Ethics, Security, and Privacy What’s Right, What’s Wrong, and How Do I Protect Myself? Chapter 9

©2003 The McGraw-Hill Companies Student Learning Outcomes 1.Define ethics and describe what it means to use computers in an ethical fashion 2.Define copyright, Fair Use Doctrine, and pirated software 3.Identify and describe five types of threats in cyberspace

©2003 The McGraw-Hill Companies Student Learning Outcomes 4.Describe the seven types of hackers and what motivates each group 5.Define privacy and identify ways in which it can be compromised 6.Describe what you can do to protect yourself in cyberspace

©2003 The McGraw-Hill Companies Introduction Today’s society has become increasingly dependent on computers to create, store, and manage critical information. As such, it is vital to ensure that both the computers and the information they contain are protected from loss, damage, and misuse.

©2003 The McGraw-Hill Companies 9.1 Ethics Ethics – actions that have serious consequences in the lives of others. Right or wrong actions Manners – our day to day behavior toward others in situations whose effects are not likely to be far-reaching. Polite or rude behavior Societal rules fall into one of two categories

©2003 The McGraw-Hill Companies Ethics in the Use of Computers Generally it is unethical to: –Use your computer to harm others –Use your computer to steal –Abuse your power –Use or access someone else's computer resources without permission –Copy copyrighted software for your own use or to give to others. This is also illegal

©2003 The McGraw-Hill Companies Ethics and Computers Copyright –Legal protection for the expression of an idea –It is illegal to copy a copyrighted video game or other software without permission Fair Use Doctrine –Defines situations in which copyrighted material may be used Pirated software –Copyrighted software that is copied and distributed without permission of the owner p Fig. 9.1

©2003 The McGraw-Hill Companies Software TypeYour Rights CopyrightBuy a license to use it SharewareTry before you buy FreewareUse, copy, share Public DomainUse, copy, share, sell p Fig. 9.2

©2003 The McGraw-Hill Companies 9.2 Threats in Cyberspace Computers used as Weapons to: Snoop into private files Spread rumors & harass people Steal credit card numbers Steal personal identities Steal money & customer lists

©2003 The McGraw-Hill Companies Hackers Computers as Targets of Crime Cyberterrorists Script Bunnies Hacktivists Crackers

©2003 The McGraw-Hill Companies Credit Card Fraud Skimmers – that scan the number off credit cards Magnetic strip readers – that read the name, number, expiration date, and a unique code off the card as well as the number Magnetic strip readers – that read the name, number, expiration date, and a unique code off the card as well as the number Break into databases of credit card bureaus, banks, or other institutions that keep credit card records Break into databases of credit card bureaus, banks, or other institutions that keep credit card records

©2003 The McGraw-Hill Companies Identity Theft Identity theft is the impersonation by a thief of someone with good credit The thief essentially uses the victim’s credit to steal products and services

©2003 The McGraw-Hill Companies Crime & Scams in Cyberspace Travel and vacation fraud Get-rich schemes Phone fraud Health care fraud

©2003 The McGraw-Hill Companies Two Most Notorious Types of Malware Viruses Denial-of- Service Attacks

©2003 The McGraw-Hill Companies Computers as Targets Computer virus Macro virus Worm Virus hoax Denial-of-Service (DoS) attack Combination Worm/DoS

©2003 The McGraw-Hill Companies Viruses: Common Types Virus Hoax distributed with the intention of frightening people about a nonexistent virus Worm Spreads itself from computer to computer via and other Internet traffic Macro Viruses spread by binding themselves to software such as Word or Excel.

©2003 The McGraw-Hill Companies The Love Bug Worm p Fig. 9.6

©2003 The McGraw-Hill Companies Computers as Targets - cont. Denial-of-service (DOS) attacks cause thousands of access attempts to a Web site over a very short period of time, overloading the target site and shutting it down – i.e., Ping of Death Denial-of-service (DOS) attacks cause thousands of access attempts to a Web site over a very short period of time, overloading the target site and shutting it down – i.e., Ping of Death Combined Worm/DoS is a form of malware that combines a worm’s ability to propagate and denial-of-service attack’s ability to bring down a Web site. i.e., Code Red Combined Worm/DoS is a form of malware that combines a worm’s ability to propagate and denial-of-service attack’s ability to bring down a Web site. i.e., Code Red

©2003 The McGraw-Hill Companies Denial-of-Service Attack p Fig. 9.7

©2003 The McGraw-Hill Companies The Perpetrators Thrill-seeker hackers Black-hat hackers Crackers Hactivists Cyberterrorists Script bunnies White-hat or ethical hackers

©2003 The McGraw-Hill Companies Perpetrators: Hacker Definitions Thrill-seeker hackers are hackers without evil intentions Black-hat hackers are hackers with malicious intent – they’re cyber vandals Crackers are hackers who hack for profit Hacktivists are hackers who use the Internet to send a political message of some kind

©2003 The McGraw-Hill Companies Perpetrators: Hacker Definitions Cyberterrorists are hackers who seek to cause harm to a lot of people or to destroy critical systems or information Script bunnies are people who would like to be hackers but don’t have much technical expertise White-hat or ethical hackers are hackers who legitimately, with the knowledge of the owners of the IT system, try to break in to find where the vulnerable areas are located and fix them

©2003 The McGraw-Hill Companies 9.3 Privacy Matters Privacy is the right … –To be left alone –To have control over your personal information –To not be observed without your consent Privacy is the right to be free of unwanted intrusion into your private life  SimNet Concepts Support CD: “Privacy Issues”

©2003 The McGraw-Hill Companies Snooping by Others Snoopers can install key logger or key trapper software to record: –Key strokes and mouse clicks – , instant messages, chat room exchanges –Web sites visited –Applications run –Passwords Screen capture programs can be used to periodically record what’s on the screen

©2003 The McGraw-Hill Companies is Not a Private Matter is completely insecure Sent is copied and stored, at least temporarily, on four or more different computers

©2003 The McGraw-Hill Companies is Stored on Many Computers p Fig. 9.8

©2003 The McGraw-Hill Companies Information On Your Buying Habits & Preferences Information volunteered for something you want Information collected by having direct contact with a company –Web sites collect information through cookies Information sold from one company to another

©2003 The McGraw-Hill Companies Accepting Cookies p Fig. 9.11

©2003 The McGraw-Hill Companies Companies Use Internet Tools Sniffers are software that sits on the Internet analyzing traffic to find out who you are Web tracking is used to track your Internet activity Spam is electronic junk mail, usually from businesses attempting to sell you products and services Spoofing is forging the return address on an e- mail so that the message appears to come from someone other than the sender

©2003 The McGraw-Hill Companies Government Records NCIC (National Crime Information Center) –Is a huge database with information on the criminal records of more than 20 million people IRS (Internal Revenue Service) –Has income information on all tax payers. –Has access to other databases The Census Bureau –Collects information every 10 years on all the U.S. inhabitants the agency can find

©2003 The McGraw-Hill Companies 9.4 How To Protect Yourself Security in cyberspace transactions –If you buy goods and services, use common sense –Be just as careful as you are in the brick-and- mortar world

©2003 The McGraw-Hill Companies Protect Your Computer and Files Three rules that should be remembered: –If it can be stolen, lock it up –If it can be damaged, back it up –If it can come in and do damage, block it

©2003 The McGraw-Hill Companies Snooping by Others You can get free programs to disable activity-monitoring programs like Spectro Pro –Privacy Companion –Who’s Watching Me

©2003 The McGraw-Hill Companies is Never Private can be encrypted using products such as: –ZixMail –CertifiedMail –PrivacyX –SafeMessage –Disappearing

©2003 The McGraw-Hill Companies Security in Cyberspace: Credit Card and Identity Theft Give information only to reputable companies that you trust Use only secure sites, i.e., Never give out your social security number unless the law demands it Use passwords of at least 10 characters and numbers Use different passwords for different systems/sites

©2003 The McGraw-Hill Companies Security in Cyberspace: Dot.Cons Be skeptical about extraordinary performance or earnings potential Always read the fine print Always look at the site’s privacy policy Be wary of a company that doesn’t clearly state its name, address, or phone number Immediately report any fraudulent, deceptive, or unfair practices to the Federal Trade Commission

©2003 The McGraw-Hill Companies Security in Cyberspace Protect personal information Use anti-tracking software Avoid spam Use a firewall

©2003 The McGraw-Hill Companies Protecting a Computer or Network from Intruders Firewalls check and examine each message and permits nothing to enter or leave that shouldn’t. –McAfee’s Personal Firewall –Zone Labs’ ZoneAlarm Home router such as Linksys can be set up to check all incoming traffic and deny access to any that looks suspicious  SimNet Concepts Support CD: “Security Issues”

©2003 The McGraw-Hill Companies

9.5 Key Terms Black-hat hacker Cookie Copyright Cracker Cyberterrorists Denial-of-service attack Ethics Fair Use Doctrine Firewall Hacker Hacktivist Identity theft Key logger (key trapper) software Macro virus Malware

©2003 The McGraw-Hill Companies 9.5 Key Terms Pirated software Privacy Script bunny (script kiddie) Sniffer Spam Spoofing Thrill-seeker hacker Virus hoax White-hat or ethical hacker Worm

©2003 The McGraw-Hill Companies Review of Concepts 1.Sensible Internet Use and Good Manners  Should you forward personal you receive? 2.Napster, Kazaa, and Other Music Sites  In 2002, Napster left the Web for good

©2003 The McGraw-Hill Companies Hands On Projects E-Commerce 1.Browsing the Web Anonymously  Can you hide your movements in cyberspace? 2.Renting a Hotel Room 3.Making Airline Reservations

©2003 The McGraw-Hill Companies Hands On Projects Ethics, Security & Privacy 1.Expedia.com Helps to Find the Killer  Doesn’t it only help find flights, hotel rooms, rental cars, and the like?

©2003 The McGraw-Hill Companies Hands On Projects on the Web 1.Want to Know Your IP Address? 2.Codes of Ethics  See what the professionals have to say 3.Parental Control Software Packages 4.What Polymorphic Viruses Are Floating around Cyberspace?  Viruses that change form to evade detection?

©2003 The McGraw-Hill Companies Hands On Projects Group Activities 1.How Does HIPAA Protect Your Personal Health Information 2.Helping a Friend 3.Providing Personal Information 4.Ethics and Laws 5.Debating Privacy 6.Digital Signatures and Certificates