Ethics, Security, and Privacy What’s Right, What’s Wrong, and How Do I Protect Myself? Chapter 9

Ethics, Security, and Privacy

What’s Right, What’s Wrong, and How Do I

Protect Myself?

Chapter 9

©2003 The McGraw-Hill Companies

Student Learning Outcomes

1. Define ethics and describe what it means to use computers in an ethical fashion

2. Define copyright, Fair Use Doctrine, and pirated software

3. Identify and describe five types of threats in cyberspace


Student Learning Outcomes

4. Describe the seven types of hackers and what motivates each group

5. Define privacy and identify ways in which it can be compromised

6. Describe what you can do to protect yourself in cyberspace


Introduction

Today’s society has become increasingly dependent on computers to create, store, and manage critical information.

As such, it is vital to ensure that both the computers and the information they contain are protected from loss, damage, and misuse.


9.1 Ethics

Ethics – actions that have serious consequences in the lives of others.Right or wrong actions

Manners – our day to day behavior toward others in situations whose effects are not likely to be far-reaching.

Polite or rude behavior

Societal rules fall into one of two categories


Ethics in the Use of Computers

Generally it is unethical to:– Use your computer to harm others– Use your computer to steal– Abuse your power– Use or access someone else's computer

resources without permission– Copy copyrighted software for your own use

or to give to others. This is also illegal


Ethics and Computers

• Copyright– Legal protection for the expression of

an idea – It is illegal to copy a copyrighted video

game or other software without permission

• Fair Use Doctrine– Defines situations in which copyrighted

material may be used

• Pirated software– Copyrighted software that is copied

and distributed without permission of the owner

p. 9.261 Fig. 9.1


Software

Type Your Rights

Copyright Buy a license to use it

Shareware Try before you buy

Freeware Use, copy, share

Public Domain Use, copy, share, sell

p. 9.262 Fig. 9.2


9.2 Threats in Cyberspace

Computers used as Weapons to:

Snoop into private files

Spread rumors & harass people

Steal credit card numbers

Steal personal identities

Steal money & customer lists


Hackers

Computers as Targets of Crime

Cyberterrorists Script Bunnies

HacktivistsCrackers


Credit Card Fraud

Skimmers – that scan the number off credit cardsSkimmers – that scan the number off credit cards

Magnetic strip readers – that read the name, number, expiration date, and a unique code off the card as well as the numberMagnetic strip readers – that read the name, number, expiration date, and a unique code off the card as well as the number

Break into databases of credit card bureaus, banks, or other institutions that keep credit card recordsBreak into databases of credit card bureaus, banks, or other institutions that keep credit card records


Identity Theft

• Identity theft is the impersonation by a thief of someone with good credit

• The thief essentially uses the victim’s credit to steal products and services


Crime & Scams in Cyberspace

Travel and vacation fraud

Get-rich schemes

Phone fraud Health care fraud


Two Most Notorious Types of Malware

Viruses Denial-of-ServiceAttacks


Computers as Targets

• Computer virus• Macro virus• Worm• Virus hoax• Denial-of-Service

(DoS) attack• Combination

Worm/DoS


Viruses: Common Types

Virus Hoax e-mail distributed with the intention of frightening people about a nonexistent virus

Worm Spreads itself from computer to computer via e-mail and other Internet traffic

Macro Viruses spread by binding themselves to software such as Word or Excel.


The Love Bug Worm

p. 9.268 Fig. 9.6


Computers as Targets - cont.

Denial-of-service (DOS) attacks cause thousands of access attempts to a Web site over avery short period of time, overloading the target

site and shutting it down – i.e., Ping of Death

Denial-of-service (DOS) attacks cause thousands of access attempts to a Web site over avery short period of time, overloading the target

site and shutting it down – i.e., Ping of Death

Combined Worm/DoS is a form of malware

that combines a worm’s ability to propagate

and denial-of-service attack’s ability to bring

down a Web site. i.e., Code Red

Combined Worm/DoS is a form of malware

that combines a worm’s ability to propagate

and denial-of-service attack’s ability to bring

down a Web site. i.e., Code Red


Denial-of-Service Attack

p. 9.269 Fig. 9.7


The Perpetrators

• Thrill-seeker hackers

• Black-hat hackers

• Crackers

• Hactivists

• Cyberterrorists

• Script bunnies

• White-hat or ethical hackers


Perpetrators: Hacker Definitions

• Thrill-seeker hackers are hackers without evil intentions

• Black-hat hackers are hackers with malicious intent – they’re cyber vandals

• Crackers are hackers who hack for profit

• Hacktivists are hackers who use the Internet to send a political message of some kind


Perpetrators: Hacker Definitions

• Cyberterrorists are hackers who seek to cause harm to a lot of people or to destroy critical systems or information

• Script bunnies are people who would like to be hackers but don’t have much technical expertise

• White-hat or ethical hackers are hackers who legitimately, with the knowledge of the owners of the IT system, try to break in to find where the vulnerable areas are located and fix them


9.3 Privacy Matters

• Privacy is the right …– To be left alone– To have control over your personal information– To not be observed without your consent

• Privacy is the right to be free of unwanted intrusion into your private life

SimNet Concepts Support CD: “Privacy Issues”


Snooping by Others

• Snoopers can install key logger or key trapper software to record:– Key strokes and mouse clicks– E-mail, instant messages, chat room exchanges– Web sites visited– Applications run – Passwords

• Screen capture programs can be used to periodically record what’s on the screen


E-Mail is Not a Private Matter

• E-mail is completely insecure

• Sent e-mail is copied and stored, at least temporarily, on four or more different computers


E-mail is Stored on Many Computers

p. 9.273 Fig. 9.8


Information On Your Buying Habits & Preferences

• Information volunteered for something you want

• Information collected by having direct contact with a company– Web sites collect information through cookies

• Information sold from one company to another


Accepting Cookies

p. 9.276 Fig. 9.11


Companies Use Internet Tools

• Sniffers are software that sits on the Internet analyzing traffic to find out who you are

• Web tracking is used to track your Internet activity

• Spam is electronic junk mail, usually from businesses attempting to sell you products and services

• Spoofing is forging the return address on an e-mail so that the e-mail message appears to come from someone other than the sender


Government Records

• NCIC (National Crime Information Center)– Is a huge database with information on the criminal

records of more than 20 million people

• IRS (Internal Revenue Service)– Has income information on all tax payers. – Has access to other databases

• The Census Bureau– Collects information every 10 years on all the U.S.

inhabitants the agency can find


9.4 How To Protect Yourself

• Security in cyberspace transactions– If you buy goods and services, use common

sense– Be just as careful as you are in the brick-and-

mortar world


Protect Your Computer and Files

• Three rules that should be remembered:– If it can be stolen, lock it up– If it can be damaged, back it up– If it can come in and do damage, block it


Snooping by Others

• You can get free programs to disable activity-monitoring programs like Spectro Pro– Privacy Companion– Who’s Watching Me


E-Mail is Never Private

• E-mail can be encrypted using products such as:– ZixMail– CertifiedMail– PrivacyX– SafeMessage– Disappearing Email


Security in Cyberspace:Credit Card and Identity Theft

• Give information only to reputable companies that you trust

• Use only secure sites, i.e., https://• Never give out your social security number

unless the law demands it• Use passwords of at least 10 characters

and numbers• Use different passwords for different

systems/sites


Security in Cyberspace:Dot.Cons

• Be skeptical about extraordinary performance or earnings potential

• Always read the fine print• Always look at the site’s privacy policy• Be wary of a company that doesn’t clearly

state its name, address, or phone number• Immediately report any fraudulent,

deceptive, or unfair practices to the Federal Trade Commission


Security in Cyberspace

• Protect personal information

• Use anti-tracking software

• Avoid spam

• Use a firewall


Protecting a Computer or Network from Intruders

• Firewalls check and examine each message and permits nothing to enter or leave that shouldn’t. – McAfee’s Personal Firewall– Zone Labs’ ZoneAlarm

• Home router such as Linksys can be set up to check all incoming traffic and deny access to any that looks suspicious

SimNet Concepts Support CD: “Security Issues”



9.5 Key Terms

• Black-hat hacker• Cookie• Copyright• Cracker• Cyberterrorists• Denial-of-service

attack• Ethics• Fair Use Doctrine

• Firewall• Hacker• Hacktivist• Identity theft• Key logger (key

trapper) software• Macro virus• Malware


9.5 Key Terms

• Pirated software• Privacy• Script bunny (script

kiddie)• Sniffer• Spam

• Spoofing• Thrill-seeker hacker• Virus hoax• White-hat or ethical

hacker• Worm


Review of Concepts

1. Sensible Internet Use and Good Manners Should you forward personal e-mail you

receive?

2. Napster, Kazaa, and Other Music Sites In 2002, Napster left the Web for good


Hands On ProjectsE-Commerce

1. Browsing the Web Anonymously Can you hide your movements in

cyberspace?

2. Renting a Hotel Room

3. Making Airline Reservations


Hands On ProjectsEthics, Security & Privacy

1. Expedia.com Helps to Find the Killer Doesn’t it only help find flights, hotel rooms,

rental cars, and the like?


Hands On Projectson the Web

1. Want to Know Your IP Address?

2. Codes of Ethics See what the professionals have to say

3. Parental Control Software Packages

4. What Polymorphic Viruses Are Floating around Cyberspace? Viruses that change form to evade

detection?


Hands On ProjectsGroup Activities

1. How Does HIPAA Protect Your Personal Health Information

2. Helping a Friend

3. Providing Personal Information

4. Ethics and Laws

5. Debating Privacy

6. Digital Signatures and Certificates

Documents

Ethics, Security, and Privacy What’s Right, What’s Wrong, and How Do I Protect Myself? Chapter 9