Trust Safety Reliability Part 2 MALICE Malware Malware

  • Slides: 9
Download presentation
Trust, Safety, & Reliability Part 2 MALICE

Trust, Safety, & Reliability Part 2 MALICE

Malware • Malware: short for “malicious software” • Hackers: people who write and deploy

Malware • Malware: short for “malicious software” • Hackers: people who write and deploy malware • Worm: program that makes copies of itself and propagates those copies through a network to infect other computers • Virus: similar to a worm, but resides in another program that must execute in order for the virus to propagate Ethics in a Computing Culture 2

Malware (continued) • Spyware: program that is secretly installed for the purpose of collecting

Malware (continued) • Spyware: program that is secretly installed for the purpose of collecting information about the computer’s user or users • Trojan horse: software that masquerades as an innocent or useful program, but that is actually designed for a malicious purpose • Rootkit: program that embeds itself into a computer’s operating system and acquires special privileges that would normally be available to the operating system Ethics in a Computing Culture 3

Case: Stuxnet Worm • Stuxnet: a computer worm that has significantly set back the

Case: Stuxnet Worm • Stuxnet: a computer worm that has significantly set back the Iranian nuclear development program – extremely sophisticated software, speculated to have been created by the CIA and the Israeli governmant • Can the people who wrote the Stuxnet worm be considered ethical hackers? Ethics in a Computing Culture 4

The Net • Challenging the sale of virus do-it-yourself kits – Only illegal to

The Net • Challenging the sale of virus do-it-yourself kits – Only illegal to release a virus • Computer Fraud and Abuse Act • Internet’s fragile infrastructure: susceptible to – Phishing attacks – Viruses (self-replicating programs) – Worms (independent programs that travel) • The Slammer worm – http: //www. wired. com/wired/archive/11. 07/slammer. html

Defining cybercrime • Criminal acts executed using computer and network technologies 1. Software piracy:

Defining cybercrime • Criminal acts executed using computer and network technologies 1. Software piracy: unauthorized duplication 2. Computer sabotage: interference with computer systems – Viruses and worms – Do. S attacks: mock requests to take down server 3. Electronic break-ins: – Computer espionage – trespass

Electronic break-ins • Trespass in cyberspace – Computer Fraud and Abuse Act • Protects

Electronic break-ins • Trespass in cyberspace – Computer Fraud and Abuse Act • Protects the confidentiality and makes it a crime to access a computer w/o authorization – Now applies to most any computer • http: //en. wikipedia. org/w iki/Computer_Fraud_and _Abuse_Act • Max penalty: 20 yrs & $250 k fine Computer Fraud and Abuse Act • 18 USC Section 1030 criminalizes: – Transmitting code (virus, worm) that damages a sys – Accessing w/o authorization any computer connected to Internet (n. b. does not req anything to be examined, changed or copied) – Transmitting classified info – Trafficking passwords – Computer fraud & extortion

Hacktivism • Blend of hack and activism • Malicious hacking for electronic political activism

Hacktivism • Blend of hack and activism • Malicious hacking for electronic political activism – Non-violent use of digital tools for political ends • Typical actions, examples: – Defacing websites – Denial of service attacks • Electronic Civil Disobedience (virtual sit-ins)

Case: A&P’s Cash Register Scandal • Facts: • Would you assume that you added

Case: A&P’s Cash Register Scandal • Facts: • Would you assume that you added incorrectly, or that the computer did? • The A&P cash register scandal: – only possible because people trusted a computer to do arithmetic correctly Ethics in a Computing Culture 9