CISB412 Ethics & IT Professional Practices Computer and

College of Information Technology, UNITEN ….getting more and more important… • Computers getting faster and less expensive • Utility of networked computers increasing • Shopping and banking • Social Media • Booking and reservations (flight, movies, …) • Managing personal information • Controlling industrial processes • Increasing use of computers  growing importance of

College of Information Technology, UNITEN Specific threats

• Hacking • • Cyber crime and cyber attacks • Online voting

College of Information Technology, UNITEN The original hackers (the good • guys)MIT’sOriginal Tech meaning Model of hacker: Railroad explorer, Club risk in taker, system 1950sinnovator • The history of model railroading parallels that of MIT, although the first student group, the Tech Model Railroad Club (TMRC), was not established until 1946. TMRC moved into the famous old Radiation Lab structure, Building 20, a year later and began constructing its first layout. Realism mattered and club members became fanatical in the design, fabrication, and operation of their quarter-scale world. Electrical Engineering Carlton Tucker was the faculty advisor who helped supply the club with sophisticated electronics. During peak membership years in the 1950s and 1960s, many TMRC members became interested in computers. Thanks to Tucker and Digital Equipment Corporation (DEC), club members began experimenting with such pioneering computers as the TX-0, PDP-1, and PDP-11. The group members became legends and were featured in Steven Levy’s paean, Hackers—Heroes of the ComputerSource: Revolution http:// . Today, the TMRC is considered by somemuseum.mit.edu/150/63 to beCollege the of Information Technology, UNITEN birthplace of hacker culture. The trains can still be seen at TMRC’s spring and fall Open House events. Evolution of the hackers (good turned political) • Hacking has a long (starting with TRMC) and variably honored history • One of the key elements of these hackers' work, was that the computers and software they hacked was open for modification, improvement and extension. • When you bought your computer it came with the source code to any programs bundled with it, in the full expectation that the owner would want to take it apart. • By 1980, the trend started to change. • and manufacturers began restricting copying, redistribution and modification of the software they provided. • "hacking" developed its political edge. • The discovery in 1980 that the licensing restrictions attached to the latest version of a printer at MIT's artificial intelligence lab launched 's lifetime career of writing and campaigning for free – as in free speech – software • In 1981, the Hamburg chaos computer club was founded; it rapidly became known for both exposing security flaws and for advocating freedom of information.Wendy M. Grossman, Modern 'hackers' are not worthy of the name, http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking-tradition

College of Information Technology, UNITEN The modern hackers (..and they became evil) • By the early 1990s, "hacker" had come to mean what it still means to many people: a very clever, computer- obsessed, (usually) young, (usually) male with maybe a shaky grasp on the ethics. The equivalent of joyriders, because of their abilities to operate weird, new technology and penetrate what should have been locked rooms, but largely motivated by bragging rights and the satisfaction of solving difficult puzzles. • the first version of the Computer Misuse Act was passed in 1990 inWendy the M. USA. Grossman, Modern 'hackers' are not worthy of the name, http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking-tradition

College of Information Technology, UNITEN The hackers today • A hacker is someone who seeks and exploits weaknesses in a computer system or . • Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment. • There are hackers who are politically-edged: • Wikileakers (freedom-of-information activist. They like to think of themselves as journalist) • Hacktivist (they claim that they are protesting actions they believe to be unfair, even morally bankrupt in a way that attracts public notice)

College of Information Technology, UNITEN The hackings

Wide variety of Sidejacking: Obtaining Login criminal • hijacking of an open Names and hacker-related Web session by : activities: capturing a user’s • Eavesdropping • Transmitting code that cookie • Dumpster damages a computer • Sidejacking possible diving • Accessing any - on unencrypted • Social connected computer wireless networks engineering without authorization because many sites • Transmitting classified send cookies “in government the clear” information • • Trafficking in computer community passwords complained about • Computer fraud sidejacking • Computer extortion vulnerability for College of Information Technology,years, but UNITEN ecommerce sites did not change practices Worm: Malware • Self-contained program • Spreads through a : network • Piece of self-replicating code • Exploits security holes in embedded within another networked computersMorris worm (1988) program (host) Robert Tappan Morris, Jr. • Graduate student at Cornell Viruses associated with Released worm onto Internet from MIT program files computer • Hard disks, floppy disks, • Effect of worm CD-ROMS Spread to significant numbers of • Email attachments computers • How viruses spread Infected computers kept crashing or • Diskettes or CDs became unresponsive • Email Took a day for fixes to be published Antivirus: • • Files downloaded from Impact on Morris • Suspended from Cornell Allow computerInternet users to detect and destroy viruses • Must be kept up-to-date to be most effective 3 years’ probation + 400 hours community service • Many people do not keep their $150,000 in legal fees and fines packages up-to-date • Today, Robert Tappan Morris is an • Consumers need to beware of fake antivirus American computer scientist and applications entrepreneur!!!! College of Information Technology, UNITEN : : A set of programs that provides MalwareProgram with benign privileged access to a computer capability that masks Activated every time computer is a sinister purpose booted Trojan: Uses security privileges to mask Trojan horse that its presence : gives attack access to Program that communicates Bot: victim’s computer over an Internet connection A kind of backdoor Trojan that responds to without user’s knowledge or commands sent by a command-and-control consent program on another computer Monitor Web surfing • First bots supported legitimate activities Log keystrokes Internet Relay Chat Take snapshots of computer Multiplayer Internet games screen • Other bots support illegal activities Send reports back to host Distributing spam computer Collecting person information for ID : theft Type of spyware that displays Denial-of-service attacks pop-up advertisements related : Collection of bot-infected to user’s activity computers controlled by the same Backdoor Trojans often used to command-and-control program College of Information Technology, UNITEN deliver spyware and adware Bot herder: Someone who controls a botnet Cyber Crime and Cyber Attacks

Phishing: Large-scale effort to gain sensitive information from gullible computer users At least 67,000 attacks globally in second half of 2010 New development: phishing attacks on Chinese e-commerce sites Spear-phishing: Variant of phishing in which email addresses chosen selectively to target particular SQL Injections:group of recipients Method of attacking a database-driven Web application with improper security Attack inserts (injects) SQL query into text string from to application Application returns sensitive information Denial-of-service attack: Intentional action designed to prevent legitimate users from making use of a computer service Aim of a DoS attack is not to steal information but to disrupt a server’s ability to respond to its clients Distributed denial-of-service attack: DoS attack launched from many computers, such as a botnet

College of Information Technology, UNITEN Cyber Crime

Criminal organizations making significant amounts of money form malware • Jeanson James Ancheta • Pharmamaster • Albert Gonzalez • Avalanche Gang

College of Information Technology, UNITEN Jeanson James Ancheta

Ancheta was going to Downey High School in California until 2001 when he dropped out of school. He later entered an alternative program for students with academic or behavioral problems. He worked at an Internet cafe and according to his family wanted to join the military reserves. Around June 2004 he started to work with after discovering rxbot, a common that could spread his net of infected computers. Hackers have for some time utilized Botnets for various purposes, but Ancheta set himself above the crowd by actively advertising his network of bots on Internet chat channels. A Web site Ancheta ran included a range of prices he charged people who wanted to rent out the machines, along with guidelines on how many bots were required to bring down a particular type of Web site.

College of Information Technology, UNITEN Blue Security: PharmaM Part I • An Israeli company selling a spam aster deterrence system Leonid Aleksandrovitch • Blue Frog bot would automatically Kuvayev is a Russian/AmericanKuvayev aka Alex Rodrigez respond to each spam message with an spammer[believed(born to be 13 the May ringleader 1972) of opt-out message one of the world's biggest spam gangs. • Spammers started receiving hundreds Anti-spam group Spamhaus.org currently of thousands of opt-out messages, features Kuvayev as #2 on its Top 10 disrupting their operations worst spammers list. In 2005, the • 6 of 10 of world’s top spammers attorney general of Massachusetts agreed to stop sending spam to users successfully sued Kuvayev for violations of Blue Frog of the CAN-SPAM Act - he and six Part II business partners were fined $37 million • PharmaMaster) started sending Blue Frog users 10-20 times more spam It was found that they were responsible • PharmaMaster then launched DDoS for millions of unsolicited e-mails per day. attacks on Blue Security and its According to Spamhaus he could be the business customers "Pharmamaster" spammer who • Blue Security could not protect its performed a denial-of-service attack customers from DDoS attacks and (DDoS) against the BlueSecurity Collegevirus-laced of Information emails Technology, UNITEN company. Kuvayev is also behind • Blue Security reluctantly terminated its countless phishing and mule recruiting sites hosted on botnets. anti-spam activities Ethical Evaluation

• What do you say on the morality of these individual’s actions? • Kantian evaluation • Robert Tappan Morris, Jr. • Social contract theory evaluation • Utilitarian evaluation • Jeanson James Ancheta • Benefits: ? • Leonid Aleksandrovitch • Harms: ? Kuvayev • Conclusion: ?

College of Information Technology, UNITEN Cyber attacks

Politically motivated Attacks on social networking

• Estonia (2007) • Massive DDoS attack made Twitter service unavailable for several hours on August 6, 2009 • Georgia (2008) • Three other sites attacked at same time: Facebook, • Georgia (2009) LiveJournal, and Google

• Exiled Tibetan Government (2009) • All sites used by a political blogger from the Republic of Georgia • and South Korea (2009) • Attacks occurred on first anniversary of war between Georgia • Stuxnet Worm (2009) and Russia over South Ossetia

College of Information Technology, UNITEN Cyberattacks on Estonia

• A series of cyber attacks began on 27 April 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters following the Estonia’s disagreement with Russia about the relocation of the Bronze Soldier of Tallinn (The Bronze Soldier of Tallinn is an elaborate Soviet-era grave marker, as well as war graves in Tallinn). • Most of the attacks that had any influence on the general public were DDoS type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. • Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare.

Ian Traynor,The Guardian 17 May 2007: Russia accused of unleashing cyberwar to disable Estonia College of Information Technology, UNITEN United States and South Korea (2009) 4th of July attack • DDoS attack on governmental agencies and commercial Web sites in United States and South Korea. • Attack may have been launched by North Korea in retaliation for United Nations sanctions • While most Americans were watching fireworks on July 4, hackers launched what would turn in to a multi-day denial-of-service attack against U.S. websites. The Associated Press reported that the cyber attack knocked out the websites of several government agencies including the U.S. Treasury, Secret Service, Transportation Department and the Federal Trade Commission. In addition, the attackers targeted the websites of the White House and the Pentagon but neither was severely disrupted. The attack later expanded to a number of other websites including the New York Stock Exchange, NASDAQ and the Washington Post. South Korean websites were also added to the list with many of the targets experiencing outages during the same time period. South Korean intelligence officials believe that North Korea initiated the attacks andhttp://www.innovationfiles.org/thoughts-on-4th-of-july-cyber-attacks/#sthash.2VauDgrL.dpuf today U.S. officials confirmed that the IP addresses of many of the attacks originated from North Korea.College Officials of Information have cautioned, Technology, however, UNITEN that there is no evidence that the Pyongyang government was involved. Supervisory Control and Data Acquisition (SCADA) Systems • Industrial processes require constant monitoring • Computers allow automation and centralization of monitoring • Today, SCADA systems are open systems based on Internet Protocol • Less expensive than proprietary systems • Easier to maintain than proprietary systems • Allow remote diagnostics • Allowing remote diagnostics creates security risk • TNB has a large SCADA installation

College of Information Technology, UNITEN SCADA Systems Carry Security Risks

College of Information Technology, UNITEN Let’s ponder…

Has the arrival of the internet done more harm than good?

College of Information Technology, UNITEN Would you mind if I hurt you? Understand that I need to Wish that I had other choices Than to harm the one I love What have you done now? I know I'd better stop trying You know that there's no denying College of Information Technology, UNITEN I won' show mercy on you now I know I should stop believing I know there's no retrieving It's over now, what have you done? -Within temptation