Introduction • Virus: • Attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels • Some viruses cause only mildly annoying effects while others can damage your hardware, software or files • Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program
Virus • A virus cannot be spread without a human action, (such as running an infected program) to keep it going • People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail
Worm • Similar to a virus, considered to be a sub-class of a virus • Spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person • Takes advantage of file or information transport features on your system, which allows it to travel unaided
Worm • The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect • One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. • Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. • In more recent worm attacks such as the much-talked-about “Blaster Worm”, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
Worm Example • Morris worm • One of the first computer worms spread over the Internet • R. Morris was convicted under the 1986 Computer Fraud and Abuse Act • Exploited vulnerabilities in Unix sendmail, finger, rsh/rexec, and weak passwords
Kevin Mitnick • Famous controversial U.S. hacker • Utilized “social engineering” for obtaining user names / passwords, modem phone numbers, etc. • Served 46 months in federal prison for wire fraud, computer fraud, and illegally intercepting a wire communication Acts by Kevin Mitnick • Using the Los Angeles bus transfer system to get free rides • Evading the FBI • Hacking into DEC system(s) to view VMSsource code (DEC reportedly spent $160,000 in cleanup costs) • Gaining full admin privileges to an IBMminicomputer at the Computer Learning Center in LA in order to win a bet • Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens systems • Wiretapped FBI agents according to John Markoff, although denied by Kevin Mitnick. Alleged • Stole computer manuals from a Pacific Bell telephone switching center in Los Angeles • Read the e-mail of computer security officials at MCI Communications and Digital • Wiretapped the CaliforniaDMV • Made free cell phone calls • Hacked SCO, PacBell, FBI, Pentagon, Novell, CADMV, USC and Los Angeles Unified School District systems.
WHAT IS ETHICAL? Webster's Collegiate Dictionary "the discipline dealing with what is good and bad and with moral duty and obligation." Right or Wrong? • Effect - ends justify means? • Act itself
The Hacker Ethic Argue that they follow an ethic that both guides their behavior and justifies their break-ins • All information should be free • Belongs to everyone and there should be no boundaries or restraints to prevent anyone from examining information • GNU Manifesto (Richard Stallman)
Implications • Privacy is no longer possible • Not individual property • Anyone may access / alter • Loss of control • Accuracy cannot be trusted • Economic arguments • Expense of info collection and protection
The Security Arguments • Break-ins illustrate security problems to a community that will otherwise not note the problems • Worm example • Security problem awareness • Inspires copy-cat acts • High cost
The Idle System Argument • Systems not in service to provide a general-purpose user environment • Used in commerce, medicine, public safety, research, and government functions • Unused capacity is present for future needs and sudden surges of activity
The Student Hacker Argument • Doing no harm and changing nothing • simply learning about how computer systems operate or write complex programs Arguments against • Not educational • Intruder can cause accidental damage • Systems could not be fully trusted
The Social Protector Argument • Hackers break into systems to watch for instances of data abuse and to help keep "Big Brother" at bay • Protectors rather than criminals Arguments against • Ends justify means – assumes ability to achieve good end • Resulted in more data restrictions
CONCLUSION • Computer break-ins, even when no obvious damage results, are unethical • Disruptive, immoral • Examine act itself – difficult to determine all effects • Justified computer break-in • Save life • Preserve national security