Printer Friendly

Spectacular Computer Crimes.

Author: Buck BloomBecker

Publisher: Dow Jones-Irwin, 1818 Ridge Road, Homewood, IL 60430; 1990, 242 pages, hardback: $22.95

Reviewer: Howard Keough, CPP; Senior Computer Security Analyst, Mantech International -- Jaehne Division; Member of the ASIS Standing Committee on Computer Security

Spectacular Computer Crimes is devoted to describing the vulnerabilities of computer and communications technologies and the people who have exploited them. BloomBecker relates 18 case histories of computer crimes. He also discusses the need for ethics, why technology is running ahead of security how to use existing laws, and the dire need to exercise common sense.

BloomBecker's observation that computer crime victimizes us all certainly is true. He accurately points out that without computer security--nay, information systems security--a trusted employee can easily get away with an initial assault and later the "murder" of a computer system. But no corpus delicti, no remains, are left in an expunged data base.

A survey conducted by the National Center for Computer Crime Data, of which BloomBecker is director, states that 75 percent of computer crimes prosecuted in the United States are committed by trusted employees of victimized businesses. BloomBecker also explains a theory in criminology called differential association, exemplified by employees who push perceived corporate dishonesty beyond acceptable limits. The theory warns those who run corporations that employees will be no more honest than corporate directors are thought to be, and some will be less honest than that.

The book contains updates on what has happened to persons convicted of computer-related crimes, such as Jerry Schneider, Stanley Mark Ripkin, Donald Burleson, Harold Rossfields Smith, and over two dozen others who are not so well-known. Schneider and Ripkin are now security consultants; Burleson and Smith are still in prison.

BloomBecker stresses the problem of the lack of ethics in dealing with computers. He tells the story of one mother whose nine- and 10-year-old sons were continually fighting for time on their school's computers. The "fighting" went to the point of erasing other students' names from the sign-up list and even destroying the list. Their mother thought their behavior was perfectly acceptable--never mind about the lack of moral upbringing and ethics. This same lack of ethics has been observed among college students and many professionals.

In 1980 John Taber, a former IBM employee, caused a sensation when he wrote a commentary based on four questions--can computer crime be defined; can it be measured; can the seriousness of the computer crime problem be determined; and does a basis for laws against computer crime exist? As BloomBecker puts it, "These questions still challenge anyone who argues the case for increased attention to computer security." He does a good job of responding to Taber's questions.

The author also points out that establishing corporate security policies does not necessarily motivate employees to carr them out. He cites the case of Wells Fargo supervisor Harold Rossfields Smith, who not only ignored company policies but deliberately violated them.

The author goes on to advocate three keys to security--strengthened computer crime laws, security awareness and training, and greater computer security technology. He is also an advocate of disaster recovery planning. He cites the case of Don Burleson and his willfull destruction of 168,000 salespeople's commission records. The corporation, Forth Worth securities and trading firm USPA & IRA, had accurate backup records and thus was able to reconstruct the information over a weekend. The reconstruction cost the firm a great deal in overtime pay, however.

BloomBecker presents an impressive bibliography and a lit of organizations for computer professionals that advocate computer security. Of course, ASIS is at the top.

Overall, I enjoyed this interesting book and recommend that you have a copy in your library. Two points stick out in my memory. The first is the absolute necessity of security awareness and training--not just an hour's briefing for new employees but refresher courses at least annually for all shifts. The second is the need for individual accountability for system users. If users know their activity on the systems is monitored and unauthorized use investigated, they are less inclined to browse or see what they can get away with.
COPYRIGHT 1991 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Keough, Howard
Publication:Security Management
Article Type:Book Review
Date:Apr 1, 1991
Previous Article:Safeguarding our students.
Next Article:Computer Crimes: High-Tech Theft.

Related Articles
Computer crime categories: how techno-criminals operate.
Overcoming obstacles: preparing for computer-related crime.
UK police arrive to help fight crime.
Uneasy Relations.
Uneasy Relations.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters