Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Legal and Ethical Aspects of Computer Hacking ECE4112 – Internetwork Security Georgia Institute of Technology Acknowledgement: Kiran Tajani.

Published byCorey Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Legal and Ethical Aspects of Computer Hacking ECE4112 – Internetwork Security Georgia Institute of Technology Acknowledgement: Kiran Tajani."— Presentation transcript:

1 1 Legal and Ethical Aspects of Computer Hacking ECE4112 – Internetwork Security Georgia Institute of Technology Acknowledgement: Kiran Tajani

2 ECE 4883 - Internetwork Security 2 In Class Today What is hacking? What policies and or laws exist? Are there any ethical issues?

3 ECE 4883 - Internetwork Security 3 What is Hacking? An event where one enjoys learning the details of a computer system A culture where people find their computer and its surroundings fascinating. The process of creating a new program or making changes to existing programs using complicated software

4 ECE 4883 - Internetwork Security 4 Some History of Hacking December 1993 USENET posting by Farmer and Venema Idea of using techniques of an intruder to evaluate system security Approach can help companies secure systems Distributed Security Analysis Tool for Auditing Networks (SATAN)

5 ECE 4883 - Internetwork Security 5 Types of Hacking Possible categories of Hacking  Good Hacking- work on software to improve performance, expose system vulnerabilities, done with company permission (security professional)  Bad Hacking-accidental or not fully understood damage caused by for example kiddy scripts (juvenile delinquents)  Dangerous Hacking- intentional damage caused by criminals (professional criminals)

6 ECE 4883 - Internetwork Security 6 Ethical Hacking Approval from the organization inside which the hacking will occur Tiger team uses tools and techniques to evaluate security Inform owner of files and systems before the fact

7 ECE 4883 - Internetwork Security 7 Hacktivism The use of hacking to promote a political cause Modern form of civil disobedience Political form of cyber-terrorism A cover for ordinary pranks

8 ECE 4883 - Internetwork Security 8 Hackers Term coined by the media back when computer time was stolen by unauthorized users Prior to this media coined term, a Hacker was: “a person who enjoys exploring the details of programmable systems and how to stretch their capabilities; … one who programs enthusiastically.”

9 ECE 4883 - Internetwork Security 9 Hacker categories: Novice or newbies – not sure how code works, run kiddy scripts Experienced hacker – understand the software and are able to create attack code. Expert hacker – develop tool sets for attack, create code quickly for exposed vulnerabilities.

10 ECE 4883 - Internetwork Security 10 Hacker categories (cont): Internal hackers – from within a company, could be ex-employees or current workers,have access and knowledge about where sensitive information is located White hats – trustworthy, professional security analysists

11 ECE 4883 - Internetwork Security 11 Hacker’s Motivation At one end same motivation as graffiti Some argue that they help find security flaws and force improved network security Some are professionals and are motivated by the profession

12 ECE 4883 - Internetwork Security 12 Learning to Hack Hacking Schools  Zi Hackademy, Paris  Civil Hackers school, Moscow Hacking Classes  This class  Government Training  Company training

13 ECE 4883 - Internetwork Security 13 Ethical or Not? So who is responsible for the outcome from these teachings?  It’s the teachers! They are the ones teaching such techniques and tools and inflicting painful examinations.  It’s the students! They are responsible for the actions they decide to take after learning tools that others use to attack. How can you figure out how to defend yourself if you do not understand the attacks? Only through knowledge can you defend yourself

14 ECE 4883 - Internetwork Security 14 The Law What types of policies are in place? How do they differ from each other? What kind of defined lines are there? Should these laws exist? Are these laws clear enough?

15 ECE 4883 - Internetwork Security 15 United States Code Title 18 Crimes and Criminal Procedure Part 1 > Chapter 119 > Section 2511  Interception and disclosure of wire, oral, or electronic communications prohibited. Part 1 > Chapter 121 > Section 2701  Unlawful access to stored communications http://www4.law.cornell.edu/uscode/18/

16 ECE 4883 - Internetwork Security 16 Georgia Computer Systems Protection Act HB 822 Computer Invasion of Privacy  Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.

17 ECE 4883 - Internetwork Security 17 Patriot Act: USA Patriot Act: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act U.S. government’s anti-terrorism policy

18 ECE 4883 - Internetwork Security 18 Homeland Security Department of Homeland Security Some call this a National Police Force Connects 22 different Agencies Exchange of information becomes a norm Centralized institution with the power to keep track of computer and email usage

19 ECE 4883 - Internetwork Security 19 Georgia Institute of Technology Computer and Network Usage Policy  Available for all students and faculty  http://www.oit.gatech.edu/information_securi ty/policy/usage/ Authorize users and uses Privileges for individuals User Responsibilities  Access to Facilities and Information

20 ECE 4883 - Internetwork Security 20 4.6. Attempts to circumvent security Users are prohibited from attempting to circumvent or subvert any system.s security measures. This section does not prohibit use of security tools by personnel authorized by OIT or their unit. 4.6.1. Decoding access control information Users are prohibited from using any computer program or device to intercept or decode passwords or similar access control information. 4.6.2. Denial of service Deliberate attempts to degrade the performance of a computer system or network or to deprive authorized personnel of resources or access to any Institute computer system or network are prohibited. 4.6.3. Harmful activities Harmful activities are prohibited. Examples include IP spoofing; creating and propagating viruses; port scanning; disrupting services; damaging files; or intentional destruction of or damage to equipment, software, or data. GIT Computer and Network Usage Policy

21 ECE 4883 - Internetwork Security 21 Policy Maker Questions: How easy is it to catch hackers and how many hackers have been caught? Are these policies good enough? Do the current policies actually define the limits of “hacking”? Can companies hack into their own systems and find vulnerabilities? Can other find vulnerabilities for them without being asked to?

22 ECE 4883 - Internetwork Security 22 What if? A Georgia Tech student uses their personal PC and the school’s network to do a port scan on a commercial web site. A Georgia Tech student uses their personal PC and a commercial ISP to do a port scan on a commercial web site. A Georgia Tech student sends a “spoofed mail” from the school account that appears to come from another user. A Georgia Tech student uses a school computer and password guessing software to access and crack the administrator password. A Georgia Tech student discovers that another user failed to log off when departing. The student uses the account to send an inflammatory email to the department chair.

23 ECE 4883 - Internetwork Security 23 1. Pfleeger, Charles. (2000). Security In Computing (2 nd ed.). Upper Saddle River, NJ: Printice Hall PTR. 2. From RedDragon on IRC, handed to newbies. January 16, 2001. http://newdata.box.sk/2001/jan/are.you.a.hacker.htmlhttp://newdata.box.sk/2001/jan/are.you.a.hacker.html 3. Protect Yourselves From Hackers CDs. 2002. http://www.onedollarcds.com/hackhttp://www.onedollarcds.com/hack 4. Vasilyev, Ilya V. Civil Hackers' School. April 12, 1999. http://klein.zen.ru/hscool/http://klein.zen.ru/hscool/ 5. Coomarasamy, James. Learning to Hack. December 1, 2001. http://news.bbc.co.uk/1/hi/world/europe/1686450.stmhttp://news.bbc.co.uk/1/hi/world/europe/1686450.stm 6. Georgia Computer Systems Protection Act. Last Modified: June 29, 2002. http://www.security.gatech.edu/policy/law_library/gcspa.htmlhttp://www.security.gatech.edu/policy/law_library/gcspa.html 7. Title 18, Part 1, Chapter 119, Section 2511 – Interception and disclosure of wire, oral, or electronic communications prohibited. US Code Collection. http://www4.law.cornell.edu/uscode/18/2511.html http://www4.law.cornell.edu/uscode/18/2511.html 8. Title 18, Part 1, Chapter 121, Section 2701 – Unlawful access to stored communications. US Code Collection. http://www4.law.cornell.edu/uscode/18/2511.htmlhttp://www4.law.cornell.edu/uscode/18/2511.html 9. Minow, Mary. The USA PATRIOT Act and Patron Privacy on Library Internet Terminals. February 15, 2002. http://www.llrx.com/features/usapatriotact.htmhttp://www.llrx.com/features/usapatriotact.htm 10. Bush Homeland Security bill nears passage by US Congress. The Editorial Board. November 18, 2002. http://www.wsws.org/articles/2002/nov2002/home- n18.shtmlhttp://www.wsws.org/articles/2002/nov2002/home- n18.shtml 11. Georgia Institute of Technology Computer and Network Usage Policy. Office of Information Technology. Last Modified October 20, 2003. http://www.oit.gatech.edu/information_security/policy/usage/ http://www.oit.gatech.edu/information_security/policy/usage/ 12. Baase, Sara. A Gift of Fire: Social, Legal, and Ethical Issues for Computers and the Internet. 2nd edition. Prentice Hall. 2003. Page 289. 13. Palmer, C.C. Ethical Hacking. International Business Machines Corporation. Copyright 2001. www.research.ibm.com/journal/sj/403/palmer.htmlwww.research.ibm.com/journal/sj/403/palmer.html 14. Harvey, Brian. Computer Hacking and Ethics. April 1985. www.cs.berkeley.edu/~bh/hackers.htmlwww.cs.berkeley.edu/~bh/hackers.html 15. Shell, Barry. Ethical Hacking. Georgia Straight Weekly, Vancouver, BC. September 14, 2000. http://css.sfu.ca/update/ethical-hacking.htmlhttp://css.sfu.ca/update/ethical-hacking.html References

Download ppt "1 Legal and Ethical Aspects of Computer Hacking ECE4112 – Internetwork Security Georgia Institute of Technology Acknowledgement: Kiran Tajani."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ETHICAL HACKING.

ETHICAL HACKING.
1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
1 Ethics of Ethical Hacking Source: Grey Hat Hacking: The Ethical Hacker’s Handbook By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester.

1 Ethics of Ethical Hacking Source: Grey Hat Hacking: The Ethical Hacker’s Handbook By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Threats I can understand computer threats and how to protect myself from these threats.

Computer Threats I can understand computer threats and how to protect myself from these threats.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Boyertown Area School District Acceptable Use Policy.

Boyertown Area School District Acceptable Use Policy.
Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?

Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?
PowerPoint® Slides to Accompany

PowerPoint® Slides to Accompany
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Hazards of Hacking. Hacking Originally, hacking was used to describe a programmer who was very skilled at his/her profession Often, this person knew programming.

Hazards of Hacking. Hacking Originally, hacking was used to describe a programmer who was very skilled at his/her profession Often, this person knew programming.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Similar presentations

Ads by Google