10-1

10Chapter

Managing Information Systems Ethics and Crimes

Worldwide losses due to software piracy in 2005 exceeded $34 billion.

Business Software Alliance, 2006

10-2

Learning Objectives

10-3

Learning Objectives

10-4

The Three Waves of Change (I)• The Third Wave by Alvin Toffler describes three phases or “waves of changes”

• First waveo A civilization based

on agriculture and handwork

o Relatively primitivestage

o Lasted thousands of years

The Three Waves of Change (II)• Second wave

o The Industrial Revolution

o Began at the end of the 18th century and lasted about 150 years

• Third waveo The Information Age

o Information becomes the currency

10-5

10-6

Computer Literacy

• Computer literacyo Necessary skill in today’s world

o May be the difference between being employed or unemployed

o Many different jobs involve the use of computers

10-7

Digital Divide• Major ethical challenge

• New class system of powero Power comes from knowledge

• The gap in the US is shrinkingo Rural communities, the elderly, people with

disabilities, and minorities lag behind national averages

• Widening gap between developed and developing countries

10-8

Learning Objectives

10-9

Computer Ethics• Issues and standards of

conduct pertaining to the use of information systems

• 1986 – Richard O. Mason articleo Most ethical debates relate to

• Information privacy

• Information accuracy

• Information property

• Information accessibility

10-10

Information Privacy• What information should

you have to reveal?

• Information you might want to keep private:o Social security numbero Medical historyo Family history

• Identity thefto Fastest growing “information”

crimeo Biometrics for better

protection

10-11

Information Privacy• Companies seem to know about our every move – how

much information do we need to reveal?

• Amazon.com is famous for personalization

• What are the costs?

10-12

How to Maintain Your Privacy Online• Review the privacy policy of the company with which

you are transacting

• The policy should indicate:o What information is being gathered about youo How the seller will use this informationo Whether and how you can “opt out” of these practices

• Additional tips:o Choose Web sites monitored by independent organizationso Avoid having cookies left on your machineo Visit sites anonymouslyo Use caution when requesting confirmation email

10-13

Avoid Getting Conned in Cyberspace

• U.S. Federal Trade Commission compiled a list of advices (List of top 10 things not to do)

10-14

Top 10 List of Things Not to Do (II)

10-15

Information Accuracy• Ensuring of the

authenticity and fidelity of information

• High costs of incorrect informationo Bankso Hospitals

• Difficult to track down the person who made the mistake

10-16

Information Property

• Who owns information about individuals?

• How can this information be sold and exchanged?

10-17

Data Privacy Statements

• Company maintaining the database with customer information legally owns ito Is free to sell it

o Cannot sell information it agreed not to share

o Must insure proper data handling practices

10-18

Spam, Cookies and Spyware• Spam

o Unsolicited e-mail promoting products or serviceso CAN-SPAM Act of 2003o Little protection available

• Cookieso Text file storing Web browsing activityo Can opt for cookies not to be storedo Web sites might not function properly without cookies

• Spywareo Software used for data collection without the users’

knowledgeo Unlikely this activity will become illegal anytime soon

10-19

Combating Spyware

• Windows defender

o Spyware monitoring and removal

• Others Include:

o Ad-aware

o Spybot Search & Destroy

10-20

Cybersquatting• The practice of registering a domain name and

later reselling it

• Some of the victims includeo Panasonic, Hertz, Avon

• Anti-Cybersquatting Consumer Protection Act in 1999o Fines as high as $100,000

o Some companies pay the cybersquatters to speed up the process of getting the domain

10-21

Information Accessibility

• Who has the right to monitor the information?

• E.g., email capture by Carnivore

10-22

Carnivore• Developed to

monitor all communication by the government

• In 2005 FBI abandoned Carnivore for commercially available software

10-23

Legal Support for Electronic Communication Privacy

• Little support available

• 1986 – Electronic Communications Privacy Act (ECPA)o Mostly geared towards protecting voice

communication privacyo No other laws protect e-mail privacyo Some states define rules for companies

•Need to be open about monitoring policies

•Need to use good judgment

10-24

Need for a Code of Ethical Conduct• Many businesses have guidelines for

appropriate use

• Universities endorse guidelines proposed by EduCom

• Responsible computer use (based on work of the Computer Ethics Institute) prohibits:1. Using a computer to harm others2. Interfering with other people’s computer work3. Snooping in other people’s files

Information Systems Today: Managing in the Digital World 10-25

Need for a Code of Ethical Conduct• Responsible computer use prohibits

(continued):

4. Using a computer to steal5. Using a computer to bear false witness6. Copying or using proprietary software

without paying for it7. Using other people’s computer resources

without authorization8. Appropriating other people’s intellectual

output

10-25

10-26

Learning Objectives

10-27

Computer Crime

• Using a computer to commit an illegal acto Targeting a computer – unauthorized access

o Using a computer to commit an offense

o Using a computer to support a criminal activity

• Overall trend of computer crime declining

10-28

Types of Computer Crimes and Financial Losses• Figures based on a survey of 639 organizations

10-29

Financial Impact of Virus Attacks• Losses from computer crime can be tremendous

o $14.2 billion in estimated losses due to viruses alone in 2005

10-30

Unauthorized Computer Access

• Using computer systems with no authority to gain such access

• Other examples from the mediao Employees steal time on company

computers to do personal business

o Intruders break into government Web sites and change information displayed

o Thieves steal credit card numbers and buy merchandise

10-31

Unauthorized computer access• Frequency of successful attacks is declining

10-32

Federal and State Laws• Two main federal laws against computer crime

1. Computer Fraud and Abuse Act of 1986 Prohibits

• Stealing or compromising data

• Gaining access to computers owned by the U.S. government

• Violating data belonging to financial institutions

• Intercepting communication between foreign countries

• Threatening to damage computer systems in order to gain profit

o 1996 Amendment prohibits

• Dissemination of computer viruses and other harmful code

10-33

Federal and State Laws (II)• Electronic Communications Privacy Act of 1986

o Breaking into any electronic communication service is a crime

• USA PATRIOT Act of 2002o Controversial law o Investigators may monitor voice communication

• Other lawso Patent laws protect some software and hardwareo Right to Financial Privacy Acto All 50 states passed laws prohibiting computer crime

10-34

Computer Forensics

• Use of formal investigative techniques to evaluate digital informationo Evaluation of storage devices for traces of

illegal activity

•Now common in murder cases

o Restoration of deleted files

10-35

Hacking and Cracking• Hackers

o Individuals gaining unauthorized access

o Motivated by curiosity

o No intentions to do harm

• Crackerso Break into computers with the intention of doing

harm

• Hacktivistso Break into computer systems to promote political or

ideological goals

10-36

Who Commits Computer Crimes?

• No clear profile

• Four groups of computer criminals1. Current or former employees

• 85-95% of theft from businesses comes from the inside

2. People with technical knowledge committing crimes for personal gain

3. Career criminals using computers to assist them in crimes

4. Outside crackers hoping to find information of value

• About 12% of cracker attacks cause damage

10-37

Types of Computer Crimes

10-38

Types of Computer Crimes (II)

10-39

Software Piracy• Legal activities

o Making one backup copy for personal useo Sharing free software (shareware or public domain

software)

• Illegal activitieso Making copies of purchased software for otherso Offering stolen proprietary software (warez peddling)

• Applicable copyright lawso 1980 Computer Software Copyright Acto 1992 Act making software piracy a felonyo 1997 No Electronic Theft Act

10-40

Software Piracy Is a Global Business• Worldwide losses for 2005 estimated at $34 billion

• Some factors influencing piracy around the worldo Concept of intellectual property differs between countries

o Economic reasons for piracy

o Lack of public awareness about the issue

10-41

Computer Viruses and Other Destructive Code

• Malware (malicious software)o 1,400 new pieces released in one month

o Viruses

•Reproduce themselves

•Usually delete or destroy files

•Boot sector viruses

•File infector viruses

•Viruses can spread through e-mail attachments

10-42

How a Computer Virus is Spread

10-43

Worms, Trojan Horses and Other Sinister Programs• Worm

o Does not destroy fileso Designed to copy and send itselfo Brings computers down by clogging memory

• Trojan horseo Does not copy itselfo Often remains hidden to the user

• Logic bombs and time bombso Variations of Trojan horseo Do not disrupt computer function until triggering

event/operation

10-44

Internet Hoaxes

• False messages circulated onlineo New viruses (that don’t exist)

•2004 e-mail told recipients to erase a file that was actually a part of Windows operating system

o Collection of funds for certain group

•Cancer causes

o Possible consequences

•Spammers harvesting e-mail addresses from hoaxes

10-45

Learning Objectives

10-46

Cyberwar

• Military’s attempt to disrupt or destroy other country’s information and communication systemso Goal is to diminish opponent’s

communication capabilities

o Used in concert with traditional methods

Cyberwar vulnerabilities1. Command and control systems

2. Intelligence collection and distribution systems

3. Information processing and distribution systems

4. Tactical communication systems and methods

5. Troop and weapon positioning systems

6. Friend-or-foe identification systems

7. Smart weapons systems

10-47

10-48

Cyberterrorism

• Governments not involved

• Can be launched from anywhere in the world

• Goal is to cause fear, panic and destruction

• Cyberterrorism will likely become weapon of choice

10-49

Categories of Potential Cyberterrorist Attacks

10-50

Use of Internet in Terrorist Attacks

10-51

Use of Internet in Terrorist Attacks (II)

10-52

Assessing the Cyberterrorism Threat

• The U.S. Department of Defenseo Popular target for hackers and crackerso 60-90 attempts a dayo Some successful attacks

• 1991 – Gulf Waro Dutch crackers stole information about the movement of U.S.

troops and offered it for sale to Iraqo Iraqis turned down the offer

• 2000 – United States presidential electionso Web sites targeted with political motiveso DoS attacks launched

• 2003 – Romanian cracker compromised systems housing life support control for 58 scientists and contractors in Antarctica

10-53

Obstacles to Cyberterrorism1. Computer systems are complex and attacks

may not have desired outcome

2. Fast changing security measures

3. Cyberattacks rarely cause physical harm to victims

10-54

The Globalization of Terrorism• Increasing dependence on technology

• Increasing possibilities of cyberterrorism

• International laws and treaties must evolve

• Likelihood of large attacks is smallo Successful large attack would require

• Intelligence information

•Years of preparation

•At least $200 million

End of Chapter Content

10-55

10-56

Opening Case: BitTorrent• Napster

o 1999 – 2001 existence of a free peer-to-peer file sharing system• MPAA and music artists filed

series of lawsuits • $ 26 million awarded in damages

o Today – downloading for a fee

• BitTorrento Protocol designed for transferring fileso Types of users

• Leechers – users who download content but don’t contribute

• Seeders – download and contribute content

o Use of BitTorrent in the entertainment industry

• Warner Brothers – In2Movies – users can download movies for a fee

10-57

Judy McGrath, Chairman and CEO of MTV Networks

• Career at MTVo 1981 – MTV Network established

• McGrath works as on-air promotions writer

o 1991 – McGrath responsible for all programming, music, production and promotion

o 1993 – McGrath became president of the network

o 2004 – McGrath became chairman and CEO

• MTV programmingo Controversialo Sense of social responsibility

10-58

Wikipedia• Free online encyclopedia• 4 million entries• Anyone can write or edit articles• 2006 expert led accuracy study

o Wikipedia compared to Encyclopedia Britannica o Both sources erroneous in scientific articles with small

differences in accuracy• Wikipedia – 4 errors on average per science article• Encyclopedia Britannica – 3 errors on average per science

articleo Wikipedia articles often intentionally modified to

misrepresent the truth

10-59

Bundled Services• Telecommunications services

o Telephone service, cable TV and Internet connection bundled together

• Companies advertise cost savings

• “Hooking” customers on a bundled service makes them less likely to switch

• Consumers not always happy with the deal

• Better tailoring to the customers’ needs necessary

10-60

Attacks on the Net• Hackers first started in the 1960s

o Quest for greater knowledge about computerso Belief in free exchange of information

• Crackerso Malevolent desire to disrupt networkso Often done to prove certain “cleverness”o For profit by fired employees

• 2000 – five major companies brought down by DoS attacks (Yahoo!, Amazon.com, eBay, Buy.com, and CNN Interactive)o 2005 – perpetrator sentenced to 18 months in prison

10-61

Ethical Hacking

• Mark Maiffreto Started as a hacker

o Now designs and sells software for companies to secure their networks against hackers

• eEye Digital Security o Maiffret – Chief Hacking Officer

o Software prevents unauthorized access

o Don’t hire anyone with a criminal record – “good” hackers don’t get caught

10-62

The Liquid Lens• Used in portable devices• High-resolution images without increase in lens size• Lenses available

o Varioptic• Developed based on electrowetting – the tendency of water to

spread on a substrate• 2 liquids of equal density sandwiched between two windows in a

conical vesselo Fluidlens

• Made of water and looks like a contact lens

• Advantageso No movable parts with high durabilityo Low power consumptiono Optical quality of liquid better than glass or plastic

10-63

Cybercops Track Cybercriminals

• Federal levelo Computer Crime and Intellectual Property Section (within the Justice

Department)o Computer and telecommunications crime coordinator

• Assistant U.S. attorney – every federal judicial district has at least one

• State levelo Crime investigation unit

• FBIo Computer crime squads in 16 metropolitan areaso National Infrastructure Protection Center acts as a clearinghouse

• Available softwareo Software Forensic Tool Kit o Statewide Network and Agency Photos (SNAP)o Automatic Fingerprint Identification Systemo Classification System for Serial Criminal Patterns