_______________________________ Fundamentals Of Computer Ethics

FUNDAMENTALS
OF
COMPUTER ETHICS
Study Unit 1: Introduction to IT ethics
Study Unit 2: Scenarios of computer misuse and their effects to society
Study Unit 3: Forms of computer software attacks

DR. ESRAA A. AFIFY

Lecturer
Artificial Intelligence Department
Faculty of Computer Science and Information Technology
Egyptian Chinese University
Page 1 of 15
_______________________________ Fundamentals Of Computer Ethics

Study Unit 1: Introduction to IT ethics

Introduction
This unit introduces students to computer ethics concepts where they will get to the meaning
of ethic, Be able to know the Forms of ICT ethics, Ethics of using computers between persons,
Ethics between user and device, Importance of ethical behaviors to user and society,Unethical
behavior of computer users in society.

Learning Outcomes of Study Unit 1

Upon completion of this study unit, you should be able to:
1. Describes the meaning and different forms of ICT ethics.
2. Apply the different categories of ethical behaviors when using the computer.
3. Describes the importance ICT of ethical behavior to users.

What is ethics?
⎯ At its simplest, ethics is a system of moral principles. They affect how people make
decisionsand lead their lives.

⎯ Ethics is concerned with what is good for individuals and society and is also described as
moralphilosophy.

⎯ The term is derived from the Greek word ethos which can mean custom, habit,
character, ordisposition.

Ethics covers the following dilemmas:

• How to live a good life

• Our rights and responsibilities

• The language of right and wrong

• Moral decisions - what is good and bad?

Page 2 of 15
_______________________________ Fundamentals Of Computer Ethics

Our concepts of ethics have been derived from religions, philosophies, and cultures. They infuse
debates on topics like abortion, human rights and professional conduct.

Computer ethics definition

Computer ethics deal with the procedures, values and practices that govern the process of
consuming computing technology and its related disciplines without damaging or violating the
moral values and beliefs of any individual or organization.

Examples of Computer Ethics

i. Not using a computer to steal or to harm others, especially by avoiding the spread of
computer viruses and shunning plagiarism of computer software.

ii. Computer ethics also involve avoiding unauthorized access to computer systems and
preserving the confidentiality and privacy of data in computers.

iii. Computer ethics include avoiding online bullying or using computers to interfere with the
work of others.

iv. It also entails implementing system policies, such as not sharing passwords and not trying
to access unauthorized sites. According to Wikipedia, computer ethics mandates designers
and content developers to consider the social implications of computer programs and
online content. Purchase College notes that it is unethical to deceive machines or destroy
computers. Additionally, computers should not be used to blackmail others or deny them
from accessing services.

Page 3 of 15
_______________________________ Fundamentals Of Computer Ethics

Forms of ICT ethics

1. Ethics of using computers between the person and the same, we must adhere: self-esteem
and not exposing them to hazards for the user. Such as: not wasting time when using the
computer, and not look at the usefulness or the taboo, and not see the sins of others or their
privacy even if they are available and accessible, and also no harm to the body and give it a rest
and focus on the back, the eyes in particular. So we must plant these ethics among our students
and trainees and staff in our schools and our schools and workplaces because no officer of such
acts only person control for himself.

2. The ethics of using computers between the person and the other:

This type of ethics we can apply it to develop some systems that protect people and users can
also keep some laws to protect devices also but the main focus of the application of these
regulations and is personal scruples.

One of the most important examples of this type:

1. Respect for intellectual property.

2. Maintaining privacy and other secrets and not published or find.
3. Not to victimize others for their color, their race, their religion or their social or prejudice
the reputation or reprisal and victimization.

3. Ethics between the user and hardware:

1. Don’t use a computer abuse especially public as schools, universities and public
libraries.
2. To ensure the safety of the device, its contents either cracking or heavy load or cause
damage to the hardware.
3. Maintain compliance with laws designed to regulate the use of the computer as
maintaining username and password and not give it to others from unauthorized use.

Page 4 of 15
_______________________________ Fundamentals Of Computer Ethics

Importance of ethical behavior

For citizens, even for those of us with no aspirations in a career in law enforcement, morality and
integrity are important characteristics to demonstrate. We instinctively know that it is good to be
moral and act with integrity, but by coming to an understanding of the reasons for morality and
integrity, we will be motivated to champion such behavior. Among the reasons to be moral and
integral, regardless of occupation are to:

i. Make society better. When we help make society better, we are rewarded with also making
better own lives and the lives of our families and friends. Without moral conduct, society
would be a miserable place.
ii. Treat everyone equally. Equality is a cornerstone of most Western democracies, where all
individuals are afforded the same rights. This is not possible without the majority of citizens
behaving in a moral manner.
iii. Secure meaningful employment. Often employers will look at a person’ past behavior as
a predictor of future behavior. Someone who has a history of immoral behavior will have
difficulty securing employment in a meaningful job, as that person may not be trusted.
iv. Succeed at business. If you are employed in an occupation in which there you must rely
on others, your moral conduct will determine the degree of goodwill that you receive from
others. Businesses that have a checkered moral history are typically viewed with caution
and are unlikely to attract new customers through word of mouth, and therefore are unlikely
to prosper. This is especially the case where social media makes customer reviews readily
accessible.
v. Lessen stress. When we make immoral decisions, we tend to feel uncomfortable and
concerned about our decision making. Making the right moral decision, or taking a
principled perspective on an issue, reduces stress.

Page 5 of 15
_______________________________ Fundamentals Of Computer Ethics

Study Unit 2: Scenarios of computer misuse and their effects to society

Introduction
This unit intends to provide students with overview of the scenarios of computer misuse and their
effects to society.

Learning Outcomes of Study Unit 2

Upon completion of this study unit, you should be able to:
1. Analyze the effects of a computer misuse.
2. Identify the effects of computer misuse.

Computer misuses
Unethical Uses of Computers:
Consumers and businesses across the globe are reliant on computers to aid product distribution,
services, and information all over the world. However, users of computers do not always follow
the highest moral code. Unethical use of computers continues to grow, forcing businesses and
government to establish protocols to protect information and security.

Media/software Piracy

Digital media piracy is a prominent unethical practice undertaken with computers. Piracy is the
illegal distribution of music, movies, books and other intellectual media. Because the internet
is such a vast network, catching pirates is not always easy. Piracy is an illegal infringement on
copyrights held by the owners of the media.

Businesses using information obtained through piracy may receive a cease-and-desist letter
from the media owner at the very least. Fines and legal recourse may follow. A common
example of media piracy occurs when a business uses a well-known song for an instructional
or promotional YouTube video without obtaining the rights or providing proper attribution.

Page 6 of 15
_______________________________ Fundamentals Of Computer Ethics

Ransom ware Attacks

Thieves like to use the anonymity of the internet to attack businesses. By hacking into a
company's main server, cyber attackers can hold a business hostage. The hacker encrypts the
entire website, shutting the business down until the business owners pay the hackers a fee – the
ransom – in what is called a denial-of-service attack. This type of cyberattack can happen to
any business or organization anywhere in the world. Reducing susceptibility to this unethical
computer use requires constant updates to server security platforms including protection from
spyware, malware and viruses.

Identity Theft

Along with protecting a business against ransomware, businesses must protect consumer
information. Identity theft concerns consumers. Companies of all sizes are susceptible to data
breaches. Major companies from leading industries have been hacked with consumer personal
information stolen. Hackers obtain everything from names, dates of birth and Social Security
information to addresses and other contact information that is used to create phony accounts.
Not properly protecting private information is costly to businesses and can result in legal fines
and private lawsuits.

Financial Theft

Some hackers don't steal the information but instead hack systems to divert financial
information input away from the company to steal money. For example, a hacker might redirect
the donation system of a nonprofit organization and have the money sent to an offshore account
controlled by the hacker. This unethical practice essentially tricks a website buyer into thinking
a website transaction is complete when, in fact, the business never gets notice of the sale, and
the money is lost offshore.

Page 7 of 15
_______________________________ Fundamentals Of Computer Ethics

Intellectual Property Theft

Piracy isn't the only type of intellectual property that is unethically distributed by computer use.
Competitors use any number of methods to gain access to proprietary information that other
companies pay millions to develop. Theft often includes patented or patent-pending
information. Intellectual property theft is often achieved by internal moles or contract workers
who have access to a company's computer server. While security protocols with virus protection
usually help prevent external theft, it is difficult to protect against internal infractions.

Page 8 of 15
_______________________________ Fundamentals Of Computer Ethics

Study Unit 3: Forms of computer software attacks

Introduction
This unit introduces students to the forms of computer software attacks, steps to be taken to
mitigate cyber threats.

Learning Outcomes of Study Unit 3

Upon completion of this study unit, you should be able to:
1. Explain what we mean by software attacks.
2. Explain the different forms of software attacks.
3. Explain the method of mitigating cyber risks.
4. To know the following:
• Viruses
• Worms
• Trojan horses
• Denial of service
• Brute force

Software Attacks

These are programs written deliberately to vandalize someone’s computer or to use that
computer in an unauthorized way. There are many forms of malicious software; sometimes the
media refers to all malicious software as viruses. This is not correct and it’s important to
understand the distinction between the various types as it has some bearing on how you react
to the attack.

Page 9 of 15
_______________________________ Fundamentals Of Computer Ethics

Different forms of computer software attacks

1. Trojan horses
Trojan horses are classified based on how they breach systems and damage they cause.

The seven main types of Trojan horses are as follows:

i. Remote Access Trojans

ii. Data Sending Trojans

iii. Destructive Trojans

iv. Proxy Trojans

v. FTP Trojans

vi. Security Software Disabler Trojans

vii. DoS Attack Trojans

2. Worms
A computer worm is a self-contained program that is able to spread functional copies of
itself or its segments to other computer systems. Worms use components of an operating
system that are automatic and invisible to the user. The worms are detected only when
their uncontrolledreplication consumes system resources, slowing or halting other tasks.

3. Viruses
Virus is a program or piece of code that is loaded onto a computer without the knowledge
of the user and runs against the user’s wishes. Viruses can transmit themselves by attaching
to a file or email or on a CD or on an external memory.

Page 10 of 15
_______________________________ Fundamentals Of Computer Ethics
Viruses are classified into three parts:

File infectors – File infector viruses attach themselves to program files, such as .COM or .EXE
files. File infector viruses also infects any program for which execution is requested, such as
.SYS, .OVL, .PRG, and .MNU files. These viruses loaded when the program is loaded.

System or boot-record infectors – These viruses infect executable code in system areas on a disk.
These viruses attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks.
The scenario of boot record infectors is when the operating system is running and files on the
diskette can be read without triggering the boot disk virus. However, if the diskette is left in the
drive, and then the computer is turned off or restarted, then the computer will first search inA
drive when it boots. It will then load the diskette with its boot disk virus, loads it, and makes it
temporarily impossible to use the hard disk.

Macro viruses – These are the most common viruses, and they do the least damage. Macro viruses
infect Microsoft Word application and typically insert unwanted words or phrases.

4. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

A denial-of-service attack overwhelms a system’s resources so that it cannot respond to

service requests. A DDoS attack is also an attack on system’s resources, but it is launched
from a large number of other host machines that are infected by malicious software
controlled by the attacker.

Have you ever found yourself waiting impatiently for the online release of a product, one
that you’re eagerly waiting to purchase? You keep refreshing the page, waiting for that
moment whenthe product will go live. Then, as you press F5 for the last time, the page
shows an error: “Service Unavailable.” The server must be overloaded!

A DoS attack is performed by one machine and its internet connection, by flooding a
website with packets and making it impossible for legitimate users to access the content
of flooded website. Fortunately, you can’t really overload a server with a single other
server or a PC anymore. In the past years it hasn’t been that common if anything, then by
flaws in the protocol.

Page 11 of 15
_______________________________ Fundamentals Of Computer Ethics

5. Spyware
Spyware is a type of malware that is installed on systems and collects small amount of
information at a time about the users without their knowledge. Spyware is Internet
terminology for advertising supported software such as Adware. All adwares are not
spywares. There are also products that display advertising but do not install any tracking
mechanism on the system. Spyware programs can collect various types of personal
information such as Internet surfing habits and Websites that have been visited. It can also
interfere with user’s control on the system such as installing additional software and
redirecting Web browser activity. Updated antispyware is used to protect spywares from
attacking the system.

6. Brute force
Brute force attack consists of an attacker submitting many password or pass phrases with
hope of eventually guessing correctly. The attacker checks all passwords and passes
phrases until the correct one is found.

Page 12 of 15
_______________________________ Fundamentals Of Computer Ethics

ST E PS TO MIT I GA TE C YBE R ( I N TE R NET ) TH RE AT S/ R IS KS

i. Secure buy-in from senior leadership. This is a must! Balance security budget vs.
amount of risk your company executives are willing to assume.

ii. Continuous employee education, plus necessity to strengthen policy on PW protection.

iii. Monitor network traffic for suspicious activity – can you “see” in & outbound
encrypted messages?

iv. Upgrade and patch software immediately and promptly. This must be done frequently
as patches are released by the software vendor.

v. Implement robust Endpoint security to protect your business from zero-day malware
& user mistakes.

vi. Upgrade Authentication inside and out – including mobility & IoT policies.

vii. Harden external facing web applications.

i. Know where sensitive data resides, and then develop data protection strategy to
includeencryption monitoring.

ii. Develop and implement real-time monitoring strategy and analysis of log files and
wiredata.
Implement rigorous application development testing and code reviews.

iii. Perform annual penetration assessments and vulnerability assessments.

iv. Prepare for the worst-case scenario. Develop emergency incident response (IR) plans.

Page 13 of 15
_______________________________ Fundamentals Of Computer Ethics

STEPS TO ASSESS AND MITIGATE CYBER SECURITY RISKS

Step #1: Identify and document asset vulnerabilities.

Your first step should be a risk assessment to understand what makes your business attractive to
cyber criminals (customer data is likely to be your biggest commodity at risk) and where your
main vulnerabilities lie.

Start with some basic questions, such as 'what information do we collect?', 'how do we store it?’,
and 'who has access to it?' You should then examine how you currently protect your data, and how
you secure your computers, network, email and other tools.

For example, consider whether you have a formal written policy for social media usage on any
device (including employees' personal ones) that connects to your company network. Do you
provide internet safety training for your workforce? Do you wipe all old machines of data before
disposal? Do you require multi-factor authentication (more than one way of confirming a user's
claimed identity) to access your network.

Step #2: Identify and document internal and external threats.

Do your research and familiarize yourself with the main types of cyber-crime and how they're
perpetrated – the tactics, techniques and procedures used to target organizations. And don't focus
exclusively outwards. While the word 'hacker' may conjure up visions of a malevolent teenager
in a bedroom in some remote corner of the world, or a shadowy presence on the Dark Web, you
should acknowledge the potential for a disgruntled or heavily indebted employee to steal
intellectual property or commit cyber-enabled economic fraud.

Page 14 of 15
_______________________________ Fundamentals Of Computer Ethics

Step #3: Assess your vulnerabilities.

There are a growing number of tools (many of which are free) that you can use to scan your
network and determine what services you are running, to determine whether your software
versions are up to date, and to look for known vulnerabilities. There are also tools that will allow
your IT administrator to run pre-defined exploits against your own systems and use brute-force
attacks against your end users. You may wish to go one step further and appoint an outside security
specialist to gauge your company's resilience through penetration testing, in much the same way
as vehicle manufacturers use 'tame' burglars to break into cars.

Step #4: Identify potential business impacts and likelihoods.

Carry out a business impact analysis to determine the effects or consequences – financial,
operational, and reputational – of a cyber-attack on your business and who would be affected. If
you have a business continuity plan or resilience plan, you should already have a clear picture of
the costs linked to IT failures or business interruption. If not, a specialist can guide you through
this process, and ready-to-use questionnaires are available to help you collect information from
various parts of your business.

Step #5: Identify and prioritize your risk responses.

Once you understand the potential impact of a cyber-attack on your business, you can start to
prioritize how you will resolve any immediate flaws in your security. If you make any changes to
your system security, test them to ensure you have not only closed the holes but that the changes
haven't negatively impacted any of your other systems. Since people can be your greatest security
liability, ensure rules and best practices are documented in policies, and undertake a regular
program of staff education on the risks that come from today's interconnected ways of doing
business.

Page 15 of 15