Presentation on theme: "Ethical Issues concerning CyberCrime 1. Youtube contains comic video on cyber crimes and the evolution of cyber crimes."— Presentation transcript:
Ethical Issues concerning CyberCrime 1
Youtube contains comic video on cyber crimes and the evolution of cyber crimes
In a day and age when everything from microwave ovens and refrigerators to nuclear power plants are being run on computers, cyber crime has assumed rather threatening implications. The majority of what are termed “cyber- crimes” is really violations of longstanding criminal law, perpetrated through the use of computers or information networks.
Criminals Can Operate Anonymously Over the Computer Networks. Hackers Invade Privacy. Hackers Destroy "Property" in the Form of Computer Files or Records. Hackers Injure Other Computer Users by Destroying Information Systems. Computer Pirates Steal Intellectual Property.
Defining cyber crimes, as "acts that are punishable by the Information Technology Act" would also cover many things such as email spoofing and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber crime would be "unlawful acts wherein the computer is either a tool or a target or both".
Tampering with computer source documents Hacking Publishing of information, which is obscene in electronic form Child Pornography Accessing protected system Breach of confidentiality and privacy
Cyber Stalking Cyber squatting Data Diddling Cyber Defamation Trojan Attack Forgery Financial crimes Virus/worm attack E-mail spoofing Email bombing Salami attack Web Jacking Internet time theft
Search for some of the following videos ◦ September 2007-crime toolkit with tech support ◦ Electronics show June 2008 (Donation e-mails) ◦ Scam the scammer on craigslist
Easy to carry Going through airport security ◦ Be sure the TSA person sees YOU ◦ Same TSA person keeps laptop ◦ Same TSA person gives it back to you.
when any information in the form of data is illegally copied or taken from a business or individual without his knowledge or consent poor technical know-how of our police adds to the woes the lack of coordination between different investigating agencies if the culprit is caught he can easily get away because of various loopholes in our law
There are several good videos on Youtube on: ◦ Blue jacking – Bluetooth hijacking jacking ◦ W ar driving
Any person who commits an illegal act with a guilty intention or commits a crime is called an offender or a criminal. The Cyber Criminals may be children and adolescents aged 6-18 years, they may be organized hackers, may be professional hackers or crackers, discontented employees, cheaters or even psychic persons.
have just begun to understand what appears to be a lot about computers, it is a matter of pride to have hacked into a computer system. Appearing really smart among friends. Commit cyber crimes without really knowing that they are doing anything wrong. Teen hackers have gone from simply trying to make a name for themselves to actually working their way into a life of crime.
Hacktivists are hackers with a particular (mostly political) motive. Can be social activism, religious activism, etc. Attacks on approximately 200 prominent Indian websites by a group of hackers known as Pakistani Cyber Warriors are a good example of political hacktivists at work.
Displeased employees can become spiteful. It is easy for disgruntled employees to do more harm to their employers by committing computer related crimes, which can bring entire systems down.
Rival organizations employ hackers to steal industrial secrets and other information that could be beneficial to them. The temptation to use professional hackers for industrial espionage also stems from the fact that physical presence required to gain access to important documents is rendered needless if hacking can retrieve those.
Microsoft Corp. launched a novel legal assault to take down a global network of PCs suspected of spreading spam and harmful computer code, adding what the company believes could become a potent weapon in the battle against cyber criminals.
Security experts say it isn't yet clear how effective Microsoft's approach will be, while online rights groups warn that the activities of innocent computer users could be inadvertently disrupted. Here we go with everything we have been talking about.
A Federal judge in Alexandria, Va., granted Microsoft's request for an order to deactivate hundreds of Internet addresses that the company linked to an army of tens of thousands of PCs around the globe, infected with computer code that allows them to be harnessed to spread spam, malicious virus programs and mount mass attacks to disable Web sites.
By cutting off access to those addresses, Microsoft hopes to prevent the masterminds behind the network from reprogramming the infected PCs with a fresh batch of addresses to reach, blocking them from directing the network.
In one high-profile incident, Google Inc. (February 2010) disclosed attacks against the Internet giant and other major U.S. companies that it linked to China. Chinese officials deny any involvement.
Not illegal to sell or publish the source code Illegal to release a virus over the Internet 22
Latest menace, online identity theft Phishing emails look authentic, many include accurate-looking logos. Want the user to enter sensitive information like passwords, account numbers, credit card information Information is then used to pilfer money from unsuspecting user’s accounts or create bogus credit cards 23
Macro is a recorded series of steps Macros are used in many application programs (Microsoft Office) Macros can be blocked by virus detection programs but then you can’t send Access files 24
Survey of 300 North American companies showed ◦ 103 virus infections per 1000 computers ◦ Cost billions of dollars each year ◦ Blames the Internet and email for spread of viruses and worms 25
Worms ◦ Malicious pieces of code that run independently ◦ Travel across network connections from computer to computer Trojan Horse ◦ Appears to be good ◦ Used to insert corrupt information into a working program ◦ Backdoor Trojan Horse when ran opens the door for people to steal your passwords, destroy files, etc. 26
One of the first cases showing the Internet’s vulnerability Developed by a Cornell University student, 1988 A self-replicating C program Didn’t modify system files or destroy data but made performance deteriorate rapidly and crash Halted after 12 hours of destruction (2,500 computers infected with over $1 million cleanup) Robert Morris claimed did this to show security gaps Fined $10,000 and 3 year probation 27
Break into 4 topics 1.Cybercrime –how it is defined and what sorts of activities 2.Trespass – unauthorized access 3.Protection for online communications 4.Encryption – different ways encrypt and decipher 28
Special category of criminal acts typically executed through utilization of computer and network technologies Includes 3 basic categories ◦ Software piracy ◦ Computer sabotage ◦ Electronic break-ins 29
Unauthorized duplication of proprietary software and the distribution or making available those copies Software could be system software, application software or even MP3 files In 2001 law enforcement officials shut down a major piracy ring called “Drink or Die” of software and movies; created by students at MIT and UCLA 30
Disruption of computer operations by means of a virus, worm, or logic bomb Blaster worm and the SoBig virus unleashed in 2003 caused of $35 billion in losses Denial of Service (DoS) attack – attacks a server multiple mock requests that the server crashes. 31
Trespassing and unauthorized access are covered later in the chapter in more detail Internet-related fraud accounted for 53% of all consumer fraud in 2004 Internet is used for planning crimes in the physical world 32
Constant battle to keep music, videos, and software from being copied. Want to give user the ability to make a backup or use on diverse platforms (windows, mac) iPod and MP3 players and music issues 33
1983 7 Milwaukee teenagers were convicted of computer trespassing but they said they were playing a game. Their game was to see if they could get in and they did allegedly break into Los Alamos Nation Laboratory and Sloan Kettering Cancer Center 1986 Computer Fraud and Abuse Act (CFAA) updated in 1996 made trespassing a federal crime if done so to pilfer classified information to perpetrate fraud or to cause damage whether reckless or not 34
What if the hacker: ◦ Did no deliberate damage or destruction to property ◦ Uncover security flaws so this is a good thing ◦ Just did this to learn how computer systems operate ◦ Claims this is just digital graffiti (a prank) ◦ Does good (Robin Hoods) 35
What if the hacker: ◦ Did no malicious destruction It could still be disruptive or costly Must be inspected to verify no damage There should be property rights because someone took the time to set up the site 36
Trespass to chattels – a tort action (negligence) based on unauthorized use or interference with another’s property ISPs suing spammers for “trespass to chattels” Compuserve vs. CyberPromotions Inc. – Compuserve notified CyberPromotions that it was prohibited from using their mail servers to send unsolicited bulk email Compuserve grants permission to use but not overwhelm the mail server 37
Shopbots comb through commercial web sites extracting pricing and product information for user comparison for the same item eBay vs Bidder’s Edge – comparing auction data; court sided with eBay 38
Firewall ◦ Software or hardware is first in the line of defense to protect internal network ◦ Positioned between an organizer’s internal network and the Internet ◦ Can trap an intrusion (virus) before it can penetrate ◦ Is a packet filter (router to filter packets) ◦ allows legitimate interactions ◦ Not always effective, use other protection as well 39
AntiVirus ◦ Software programmed to scan a computer for malicious code then deletes it once found ◦ New viruses (300 launched each month) all the time so antivirus must be kept up-to-date Filtering systems ◦ Scan mail for spam or viruses 40
Encryption - Encoding the information so it can only be read if the receiver has the proper key to decode Cryptography – use of algorithms that allow information to be understood thru secret codes Types of keys – Single key – 1=A, 2=B, etc. – Data Encryption Standard (DES) – private key, 56 bits long – Public/private – messages are encrypted with public key that can only be decrypted with a private key 41
Secure Socket Layer – is most often used in e- commerce transactions Sniffers – programs used to seek out security lapse and intercept vulnerable communications travelling over a network Authentication – process where a security system establishes the validity of an identification Digital signature – public key encryption that verifies identity 42
Giving government the key to encryption systems not well received (like forcing builders to install microphones and cameras in all new homes) Clipper Chip (multiple versions) and controversial 43