card payment gateway.” (Meacham, 2008)
Essentially anyone who transacts online using their debit and credit cards for paying for their online purchases is open to the credit card fraud and the theft of their credit. Debit card records. The companies and online retailers do provide protection to the customers by providing a secure portal though which they can conduct their transaction. However efficient and skilled hackers who have knowledge about how the computer networks and the systems work are able to access the secure systems, and bypass the simple security measures to access the transactions records from which it is easy to extract the customer credit card information. This information can be resold by the hackers to others who can use the cards online to make purchases illegally while being underground. This is the main threat of conducting payment based transactions over the internet where the company keeps a record of the customer information as this information can be accessed by the skilled perpetrators. The following section depicts a case where a large ring of credit card theft perpetrators were exposed and tried for their theft of credit card information worth millions of dollars from the nine major retailers in the United States.
Case Involving Hacking of Customer Credit Card Information and Credit Card Fraud
A prominent case involving theft of credit card identity and computer fraud had nine major retailers in the United States being targeted by a group of 11 people who managed to steal and then sell 40 million card numbers in the market. The incident involved the theft team stealing the customer records specifically the credit card numbers form the online computer systems of the main retailers of “TJX Cos, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW” (Associated Press, 2008). This was done through the use of sophisticated techniques of hacking into computer systems, conducting security breaches as well as installing malware and software which extracted financial data from the payments systems and customer record files. The credit cards that were involved in the case pertained to both VISA based as well as Master Card debit and credit cards. “The heist was a black eye for retailers like TJX. The company, which initially disclosed the data breach in January 2007, said a few months later that at least 45.7 million cards were exposed to possible fraud in a breach of its computer systems that began in July 2005. Court filings by some banks that sued TJX put the number of cards affected at more than 100 million, based on estimates by officials with Visa and MasterCard, who were deposed in the suit”(Associated Press, 2008). The result of the incident was that the online retailers faced losses worth millions of dollars along with lack of credibility about their security systems and networks, therefore losing the trusts if the consumers conducting transactions online using their credit card.
What Went Wrong in the Case
The case depicts that the hackers were able to gain unauthorized access into the online payment systems and records of the popular retailers like TJK, Wholesale Club, OfficeMax and Barnes and Noble from where they stole customer information and the credit card numbers which were in turn resold in the market to those who seek such products and services. The main issues that are highlighted by this case are the lack of sufficient protection measures taken by the companies/ retailers involved as well as the vulnerability of the computer systems. Moreover the lack of supervision and transaction supervision by the VISA and the MasterCard also contributed greatly to the theft of the credit card records and the credit card fraud by the hackers as the institutions were unable to pinpoint and detect the fraud at the early stages of its occurrence. This enabled the theft to escalate to nine retail stores from where credit card information worth millions was stolen as a result.
Official Proceedings/ Follow-up and Proposed Recommendations
The credit card theft through the internet in the case had a profound negative impact on all the parties concerned including the banks, the retailers involved as well the customers whose credit card information was stolen by the hackers. The court proceedings for the computer crime resulted in the perpetrators being convicted while the retailers were compensated for their losses by the credit card/ debit card issuing companies like VISA and MasterCard. “In May, TJX said it won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from the data breach. A similar agreement reached last November with Visa-card issuing banks also was overwhelmingly approved. That agreement set aside as much as $40.9 million to help banks cover costs including replacing customers’ payment cards and covering fraudulent charges.” (Associated Press, 2008)
However if the crime was detected at an earlier stage with the level of loss faced by all the parties highlighted above would have been significantly small, and many of the customers who were injured by this crime would have been saved from the trouble of the theft of their credit card information through the online payment systems of the nine prominent online stores. The initiatives that could have been implemented include implementing protectionist measures and security software which protect the data stored in the online systems pertaining to customer records and their credit card information. Additional anti-hacking software, as well as firewalls that prevent intrusion from outside sources and third parties like hackers could have been set up which give off an alarm or signal to indicate if any breach does occur to the company and the credit/ debit card issuing authority. Similarly the VISA and MasterCard could have been more diligent in their supervision of the transactions being made to determine the fraudulent transactions being made from the original transactions.
The virus attacks are very common since the year 2000 due to the development of the internet technology and the advancement of the communication interactions. Through the internet it has become easier for people to share data, files and multimedia items with others, and this characteristic of the innovative communication system has made its easier for the malicious parties to launch and disperse malicious software and viruses on the internet as well.
The computer virus attacks through emails have the virus attached either to the email or present in a latent hidden form in an executable file attached with then email. Usually provocative and curious emails are embedded with such viruses in order to ensure that people open and view the mails and even run the executable files where present. The antivirus programs and software like McAfee and Norton have formed alliances with the email service providers like Yahoo and Hotmail which automatically scan the emails for viruses and suspicious programs. However now the computer viruses are becoming more intelligent as the hackers and the malicious intruders are developing viruses which are undetectable by the antivirus software. The following section depicts Storm worm case where a Trojan virus was dispersed through an email attachment which went undetected by the antivirus software.
Case Involving Virus Attacks
One of the recent occurrences of a mass virus attack took place in 2007 in the form of a email virus was the Storm email based virus which affected about 10 million computers. An email was sent out embedded with the virus with the subject line highlighting a natural weather disaster and calamity stating ‘230 dead as storm batters Europe’. This was a very timely set up subject line as the emailed was rolled out 15 hours after the strike of a similar storm in the Central Europe which rendered trust of the targets in the Trojan embedded email. The innocent and the seemingly non-suspicious nature of the subject line made the email traverse through the inbox of the people as they opened and forwarded the emails to their peers. This resulted in a global infection of the virus in the computer systems through the networks
The case involved the creation of a botnet where the people who opened the email attachment became a part of the botnet without knowing it and contributed to the spread of the virus. The storm was a Trojan based virus which affected thousands of computers all around the world under the cover of an email. It included an “executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.” (Kawamoto, 2007)
What Went Wrong in the Case
The Storm virus was highly potent and its latent hidden nature prevented it from being detected by the anti virus programs and the spyware detecting software. The threat that was posed by the storms virus was that “worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.” (Schneier, 2007) The seeming unsuspicious email acted as an ant colony with different duties assigned to the program content. Moreover the virus has the potential and the characteristic to stay hidden and inactive for long period of time which made it not depict any symptoms associated with viruses. Instead the virus was hidden and silent and its stealth was undetected by the prominent anti virus programs and security systems installed for protecting the personal computers. This was the main reason why the Storm virus was able to traverse through the computers on the network in a rapid pace while remaining undetected by the masses.
A number of protection measures are provided when dealing with email based viruses. The most important and the simplest of them all is to avoid any opening any mails that are unclear or not sent by an authentically identifiable sources about which the receiver is not knowledgeable about. The curiosity of the receiver is the main cause for the spread of such email based viruses but restricting the action of opening unknown mails can greatly help in reducing the thereat of such emails. Aside from this where attachments are present as per the Storm worm case carrying suspicious software and Trojan viruses, such unknown attachments should not be opened at all as they present a significant amount of risk to the security of the computers. The malware and the viruses are being made intelligent to go undetected by the anti-virus programs. The anti-virus programs should also be made to be intelligent as well in order to effectively manage the threat of such intelligent malwares.
Conclusively it can be depicted that the internet medium of communication cannot be made secure to a 100 percent as even through developments in computer and network security are made, the parties with malicious intent also get intelligent and attain new knowledge which they use to devise ways around the security measures set up to protect computer and network safety. This was depicted through the two cases analyzed in the case pertaining to credit card information theft and the case if the Storm worm virus. The only way around this is to continuously develop and improve the computer security thorough intelligent antispyware and antivirus programs.
Associated Press, (2008), 11 Charged In Connection With Credit Card Fraud Case Believed To Be Largest Of Its Kind Ever Prosecuted By Justice Dept., MSNBC Online, retrieved July 20, 2009 from http://www.msnbc.msn.com/id/26041151/
Kawamoto, D., (2007), ‘Storm worm’ rages across the globe, CNET News, retrieved July 20, 2009 from http://news.cnet.com/Storm-worm-rages-across-the-globe/2100-7349_3-6151414.html
Meacham, J.D., (2008), Credit Card Fraud: How Big Is The Problem, retrieved July 20, 2009 from http://www.practicalecommerce.com/articles/720-Credit-Card-Fraud-How-Big-Is-The-Problem-
Panko, R.R., (2003), Corporate Computer and Network Security, Prentice Hall
Schneier, B., (2007), The Storm Worm, retrieved July 20, 2009 from http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html