There are many types of threats facing information systems. Accidents, software errors, hardware failures, or environmental influences such as fire may affect business’ operation. Each e these threats requires proper planning and range of activity.
Perpetrator of criminal threats may be control. Malicious threats also cover wide insider or external to organization. Activity may be from an individual, loosely it group, organized criminal elements, Corporations, or governments. While motive and criminal threats is important in evaluating risk, any attack against information Infrastructure of business can cause severe disruption and may result in loss of funds, productivity, market share, or reputation.
Criminal activity against information systems is growing. This increase is due in part to :
- Traditional business targets of crime are increasingly moving to computer- based operations.
- General knowledge of basic computer concepts and possibilities for exploitation are becoming pervasive within public.
- Increased connectivity and ineffective security controls allow greater access to information and services while providing anonymity.
- Some elements of stereotype amateur “hacker” are evolving into more criminally motivated activities.
Almost every type of crime in physical world has or probably soon will have an online, computer-based counterpart. In fact, networks become another tool to further criminal goals. With this said, there are several fundamental criteria for most profit motivated criminals to use information systems.
Information systems provide low level of authentication and therefore higher degree anonymity. This lessens chance of arrest in some cases, even detecting that crime has occurred.
Today, criminal activity against information systems can be categorized as follows :
- Low-Level Intruders –
This group images up subset of stereotypical “hacker”. These individuals may evolve from online trespass and vandalism to more criminal activity such as theft of information, extortion, and credit card fraud. In addition, this group is pool of potential resources for more conditional criminal elements to exploit either directly or indirectly.
For example, in 1995, loosely knit group of low-level “hackers” was arrested for using computer systems to steal credit card numbers. These numbers were sold to European-based organized crime groups for telecommunication fraud.
- For-Profit Fraud –
Online activity of this group is highly variable and may include scams, extortion, deceptive advertising. theft, securities fraud or illegal fund transfers. Many of these çases are classified as computer assisted crimes. In other words, information systems are used as tool, not target.
For example, document fraud was involved in multi-million dollar case involving theft from pair of California banks last year using desktop publishing software and equipment to create false payroll checks.
- Organized Crime –
Many elements of organized crime are recognizing that they need to understand and use information systems to maintain their traditional level of influence and revenue. Motivation for organized crime to become involved in high technology information systems goes beyond simple fraud and extortion to include surveillance of law enforcement, money laundering, and secure and anonymous communication.
- Fringe Groups – Political, Religious, and Anarchists –
Although this group rarely has fraudulent motives, there has been an increased use of information systems by some groups to further their agendas. Most of attacks in this arena have in solved either theft of information or denial of service attacks.
A recent example was attempt by German Chaos Computer Club to disrupt French telecommunications and Internet infrastructures to protest French Nuclear Testing.
- Industrial Espionage and Sabotage –
Because few companies report cases of industrial espionage, accurate statistics are difficult to produce.
- International Espionage and Information Warfare –
Several well documented cases have come to light of national intelligence agencies gathering economic information to assist their nation’s businesses in competitive situations. Some of methods for gathering this information have extended into attempts to access information and communication systems.
- Terrorism –
Several indicators have been discovered that traditional terrorist organizations are viewing information systems as both potential tools and targets. In particular, ability to gather targeting information from credit records, financial institutions and healthcare providers appears to be an increasing threat recently demonstrated by IRA.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.