ࡱ> M Dbjbj== WW@_lzzzzzzz8&BLua(```````$+b Kddaz@a9zz/a999zz`9`99O[zz` A`]8`Ea0ua8]dd`9zzzzCHAPTER 5 COMPUTER FRAUD AND ABUSE INTRODUCTION Questions to be addressed in this chapter: What is fraud, and how is it perpetrated? Who perpetrates fraud and why? What is computer fraud, and what forms does it take? What approaches and techniques are used to commit computer fraud? Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems. Companies face four types of threats to their information systems: (1) natural and political disasters; (2) software errors and equipment malfunction; (3) unintentional acts; and (4) intentional acts (computer crime). In this chapter, well be focusing on the intentional acts. THE FRAUD PROCESS Fraud is any and all means a person uses to gain an unfair advantage over another person. In most cases, to be considered fraudulent, an act must involve: (1) a false statement (oral or in writing); (2) about a material fact; (3) knowledge that the statement was false when it was uttered (which implies an intent to deceive); (4) a victim who relies on the statement; and (5) and injury suffered by the victim. The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004. Fraud against companies may be committed by an employee or an external party. Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies. These acts are largely owing to their understanding of the companys systems and its weaknesses, which enables them to commit the fraud and cover their tracks. Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company. Fraud perpetrators are often referred to as white-collar criminals, which distinguishes them from violent criminals. Three types of occupational fraud: (1) misappropriation of assets; (2) corruption; and (3) fraudulent statements. A typical employee fraud has a number of important elements or characteristics: The fraud perpetrator must gain the trust or confidence of the victim to commit and conceal the fraud. Fraudsters use weapons of deceit and misinformation. Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed. Most fraudsters cant stop once they get started. Fraudsters often grow careless or overconfident over time. Fraudsters tend to spend what they steal. Very few save it. In time, the sheer magnitude of the frauds may lead to detection. The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure to enforce existing controls. The National Commission on Fraudulent Financial Reporting (the Treadway Commission) defined fraudulent financial reporting as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements. Financial statements can be falsified to: deceive investors and creditors; cause a companys stock price to rise; meet cash flow needs; and/or hide company losses and problems. Fraudulent financial reporting is of great concern to independent auditors, because undetected frauds lead to half of the lawsuits against auditors. Common approaches to cooking the books include: recording fictitious revenues; recording revenues prematurely; recording expenses in later periods; overstating inventories or fixed assets; and concealing losses and liabilities. The Treadway Commission recommended four actions to reduce the possibility of fraudulent financial reporting: Establish an organizational environment that contributes to the integrity of the financial reporting process. Identify and understand the factors that lead to fraudulent financial reporting. Assess the risk of fraudulent financial reporting within the company. Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented. In 1997, SAS-82, Consideration of Fraud in a Financial Statement Audit, was issued to clarify the auditors responsibility to detect fraud. A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to understand fraud; discuss the risks of material fraudulent misstatements; obtain information; identify, assess, and respond to risks; evaluate the results of their audit tests; communicate findings; document their audit work; and incorporate a technology focus. WHO COMMITS FRAUD AND WHY Researchers have found significant differences between violent and white-collar criminals but few differences between white-collar criminals and the general public. White-collar criminals tend to mirror the general public in education, age, religion, marriage, length of employment, and psychological makeup. Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Hackers and computer fraud perpetrators tend to be more motivated by curiosity, a quest for knowledge, the desire to learn how things work, and the challenge of beating the system. They may view their actions as a game rather than dishonest behavior. Another motivation may be to gain stature in the hacking community. Some see themselves as revolutionaries spreading a message of anarchy and freedom. But a growing number want to profit financially. To do so, they may sell data to spammers, organized crime, other hackers, and the intelligence community. Some fraud perpetrators are disgruntled and unhappy with their jobs and are seeking revenge against their employers. Others are regarded as ideal, hard-working employees in positions of trust. Most have no prior criminal record. Criminologist Donald Cressey, interviewed 200+ convicted white-collar criminals in an attempt to determine the common threads in their crimes. As a result of his research, he determined that three factors were present in the commission of each crime. These three factors have come to be known as the fraud triangle. Pressure Opportunity Rationalization The most common pressures were: not being able to pay ones debts, nor admit it to ones employer, family, or friends; fear of loss of status because of a personal failure; business reversals, physical isolation, status gaining, and difficulties in employer-employee relations. Opportunity is the opening or gateway that allows an individual to commit the fraud, conceal the fraud, and convert the proceeds. There are many opportunities that enable fraud. Some of the most common are: Lack of internal controls Failure to enforce controls (the most prevalent reason) Excessive trust in key employees Incompetent supervisory personnel Inattention to details Inadequate staffing Internal controls that may be lacking or un-enforced include authorization procedures, clear lines of authority, adequate supervision, adequate documents and records, a system to safeguard assets, independent checks on performance, and separation of duties. One control feature that many companies lack is a background check on all potential employees. Rationalizations take many forms, including: I was just borrowing the money. It wasnt really hurting anyone. Everybody does it. I was only taking what was owed to me. I didnt take it for myself. I needed it to pay my childs medical bills. Unfortunately, there is usually a mixture of pressure, opportunity, and rationalization in play, and there is no reliable method to predict when an individual may commit a fraud. APPROACHES TO COMPUTER FRAUD The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation; or prosecution. In using a computer, fraud perpetrators can steal more of something in less time and with less effort. They may also leave very little evidence, which can make these crimes more difficult to detect. Computer systems are particularly vulnerable to computer crimes for several reasons: Individuals can steal, destroy, or alter massive amounts of data in very little time. Access provided to customers and vendors creates added vulnerability. Computer programs only need to be altered once, and they will operate that way until the system is no longer in use or someone notices. Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control. Computer systems face a number of unique challenges. Computer frauds cost billions of dollars each year, and their frequency is increasing because: Not everyone agrees on what constitutes computer fraud. Many computer frauds go undetected. Many that are detected are not reported. There are a growing number of competent computer users aided by easier access. Some folks believe it cant happen to us. Many networks have a low level of security. Instructions on how to perpetrate computer crimes and abuses are readily available on the Internet. Law enforcement is unable to keep up. Economic espionage, the theft of information and intellectual property, is growing especially fast. This growth has led to the need for investigative specialists or cybersleuths. Computer Fraud Classification - Frauds can be categorized according to the data processing model: input frauds; processor frauds; computer instruction frauds; stored data frauds; and output frauds. Input fraud is the simplest and most common way to commit a fraud. Altering computer input requires little computer skills. It can take a number of forms, including disbursement frauds, inventory frauds, payroll frauds, cash receipt frauds, and fictitious refund frauds. Processor fraud involves computer fraud committed through unauthorized system use. It includes theft of computer time and services. Incidents could involve employees surfing the Internet; using the company computer to conduct personal business; or using the company computer to conduct a competing business. Computer instruction fraud involves tampering with the software that processes company data. It may include modifying the software, making illegal copies, using it in an unauthorized manner, or developing a software program or module to carry out an unauthorized activity. Computer instruction fraud used to be one of the least common types of frauds because it required specialized knowledge. Today these frauds are more frequent. Data fraud involves altering or damaging a companys data files; or copying, using, or searching the data files without authorization. In many cases, disgruntled employees have scrambled, altered, or destroyed data files. Theft of data often occurs so that perpetrators can sell the data. Output fraud involves stealing or misusing system output. Output is usually displayed on a screen or printed on paper. Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear. This output is also subject to prying eyes and unauthorized copying. Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks. COMPUTER FRAUD AND ABUSE TECHNIQUES Perpetrators have devised many methods to commit computer fraud and abuse. These include: Adware Data diddling Data leakage Denial of service attacks Eavesdropping Email threats Email forgery (aka, spoofing) Hacking Phreaking Hijacking Identity theft Internet misinformation Internet terrorism Logic time bombs Masquerading or impersonation Packet sniffers Password cracking Phishing Piggybacking Round-down technique Salami technique Social engineering Software piracy Spamming Spyware Keystroke loggers Superzapping Trap doors Trojan horse War dialing War driving Viruses Worms PREVENTING AND DETECTING COMPUTER FRAUD Organizations must take every precaution to protect their information systems. Certain measures can significantly decrease the potential for fraud and any resulting losses. These measures include: Make fraud less likely to occur Increase the difficulty of committing fraud Improve detection methods Reduce fraud losses Make fraud less likely to occur - By creating an ethical cultural, adopting an appropriate organizational structure, requiring active oversight, assigning authority and responsibility, assessing risk, developing security policies, implementing human resource policies, supervising employees effectively, training employees, requiring vacations, implementing development and acquisition controls, and prosecuting fraud perpetrators vigorously. Increase the difficulty of committing fraud - By designing strong internal controls, segregating duties, restricting access, requiring appropriate authorizations, utilizing documentation, safeguarding assets, requiring independent checks on performance, implementing computer-based controls, encrypting data, and fixing software vulnerabilities. Improve detection methods - By creating an audit trail, conducting periodic audits, installing fraud detection software, implementing a fraud hotline, employing a computer security officer, monitoring system activities, and using intrusion detection systems. Reduce Fraud Losses - By maintaining adequate insurance, developing disaster recovery plans, backing up data and programs, and using software to monitor system activity and recover from fraud. SUMMARY OF MATERIAL COVERED What fraud is, who commits fraud, and how its perpetrated. Variations of computer fraud. Techniques to reduce an organizations vulnerability to these types of fraud. TEACHING TIPS This chapter has more new terminology than any other chapter in the book. The crossword puzzle on the following page can be used to help students assimilate the terms. CHAPTER 5 CROSSWORD PUZZLE  Across 1 An attack that sends blank email messages to identify valid addresses and add them to spammer lists. 4 Accessing and using computer systems without permission. 6 Using special system programs to bypass regular system controls and perform illegal acts. 12 Software that collects surfing and spending data and forwards it to other organizations. 13 A segment of executable code that attaches itself to software, replicates itself, and attacks. 16 Behaves like a virus except it is a program rather than a segment of code. 18 Tricking an employee into providing information (2 words). 19 Programming a computer to search for an idle modem by dialing thousands of numbers. 21 Gaining control of someone else's computer to carry out illicit activities. 24 Copying computer software without the publisher's permission. 25 Emails that mimic legitimate companies and prompt recipient to provide their ID and password or other data. 27 Accessing a system by pretending to be an authorized user. 28 Searching trashcans, etc., to gain access to confidential information. 29 Changing data before, during, or after it is entered into the system (2 words). 30 Using a computer to find user names and passwords as they travel through a network (2 words). Down 2 Entering the system through a back door that bypasses normal system controls (2 words). 3 Rounding interest calculations to two decimal places and depositing the remainder in the perpetrator's account. 5 Stealing files containing valid passwords, decrypting them, and using them to gain system access (2 words). 6 Sending an email message that looks as if it was sent from someone else. 7 Tapping into a communications line and latching on to a legitimate user to be carried into system. 8 Listening to private voice or data transmissions. 9 An attack that sends hundreds of email bombs per second to shut down a server (3 words). 10 A program that lies idle until a specified time or event triggers it (2 words). 11 Uses spyware to record a user's keystrokes and email them to another party. 14 Watching people enter credit card or PIN numbers in order to steal use of the numbers (2 words). 15 Placing unauthorized computer instructions in an authorized and properly functioning program. 17 Illegally obtaining confidential information in order to assume someone's identity (2 words). 20 Copying company data without permission (2 words). 22 Email unsolicited messages to many people at the same time. 23 Using phone lines to transmit viruses and access, steal, and destroy data. 26 A technique that steals tiny slices of money over a period of time. CHAPTER 5 CROSSWORD SOLUTION      PAGE 8 Computer Fraud and Security PAGE 1 Computer Fraud & Security  #%3 B X A_ >3<:E- = !!!")"''^({(~(%)0)5*6*E*l++-)-B.N./ 0 000Q2y23Ϳͳܜܜ莧觎ܜ56CJOJQJ^JaJCJOJQJ^JaJ5CJOJQJ^JaJCJOJQJ]^JaJ6CJOJQJ]^JaJ56CJOJQJ]^JaJ5CJOJQJ^JaJCJOJQJ^JaJ5CJ$OJQJ^JaJ$8 #$%23^j  M  & F & F & F & F & F$a$DD O# z95#: % & F & F & F & F%]~- Z z "!!!!!"r##$c$$`%%%,& & F & F & F & F & F & F,&P&y&&& '''^(%)6*l+-B.// 0 0f0m0{00000000 & F & F & F & F001121C1a1q1111111111222*262B2J2P2Q2y2z2h^h & F & F & Fz2A3a3333v56788888 9Z9[9i9j9:/:1:2:9:::7; 0^`0 & F & F & F  & F 33v556677888[9h9i9:.:/:0:1:2:9:??gDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDCJOJQJ^JaJ#0JCJOJQJ^JaJmHnHu0JCJOJQJ^JaJ!j0JCJOJQJU^JaJ jUjUmHnHuCJOJQJ^JaJ5CJOJQJ^JaJCJOJQJ^JaJ5CJOJQJ^JaJ47;;;C<<<'=h==>_>>???s??S@@A7AAA4BBBZCCC 0^`0CDdDeDfDDDDDDDDDDDDDDDDDDDDD $hh]h`ha$ hh]h`h&`#$ 0^`0DDD 0^`0DDCJOJQJ^JaJ'&P1h0/ =!"8#8$%@=<ϐ `9TUHBH?<xڭ puOz?*#S( nlAd# #bad&vq Icpiٵ22XVv1M̈Fӥ4kau7Y4{x~zsso<ST.NU\}sy,vWGğb]X,{ﯻg/5x; v'bby2}1cwˣXC>Kbد)S\pbo&|7k?!0x牵/~!W֟}-/~|”[x,gyM͟OclH|p 8y¿(>TXc_-I͝osq;ܙA9m lOcsΐlR6]b쎱YYݴY͌9=[r(;\M&3bl]N<lj`)Wb= >?ycƦ;wPvCW 66; b >ZD9ml,cbkB|~<(;\;"l1cHh\Fr|>f`R+.}P'oOgPΓOh#-8Es=q;MteKn}g{NfNbe±m?;7ial's ;[r(s5۰lI,K8Q&`ka/$L8 D5(Ά}g{|t&l*MnHذl,It'lQ&`ka_Xp%>8K9$p&Q&'ˉբ~ m~%Nf ~&Zlد%Ɗ >e46kUcLem%lنy%ɆOe45|ҼMcQF)a6 kB|2m~؜h)_N|.lr6}yxh @PF;\ ly Un@T`lJ|h`ky=Z],>?l>:/qظmB F`ccTe4(,+Ưw'ۓίGONgP ׻˓NFM{Fٰٟ\I w';-?Op[bk (ΆΤ{'lY_1Z'ze{SjA=eliN{l(5I_mͽt{"†spzyd7XYKa߹a|p/7#Π8nd$>_InZذ0v8&Ԇʑ4p6HNwN9?ٰ0>*mA9n aa|p?JGP 㣇ӏN[>>ވlGo=N; sr$aa|T<ˑI7ٰ0>*t.ezڜ }v2+2w; LG'Hz((jP |G7Hz<(֠8cHuVh@q6\?ϧ:2θ9F;3Q 鞲d (tP 鳕#W?G#A4p6ikӁϱ [Wf0'\[gf<(צcX|4m|m:9a,.ɴ zצcLOY2m|m:9aʜɬʸl:l8'̮ɬo{u6s;3wNfe]NSdنtʬ>;3Vq6\3NOfg]N9VlNgL̮ɺ:s؟m :1uz2"t:϶R@:1u*[oDq6\3NOfWe]N9PϦlNgLd]N\n8S̥(l\顯}:FmDEAq6\gL.דsuڟE}vfmf3َ̺ܲwܐ_Ά]dKuPP6Aq6gyɆ*lnH˙ºܚwaِن]drw҆܁gþs&.`N~[ސ;ވlwd{灿 eC.gþs&{."|? imm835yhP4ʵ!gmvw6.'JMRolþ)7*?w!aٔȔk.l6Ӄ TAq6rcR3tCV48M%izD}(ΆtS\ߟwu!7j>gu)wRʯȻ:ݐC}6תUgu)7V?wu ;ZaG!yk0u:+91uZ ,̯uZlo?gu:d|vQPP;gu:+?hdVA29+pʏEV϶Ґϡ^نtV~qi0-괚G}L}6\=|j~ (C>zeY:Q͵!SCA |nsiiFqmm&:6u邫!5*, :6ut2]#igu:ltgaYHw3(Ά&j,\pZUm\ ,\,ajkX2l@YO׮B5(ΆmxBg|>$l8 %웰lñd8?z(qcg~=lzgٟw`7.lx|8LBwv`k0lŠ'OeW-(Άɇ7K*nJ8pFɆϣw`k67lڜ|mk 58p>^6@PvAq6NM;YXSp>w`7 lx|8hU>|;\ aӶ3Ggɠ鮂9\da"5Qtm{WQ ' phloqq95V\Utfd5۰/0ٵd筟S&lXmLNw\ Wm-es6 ckmhk2^<ЀlXGdӽqo bOy"|6n|zSrfGl1fGq ۳ ť%!ޙy;֐g֙Yomfgƌ'-9o#Op6;6,.IԣFgulCOyqiY= x͵*glyF6Fj(ΆğmxiqiuՏŘLM ڬ+q&R7Kkij )󜧂6Kr7}le*5۰^RgF]VlXML쵍ʩm8'o7R{i׿Fq6Uu/cgþnf;|Y55۰ϑlMoyT?lþ^),ui+okSoa운o6M mwKO5,3$͈ڔwnyF;\vtlþs YOڌly/4mtz*xζYf~ַͳ~qU{SϿxH 3m kB󦆶Qzc(`c-hjxOyuUBX;\ h),~]4Jp6ܯ?xt]U v(0baO4N{.庴p6Þh\lh}fq6''R vFtRp{p]vqa9 ';2=eov$#pvtٰh\)w٨=NنDɪ3YuJka;ѸشԎkk(UgD욬%soSoylGO4>$(+Pzfg맯+rیl\p>gxeMUR1gþglD@IWڂl83Q!^Y^qhox#J)ah_xOo~+5p+Oq6xeEŵ2As-]\Eq6ʳk6+#5gmTɚ|P*٠+f~ec 6Eo v k|XleYi]5۰+sg\Z9J+5q6ecpi|?bWh |ewQ|@`kaWΊ:]D+&iن5$_06NyjeV8|p7|ޮΆ5>_HN q\ S+w2 f5jfМ [.'Zܦ 6ʘ5/6Olomm+Kg+4L;p[WfVVm0` hlm!_yId\[\0jw=9ڑ4\ ? ߙ+Xj6gzڑ][Usz`WLӪ\ Ꝍyy쪊ia['k5~9f]팺.7ڂͣwf{Ά⒴4fn [kk]56W65Fj(ΆSM米(#4\6kWv.V\^eG [#ن%ᣭ44nlZlXCZjcfYUFqayUK홆Kų`;2س ?ҥZGU57Sx$gΫZLhmyJp^R{R* ~$gΫZLIԏ͎) ن!]~& l|-&\_sYg6 j1+mw6l>bnJ/3jʯe~]|f);7xy3x4[ͱ/f'{sgU?׿;z؜؇?13.ͼ/vGwް{z3f湯˻<';Ϗe}?'j_u9lfL}9o;2ߚ{|Ǘ93}Oٿ~"7To|ޡe?Ȋ?zDu|\l3~܏{5Q^b6# <lm߻^jnZdYN:_S>}<ؿ1S>xͿ3=朘_xk|M)S>/.M|K nHY8ls)Ml _ޗf!o) ( ϧ-CG1tkټ( K(CW2 L`xlN }nfCb80Ffd14 pf8G  C&e8 rblF93 _( * rw =^]5 Wa\ar>0+oCWfJ0h3ubW QabYp s"_ 7' a~1 ٘+dgm (þbaA2 G0q<ʀ9\ ~ QI։a>oi"Smʧ|h>9/aİZnKC}!zi}`>c`?@\~ ̐[O)qg@&3z e/ M0GaXC*1<|h!_ 31|PaleX\_w >{(C{2 ̰ 3|V* + Fİ^0h0bsDe);y a`{a/frlmİG0h0o J!_ g+}r1 ~4 bPF.ã .n0MU0}_Y(f}JY>b. ?vs(w 10|)cbx1{ŪCTO6nFaKrrt?nLW(nNEb8-d\FqG?S̰\'RN:' 1'qπ| 'b((v(gJBV+qs)Ůa܌ '( ?S̠ͥ>Vm3l˨m(mgJۼBm?gv1ld>K]],LyԋpZ0h?vK J.v ژjjvO$  h 1]l Et*.PG.| 0]{-w m+OC څπv f𵺛 m,GRAɣ|Q`@ ˕67m3l67(mg@f={Ҝ70`'L1|C2 fޛ1sV)aG¤>l"}خ}aF҇>Da> Ї_IvLo"}خ}Va#ÎPI}D]/ч;B}&avE|D6>!3g}f1 ~p8ە>π>aH#ԨrR6xvE|hQ绗VXW'5+|NѨd:Q7H0Ϫ1l$A6;( 9~zr+4׼Gkn Z.z_>/1|GaxGaV f>A/ y>/p'S.^$ӂA?PƋP?k/|b@`5\C_D#d?% /|_k(1\ QbπubV=b(_"3}=JnPb=ǻ"3#* Y>b Y26b־0fEs9W(fQbπub30ۈa`d bπubV=8J Ao^$ bπubV=ǃl̊_)c7(fTb9%fA+/xP}tCVGÔy7h<ꠢFAi> !iApPчs> <>҇C>Ddt2dQ9E}`|n)so>Tᜢ`>0ç}Gp(ԇ~̰V}sF {?)3$'9E}`m->҇C>D;97}Pчs> NE#mplfk~d.˼s]NF9cFEce} 4gFu: ˙Aߕ Q+ĀIf(96 ~k:ҳR0Ecϱca",e .SG'e8Ƌ~2^|a*g@XQ.F?ߥxqT>/a/Q8Ƌ~r 仔OUπxċ;un+Q%^ `@`ve ŋca # πxċz ۈa`c ߥxqT>/a2zƱp5_q }s>X9VfXs{V|%'O)Z='j9j;ԨHN)3@fHaQǨ}5*?ԨHN)3@fHAM D}SF Ш(fXyF5*_(0<0@|h i3pT0hoKz4ꔢQ>4j4OzFE %heEz=Ii}޸ըR^qha}4j0Ԩ~R^~kF]V4 (f& G/gD + XW (1\ ~R'_$5zJ0huůкהu>01`]13Q& GkgwaZaxCab0`]13tyuB :Wh5E/+Z h53I0 dmt4j4Ԩyr^ E|hQa`GS>Q>4 (f_$ 5*zނԨIP4gF F F=!c%+ (h3<=-ըyZ3/My[ѨFm\ZqZ/!5MҨQh=3h丘ըyr]OhE'Ю=BjԛQo+3(yǠi(iԵPi>4.Q>4 (fXˍF] 5*z>̣ޤ4 (fyQG h4^>RFE7yuR4jBѨa(1yyTQRF]'hԄQäQ̠ 9ީP<:i-E&&bm߳kr59iM-eMπac^eMw59a;[ʚy0wGs.9wπ=Ldb*k;[JP0 f)O}y8r-3  (vM}:-3a7Qܜ f>:[JܜP0Mfcv`^Xo) W26vbT }ƫo){Bϫ9oX"xA WπXpT],!nw$cNRcncWİ^0h'~uan)9̄ SS'9&5 c+k=mİG0h;ɾuʣn)yԄG S kXQ>5=/*; c.c`ΟcbשyK&\nrz>yd`γ낮Z[ʺ pV_6RAmsX(#.Ds9 rO#CA;oKrҘ/\g@.r̠I"cw? 0w Jܜ5y`._(qg@f=A;_L%>t IfX1yemKmJ6 REN,zYh+ܣ(F׉-wyNJ|j(N,zZa€ub IfhWAw=Me3@лYcua־=MVpߔ봬FEϏ{[ ; 4jemw2v| + xgF?H v€>0C 2*+l7z^  > hn^] zヶ=OypIaxUa@w]QecV%l$+0:Wiwy%3:) >b0`gJ ?3<+vޥ\ ) ?UWI] # a|À`HC`0`X0`gM amM |ONV~0@'NImA;/51€q0`8L=}F {vÓ a|À`pT0hx+ wxq3Q]օa*<QɆh@wY"zު`80 ^ `8ްeaFo8`80 ӂa]1h-V. E, !z>ԇ>)Շvڗf m. f_6?JmMi>f;cY9. `f000NԘpM0h&7}7iJF SA;Xαo̱ ĀrfXRn$% ?WPۃa~1,S ENi:zcmV v2#V/$^ju3'oO2/wQ/G=<C ~1\$-vm^w.^Ç) { sa# r0ܧ0`ݠπu'hqf^`9yr0<0`NgB W{AgԢ˽9-sj`X_NFϋ~SaN*: TbԢ9hNʜpC~w<{~ݟW>`8-¾70bb0 ^ * r_?㍋xaGƋ|Fc@xx1 0d i݂1vv0>0 ^ * KAˣ)ZQQ q-Qy%GyT=}'q 窏餡?À€5,0 f{rm>ps{˲ʣ*Շ>cZ۔Mn ۅ}+ɾ^! څπvGM2.{Q>}^'P^UA{E۳}^jpތµ~[>π>o J-n vE]Fa@g&y!k}^֦4t 7yhM3|FcV'F[ [}4 ںbg>qD sg W̰FB=޶Rfg@_Ϲ/!noDIW1% |Ā3ho--ۯtc_πXĊzZ--Q︖Y`ج0`>g̠%ؽ-4oν#( >b7d?1\ ׈{tڷcbxUa@]!NXu`ҕAds Β1 _y/ClxQ%%2p #f}^"1 ]ޙIkOl‰IuOG `p ڻr|fԞϛӚ&I}^}< İZ0(ĦQA ( W}޳ubjoown3 )Эy^6MӮ˼c"1lQ i:yӴKF O( 7p1bǜi'ڙ1|00ϛH!bxQ0tvӴy;ineπuy߮^] hp/|/'Ja|sK9'wR>['}`+:mm s9ΟĮ;߽[|r`@. *Qtq6`@e{'w+g@b73hc(v cwi ~˱ޭn ܧ` rw?cO^ ĻIC>y0Zd| O>{O)>y|=CѮ:@q C |rL Ю{'>9csms~9 |rL `6mP?9>9If5*NϢJzm>z>(8esUQ>C%|',xZ?J w KNSw MЬ0 .IfhWIy'ɗb~b#$$'*y4'퉗t&0Q>C%On7=İZ0(tcXN ( '}+Ā|?&_BiSY-$O2.6ON3s _$/+ '}`H;a`Q"UbmpOclIlw O8o÷w`8UJ>yɣa>iw)]q #+ '}`/z8f]II% 3p21szß) |`Xs )v c]-(vc@>*g@R}pT0 Z#n7︖nG;'q{oSsmÀ€3 v?Of\v/Зqŵ} }=ў Aőr/cVeeg} G{V= t*i*qǀ ;e%Ӷ;IGuq{n#Ǹ`h"9 }Āq{fxPɫR<MJ̮ x1뽬Mm2?tXv**fZ!6qc4n2n3`ܾ֩]G-!nۙ^RmJ0|V* n홡WY̧q{;ZmgxG9n_V}۷D<ľLA~F0ܔRk׮g~Gu ':vq^TW/~U^7 jSf>f^3jFDЌhWnGlDJp}IЮږ]G_Iv5mR)kllJ0>4hWmC>|-5M 5C) |- M `_Ӯzvnv ^.\ F>GI.ޮ~|iD'4u!$;7E:ߩ^#3i@|G@|GjyM.@㡿 DG|d_@6vF45>FzD+ћټju=woρhCS=Z7n̞}%z WAu9-c9P]ѶֻODO^r|KS]mCv-CT/h[}myjk>ږږ3l[N$Wb P٭mVII3u'J,Nz~5:ߕy5YZ4ՙݬWbݠ:Jƿ'h%ǿ+x; FXt:CSM։xUS32}/kj*=5ZO&"7oҏAo`T''Glg~uHk$`udojWR ی4h#>6MmZf#dij4&MSe,X5m.SP٦RH$45^ZDQSuZ!: xT4k<̩i"Yy6Hv<sܦz'= Ü& M9kH5yWVb89Vw'GNLtӊ器;A,D Zm-lפq5y?ij+ݷ ' MmD˵^I~t6HV5~zo' ?rj7tꭤ{@mGJhj3>Jj.Z3DDDQMbIDu~y&m~*)cSӰ}S=铷x}UR5M3&=/tfF3iDZLzy8;yW4Nh<z,fsyAuMyMϤ.Mtnnm˙4h";3yPݞgN[k=Zi;σjJ5?|Լkz~ =[S3UM55{>y 55{v m? ]jl5 ] 癈b<2W3TT_iiZy7\x臽zGY[/tCMcx M~.𫌇~XXmoe5-t5q,t55bce 81;36%WZ 3Rvy_);y͝YJY?Fo.^˞<)vN k*eKtР;Cov~k&hҦ] ޷J"7h<˜ >އ~=/OPA)Ԡw]ʎ@j7r;!n̞νv+eaކYCۭ͊YCܑuid~nm<m3gW0ϫw~{䤟s~0# C ˁk$7-Mc<FTj7h{od}nV5v'45Zj\`z6wME܁`7lJ<@1׻wu>}OtndРmK1ҘAfca>W0˃]~-shciq\/G::œeNt„_[̉tԜԜxtk&̝^& 5(Bl< 0ysb4;y]gz.o].O@|vN81MݿMuWzIGFNy3fsGFw h{3; {yyElD&3d"wLD%(j{DPoLx7?>zA7ަSg˃<.' KgWS/)g~ 2}WFn;U>g0Ih{KӅ*=m<@ CopU|=tZ[[C9-ߜU&M'Bh{<[LVJYPUcc+Y}[PUvjy%`UeK ~,UQ5~,U=ڂl,U=ba.o~l,U=sRꓻ478*-+iHOGG打yzT'Oh{Wb"=ubRʾԬffǰ|<5QѬXZSu&"k97^P5Ye<"ix_q}zyh6 $ar<>)r<>6W~s,y|CG,(Ї.^x {y}OBH*_'Uԧj$^QEm**еRRnz&%dT4 F浰 b0ܫs{_!~߳:F}GgN?ɨF{~E?y6Ed[#Gȑ/=sKQA_s$ D _} Kik!ǰd#4,7 B]S?N'5_=:qGyq LFQƞbڲr10D6[&`\aCZ=Dkg~7XCP&қ:$PưLy!,?F[L>,+oTs&oQ}DZ=s}f!,|ɇeCY:0 )+@-&5e[$ɇeRYk$aUV鈑0+k-ˈQ mt^.xv t8\|y3p+3GGԡq xQ7Do qQfqne6 qVfqne qVfqnev tTfem{.fmBO7ԇODשveWȦ7ꌳ̊9Ly̔cƀN W9ѬZ֏1~1eY$?òi F:1a!,ʏ9&gϑ4$  |X"?2CV>,0k2[|ɇert.3+'IN2ےg3#30~&I?N?2+$Yi1pɣ>[/Ů3wGo| n>{O5+l aV~twxj1_T{1>7v?ܹ%; SYʼÊ:X%;LTYʼÊNX%;ȌUYʼÊbz2?vI;e>nNOu+laٲ_e/A y"+Uky/~s枓a5cXv2Sw+wp2}.|^}n.3̓,;?? a?d0ye2<Dz]q,KƅRTG\Xc.Pql¨ 43laVeɇec[Iea<^Xb1ON>KBuûx_'o9puûx_'o9,ruû,x_'o9ls~?NrC2i=btTDi!/TnCm ~eV;_{ d;`@fslvdF<`@fslvd<`@fslvd=`@fs{ٳ=g/~c/CsLodHj`Z9ϧ8r>-uGXe?+ܡ3=wV(Ymϝ ٞÙ*8!9JٞÙ>8!9Ɋ=YLV)pgrlpVw8 ܾ{dpqaBY`q^RsL0q>c.u8*)8uY]qG8;Ȋ =A@Vap,Yq dAppp +88${p :8ꄃYU'{8{n:KVp{^^J۫N:p#^d&g -g/Yau@j9{ɪ~cO(I[yz5s*|.뇷 ?kCXr뚬xḴl9\*Xٖ[de _-j}^Vg.{"jJ|䀞{Y}ßYPV#-|DVp= m9<o=>[e_>喻_@[eusY1o1z/8>[COYY":j#SV CrYdm4õ#ǩEǩWjg0q괈S4Y6J'nC~瘇d_+VqpH8aUR⾕!g+VM!g+Va!ʇU]q|X%!ʇUgyHʇUlYY5F)"qg՝8[><8 yr1VʇUq\Й1KY-qCgd_{H7V>-;xvڡoq?O}UnG>/+: L>zCL>gaUn|9&Vqi&V Y?*: /29K?*8.grRVt$,.#*2;p2q<,>np9c!KYqvdd1Áv:FvrvU</2JAoc CB?ףaՐ<^QwZVHr~~e$ǯï";J!ï";*Lq93Yq6N8;p&5>I>e'8ӧs󕕞V>O5a՟O $re:%ʅ~"}:bcu9(+6gʇU d+d)\ը7ٸP,e*_7?Yq0 .eu+9åxkp)`ߞ#v~++cs69['ges63|B}#ږ]e.׻}vPvzU|ݙuu^NTcϮnݑ|ݱg1e_3[wdE0_wi)uGV sہ~{RUp/ϗ4A6 jiYr뎬N֝%JkiYr뎬N֝%Ȋl\|U|)ӺYם2;KnݑܩLҗܹLrKYB’ y|~R&?Yr~"+ƹO*r>%,]js>%@]ʪt>%Tqa¦ zDž5 Oq} XM\8(.l +y\X€qa¦ rDž5 ..jz(.l +y\X€qa¦ Dž5 ..|(.l +yJlhYjj~F~DVs?Y#?t~"ɦ|?IOo ~SzF3Uóٗ RG8¾}ǧMO7}&*n&iTqv\iO}6Oۤ}Z7}&*n&6iVq4Mu]+U~; G|7&po+[Ma߬qI8o[?l~sA9x xXEsuQ\P}wkI{>; _z}h#:?T¥xejw{ w[8|3pKWx _KIx~wWᗋ8q`;T|ZO\y{q?zVmֆ~y5S6ZPTrbw){g(PpQYa^/w)k<~_TL}kV?g`<+wV)߱`lc?>~VcO-GR iH@H Normal'CJOJQJ\^J_HaJmH sH tH <A@< Default Paragraph Font,@, Header  !, @, Footer  !&)@&  Page Number<>@"< Title$a$5CJ$OJQJ^JaJ$@b #$%23^jM O # z95#: %]~-Zz"r c `!!!,"P"y""" ###^$%%6&l')B*++ , ,f,m,{,,,,,,,,,--2-C-a-q----------...*.6.B.J.P.Q.y.z.A/a////v12344444 5Z5[5i5j56/6162696667777C888'9h99:_::;;;s;;S<<=7===4>>>Z???@d@e@f@@@@@@@@@@@@@000000 0 03 03 03 03 0000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0  0  0  0  0  0  0 000 0 0 0 0 0 0 0 0 0 0 0: 0: 0: 0: 0: 0: 0 0 0- 0- 0- 0- 0- 0000 0 0 0 0r 0r 0r 0r 0r 0 0! 0! 0! 0! 0! 0! 0! 0! 0 0 0 0 0 0  0 000 0 0 0 0 0 0 0 0 0 0 0  0  0  0  0  0 0 0 0 0 0 0 0 0 0 0  0  0 0 0 0 0 0 0000 0 0z. 0z. 0z. 0z. 0 0 0 0000 0 0 0000 00000000000000000000000000000000000000000000@0@0@0@0@0@0@0 0 8^^^a3DD$,0 %,&0z27;CDD%'()*+-./D&8?Aa!!12L"$ϐ `9TUH<)b8"$pG .-8M82$exO7+\o82$Զn1t>:82$daf>!_82$ Rȣz82$l{cA yO'82$} %ppU82$,VUDNO82$cWaءN2d*82$)reU3hsl82$Ev%*рCC@/$82$v#-S<J82$N n.tXaoW82$%D -*82$Um=8ގtj82$u+$Xm<482$a%KğQČ 82$qT hEV~E82$;?F: R ba82$~4td֌]U(982$L.x̶zog*82$(D 7X./Gpu82$ơVd.PtquF382$z f5= 8@B1(  P 0 # A#" `P 1 # A#" `B S  ?/6@@1B%$T0$7#T"$ , P$\$f,l,,,,,h-p-----..==@@@@@@@@@@@@@@ #=>`Om%&G2P2@@@@@@@@@@@@@@33333333"f,m, 5 5Z5@@@@@@@@@@@@@@@@@@@ Carol JohnsonJE:\Prentice-Hall Project\Instructor Manual - Final Copy\Inst Manual 05.docUGOFFSA&C:\MyData\Romney 10\10e IM\im_ch05.docNJrU! 6̺%6 Q8}s >%"@VFw*%UxV+^`zYg.>R#h5jد|55c~ :d̮4<R<0āGhVOL -PwxcRFkj]Jrz_HAn1>Ds:sGYtJr*)xJr0~jMC~`6 ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo(  ^`OJQJo(  pp^p`OJQJo(  @ @ ^@ `OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  PP^P`OJQJo(  ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo(  ^`OJQJo(  pp^p`OJQJo(  @ @ ^@ `OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  PP^P`OJQJo( ^`OJQJ^Jo(hH" 8^`OJQJo(hH  pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo("  ^`OJQJo("  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo(  ^`OJQJo(  pp^p`OJQJo(  @ @ ^@ `OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  PP^P`OJQJo(  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo(  ^`OJQJo(  pp^p`OJQJo(  @ @ ^@ `OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  PP^P`OJQJo(  ^`OJQJo(  ^`OJQJo(  pp^p`OJQJo(  @ @ ^@ `OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  ^`OJQJo(  PP^P`OJQJo(  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo( ^`OJQJo(- pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo("  ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo("  ^`OJQJo( ^`OJQJo(- pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo( ^`OJQJo(- pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo( ^`OJQJo(" 8 ^`OJQJo(  pp^p`OJQJo("  @ @ ^@ `OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  ^`OJQJo("  PP^P`OJQJo(" c~ :cRC~Yg.O%"CxV+N0~4<6 HAn -PR<G>DsU! |5#h5s z_w*%*)xGsGYtGkj]G`$8ʏ}XU\{JJ2\ ~`uo">*Vv$^  "t|Pp,#@P4P5g/X7:Kr`Zš|>~r2(& 20HKʠ8L ސUڜ`)8D}@׎c~enD쒂.j̎bz$tp2VЀ s Y^^}Ĝoh>DΚ;}sDUrn (jJbn<QV⸵5> SDz6!6DEFX.nm\`$ftʏ}XU\{JJ2\ ~`uo gn ER׆vh4XgB*¬0 b⪚AH.`66mPzX4l! j"=R `$ftʏ}XU\{JJ2\ ~`uo`$ftʏ}XU\{JJ2\ ~`uoS}4xLr2^ʆxbT?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuvwxyz{|}~Root Entry F>A1Table`dWordDocumentSummaryInformation(DocumentSummaryInformation8CompObjjObjectPool>A>A  FMicrosoft Word Document MSWordDocWord.Document.89q