1

Information Systems Ethics and Computer Crime

J. S. ChouAssistant Professor

2

Ages of Progress

Agricultural Industrial

(Prior to 1890’s) (1890’s to 1960’s)

Informational

(1960’s to Present)

3

Information Age Terms

Computer LiteracyKnowing how to use a computer to gather, store, organize, and otherwise process information. These are desirable and even required for many occupations today

Computer LiteracyKnowing how to use a computer to gather, store, organize, and otherwise process information. These are desirable and even required for many occupations today

Digital DivideThe gap developing in society between those that are computer literate and have access to computers and those that don’t and how it will affect them

Digital DivideThe gap developing in society between those that are computer literate and have access to computers and those that don’t and how it will affect them

Computer EthicsThe issues and standards of conduct as they pertain to the use of information systems including information privacy, accuracy, property, and accessibility

Computer EthicsThe issues and standards of conduct as they pertain to the use of information systems including information privacy, accuracy, property, and accessibility

4

Computer Ethics Concerns

5

Information Privacy and Issues

Information PrivacyWhat information an individual must reveal to others in the course of gaining employment or shopping online

Information PrivacyWhat information an individual must reveal to others in the course of gaining employment or shopping online

Identify Theft

The stealing of another person’s private information (SSN, credit card numbers, etc.) for the purpose of using it to gain credit, borrow money, buy merchandise, or otherwise run up debt that are never paid. This is especially problematic because it:

• is invisible to the victim, they don’t know it is happening

• is very difficult to correct…credit agencies are involved

• can cause unrecoverable losses and legal costs

6

Information Privacy - How to Maintain

Avoid Having Cookies Left on Your MachineUse settings in your browser to block cookies from being deposited on you machine by primary and third parties

Use Caution when Requesting Confirming EmailUse a separate e-mail account from normal to protect information from your employer, sellers, and any one using your computer

Visit Sites AnonymouslyUse online privacy services that provide total privacy by blocking all techniques used to identify you online (e.g. Anonymizer)

Choose Web sites monitored by independent organizationsUse rating sites to identify merchant sites whose privacy policies conform to standards and are monitored (e.g epubliceye.com)

7

Information Accuracy

Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for informational errors that harm people

Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for informational errors that harm people

Sources of Information ErrorsErrors in computer output can come from two primary sources. These are:

• Machine Errors – errors in the computer program logic, communication and/or processing that receives, processes, stores, and presents information

• Human Errors – errors by the person(s) entering data or information into the computer system

8

Information Property

Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged

Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged

Privacy Statements Are stated policies from the organizations collecting the information and how they intend to use it. These are legally binding statements

• Internal Use – used within the organization only • External Use – can be sold to outside parties

Information OwnershipThe organization storing the information owns it if it is given willingly…even if unknowingly by use of their sites (e.g. online surveys, credit card transactions, etc.)

9

Information Property – Example of a Privacy Statement

10

Information Property – Gathering and Uses

Spam (see Chapter 4 for definition)This unsolicited e-mail can come from reputable sites selling your information. Possible problems from spam include:

• Viruses in attachments or links• Added to other spam lists by responding • Slows systems by taking up resources disk space

Spam (see Chapter 4 for definition)This unsolicited e-mail can come from reputable sites selling your information. Possible problems from spam include:

• Viruses in attachments or links• Added to other spam lists by responding • Slows systems by taking up resources disk space

CookiesThese files stored on a computer do have legitimate uses but they also can:

• Store and transmit information about online habits including, sites visited, purchases made, etc.

• Prevent accessing sites when cookies are refused• Collect and combine information with other information to build a personal profile to be sold

11

Information Property – Gathering and Uses

SpywareThese stealth computer applications are installed and then collect information about individuals without their knowledge. Currently this technology is not illegal

SpywareThese stealth computer applications are installed and then collect information about individuals without their knowledge. Currently this technology is not illegal

Spyware Issues

Spyware applications collect and transmit, or use, this information locally in several ways including:

• Sale of information to online marketers (spammers)

• Illegal uses such as identity theft

• Modify user experience to market to the user by presenting ad banners, pop-ups, etc. (Adware)

Spyware Issues

Spyware applications collect and transmit, or use, this information locally in several ways including:

• Sale of information to online marketers (spammers)

• Illegal uses such as identity theft

• Modify user experience to market to the user by presenting ad banners, pop-ups, etc. (Adware)

12

Information Accessibility

Information AccessibilityConcerned with defining what information a person or organization has the right to obtain about others and how that information is used

Information AccessibilityConcerned with defining what information a person or organization has the right to obtain about others and how that information is used

Who has access?Besides personal access, other parties have the legal right to access and view private information including:

• Government – using advanced software packages (e.g Carnivore), e-mail traffic and all online activity can be monitored in realtime or after the fact

• Employers – they can legally limit, monitor or access activities on company-owned computers or networks as long as policy has been distributed to employees

13

Information Access – Example of Carnivore

14

The Need of Ethical Behavior

Ethical BehaviorIllegal versus unethical behavior is an information age concern. Though activities are not explicitly illegal, questions exist of whether they are unethical such as:

• Photograph manipulation/modification – in this circumstance, the photograph not longer reflects absolute reality

• Unauthorized use of computers – at work or at school, “stealing time” for personal business or use

• Information collection – by companies compiling information to sell for profit

Ethical BehaviorIllegal versus unethical behavior is an information age concern. Though activities are not explicitly illegal, questions exist of whether they are unethical such as:

• Photograph manipulation/modification – in this circumstance, the photograph not longer reflects absolute reality

• Unauthorized use of computers – at work or at school, “stealing time” for personal business or use

• Information collection – by companies compiling information to sell for profit

15

Responsible Computer Use

The Computer Ethics Institute developed these guidelines for ethical computer use that prohibit the following behaviors:

• Using a computer to harm others• Interfering with other people’s computer work• Snooping in other people’s files• Using a computer to steal• Using a computer to bear false witness• Copying or using proprietary software without paying for it• Using other people’s computer resources without

authorization or compensation• Appropriating other people’s intellectual output

The Computer Ethics Institute developed these guidelines for ethical computer use that prohibit the following behaviors:

• Using a computer to harm others• Interfering with other people’s computer work• Snooping in other people’s files• Using a computer to steal• Using a computer to bear false witness• Copying or using proprietary software without paying for it• Using other people’s computer resources without

authorization or compensation• Appropriating other people’s intellectual output

GuidelinesIn area of ethics, we rely on guidelines to guide behavior. These guidelines can come from many organizations

GuidelinesIn area of ethics, we rely on guidelines to guide behavior. These guidelines can come from many organizations

16

Responsible Computer Use

The guidelines from the Computer Ethics Institute also recommend the following when creating programs or using computers:

• Thinking about the social consequences of programs you write and systems you design (e.g Napster, or a piece of Spyware)

• Using computers in way that show consideration and respect for others (e.g. proliferation of viruses, instant messaging, etc.)

The guidelines from the Computer Ethics Institute also recommend the following when creating programs or using computers:

• Thinking about the social consequences of programs you write and systems you design (e.g Napster, or a piece of Spyware)

• Using computers in way that show consideration and respect for others (e.g. proliferation of viruses, instant messaging, etc.)

17

Computer Crimes

Computer CrimeThe act of using a computer to commit an illegal act. The broad definition of computer crime can include the following:

• Targeting a computer while committing an offense (e.g gaining entry to a computer system in order to cause damage to the computer or the data it contains)

• Using a computer to commit and offense (e.g. stealing credit card numbers from a company database)

• Using computers to support criminal activity(e.g. drug dealer using computers to store records of illegal transactions)

Computer CrimeThe act of using a computer to commit an illegal act. The broad definition of computer crime can include the following:

• Targeting a computer while committing an offense (e.g gaining entry to a computer system in order to cause damage to the computer or the data it contains)

• Using a computer to commit and offense (e.g. stealing credit card numbers from a company database)

• Using computers to support criminal activity(e.g. drug dealer using computers to store records of illegal transactions)

18

Computer Crimes and the Impact on Organizations

19

Computer Crime – Unauthorized Access

Unauthorized AccessA person gaining entry to a computer system for which they have no authority to use such access

THIS IS A COMPUTER CRIME!

Unauthorized AccessA person gaining entry to a computer system for which they have no authority to use such access

THIS IS A COMPUTER CRIME!

20

Computer Crime – Unauthorized Access Trends

21

Computer Crimes – Who Commits Them?

Unauthorized Access1998 Survey of

1600 companies by PricewaterhouseCoopers

82% come from inside the

organization(employees)

22

Computer Crimes – Who Commits Them?

Unauthorized Access2004 Survey by

Computer Security Institute

Unauthorized Access2004 Survey by

Computer Security Institute

23

Computer Crime – Various Types 1st Half

24

Computer Crime – Various Types 2nd Half

25

Computer Crimes - Hacking and Cracking

HackersA term to describe unauthorized access to computers based entirely on a curiosity to learn as much as possible about computers. It was originally used to describe MIT students in the 1960s that gained access to mainframes. It was later used universally used for gaining unauthorized access for any reason

HackersA term to describe unauthorized access to computers based entirely on a curiosity to learn as much as possible about computers. It was originally used to describe MIT students in the 1960s that gained access to mainframes. It was later used universally used for gaining unauthorized access for any reason

CrackersA term to describe those who break into computer systems with the intention of doing damage or committing crimes. This was created because of protests by true hackers

CrackersA term to describe those who break into computer systems with the intention of doing damage or committing crimes. This was created because of protests by true hackers

26

Computer Crimes – Cracker (Humorous)

27

Computer Crime – Software Piracy

Software PiracyThis practice of buying one copy and making multiple copies for personal and commercial use, or for resale is illegal in most countries while others offer weak or nonexistent protections. This has become and international problem as shown below

28

Destructive Code that Replicates

Viruses These programs disrupt the normal function of a computer system though harmless pranks or by destroying files on the infected computer. They come in several types:

• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.

• File Infector – attach themselves to certain file types such as .doc, .exe, etc.

• Combination – viruses can change types between boot sector and file infector to fool antivirus programs

• Attachment – released from an e-mail when an attachment is launched. Can also send themselves address book

Viruses These programs disrupt the normal function of a computer system though harmless pranks or by destroying files on the infected computer. They come in several types:

• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.

• File Infector – attach themselves to certain file types such as .doc, .exe, etc.

• Combination – viruses can change types between boot sector and file infector to fool antivirus programs

• Attachment – released from an e-mail when an attachment is launched. Can also send themselves address book

Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files

Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files

29

Computer Crimes – Destructive Code

30

Destructive Code that Doesn’t Replicates

Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)

Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)

Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but they are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leavethe company)

• Time Bombs – are set off by dates (e.g. a birthday)

• Logic Bombs – are set off by certain operations (e.g. a certain password)

Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but they are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leavethe company)

• Time Bombs – are set off by dates (e.g. a birthday)

• Logic Bombs – are set off by certain operations (e.g. a certain password)

31

Cyberwar and Cyberterrorism

Cyberwar

An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:

• Command and control systems

• Intelligence collection and distribution systems

• Information processing and distribution systems

• Tactical communication systems

• Troop and weapon positioning systems

• Friend-or-Foe identification systems

• Smart weapons systems

Cyberwar

An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:

• Command and control systems

• Intelligence collection and distribution systems

• Information processing and distribution systems

• Tactical communication systems

• Troop and weapon positioning systems

• Friend-or-Foe identification systems

• Smart weapons systems

32

Cyberwar and Cyberterrorism

Cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals

Cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals

Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:

• Improved intelligence gathering techniques

• Improved cross-government cooperation

• Providing incentives for industry security investment

Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:

• Improved intelligence gathering techniques

• Improved cross-government cooperation

• Providing incentives for industry security investment