Computer Ethics Lecture 3 Computer Crime Dr Alaa

Computer Ethics Lecture 3 Computer Crime Dr. Alaa Sinan

Outline • • • Introduction Types of Computer Systems Attacks Motives of Computer Crimes Costs and Social Consequences Computer Crime Prevention Strategies Reflection of the lecture – an open discussion

Introduction • A computer crime is a crime like any other crime, except that in this case the illegal act must involve a computer system either as an object of a crime, an instrument used to commit a crime, or a repository of evidence related to a crime. • With the Internet, the scope of computer crimes has widened to actually include crimes that would normally be associated with telecommunication facilities. Because of this, we want to expand our definition of a computer crime to be an illegal act that involves a computer system or computer-related system such as any mobile device, microwave, satellite, or other telecommunication system that connects one or more computers or computer-related systems. • .

Acts using computers or computer-related technologies that fall within the limits that the legislature of a state or a nation has specified are considered illegal and may lead to forfeiture of certain civil rights of the perpetrator. In the United States, local, state, and federal legislatures have defined such acts to include such as the following: • • Intrusions into Public Packet Networks Network integrity violations Privacy violations Industrial or financial espionage Pirated computer software Computer-aided fraud Internet/e-mail abuse Using computers or computer technology to commit murder, terrorism , pornography, hacking, and many other crimes.

Computer crimes target computer resources for a variety of reasons, the resources include: • • • Hardware such as computers, printers, scanners, servers, and communication media Software that includes application and special programs, system backups, diagnostic programs, and system programs such as operating systems and protocols Data in storage, transition, or undergoing modification An attack on any one of these resources is considered a computer or computer related attack. Some of these resources are more vulnerable than others and are, therefore, targeted more frequently by attackers. Most computer crimes on the resources just listed fall into the following categories. Our focus in this lecture is on the last category:

• Human blunders, errors, and omissions that are usually caused by unintentional human actions. Unintended human actions are usually the result of design problems. Such attacks are called malfunctions. Malfunctions, although occurring more frequently than natural disasters, are as unpredictable as natural disasters. • Intentional threats that originate from humans caused by illegal or criminal acts from either insiders or outsiders, recreational hackers , and criminals.

Types of Computer Systems Attacks • Penetration • A penetration attack involves breaking into a computer system using known security vulnerabilities to gain access to a cyberspace resource. With full penetration, an intruder has full access to all that system’s resources. Full penetration, therefore, allows an intruder to alter data files, change data, plant viruses, or install damaging Trojan Horse programs into the system. It is also possible for intruders—especially if the victim computer is on a network—to use it as a launching pad to attack other network resources. Penetration attacks can be local, wherein the intruder gains access to a computer on a LAN on which the program is run, or global on a WAN such as the Internet, where an attack can originate thousands of miles from the victim computer. Penetration attacks originate from many sources, including the following:

• Insider Threat. For a long time, penetration attacks were limited to in house employee-generated attacks to systems and theft of company property. • Hackers. Since the mid-1980 s, computer network hacking has been on the rise, mostly because of the wider use of the Internet. • Criminal Groups. Although a number of penetration attacks come from insiders and hackers with youthful intents, there a number of attacks that originate from criminal groups, for example, the “Phonemasters, ” a widespread international group of criminals who in February 1999 penetrated the computer systems of MCI, Sprint, AT&T, Equifax, and even the FBI’s National Crime Information Centre. • Hactivism. Demonstrations have taken place in Seattle, Washington DC, Prague, and Genoa by people with all sorts of causes, underlining the new phenomenon of activism that is being fuelled by the Internet. This activism has not only been for good causes, but it has also resulted in what has been dubbed hactivism — motivated attacks on computer systems, usually web pages or e-mail servers of selected institutions or groups by activists. A group with a cause overloads e-mail servers and hacks into web sites with messages for their causes. The attacks so far have not been harmful, but they still cause damage to services.

• Denial of Service Denial-of- service attacks, commonly known as distributed denial of service (DDo. S) attacks, are a new form of computer attacks. They are directed at computers connected to the Internet. They are not penetration attacks and, therefore, they do not change, alter, destroy, or modify system resources. However, they affect the system by diminishing the system’s ability to function; hence, they are capable of bringing a system down without destroying its resources.

Motives of Computer Crimes • Political Activism. There are many causes that lead to political activism, but all these causes are grouped under one burner— hactivism. • Vendetta. Most vendetta attacks are for mundane reasons such as a promotion denied, a boyfriend or girlfriend taken, an ex-spouse given child custody, and other situations that may involve family and intimacy issues. • Joke/Hoaxes are warnings that are actually scare alerts started by one or more malicious persons, and are passed on by innocent users who think that they are helping the community by spreading the warning. Most hoaxes are viruses although there are hoaxes that are computer-related folklore and urban legends.

• The Hacker’s Ethics. This is a collection of motives that make up the hacker character. According to Steven Levy, hackers have motivation and ethics and beliefs that they live by, and he lists six, as below: • Free access to computers and other ICT resources—and anything that might teach you something about the way the world works—should be unlimited and total. • All information should be free. • Mistrust authority; promote decentralization. • Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. • You can create art and beauty on a computer. • Computers can change your life for the better. • If any of these beliefs is violated, a hacker will have a motive

• Terrorism/ Extortion. Our increasing dependence on computers and computer communication has opened up a can of worms we now know as electronic terrorism. • Political and Military Espionage. For generations, countries have been competing for supremacy of one form or another. • Business and Industrial Espionage. As businesses become global and world markets become one global bazaar, business competition for ideas and market strategies has become very intense. Economic and industrial espionage is on the rise around the world as businesses and countries try to outdo the other in the global arena. • Hate. The growth of computer and telecommunication technology has unfortunately created a boom in all types of hate. There is growing concern about a growing rate of acts of violence and intimidation motivated by prejudice based on race, religion, sexual orientation, or ethnicity. • Personal Gain/Fame/Fun. Personal gain motives are always driven by the selfishness of individuals who are not satisfied with what they have and are always wanting more, mostly financially.

Cost and Social Consequences There are several reasons to which we can attribute this rather strange growth of cybercrimes: • Rapid technology growth • Easy availability of hacker tools. • Anonymity. • Cut-and-paste programming technology. • Communications speed. • High degree of internetworking. • Increasing dependency on computers.

Lack of Cost Estimate Model for Cyberspace Attacks The efforts to develop a good cost model is hindered by a number of problems, including the following: • • It is very difficult to quantify the actual number of attacks. • • Insider attacks are rarely reported even if they are detected. • • Even with these small numbers reported, there has been no conclusive study to establish a valid figure that can at least give us an idea of what it is that with which we must cope. Lack of cooperation between emergency and computer crime reporting centres worldwide. Unpredictable types of attacks and viruses. Virus mutation is also another issue in the rising costs of cyber attacks. There are not enough trained system administrators and security chiefs in the latest network forensics technology who can quickly scan, spot, and remove or prevent any pending or reported attack and quickly detect system intrusions. Primitive monitoring technology.

Social and Ethical Consequences • Psychological effects. • Moral decay. • Loss of privacy. • Trust. Along with the loss of privacy, trust is lost.

Computer Crime Prevention Strategies • Protecting Your Computer • Physical Protective Measures • Procedural and Operational Protective Measures • Anti-Virus Protection • The Computer Criminal • Pass Computer Crime Prevention Laws • Enforcement of Criminal Laws • Moral Education • The Innocent Victim • Personnel Policies • Educating the Computer User

Exercise • Read scenario 7 in the text book page No. 177 thoroughly. • Discuss the related questions

Discussion • Reflection of the lecture •