This action might not be possible to undo. Are you sure you want to continue?
What is this Why is computer engineering one How can we join up and where
How must we behave and act?
What are the issues and problems Do we impact on society - Do we have roles, functions - Do we contribute to society and economy What’s ahead
How must we behave and act?
Where we talk about professional ethics, represented by guidelines in the CODE OF CONDUCT/ETHICS of various engineering professional associations.
*SCOPE* What is ethics? Codes of ethics
What on earth is ethics?
•Interaction raises ethical questions, example, decision-making. •Need for rules when people interact, get together, in order to regulate behaviour. •Choices – to do good or harm to others •Consequences these choices for others through
*Ethics* arises primarily when
we interact and communicate with others. In interacting and communicating with others, there is always a choice, basically whether to do good or harm to someone else, whether to act ethically or unethically.
Choices we have – to do good or harm to others Consequences for others through these choices NEED FOR ETHICAL PRINCIPLES TO GUIDE INTERACTION AND COMMUNICATION
*Ethics* supplies the principles that guide our interaction with each other. It is fundamental and basic to human relationships. Ethical principles far from being abstract ideals are just like a framework in which to interact with others in a peaceful, productive way.
There might actually be only one ethical principle, that of respect and consideration for others. others Ethics only arises with respect and consideration for others. If we had no such concern, we would not care less whether we were acting ethically or not.
Respect for others Honest, caring for others, taking into consideration needs and interests of others before acting. When you respect other people you are honest with them.
Ethical realities and examples What Does E-mail Overload Have to Do With Ethics?
The way we use e-mail raises questions about how we treat each other and how we treat common resources - two classic concerns of ethics. Indiscriminate email sending – no respect for people’s time. Spam, cc-ing to protect 10 oneself, etc.
When and where we answer email – AOL Survey:
In bed in pajamas (23%) In class (12%) In a business meeting (8%) At Wi-Fi hotspot, like Starbuck's or McDonald's (6%) At beach or pool (6%) In bathroom (4%) While driving (4%) In church (1%)
What Does E-mail Overload Have to Do With Ethics?
Violation of etiquette AND ethics - affront to dignity of people who are sitting in front of us, implicitly denying that they are worthy of our full attention. Incessant checking of e-mail further blurs line between work and home – we are able to work ALL the time.
Scandal has touched nearly every institution from sports to politics and even religion. …. business culture is particularly vulnerable to corruption. Business values in general tend to include an amoral view. Competition, enterprise and efficiency are the driving principles and that sets the stage for an amoral action to be a slippery slope to immoral behavior.
http://www.commondreams.org/cgi-bin/print.cgi?file=/views02/0712-02.htm http://www.washingtonpost.com/wp-srv/liveonline/02/business/business_egan080202.htm 13
And Singapore??? How ethical and professional is our business/corporate scene?
Transparency International 2004 Singapore world's fifth least corrupt country - behind Finland, New Zealand, Denmark and Iceland. Few opportunities to be unethical - tough laws and strict enforcement, Singaporeans said to make great whistle-blowers.
In the largest cheating case in history, Chia Teck Leng, former finance manager of Asia Pacific Breweries, was jailed May 2004 for 42 years. He pleaded guilty to cheating four banks out of S$117mil. Possible fraud or insider trading investigation launched into these listed companies: Singapore's Accord Customer Care Solutions Citiraya Industries Informatics Holdings Auston International Leong Hin Holdings Greatronics Ltd.
Singapore's white-collar crime unit is investigating China Aviation Oil (Singapore) Corp, which supplies a third of China's jet fuel, after it disclosed the losses caused by bad bets on oil prices. …Singaporeans are not easy people to persuade to hand over their money. A recent global survey has shown Singaporeans as a less trusting people than others in China, Japan and the United States. …Only one Singaporean in four would help when approached by a stranger to lend S$20 because she had lost her wallet. Fewer than two in 10 Singaporeans feel that people can be trusted.
Some “good” companies – considered “ethical” because exhibit “social responsibility”: Ben & Jerry’s (Artix in BB) Body Shop Starbucks
Reasons people give for not being ethical
Rationalizations to behavior, including:
Denying responsibility: actors convince themselves they had no choice but to participate in unethical behavior. Denying injury: if no one is hurt, the behavior isn't really unethical. Denying victims: blaming violated parties for what happened on the grounds they "deserved it."
Corrupt individuals depend on rationalizations to justify their behavior, including:
Social weighting: includes condemning anyone who questions their actions as a way of mitigating the charges. Individuals may also focus on others that are "worse than we are" as way to deflect responsibility. Appeal to higher loyalties: unethical behavior is justified if it was "for a good cause" like loyalty or higher ideals. Self-justification: I have the right to be unethical, example, because of seniority, etc.
How must we behave and act?
Where we talk about engineer ethics, represented by guidelines in the CODE OF CONDUCT/ETHICS of various engineering professional associations.
*SCOPE* What is ethics? Codes of ethics
*CODE OF CONDUCT/ETHICS* For Computer Engineers/IT Professionals
US many computer associations and societies and most have code of ethics/conduct.
•To look at existing IT codes •To assess them
…In order to ensure members of a profession association a high level of service to the public and maintain the dignity of the profession… Professional codes of ethics considerably more restrictive than those normally applied to general public.
*CODE OF CONDUCT/ETHICS*
Background/overview Professions differ from commercial trades and enterprises - members governed by professional ground rules of ethical and professional behavior and legislation. These ground rules known as codes. Violations of code liable to censure or disciplinary action by regulatory board for serious breaches. But more a moral sanction. (Where most of difficulty arises).
Possession of code hallmark of professions.
What it is
List of prescribed recommended behaviors and values – defines roles and responsibilities. Measure of professional conduct. Framework for ethical judgment. Public avowal of engineers commitment to behave in ways not harmful to society, or bring shame to society and rest of profession. Indicates to society concern of members to act responsibly. Collective recognition of responsibilities of profession.
*CODE OF CONDUCT/ETHICS*
Why – Functions, what does it achieve, do?
Boils down to why we need rules in society? So why do computer engineers need rules?
Attempt, mechanism, to guide behaviors, especially in socially responsible ways by stating concretely what not to do, what is expected. Generation and application of rules of conduct designed to control, guide, influence, relations of professionals, engineers, among themselves, between themselves and employers and clients, and 26 between themselves and public.
Why – Functions, what does it achieve, do?
Framework for ethical judgment - how to act in problem situations by applying ethical principles. Creation of positive working environment – healthy ethical climate – in which ethical conduct is norm. Codes help us understand how society and OURSELVES perceive engineers, their duties and, responsibilities, how they are expected to discharge these.
Why – Functions, what does it achieve, do?
Protection from employers – code supports professional and ethical decisions. Justification for those having to confront unethical behavior especially from superiors. Back up to ethical behavior. Awareness & education of young engineers. Example, university education - little training in professional problems, expected behaviors and norms. Lack of moral compass. Working life is vastly different from students
– new experiences, new problems, uncertainty, what to do 28
Code of ethics especially for computer engineers Area of technology Dangers of technology – computer crimes...
*CODE OF CONDUCT/ETHICS* For Computer Engineers IT Professionals
US many computer associations and societies and most have code of ethics/conduct.
•To look at existing codes for this group
•To assess them
Professional engineers code of professional conduct and ethics: http://www.peb.gov.sg/peb/html/per_code.html IEE, IEEE, ACM, SCS
SOFTWARE ENGINEERING CODE OF ETHICS AND PROFESSIONAL PRACTICE (IEEE-CS/ACM ) :
*CODE OF CONDUCT/ETHICS*
Codes of Ethics are concerned with a range of issues, including: Professional honesty Adherence to confidentiality agreements Data privacy Handling of human subjects Impartiality in data analysis and professional consulting Professional accountability Resolution of conflicts of interest Software piracy
Personal integrity – claim of competence Personal responsibility for work (no one but you on computer) Responsibility to employer/client Responsibility to profession Confidentiality of information Conflict of interest Dignity Respect for persons/Worth of people Public safety, health, welfare Participation in professional societies Increase public knowledge about technology.
So we have a code but what good is it?
Criteria of good code Must be more than mere motherhood statements but must contain reasonable policies to ensure that the practice of the profession is provided adequately to the public and not merely to enforce a monopoly situation or to restrict competition amongst practitioners.
What it DOES do: ∆Set out ideals and responsibilities of profession ∆Exert a de facto regulatory effect, protecting both clients and professionals ∆Improve profile of profession ∆Motivate and inspire practitioners, by attempting to define their raison d'être ∆Provide guidance on acceptable conduct ∆Raise awareness and consciousness of issues ∆Improve quality and consistency
LIMITATIONS: What it DOESN’T do, can’t do, won’t do
A professional association can establish a code of ethics, publicize and lecture on it but remains largely up to each practitioner to interpret and apply it as personal circumstances and professional outlook dictate.
Not a legal document. Not legally binding.
Efficacy from how code is regarded in actual fact and reality. Power of moral principles can act as mechanism for ostracization, the shame factor, even expulsion. Would depend on respect and regard for moral principles.
Protection from employers – code supports professional and ethical decisions - but cannot sue employer. Can whistle blow – publicizing unethical actions – but censure - telling tales, snitching, disloyal to company and employer, etc.
Codes only tell us what is the right thing to do, advocating long established principles, highlighting what is considered honorable to uphold the dignity and pride of the profession, but the code would be as good as dead if persons had no such inclination toward acting in these ways. Gap between codes – providing information – knowledge and action. If we act ethically only because of code, fear of punishment – how ethical are we really? Ethical action should come from our own voluntary choice. Codes are coercive. Fosters ethical action – but with stick rather than carrot.
Not a recipe for ethical behavior. Cannot be applied cookbook fashion. Cannot generally tell people what to do in specific situations. Does outline factors to be considered. A starting point for ethical decision making. But cannot substitute for judgment. Ethical reasoning needs THINKING.
Codes –perceived as only necessary to recognition as profession. Primarily a convention among professions - formal adherence to ethical behavior as part of professionalism. Shows profession is honoring certain ethical behaviors, will police itself with regard to violations which would harm society. Even though code of ethics is largely unenforceable, observance of strong code sets tone for professionalism of entire membership. 42
In other words, codes can deteriorate into window dressing – good for show but no action.
Character counts. Ethics is not for wimps.
Codes can teach character, but not action – needs individual strength and principles, that is, character. Most rational persons already know what is right and wrong, it’s deciding to do the right thing we need. Ethics – whether you decide to act ethically. Biggie question: Do codes help in ethical decision making?
Do we really need a code of ethics???
Professional ethics – computer ethics – why computer engineers need codes
Unethical computer/ IT use Information technology will be the most fundamental area of ethical concern for business in the next decade.
Very important to stress Not some airy fairy study about ideal life up in clouds.
Ethics is part of, integrated with what we do everyday. We mix and interact with people everyday. How we act towards them, for them, with them matters. This is ethics.
Computer ethics is important for computer professionals because the discipline is closely related to and conducted in relation to PEOPLE. You may sit by your lonesome in front of a computer but what you do 47 affects OTHERS. Recall points on profession.
SIGNIFICANCE -do we need it – one
suggestion: Software is the glue that holds systems together. If software is hopeless system is hopeless. Software always most troublesome component in systems that depend on computer control. Hi-tech lifestyle: BB for The Treatment of Employees in
High-tech Start-ups: A Test of Executive Character - Weakness rather than evil accounts for many instances of unethical behavior.
Difficulty of software engineering Can build adequately reliable software systems but these become reliable only after extensive testing in field. Although responsible developers perform many tests, including simulations, before releasing software, serious problems always remain when first customers use product. Test designers overlook the same problems the software designers overlook. No experienced person trusts a software system before it has seen extensive use under actual operating conditions.
Unethical computer use
Where computer is the baddie – instrument of unethical action. Examples: Fraud, theft, defamation. When computer is object of act. Examples: Unauthorized access to a data base, spreading viruses. When reliance placed on autonomous nature of computers. Examples: Automated trading, weapons use.
So what do we get??????
Using term loosely – computer crimes
Why & how computer technology (ICT) causes problems – areas which persons can manipulate, exploit, to their gain, and our loss.
What’s a crimes ?
Strict sense: Violation of law. Liable to public prosecution and punishment. Significant, example, traffic violations not crime. General sense, more in use: Moral law as well, example, crime against humanity. Usually considered an evil act.
A main and major problem – many unethical uses NOT considered wrong.
Often, people commit computer crimes without even knowing they are doing so… Crime Intentioned harm to others, violation, usually of rights. Ignorance not excuse. Breaking of law – problem - laws against unethical use recent. 54
Why ccccccrime - Violating rights
Right to know. To what extent do we have right to know, have access to, the information that relates to us in a database? What about others’ right to know – about us? Right to privacy. To what extent do we have a right to control the use of information that relates to us? What privacy rights do others have in regard to the data we hold on them? Right to property. To what extent do we have a right to protect our computer resources from abuse and misuse?
Using a computer to steal, embezzle, or defraud. Any type of electronic fraud/cyber scams: Credit and debit cards, electronic funds transfer, software piracy and any other general misuse of computer system, in which computer plays essential part. Aka Computer Crime, E-Crime, Hi-Tech Crime or Electronic Crime – FBI S$676 billion
Talk on computer crime: http://www.youtube.com/watch?v=HPW2b84-d0A
Areas/types Software – products. Weaknesses, glitches. Example, new products that need patches.
Areas/types vulnerabilities Network configuration/management- our computer systems, way it is configured, managed. Example, how secure is it, how seriously does management view security? Risks from possible glitches within company's own computer system, leading to unintended dissemination of proprietary or personal information.
Examples OfficeMax customers who e-mailed links to company's Web site to their friends programming error - e-mails contained personal information and credit card data. IKEA's Web site - customers who requested online catalogues received error message containing name of database - could access names, mailing addresses, and telephone numbers of customers who had previously requested IKEA 59 catalogs.
Two areas/types vulnerabilities
Broadband/WiFi – connectivity – crook connectivity, too – opportunity for hackers and ilk Increase in browser based attacks – will increase even more with instant messaging Example, DoS
E-mail risks/vulnerabilities: Lack of privacy (more later) Transmission of viruses Ease of accidental compromise Inability to ever fully erase Remote Access Uncertain origin.
Most e-mail insecure Unless encoded or encrypted. Like postcard anyone who receives can read. May also be read if stored on servers during transmission. System administrators can also read e-mails. Hard to destroy Deleted e-mail remains -most electronic documents backed up and recoverable. Email “evidence” now acceptable as legal records in courts of law. Example:
Microsoft court case dredged up incriminating old emails
Personal/home computer and user Easy targets – on most of the time High speed connections (what office might not give us we get ourselves) Personal information and activity – online form filling, booking, shopping, gaming, chats, etc.
Definition of terms : Computer RISKS
Computer control of aircraft Nuclear power plant control Military computers Traffic lights ATMs Computer power switch location E-commerce privacy
Many crimes involving computers no different from crimes without computers: computer only tool that criminal uses to commit crime – most times more effectively.
Examples Using computer, scanner, graphics software, and high-quality color laser or ink jet printer for forgery or counterfeiting same as using old-fashioned way. Stealing laptop computer with proprietary information on hard disk same as stealing briefcase. Using Internet for illegal solicitation of nefarious activities similar to other such forms, example, duping someone on Net same as on street.
CASES: What is stealing? 1. Breaking into a store and taking $3,000 in merchandise 2. "Borrowing" a friend's car indefinitely 3. Taking an unlocked bicycle 4. Developing a computer program on company time for your company, and then patenting a considerably improved version of the program under your own name
CASES: What is stealing?
5. Borrowing a book from a friend, keeping it by mistake for a long time and then failing to return it because the friend has moved away 6. Using some ideas you developed at Firm A for a different process at Firm B 7. Using Firm A's management methods at Firm B 8. Picking up a quarter that you saw someone drop on the street 9. Failing to return a sheet of paper (or paper clip) 68 you borrowed
CASES: What is stealing?
10. Picking up a quarter that someone (you don't know who) has dropped on the street No single criterion to decide the issue - mostobvious - monetary value of property in question.
CASES: What is stealing?
But what about snatching dollar bill from elderly person - more clearly theft than using idea that you've developed at Company A for a very different application at Company B, even though the latter involves vastly greater sums of money than the first. Similar consideration can be applied to bribery - not always find it easy to determine what is and is not a bribe.
Fraud, embezzlement, forgery, sabotage
http://www.taipeitimes.com/News/worldbiz/archives/2005/06/22/2003260310/print http://msnbc.msn.com/id/8307418/ http://catless.ncl.ac.uk/Risks/23.83.html#subj2 on biometrics horror stories http://www.crime-research.org/news/15.02.2006/1827/ computer centre http://www.cybercrime.gov/compcrime.html Security crimes on increase: http://netsecurity.about.com/gi/dynamic/offsite.htm?site=http://www.theregister.co.uk/ 2005/12/07/sophos%5F2005%5Fsecurity%5Fsurvey/ Digital wights and wongs: http://www.theregister.co.uk/internet/rights/
FOR COMPUTERS ONLY???
Computer intrusions (e.g. malicious hacking), unauthorised modification/destruction of data, Denial of Service (DoS) attacks, creation and distribution of malicious software (e.g. viruses, worms, trojans). Unauthorized use of computer, example, stealing username and password, accessing victim's computer via Internet through Trojan Horse backdoor program. Reading or copying confidential or proprietary information, but leave data alone. Still a crime – entering someone’s private space – violation.
Changing data. Change grade on school transcript, add "money" to a checking account, etc. Fraudulent. Deleting data. Deleting entire files vandalism or sabotage. Harassment and stalking in cyberspace. Old crimes made new or “better: Obscenity/porn, child solicitation for sex via chat rooms on the Internet, violence against minorities, terrorism.
Getting Better…Or Worse…
Cheating goes hi-tech – plagiarism old hat, now UK using outsourcing websites where bidders compete to write assignments “contract cheating” - students put coursework out to tender and suppliers bid to complete work. Legitimate outsourcing webs but illegitimate use. Extortion – pay me $$$$ or will put YOU on Net – ransomware – pay up else we hack, DoS, inject malware. Targets – banks, e-commerce portals, gaming, gambling and porn sites.
Malware sent into computers – malicious code Gpcoder. Trojan virus that encrypts data files such as documents, spreadsheets and databases. Once files encrypted, cannot be accessed – unless victim pays hacker US$200 for antidote, after which perpetrator kindly leaves decryption instructions for user in folder.
It happened in Singapore…
Singapore also hit in biggest data breach in history 2005 with theft of private information on more than 40 million credit card holders. Japan, HK affected. Australia and Singapore at risk. Singapore – about 20,000 exposed to fraud risk – DBS, OUB, etc.
A main and major problem – many unethical uses NOT considered wrong.
Often, people commit computer crimes without even knowing they are doing so… Crime Intentioned harm to others, violation, usually of rights. Ignorance not excuse. Breaking of law – problem - laws against unethical use recent. 77
Ccccccrime - Violating rights, exploiting risks
Right to know. To what extent do we have right to know, have access to, the information that relates to us in a database? What about others’ right to know – about us? Right to privacy. To what extent do we have a right to control the use of information that relates to us? What privacy rights do others have in regard to the data we hold on them? Right to freedom of speech/expression. People who restrain us from speaking out – crime Right to property (intellectual property). To what extent do we have a right to protect our computer resources from abuse and misuse? 78
How technology helps us be crooks – software,
computer pirates, thiefs, creeps, liars, etc.
Store all sorts of information, text, graphics, sound, in standard digitized formats High volume, relatively cheap digital storage media, example, hard disks, CD-ROMs, DVDs Character scanners, image scanners Compression formats, example, MP3, shrink music, film files for downloading, copying, storing Easy - to do – error free duplication; to distribute over computer networks; to find.
How technology helps us be crooks
To transfer via peer-to-peer technology like Gnutella, Morpheus – can copy files among users without going through any central service (like near defunct Napster) ML Advances in technology – more computer space – now onto terabytes already, faster computers, new compression formats for files, new storage media, and of course – Net itself- new services that provide music, TV, e-books, etc. Problem – like MP3 – no mechanism for preventing unlimited or unauthorized copying.
How technology helps us be crooks
How secret is your password
Takes about 65,780 guesses to find correct monker of just five characters. So if eight characters impossible? BEWARE!!!!!!! Guesses can be made from username, example, test, admin. Many too lazy to change default – Google “default password”.
Guesses can be made from username, example, test, admin. Username key to successful attack – through default passwords, then common username and password combinations. Dictionary attack – running through common words. Brute force – attempts to crack code like a safe, bombarding with different combinations. Inurl:service.pwd OR Simply call organization and ask.
FOCUS: Internet Fraud
Fraud – a wide umbrella term that encapsulates most micky mouse on computer (other would be malice) DRAB’s take on fraud: Deceiving others to give you something, mainly money, some gain, advantage, which they would not have if they had known it. Formal: Use of computer or computer system to help execute a scam or illegal activity, any scheme that uses Web, chat room, email, or for the really unlucky, all three, to defraud target, via fraudulent solicitations to prospective victims, fraudulent transactions. 83
Main technique : To present fraudulent schemes in ways that look, as much as possible, like vast majority of legitimate e-commerce merchants offer. Major curse: Undermine consumer confidence in
legitimate e-commerce and the Internet,
INTERNET Micky Mouse http://www.miami.com/mld/miamiherald/business/14557140.htm?template=co ntentModules/printstory.jsp http://news.bbc.co.uk/1/hi/business/637094.stm http://news.bbc.co.uk/1/hi/business/637478.stm
Mainly direct theft or indirect: EXAMPLES
Of information from a secure or private computer system, trade secrets and computer-aided duplication of copyrighted materials, example, video games, movies, music. Why theft – DID NOT PAY : Break into long distance systems to “steal” service for free calls, offering nonexistent goods to buyer (online auction), stealing someone’s funds by hacking into bank or credit card account, illegally using access devices, such as those of a paid news subscription service.
WEB WATCH OUT FOR:
Business Opportunity/"Work-at-Home" Schemes Online. Advertise business opportunities to earn thousands of dollars a month in "work-at-home" ventures. Have to pay to join, but only thing delivered is depleted bank account. Investment Schemes Online. Market Manipulation Schemes. Manipulate securities markets for personal profit. "Pump-and-dump" schemes disseminate false and fraudulent information to cause dramatic price increases in thinly traded stocks or stocks of shell companies (the "pump"), then immediately sell off their holdings of those stocks (the "dump") to realize 86 substantial profits before stock price falls back to usual low
CASE Internet market fraud 1. Defendants allegedly purchased, directly and through someone, total of 130,000 shares in XYZ, declared several months earlier. 2. Defendants then allegedly posted bogus e-mail messages on hundreds of Internet bulletin boards, falsely stating XYZ to be taken over by another company. At time of defendants' alleged purchases of XYZ stock, stock priced between 9 cents and 13 cents a share. 3. In single morning of trading, XYZ stock rose in 45 minutes from $8 per share to $15, before falling, within half-hour, to 25 cents per share. 4. Defendants allegedly realized profits of $362,625.
CASE Internet market fraud 1. Zev who worked for ABC, created a bogus Bloomberg news Web site which falsely reported that ABC was about to be acquired by Israeli company 2. Posted fraudulent e-mail messages, containing links to the counterfeit Bloomberg news site, on financial news bulletin boards. 3. On the day bogus report on Internet, ABC stock rose approximately 30 percent before ABC issued own press release stating report false.
You Wont Need This but To Amuse…
Web sites that advertise "quick divorce" opportunity to obtain in Dominican Republic or other foreign countries for $1,000 or more, without having to leave United States. Often contain false, misleading, or legally inaccurate information about process for obtaining such divorces (e.g., that neither spouse has to visit the country in which the divorce is being sought). People who sent money eventually receive false assurances they are legally divorced. In fact, haven’t!!!!
Illegal entry into computer’s hardware system. Forms Obtain passwords and delete information Create programs to steal passwords Rummage through garbage to get information Create and transmit computer viruses.
Wf What is a hacker?
“Break” into computer not your own. Well known generated new terminology, language. Logic bombs, witty worms, bacteria, rabbit, Trojan Horse.
1970’s hacking was positive, a person who wrote very good and clever programs – first computer games and operating systems. Then negative, 70s-90s – did it because could do it, challenge & thrill, is it now positive again? Mainly teenage culprits. 90s onwards – whitewashed image good hackers, bad hackers. Good artix: http://www.stanford.edu/class/cs201/08_Spafford.pdf
Have we come full cycle?
(In notes, also p/o)
Traditional meaning: Someone who spends large amount of time exploring and figuring out how wired world works. Today main with computer criminals Old School Hackers - highly skilled professionals who hire out skills to organizations concerned about network safety. Differentiate from criminals or crackers.
TYPES Internals. Either employees dissatisfied with company management or ex-employees who know security “ropes”. Use knowledge to hack in. Cyber punks. Stereotype hackers, antisocial, socially inept, angry at world, etc. Relate better to computers than people, capable of writing malicious programs. Usually guilty of damaging acts such as spamming, credit card number theft, defacing web pages, etc.
Professional Criminals and Cyber Terrorists. Most dangerous, ex-intelligence operatives and professional criminals, basically, guns for hire. Access to state of art equipment, extremely well trained, specialize in corporate espionage. More on stealing intelligence data. Newbies and Script Kiddies (Usually teenagers) wanna-be dangerous hackers but lack miserably in required determination and skills. Want the glamour. Use ready-made cracking programs (made by others), intending to cause damage to and corrupt systems. Almost always caught because brag.
ThinkSECURE's AIRRAID - A WIRELESS HACKING TOURNAMENT - AUG 2005, SINGAPORE – to find cleverest hacker, to educate on hacking, even a hacking course run by Ernst & Young. Many such. Yet: -
2003: Singapore some of the world's toughest laws against computer hackers and virus writers, allowing police to arrest suspects before they strike.
Examples of punishment:
OFFENCES on "protected computers", such as accessing and altering programmes, causing problems in receiving or despatching resources for emergency services: fine up to $100,000, jail up to 20 years.
Unauthorised access to someone's web server or personal computer: fine up to $5,000 (up from $2,000), jail up to two years, or both.
Examples of punishment:
Unauthorised modification to computer material, such as introducing computer virus, and unauthorised use or interception, such as cloning mobile phones and pagers, fine $10,000 (up from $2,000), jail up to three years (from two years previously), or both.
Who usually guilty ?
Students!!!!!!!! White-hat hackers--after breaking into the system, they usually inform the victims Black-hat hackers--are cyber vandals who deliberately cause trouble for people Crackers--hackers for profit Hacktivists--politically motivated hackers Script bunnies/kiddies -wanna-be’s, but don’t have technical expertise – trying-hards, don’t quite hack it, no pun intended. May unleash harmful or destructive attacks without even realizing it. Generally no goal in mind but to see how much chaos can create.
Is hacking an issue any longer?
No. Outrightly illegal, and unethical. Harmful. If we can’t justify breaking into a store why is “technological breakin” any different? Usual justification Information should be free – no longer. Laws. To show system insecure, flaws. So do home security services break into homes to show homes need them, or same with car alarm systems? Does no harm – no one need know. Helps hacker find out something about system. Did hacker have to break in to find out? Hacking not only way. Giving children electric 99 shocks to learn good way, too. Still violation of our rights.
Current form – although not yet (if ever) in Singapore combination of traditional hacking - not accepting technologies at face value, opening them up, understanding how they work, exploring limits and constraints on human communications, with social and political activism convergence of computer hacking and political activism electronic civil disobedience, same as traditional protest action. Hackers trespass and block certain passageways, cause disruption - bring down websites, clogg servers, unleash viruses or e-bombs. Thus gain attention. 100
EXAMPLE: During the protest against World Economic forum in Melbourne 2000, hactivists hijacked many websites. Not only did they bring down the World Economic forum's website, they also redirected people trying to access websites such as Nike or the Olympics, to that of their own Can be used by legitimate political groups. EXAMPLE: 2000 pro-Israeli website that provided tools to visitors to attack webs affiliated with Hezbollah, anti-Israeli terrorist organization – to hit them with zillions of hits a day – Denial of service – incapacitating them – common form of 101 hacktivism.
Significance :Link to cyberterrrorism Some government and media use terms synonymously hacktivism serious breach to national security. But hacktivism no intent of disrupting normal operations for a specified target, will not cause serious damage to organisation. Cyberterrorism - politically motivated hacking attacks with intent of causing serious loss of life or severe economic damage.
Student Hacks System to Alter Grades
US top university custom program, eGrades faculty can submit and alter grades. Password protected, with backup, so faculty who forget password can reset using SSN and DoB. Student worked for insurance company, was able to obtain SSN and DoB for two faculty members which used to reset their passwords and change grades.
Hacking for love Singapore student charged and arrested under Computer Misuse Act for stealing online identities to prey on women anonymously. Apparently hacked into their accounts or duped them into giving up user names and passwords by offering upgraded software. Also hacked into email and instant messaging accounts, then changed passwords to get accounts for himself. Unauthorized access to computer or network and fraud: $50,000 fine or jail up to 10 years or BOTH. 104
The password hacker who says ``we aren't hurting anything by looking around'' is exactly analogous to the joyrider saying ``we aren't stealing the car permanently.
What do you think?
Hackers hit everyone
Security breaches in recent years have affected companies including a major provider of online banking services, CD Universe, Yahoo! Inc., Amazon.com Inc., and eBay Inc. Targeted S1 Corp., which provides Web-based banking services for hundreds of financial institutions - gained access to usernames and passwords, potentially putting individual bank accounts at risk. Hacker retrieved stored credit card numbers from CD Universe's database, posted them on the Internet when company refused to comply with demand for $100,000 payoff. 106
DENIAL OF SERVICE (DOS)
Denying service to authorized users. When Internet server flooded with nearly continuous stream of bogus requests for webpages. Gobbling unreasonably large amounts of computer time or disk space. Legitimate users can’t get in. Server may even crash. Can also destroy programming and files in a computer system. Usually by hackers trying to stop people from using the server. Re: hacktivism example – hackivists able to hijack targets by sending messages to targets – clog the system, disables them. Can sometimes happen accidentally.
What can happen
Conversely, denial of service includes “mailbombing,” which is when someone purposely attempts to disable an email account by sending massive amounts of emails to its address. Disable computer, network, and organization. Worst case, for example, a Web site accessed by millions of people forced to temporarily cease operation.
HOW? “Flood" network, thereby preventing legitimate network traffic Disrupt connections between two machines, thereby preventing access to a service Prevent particular individual from accessing service Disrupt service to a specific system or person Send large amounts of junk e-mail in one day "mail bomb" Malware- virus, worms malicious program that puts the processing unit into an infinite loop, or, Flood server with bogus requests for webpages - deny legitimate users opportunity to download page and also possibly crashing server.
DoSSingapore One way DoS – code gets into computer and take controls turning them into “bots” – network of compromised computers – then used to launch DoS. Bots can now be rented out. What next??? 2005: Pacific Internet customer’s server turned into rogue computer to control about 10,000 machines in Australian university. Foiled when Australian Computer Emergency Team investigated and traced infection to Pacific Internet Network. Singapore Computer Emergency Response Team contacted – shut down ISP.
Broad concept, umbrella term – anything that harms via computer – intentionally – malicious intent. Short for "malicious software," - software programs designed to damage or do other unwanted actions on a computer system: Malicious code Malicious program Rogue program
Specific example malware: http://www.hewett.co.nz/gcg/200505c.html
70% of malware detected during Q1 2006 cybercrime-related - "designed to generate financial returns." 40% spyware (collecting data on users' Internet activities) 17% Trojans (including software that steals confidential data related to bank services) 8% dialers (code that deals up premium-rate phone numbers without a user's knowledge) and "bots," which involves the sale or rental of networks of infected computers. 112
Cause various types of damage and nuisance to computer and users. Include mainly worms, Trojan Horses, viruses, spyware and adware. May slow down Internet, use computer to spread the evil to other Webbers. Around for quite a while, but problem bad because highspeed internet connections and millions of computing devices - accelerated speed at which worms and viruses spread. Malware insidious - installed silently and remain hidden on systems.
Virus Worms Trojan Horse
Often comes bundled with other programs (KazaA, iMesh, and other file sharing programs biggest bundlers). Installed from websites, pretending to be software needed to view the website.
HOW IT HAPPENS…
Install themselves through holes in Internet Explorer, weak spots in software, like virus would, requiring you to do nothing but visit the wrong web page to get infected. Vast majority, however, must be installed by user – user must take some action – which they usually will, example, open email, open files.
Carriers - Where they hide Executable files – exe.extension - most “classic” target when virus attaches itself to host programme. Others .com, .sys, .ovl, .dll, .prg. Scripts – scripts are carriers, of files that use scripting language such as Micrososft Visual Basic Script, Java, Apple, Perl.
How big is the bug – Google survey - One in 10 web pages scrutinised by Google contained malicious code that could infect a user's PC: http://news.bbc.co.uk/2/hi/technology/6645895.stm
What they “eat”:
Macros – files that support macro scripting language of particular application such as word processor, spreadsheet, or database application. Boot sector – specific areas of computer disks such as master boot record or DOS capabale of executing malicious code. Getting infected with malware usually much easier than getting rid of it - once infected, tends to multiply - will reinstall, hide themselves, even after you think you have removed them.
What they “eat”:
What carries them/how they are conveyed Removable media – file transfer - most common and prolific. Early ones floppies, now networks. Network shares – poor network security P2P – readily available on Net Email
What these will do… Hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit, and generally screw things up. Usually poorly-programmed slow down computer, create instability, other havoc Usually pop-up ads, sending revenue from the ads to the program's authors.
Case: Double trouble spyware scumbag:
What these will do… Backdoor – unauthorized access to computer Data corruption or deletion Information theft DoS – denial of service - system shutdown – CRASH.
Good examples and images of malware in action: http://blog.spywareguide.com/2007/05/images_speak_louder_than_words_1.html
Malware threats are increasingly created for financial gain, with more sophisticated attack techniques. More common activities include trying to steal bank account or credit card numbers and passwords through phishing and keylogging malware. The information gathered can then be sold on the web. Internet Relay Chat (IRC) channels, for example, are a common "flea market" for stolen personal data.
Charges: What they earn
•$1000 – $5000 (US) : Customised Trojan program, which could be used to steal online account information •$500 : Credit Card Number with PIN •$150 : Driver‘s licence •$150 : Birth certificate •$100 : Social Security Card •$7 - $25 : Credit card number with security code and expiration date. •$7 : Paypal account log-on and password
Case: Malware from Craigslist
An employee at Sana was looking for a car on craigslist, and emailed the person with the advert. He got the following email: Thank you for your interest in my car. I gladly inform you that it is still on sale so you are right on time. Sorry for the delay, as I am staying in the hospital right now. As I have to cover all the costs myself, I am selling it and the deal is very good for you. The car is in an excellent good condition. Please, follow the link and download all the specific information about the car: http://url_removed/myalbum.exe. 123
Case: Malware from Craigslist
As soon as you download it, you will have all the necessary data: description, photos, and other details. Please, make sure you are well acquainted with the info so that your decision would be reasonable. The car is in excellent condition, no accident. Thank you. Please, reply ASAP and feel free to ask any questions. P.S. To watch the pictures you are to save the portfolio on your computer and launch it. And surprise surprise myalbum.exe is not photos, but a nasty piece of malware 124
How? Almost exclusively target Internet Explorer Take control of various parts of web browser, including home page, search pages, and search bar. Redirect you to certain sites should you mistype an address Prevent you from going to a website they don’t want you to go to Redirect you to their own search engine when you attempt a search.
Toolbars. Search forms or pop-up blockers. Google and Yahoo! probably most common legitimate examples. But malware toolbars emulate functionality and look – but possess malware characteristics. Dialers. Programs that set up your modem connection to a telephone number. Number’s owner enjoys free calls and you the phone bill.
Drab readmore: http://computer.howstuffworks.com/virus.htm
A little history…
First computer virus found "in the wild" written in 1986 in a computer store in Lahore, Pakistan. 1980s, computer viruses generally spread by passing floppy disks from one user to another user. Late 1990s, computer viruses generally spread via the Internet, either in e-mail (e.g., a virus contained in a Microsoft Word macro, or a worm contained in an attachment to e-mail) or in programs downloaded from a website..
First prosecution US under Federal computer crime statute: Robert Tappan Morris, then a graduate student in computer science at Cornell University, released his worm into the Internet on 2 Nov 1988. 127 Worm rapidly copied itself and effectively shut down the Internet.
The virus threat is increasing for several reasons: Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread. The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -other computers and servers than would have been true a 128 few years ago. As organizations increasingly use computers for critical
So what is it? Small piece of software that piggybacks on real programs. Must piggyback on top of some other program or document in order to get executed. Example, spreadsheet program. Each time the spreadsheet program runs, virus runs, too. Once running, then able to infect other programs or documents.
Thus key features Ability to propagate by attaching itself to executable files (e.g., application programs, operating system, macros, scripts, boot sector of a hard disk or floppy disk, etc.) Running executable file may make new copies of virus. Causes harm only after it has infected an executable file and the executable file is run. Most common - E-mail viruses - moves around email and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. 130
Able to generate itself. Spreads. Also able to modify other programs - can "infect" other programs by modifying them or their environment - a call to an infected program implies a call to a copy of the virus.
Examples March 1999, Melissa virus so powerful Microsoft and a number of other very large companies forced to completely turn off email until virus could be contained. January 2004: Mydoom worm infected approximately quarter-million computers in single day. ILOVEYOU virus in 2000 anything but love.
WHYWHYWHY A lot of trouble taken. Why do all this? Same psychology that drives vandals and arsonists. Busting car windows, spray painting signs, setting fires. The thrill? Thrilll of what? Destruction, mostly, scaring, defacing. Watching things blow up? Creating virus like bomb inside computer, the more computers that get infected the more "fun" the explosion. Bragging rights – example, see a security hole that could be exploited, so feel compelled to exploit hole yourself.
PC Magazine artix:
http://www.pcmag.com/print_article2/0,1217,a=148845,00.asp HOAX!!! Computer virus and hoax different!
Virus Hoaxes Easier than writing a program to make computers mess themselves up - writing a letter to make humans mess computers up. Pretend to be a virus alert, or some other sort of computer security alert - worded to frighten people and get them to forward the message to 'everyone they know' − or at least to a lot of other people. Can slow down or even stop mail server, flood mailboxes133 lose time and waste time and energy
Computer program with ability to copy itself from machine to machine. Small piece of software that uses computer networks and security holes to replicate itself. How? Copy of worm scans network for another machine that has specific security hole. Copies itself to this using security hole, and then starts replicating from there, as well.
Distinction between a virus and worm Virus never copies itself –is copied only when infected executable file is run. Virus infects an executable file, while worm is stand-alone program. Virus requires human action to propagate (e.g., running an infected program, booting from a disk that has infected boot sectors) even if human action is inadvertent, while a worm propagates automatically.
Beginning with Klez worm in early 2002, worm could drop a virus into victim's computer - a blended threat combined two different types of malicious code. Pure and original worms: Neither delete nor change files - simply makes multiple copies of itself and sends these copies from victim's computer, thus clogging disk drives and Internet with multiple copies of the worm. Slows legitimate traffic on Internet, as continuously increasing amounts of traffic are just duplicates of worm.
EXAMPLE WORM Code Red July 19 2001 Replicated itself over 250,000 times in approximately nine hours. Experts predicted Internet would completely grind to a halt. But not so bad as predicted.
Each copy scanned Internet for Windows NT or Windows 2000 servers that did not have Microsoft security patch. Each time an unsecured server, copied itself to that server. New copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
Designed to : Replicate itself for the first 20 days of each month Replace web pages on infected servers with a page that declares "Hacked by Chinese" Launch concerted attack on White House Web server in 137 attempt to overwhelm it
Simply a computer program - claims to do one thing (it may claim to be a game) but instead does damage when you run it Deceptively labeled program -contains at least one function unknown to user and that harms user. Does not replicate, which distinguishes it from viruses and worms.
Some more serious Trojan horses allow hackers to remotely control victim's computer, collect passwords and credit card numbers, launch DoS. Could be installed on victim's computer by an intruder, without any knowledge of the victim. Downloaded (perhaps in an attachment in e-mail) and installed by user, who intends to acquire benefit quite different from undisclosed true purpose of Trojan Horse.
logic bomb is a program that "detonates" when some event occurs. The detonated program might stop working (e.g., go into an infinite loop), crash the computer, release a virus, delete data files, or any of many other harmful possibilities. time bomb is a type of logic bomb, in which the program detonates when the computer's clock reaches some target date.
Trojan horse spammed out to email addresses posing as digital photograph: Subject line: My best photos! or the best pictures of us. Just take a look, I am excited! or Wanna see? or You’ve asked for pictures. See this. Message body: Hi, Honey My best photo ever! Xoxoxo Attached file: photos.zip Inside the ZIP file is another file called DSC00342.jpg .exe.
Executable file a Trojan horse, which has been developed to download more pernicious code from the Internet, posing as JPG graphic. Opening file will not show you picture, but blast opens hole in PC’s security.
Even if benefits to society, still unauthorized access. Argument weak because doesn’t make it legal, or that should then be allowed because shows up a problem. Example given: Low pressure in automobile tires causes tire failure, which, in turn, causes automobile accidents. Would it be reasonable for someone to walk around a parking lot, letting some air out of tires, so tires are seriously underinflated, with justification that ensuing accidents will call attention to problem of underinflated tires? Ludicrous.
Phishers are the new con artists of cyberspace.
Phishers are the new con artists of cyberspace. Phishing not really new -- scam that predates computers done over the phone for years – “social engineering”. Attempt to fraudulently acquire sensitive information by masquerading as trustworthy person. Aka carding or spoofing. A scam where perpetrator sends out legitimate looking emails in effort to phish for personal information. Why phishing – fishing for information.
Criminal attempts to steal users’ personal information by masquerading as a trustworthy business, such as a bank or auction site, in emails or other electronic communications. Any personal data captured is used for identity theft, credit card fraud, and other crimes.
Usually start with emails - “spoofed” - appear to be from trusted financial institution or commercial entity.
UK survey more people fear computer crime: http://technology.guardian.co.uk/print/0,,329596040-117802,00.html
British banks more than $13.2 million, American $797 million June 2005-June 2006. Don’t take their bait:Never go to web from email link. Internet banking - type bank’s address into browser. Similar security measures – password safe, don’t say it aloud in your sleep, etc.
Example Nov. 17, 2003, many eBay Inc. customers received e-mail notifications their accounts compromised and being restricted. In message was hyperlink to what appeared to be eBay Web page where they could re-register. Top of page looked just like eBay's home page and incorporated all eBay internal links. To re-register, customers told to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and mother's maiden name. All a hoax.
Phishing email example
Date: Wed, 9 Jun 2004 10:34:16 -0500 From: USbank-securijt@UsBank.com Reply-To: email@example.com Subject: USBank.com Security Update – URGENcs Security Key: vnydramifyg .txcwq Dear US Bank Customer, During our regular update and verification of the Internet Banking Accounts, We could not verify your current information. Either your information has been Changed or incomplete, as a result your access to use our services has been Limited. Please update your information. To update your account information and start using our services please click on the link below: http:www.usbank.com/interfnetBanking/RequestRouter?requestCmdId=DisplayLo ginPackage Note: Requests for information will be initiated by US Bank Business Development; this process cannot be externally requested through customer support.
Phishing Web site example
Virtually identical to legitimate Web site except for possible additional fields and behind the scenes coding changes.
Football phishing Digital Life ST 20/6/2006: Fraud email and phishing scams selling tickets, getting fans to give account details and passwords to bogus sires. Bogus links that lure you to phishing sites as well – real case reported by journalist. Another – offering wall chart of event which when executed infects PC with Trojan.
Now Pharming !!!!!!! Does not use email but attacks web browsers and Internet’s addressing system. - even individuals who type desired Internet destination into web browser may be redirected to phony web site, with same disastrous results as phishing.
Must read Phishing Economy: http://www.firstmonday.org/issues/issue10_9/abad/
http://www.pacific.net.sg/article.php?id=393062 http://skype.pacific.net.sg/: Pacific Net reports increase phishing Many banks have phishing warning, example, DBS, HSBC.
***Several phishing scams targeting banks in Asia in recent years. In December
2003, Malaysia’s Maybank fell prey to a similar scam. Also, a malicious pop-up program attempted to steal Internet banking particulars from a number of banks across the world, including Hong Kong's Dah Sing Bank and Citibank’s sites in Australia and Singapore. OCBC target in 2004. After tsunami or any world disaster phishermen get active: http://www.asiamedia.ucla.edu/article.asp?parentid=19905 Radical look: http://www.streettech.com/bcp/BCPgraf/StreetTech/cud.htm
SPYWARE Malicious websites may attempt to install spyware on
readers' computers, example, pop-up that offers spyware in the guise of a security upgrade.
Don’t confuse with ADWARE Adware generally software that installs reminder service or spawns targeted ads as you surf. Referred to in advertising as interstitials or simply “pop-ups”. Might also profile surfing and shopping habits, gather information.
Class of programs that place advertisements on screen advertisements embedded in programs, advertisements placed on top of ads in web sites - pop-ups, pop-unders Pop-ups generally not stopped by pop-up stoppers Often not dependent on Internet Explorer being open. Can show up when you playing game, listening to music More nuisance not really malware (like spam)
Software that surreptitiously intercepts or takes partial control of computer, monitors user, subverts computer's operation for benefit of third party. Steals personal information to somebody else, example, name, browser history, login names and passwords, credit card numbers, and your phone number and address.
Examples Posers up to no good
Drab refce: http://computer.howstuffworks.com/spyware.htm
What can be spied on: Could relay addresses of sites visited, terms you search for, to server somewhere, may send back information from e-forms, files downloaded, search hard drive and report back on programs installed, contents of e-mail address book (usually to be sold to spammers) Crooks only/commercial pop-up adverts, theft of financial information); activity for marketing, advertising sites. profit - delivery of unsolicited personal information (including monitoring of Web-browsing routing of web requests to
How it happened one day in real life…
For over a year, unknown to people who used Internet terminals at Kinko's stores in a New York store, Juju Jiang was logging everything users typed including their passwords to financial institutions. Jiang had covertly installed, in at least a dozen Kinko's stores, spyware that logged keystrokes. He captured more than four hundred user names and passwords, using them to access and even open bank accounts online. Danger –how easy - more of this type of ID theft will occur.
How its done
Does not usually self-replicate. Infected system does not attempt to transmit infection to other computers. Instead, gets on a system through deception of the user or through exploitation of software vulnerabilities. Most direct route - user installs it. To get around usual caution about software installation such as disruption or privacy, deceive either by piggybacking on a piece of desirable software, or Trojan Horses - tricking users to do something that installs the software without them realizing. Example, "rogue anti-spyware” programs, which masquerade as security software while actually doing 162 damage.
How its done
Smuggles in something dangerous in the guise of something desirable. Presents program as useful - users download and install without immediately suspecting harm. He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE! Commonly associated with
Nugget June 2006 South Korea’s president and PM reported as victims of online identity theft after ID numbers used to access hundreds of game and porno websites ID numbers readily available on search engines
How its done
Spyware biggest culprit because can surreptitiously gather confidential information without anyone being wiser. “Ssssnoopware” - can access everything online including usernames, passwords – a ripe and ready market for the pickings Spyware good for identity theft because - “remote installation” – can be put indirectly through OTHER legit software – needs no physical access to the machine. Examples - programs to monitor kids, employees, or 166 spouse
Identity theft increasing thanks to success of phishing, spyware, ability of crooks to get personal information from computer - and amount of information ready for grabs. Wrongful taking of someone else’s “real world’ identity for purpose of committing fraud.
Thief gets hands on enough information to pretend to be you. May open up fraudulent credit card accounts, apply for loans, or try to secure other property using YOUR identity. Some may even go as far as using your name to get job and stick you with the taxes. Scariest aspect - be arrested for crime someone else committed while being 167 YOU.
How its done
…A thief doesn’t even have to be technically skilled to install a commercial keylogger and to retrieve your personal information. Once installation is deployed the thief can have information e-mailed back to them or the software will open up a “backdoor” where the spy can log into the machine and retrieve keystroke or snapshot logs. Consumers must exercise even more caution when using public computer systems and realize that in open 168 computing environments there are situations that can leave them vulnerable…
CASE www.shadowcrew.com – maybe defunct now but 2005 largest illegal online centre for trafficking in stolen identity information and documents, credit cards, etc. About 4,000 crooks operating malicious computer hacking – this is their job – stealing credit card #s, etc. US engineer identified keylogger program connected to large identity theft operation - his company's investigation found several thousand computers infected with keyloggers of various types.
CASE 2003: 27.3 million Americans victims of identity theft in last five years. Example: Crooks allegedly obtained names and Social Security numbers of U.S. military officers from Web site, then used more than 100 of these names and numbers to apply via Internet for credit cards with local bank.
Previous quote praising anonymity of Net: On the Internet, nobody knows you’re a dog. Now they do, and more. Cannot see you but know about you.
Everybody’s fave activity in Singapore: Online shopping!!!!
Auction and Retail Schemes Online Fraudulent online auction sites most frequently reported Internet fraud. Supposedly offer high-value online retail goods, items ranging from Cartier® watches to computers to collectibles such as Beanie Babies® - induce victims to send money, but deliver nothing, or counterfeit or altered goods.
How it might happens…
When potential consumer contacts "seller," "seller" promises to ship item before consumer has to pay anything. If consumer agrees, "seller" (without consumer's knowledge) uses consumer's real name, along with unlawfully obtained credit card number belonging to another person, to buy item at legitimate Web site. Once Web site ships item to consumer, consumer, believing legitimate transaction, then authorizes credit card to be billed in favor of "seller" or sends payment directly to "seller."
As a result, there are two victims of the scheme: the
Thus two victims - original e-commerce merchant who shipped item based on unlawfully used credit card; and consumer who sent money after receiving item that "seller" fraudulently ordered from merchant. “Seller" may have transferred fraudulent proceeds to bank accounts beyond effective reach of either merchant or the consumer.
If a website sells/auctions fake/false goods without knowing it, is it liable? eBay Accused of auctioning off paintings which were originals, but passed off in someone else’s name. Example, selling a Picasso but in your name. Also a copyright problem. Also bogus Tiffany items – law suit. Claims eBay promoting fakery. EBay – nay – cannot check zillions of items offered - eBay only providing channel.
Next sw piracy
Harassment & Stalking
Generally, harasser intends to cause emotional distress not real harm – duh???
Harassment & Stalking No legitimate purpose to harassment Examples: Continuing to send e-mail to someone, threats, sexual remarks, pejorative labels (i.e., hate speech). Criminal: Forged e-mail that appears to be from victim containing horrible message to tarnish victim. It is often difficult to get law enforcement personnel and prosecutors interested in harassment, unless threats of death or serious bodily harm are made. Law treats harassment as misdemeanor, less serious crimes.
Technology - mobile phone: Happy Slapping
Violent craze in which individual or gang humiliates or assaults victim while filmed on mobile phone. Circulated to friends for their entertainment. New social phenomenon in UK – and in Singapore!!!!!!! Technology in the form of 3G mobile phones has now placed that capability within the hands of many teenagers.
…if you don’t support your favourite band by buying their music, then that band will have to get a real job in order to pay the rent…(PLACEBO)
Overview artix bit outdated 1998 but issues still relevant: http://u.cc.utah.edu/~bac2/piracy/paper/paper.html
Thots to think about Does everyone perceive these as unethical, crimes? Nothing wrong? If codes guide behavior, how successful in preventing such issues or misdemeanors?
Thots to think about
Rules because we want freedom. Ironical. Rules don’t restrict freedom but preserve it. We blame technology for computer crimes, or the computer, but it’s the user that did it. No difference stealing from bank funds through computer than with holding a gun to rob a bank. Only medium changed.
*THOTS TO THINK ABOUT*
What do professionals have that others don’t?
*THOTS TO THINK ABOUT*
Can be USED Can be MISused
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.