Embed Size (px)
Citation preview
Trust, Safety, & Reliability
Part 2MALICE
Malware
• Malware: short for “malicious software”
• Hackers: people who write and deploy malware
• Worm: program that makes copies of itself and propagates those copies through a network to infect other computers
• Virus: similar to a worm, but resides in another program program that must execute in order for the virus to propagate
2Ethics in a Computing Culture
Malware (continued)
• Spyware: program that is secretly installed for the purpose of collecting information about the computer’s user or users
• Trojan horse: software that masquerades as an innocent or useful program, but that is actually designed for a malicious purpose
• Rootkit: program that embeds itself into a computer’s operating system and acquires special privileges that would normally be available to the operating system
3Ethics in a Computing Culture
Case: Stuxnet Worm
• Stuxnet: a computer worm that has significantly set back the Iranian nuclear development program– extremely sophisticated software, speculated
to have been created by the CIA and the Israeli governmant
• Can the people who wrote the Stuxnet worm be considered ethical hackers?
4Ethics in a Computing Culture
The Net
• Challenging the sale of virus do-it-yourself kits– Only illegal to release a virus
• Computer Fraud and Abuse Act
• Internet’s fragile infrastructure: susceptible to– Phishing attacks– Viruses (self-replicating programs)– Worms (independent programs that travel)
• The Slammer worm– http://www.wired.com/wired/archive/11.07/slammer.html
Defining cybercrime
• Criminal acts executed using computer and network technologies
1. Software piracy: unauthorized duplication2. Computer sabotage: interference with computer
systems– Viruses and worms– DoS attacks: mock requests to take down server
3. Electronic break-ins: – Computer espionage– trespass
Electronic break-ins
• Trespass in cyberspace– Computer Fraud and
Abuse Act• Protects the confidentiality and
makes it a crime to access a computer w/o authorization
– Now applies to most any computer
• http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
• Max penalty: 20 yrs & $250k fine
Computer Fraud and Abuse Act• 18 USC Section 1030
criminalizes:– Transmitting code (virus,
worm) that damages a sys– Accessing w/o authorization
any computer connected to Internet (n.b. does not req anything to be examined, changed or copied)
– Transmitting classified info– Trafficking passwords– Computer fraud & extortion
Hacktivism
• Blend of hack and activism• Malicious hacking for
electronic political activism– Non-violent use of digital
tools for political ends
• Typical actions, examples:– Defacing websites– Denial of service attacks
• Electronic Civil Disobedience (virtual sit-ins)
Case: A&P’s Cash Register Scandal
• Facts:
• Would you assume that you added incorrectly, or that the computer did?
• The A&P cash register scandal:– only possible because people trusted a
computer to do arithmetic correctly
9Ethics in a Computing Culture
