Professional Documents
Culture Documents
Computer Ethics Crime
Computer Ethics Crime
Lecture 7
CRIME
Outline
Chapter 5: Crime
5.1 Introduction
5.2 Hacking
5.2.1 What is hacking?
5.2.2 Hacktivism, or political hacking
5.2.3 The law: catching and punishing hackers
5.2.4 Security
5.3 Identity Theft and Credit Card Fraud
5.3.1 Stealing identities
5.3.2 Responses to identity theft
5.3.3 Biometrics
Introduction
Hackers
An irresponsible destructive criminal
break into computer systems
intentionally release viruses
Steal money, crash websites ,destroy files, disrupt
businesses
Some hackers do none of these things
Three phases of Hacking
Phase 1: early years, from 1960s to 1970s
Phase II: from 1970s to 1990s
Phase III: from 1990s till present
Phase I: the joy of programming
Hacker
a creative programmer who wrote very elegant/clever
programs.
Computer virtuosos, created many of the first computer games
and operating systems
Outside the social stream, spending many hours learning as
much as they could about computer systems and improving
them
High school and college students who hacked computers at
their schools
Mostly sought knowledge and intellectual challenges
Jude Milhon: Hacking is a clever circumvention of imposed
limits.
Steven Levy: Art, science and play have merged into the
magical activity of programming.
Phase II
The meaning of ‘hacker’ changed as more people used
computers and more others abused on them.
‘Hacking’ got the meaning it has today: breaking into
computers on which the hacker does not have authorized
access.
By 1980’s hacking also included spreading computer
viruses, mostly in software traded in floppy disks
Hacking behavior included pranks, theft and phone
phreaking.
Hacking a computer at a big research center, corporation
or government agency was a challenge that brought a
sense of accomplishment ,lot of files to explore and a
sense of respect from peers.
Phase II (cont’)
Introduction
Hacking
What is hacking?
Hactivism, or political hacking
The law: catching and punishing hackers
Security
Identity Theft and Credit Card Fraud
Stealing identities
Responses to identity theft
Biometrics
The Law
When teenagers started hacking, there was disagreement
not only about whether the activity was considered a crime
under existing law, but also whether it should be.
Gradually, state governments passed laws that specifically
addressed computer crimes.
Computer Fraud and Abuse Act (CFAA) in 1986
Covers areas which the federal government has
jurisdiction: government computers, financial
systems, medical systems etc
Sections of the law address altering, damaging or
destroying information
It covers DoS and launching of computer viruses
The Law (cont.)
Introduction
Hacking
What is hacking?
Hacktivism, or political hacking
The law: catching and punishing hackers
Security
Identity Theft and Credit Card Fraud
Stealing identities
Responses to identity theft
Biometrics
Security
Security is the other side of hacking.
A variety of factors contribute to security weaknesses
From the history of internet and web
From inherent complexity of computer systems
From the speed at which new applications develop
From economic and business factors and from human nature
During first years, the internet was primarily a communication medium for researchers
Open access, ease of use and sharing information were desirable qualities
Security depended primarily on trust
WWW developed as a communication tool for physics researchers, security was not
an issue.
It is not surprising that security of computers at universities and businesses was
weak, it is astonishing how easy it was to invade government and military systems.
In 1996, there were 500.000 hacker attacks on Defense Department, 65% successful
and only 1% were detected
Security experts argued that most of the targeted computers did not contain
classified information. This fact is not reassuring.
GAO reported that computer security at NASA in 1999 was weak
Security(cont.)
Firewalls
Software or separate computer who monitor incoming
traffic and filter that from untrusted sites
Intrusion detection systems monitor computer systems for
unauthorized or inappropriate activity
Password Security Policies
Digital Signatures, Biometrics and other tools for
identification
Insurance companies offer insurance for hacker attacks
Software companies hire hackers to find security flaws of
their system
Security(cont.)
Still, hackers and security professionals regularly find
gaping holes
Two people figured out how to send fake traffic and
weather information to navigation systems.
Web browser have many security weaknesses.
As Google grew and offered services beyond searching,
hackers found vulnerabilities in its software.
Wireless networks often lack sufficient protection.
Software developers are constantly finding and patching
security flaws.
Still many banks and large retailers lack sufficient
protection for the data and money in their care:
TJX example, out of data protection system, over 18
months, hackers stole millions of debit and credit
card numbers.
Responsibility for Security
Many parallels between security issues for preventing crime and
security issues for protecting privacy
Principles and techniques for developing good systems exist, and
responsible software designers must learn and use them.
When systems contain sensitive data, system administrators have
a professional and ethical obligations to protect them
We cannot expect profession, but we should expect
professionalism.
Most individual PC users have no technical training.
They do not use firewalls and antivirus software bcs they do
not understand the risks or bcs they find security tools too
confusing.
Phone users do not ask whether they phone calls are
encrypted or easily intercepted.
Question: Aside from protecting ourselves, do we have an ethical
responsibility to take steps to prevent our computers from
harming others?
Criminalize virus writing and
hacker tools?
Discussion Questions