Masyarakat dan Teknologi Informasi Masa Kini

Sumber: Chapter 9. The Challenges of Digital Age: Society and IT, p.463 Williams, B.K, Stacy C. Sawyer (2007). Using Information Technology: A Practical Introduction to Computers & Communications. Seventh Edition, McGraw-Hill, New York. ISBN-13: 978-007-110768-6

Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :

menjelaskan: bagaimana data digital digunakan utk membodohi orang lain, dan dapat menjelaskan jenis-jenis ancaman pada komputer, dan karakteristik dari lima komponen sekuriti (C2)

Outline Materi

Truth Issues: Manipulating Digital Data Security Issues: Threats Security: Safeguarding Computers & Communications

Truth Issues: Manipulating Digital Data

Digital Images and Sounds can be manipulated
Pro: Creates new forms of art
Morphing software makes one image morph into another http://www.cs.utah.edu/~dejohnso/morph.html Movies such as Crouching Tiger, Hidden Dragon and Harry Potter contain many scenes that could never actually happen Adobe Photoshop allows changes, enhancements to photos Digital technology allows musicians to sing every track of a song and accompany themselves

Con: Has made photographs & recordings untrustworthy

Famous Yalta summit photo edited: Stallone added in!

9-4

Truth Issues: Manipulating Digital Data

Photographs may not be authentic Photographs may be deliberately misleading
1994 Time magazine photo of O.J. Simpson was digitally darkened to make him appear sinister
Could this have biased potential jury members?

Fashion model photos are routinely elongated to make models appear more slender
How many girls become anorexic to try to match those models impossible perfection? http://www.etniesgirl.com/blog/2005/11/30/photoshop -101-even-models-have-flaws http://www.tutorialized.com/tutorial/Basic-ModelRetouching/9547 http://news.bbc.co.uk/1/hi/health/769290.stm
9-5

Truth Issues: Manipulating Digital Data

Techniques to combat digital deception
Prof. William H. Mitchell of M.I.T. wrote the first systematic, critical analysis of the digital revolution Corbis http://pro.corbis.com/ adds a digital watermark to its photos Hany Farid of Dartmouth College devised algorithms to detect changes to uncompressed digital photos Prof. Jessica Fridrich of S.U.N.Y. at Binghamton is researching digital cameras that hide a picture of the photographers iris inside each digital photo

9-6

Truth Issues: Manipulating Digital Data

Limitations of Public databases
You cant get the whole story
Start with a public database, THEN do more research

The data is not necessarily accurate

Cross-check against multiple sources

Each database service has boundaries

Know what those boundaries are

Different keywords bring different results History is limited

These databases often begin with data from 1980 or later

9-7

Security Issues: Threats Errors and accidents Natural hazards Computer crime Computer criminals

Is my computer safe? Im concerned about it. What do I need to do to use it safely for work, home, and school?

9-8

Security Issues: Threats

Errors & Accidents

Human errors
People choose the wrong computer
Too simple or too complex

Human emotions affect performance

People get frustrated

Human perceptions are slower than the equipment

Watch out when you click the OK button! You may have just deleted something important!

9-9

Security Issues: Threats

Errors & Accidents
Procedural errors
When people fail to follow safe procedures, errors can occur

Software errors
Programmers make coding errors Famous example: Utility billing software:
Customer pays early software credits account Customer pays late software credits account, adds late fee in for next bill Programmer forgot to consider customers who pay exactly on time their payments were never credited at all!

9-10

Security Issues: Threats

Errors & Accidents
Electromechanical problems
Mechanical systems wear out Power failures shut down computers unless you have battery backup Using cellphones and Blackberries while driving can cause people to crash

Dirty data problems

Incomplete, updated, or inaccurate data Check your records medical, school, and credit to make sure they are accurate

Natural hazards can lead to disasters

9-11

Security Issues: Threats

Computer Crimes

Two types of computer crime

It can be an illegal act perpetrated against computers or telecommunications It can be the use of computers or telecommunications to accomplish an illegal act

9-12

Security Issues: Threats

Computer Crimes

Theft of hardware Theft of software Theft of online music and videos Theft of time and services Theft of information Internet-related fraud Taking over your PC Crimes of malice Computer criminals
9-13

Security Issues: Threats

Computer Crimes
Theft of hardware can range from
Shoplifting an item from a computer store Stealing an entire PC or laptop

Theft of software
Pirated software is software obtained illegally This includes softlifting - buying one copy of the software and using it on multiple computers Software makers have prosecuted both companies and individuals including students for software piracy
9-14

Security Issues: Threats

Computer Crimes

Theft of online music and movies

Entertainment industry takes this seriously and prosecutes offenders Stealing music
Illegal file swapping services Damages can be up to $150,000 per song

Stealing movies
The film industry has taken aggressive aim at pirated movies 11-nation crackdown announced in 2005
9-15

Security Issues: Threats

Computer Crimes
Theft of time and services
Theft of computer time at work
Surfing or playing games when you should be working Some employees violate policy by conducting personal business online such as online auctions from work Most employers have policies against viewing X-rated web sites at work

Theft of phone services

Phone phreaks use company phone systems to make free unauthorized long distance calls Why break the law, when you can get free long distance over the internet using skype www.skype.com
9-16

Security Issues: Threats

Computer Crimes
Theft of Information
A common crime today Can include theft of personal information, medical information, or credit card and financial information Legislation to make it a crime to steal someones identity was the 1998 Identity Theft and Assumption Deterrence Act The U.S. Department of Justice discusses their approach to this crime at
http://www.usdoj.gov/criminal/fraud/idtheft.html

If you are a victim of identity theft, you may file a report online at the Federal Trade Commissions website at
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
9-17

Security Issues: Threats

Computer Crimes

Internet-related Fraud
Because it lends itself to anonymity, internetrelated fraud is becoming more common Well-known examples include:
Nigerian letter scam
Letter says you can get a lot of money out of Nigeria if you pay a money transfer fee first

Evil twin attacks

A cracker sets up an attack computer as a duplicate public access point in a public location

Phishing
Sending emails that appear to come from a trusted source that links you to a website where you type in personal information that is intercepted by the phisher
9-18

Security Issues: Threats

Computer Crimes
Internet-related Fraud (continued)
Pharming Malicious software is implanted in your computer that directs you to an imposter web page Trojan horses A program such as a free online game or screensaver that loads hidden programs that take over your computer or cause mischief without your knowledge For example, Windows users who install the phony MSN Messenger Version 8 "beta" are actually installing an IM worm that spreads to their IM contacts, and connects their computer to a remote control "bot" network run by malicious hackers
9-19

Security Issues: Threats

Computer Crimes
Crimes of Malice: Crashing entire computer systems
Sometimes criminals are more interested in vandalizing systems than they are in gaining control of them In 2003, an entrepreneur with a grudge because he lost a sale retaliated by shutting down the WeaKnees website Crackers regularly attempt to crash Microsofts website Security specialists monitor for possible cyber-attacks on electrical and nuclear power plants, dams, and air traffic control systems Crackers have attacked the internet too and brought down large sections of it

9-20

Security Issues: Threats

Computer Crimes

Computer criminals may include

Individuals or small groups who
Use fraudulent email and websites Steal peoples identities for monetary gains Show off their power for bragging rights

Employees who
Have a grudge against their current or former employers Have a grudge against another employee Sell their companys secrets for personal profit

Outside partners and company suppliers

9-21

Security Issues: Threats

Computer Crimes
Computer criminals may also include
Corporate spies Enemy foreign intelligence services Organized crime Terrorists

Computer criminals do not include your employer, who is legally allowed to monitor the computers at work
Check your companys computer usage policy Make sure you follow the rules Know that any data you store in the computer at work including emails is company property
9-22

Computers & Communications

Security is
A system of safeguards for protecting information technology against disasters, system failures, and unauthorized access that can result in damage or loss

Security: Safeguarding

Computer Securitys Five Components

Deterrence of computer crime Identification and access Encryption Protection of software and data Disaster recovery plans

9-23

Computers & Communications

Deterrents to computer crime
Enforcing laws CERT: The Computer Emergency Response Team Provides round-the-clock information on international computer security threats The CERT website is www.cert.org For example, on December 15, 2005 announced a partnership between the US and ictQatar, the Qatar Supreme Council for Information and Communications Technology, to conduct and coordinate cybersecurity activities On December 13, 2005 CERT issued alert SA05347A documenting Windows Explorer vulnerabilities
9-24

Security: Safeguarding

Computers & Communications

More deterrents to computer crimes
Tools to fight fraudulent and unauthorized online uses Rule-based detection software Predictive-statistical-model software Employee internet management software Internet filtering software Electronic surveillance Verify legitimate right of access Use cards, keys, signatures, and badges Use PINs and passwords Use physical traits and personal identification
9-25

Security: Safeguarding

Computers & Communications

Encryption The process of altering readable data into unreadable form to prevent unauthorized access Advantage: encrypting data that is available over the internet keeps thieves and crackers from reading it
On Dec. 7, 2005, Guidance Software, a maker of Computer Forensics software, informed their customers that criminals had stolen their credit cards because Guidance had FAILED to encrypt a database that was accessible over the internet

Security: Safeguarding

Disadvantage: encrypting data may prevent lawenforcement officials from reading the data criminals are sending to each other
Discussion Question: Does information privacy outweigh law enforcements needs to track down and prosecute criminals? Should we all encrypt our information to prevent crackers and criminals from stealing it?
9-26

Computers & Communications

Security: Safeguarding

4 ways to protect software & data

Educate employees in backing up data, virus protection, and not sharing passwords Control of access to restrict usage Audit controls to document who used what programs and computers and when People controls include screening applicants, background checks, monitoring internet, email, and computer usage
9-27

Computers & Communications

Disaster-recovery plans
A method of restoring information-processing operations that have been halted by destruction or accident
Reinforced by 2001 World Trade Center attack Reinforced by company data losses incurred during 2005 Hurricane Katrina

Security: Safeguarding

Plans range in price and complexity from

Backing up data from disk to tape, CD, or zip disk, with a UPS Automatically storing data redundantly in two places, with a generator Having an off-site computerized data storage center with independent power supply Having a complete hot redundant data center that can instantly be used if there is a disaster
More $$$
9-28

Kesimpulan

29