Jessica Leigh and Christopher James were both undergraduate students at the University of Hull studying for a BSc in Computing. Not only were Jessica and Christopher potential first class honours students, they were also highly skilled computer hackers, collectively known among their friends as ‘Matrix’.
At a recent high profile trial, both Jessica and Christopher were found guilty of six offences of corporate espionage and extortion. In January 2002 they were both sentenced to eight years in prison.
Their illegal activities began shortly after Jessica and Christopher had both completed a six month undergraduate work placement during 2001. They were both employed at Dia gen UK Plc, a computer software developer. By accident, they both came across confidential information containing software codes for an advanced computer operating system which Dia gen Plc was developing with Intec Inc. an American based development think tank.
In order to profit from this information, Jessica distributed the stolen software codes on the black market and Christopher placed a trojan horse, designed to trap and save passwords, in the software code’s logon procedure. They also made modified codes available to other hackers by setting up a home page on the web.
Finally, Christopher inserted the modified code into Dia gen’s computer system and obtained a range of passwords relating to sensitive development files, using them to access information in the files, information which Jessica then sold via the web.
Over a four month period Jessica and Christopher sold confidential information about Dia gen Plc and IntecInc. products for approximately £1.5m.
Required
(a) Discuss the nature of the risk exposure illustrated by this situation.
(b) What are the similarities and differences between a trojan horse and a computer virus?
(c) Identify in broad terms several control procedures and security measures that a company might employ to protect itself against such activities.