 Computers cause new ethical problems

 Computer ethics uses basic ethical principles to help you make

the right decisions
 Ethical Principles
◦ Ethical principles are tools which are used to think through
difficult situations
◦ Three useful ethical principles:
 An act is ethical if, were everyone to act the same, society
benefits from it
 An act is ethical if people are treated as ends and not as a
means to ends
 An act is ethical if it is fair to all parties involved
 Don't use a computer to harm other people
 Don't interfere with other people’s computer work
 Don't snoop around in other people’s files
 Don't use a computer to steal
 Don't use a computer to bear false witness
 Don't copy or use proprietary software for which you have not
paid
 Don't use other people’s computer resources without
authorization or proper compensation
 Don't appropriate other people’s intellectual output
 Think about the social consequences of the program
you write or the system you design
 Use a computer in ways that show consideration and
respect for your fellow humans
 Netiquette refers to the
guidelines that involve
showing respect for others and
yourself while you are online
 Green computing
◦ Environmentally sensible computing.
◦ Computers drain critical resources such as electricity and
paper.
◦ Produce unwanted electrical, chemical and bulk waste side-
effects.dat
 Energy STAR guidelines
◦ Ensure energy- efficient PCs, monitors, and printers
 Product stewardship policy
◦ Responsible consideration of technology during and after its
useful life
 Ergonomics
◦ Study of relationships between people and the things they
use
 Reasons for concern
◦ Video Operator’s Distress Syndrome (VODS)
◦ Cumulative Trauma Disorder (CTD)  can lead to a
permanent disability of motor skills
◦ Carpal Tunnel Syndrome (CTS)
◦ Repetitive-Stress Injury (RSI)
◦ Mental stress, eye strain, headaches, muscular injuries and
skeletal injuries.
 Companies should:
◦ Provide users flexibility: one size fits all does not work
 Occupational Safety and Health Administration (OSHA)
regulations
 It is important to train employees: how to analyze their
workstations and make necessary adjustments (lowering
monitor contrast and brightness or increasing chair
lumbar support)
 Please visit the site below for more detailed information
http://www.osha.gov/SLTC/etools/computerworkstations/in
dex.html
 A business must protect its data from:
◦ Loss or damage
◦ Misuse or errors
◦ Unauthorized access
 Backup procedures are used to protect data from loss
 It is the organization’s responsibility to ensure that its data is
as complete as possible
 Divulging customer data without asking permission is
considered unethical behavior by privacy advocates
 Common abuses that should be discussed with employees:
◦ Sending and receiving frivolous e-mail
◦ Non-business Internet browsing
◦ Gaming on company time
◦ Toying with the technology
 Whistle-blowing refers
to employees reporting
their company’s
dangerous or illegal
acts to regulatory
agencies or the press
 Some laws exist to
protect whistle-blowers,
but many find
themselves unemployed
and blacklisted
 Tax data  Financial data
 Education data  Miscellaneous data
 Medical data
 Driver and crime data
 Census data
 Insurance data
 Lifestyle data
 Credit data
 World Wide Web data
 Employment data
 Profiling
◦ Using data such as credit card purchases to determine
something about a person
 Violating the privacy of personal information
◦ Cookie
 file that contains information about a user, collected by
Web sites
◦ Computer monitoring
 using technology to monitor employees
 A software virus is a parasitic program written intentionally to
alter the way your computer operates without your permission
or knowledge.
 A virus attaches copies of itself to other files such as program
files or documents and is inactive until you run an infected
program or open an infected document. When activated, a
virus may damage or delete files, cause erratic system
behaviour, display messages or even erase your hard disk.
 A virus may spread through email and instant messenger
attachments, through infected files on floppy disks or CD-
ROMs, or by exploiting a security flaw in Microsoft
Windows.
 Types of computer viruses
◦ Macro virus
◦ A zombie
◦ Trojan horse
◦ Worm
◦ Macro language
 programming language for application software
 Macros are simple programs that can be written to automate
repetitive tasks in a document or make calculations in a
spreadsheet. Macros can be written in documents created by
Microsoft Word, in spreadsheets created by Microsoft Excel
and in many other kinds of documents.
 Macro viruses are malicious macro programs that are designed
to replicate themselves from file to file and can cause damage
to the files on your computer. They spread whenever you open
an infected file.
 A Zombie is a dormant program that lies inactive on a
computer. It can be activated remotely to aid a collective
attack on another computer. Zombies don’t normally damage
the computer on which they reside but can damage other
computers.
 Zombies often arrive as email attachments and when the
attachment is opened they install themselves secretly and then
wait to be activated.
 Trojan horses are programs that appear to serve some useful
purpose or provide entertainment, which encourages you to
run them. But these programs also serve a covert purpose,
which may be to damage files, to place a virus on your
computer or to allow a hacker to gain access to your machine.
More commonly these days, you can be enticed into running a
Trojan by clicking a link on a viral web site or in an email.
 Trojans that allow a hacker to gain access to your machine,
called Remote Access Trojans (RATs), are particularly
prevalent at the moment.
 Worms are programs that replicate and spread, often opening a
back door to allow hackers to gain access to the computers
that they infect.
 Worms can spread over the Internet by exploiting security
flaws in the software of computers that are connected to the
Internet. Worms can also spread by copying themselves from
disk to disk or by email.
 A Phishing attack is when you are are sent an email that
asks you to click on a link and re-enter your bank or
credit card details. These emails can pretend to be from
banks, Internet service providers, on-line stores and so
on, and both the email and the web site it links to
appear genuine. When you enter your bank or credit
card details they are then used fraudulently.
While your computer is connected to the Internet it can be
subject to attack through your network communications.
Some of the most common attacks include:
 Bonk – An attack on the Microsoft TCP/IP stack that can
crash the attacked computer.
 RDS_Shell – A method of exploiting the Remote Data
Services component of the Microsoft Data Access
Components that lets a remote attacker run commands
with system privileges.
 WinNuke – An exploit that can use NetBIOS to crash
older Windows computers.
 Users can be enticed, often by email messages, to visit web
sites that contain viruses or Trojans. These sites are known as
viral web sites and are often made to look like well known
web sites and can have similar web addresses to the sites they
are imitating.
 Users who visit these sites often inadvertently download and
run a virus or Trojan and can then become infected or the
subject of hacker attacks.
 Spyware, Adware and Advertising Trojans are often installed
with other programs, usually without your knowledge. They
record your behaviour on the Internet, display targeted ads to
you and can even download other malicious software on to
your computer. They are often included within programs that
you can download free from the Internet or that are on CDs
given away free by magazines.
 Spyware doesn’t usually carry viruses but it can use your
system resources and slow down your Internet connection
with the display of ads. If the Spyware contains bugs (faults) it
can make your computer unstable but the main concern is your
privacy.
 Virus hoaxes are messages, usually sent by
email, that amount to little more than chain
letters. They pretend to alert you to the latest
"undetectable" virus and simply waste your
time and Internet bandwidth. The best course
of action is to delete these hoaxes - they can
cause genuine fear and alarm in the disabled,
elderly and other vulnerable groups.
 If a wireless access point, e.g. an ADSL (Broadband) Router,
hasn't been secured then anyone with a wireless device
(laptop, PDA, etc) will be able to connect to it and thereby
access the Internet and all the other computers on the wireless
network.
Bluesnarfing
 The act of stealing personal data, specifically calendar and
contact information, from a Bluetooth enabled device .
 Tricking computer users into revealing computer security or
private information, e.g. passwords, email addresses, etc, by
exploiting the natural tendency of a person to trust and/or by
exploiting a person's emotional response.
 Example 1: Spammers send out an email about victims of
child abuse and provide a link to click in the email for further
information or to help the victims. When the link is clicked the
spammers know the email address is "live" and add it to their
live list which they then use to target their spam.
 Example 2: A company computer user is tricked into revealing
the network password by someone on the telephone who is
impersonating the voice of an employee in authority and who
has a story of distress.
 The average Microsoft Word, Excel, etc document includes
hidden metadata with details of who created it, who has
worked on it, when it has been amended and quite possibly the
text of all those changes as well. Viewing a Word document in
a text editor can reveal the metadata in plain text at the start
and finish of the document.
 Sources of computer viruses
◦ Internet
◦ Diskettes and DVDs/CD-ROMs
◦ Computer networks
◦ Flash drives
 Virus protection
◦ Antivirus program – utility program that checks a PC for viruses and
removes any that are found
◦ Delete e-mails sent from unknown addresses
◦ Never open an attachment unless you know what it is
◦ Only download files from the Internet from legitimate sources
◦ Update antivirus software weekly
◦ Back up files periodically
 Salami technique
◦ Illegal transferring of tiny amounts of money into the
criminal’s account
 Data diddling
◦ Changing data
 Computer matching
◦ Tool used by law enforcement
Data Diddling
http://oreilly.com/catalog/crime/chapter/cri_02.html
• Scavenging
 Searching for discarded information

Dumpster
Diving
http://oreilly.co
m/catalog/crime
/chapter/cri_02.
html
http://www.thesecurityawarenesscompany.com/
Ethics.html
 Hackers
Hacking means finding out weaknesses in a computer or
computer network and exploiting them, though the term can also
refer to someone with an advanced understanding of computers
and computer networks.
 A white hat hacker breaks security for non-
malicious reasons, perhaps to test their own
security system or while working for a security
company which make security software. The term
"white hat" in Internet slang refers to an ethical
hacker. This classification also includes individuals
who perform penetration tests and vulnerability
assessments within a contractual agreement. The
International Council of Electronic Commerce
Consultants, also known as the EC-Council has
developed certifications, courseware, classes, and
online training covering the diverse arena of
Ethical Hacking.
 A Black Hat Hacker is a hacker who "violates
computer security for little reason beyond
maliciousness or for personal gain" Black Hat
Hackers form the stereotypical, illegal hacking
groups often portrayed in popular culture, and are
"the epitome of all that the public fears in a
computer criminal". Black Hat Hackers break
into secure networks to destroy data or make the
network unusable for those who are authorized to
use the network. They choose their targets using
a two-pronged process known as the "pre-
hacking stage."
 A grey hat hacker is a combination of a Black Hat and a White
Hat Hacker. A Grey Hat Hacker may surf the internet and hack
into a computer system for the sole purpose of notifying the
administrator that their system has been hacked, for example.
Then they may offer to repair their system for a small fee
 A script kiddie (or skiddie) is a non-
expert who breaks into computer
systems by using pre-packaged
automated tools written by others,
usually with little understanding of
the underlying concept—hence the
term script (i.e. a prearranged plan or
set of activities) kiddie (i.e. kid,
child—an individual lacking
knowledge and experience,
immature).
 Jules has walked away from a lab computer without logging
off. Trish sits down and, still logged in as Jules, sends
inflammatory e-mail messages out to a number of students and
posts similar messages on the class newsgroup.
 Industrial espionage
◦ theft of business information
 Masquerading
◦ Illegally obtaining user passwords and accounts
 Tailgating
◦ Sitting at a terminal that a legitimate user forgot to sign off
of
Masquerading
http://oreilly.com/catalog/crime/chapter/c
ri_02.html
Password Sniffing
http://oreilly.com/catalog/crime/chapter/c
ri_02.html
 Trapdoor
◦ Trojan horse that provides undetected access to the
computer system
 Scanning
◦ using a computer to step through possible four-digit access
code
 Superzapping
◦ using a computer program to bypass security on a system
Scanning
http://oreilly.com/catalog/crime/chapter/c
ri_02.html
 It seems like every time Melanie logs on to her account,
Stanley knows about it and sends messages that cover her
screen with text. At first she thinks it is funny, but now its
really starting to bother her. The messages reformat the text on
her screen and, besides, its kind of creepy the way he always
knows she’s logged on.
• Pumping and dumping
◦ giving bogus information about publicly traded companies
• Cyberstalking
◦ when a stalker uses the Internet to find victims
• Identity theft
 Piracy the unauthorized reproduction or use of a copyrighted
book, recording, television program, patented invention,
trademarked product, etc.: The record industry is beset with
piracy.
 Copyright infringement is the unauthorized use
of works under copyright, infringing the copyright
holder's "exclusive rights", such as the right to
reproduce or perform the copyrighted work, spread
the information contained within copyrighted
works, or to make derivative works. It often refers
to copying "intellectual property" without written
permission from the copyright holder, which is
typically a publisher or other business representing
or assigned by the work's creator.
• Site license
 allows a company to install software on more than one
computer
• Pilferage
 when a company does not buy a site license, but performs
multiple installs
 Crimes that involve the theft of hardware

 Crimes that involve the theft of data and information