This paper examines the Computer Fraud and Abuse Act through an analysis of information systems, cybersecurity threats, and data protection strategies. It identifies the types of systems that store sensitive data—computers, servers, and website databases—and catalogs major threats including malware, denial-of-service attacks, data interception, and social engineering vectors. The paper then presents defensive measures including data backup, software updates, complex password protocols, system maintenance, and encryption. Emphasis is placed on practical, organizational-level approaches to safeguarding information assets against unauthorized access and fraud.
Information technology and related systems provide multiple benefits to business, government, and individual users. Databases, Internet transactions, and emails contain sensitive customer, employee, and operations data that are extremely vulnerable to exploitation. This study focuses on various components of IT and related systems used for the storage of information, such as computers, servers, and website databases. By identifying the ways data can be compromised and exposed to abuse, the study identifies methods for protecting and enhancing system integrity and security.
Computers perform their primary functions through components that are not visible during normal use. To accomplish this, a control center must convert data input to output. All these functions are executed by the central processing unit (CPU)—a highly complex set of electrical circuits that intertwine to store and execute program instructions. Regardless of size, all computers must contain a central processing unit. The CPU consists of two units: the control unit and the arithmetic logic unit. Additionally, the computer's memory holds data for a short period while executing a program. The control unit uses electrical signals to run the entire system. Rather than performing instructions directly, it guides other system components to do so. Communication between the CPU must occur with both the logic and memory units (Adikesavan, 2014).
The logical unit contains electrical circuits that implement all logical and arithmetic operations. It performs four core functions: mathematical calculations including multiplication, addition, subtraction, and division. This unit processes numerals, letters, and other special characters—which is why we can determine the presence of empty airplane seats, credit card expiration dates, and vote counts in opinion polls. Memory is the primary attribute of a computer. It is referred to by several names, including internal storage, main memory, and RAM (Random Access Memory) (Vacca, 2009).
A server is a computer program that provides services to another computer program within the same computer or to other computers on a network. Servers store significantly more information than personal computers and must be protected at all times from malicious attacks and other vulnerabilities.
All websites maintain databases that store various information about users. Depending on assigned bandwidth, storage capacity is often high and maintains information as stipulated by W3C protocols. The use of cookies makes databases flexible and functional, but this also predisposes them to attacks such as denial-of-service (DoS) and other exploits (Vacca, 2009).
Hackers can access data through multiple vectors. These vulnerabilities exist because many factors facilitate unauthorized access. Threats include data exposure from poor network security practices. Additionally, many employees visit sites that distribute spyware, including celebrity gossip sites, casual gaming sites involving strangers from around the globe, pornography sites, and social media platforms such as MySpace and Facebook. Employees with interests in these activities inadvertently invite spyware infections. Advanced persistent threats are typically opportunistic—they seek any available victim rather than targeting specific individuals or organizations (Schiller & Binkley, 2011).
Adware consists of software designed to display advertisements and pop-ups when using certain applications. While advertisements are often useful and common in Android phones, adware becomes problematic when randomly installed without user knowledge. After installation, adware appears in unrelated applications, takes over the browser, and continues displaying advertisements. Adware gathers browsing data without user consent and is difficult to uninstall. Additional effects include slow PC performance, reduced Internet connection speed while downloading advertisements, decreased system stability, and vulnerability to antivirus removal. Adware remains unaffected by standard antivirus protection because it cannot be easily removed from the system.
Autorun worms are malicious programs that overwrite the Windows autorun feature. They operate automatically when a stored device is plugged into a computer. They are common on USB drives and activate immediately upon connection. Similar to autorun is the autoplay feature. To address this threat, Microsoft has disabled the autorun feature by default in newer versions, minimizing autorun worm risk. Backdoor Trojans represent another serious data fraud threat, allowing someone to take control of a computer without administrator permission. Trojans add themselves to the startup routine and monitor the computer until it connects to the Internet. When the user goes online, the Trojan sender can execute whatever actions they choose, including running programs on the infected computer, accessing private documents, sending spam emails, and uploading files. Commonly known Trojans include Netbus and Subseven, with more recent variants such as Zbot or Zeus. To avoid Trojan infection, users should apply the latest security patches and spyware updates. Firewalls also provide protection by preventing Trojans from accessing the Internet and contacting the hacker.
Boot sector malware modifies the startup program. When turning off the computer, the hardware searches for the boot program, usually found on the hard drive but also potentially on a CD, DVD, or flash drive. It then loads the operating system into memory, replacing the original boot with its own version. When the computer restarts, the infected boot activates the malware.
Botnets are collections of infected computers remotely controlled by a hacker through the Internet, effectively making each computer a "zombie" under the hacker's control. The user remains completely unaware of this activity. The collective unit of zombie computers is called a botnet. Hackers can sell or share botnet access, which is advantageous to them because the original computer owner pays for Internet access that the hacker now exploits. The flooding of botnet computers may lead to inability to access certain websites.
Browser Hijackers change the browser's homepage and search engine settings by editing the Windows registry so that settings persist after computer restart. They are used to boost advertising, often through clickjacking, where a blank page appears on the browser tempting users to click. Clicking these layers opens links connecting to hackers. These threats do not exist within the PC itself but largely affect the browsing experience.
Data leakage involves unauthorized exposure of information that may lead to theft and data loss. Many organizations are concerned about this trend because it may expose confidential information. When visiting websites, browsers accumulate cookies that track visits to particular sites. Although helpful, these are stored in small text files without user knowledge or consent. Websites gradually build profiles about your browser, behavior, and interests, which are shared with other sites. Data loss may also result from device misplacement, occurring both within organizations and through external criminal activity. Criminals use malware—commonly Trojans with keylogging software—to track users' personal information.
Denial-of-Service (DoS) attacks use techniques to overpower a server or website's capacity to handle a given volume of traffic. In most cases, genuine users of services such as banks or credit cards cannot access them because the server has been saturated with requests from hackers. IP spoofing and ping flooding are common methods used to initiate malicious traffic to particular servers (Salomon, 2003).
Instances of data interception and theft have risen significantly in recent years. Documented cases include 2011 breaches where millions of names and customer addresses leaked from Epsilon, Sony Corp suffered a security breach affecting millions of accounts, and a server breach at Global Payments exposed seven million cardholders. Email malware is commonly distributed through email and executes when recipients double-click attachments, running code that infects the user's machine. Internet worms replicate and spread copies of files, infecting related equipment rapidly. Some worms open the computer without consent, allowing hackers to take control and convert it into a zombie.
Domain Name System (DNS) hijacking exploits the fact that DNS functions as a phonebook of the Internet, allowing computers to translate website names. In this attack form, computer settings are altered so the hacker controls name resolution. The purpose is to trick users into logging into fake sites to obtain their credentials and to redirect security sites, preventing users from updating software. Document malware takes advantage of weaknesses in applications that edit documents, such as Microsoft Word, Excel, and PDF readers. Fake antivirus software is common among cybercriminals, who create large markets for fraudulent antivirus programs (Khosrowpour, 2006).
Mobile phones contain many malicious apps, particularly for iOS downloaded from untrusted sites and games. Other malware is sent via random text messages to phone numbers. The hosts may expose privacy information such as identity and phone numbers, classified as unwanted applications. To avoid this threat, users should update security regularly and download apps only from trusted sources. Parasitic viruses hide themselves within and pass information to the original program. The computer treats them as part of the program and grants them the same permissions as legitimate programs (Salomon, 2003).
It is essential to ensure that any critical data has a duplicate before making adjustments. For instance, a complete backup allows a person to restore a personal computer to a previous state. In this scenario, any form of data loss has a remedy because the data is retrievable. Modern backup software aims to protect PCs from data loss. There are various data backup methods. Time-based backups save data according to user settings, optimizing time and disk space. Another method is "disk image," where an individual copies an entire drive without worrying about individual files. Most common operating systems provide programs that enable this process (Kim & Solomon, 2010).
Software updates represent one of the most effective data protection methods. Users must ensure that software in their PCs is regularly updated. For instance, antivirus software should contain the latest updates. Users should develop a habit of regularly checking and downloading appropriate updates. In other cases, enabling automatic updates at all times protects PC integrity even if the user forgets to update manually.
Passwords serve as keys to individual identity. Setting complex passwords is pertinent because it reduces the chances of unauthorized access to one's data. With complex and unpredictable passwords, data loss is prevented and unauthorized individuals cannot access or alter information. Users should also ensure they use a secure operating system that authenticates all users. These operating systems act as an added advantage by restricting what individual users can access or do on the system. Whenever an individual's account accesses a network, that person is responsible for all activities occurring on it. Therefore, to prevent any form of data fraud, users should change passwords on a regular basis (Zdziarski, 2012).
Data protection is also enhanced through frequent system maintenance. This process is pertinent because it assists in correcting mistakes or faults available in systems. These faults cause data loss and grant access to unauthorized people. An individual should ensure they have essential knowledge to diagnose the system for any problems. People who run regular disk-scanning programs prevent future instances of data loss. In such cases, they defragment the hard drive and other systems they might require. Moreover, the system will run at its optimal speed. It is always necessary to refresh one's archives. Nowadays, an individual can use archived data as a foundation. The advancement of technology necessitates transferring current data to new storage, which is usually installed with retrievable data capabilities (Stair & Reynolds, 2013).
Most passwords are stored in website databases as plain text, which can easily be read and abused by attackers. The need for encryption has been popularized recently as it is considered effective in protecting saved information, especially passwords. Plain text is converted to cipher-text through encryption. Such information can only be read and used when decrypted to the previous plain text format. Without the secret key or password, no one can decrypt encrypted information in a file. This makes encryption an effective method for protecting stored data in website databases, servers, or personal computers (Kissel, 2010).
Internet fraud and theft is an issue that must be addressed with utmost seriousness. For one to do this, there should be caution while visiting sites through the Internet. Trusted sites should be visited and personal details should not be given to unknown sites. Through understanding the specific mechanisms of cyber threats and implementing the protection strategies outlined above, organizations and individuals can significantly reduce their risk of data compromise and unauthorized access.
You’re 98% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.