The following are important factors of leadership:
1. UNWAVERING COURAGE. based upon knowledge of self, and of one's occupation. No follower wishes to be dominated by a leader who lacks self-confidence and courage. No intelligent follower will be dominated by such a leader very long.
2. SELF-CONTROL. The man who cannot control himself, can never control others. Self-control sets a mighty example for one's followers, which the more intelligent will emulate.
3. A KEEN SENSE OF JUSTICE. Without a sense of fairness and justice, no leader can command and retain the respect of his followers.
4. DEFINITENESS OF DECISION. The man who wavers in his decisions, shows that he is not sure of himself. He cannot lead others successfully.
5. DEFINITENESS OF PLANS. The successful leader must plan his work, and work his plan. A leader who moves by guesswork, without practical, definite plans, is comparable to a ship without a rudder. Sooner or later he will land on the rocks.
6. THE HABIT OF DOING MORE THAN PAID FOR. One of the penalties of leadership is the necessity of willingness, upon the part of the leader, to do more than he requires of his followers.
7. A PLEASING PERSONALITY. No slovenly, careless person can become a successful leader. Leadership calls for respect. Followers will not respect a leader who does not grade high on all of the factors of a Pleasing Personality.
8. SYMPATHY AND UNDERSTANDING. The successful leader must be in sympathy with his followers. Moreover, he must understand them and their problems
Monday, March 8, 2010
Be a Leader: How to Change People Without Giving Offense or Arousing Resentment
A leader's job often includes changing your people's attitudes and behavior. Some suggestions to accomplish this:
-Begin with praise and honest appreciation.
-Call attention to people's mistakes indirectly.
-Talk about your own mistakes before criticizing the other person.
-Ask questions instead of giving direct orders.
-Let the other person save face.
-Praise the slightest improvement and praise every improvement. Be "hearty in your approbation and lavish in your praise."
-Give the other person a fine reputation to live up to.
-Use encouragement. Make the fault seem easy to correct.
-Make the other person happy about doing the thing you suggest
-Begin with praise and honest appreciation.
-Call attention to people's mistakes indirectly.
-Talk about your own mistakes before criticizing the other person.
-Ask questions instead of giving direct orders.
-Let the other person save face.
-Praise the slightest improvement and praise every improvement. Be "hearty in your approbation and lavish in your praise."
-Give the other person a fine reputation to live up to.
-Use encouragement. Make the fault seem easy to correct.
-Make the other person happy about doing the thing you suggest
Win people to your way of thinking....
-The only way to get the best of an argument is to avoid it.
-Show respect for the other person's opinions. Never say, "You're wrong."
-If you are wrong, admit it quickly and emphatically.
-Begin in a friendly way.
-Get the other person saying "yes, yes" immediately.
-Let the other person do a great deal of the talking.
-Let the other person feel that the idea is his or hers.
-Try honestly to see things from the other person's point of view.
-Be sympathetic with the other person's ideas and desires.
-Appeal to the nobler motives.
-Dramatize your ideas.
-Throw down a challenge.
-Show respect for the other person's opinions. Never say, "You're wrong."
-If you are wrong, admit it quickly and emphatically.
-Begin in a friendly way.
-Get the other person saying "yes, yes" immediately.
-Let the other person do a great deal of the talking.
-Let the other person feel that the idea is his or hers.
-Try honestly to see things from the other person's point of view.
-Be sympathetic with the other person's ideas and desires.
-Appeal to the nobler motives.
-Dramatize your ideas.
-Throw down a challenge.
Six ways to make people like you.....
-Become genuinely interested in other people.
-Smile.
-Remember that a person's name is to that person the sweetest and most important sound in any language.
-Be a good listener. Encourage others to talk about themselves.
-Talk in terms of the other person's interests.
-Make the other person feel important - and do it sincerely.
-Smile.
-Remember that a person's name is to that person the sweetest and most important sound in any language.
-Be a good listener. Encourage others to talk about themselves.
-Talk in terms of the other person's interests.
-Make the other person feel important - and do it sincerely.
Fundamental Techniques in Handling People
-Don't criticize, condemn or complain.
-Give honest and sincere appreciation.
-Arouse in the other person an eager want.
-Give honest and sincere appreciation.
-Arouse in the other person an eager want.
Sunday, March 7, 2010
WHAT IS A MEASUREMENT SYSTEM?
MEASUREMENT SYSTEM is a Process to assign a number or decision to a characteristic.
In this Process following factors are present: Appraiser, Checking Method, Instrument, Environment.
E.g, OD checking, Concentricity checking.
STATISTICAL PROPERTIES OF MEASUREMENT SYSTEM
IDEAL MEASUREMENT SYSTEM IS THE ONE: That would produce only correct measurements each time it was used. That would always agree with a standard. The Quality of a measurement system is determined solely by the statistical data produced over time.
A “GOOD” MEASUREMENT SYSTEM IS THE ONE: Adequate Discrimination and Sensitivity. The measurement system ought to be in Statistical control, only under the influence of common causes, not Special causes.
For Product control, the variability of the measurement system must be small compared to the specification limits. For Process control, the variability of the measurement system must be small compared to the manufacturing process variation.
CRITERIA FOR A MEASUREMENT PROCESS DESIGN SELECTION
1 Who should be part of the team for “ Need” analysis?
2 How the measurement will be used? Is it for control, sorting, Qualification, indication, etc.?
3 What level of sensitivity will be required?
4 What is product specification?
5 What is the expected process variability?
6 What type of information required to be provided along with the gage?
7 What basic operators training required? Who will do the training?
8 How the measurement will be taken? (Manual, Automatic, offline, conveyor, etc.,)
9 Contact or non-contact?
10 How to calibrate? Who will calibrate?
11 When and where the measurement will be taken?
12 Will the part is clean, oily, hot, etc.?
13 What will be the frequency of use?
14 What will be calibration frequency?
15 Will the temperature difference between master used for setting and the part measured is significant?
MEASUREMENT ISSUES
Measurement system errors are classified as following five categories:
· Bias
· Stability
· Linearity
· Repeatability
· Reproducibility
APPLICATIONS OF THE ABOVE STUDIES PROVIDE THE FOLLOWING:
· A criterion to accept the new measuring equipment/ system
· A comparison of one measuring system against another
· A basis for evaluating a gage suspected of being deficient
· A comparison for measuring equipment before and after repair
In this Process following factors are present: Appraiser, Checking Method, Instrument, Environment.
E.g, OD checking, Concentricity checking.
STATISTICAL PROPERTIES OF MEASUREMENT SYSTEM
IDEAL MEASUREMENT SYSTEM IS THE ONE: That would produce only correct measurements each time it was used. That would always agree with a standard. The Quality of a measurement system is determined solely by the statistical data produced over time.
A “GOOD” MEASUREMENT SYSTEM IS THE ONE: Adequate Discrimination and Sensitivity. The measurement system ought to be in Statistical control, only under the influence of common causes, not Special causes.
For Product control, the variability of the measurement system must be small compared to the specification limits. For Process control, the variability of the measurement system must be small compared to the manufacturing process variation.
CRITERIA FOR A MEASUREMENT PROCESS DESIGN SELECTION
1 Who should be part of the team for “ Need” analysis?
2 How the measurement will be used? Is it for control, sorting, Qualification, indication, etc.?
3 What level of sensitivity will be required?
4 What is product specification?
5 What is the expected process variability?
6 What type of information required to be provided along with the gage?
7 What basic operators training required? Who will do the training?
8 How the measurement will be taken? (Manual, Automatic, offline, conveyor, etc.,)
9 Contact or non-contact?
10 How to calibrate? Who will calibrate?
11 When and where the measurement will be taken?
12 Will the part is clean, oily, hot, etc.?
13 What will be the frequency of use?
14 What will be calibration frequency?
15 Will the temperature difference between master used for setting and the part measured is significant?
MEASUREMENT ISSUES
Measurement system errors are classified as following five categories:
· Bias
· Stability
· Linearity
· Repeatability
· Reproducibility
APPLICATIONS OF THE ABOVE STUDIES PROVIDE THE FOLLOWING:
· A criterion to accept the new measuring equipment/ system
· A comparison of one measuring system against another
· A basis for evaluating a gage suspected of being deficient
· A comparison for measuring equipment before and after repair
MSA -Measurement System Analysis
The decision to adjust a manufacturing process or not is now commonly based on measurement data. Another use of measurement data is to determine if a significant relationship exists between two or more variables. Studies that explore such relationship are called analytical studies. In general, an analytic study is one that increases knowledge about the system of causes that affect the process. Analytic studies are among the most important uses of measurement data because they lead ultimately to better understanding of processes.
The benefit of using a data based procedure is largely determined by the quality of the measurement data used. To ensure that the benefit derived from using measurement data is great enough to warrant the cost of obtaining it, attention must be focused on the quality of the data.
Much of the variation in a set of measurements is due to the interaction between the measurement system and its environment. If the interaction generates too much variation, then the quality of the data may be so low that the data are not useful. For example, a measurement system with a large amount of variation may not be appropriate for use in analyzing a manufacturing process because the measurement system’s variation may mask the variation in the manufacturing process.
Much of the work of managing a measurement system is directed at monitoring and controlling variation. Among other things, this means that emphasis must be placed on learning how the measurement system interacts with its environment so that only data of acceptable quality are generated.
Most variation is undesirable. But there are some important exceptions. For instance, if the variation is due to small changes in the characteristic being measured, then it is usually considered desirable. The more sensitive a measurement system is to that kind of change, the more desirable the system becomes because it is a more sensitive measurement system.
If the quality of the data is not acceptable, then it must be improved. This is usually accomplished by improving the measurement system, rather than by improving the data themselves.
The benefit of using a data based procedure is largely determined by the quality of the measurement data used. To ensure that the benefit derived from using measurement data is great enough to warrant the cost of obtaining it, attention must be focused on the quality of the data.
Much of the variation in a set of measurements is due to the interaction between the measurement system and its environment. If the interaction generates too much variation, then the quality of the data may be so low that the data are not useful. For example, a measurement system with a large amount of variation may not be appropriate for use in analyzing a manufacturing process because the measurement system’s variation may mask the variation in the manufacturing process.
Much of the work of managing a measurement system is directed at monitoring and controlling variation. Among other things, this means that emphasis must be placed on learning how the measurement system interacts with its environment so that only data of acceptable quality are generated.
Most variation is undesirable. But there are some important exceptions. For instance, if the variation is due to small changes in the characteristic being measured, then it is usually considered desirable. The more sensitive a measurement system is to that kind of change, the more desirable the system becomes because it is a more sensitive measurement system.
If the quality of the data is not acceptable, then it must be improved. This is usually accomplished by improving the measurement system, rather than by improving the data themselves.
TQM - “DO IT RIGHT AT FIRST TIME”
TQM is quality focused, customer oriented & integrative management strategy that help in gains in quality, productivity & cost reduction. TQM helps in meeting the changing requirements of customers the market place through continuous improvement. TQM include organizational flexibility, responsiveness, morale & motivation of the organization as a whole.
In the intensely, competitive global economic & trade environment no firm can survive without quality products and/or services. The basic philosophy was evolved by Demming, Juran, Crossby, & Ishikova & others. These quality ‘Gurus’ have stated that TQM philosophy has relevance not merely to manufacturing but also non manufacturing activity like Service industry and also to public sector, like health-care, education, Social services & even Government services.
My paper includes following points:
“Quiet Right”, but what are the principles & premises of TQM? Where these have been applied with what results? What are the modifications of TQM? And how & when we shall study these principles & philosophy of TQM and verify its relevance to Education & who will make a beginning & take a lead? We have expertise in many fields, but we have been only followers in all these – medicine, industry, and Engineering etc. can we stop following and start leading? Without such a determination to lead, we should not dream of “ a developed India, by 2020” or any other specified date, there after.
In a nutshell my paper deals with the academics to get continuous improvement in theoretical as well as practical ways.
In the intensely, competitive global economic & trade environment no firm can survive without quality products and/or services. The basic philosophy was evolved by Demming, Juran, Crossby, & Ishikova & others. These quality ‘Gurus’ have stated that TQM philosophy has relevance not merely to manufacturing but also non manufacturing activity like Service industry and also to public sector, like health-care, education, Social services & even Government services.
My paper includes following points:
“Quiet Right”, but what are the principles & premises of TQM? Where these have been applied with what results? What are the modifications of TQM? And how & when we shall study these principles & philosophy of TQM and verify its relevance to Education & who will make a beginning & take a lead? We have expertise in many fields, but we have been only followers in all these – medicine, industry, and Engineering etc. can we stop following and start leading? Without such a determination to lead, we should not dream of “ a developed India, by 2020” or any other specified date, there after.
In a nutshell my paper deals with the academics to get continuous improvement in theoretical as well as practical ways.
THE RELATIONSHIP OF TQM TO EDUCATION?
Today’s knowledge revolution has brought about rapid advances in technology. It as changed the way we work & think & is changing learning. To cope with the Information age every person requires a standard of education. High education Attainments are the right of each & every person needs to have a quality education. TQM in education has as its message the idea that every child has worth & demands The best possible chance in life. It an aspiration as relevant in Calcutta or Nairobi as in London, New York or Beijing. It may sound utopia, but it is after all to dreams like theseThat education should aspire, & it was for dreams like these that pioneers of TQM, Deming, Juran, Crosby, albeit in a different context, developed their ideas.
The customers & clients of the education service (students, parents, & the community) Deserves the best possible quality of education. This is the moral high ground in education & one of the few areas of educational discussion where there is little dissent. It is the duty educational professionals & administrators to have an overriding concern to provide the very best possible educational opportunities. As John West- Bernham has put it, “it is difficult to conceptualize a situation where anything less than total quality is perceived as being appropriate or acceptable for the education of children” (West-Burnham 1992) TQM as management model with its emphasis on leadership, strategy, teamwork, rigorous analysis & self- assessment has a universal message.
If TQM is boiled down to its essential it consist of no. of elements. The trick of TQM, the thing that makes it such a powerful management process, is that all of the elements are to be present and worked on in concert over a sustained period of time. There is no quick fix in making long-term improvement in quality especially in an area as difficult intellectually challenging as education. The elements are listed below.
Ø a institutional strong mission and strategic framework
Ø Strong institutional leadership that put the needs of students first.
Ø excellent teamwork amongst the staff of the institution (this parallels the famous quality circles in Japanese industry)
Ø an organizational culture that is open and consultative and allows faculty to make quality improvement decisions for their student within the overall strategic framework and goals
Ø A clear understanding throughout the institution of the importance of excellent customer care (this is sometimes defined as a student needs come first policy)
Ø A clear set of policies that give sanction to the quality improvement culture
Ø A clear set of performance indicators through which the success of the institution can be measured
The customers & clients of the education service (students, parents, & the community) Deserves the best possible quality of education. This is the moral high ground in education & one of the few areas of educational discussion where there is little dissent. It is the duty educational professionals & administrators to have an overriding concern to provide the very best possible educational opportunities. As John West- Bernham has put it, “it is difficult to conceptualize a situation where anything less than total quality is perceived as being appropriate or acceptable for the education of children” (West-Burnham 1992) TQM as management model with its emphasis on leadership, strategy, teamwork, rigorous analysis & self- assessment has a universal message.
If TQM is boiled down to its essential it consist of no. of elements. The trick of TQM, the thing that makes it such a powerful management process, is that all of the elements are to be present and worked on in concert over a sustained period of time. There is no quick fix in making long-term improvement in quality especially in an area as difficult intellectually challenging as education. The elements are listed below.
Ø a institutional strong mission and strategic framework
Ø Strong institutional leadership that put the needs of students first.
Ø excellent teamwork amongst the staff of the institution (this parallels the famous quality circles in Japanese industry)
Ø an organizational culture that is open and consultative and allows faculty to make quality improvement decisions for their student within the overall strategic framework and goals
Ø A clear understanding throughout the institution of the importance of excellent customer care (this is sometimes defined as a student needs come first policy)
Ø A clear set of policies that give sanction to the quality improvement culture
Ø A clear set of performance indicators through which the success of the institution can be measured
Implementation of Total Quality Management (TQM) in Engineering Education
Engineering Colleges & polytechnics have quantitatively increased considerably during the last 2 decades & will continue to increase in future as well, may be at lower pace. This sudden expansion has given our country the status of world’s third largest technical manpower reserve. But at the same time, the quantitative expansion has put lot of pressure on standard of technical education. To rectify this situation “TQM” will certainly help us in raising & maintaining the standard.
We have grown quantitatively. What next?
Engineering colleges are supposed to be the centers of technical education. They have been established to train the young minds & supply appropriate manpower to variety of industries, Govt. organizations, and several multinational cooperation’s in the present scenario of Liberalization, Privatization, and Globalization. The students so trained in Engineering Colleges must receive the quality education so that they meet the basic expectations of the employers. The five top skills identified by the employers and required of the educated workforce are:
Time management
Ability to work under pressure
Accuracy & attention to details
Oral communication skills and
Managing different tasks at the same time.
Thus, the responsibility of any Engineering College is to look at the process of Engineering education with due seriousness so that the pass outs have imbibed necessary skills & competencies which will make them globally acceptable.
Quantitative expansion motivated by global phenomena of Liberalization, privatization and Globalization (LPG) has become a cause of concern for quality of engineering graduates.
This critical issue of quality of engineering graduates needs to be addressed on priority basis and the best thing done by the central Govt. is the establishment of AICTE, which plays the regulatory role of monitoring engineering education through out the country.
In this paper, attempt has been made to discuss the main parameters, which need to be taken care of, if the quality of engineering graduates is of any concern.
We have grown quantitatively. What next?
Engineering colleges are supposed to be the centers of technical education. They have been established to train the young minds & supply appropriate manpower to variety of industries, Govt. organizations, and several multinational cooperation’s in the present scenario of Liberalization, Privatization, and Globalization. The students so trained in Engineering Colleges must receive the quality education so that they meet the basic expectations of the employers. The five top skills identified by the employers and required of the educated workforce are:
Time management
Ability to work under pressure
Accuracy & attention to details
Oral communication skills and
Managing different tasks at the same time.
Thus, the responsibility of any Engineering College is to look at the process of Engineering education with due seriousness so that the pass outs have imbibed necessary skills & competencies which will make them globally acceptable.
Quantitative expansion motivated by global phenomena of Liberalization, privatization and Globalization (LPG) has become a cause of concern for quality of engineering graduates.
This critical issue of quality of engineering graduates needs to be addressed on priority basis and the best thing done by the central Govt. is the establishment of AICTE, which plays the regulatory role of monitoring engineering education through out the country.
In this paper, attempt has been made to discuss the main parameters, which need to be taken care of, if the quality of engineering graduates is of any concern.
TQM
What is TQM
TQM is an inclusive & comprehensive approach to the management of industrial enterprises. Its focus is on customers & quality. It has evolved into its present form from the concepts & practices of quality control & quality assurance
In case of its purpose, thrust direction & scope. TQM however, radially differs from the previous approach to the improvement of quality, productivity & management
Scope of TQM
The scope of TQM includes their affiliated companies, subcontractors, and suppliers, distributors & customers.such an inclusive & overarching approach defines the nature & scope of TQM as understood today.
The goal of TQM
The goal of TQM in office, professional, & technical setting is the same i.e. The creation of culture, measurement system, and reward system that encourage, facilitate & promote everyone in an organization constant improve effectiveness, efficiency & quality of performance.
TQM provides an opportunity to organization & people rethink & reorient their values & beliefs.
Total system perspective
TQM concerned with effective management of the totality of all business functions, activities & entities which includes people, know-how, innovations creativity, management style, system & procedures, shared values, beliefs & vision focused on meeting customer requirement.
Requirements of TQM
1.sound foundation: philosophy, policy, Culture, Leadership & commitment.
2. Sound Infrastructure: Organization, Systems, Procedures, Manuals, Customer, Suppliers involvement, Training & Educational & Total Employment Involvement.
3. Use of Specific Tools& Techniques
Ways of TQM
1.Adopt new philosophy of ‘not to allow defects to occur’
2.create consistency of purpose for improvement.
3.Improving production & service quality should be a continuous process.
4.Cease dependence on mass inspection. Adopt statistical Quality Control.
5.Insist quantifiable evidence from the suppliers about the quality of their product.
6.All employees should be trained, retrained and refresher courses be arranged.
7.provide proper tools to all the employees.
8. Adopt proper communication system.
9. Encourage productivity.
10. Encourage coordination between departments.
11. Permanent commitment of top management to quality.
12. Respect towards ‘work’ & ‘humanity’
13. Adopt consumer orientation & not the product orientation.
14. Objective should be, ‘Quality first’, and not the short-term profits’.
15. Use facts and data.
TQM is an inclusive & comprehensive approach to the management of industrial enterprises. Its focus is on customers & quality. It has evolved into its present form from the concepts & practices of quality control & quality assurance
In case of its purpose, thrust direction & scope. TQM however, radially differs from the previous approach to the improvement of quality, productivity & management
Scope of TQM
The scope of TQM includes their affiliated companies, subcontractors, and suppliers, distributors & customers.such an inclusive & overarching approach defines the nature & scope of TQM as understood today.
The goal of TQM
The goal of TQM in office, professional, & technical setting is the same i.e. The creation of culture, measurement system, and reward system that encourage, facilitate & promote everyone in an organization constant improve effectiveness, efficiency & quality of performance.
TQM provides an opportunity to organization & people rethink & reorient their values & beliefs.
Total system perspective
TQM concerned with effective management of the totality of all business functions, activities & entities which includes people, know-how, innovations creativity, management style, system & procedures, shared values, beliefs & vision focused on meeting customer requirement.
Requirements of TQM
1.sound foundation: philosophy, policy, Culture, Leadership & commitment.
2. Sound Infrastructure: Organization, Systems, Procedures, Manuals, Customer, Suppliers involvement, Training & Educational & Total Employment Involvement.
3. Use of Specific Tools& Techniques
Ways of TQM
1.Adopt new philosophy of ‘not to allow defects to occur’
2.create consistency of purpose for improvement.
3.Improving production & service quality should be a continuous process.
4.Cease dependence on mass inspection. Adopt statistical Quality Control.
5.Insist quantifiable evidence from the suppliers about the quality of their product.
6.All employees should be trained, retrained and refresher courses be arranged.
7.provide proper tools to all the employees.
8. Adopt proper communication system.
9. Encourage productivity.
10. Encourage coordination between departments.
11. Permanent commitment of top management to quality.
12. Respect towards ‘work’ & ‘humanity’
13. Adopt consumer orientation & not the product orientation.
14. Objective should be, ‘Quality first’, and not the short-term profits’.
15. Use facts and data.
The Eight key elements of TQM
To be successful implementing TQM, an organization must concentrate on the 8 key elements
1 ethics
2 integrity
3 trust
4 training
5 teamwork
6 leadership
7 recognition
8 communication
This paper is meant to describe 8 elements comprising TQM
1 Ethics – Ethics is the discipline concerned with good and bad in any situation. It is a two-faceted subject represented by or organizational and individual ethics.
2 Integrity – Integrity implies honesty, morals, values, fairness, and adherence to the facts and sincerity. People see the opposite of integrity as duplicity.
3 Trust – Trust is a by-product of integrity and ethical conduct. Without trust, the framework of a TQM cannot be good. Trust fosters full participation of all members.
4 Training – Training is very important for employees to be highly productive. Supervisors are solely responsible for implementing TQM within their departments, and teaching their employees the philosophies of TQM.
5 Teamwork – To become successful in business, teamwork is also a key element of TQM With the use of team, the business will receive the quicker and better solutions to problem.
6 Leadership – It is possibly the most important elements in TQM. It appears everywhere in organization. Leadership in TQM requires the managers to provide an inspiring vision.
7 communications – It binds everything together. Starting from foundation to roof of the TQM house, everything is bound by strong mortar of communication
8 Recognition – It is the last and final element in entire system it should be provided for both suggestions and achievements for teams as well as individuals. Employees strive to receive recognition for themselves and their teams.
1 ethics
2 integrity
3 trust
4 training
5 teamwork
6 leadership
7 recognition
8 communication
This paper is meant to describe 8 elements comprising TQM
1 Ethics – Ethics is the discipline concerned with good and bad in any situation. It is a two-faceted subject represented by or organizational and individual ethics.
2 Integrity – Integrity implies honesty, morals, values, fairness, and adherence to the facts and sincerity. People see the opposite of integrity as duplicity.
3 Trust – Trust is a by-product of integrity and ethical conduct. Without trust, the framework of a TQM cannot be good. Trust fosters full participation of all members.
4 Training – Training is very important for employees to be highly productive. Supervisors are solely responsible for implementing TQM within their departments, and teaching their employees the philosophies of TQM.
5 Teamwork – To become successful in business, teamwork is also a key element of TQM With the use of team, the business will receive the quicker and better solutions to problem.
6 Leadership – It is possibly the most important elements in TQM. It appears everywhere in organization. Leadership in TQM requires the managers to provide an inspiring vision.
7 communications – It binds everything together. Starting from foundation to roof of the TQM house, everything is bound by strong mortar of communication
8 Recognition – It is the last and final element in entire system it should be provided for both suggestions and achievements for teams as well as individuals. Employees strive to receive recognition for themselves and their teams.
Definition of Web 2.0 and social software
There is no single agreed definition of the terms Web 2.0 – also known as the Social Web – and
social software, but there is widespread agreement that they apply to a set of characteristics in the context of the internet and applications served over it.5 The characteristics include access and use through a web browser such as, for example, Internet Explorer of Firefox; being both supportive and encouraging of user participation in the sharing, consumption and generation of content, including through remixing and repurposing; and also amenable to developments in functionality consistent with user demand – users can and do, in effect, contribute to service and software design.
At its simplest, social software has been defined as ‘software that supports group interaction’.6
Elaborations include ‘software that allows people to interact and collaborate online or that
aggregates the actions of networked users’;7 ‘a set of internet services and practices that give voice to individual users’;8 and, in the specific context of learning, ‘networked tools that support and encourage individuals to learn together whilst retaining control over their time, space, presence, activity, identity and relationship.’9
The most familiar and widely recognised types of Web 2.0 activity include the following:10
Blogging
An internet-based journal or diary in which a user can post text and digital material while others cancomment, eg blogger; technorati; twitter
Conversing
One to one or one to many between internet users, eg MSN
Media sharing
Uploading or downloading media files for purposes of audience or exchange, eg flikr; YouTube
Online gaming and virtual worlds
Rule-governed games or themed environments that invite live interaction with other internet users, eg secondlife; worldofwarcraft
Social bookmarking
Users submit their bookmarked web pages to a central site where they can be found and tagged by other users, eg del.icio.us
Social networking
Websites that structure social interaction between members who may form sub-groups of ‘friends’,eg myspace; bebo; facebook
Syndication
Users can subscribe to RSS (Really Simply Syndication) feed-enabled websites so that they are
automatically notified of any changes or updates in content via an aggregator, eg bloglines; podcast Trading Buying, selling or exchanging through user transactions mediated by internet communications, eg craigslist; e-bay
Wikis
A web-based service allowing users unrestricted access to create, edit and link pages, eg wikipedia.
social software, but there is widespread agreement that they apply to a set of characteristics in the context of the internet and applications served over it.5 The characteristics include access and use through a web browser such as, for example, Internet Explorer of Firefox; being both supportive and encouraging of user participation in the sharing, consumption and generation of content, including through remixing and repurposing; and also amenable to developments in functionality consistent with user demand – users can and do, in effect, contribute to service and software design.
At its simplest, social software has been defined as ‘software that supports group interaction’.6
Elaborations include ‘software that allows people to interact and collaborate online or that
aggregates the actions of networked users’;7 ‘a set of internet services and practices that give voice to individual users’;8 and, in the specific context of learning, ‘networked tools that support and encourage individuals to learn together whilst retaining control over their time, space, presence, activity, identity and relationship.’9
The most familiar and widely recognised types of Web 2.0 activity include the following:10
Blogging
An internet-based journal or diary in which a user can post text and digital material while others cancomment, eg blogger; technorati; twitter
Conversing
One to one or one to many between internet users, eg MSN
Media sharing
Uploading or downloading media files for purposes of audience or exchange, eg flikr; YouTube
Online gaming and virtual worlds
Rule-governed games or themed environments that invite live interaction with other internet users, eg secondlife; worldofwarcraft
Social bookmarking
Users submit their bookmarked web pages to a central site where they can be found and tagged by other users, eg del.icio.us
Social networking
Websites that structure social interaction between members who may form sub-groups of ‘friends’,eg myspace; bebo; facebook
Syndication
Users can subscribe to RSS (Really Simply Syndication) feed-enabled websites so that they are
automatically notified of any changes or updates in content via an aggregator, eg bloglines; podcast Trading Buying, selling or exchanging through user transactions mediated by internet communications, eg craigslist; e-bay
Wikis
A web-based service allowing users unrestricted access to create, edit and link pages, eg wikipedia.
Communication in Organizations
What is Communication?
§ Sharing of information with other people
§ Reaching of a common understanding
–Accuracy, not agreement.
Improving Listening
§ Give sender undivided attention
§ Look sender in the eye
§ Do not interrupt
§ Focus on understanding what you are hearing
§ Ask questions
§ Rephrase key points
§ Avoid distracting sender
Approaches to Diversity Training
§ Panel of minority members describe/ share personal experiences
§ Members of organization work with people who are different from themselves
§ Sharing of information with other people
§ Reaching of a common understanding
–Accuracy, not agreement.
Improving Listening
§ Give sender undivided attention
§ Look sender in the eye
§ Do not interrupt
§ Focus on understanding what you are hearing
§ Ask questions
§ Rephrase key points
§ Avoid distracting sender
Approaches to Diversity Training
§ Panel of minority members describe/ share personal experiences
§ Members of organization work with people who are different from themselves
Learning and Creativity
Learning in Organizations;
What ?
–Learning takes place as a result of practice or through experience.
–With learning comes change.
–Change must be relatively permanent.
# Types
–Operant Conditioning
–Behavior Modification
–Social Learning
–Learning on your own.
–Learning by doing.
–Continuous learning through creativity/
–The learning organization.
What ?
–Learning takes place as a result of practice or through experience.
–With learning comes change.
–Change must be relatively permanent.
# Types
–Operant Conditioning
–Behavior Modification
–Social Learning
–Learning on your own.
–Learning by doing.
–Continuous learning through creativity/
–The learning organization.
Social Responsibility of Business
Increasingly, organizations are expected to legitimize their existence by making socially responsible decisions and acting on them accordingly. However, organizations operate in dynamic and diverse contexts, both within and between their national boundaries, which challenge their ability and willingness to act ethically. This is evidenced by recent and continued business ethical scandals that have led to enormous social impact with global implications and have affected the survival of some organizations.
It is therefore important to understand how organizations’ interactions with their various constituencies impact on their ethical and social responsible behavior. This understanding ought to make us more informed about the contextual factors that foster the presence or absence of ethical decisions with the aim of preventing future unethical and social irresponsible behaviors.
It is therefore important to understand how organizations’ interactions with their various constituencies impact on their ethical and social responsible behavior. This understanding ought to make us more informed about the contextual factors that foster the presence or absence of ethical decisions with the aim of preventing future unethical and social irresponsible behaviors.
Friday, March 5, 2010
Internet marketing and retail fraud
This is a fast-growing area of internet fraud perpetrated by dishonest internet marketing and retail sites. A variety of products and services are involved. The customer is tricked by a legitimate-looking site and effective marketing into giving their credit card information and CVV number, or sending cash by other means, in exchange for what they believe to be the goods or services. The goods are never arrive, turn out to be fake, or are products worth less than those advertised.Where a credit card is involved, the perpetrators may also aim to use the customer's credit card information to obtain cash or to make purchases of their own. A common example of this type of fraud are pornographic websites that advertise free access. Upon further inspection, however, a credit card is required "for age verification purposes only." The scammers then use your credit card information to make large charges to the credit card.In cases involving fake or worthless goods, many are health products, related to health fraud. These products might advertise anything from a quick way to loose weight to a cure for a serious disease, and may:promise a lot, claiming they can "do it all" claim to be a "scientific breakthrough", featuring fake doctors or scientists making claims for the product, with technical jargon that only experts in the field know is used falsely feature a long list of "personal testimonials", with no way to check if they are true or fake. Once your credit card information is given to these type of scam companies, they usually will charge you no matter what type of cancellation you attempt to go through. This can often be overcome by contacting the credit card company. Credit and consumer protection laws in many countries hold the credit card company liable to refund their customers' money for goods or services purchased with the card but not delivered. The loss is then suffered by the card company, but ultimately passed on to customers in higher interest and fees.
Website scams
Click fraud-
The latest scam to hit the headlines is the multi-million dollar Clickfraud which occurs when advertising network affiliates force paid views or clicks to ads on their own websites via spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense capability pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100[verification needed] and an online advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase.
International modem dialing-
Many consumers connect to the Internet using a modem calling a local telephone number. Some web sites, normally containing adult content, use international dialing to trick consumers into paying to view content on their web site. Often these sites purport to be free and advertise that no credit card is needed. They then prompt the user to download a "viewer" or "dialer" to allow them to view the content. Once the program is downloaded it disconnects the computer from the Internet and proceeds to dial an international long distance or premium rate number, charging anything up to US$7-8 per minute. An international block is recommended to prevent this, but in the U.S. and Canada, calls to the Caribbean (except Haiti) can be dialed with a "1" and a three-digit area code, so such numbers, as well as "10-10 dial-round" phone company prefixes, can circumvent an international block.
Another type of Click Fraud
This type of fraud involves a supposed internet marketing specialist presenting a prospective client with detailed graphs and charts that indicate that his web site receives (x) thousands of hits per month, emphasizing that if you pay for his services you will succeed in getting a number clicks converted to customers or clients.
When you receive no request for more information and no clients, the fraudster responds that it must be something you web site is not doing right.
Phishing-
Main article: Phishing"Phishing" is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.
The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create a legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site. Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
Anti-phishing technologies are now available.
Pharming-
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.
If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.
For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.
Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.
Anti-pharming technologies are now available.
Auction and retail schemes -
onlineFraudsters launch auctions on eBay or TradeMe with very low prices and no reservations especially for high priced items like watches, computers or high value collectibles. They received payment but never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. Some fraudsters also create complete webstores that appear to be legitimate, but they never deliver the goods. An example of such a fraudulent site is marselle.com. They take payment but never shipped the order. In some cases, some stores or auctioneers are legitimate but eventually they stopped shipping after cashing the customers' payments.
Sometimes fraudsters will combine phishing to hijacking legitimate member accounts on eBay, typically with very high numbers of positive feedback, and then set up a phony online store. They received payment usually via check, money-order, cash or wire transfer but never deliver the goods; then they leave the poor, unknowing eBay member to sort out the mess. In this case the fraudster collects the money while ruining the reputation of the conned eBay member and leaving a large number of people without the goods they thought they purchased.Stock market manipulation schemesThese are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are:
Pump-and-dump schemesFalse and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email (spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money. Even if the stock value does increase, the stocks may be hard to sell because of lack of interested buyers, leaving the shareholder with the shares for a far longer term than desired.
Short-selling or "scalping" schemesThis scheme takes a similar approach to the "pump-and-dump" scheme, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option and reaps the huge gain.
Avoiding Internet investment scamsThe US Security Exchange Commission have enumerated guideline on how to avoid internet investment scams. The summary are as follows:
The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site, posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails. If you want to invest wisely and steer clear of frauds, you must get the facts. The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism.
The latest scam to hit the headlines is the multi-million dollar Clickfraud which occurs when advertising network affiliates force paid views or clicks to ads on their own websites via spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense capability pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100[verification needed] and an online advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase.
International modem dialing-
Many consumers connect to the Internet using a modem calling a local telephone number. Some web sites, normally containing adult content, use international dialing to trick consumers into paying to view content on their web site. Often these sites purport to be free and advertise that no credit card is needed. They then prompt the user to download a "viewer" or "dialer" to allow them to view the content. Once the program is downloaded it disconnects the computer from the Internet and proceeds to dial an international long distance or premium rate number, charging anything up to US$7-8 per minute. An international block is recommended to prevent this, but in the U.S. and Canada, calls to the Caribbean (except Haiti) can be dialed with a "1" and a three-digit area code, so such numbers, as well as "10-10 dial-round" phone company prefixes, can circumvent an international block.
Another type of Click Fraud
This type of fraud involves a supposed internet marketing specialist presenting a prospective client with detailed graphs and charts that indicate that his web site receives (x) thousands of hits per month, emphasizing that if you pay for his services you will succeed in getting a number clicks converted to customers or clients.
When you receive no request for more information and no clients, the fraudster responds that it must be something you web site is not doing right.
Phishing-
Main article: Phishing"Phishing" is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.
The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create a legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site. Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
Anti-phishing technologies are now available.
Pharming-
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.
If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.
For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.
Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.
Anti-pharming technologies are now available.
Auction and retail schemes -
onlineFraudsters launch auctions on eBay or TradeMe with very low prices and no reservations especially for high priced items like watches, computers or high value collectibles. They received payment but never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. Some fraudsters also create complete webstores that appear to be legitimate, but they never deliver the goods. An example of such a fraudulent site is marselle.com. They take payment but never shipped the order. In some cases, some stores or auctioneers are legitimate but eventually they stopped shipping after cashing the customers' payments.
Sometimes fraudsters will combine phishing to hijacking legitimate member accounts on eBay, typically with very high numbers of positive feedback, and then set up a phony online store. They received payment usually via check, money-order, cash or wire transfer but never deliver the goods; then they leave the poor, unknowing eBay member to sort out the mess. In this case the fraudster collects the money while ruining the reputation of the conned eBay member and leaving a large number of people without the goods they thought they purchased.Stock market manipulation schemesThese are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are:
Pump-and-dump schemesFalse and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email (spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money. Even if the stock value does increase, the stocks may be hard to sell because of lack of interested buyers, leaving the shareholder with the shares for a far longer term than desired.
Short-selling or "scalping" schemesThis scheme takes a similar approach to the "pump-and-dump" scheme, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option and reaps the huge gain.
Avoiding Internet investment scamsThe US Security Exchange Commission have enumerated guideline on how to avoid internet investment scams. The summary are as follows:
The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site, posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails. If you want to invest wisely and steer clear of frauds, you must get the facts. The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism.
Business opportunity/"Work-at-Home" schemes
Fraudulent schemes often use the Internet to advertise purported business opportunities that will allow individuals to earn thousands of dollars a month in "work-at-home" ventures. These schemes typically require the individuals to pay anywhere from $35 to several hundred dollars or more, but fail to deliver the materials or information that would be needed to make the work-at-home opportunity a potentially viable business.
Often, after paying a registration fee, the applicant will be sent advice on how to place ads similar to the one that recruited him in order to recruit others, which is effectively a pyramid scheme.
Other types of work at home scams include home assembly kits. The applicant pays a fee for the kit, but after assembling and returning the item, it’s rejected as sub-standard, meaning the applicant is out of pocket for the materials. Similar scams include home-working directories, medical billing, data entry (data entry scam) at home or reading books for money.
Often, after paying a registration fee, the applicant will be sent advice on how to place ads similar to the one that recruited him in order to recruit others, which is effectively a pyramid scheme.
Other types of work at home scams include home assembly kits. The applicant pays a fee for the kit, but after assembling and returning the item, it’s rejected as sub-standard, meaning the applicant is out of pocket for the materials. Similar scams include home-working directories, medical billing, data entry (data entry scam) at home or reading books for money.
Call tag scam
The Merchant Risk Council reported that the "call tag" scam re-emerged over the 2005 holidays and several large merchants suffered losses. Under the scheme, criminals use stolen credit card information to purchase goods online for shipment to the legitimate cardholder. When the item is shipped and the criminal receives tracking information via email, he/she calls the cardholder and falsely identifies himself as the merchant that shipped the goods, saying that the product was mistakenly shipped and asking permission to pick it up upon receipt. The criminal then arranges the pickup issuing a "call tag" with a shipping company different from the one the original merchant used. The cardholder normally doesn't notice that there is a second shipping company picking up the product, which in turn has no knowledge it is participating in a fraud scheme. The cardholder then notices a charge in his card and generates a chargeback to the unsuspecting merchant.
Online automotive fraud
There are two basic schemes in online automotive fraud:
A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a bargain, emails the seller, who responds saying the car is still available but is located overseas. He then instructs the buyer to send a deposit via wire transfer to initiate the "shipping" process. The unwitting buyer wires the funds, and doesn't discover until days or weeks later that they were scammed. A fraudster feigns interest in an actual vehicle for sale on the Internet. The "buyer" explains that a client of his is interested in the car, but due to an earlier sale that fell through has a certified check for thousands more than the asking price and requests the seller to send the balance via wire transfer. If the seller agrees to the transaction, the buyer sends the certified check via express courier (typically from Nigeria). The seller takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces and the seller realizes they have been scammed. But the money has long since been picked up and is not recoverable. In another type of fraud, a fraudster contacts the seller of an automobile, asking for the vehicle identification number, putatively to check the accident record of the vehicle. However, the supposed buyer actually uses the VIN to make fake papers for a stolen car that is then sold.
A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a bargain, emails the seller, who responds saying the car is still available but is located overseas. He then instructs the buyer to send a deposit via wire transfer to initiate the "shipping" process. The unwitting buyer wires the funds, and doesn't discover until days or weeks later that they were scammed. A fraudster feigns interest in an actual vehicle for sale on the Internet. The "buyer" explains that a client of his is interested in the car, but due to an earlier sale that fell through has a certified check for thousands more than the asking price and requests the seller to send the balance via wire transfer. If the seller agrees to the transaction, the buyer sends the certified check via express courier (typically from Nigeria). The seller takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces and the seller realizes they have been scammed. But the money has long since been picked up and is not recoverable. In another type of fraud, a fraudster contacts the seller of an automobile, asking for the vehicle identification number, putatively to check the accident record of the vehicle. However, the supposed buyer actually uses the VIN to make fake papers for a stolen car that is then sold.
Counterfeit Postal Money Orders
According to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMOs) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.
On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMOs):
Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly. Geographical origin:Mostly from Nigeria Ghana Eastern Europe The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.
On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMOs):
Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly. Geographical origin:Mostly from Nigeria Ghana Eastern Europe The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.
Thursday, March 4, 2010
Purchase scams
Direct solicitationsThe most straightforward type of purchase scam is a buyer in another country approaching many merchants through spamming them and directly asking them if they can ship to them using credit cards to pay.
An example of such email is as follows:
From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35 AM Subject: International order enquiry
Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order for some products in your store, But before I proceed with listing my requirements, I will like to know if you accept credit card and can ship internationally to Lagos, Nigeria. Could you get back to me with your website so as to forward you the list of my requirements as soon as possible. Regards, XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com
Most likely, a few weeks or months after the merchant ships and charges the Nigerian credit card, he/she will be hit with a chargeback from the credit card processor and lose all the money.
Counterfeit Postal Money OrdersAccording to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMOs) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.
On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMOs):
Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly. Geographical origin:
Mostly from Nigeria Ghana Eastern Europe The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.
An example of such email is as follows:
From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35 AM Subject: International order enquiry
Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order for some products in your store, But before I proceed with listing my requirements, I will like to know if you accept credit card and can ship internationally to Lagos, Nigeria. Could you get back to me with your website so as to forward you the list of my requirements as soon as possible. Regards, XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com
Most likely, a few weeks or months after the merchant ships and charges the Nigerian credit card, he/she will be hit with a chargeback from the credit card processor and lose all the money.
Counterfeit Postal Money OrdersAccording to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMOs) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.
On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMOs):
Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly. Geographical origin:
Mostly from Nigeria Ghana Eastern Europe The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.
Identity theft schemes
Stolen credit cards
Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. There have been many cases of crackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in which they were selling the credit card information to criminals.
Despite the claims of the credit card industry and various merchants, using credit cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs to be decrypted to plain text in order to process it. This is one of the points where credit card information is typically stolen.
Get wire transfer infoSome fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them.
Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. There have been many cases of crackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in which they were selling the credit card information to criminals.
Despite the claims of the credit card industry and various merchants, using credit cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs to be decrypted to plain text in order to process it. This is one of the points where credit card information is typically stolen.
Get wire transfer infoSome fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them.
Drug Trafficking
Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms.
The Internet's easy-to-learn, fast-paced character, global impact, and fairly reliable privacy features facilitate the marketing of illicit drugs. Detecting money laundering of cash earned by drug traffickers is very difficult, because dealers are now able to use electronic commerce and Internet banking facilities. Also, traffickers have been using online package tracking services offered by courier companies to keep tabs on the progress of their shipments. If there happened to be some sort of undue delay, this could signal authority interception of the drugs, which would still allow the dealers time to cover their tracks. Law enforcement is also more deficient because illicit drug deals are arranged instantaneously, over short distances, making interception by authorities much more difficult.
The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.
The Internet's easy-to-learn, fast-paced character, global impact, and fairly reliable privacy features facilitate the marketing of illicit drugs. Detecting money laundering of cash earned by drug traffickers is very difficult, because dealers are now able to use electronic commerce and Internet banking facilities. Also, traffickers have been using online package tracking services offered by courier companies to keep tabs on the progress of their shipments. If there happened to be some sort of undue delay, this could signal authority interception of the drugs, which would still allow the dealers time to cover their tracks. Law enforcement is also more deficient because illicit drug deals are arranged instantaneously, over short distances, making interception by authorities much more difficult.
The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.
Harassment
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, harassment by computer, stalking, and cyberstalking). In England, in a broader form than s43 Telecommunications Act 1984, s1 Malicious Communications Act 1988 makes it an offense to send an indecent, offensive or threatening letter, electronic communication or other article to another person. Now, s2 Protection from Harassment Act 1997 criminalizes a course of conduct amounting to harassment which the defendant knows, or ought to know, amounts to harassment of another. If a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other, the knowledge will be imputed to the defendant. Although harassment is not defined, s7 states that it includes causing alarm or distress, and conduct is defined as including speech in all its forms. In DPP v Collins (2006) 1 WLR 308 the defendant repeatedly telephoned the offices of his MP on a wide range of political matters. In conversations with employees at the office and on messages left on the telephone answering machine, he used racist terms to show the frustration he felt at the way in which his affairs were being handled. No-one was personally offended, but the staff became depressed. Charged under s127(1) Communications Act 2003, the magistrates found that the terms were offensive but that a reasonable person would not find them grossly offensive. To determine whether any message content is merely offensive or grossly offensive depended on their particular circumstances and context, i.e. in the wider society which is an open and just multi-racial society, the test of offensiveness was objective.
More problematic are deliberate attacks which amount to defamation although, in March 2006, Michael Keith-Smith became the first person to win damages from an individual internet user after she accused him of being a 'sex offender' and 'racist blogger' on a Yahoo! discussion site. She also claimed that his wife was a prostitute. The High Court judge decided that Tracy Williams, of Oldham, was "particularly abusive" and "her statements demonstrated that ... she had no intention of stopping her libellous and defamatory behavior". She was ordered to pay £10,000 in damages, plus £7,200 costs. In general, libel is not treated as a criminal matter except when it may provoke the person defamed into retaliatory violence (All forms of unsolicited e-mail and advertisements can also be considered to be forms of Internet harassment where the content is offensive or of an explicit sexual nature. Now termed spam, it has been criminalized in various countries.
More problematic are deliberate attacks which amount to defamation although, in March 2006, Michael Keith-Smith became the first person to win damages from an individual internet user after she accused him of being a 'sex offender' and 'racist blogger' on a Yahoo! discussion site. She also claimed that his wife was a prostitute. The High Court judge decided that Tracy Williams, of Oldham, was "particularly abusive" and "her statements demonstrated that ... she had no intention of stopping her libellous and defamatory behavior". She was ordered to pay £10,000 in damages, plus £7,200 costs. In general, libel is not treated as a criminal matter except when it may provoke the person defamed into retaliatory violence (All forms of unsolicited e-mail and advertisements can also be considered to be forms of Internet harassment where the content is offensive or of an explicit sexual nature. Now termed spam, it has been criminalized in various countries.
Offensive Content
The content of websites and other electronic communications may be harmful, distasteful or offensive for a variety of reasons. Most countries have enacted law that place some limits on the freedom of speech and ban racist, blasphemous, politically subversive, seditious or inflammatory material that tends to incite hate crimes. This is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs, each convinced that their point of view has been unreasonably attacked. In England, s28 Crime and Disorder Act 1998 defines a racial group, following Mandla v Dowell-Lee (1983) 2 AC 548 (in which a requirement to wear a cap as part of a school uniform had the effect of excluding Sikh boys whose religion required them to wear a turban), as a group of persons defined by reference to race, color, nationality (including citizenship) or ethnic or national origin; and a religious group as a group of persons defined by reference to religious belief or lack of religious belief. Therefore, it is equally an offense to show hostility to a person who practices a particular faith as to a person who has no religious belief or faith.
Computer Fraud
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;* altering or deleting stored data; or* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.
* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;* altering or deleting stored data; or* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.
The cyber law - three pre requisites
The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites: (1) A sound Cyber Law regime, (2) A sound enforcement machinery, and (3) A sound judicial system.
Let us analyse the Indian Cyber law on the above parameters. (1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000.[1] Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “grey areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfil the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered.Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.
(2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support. (3) A sound judicial system: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour.In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”.[2] The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.
Let us analyse the Indian Cyber law on the above parameters. (1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000.[1] Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “grey areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfil the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered.Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.
(2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support. (3) A sound judicial system: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour.In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”.[2] The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.
Comparison to Physical Forensics
There are many core differences between computer forensics and "physical forensics." [3] At the highest level, the physical forensic sciences focus on identification and individualization. Both of these processes compare an item from a crime scene with other substances to identify the class of the item (i.e. is the red liquid fruit juice or blood?) or the source of the item (i.e. did this blood come from person X?). Computer forensics on the other hand focuses on finding the evidence and analyzing it. Therefore, it is more analogous to a physical crime scene investigation[4] than the physical forensic processes.
Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.
MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa.
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let’s have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed.
1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature.
2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings.
3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates.
4. The Act now allows Government to issue notification on the web thus heralding e-governance.
5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates.
6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000).
7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal.
8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis.
The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like:
1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce.2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands .3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP.4. Internet is a borderless medium ; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation??
The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time???
* The IT Act is silent on filming anyone’s personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention .* For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’ hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can take…should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day.
Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan .
But can the cyber laws of the country be regarded as sufficient and secure enough to provide a strong platform to the country’s e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India ’s outsourcing company have started to re-think of carrying out their business in India .Bajaj’s case has given the strongest blow in this respect and have broken India ’s share in outsourcing market as a leader.
If India doesn’t want to loose its position and wishes to stay as the world’s leader forever in outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the Act, or else the day is not far when the scenario of India ruling the world’s outsourcing market will stay alive in the dreams only as it will be overtaken by its competitors.
Examine the Live System and record open applications
If the machine is still active, any intelligence which can be gained by examining the applications currently open should be recorded. If the machine is suspected of being used for illegal communications, such as terrorist traffic, not all of this information may be stored on the hard drive. If information stored solely in RAM is not recovered before powering down it may be lost, so acquiring the data while the RAM is still powered is a priority. For most practical purposes, it is not possible to completely scan contents of RAM modules in a running computer. Though specialized hardware could do this, the computer may have been modified to detect chassis intrusion (some Dell machines, for example, can do this stock; software need only monitor for it) and removing the cover could cause the system to dump the contents. Ideally, prior intelligence or surveillance will indicate what action should be taken to avoid losing this information.
Several Open Source tools are available to conduct an analysis of open ports, mapped drives (including through an active VPN connection), and of significant importance, open or mounted encrypted files (containers) on the live computer system. Additionally, through Microsoft's implementation of the Encrypted File System (EFS), once a system is powered down, the difficulty to examine previously mounted EFS files and directory structures is substantially increased. Utilizing open source tools and commercially available products, it is possible to obtain an image of these mapped drives and the open encrypted containers in an unencrypted format. For Windows based systems, these Open Source tools include Knoppix and Helix. Commercial imaging tools include Access Data's Forensic Tool Kit and Guidance Software's Encase application. Both companies make available their imaging tools for free; however, in order to analyze the data imaged using these tools you will need to purchase a full licensed version of the application.
The aforementioned Open Source tools can also scan RAM and Registry information to show recently accessed web-based email sites and the login/password combination used. Additionally these tools can also yield login/password for recently access local email applications including MS Outlook.
With MS most recent addition, Vista, and Vista's use of BitLocker and the Trusted Platform Module (TPM), the importance of developing procedures for examining and imaging live (mounted unencrypted) systems is anticipated to significantly increase.
It is possible that in utilizing tools to analyze and document a live computer system that changes can be made to the content of the hard drive. During each phase of system analysis, the forensic examiner must document what they did and why they did it. Specifically, the examiner should detail the potentially perishable information that can/will be lost during a system power down process. The examiner must balance the need to potentially change data on the hard drive versus the evidentiary value of such perishable data.
RAM can be analyzed for prior content after power loss. Although as production methods become cleaner the impurities used to indicate a particular cell's charge prior to power loss are becoming less common. Data held statically in an area of RAM for long periods of time are more likely to be detectable using these methods. The likelihood of such recovery increases as the originally applied voltages, operating temperatures and duration of data storage increases. Holding unpowered RAM below - 60 °C will help preserve the residual data by an order of magnitude, thus improving the chances of successful recovery. However, the practicality of utilizing such a method in a field examination environment severely limits this approach.
As expeditious destruction of chronic residual stress within the module can really only be achieved by impractical exposure to high energies, applications written with data security in mind will periodically bit-flip critical data, such as encryption keys, to eliminate 'imprinting' of this data on the RAM, thus preventing the need to actively destroy it in the first place.[1]
It is important to note that that when preforming a live analysis that the order of volatility be followed. The data that is most likely to be modified or damaged first should be captured first. The order of volatility is.
1. Network connections
Network connections can close quickly and often leave no evidence of where they were connected to or the data being transfered.
2. Running Processes
It is important to note which programs are running on a computer before further analysis is conducted.
3. RAM
The systems Random Accessing Memory contains information on all running programs as well as recently run programs. The information that can be gained from the system ram includes Passwords, encryption keys, personal information and system and program settings.
4. System settings
The Operating system settings can now be extracted. this includes User lists, currently logged in users, system date and time, currently accessed files and current security policies.
5. Hard DiskThe hard disk can then be imaged. It is important to note that it is not forensically sound to image a hard drive while it is running live unless there are extenuating circumstances
Useful Links to Read:
01. cyber-crime
01. definition-of-computer-forensics
Several Open Source tools are available to conduct an analysis of open ports, mapped drives (including through an active VPN connection), and of significant importance, open or mounted encrypted files (containers) on the live computer system. Additionally, through Microsoft's implementation of the Encrypted File System (EFS), once a system is powered down, the difficulty to examine previously mounted EFS files and directory structures is substantially increased. Utilizing open source tools and commercially available products, it is possible to obtain an image of these mapped drives and the open encrypted containers in an unencrypted format. For Windows based systems, these Open Source tools include Knoppix and Helix. Commercial imaging tools include Access Data's Forensic Tool Kit and Guidance Software's Encase application. Both companies make available their imaging tools for free; however, in order to analyze the data imaged using these tools you will need to purchase a full licensed version of the application.
The aforementioned Open Source tools can also scan RAM and Registry information to show recently accessed web-based email sites and the login/password combination used. Additionally these tools can also yield login/password for recently access local email applications including MS Outlook.
With MS most recent addition, Vista, and Vista's use of BitLocker and the Trusted Platform Module (TPM), the importance of developing procedures for examining and imaging live (mounted unencrypted) systems is anticipated to significantly increase.
It is possible that in utilizing tools to analyze and document a live computer system that changes can be made to the content of the hard drive. During each phase of system analysis, the forensic examiner must document what they did and why they did it. Specifically, the examiner should detail the potentially perishable information that can/will be lost during a system power down process. The examiner must balance the need to potentially change data on the hard drive versus the evidentiary value of such perishable data.
RAM can be analyzed for prior content after power loss. Although as production methods become cleaner the impurities used to indicate a particular cell's charge prior to power loss are becoming less common. Data held statically in an area of RAM for long periods of time are more likely to be detectable using these methods. The likelihood of such recovery increases as the originally applied voltages, operating temperatures and duration of data storage increases. Holding unpowered RAM below - 60 °C will help preserve the residual data by an order of magnitude, thus improving the chances of successful recovery. However, the practicality of utilizing such a method in a field examination environment severely limits this approach.
As expeditious destruction of chronic residual stress within the module can really only be achieved by impractical exposure to high energies, applications written with data security in mind will periodically bit-flip critical data, such as encryption keys, to eliminate 'imprinting' of this data on the RAM, thus preventing the need to actively destroy it in the first place.[1]
It is important to note that that when preforming a live analysis that the order of volatility be followed. The data that is most likely to be modified or damaged first should be captured first. The order of volatility is.
1. Network connections
Network connections can close quickly and often leave no evidence of where they were connected to or the data being transfered.
2. Running Processes
It is important to note which programs are running on a computer before further analysis is conducted.
3. RAM
The systems Random Accessing Memory contains information on all running programs as well as recently run programs. The information that can be gained from the system ram includes Passwords, encryption keys, personal information and system and program settings.
4. System settings
The Operating system settings can now be extracted. this includes User lists, currently logged in users, system date and time, currently accessed files and current security policies.
5. Hard DiskThe hard disk can then be imaged. It is important to note that it is not forensically sound to image a hard drive while it is running live unless there are extenuating circumstances
Useful Links to Read:
01. cyber-crime
01. definition-of-computer-forensics
Definition of Computer Forensics
... is the art and science of applying computer science to aid the legal process. Although plenty of science is attributable to computer forensics, most successful investigators possess a nose for investigations and a skill for solving puzzles, which is where the art comes in. - Chris L.T. Brown, Computer Evidence Collection and Preservation, 2006
Thus, it is more than the technological, systematic inspection of the computer system and its contents for evidence or supportive evidence of a civil wrong or a criminal act. Computer forensics requires specialized expertise and tools that goes above and beyond the normal data collection and preservation techniques available to end-users or system support personnel. One definition is analogous to "Electronic Evidentiary Recovery, known also as e-discovery, requires the proper tools and knowledge to meet the Court's criteria, whereas Computer Forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence."[1] Another is "a process to answer questions about digital states and events"[2]. This process often involves the investigation and examination computer system(s), including, but not limitied to the data acquisition that resides on the media within the computer. The forensic examiner renders an opinion, based upon the examination of the material that has been recovered. After rendering an opinion and report, to determine whether they are or have been used for criminal, civil or unauthorized activities. Mostly, computer forensics experts investigate data storage devices, these include but are not limited to hard drives, portable data devices (USB Drives, External drives, Micro Drives and many more). Computer forensics experts:
Identify sources of documentary or other digital evidence. Preserve the evidence. Analyze the evidence. Present the findings. Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law. Thus, computer forensics must be techno-legal in nature rather than purely technical or purely legal.
Understand the suspectsIt is absolutely vital for the forensics team to have a solid understanding of the level of sophistication of the suspect(s). If insufficient information is available to form this opinion, the suspects must be considered to be experts, and should be presumed to have installed countermeasures against forensic techniques. Because of this, it is critical that you appear to the equipment to be as indistinguishable as possible from its normal users until you have shut it down completely, either in a manner which probably prohibits the machine modifying the drives, or in exactly the same way they would.
If the equipment contains only a small amount of critical data on the hard drive, for example, software exists to wipe it permanently and quickly if a given action occurs. It is straightforward to link this to the Microsoft Windows "Shutdown" command, for example. However, simply "pulling the plug" isn't always a great idea, either-- information stored solely in RAM, or on special peripherals, may be permanently lost. Losing an encryption key stored solely in Random Access Memory, and possibly unknown even to the suspects themselves by virtue of having been automatically generated, may render a great deal of data on the hard drive(s) unusable, or at least extremely expensive and time-consuming to recover.Electronic evidence considerationsElectronic evidence can be collected from a variety of sources. Within a company’s network, evidence will be found in any form of technology that can be used to transmit or store data. Evidence should be collected through three parts of an offender’s network: at the workstation of the offender, on the server accessed by the offender, and on the network that connects the two. Investigators can therefore use three different sources to confirm of the data’s origin.
Like any other piece of evidence used in a case, the information generated as the result of a computer forensics investigation must follow the standards of admissible evidence. Special care must be taken when handling a suspect’s files; dangers to the evidence include viruses, electromagnetic or mechanical damage, and even booby traps. There are a handful of cardinal rules that are used to ensure that the evidence is not destroyed or compromised:
Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability. In order to verify that a tool is forensically sound, the tool should be tested in a mock forensic examination to verify the tools performance. There are government agencies such as the Defense Cyber Crime Institute that accept requests to test specific digital forensic tools and methods for governmental agencies, law enforcement organizations, or vendors of digital forensic products at no cost to the requestor.
Handle the original evidence as little as possible to avoid changing the data. Establish and maintain the chain of custody. Document everything done. Never exceed personal knowledge. If such steps are not followed the original data may be changed, ruined or become tainted, and so any results generated will be challenged and may not hold up in a court of law. Other things to take into consideration are:
The time that business operations are inconvenienced. How sensitive information which is unintentionally discovered will be handled. In any investigation in which the owner of the digital evidence has not given consent to have his or her media examined – as in most criminal cases – special care must be taken to ensure that you as the forensic specialist have legal authority to seize, image, and examine each device. Besides having the case thrown out of court, the examiner may find him or herself on the wrong end of a hefty civil lawsuit. As a general rule, if you aren't sure about a specific piece of media, do not examine it. Amateur forensic examiners should keep this in mind before starting any unauthorized investigation.
Some of the most valuable information obtained in the course of a forensic examination will come from the computer user themself. In accordance with applicable laws, statutes, organizational policies, and other applicable regulations, an interview of the computer user can often yield invaluable information regarding the system configuration, applications, and most important, software or hardware encryption methodology and keys utilized with the computer. Forensic analysis can become exponentially easier when analysts have passphrase(s) utilized by the user open encrypted files or containers used on the local computer system, or on systems mapped to the local computer through a local network or the internet.
Secure the machine and the dataUnless completely unavoidable, data should never be analyzed using the same machine it is collected from. Instead, forensically sound copies of all data storage devices, primarily hard drives, must be made. Exceptional consideration to this practice are detailed below regarding live system considerations.
Useful Links to Read:
01. cyber-crime
Thus, it is more than the technological, systematic inspection of the computer system and its contents for evidence or supportive evidence of a civil wrong or a criminal act. Computer forensics requires specialized expertise and tools that goes above and beyond the normal data collection and preservation techniques available to end-users or system support personnel. One definition is analogous to "Electronic Evidentiary Recovery, known also as e-discovery, requires the proper tools and knowledge to meet the Court's criteria, whereas Computer Forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence."[1] Another is "a process to answer questions about digital states and events"[2]. This process often involves the investigation and examination computer system(s), including, but not limitied to the data acquisition that resides on the media within the computer. The forensic examiner renders an opinion, based upon the examination of the material that has been recovered. After rendering an opinion and report, to determine whether they are or have been used for criminal, civil or unauthorized activities. Mostly, computer forensics experts investigate data storage devices, these include but are not limited to hard drives, portable data devices (USB Drives, External drives, Micro Drives and many more). Computer forensics experts:
Identify sources of documentary or other digital evidence. Preserve the evidence. Analyze the evidence. Present the findings. Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law. Thus, computer forensics must be techno-legal in nature rather than purely technical or purely legal.
Understand the suspectsIt is absolutely vital for the forensics team to have a solid understanding of the level of sophistication of the suspect(s). If insufficient information is available to form this opinion, the suspects must be considered to be experts, and should be presumed to have installed countermeasures against forensic techniques. Because of this, it is critical that you appear to the equipment to be as indistinguishable as possible from its normal users until you have shut it down completely, either in a manner which probably prohibits the machine modifying the drives, or in exactly the same way they would.
If the equipment contains only a small amount of critical data on the hard drive, for example, software exists to wipe it permanently and quickly if a given action occurs. It is straightforward to link this to the Microsoft Windows "Shutdown" command, for example. However, simply "pulling the plug" isn't always a great idea, either-- information stored solely in RAM, or on special peripherals, may be permanently lost. Losing an encryption key stored solely in Random Access Memory, and possibly unknown even to the suspects themselves by virtue of having been automatically generated, may render a great deal of data on the hard drive(s) unusable, or at least extremely expensive and time-consuming to recover.Electronic evidence considerationsElectronic evidence can be collected from a variety of sources. Within a company’s network, evidence will be found in any form of technology that can be used to transmit or store data. Evidence should be collected through three parts of an offender’s network: at the workstation of the offender, on the server accessed by the offender, and on the network that connects the two. Investigators can therefore use three different sources to confirm of the data’s origin.
Like any other piece of evidence used in a case, the information generated as the result of a computer forensics investigation must follow the standards of admissible evidence. Special care must be taken when handling a suspect’s files; dangers to the evidence include viruses, electromagnetic or mechanical damage, and even booby traps. There are a handful of cardinal rules that are used to ensure that the evidence is not destroyed or compromised:
Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability. In order to verify that a tool is forensically sound, the tool should be tested in a mock forensic examination to verify the tools performance. There are government agencies such as the Defense Cyber Crime Institute that accept requests to test specific digital forensic tools and methods for governmental agencies, law enforcement organizations, or vendors of digital forensic products at no cost to the requestor.
Handle the original evidence as little as possible to avoid changing the data. Establish and maintain the chain of custody. Document everything done. Never exceed personal knowledge. If such steps are not followed the original data may be changed, ruined or become tainted, and so any results generated will be challenged and may not hold up in a court of law. Other things to take into consideration are:
The time that business operations are inconvenienced. How sensitive information which is unintentionally discovered will be handled. In any investigation in which the owner of the digital evidence has not given consent to have his or her media examined – as in most criminal cases – special care must be taken to ensure that you as the forensic specialist have legal authority to seize, image, and examine each device. Besides having the case thrown out of court, the examiner may find him or herself on the wrong end of a hefty civil lawsuit. As a general rule, if you aren't sure about a specific piece of media, do not examine it. Amateur forensic examiners should keep this in mind before starting any unauthorized investigation.
Some of the most valuable information obtained in the course of a forensic examination will come from the computer user themself. In accordance with applicable laws, statutes, organizational policies, and other applicable regulations, an interview of the computer user can often yield invaluable information regarding the system configuration, applications, and most important, software or hardware encryption methodology and keys utilized with the computer. Forensic analysis can become exponentially easier when analysts have passphrase(s) utilized by the user open encrypted files or containers used on the local computer system, or on systems mapped to the local computer through a local network or the internet.
Secure the machine and the dataUnless completely unavoidable, data should never be analyzed using the same machine it is collected from. Instead, forensically sound copies of all data storage devices, primarily hard drives, must be made. Exceptional consideration to this practice are detailed below regarding live system considerations.
Useful Links to Read:
01. cyber-crime
Wednesday, March 3, 2010
Cyber Crime
Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity.
Computer crime or cyber crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.
Discussion
A common example would be when a person intends to steal information from, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Yet denial of service attacks for the purposes of extortion may result in significant damage both to the system and the profitability of the site targeted. A further problem is that many definitions have not kept pace with the technology. For example, where the offense requires proof of a trick or deception as the operative cause of the theft, this may require the mind of a human being to change and so do or refrain from doing something that causes the loss. Increasingly, computer systems control access to goods and services. If a criminal manipulates the system into releasing the goods or authorizing the services, has there been a "trick", has there been a "deception", does the machine act because it "believes" payment to have been made, does the machine have "knowledge", does the machine "do" or "refrain from doing" something it has been programmed to do (or not). Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed (consider the definition of wire fraud).
Issues surrounding hacking, copyright infringement through warez, child pornography, and paedophilia (see child grooming), have become high-profile. But this emphasis fails to consider the equally real but less spectacular issues of obscene graffiti appearing on websites and "cyberstalking" or harassment that can affect everyday life. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized or unintended person.
E-mail and Short Message Service (SMS) messages are seen as casual communication including many things that would never be put in a letter. But unlike spoken communication, there is no intonation and accenting, so the message can be more easily distorted or interpreted as offensive. In England and Wales, s43 Telecommunications Act 1984 makes it an offense to use a public telecommunications network to send 'grossly offensive, threatening or obscene' material, and a 'public telecommunications network' is widely enough defined to cover Internet traffic which goes through telephone lines or other cables.
Secondly, a computer can be the tool, used, for example, to plan or commit an offense such as larceny or the distribution of child pornography. The growth of international data communications and in particular the Internet has made these crimes both more common and more difficult to police. And using encryption techniques, criminals may conspire or exchange data with fewer opportunities for the police to monitor and intercept. This requires modification to the standard warrants for search, telephone tapping, etc.
Thirdly, a computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators. Thus, specialized government agencies and units have been set up to develop the necessary expertise. See below for a link to the U.S. Department of Justice's website about e-crime and its computer forensics services.
Computer Fraud
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;* altering or deleting stored data; or* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.
Computer crime or cyber crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.
Discussion
A common example would be when a person intends to steal information from, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Yet denial of service attacks for the purposes of extortion may result in significant damage both to the system and the profitability of the site targeted. A further problem is that many definitions have not kept pace with the technology. For example, where the offense requires proof of a trick or deception as the operative cause of the theft, this may require the mind of a human being to change and so do or refrain from doing something that causes the loss. Increasingly, computer systems control access to goods and services. If a criminal manipulates the system into releasing the goods or authorizing the services, has there been a "trick", has there been a "deception", does the machine act because it "believes" payment to have been made, does the machine have "knowledge", does the machine "do" or "refrain from doing" something it has been programmed to do (or not). Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed (consider the definition of wire fraud).
Issues surrounding hacking, copyright infringement through warez, child pornography, and paedophilia (see child grooming), have become high-profile. But this emphasis fails to consider the equally real but less spectacular issues of obscene graffiti appearing on websites and "cyberstalking" or harassment that can affect everyday life. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized or unintended person.
E-mail and Short Message Service (SMS) messages are seen as casual communication including many things that would never be put in a letter. But unlike spoken communication, there is no intonation and accenting, so the message can be more easily distorted or interpreted as offensive. In England and Wales, s43 Telecommunications Act 1984 makes it an offense to use a public telecommunications network to send 'grossly offensive, threatening or obscene' material, and a 'public telecommunications network' is widely enough defined to cover Internet traffic which goes through telephone lines or other cables.
Secondly, a computer can be the tool, used, for example, to plan or commit an offense such as larceny or the distribution of child pornography. The growth of international data communications and in particular the Internet has made these crimes both more common and more difficult to police. And using encryption techniques, criminals may conspire or exchange data with fewer opportunities for the police to monitor and intercept. This requires modification to the standard warrants for search, telephone tapping, etc.
Thirdly, a computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators. Thus, specialized government agencies and units have been set up to develop the necessary expertise. See below for a link to the U.S. Department of Justice's website about e-crime and its computer forensics services.
Computer Fraud
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;* altering or deleting stored data; or* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud.
Subscribe to:
Comments (Atom)
RSS Feed (xml)
