160 likes | 301 Vues
ICT Ethics 3. Computer and Internet Crimes. Key issues related to ICT. ICT Security
E N D
ICT Ethics 3 Computer and Internet Crimes
Key issues related to ICT • ICT Security • If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low profile to avoid negative publicity, must they inform their affected customers, or should they take some other actions? • How much effort and money should be spent to safeguard against computer crime (how safe is safe enough)?
Key issues related to ICT • ICT Security • If their firm produces software with defects that allow hackers to attack customer data and computers without doing anything illegal? • What tactics should management ask employees to use to gather competitive intelligence without doing anything illegal? • What should be done if recommended computer security safeguards make life more difficult for customers and employees, resulting in lost sales and increased costs?
Key issues related to ICT • Increasing complexity and increasing vulnerability • The number of possible entry points to a network expands continually as more devices are added, increasing the possibility of security breaches • Higher computer user expectations • Fast delivery of ICT services • Reliable helpdesk---resets….
Types of Attacks • 3.21 Viruses • Technically, a virus is a piece of programming code, usually disguised as something else, that causes some unexpected and usually undesirable event. Often, it is attached to a file so that when the infected file is opened, the virus executes. • ~a virus does not spread itself from computer to computer • ~it is passed on to other users through infected email document attachments, programs or USBs (diskettes? Naa pa ba?), or shared files
Types of Attacks • 3.22 Worms • Worms are harmful programs that reside in the active memory of the computer and duplicate themselves • ~they propagate without human intervention, sending copies of themselves to other computers by email. See W32.Sober-K@mm • Impact of Worms: • ILOVEYOU ($8.75 b); Code Red ($2.62b); SirCam ($1.15b);
Types of Attacks • 3.23 Trojan Horses • A Trojan Horse is a program that a hacker secretly installs on a computer. • ~its harmful payload can allow the hacker to steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party. • logic bomb—a Trojan Horse that executes at a certain specific condition; it can be triggered by a particular change in a file, a succession of specific key strokes, or by a specific time or date.
Types of Attacks • 3.24 DoS (Denial of Service) Attacks • A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other small tasks. • ~It just keeps the target machine so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy sites. • ~Zombies do the requests for access to the site again and again. • MyDoom
Perpetrators • 3.31 Hackers • test the limitations of systems out of intellectual curiosity—to see whether they can gain access and how far they can go. • ~~lamers or script kiddies • 3.32 Crackers • break into other people’s networks and systems, deface Web pages, crash computers, spread harmful programs or hateful messages, and write scripts and automated programs that let other people do the same things.
Perpetrators • 3.33 Malicious insiders • people who have knowledge concerning the inner workings of the organization. Often this involves collusion between an employee and an outsider. • 3.34 Industrial spies • people who use illegal means to obtain secrets from the competitors of their firm.
Perpetrators • 3.35 Cybercriminals—hack into corporate computers and steal, often by transferring one account after another • ~they also engage in all forms of computer fraud—stealing and reselling credit card numbers, personal identities (identity theft), and cell phone IDs. • 3.36 Cyberterrorists—intimidate or coerce a government or organization to advance their political or social objectives by launching computer-based attacks against other computers, networks, and the information stored in them
Perpetrators • ~seek to cause harm rather than gather information, and they use techniques that destroy or disrupt services • ~1999, Email attacks on NATO computers (Kosovo) • ~2000, attack computers and force them to use modems to dial 911. • ~2002, sewage dump; Queensland, Sunshine Coast
Possible ICT Intervention • 4.1 Risk Assessment-review of potential threats to an organization’s computers and network and the probability of those threats occurring. • >its goal is to identify investments in time and resources that can best protect the organization from its most likely and serious threats. • >Reasonable assurance recognizes that managers must use their judgment to ensure that the cost control does not exceed the system’s benefit or the risk involved
Possible ICT Intervention • 4.2 Establishing a security policy—A security policy defines an organization’s security requirements and the controls and sanctions needed to meet those requirements. • >delineates responsibilities and expected behavior by members of the organization
Possible ICT Intervention • 4.2 Establishing a security policy—A security policy defines an organization’s security requirements and the controls and sanctions needed to meet those requirements. • >delineates responsibilities and expected behavior by members of the organization