Sunday, May 10, 2015
What Year Is This?
The first excerpt discusses the relationship between the computer and the criminal.
"The impersonality of the computer and the fact that it symbolizes for so many a system of uncaring power tend not only to incite efforts to strike back at the machine but also to provide certain people with a set of convenient rationalizations for engaging in fraud or embezzlement. The computer lends an ideological cloak for the carrying out of criminal acts.
Computer crime... also holds several other attractions for the potential lawbreaker. It provides intellectual challenge -- a form of breaking and entering in which the burglar’s tools are essentially an understanding of the logical structure of and logical flaws inherent in particular programming and processing systems. It opens the prospect of obtaining money by means that, while clearly illegal, do not usually involve taking it directly from the till or the cashier’s drawer...
Other tempting features of computer crime, as distinct from other forms of criminal activity, are that most such crimes are difficult to detect and that when the guilty parties are detected not much seems to happen to them. For various reasons, they are seldom intensively prosecuted, if they are prosecuted at all. On top of these advantages, the haul from computer crime tends to be very handsome compared with that from other crimes."
The second excerpt describes the attitudes of corporate computer crime victims.
"The difficulties of catching up with the people who have committed computer crimes is compounded by the reluctance of corporations to talk about the fact that they have been defrauded and by the difficulties and embarrassments of prosecution and trial. In instance after instance, corporations whose assets have been plundered -- whose computer operations have been manipulated to churn out fictitious accounting data or to print large checks to the holders of dummy accounts -- have preferred to suffer in silence rather than to have the horrid facts about the frailty of their miracle processing systems come to public attention.
Top management people in large corporations fear that publicity about internal fraud could well affect their companies’ trading positions on the stock market, hold the corporations up to public ridicule, and cause all sorts of turmoil within their staffs. In many cases, it seems, management will go to great lengths to keep the fact of an internal computer crime from its own stockholders...
The reluctance of corporations to subject themselves to unfavorable publicity over computer crimes is so great that some corporations actually seem willing to take the risk of getting into trouble with the law themselves by concealing crimes committed against them. Among independent computer security consultants, it is widely suspected that certain banks, which seem exceptionally reluctant to admit that such a thing as computer fraud even exists in the banking fraternity, do not always report such crimes to the Comptroller of the Currency, in Washington, when they occur, as all banks are required to do by federal law. Bank officers do not discuss the details of computer crime with the press... [A] principal reason for this kind of behavior is the fear on the part of the banks that such a record will bring about an increase in their insurance rates."
The third excerpt talks about the challenges of prosecuting computer crime.
"In addition to the problems of detecting and bringing computer crimes to light, there are the difficulties of effectively prosecuting computer criminals. In the first place, the police, if they are to collect evidence, have to be able to understand precisely how a crime may have been committed, and that usually calls for the kind of technical knowledge that is simply not available to most police departments...
Another difficulty is that not only police and prosecutors but judges and juries must be able to find their way through the mass of technical detail before they can render verdicts and hand down decisions in cases of computer crime, and this alone is a demanding task. In the face of all the complexities involved and all the time necessary to prepare a case that will stand up in court, many prosecutors try to make the best accommodation they can with the defendant’s lawyers by plea bargaining, or else they simply allow the case to fade away unprosecuted. If they do bring a case to trial, they have the problem of presenting evidence that is acceptable to the court.
The fourth excerpt mentions "sophistication" -- a hot topic!
To somebody looking at the problem of computer crime as a whole, one conclusion that seems reasonable is that although some of the criminal manipulators of computer systems have shown certain ingenuity, they have not employed highly sophisticated approaches to break into and misuse computer systems without detection. In a way, this fact in itself is something of a comment on the security of most existing computer systems: the brains are presumably available to commit those sophisticated computer crimes, but the reason that advanced techniques haven’t been used much may well be that the haven’t been necessary."
The fifth excerpt briefly lists possible countermeasures.
"The accelerating incidence of computer-related crimes -- particularly in the light of the continuing rapid growth of the computer industry and the present ubiquity of electronic data-processing systems -- raises the question of what countermeasures can be taken within industry and government to prevent such crimes, or, at least, to detect them with precision when they occur...
In addition to tight physical security for facilities, these [countermeasures] included such internal checks within a system to insure data security as adequate identification procedures for people communicating with the computer... elaborate internal audit trails built into a system, in which every significant communication between a user and a computer would be recorded; and, where confidentiality was particularly important, cryptography..."
Now based on what you have read, I'd like you to guess in which decade these excerpts were written? By answering the survey you will learn the publication date.
I'll leave you with one other quote from the manuscript:
The fact is, [a security expert] said, that “the data-security job will never be done -- after all, there will never be a bank that absolutely can’t be robbed.” The main thing, he said, is to make the cost of breaching security so high that the effort involved will be discouragingly great.