U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

FINDING HIDDEN COMPUTER CRIME

NCJ Number
49627
Journal
Security Management Volume: 22 Issue: 4 Dated: (APRIL 1978) Pages: 16-18
Author(s)
R V JACOBSON
Date Published
1978
Length
3 pages
Annotation
EXISTING KNOWLEDGE OF COMPUTER CRIME IS EXAMINED TO SEE WHAT CONCLUSIONS MAY BE DRAWN ABOUT THE EXTENT OF UNDETECTED COMPUTER CRIME.
Abstract
NINETEEN BASIC CATEGORIES HAVE BEEN IDENTIFIED IN WHICH A DATA PROCESSING APPLICATION CAN BE MANIPULATED TO STEAL ASSETS OR INFORMATION OR TO KEEP THE SYSTEM FROM FUNCTIONING AS INTENDED. FOUR OF THESE CATEGORIES ACCOUNT FOR 62 PERCENT OF KNOWN COMPUTER CRIMES: ADDING FRAUDULENT INPUT DATA, STEALING MASTER FILE INFORMATION, SABOTAGING THE COMPUTER FACILITY, AND UNAUTHORIZED COMPUTER USAGE. AN ANALYSIS OF PUBLISHED DATA ON COMPUTER CRIME CASES SHOWS THAT 10 OF THE REMAINING CATEGORIES -- SUPPRESSING OR ALTERING OUTPUT, ALTERING MASTER FILES, INTRODUCING DELIBERATE BUGS, SABOTAGING FILES OR OUTPUT, PARTIAL POSTING OF TRANSACTIONS, THEFT OF OUTPUT, COUNTERFEITING OUTPUT, INTERCYCLE MASTER FILE TAMPERING, THEFT OF THE MASTER FILE FOR RANSOM, AND INTERFACE DEFICIENCIES -- ACCOUNT FOR ONLY 11 PERCENT OF THE PUBLISHED CASES. OF THESE, COUNTERFEITING OUTPUT, THEFT OF MASTERFILES FOR RANSOM, AND INTERFACE DEFICIENCIES HAVE ONLY LIMITED OPPORTUNITY OR ARE UNATTRACTIVE CRIMES. ALL BUT THREE -- THEFT OF OUTPUT, COUNTERFEITING OUTPUT, AND THEFT OF THE MASTER FILE FOR RANSOM -- WOULD PROBABLY BE DISCOVERED IN-HOUSE; THE LOW PUBLISHED RATE SEEMS MOST LIKELY TO BE RELATED TO SUPPRESSED PUBLICATION OF CASES DISCOVERED IN-HOUSE AND THE FAILURE TO DISCOVER OR CORRECTLY IDENTIFY THEM. THE REMAINING 7 OF THE 10 CRIMES PRESENT A SPECIAL RISK BECAUSE THE PUBLISHED STATISTICS DO NOT GIVE THE TOTAL PICTURE OF THE DISCOVERED RATE, WHICH IS PROBABLY A SMALL FRACTION OF THE ACTUAL OCCURRENCE RATE. ELECTRONIC DATA PROCESSING MANAGERS MAY BE PLACING TOO MUCH ATTENTION ON THE FOUR MAJOR COMPUTER CRIMES WHILE IGNORING THESE SEVEN. SPECIFIC COUNTERMEASURES THAT MUST BE TAKEN TO PROTECT AGAINST THE IDENTIFIED CATEGORIES OF COMPUTER ABUSE ARE NOTED, INCLUDING ESTABLISHMENT OF A PHYSICALLY SECURE ENVIRONMENT, EFFECTIVE CONTROL OVER SYSTEM CHANGES, CONTROLS ON ACCESS TO AND USE OF DATA PROCESSING RESOURCES, AND AUDIT PROCEDURES WHICH ALLOW FOR THE VERIFICATION OF PROCESSING INTEGRITY. TABULAR DATA ARE PROVIDED. NO REFERENCES ARE CITED. (KBL)