Ch.

9 Information system ethics and computer crime

9.1 information systems ethics

The information age arrives

Information privacy p.353

Information privacy is concerned with what information an individual should
have to reveal to others in the workplace or through other transactions, such as
online shopping
Personal information such as social security numbers, credit cards number,
medical histories is now available on the internet
Using search engines, everyone can find out almost anything that has been
posted by or about you on the internet e.g. personal blog (facebook)
Information crime grows faster. Identity theft is the stealing of another persons
social security number, credit card number to use the victims credit rating to
borrow money.
Unethical behavior and a crime are different. Identity theft is a crime.
Misuses of computers and information may not be crimes but would be
unethical behavior

How to maintain your privacy online p.354

You should always review the privacy policy of all companies you do business
with and refuse to do business without any clear policy or do not respect your
privacy
There are four steps to maintain personal privacy when shopping online
1st choose web site that are monitored by independent organizations
E.g. www.epubliceye.com
2nd avoid having cookies left your machine
Many commercial web sites leave cookies on your machine so that they
can monitor where you go and what you do on the site.
You should be careful to manage your browsers cookie settings or get
special cookie mgmt software
rd
3 visit sites anonymously
Using services provided by companies e.g. www.anonymizer.com
You have a high degree of privacy from marketers, identity thieves or even
coworkers when surfing the Web
th
4 use caution when requesting confirmation E-Mail
Using separate e-mail account to viewing a web browser and to make
online purchase is a good strategy
Because when you purchase online, companies will send you a confirming
 Ch.9 Information system ethics and computer crime

e-mail message to let you know the order was received.

Of coz there is no guarantees that all your online experiences will be problem free

Information accuracy
It is concern with ensuring the authenticity (real) and fidelity (accuracy) of
information and with identifying who is responsible for informational errors that
harm people.
Computer never make mistakes, we have come to expect this information to
be accurate.
Teller machines, computerized record systems should provide customers with
quick and accurate access to their account information. However, we continue
to hear about and experience record-keeping error at banks.
Data accuracy error will cause big problem , imagine hospital computer
appeared incorrectly on a patients chart it will result of the medicine that was
mistakenly dispensed to him
Computer-based information systems and the data within those systems are
only as accurate and as useful as they have been made to be.
Everyone must be concerned with data integrity, from the design of the system,
to the building of the system, to the person who actually enters data into the
system, to the people who use and manage the system.

Information property
It is focus on who owns information about individuals and how information can be
sold and exchanged. Such as name, address, e-mail
Data privacy statement
The company that maintains the database of customers or subscribers legally
owns the information and is free to sell it. Your information are all legally kept in
a company database to be used for the companys future mailings.
However, the company can sell its customers list to another company who want
to send mail to similar customers so this is the problem begin.

Spam, cookies and spyware p.359

When you purchasing a product, spam, cookies and spyware are the easy that
information property about individuals and organizations is being collected and
abused on the internet

Spam refers to unsolicited e-mail that promote a g/s or make some other type of
solicitation . Your e-mail address was sold to e-marketers if you have ever sign
 Ch.9 Information system ethics and computer crime

up for online, filled out a registration or bough a book online.

Cookie is a small text file on your computer that stores information about your
web-browsing activity at a particular site. Although you can choose to not accept the
storage of cookies, you may not be able to visit the site. E.g. New York Times online,
you have to accept cookies before you use their web site to do something

Spyware is any technology that is used to collect information about a person or

organization without their knowledge. It is a software that runs on a persons
computer to collect information about the user and to transmit this information to
some other party. Use the information for advertising purpose fortunately, there are
tools available to monitor and remove unwanted spyware.
Cybersquatting (squat )
It is the dubious (suspend) practice of registering a domain name, then trying to
sell the name for big bucks to person, company or organization
The victim of cybersquatting include Panasonic, Hertz

Digital rights mgmt (DRM)

It is a technological solution that allows publishers to control their digital media
(music, movies) to discourage, limit or prevent illegal copying and distribution.
It restrictions include which devices will play the media, how many devices the
media will play on and even how many times the media can be played
E.g. Apples iTunes prohibiting users from copying the media or even playing the
media on other non-apple devices.
DRM allow copyright holders to minimize sale losses by preventing
unauthorized duplication.
To remove DRM limitation, iTunes charge a 30 cent per song. Without DRM the
song can be easily moves and transferred to any device.
Watermark is an electronic version of physical watermarks placed on paper
currency to prevent counterfeiting

Information accessibility
It focuses on defining what information a person or organization has the right to
obtain about others and how this information can be accessed and used.

The need for a code of ethical conduct p.363

Responsible computer use p.364

 Ch.9 Information system ethics and computer crime

Public policy has issued guidelines for the ethical use of computers. The guidelines
prohibit,
Using computer to harm others
Interfering with other peoples computer work
Snooping in other peoples files
Using a computer to steal
Using a computer to bear false witness
Copying or using proprietary software without paying for it
Using other peoples computer resources without authorization or
compensation
Appropriating other peoples intellectual output
The guidelines recommend the following:
Thinking about social consequence of programs you write and systems you
design
Using a computer in ways that show consideration and respect for others.

As a computer user, you should review the ethical guidelines published by your
school, place of employment or professional organization

9.2 computer crime p.365

Computer crime is defines as the act of using a computer to commit an illegal act.
The definition of computer crime can include the following:
Targeting a computer while committing an offense
E.g. someone gains unauthorized entry to a computer system in order to
cause damage to the computer system or to the data it contains
Using a computer to commit an offense
Computer users may steal credit card numbers from Web site or a
companys database, skim money from bank account or make
unauthorized electronic fund transfers from financial institutions
Using computers to support a criminal activity
Computers are not actually targeted. E.g. drug dealers and other
professional criminals may use computers to store record of their illegal
transactions.

Computer security institute (CSI) is record the number of computer crime in each
year

The computer access debate

 Ch.9 Information system ethics and computer crime

One side is information industry, communications service providers and hackers who
want to prosecute computer criminals under the law but at the same time not
severely limit or prevent the free exchange of information

Opposing side are privacy advocates, govt agencies, law enforcement officials and
businesses that depend on the data stored in computers who takes a much stricter
position, advocating the free exchange of information only among those with
authorization for access.

Unauthorized computer access

A person who gains unauthorized access to a computer system has committed a
computer crime.
Unauthorized access the person who has gains entry to a computer system
without authority to use such access.
e.g. employees steal time on company computer to do personal business
e.g. intruders break into govt web site and change the information displayed
e.g. thieves steal credit card numbers and social security numbers from
electronic databases, then use the stolen information to charge thousands of
solar in merchandise to victims

Computer forensics p.367

It is the use of formal investigative techniques to evaluate digital information for
judicial review
Computer forensics experts evaluate various types of storage devices to find
traces of illegal activity or to gain evidence in related but noncomputer crimes.
Organizations and governments use honeypots to gather intelligence to improve
their defenses or to catch cyber-criminals.
Honeypot is a computer, data, network site that is designed to be enticing
to crackers , so as to detect, deflect or counteract , illegal activity.
e.g. FBI operated a cybercrime clearinghouse called DarkMarket where
unsuspecting hackers, credit card swindlers and identity thieves bought and sold
products and information. Like stolen person data. However, DarkMarket was
shut down because it has become known to the criminals.
Although computer forensics experts are really skilled in investigating prior and
ongoing computer crime, computer criminals are also experts which make
forensics process extremely difficult in some case.
e.g. booby-trap programs running on computer to destroy evidences
however, using special software, computer forensics experts can restore data
 Ch.9 Information system ethics and computer crime

that has been deleted

so, computer forensics will continue to evolve (design, develop) as criminal
use more sophisticated computer-based methods for committing and aiding
criminal activities.

Hacking and cracking

Hackers individuals who are knowledgeable enough to gain access to computer
system without authorization. They are only motive by curiosity and not by a desire
to do harm
Crackers those who break into computer system with the intention of doing
damage or committing a crime.
Some computer criminal attempt to break into systems or deface web site to
promote political or ideological goals, these Web vandals is called
hacktivists.

Types of computer criminals and crimes p.268

Some involve the use of a computer to steal money or other assets or to perpetrate
(operate) a deception (lie) for money
Some other computer crime involve stealing or altering information.
Some other like stalking of minor by sexual predators through newsgroups
and chat room

Who commits computer crimes?

Categorize computer criminals , these group are listed, from those who commit most
infractions to those who commit the fewest infractions
1. current or former employees who are in a position to steal or otherwise do
damage to employers
2. people with technical knowledge who commit business or information sabotage
(destroy) for personal gain
3. career criminals who use computers to assist in crimes
4. outside crackers simply snooping or hoping to find information of value

Software piracy p.369

Software developers want you to many as many as
Commercial software vendor do not want you to buy one copy
Software piracy is vendors buy one copy of a software application and then make
many copies to distribute to employees. It is illegal.
Buying commercial software, it is legal for you to make one backup copy for your
 Ch.9 Information system ethics and computer crime

own use. And it is legal to offer shareware or public domain software for free through
bulletin boards and other web site.
But warez (slang term for such stolen software) peddling offering stolen
proprietary software for free over the internet is a crime.
Patents and copyrights are giving the creator exclusive rights to benefit from the
creation for a limited period of time.
Patents process, machine, material inventions e.g. Amazon.com one-click
buying
Copyright refer to creation of the mid such as music, software, literature
Software piracy has become a problem. It costs the commercial software industry
and the entire economy billion of dollars a year.
The crime is difficult to trace but many individuals and companies have been
successfully prosecuted for pirating software by trying to the users to enter license
keys or verifying the key before allowing the customer to register or update the
software.

Computer viruses and other destructive code p.373

Malware (Malicious software) e.g. viruses, worms and Trojan horses continues to
impact the economic in the world, costing organizations more than 13 billion in 2006

Viruses
destructive programs that disrupt the normal functioning of computer system,
different from worms and Trojan because viruses can reproduce themselves
viruses not always tend to be harmless (pranks) but often damage to a
computer system by erasing (deleting) files on the hard drive or by slowing
computer processing
viruses spreads rapidly through e-mail or file downloads.
Viruses is the most virulent forms of computer infection

Worm
It usually does not destroy file but like virus, it is designed to copy and send
itself, spreading rapidly throughout networked computers.

Trojan horse
Unlike a virus, it does not copy itself
Like a virus it can do much damage
The computer appears to function normally but in fact it is performing
underlying functions dictated by the intrusive code.
 Ch.9 Information system ethics and computer crime

Logic bombs or time bombs

They dont reproduce themselves
They are designed to operate without disrupting normal computer function
Time bombs are set off by specific dates, e.g. birthday of a famous person
Logic bombs are set off by certain types of operations e.g. entering a specific
pw or adding or deleting names and other information to and from certain
computer files.

The rise of botnets and the cyberattack supply chain P.374

Botnets have become the method of operation for professional cybercriminals

Internet hoaxes
It is a false msg circulated online about new viruses.
e.g. e-mail msg told recipients to look for a certain file and delete it, then inform
everyone in their address books of the virus. The msg was a hoax.

Cyber harassment, stalking and bullying

Cyber harassment
Is a crime, it refers to the use of a computer to communicate obscene , vulgar
or threatening content that cause a reasonable person to endure
distress. It is a single offensive msg.

Cyber stalking
Repeated contacts with a victim, it can take many forms,
making false accusations that damage the reputation of the victim
on web site, chat room, blog. (e.g. eBay)
gaining information on a victim by monitoring online activities, accessing
databases
encouraging other to harass a victim by posting personal information about the
victim on Web site or in chat room
attacking data and equipment of the victim by sending e-mail viruses and other
destructive code
using the internet to place false orders for g/s such as magazine, pornography
and other embarrassing items
it is really hard to catch cyber stalkers because they can take many forms and can go
undetected by the victim.
 Ch.9 Information system ethics and computer crime

Cyber bullying
It is to deliberately (have plan) cause emotional distress in the victim

These three are targeted at a particular person or group as a means of revenge or

hated.

However, Online predators

It target vulnerable (easy to harm, weakness) people, usually young or old, for sexual
of financial purposes.
To combat (against) there online predators( person),
Parents much educate their child not to share personal information
Use monitoring software to track online activity

9.3 cyberwar and cyberterrorism

Experts believe that cyberwar and cyberterrorism are imminent will happen soon)
threats to technologically advanced countries

Cyberwar p.376
It refer to an organized attempt by a countrys military to disrupt or destroy
the information and communication systems of another country.
NATO alliance is the most technologically sophisticated war machine in the world and
also the most dependent on its networking and computing infrastructure and it is
also the most vulnerable (easy to harm) to a cyberwar attack.

Cyberwar vulnerabilities
Cyberwar use a diverse range of technologies including software, hardware and
networking technologies to gain an information advantage over an opponent .
These technologies will be used to electronically blind, jam, deceive, overload and
intrude into an enemys computing and networking capabilities in order to diminish
various capabilities, including the following,
Command and control systems
Intelligence collection and distribution systems
Information processing and distribution systems
Tactical communication systems and methods
Troop and weapon positioning system
Friend-or-foe identification systems
Smart weapons systems
Cyberwar strategy is to control the content and distribute of propaganda and
 Ch.9 Information system ethics and computer crime

information to an opponents civilians, troops and government.

Web vandalism can occur by simply defacing Web site
Espionage stealing of secrets or modifying information can occur id data and
systems are not adequately protected and secure.

Cyberterrorism
Unlike cyberwar, it is launched not by govt but by individuals and organized groups
It is the use of computer and networking technologies against persons or property to
intimidate of coerce govt, civilians or any society in order to attain (reach)
political, religious, ideological goals.
What kind of attack are considered cyberterrorism
It could involve physical destruction of computer systems or acts that destroy
economic stability or infrastructure.
It could likely damage the machines that control traffic lights, power plants, dams or
airline traffic in order to create fear and panic.

The disadvantage to use cyberterrorism as a weapon, it include,

Computer systems and networks are complex, so cyberattacks are difficult to
control and may not achieve the desired destruction as effectively as physical
weapons.
Computer systems and networks change and security measures improve, so it
require an increasing level of knowledge and expertise on the part of intruders
for cyberattacks to be effective (older method no longer work as need to
continuously study and hone their skill)
Cyberattacks rarely cause physical harm to victims, therefore there is less drama
and emotional appeal for perpetrators than using conventional weapons

Globalization of terrorism
The threat of cyberterrorism will continue to increase,
Govt must improve their intelligence-gathering capabilities so that potential attacks
are thwarted before they begin.
Industry must give incentives to secure their information resources so that losses and
disruptions in operation are minimized
International law and treaties must rapidly evolve (develop) to reflect the realities of
cyberterrorism, where attacks can be launched from anywhere in the world to
anywhere in the world.