An Introduction to the Im Profession and Ethics Paper

De La Salle University Manila An Introduction to the IM Profession and ethical motive Paper Presented to The Faculty of the College of Computer Studies De La University Manila In Partial Fulfillment Of the Requirements for the Degree of bachelor of Science of Information Systems By Changcoco, Amos Dimla, Ysabel Nicole Ramchand, Pavan Tanchuling, Bianca Denise Tibayan, Jan Michael 1. 0 COMPUTER AND INTERNET CRIME 1. 1 Types of Exploits 1. 1. 1Virus It is a malicious code that is attached to a charge or executable mastergram that brush off jade green the files of the victims ready reckoner and reformat, delete or modify the files.The electronic figurer data processor virus is executed only when the file that watchs the virus is opened or if the program with the virus is executed as well. It leaves infections as it travels from one computer to an some otherwise. The spread of the virus relies on the workrs whenever wasting diseasers would do removable media devices, down load or through e-mails. An example of a computer virus would be the Pikachu virus which was the depression computer virus directed to children. It was said that the virus started on June 28, 2000 from Asia or the Pacific Ocean region.The virus was an email titled, Pikachu Pokemon with the message, Pikachu is your friend. The email contained the image of the cartoon char numeraler, Pikachu from the TV series Pokemon, with the message, Between millions of people around the world I found you. Dont give to reappendage this day e real magazine MY FRIEND. The Pikachu virus infected only a few companies in the United States through Microsoft Outlook email attachments or through Microsofts meshing Explorer browser.The tenableness why only a few companies were harmed and why the virus was non as viral is that the virus was not coded properly and would ask the user if the virus can delete the files in the user. 1. 1. 2Worm A twine is a malicious code that is utilize for bringing dow n the computer scheme. A worm does not infect files, however, it monopolies the computers CPU and operating governing body and is capable of deleting information and programs. It infects a computer by finding vulnerability in an application or operating carcass. A worm is self-replicating and uses a network to replicate itself to other computer.It does not rely on human inter bring through for public exposure to other computers. An example would be the Morris Worm or overly known as the ample Worm. Created by a Cornell University student named Robert Tappan Morris in the year 1968, the Morris Worm consisted of 99 lines of code. Robert Morris wanted to know how big the Internet was and wanton the worm to find the answer. It is noted that the creator did not know malicious intent in making this worm however, the worm infected immense amounts of stability problems that made m both frames unusable.The damage was to each oneplace 6,000 infected UNIX machines which cost betw een $10,000,000 and $100,000,000. This example is an ethical dilemma because the creator did not have evil intentions in making the worm precisely did have bad effects on approximately people in America. This dilemma would be ethical base on the psychological egoism guess because Robert Morris acted on his self-loving motive whether he should or not, which made him moral. found on the hedonism theory, it was ethical of Morris because he was only doing his calling with unwrap knowing that his deeds would bring upon negative effects. 1. 1. 3Trojan HorseNamed after the Trojan clam from Troy which was used to infiltrate the oppositions territory through a disguise, the Trojan horse is disguised as something else ( much(prenominal) as a program or file) but is very a malicious code or may contain malicious code. Similar to viruses, a Trojan horse is executed when the file with the virus is opened or the program with the malicious code is executed excessively. A Trojan horse c an do from motiveless damages such as changing the desktop and the kindred, to threatening damage, such as deleting files, stealing info, or activating and spreading other malwargon, to the victims softw ar.Trojan horses are also used to create a back door in the operating system so that the machine politicians can adit the system. However, the Trojan horse cannot duplicate itself nor it can self-replicate. It would need the user to spread to other computers. An example of a Trojan horse would be from the pirated interpretation of Apples suite of software, iWork. iServices was the Trojan horse part of the pirated version of iWork, which would call for the hack writerers that the Mac is infected and the hacker has access to the system.This is an ethical dilemma because the people who buy pirated software such as the iWork do not know that there is a Trojan horse in the software. It was wrong of the sellers to place a Trojan horse in the software without the consent of their customers because deontology theory verbalizes that it was not the job of the vendors to hack into the systems of their customers in the first place. Another causal agent why it was unethical because of the theory of altruism because the affaire of others was not thought somewhat since many people will suffer delinquent to the actions of the vendors.This is another reason why it is unethical, because of the usefulism, which is consequences-based. Lastly, the social contract theory states that the actions of the vendors were unethical because it is against the law to hack and infiltrate private property. system of logic bomb is a type of Trojan horse that is inductioned only by a series of detail even sots such as a specific sequence of keystrokes or a change in a file. 1. 1. 4Botnets A botnet is a network of infected computers that are controlled by bots.Named after the word robot, a bot is a type of malware that allows an round outer to take control of an affected comput er. Criminal can take over the controlled computer such as sending out spam, spread viruses, attack computer and can even cause crime and fraud, without the owner knowing it. Bots are also called computer zombie because the computer has no control over its actions since hackers are in charge of its actions. 1. 1. 5Distributed Denial-Of-Service Attacks (DDoS Attacks) A Distributed Denial-of-Service Attack is when a malicious hacker controls computers through the Internet.It is an attempt in preventing the computer owner to use network re root system or machine. It is undisturbed of one or more people trying to disenable a certain host from cosmos connected to the Internet. 1. 1. 6Rootkits The name rootkit comes from the two words root, which pertains to the point it attacks, which would be the administrator or the source or the root, and kit because of the set of programs. A rootkit is a set of programs that enables its user to gain administrator aim access to a computer without t he users consent or knowledge.The owner of the rootkit is capable of instruction execution files and changing system configurations on the tar pose machine, as well as accessing log files or observe activity to covertly spy on the users computer usage. It is hard to detect if a computer system has a rootkit malware. 1. 1. 7 email E-mail spam is when e-mail systems send unsolicited e-mail to large numbers of people. Spam mostly comes rancid as cheap advertisements of strange products such as pornography, get-rich-quick schemes and the like. Spam can also be used to deliver harmful worms or other malware. . 1. 8Phishing Phishing is an attempt to steal soulfulnessal identity data by tricking users into entering information on a counterfeit Web site. 1. 2Types of Perpetrators 1. 2. 1Hackers and Crackers Hackers are people who test the limits of the system, find the holes, and check which data they could access. The knowledge that they get is actually obtainable in various media, us ually the internet. They are not usually considered bad but due to many of them who used such knowledge to cause harm to systems, the term became negative.A more appropriate term for these kinds of people is actually called crackers. 1. 2. 2 Malicious Insiders Malicious insiders are people who obtain crackings, services, or property through invocation or trickery, also known as fraud. In other words they lie to gain. 1. 2. 3 industrial Spies Industrial spies are people who illegally obtain information from competitors for the benefit of their sponsor. The act is called industrial espionage and the antonym which is to obtain information legally is called competitive intelligence.In 1993, Opel accused the rival Volkswagen of industrial espionage after the formers chief of production and seven executives carryd to the latter attach to due to missing documents. (Julian, 2011) 1. 2. 4 Cybercriminals These perpetrators hack to the companys system and will do anything with the informa tion just to gain money. ane of the most famous hackers of the world is Albert Gonzalez, who used hacking to steal and resell millions of card and ATM numbers in a span of three years. He did this by attacking many systems which would eventually give him the information need to steal the card numbers. Verini, 2010) Albert Gonzalez is in ethical dilemma because he used his skills to steal the information for money. Based on the deontological theory, its unethical because it is not the duty of hackers to steal information. Based on hedonism infra the utilitarian theory, it is ethical because he found pleasure from the act. Social contract theory, however, makes this act unethical, and so does virtue theory. 1. 2. 5 Hacktivists and Cyberterrorists Hacktivists, combining the words hacking and activist, are people who hack to promote political ideology.Cyberterrorists attack to get the attention of the government as part of their political objectives. Anonymous is one of the most famo us hacktivist groups due to their appearance on various media in which members appear wearing the Guy Fawkes mask. Their advocacy is to oppose the Internet censoring and surveillance, government corruption and homophobia. This is why they attacked several(prenominal) government sites. (Katich, 2013) The ethical dilemma the group faces is that they use hacking skills to infiltrate the systems nevertheless they belong to the side of the people as their objective is to make the government arrest their voice.This is ethical based on deontology because it is their duty to make the government listen to them their voice. This is also ethical based on the altruistic approach as more will benefit from their act. However, social contract theory states that it is unethical since this act has vio later(a)d the law. 1. 3Laws for Prosecuting Computer Attacks 1. 3. 1Electronic Commerce get along of 2000 (RA 8792) 1. 3. 1. 1E-Commerce in Society The process of purchase and selling goods electr onically by consumers and from company to company through computerized business deeds.This act has the purpose of nurture those who pursue business in electronic means through multiple communication networks through the Internet. 1. 3. 1. 2 Elements in the Law Electronic data messages these are generally the information that is in every transaction of the business. Electronic document these are the type of information specified with text, symbols, or other modes of written pattern yet similar in nature with the electronic data messages. Electronic Signature these are any distinctive marks that approve a transaction which are done by a psyche or an entity using electronic means. . 3. 1. 3Relation to other Laws Such laws that are affected with this are the Intellectual situation Rights, Copy in force(p)s Protection. These laws give nourishion to the parties involved in any business activities through electronic means. Fraud is also related as the government can charge you whe n you make accept payment illegally by disguising your site as a re reasonable option for payment. 1. 3. 1. 4 CASE in E-Commerce Censorship is very an essential tool to distinguish the moralities of websites and the cooperation of companies to acknowledge said moralities.In China, Googles operations created a storm of criticism when the company agreed to comply with the governments wishes and censor pro-democracy and other websites. In 2010, Google relocated its Chinese operations to Hong Kong, putting it outdoor(a) Chinas censorship regime. Supporters of the finish say Google shouldnt cooperate with Chinas repressive policies, while critics say Googles withdrawal cut off millions of Chinese citizens from the companys services and weakens its presence in one of the worlds largest markets. This case has very evident ethical issues including the move of Google to relocate its operations to Hong Kong.This made the jurisdiction of Chinas censorship policy not approachable so that the y can use their assets more freely. These however made the citizens of China that is inside the jurisdiction of the censorship policy long for their beneficial search engine. If seen in Googles benefits this is a rather good trade in for them to maximize the use of their services in a commercial area such as Hong Kong yet they couldve served the citizens so they can keep up their reputation of improving life in the world and be consistent of the famous line Dont be evil.I generally disagree with their decision to relocate as they couldve followed the updated utilitarianism and give their services to those who would need them the most. Still they acted the ethical egoism to censor pro democracy sites which are morally good to their perspective. 1. 3. 1. 5Another Example Including Google Google gathers incredible amounts of data on people who use its search engine. As of 2011, the companys website states that although it stores records of your searches as a tool to improve corporate power, it renders them anonymous after nightclub months and deletes cookies used to track visitors after two years.Governments could use Googles information to investigate singulars visiting particular websites, however, and Google Earths vulnerability collection also has raised privacy questions In 2008, a couple sued on the grounds the online photos of their nursing home violated their privacy, but a judge threw out the sheath the next year. This case is provides insight to how Google can be of every use to our society as they can help the government catch fugitives, suspects and criminals with their records of the searches of the every person using their search engines yet this leaves them to violate certain privacy issues when they abuse that kind of power.The lawsuit of the couple may be dismissed by a judge but their lawsuit are supported by ethical theories namely the uprights based theories which states that there are social contracts that should be hold and that in cludes their right for privacy. They may be legal to store records such as the photo from their Google Earth but they should have to limit their power to exercise their duty as they are also supported by the duty based theories due to their daily or continual task of improving corporate efficiency as well as giving us access to unlimited knowledge. 1. 3. 2 Cybercrime Prevention Act of 2012 (RA 10175) 1. . 3. 1 Preliminary Provisions 1. 3. 3. 2. 1. 1 Brief History of RA 10175 Cybercrime Prevention Act of 2012 or also known as Republic Act No. 10175 was approved on September 12, 2012. This is first law in the Philippines which specifically criminalizes computer-related crimes. The Cybercrime Prevention Act in its current form is the product of family Bill No. 5808, authored by Representative Susan Tap-Sulit of the second district of Tarlac and 36 other co-authors. The final version of the Act was later signed into law by President Benigno Aquino III on September 12, 2012. 1. 3. 2. 1 . 1 Declaration of PolicyThe main objective of this Act is to protect the people from cybercrimes and also from the harmful effects associated with it. The state also aims to recognize the vital roles of information and communications industries in the country. The state also recognizes the need to protect and safeguard the citizens of the state, and also to protect the integrity of computers and its users. The state also wants to recognize the importance of providing an environment contributory to the development acceleration, and rational application and exploitation of information and communications technology. . 3. 3. 2. 1 frequent Provisions 1. 3. 3. 2. 2. 2. 1 Punishable Acts In this Act, there are 10 punishable acts indicated in the bill, and those punishable acts each have penalties that are associated. In the next sentences, the punishable acts will be discussed briefly. Offenses against the confidentiality, integrity, and availability of computer data and systems A. ini quitous Access accessing a computer or a part of a computer without any right B.Illegal Interception the interception made by the use of any technical device without any right of non-public transmission of datum to or from any computer system including electromagnetic emissions from a computer system carrying such data C. Data Interference the intentional or any reckless alteration, damaging, cutting or deterioration of computer data, electronic document, or electronic data message, without any right including the transmission or transferring viruses into a system. One example is the ILOVEYOU message transmitted through electronic mail way back in the year 2000.D. System Interference the intentional or any reckless hindering or interference with a functioning computer system, or a computer network by inputting, transmitting, damaging, deleting, deteriorating, altering, or supressing computer data or computer program without any right or authority in doing so. E. Misuse of Devi ces the use of any material without any right of it. Acts like producing, manufacturing, selling, and distribution. F. Cyber-squatting the simplest way is identity theft, using another individuals identity to gain profit or scam other people in the internet.G. Computer-related counterfeit the illegal use of a computer into copying ones work, and gaining illegal access to a computer to copy the content of a system or database. H. Computer-related Fraud the unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system. I. Computer-related Identity Theft the intentional acquisition, use, transfer, or possession of any severaliseing information belonging to another person, whether natural of juridical. Under these are Cybersex and Child Pornography. J.Libel defined as a public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any acts, omission, condition, status or mount tendin g to discredit or cause the dishonour or contempt of a natural or juridical person committed through a computer system or any other similar means which may be devised in the future. The above stated are the punishable acts by the law enforced and written in the bill, and these acts have corresponding penalties if have been proven to the court. The penalties include poundage or a fine of at least two hundred thousand pesos (Php. 00,000. 00) up to a maximum amount commensurate to the damage incurred or both. Prison mayor is equivalent to imprisonment from 6 years and one day to twelve years. 1. 3. 3 Ethical/ Moral Dilemmas 1. 3. 4. 2 Situation A 16-year old male named Josh Evans was registered on the broadsheet used for bullying messages to a girl named Megan Mier. Lori Drew, the stimulate of Sarah, a former friend Mier, later admitted creating the MySpace account. She was aided by Sarah and Ashley Grills, an 18-year-old employee of the elder Drew.The senior Drew and several others ran the fake account, with an aim to get information close Megan and use that information against her and also for her to be humiliated. This caused spreading gossips about Megan, and thus creating a traumatic experience not only for her but also to her family. 1. 3. 4. 3 Analysing using the Four Major Ethical Theories A. Duty-based Theory According to the Duty-based theory, an act is considered ethical if it has good intentions. presumptuousness the situation, I can clearly state that it is not an ethical thing to do. Creating or spreading fictitious rumours is not even close to be called as a good intention.Also, gathering information about a certain person is not ethical if it will be used against or be held against to a person. Using the Duty-Based Theory, I can clearly state that the situation of gathering information of Megan is not ethical because it does not serve a good intention. B. Utilitarianism According to the Utilitarianism Theory an act is only to be considered e thical if it produces desirable consequences or outcomes. The outcome of the situation stated earlier is that the experience Megan was traumatic not only for herself, but it also affected her family.Just by looking at this outcome, we can say that it is not also considered ethical in this theory, because of the outcomes that the actions of the group had caused not only their target but also the affinity of other people to Megan. C. Social Contract Theory According to the social contract theory an act is considered ethical if the act does not violate any rules or laws according to the Civil Code of the Philippines Persons and Family Relations, under Chapter 2 which is Human Relations the Articles 19, 20 and 21 discusses the different rights a person possesses and how a person should exercise his or her rights.Chapter 2 Article 19 presents the basic principles that are to be observed for the just relationship between human creations and the stability of the social order. Chapter 2 Article 20 presents that you are liable for any damage that you have caused to another person, whether wilfully or negligently. Chapter 2 Article 26 presents that right must never abused, the moment that it is abused, the moment rights are abused they ceased to right. D. Virtue According to the Virtue theory, the action that is considered to be ethical is when the action is came from a good moral principle.Looking to the situation, it is not an ethical thing to do because it does only harm the person involved but also the moral principles of the suspect is to be questioned. 1. 3 Trust honourable Computing 1. 4. 1 Microsofts 4 Pillars of trustworthy Computing The 4 Pillars of trustworthy cypher help identify the key elements in computing especially in an system with numerous employees to manage. counsel is a key to help implement a good and stable system such as how the pillars guide not just Microsoft employees but users alike. 1. 4. . 1 security measure Creation of a trust wort hy environment for a safe computing environment 1. 4. 2. 2 Privacy The protection and confidentiality of design, development and examination in any validation is essential as to be part of the competitive market today. 1. 4. 2. 3 Reliability Working as expected or promised by the developers and their entity 1. 4. 2. 4 Business Integrity beingness responsible and transparent in you duties and expectation as part of a work force that strives to be excellent a mistake is bound to happen.Admitting a mistake is the 1st step to a emergence process of learning new things to come. 1. 4. 2 Risk Assessment It is the process of assessing credential related attempts to an organizations computers and networks from both inhering and external (Reynolds, 2011) A risk assessment is a process to identify potential hazards and analyse what could happen if a hazard occurs. (Federal Emergency Management Agency, 2013) The assessment would assure the IT hostage team that they will be ready when an attack comes because of the determined risk assessment they perform. 1. 4. 1 General Security Risk Assessment Process spirit 1 Identify IT assets and prioritize ones that are of most importance Step 2 Identify the threats/risks that could occur Step 3 Assess the likelihood of threats Step 4 settle the impact of each threat, how large to small is the impact if affected Step 5 Determine how each threat can be prevented/blocked Step 6 Which is the most effective prevention method acting Step 7 Perform cost benefit analysis before taking any action Step 8 Make the decision to implement or not to implement the decided risk prevention found through thorough research and development 1. 4. 3 Establishing a trade protection policyDefines an organizations security requirements, as well as controls and sanctions needed to meet those requirements. (Reynolds, 2011) A good security policy can possibly improve and provide a smooth flow of operations within an organization. NIST (National Instit ute of Standards and Technology) is a non-regulatory federal agency within the US department of commerce. The computer security fragment creates security standards for organizations to implement in their own system. 1. 4. 4 Educating the Employees, Contractor and Part-Time Workers Surveys show that most security problems come from negligence and unawareness of the security policies.Teaching good security practices like not giving out your passwords, making sure you do not meddle in different departments. Knowing the Dos and DONTs of unremarkable computing will help guide any workplace and direct them to the good ways of being a good user. 1. 4. 5 Threat Prevention The key to a threat prevention system are layers of security systems that challenge the perpetrator to hack into the system. Firewall stands guard between an organizations internal network and the internet Intrusion Prevention Systems prevents an attack by blocking viruses, malformed packets and other threats from acq uire into a protect network.Antivirus software should be installed on each users personal computer to scan a computers disk drives and memory on a regular basis for viruses. User accounts that remain fighting(a) after employees leave cause an uncertain threat to the company, IT staff must promptly delete and make sure to wipe out all the privileges of the former employee. The US-CERT (United States Computer Emergency Network Team) and SANS(SysAdmin, Audit, Network,System) Institute regularly update a summary of the most frequent and high impact threats to a computer system specifically viruses and worms. . 4. 6 Security Audit An important prevention tool that evaluates whether an organization has a good security policy and if it is being followed. An example would be a requirement to change passwords every workweek or month with this in place a security for companies are much more protected compared to others without this requirement. Basically to test, check and surveil the s ystems security and look for loop holes and easy targets. 1. 4. 7 Detection The preventive measures made for a computer system is not always enough to protect important data.Intrusion detection system is a software/hardware that monitors system and network resources, notifies a system admin when an intrusion occurs Knowledge based intrusion system contains information about attacks and system vulnerabilities, then trigger an alarm (ex. Repeated login, repeated data events) Behaviour based intrusion system compares users system conduct with an admin created model that detects when a user is not following the required model, this would trigger an alarm. (Example Unusual activity with an account in the HR department accessing the IT departments data. 1. 4. 8 ResponseAn organization should be prepared for the worst, like a system attack that stops all operations and steals data from the company. The top priority during an attack is not to catch the perpetrator but to regain control a nd save what is left. Who needs to be conscious? And who not to notify? Reputation and credibility is at stake in any security breach. A company should document all details of a security breach and be able to review it after to assess and further study. Eradication of the damaged/breached information is essential but before everything a log is required to keep track 1. . 9 Ethical Moral Dilemmas You are a member of a large IT security support group of a large manufacturing company. You have been awakened late at night and informed that someone has defaced your organizations website and also attempted to gain access to computer files containing a new product under development. What are your next steps? How much time would you spend tracking down the hacker? -Deontological 1. 5 References * (1999, 10). Electronic Commerce. StudyMode. com. Retrieved 10, 1999, from http//www. studymode. com/essays/Electronic-Commerce-731. tml * THE ELECTRONIC COMMERCE ACT (R. A. 8792) AN OVERVIEW OF IT? S (INFORMATION TECHNOLOGY) IMPACT ON THE PHILIPPINE LEGAL SYSTEM(2005 006). www. ustlawreview. com/pdf/vol. L/Articles/The_Electronic_Commerce_Act_RA_8792. pdf * What Is the Difference Viruses, Worms, Trojans, and Bots? Cisco Systems. (n. d. ). Cisco Systems, Inc. Retrieved from http//www. cisco. com/web/about/security/intelligence/virus-worm-diffs. html * What Is A Rootkit? (n. d. ). Internet / Network Security Tips, Advice and Tutorials About Internet Security and Network Security.Retrieved from http//netsecurity. about. com/od/frequentlyaskedquestions/f/faq_rootkit. htm * Julian. (2011). 10 Most Notorious Acts of Corporate Espionage. Retrieved from http//www. businesspundit. com/10-most-notorious-acts-of-corporate-espionage/ * Katich, A. (2013). Anonymous (Annie Katich). Retrieved from http//socialactive. wordpress. com/2013/02/25/anonymous-annie-katich/ * Verini, J. (2010). The Great Cyberheist. Retrieved from http//www. nytimes. com/2010/11/14/magazine/14Hacker-t. html/