Chapter Managing Information Systems Ethics and Crimes Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006

10-2 Learning Objectives

10-3 Learning Objectives

10-4 The Three Waves of Change (I) The Third Wave by Alvin Toffler describes three phases or “waves of changes” First wave o A civilization based on agriculture and handwork o Relatively primitive stage o Lasted thousands of years

The Three Waves of Change (II) Second wave o The Industrial Revolution o Began at the end of the 18 th century and lasted about 150 years Third wave o The Information Age o Information becomes the currency 10-5

10-6 Computer Literacy Computer literacy o Necessary skill in today’s world o May be the difference between being employed or unemployed o Many different jobs involve the use of computers

10-7 Digital Divide Major ethical challenge New class system of power o Power comes from knowledge The gap in the US is shrinking o Rural communities, the elderly, people with disabilities, and minorities lag behind national averages Widening gap between developed and developing countries

10-8 Learning Objectives

10-9 Computer Ethics Issues and standards of conduct pertaining to the use of information systems 1986 – Richard O. Mason article o Most ethical debates relate to Information privacy Information accuracy Information property Information accessibility

10-10 Information Privacy What information should you have to reveal? Information you might want to keep private: o Social security number o Medical history o Family history Identity theft o Fastest growing “information” crime o Biometrics for better protection

10-11 Information Privacy Companies seem to know about our every move – how much information do we need to reveal? Amazon.com is famous for personalization What are the costs?

10-12 How to Maintain Your Privacy Online Review the privacy policy of the company with which you are transacting The policy should indicate: o What information is being gathered about you o How the seller will use this information o Whether and how you can “opt out” of these practices Additional tips: o Choose Web sites monitored by independent organizations o Avoid having cookies left on your machine o Visit sites anonymously o Use caution when requesting confirmation

10-13 Avoid Getting Conned in Cyberspace U.S. Federal Trade Commission compiled a list of advices (List of top 10 things not to do)

10-14 Top 10 List of Things Not to Do (II)

10-15 Information Accuracy Ensuring of the authenticity and fidelity of information High costs of incorrect information o Banks o Hospitals Difficult to track down the person who made the mistake

10-16 Information Property Who owns information about individuals? How can this information be sold and exchanged?

10-17 Data Privacy Statements Company maintaining the database with customer information legally owns it o Is free to sell it o Cannot sell information it agreed not to share o Must insure proper data handling practices

10-18 Spam, Cookies and Spyware Spam o Unsolicited promoting products or services o CAN-SPAM Act of 2003 o Little protection available Cookies o Text file storing Web browsing activity o Can opt for cookies not to be stored o Web sites might not function properly without cookies Spyware o Software used for data collection without the users’ knowledge o Unlikely this activity will become illegal anytime soon

10-19 Combating Spyware Windows defender o Spyware monitoring and removal Others Include: o Ad-aware o Spybot Search & Destroy

10-20 Cybersquatting The practice of registering a domain name and later reselling it Some of the victims include o Panasonic, Hertz, Avon Anti-Cybersquatting Consumer Protection Act in 1999 o Fines as high as $100,000 o Some companies pay the cybersquatters to speed up the process of getting the domain

10-21 Information Accessibility Who has the right to monitor the information? E.g., capture by Carnivore

10-22 Carnivore Developed to monitor all communication by the government In 2005 FBI abandoned Carnivore for commercially available software

10-23 Legal Support for Electronic Communication Privacy Little support available 1986 – Electronic Communications Privacy Act (ECPA) o Mostly geared towards protecting voice communication privacy o No other laws protect privacy o Some states define rules for companies Need to be open about monitoring policies Need to use good judgment

10-24 Need for a Code of Ethical Conduct Many businesses have guidelines for appropriate use Universities endorse guidelines proposed by EduCom Responsible computer use (based on work of the Computer Ethics Institute) prohibits: 1. Using a computer to harm others 2. Interfering with other people’s computer work 3. Snooping in other people’s files

Information Systems Today: Managing in the Digital World Need for a Code of Ethical Conduct Responsible computer use prohibits (continued): 4. Using a computer to steal 5. Using a computer to bear false witness 6. Copying or using proprietary software without paying for it 7. Using other people’s computer resources without authorization 8. Appropriating other people’s intellectual output 10-25

10-26 Learning Objectives

10-27 Computer Crime Using a computer to commit an illegal act o Targeting a computer – unauthorized access o Using a computer to commit an offense o Using a computer to support a criminal activity Overall trend of computer crime declining

10-28 Types of Computer Crimes and Financial Losses Figures based on a survey of 639 organizations

10-29 Financial Impact of Virus Attacks Losses from computer crime can be tremendous o $14.2 billion in estimated losses due to viruses alone in 2005

10-30 Unauthorized Computer Access Using computer systems with no authority to gain such access Other examples from the media o Employees steal time on company computers to do personal business o Intruders break into government Web sites and change information displayed o Thieves steal credit card numbers and buy merchandise

10-31 Unauthorized computer access Frequency of successful attacks is declining

10-32 Federal and State Laws Two main federal laws against computer crime 1. Computer Fraud and Abuse Act of 1986 Prohibits Stealing or compromising data Gaining access to computers owned by the U.S. government Violating data belonging to financial institutions Intercepting communication between foreign countries Threatening to damage computer systems in order to gain profit o 1996 Amendment prohibits Dissemination of computer viruses and other harmful code

10-33 Federal and State Laws (II) Electronic Communications Privacy Act of 1986 o Breaking into any electronic communication service is a crime USA PATRIOT Act of 2002 o Controversial law o Investigators may monitor voice communication Other laws o Patent laws protect some software and hardware o Right to Financial Privacy Act o All 50 states passed laws prohibiting computer crime

10-34 Computer Forensics Use of formal investigative techniques to evaluate digital information o Evaluation of storage devices for traces of illegal activity Now common in murder cases o Restoration of deleted files

10-35 Hacking and Cracking Hackers o Individuals gaining unauthorized access o Motivated by curiosity o No intentions to do harm Crackers o Break into computers with the intention of doing harm Hacktivists o Break into computer systems to promote political or ideological goals

10-36 Who Commits Computer Crimes? No clear profile Four groups of computer criminals 1. Current or former employees 85-95% of theft from businesses comes from the inside 2. People with technical knowledge committing crimes for personal gain 3. Career criminals using computers to assist them in crimes 4. Outside crackers hoping to find information of value About 12% of cracker attacks cause damage

10-37 Types of Computer Crimes

10-38 Types of Computer Crimes (II)

10-39 Software Piracy Legal activities o Making one backup copy for personal use o Sharing free software (shareware or public domain software) Illegal activities o Making copies of purchased software for others o Offering stolen proprietary software (warez peddling) Applicable copyright laws o 1980 Computer Software Copyright Act o 1992 Act making software piracy a felony o 1997 No Electronic Theft Act

10-40 Software Piracy Is a Global Business Worldwide losses for 2005 estimated at $34 billion Some factors influencing piracy around the world o Concept of intellectual property differs between countries o Economic reasons for piracy o Lack of public awareness about the issue

10-41 Computer Viruses and Other Destructive Code Malware (malicious software) o 1,400 new pieces released in one month o Viruses Reproduce themselves Usually delete or destroy files Boot sector viruses File infector viruses Viruses can spread through attachments

10-42 How a Computer Virus is Spread

10-43 Worms, Trojan Horses and Other Sinister Programs Worm o Does not destroy files o Designed to copy and send itself o Brings computers down by clogging memory Trojan horse o Does not copy itself o Often remains hidden to the user Logic bombs and time bombs o Variations of Trojan horse o Do not disrupt computer function until triggering event/operation

10-44 Internet Hoaxes False messages circulated online o New viruses (that don’t exist) told recipients to erase a file that was actually a part of Windows operating system o Collection of funds for certain group Cancer causes o Possible consequences Spammers harvesting addresses from hoaxes

10-45 Learning Objectives

10-46 Cyberwar Military’s attempt to disrupt or destroy other country’s information and communication systems o Goal is to diminish opponent’s communication capabilities o Used in concert with traditional methods

Cyberwar vulnerabilities 1. Command and control systems 2. Intelligence collection and distribution systems 3. Information processing and distribution systems 4. Tactical communication systems and methods 5. Troop and weapon positioning systems 6. Friend-or-foe identification systems 7. Smart weapons systems 10-47

10-48 Cyberterrorism Governments not involved Can be launched from anywhere in the world Goal is to cause fear, panic and destruction Cyberterrorism will likely become weapon of choice

10-49 Categories of Potential Cyberterrorist Attacks

10-50 Use of Internet in Terrorist Attacks

10-51 Use of Internet in Terrorist Attacks (II)

10-52 Assessing the Cyberterrorism Threat The U.S. Department of Defense o Popular target for hackers and crackers o attempts a day o Some successful attacks 1991 – Gulf War oDutch crackers stole information about the movement of U.S. troops and offered it for sale to Iraq oIraqis turned down the offer 2000 – United States presidential elections oWeb sites targeted with political motives oDoS attacks launched 2003 – Romanian cracker compromised systems housing life support control for 58 scientists and contractors in Antarctica

10-53 Obstacles to Cyberterrorism 1. Computer systems are complex and attacks may not have desired outcome 2. Fast changing security measures 3. Cyberattacks rarely cause physical harm to victims

10-54 The Globalization of Terrorism Increasing dependence on technology Increasing possibilities of cyberterrorism International laws and treaties must evolve Likelihood of large attacks is small o Successful large attack would require Intelligence information Years of preparation At least $200 million

End of Chapter Content 10-55

10-56 Opening Case: BitTorrent Napster o 1999 – 2001 existence of a free peer-to-peer file sharing system MPAA and music artists filed series of lawsuits $ 26 million awarded in damages o Today – downloading for a fee BitTorrent o Protocol designed for transferring files o Types of users Leechers – users who download content but don’t contribute Seeders – download and contribute content o Use of BitTorrent in the entertainment industry Warner Brothers – In2Movies – users can download movies for a fee

10-57 Judy McGrath, Chairman and CEO of MTV Networks Career at MTV o 1981 – MTV Network established McGrath works as on-air promotions writer o 1991 – McGrath responsible for all programming, music, production and promotion o 1993 – McGrath became president of the network o 2004 – McGrath became chairman and CEO MTV programming o Controversial o Sense of social responsibility

10-58 Wikipedia Free online encyclopedia 4 million entries Anyone can write or edit articles 2006 expert led accuracy study o Wikipedia compared to Encyclopedia Britannica o Both sources erroneous in scientific articles with small differences in accuracy Wikipedia – 4 errors on average per science article Encyclopedia Britannica – 3 errors on average per science article o Wikipedia articles often intentionally modified to misrepresent the truth

10-59 Bundled Services Telecommunications services o Telephone service, cable TV and Internet connection bundled together Companies advertise cost savings “Hooking” customers on a bundled service makes them less likely to switch Consumers not always happy with the deal Better tailoring to the customers’ needs necessary

10-60 Attacks on the Net Hackers first started in the 1960s o Quest for greater knowledge about computers o Belief in free exchange of information Crackers o Malevolent desire to disrupt networks o Often done to prove certain “cleverness” o For profit by fired employees 2000 – five major companies brought down by DoS attacks (Yahoo!, Amazon.com, eBay, Buy.com, and CNN Interactive) o 2005 – perpetrator sentenced to 18 months in prison

10-61 Ethical Hacking Mark Maiffret o Started as a hacker o Now designs and sells software for companies to secure their networks against hackers eEye Digital Security o Maiffret – Chief Hacking Officer o Software prevents unauthorized access o Don’t hire anyone with a criminal record – “good” hackers don’t get caught

10-62 The Liquid Lens Used in portable devices High-resolution images without increase in lens size Lenses available o Varioptic Developed based on electrowetting – the tendency of water to spread on a substrate 2 liquids of equal density sandwiched between two windows in a conical vessel o Fluidlens Made of water and looks like a contact lens Advantages o No movable parts with high durability o Low power consumption o Optical quality of liquid better than glass or plastic

10-63 Cybercops Track Cybercriminals Federal level o Computer Crime and Intellectual Property Section (within the Justice Department) o Computer and telecommunications crime coordinator Assistant U.S. attorney – every federal judicial district has at least one State level o Crime investigation unit FBI o Computer crime squads in 16 metropolitan areas o National Infrastructure Protection Center acts as a clearinghouse Available software o Software Forensic Tool Kit o Statewide Network and Agency Photos (SNAP) o Automatic Fingerprint Identification System o Classification System for Serial Criminal Patterns