Computer E thics Lecture 3 - PowerPoint Presentation

Slide1

Computer Ethics

Lecture 3Computer CrimeDr. Alaa Sinan

OutlineIntroduction

Types of Computer Systems Attacks Motives of Computer CrimesCosts and Social Consequences

Computer Crime Prevention StrategiesReflection of the lecture – an open discussion

Introduction A computer crime is a crime like any other crime, except that in this case the illegal act must involve a computer system either as an object of a crime, an instrument used to commit a crime, or a repository of evidence related to a crime.

With the Internet, the scope of computer crimes has widened to actually include crimes that would normally be associated with telecommunication facilities. Because of this, we want to expand our definition of a computer crime to be an illegal act that involves a computer system or computer-related system such as any mobile device, microwave, satellite, or other telecommunication system that connects one or more computers or computer-related systems.

.

Acts using computers or computer-related technologies that fall within the limits that the legislature of a state or a nation has specified are considered illegal and

may lead to forfeiture of certain civil rights of the perpetrator. In the United States, local, state, and federal legislatures have defined such acts to include such as the following: Intrusions into Public Packet Networks

Network integrity violations Privacy violations Industrial or financial espionage

Pirated computer software Computer-aided fraud

Internet/e-mail abuse

Using computers or computer technology to commit murder, terrorism , pornography

, hacking

, and many other crimes.

Computer crimes target computer resources for a variety of reasons, the resources include: Hardware such as computers, printers, scanners, servers, and communication media

Software that includes application and special programs, system backups, diagnostic programs, and system programs such as operating systems and protocols Data in storage, transition, or undergoing modification

An attack on any one of these resources is considered a computer or computer related attack. Some of these resources are more vulnerable than others and are, therefore, targeted more frequently by attackers. Most computer crimes on the resources just listed fall into the following categories. Our focus in this lecture is on the last category:

Human blunders, errors, and omissions that are usually caused by unintentional human actions. Unintended human actions are usually the result of design problems

. Such attacks are called malfunctions. Malfunctions, although occurring more frequently than natural disasters, are as unpredictable as natural disasters.Intentional threats that originate from humans caused by illegal or criminal acts from

either insiders or outsiders, recreational hackers , and criminals.

Types of Computer Systems AttacksPenetration

A penetration attack involves breaking into a computer system using known security vulnerabilities to gain access to a cyberspace resource. With full penetration, an intruder has full access to all that system’s resources. Full penetration, therefore, allows an intruder to alter data files

, change data, plant viruses, or install damaging Trojan Horse programs into the system. It is also possible for intruders—especially if the victim computer is on a network—to use it as a launching pad to attack other network resources. Penetration attacks can be local, wherein the intruder gains

access to a computer on a LAN on which the program is run, or global on a WAN such as the

Internet, where an attack can originate thousands of miles from the victim computer

. Penetration

attacks originate from many sources, including the following:

Insider Threat. For a long time, penetration attacks were limited to in house employee-generated attacks to systems and theft of company

property.Hackers. Since the mid-1980s, computer network hacking has been on the rise, mostly because of the wider use of the Internet.Criminal Groups . Although a number of penetration attacks come from

insiders and hackers with youthful intents, there are a number of attacks that originate from criminal groups, for example, the “Phonemasters,” a widespread international group

of criminals who in February 1999 penetrated the computer systems of MCI, Sprint, AT&T, Equifax, and even the FBI’s National

Crime Information Centre.

Hactivism

.

Demonstrations have taken place in Seattle, Washington DC

, Prague

, and Genoa by people with all sorts of causes, underlining the

new phenomenon

of activism that is being

fuelled

by the Internet. This activism

has not

only been for good causes, but it has also resulted in what has been

dubbed

hactivism

— motivated attacks on computer systems, usually web pages

or e-mail

servers of selected institutions or groups by activists. A group with

a cause

overloads e-mail servers and hacks into web sites with messages

for their

causes. The attacks so far have not been harmful, but they still cause

damage to

services.

Denial of ServiceDenial-of- service attacks, commonly known as distributed denial of service (DDoS

) attacks, are a new form of computer attacks. They are directed at computers connected to the Internet. They are not penetration attacks and, therefore, they do not change, alter, destroy, or modify system resources. However, they affect the system by diminishing the system’s ability to function; hence, they are capable of

bringing a system down without destroying its resources.

Motives of Computer CrimesPolitical Activism

. There are many causes that lead to political activism, but all these causes are grouped under one burner— hactivism.Vendetta. Most v

endetta attacks are for mundane reasons such as a promotion denied, a boyfriend or girlfriend taken, an ex-spouse given child custody, and other situations that may involve family and intimacy issues.

Joke/Hoax. Hoaxes are warnings that are actually scare alerts started by one or more

malicious persons, and are passed on by innocent users who think

that they

are helping the community by spreading the warning. Most hoaxes

are viruses

although there are hoaxes that are computer-related folklore and

urban

legends.

The Hacker’s Ethics. This is a collection of motives that make up the hacker character. According to Steven Levy, hackers have motivation and ethics and beliefs

that they live by, and he lists six, as below:Free access to computers and other ICT resources—and anything that might teach you something about the way the world works—should be unlimited and total.All

information should be free.Mistrust authority; promote decentralization.Hackers should be judged by their hacking, not bogus criteria such as degrees

, age, race, or position.You can create art and beauty on a computer.

Computers

can change your life for the better.

If any of these beliefs is violated, a hacker will have a motive

Terrorism/ Extortion . Our increasing dependence on computers and computer communication has opened up a can of worms we now know as electronic terrorism.

Political and Military Espionage . For generations, countries have been competing for supremacy of one form or another.Business and Industrial Espionage. As businesses become global and

world markets become one global bazaar, business competition for ideas and market strategies has become very intense. Economic and industrial espionage is on the rise around the world as businesses and countries try to outdo the

other in the global arena.

Hate

.

The growth of computer and telecommunication technology has

unfortunately created

a boom in all types of hate. There is growing concern

about a

growing rate of acts of violence and intimidation motivated by

prejudice based

on race, religion, sexual orientation, or ethnicity

.

Personal Gain/Fame/Fun

.

Personal gain motives are always driven by

the selfishness

of individuals who are not

satisfied

with what they have and

are always

wanting more, mostly

financially

.

Cost and Social Consequences

There are several reasons to which we can attribute this rather strange growth of cybercrimes:Rapid technology growthEasy availability of hacker tools.Anonymity .Cut-and-paste programming

technology.Communications speed.High degree of internetworking.Increasing dependency on computers.

Lack of Cost Estimate Model for Cyberspace AttacksThe efforts

to develop a good cost model is hindered by a number of problems, including the following:It is very difficult to quantify the actual number of attacks.Even with these small numbers reported, there has been no conclusive study to establish a valid figure

that can at least give us an idea of what it is that with which we must cope.Insider attacks are rarely reported even if they are detected

.Lack of cooperation between emergency and computer crime reporting centres worldwide

.

Unpredictable types of attacks and viruses

.

Virus mutation is also another issue in the rising costs of cyber attacks

.

There are not enough trained system administrators and security chiefs

in

the latest

network forensics technology who can quickly scan, spot,

and

remove or

prevent any pending or reported attack and quickly detect system intrusions

.

Primitive monitoring technology

.

Social and Ethical ConsequencesPsychological effects.Moral decay

.Loss of privacy.Trust. Along with the loss of privacy, trust is lost.

Computer Crime Prevention StrategiesProtecting Your

ComputerPhysical Protective MeasuresProcedural and Operational Protective MeasuresAnti-Virus

ProtectionThe Computer CriminalPass Computer Crime Prevention

LawsEnforcement of Criminal Laws

Moral Education

The Innocent

Victim

Personnel

Policies

Educating the Computer User

Exercise Read scenario 7 in the text book page No. 177 thoroughly. Discuss the related questions

Discussion Reflection of the lecture