FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Modules Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam Email: vijayan@intimal.edu.my Phone Ext: 2335 Summary of Coursework Breakdown: (as stated in course structure) No Description of coursework Learning Outcomes covered Room: A3-F02

Marks allocated

1 2

Assignment 1 Assignment 2

L01, L02, L04 L01, L02, L03, L05, L06

30% 30% 60% 40% 100%

CONTRIBUTION OF THE COURSEWORK TO THE COURSE FINAL EXAM TOTAL Penalty for late submission: 1 day minus 20% of total mark awarded 2 days minus 50% of total mark awarded 3 days 0 mark for this piece of coursework

Coursework Specifications

Page 1

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Coursework #2

Modules Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam ICT2209 COMPUTER ETHICS Coursework Type Percentage Hand-out Date Due Date Students Declaration: Individual Assignment 2 30% out of 100% Week 4 Week 7 Room: A3-F02

I declare that: I understand what is meant by plagiarism This assignment is all my own work and I have acknowledged any use of the published or unpublished works of other people. I hold a copy of this assignment which I can produce if the original is lost or damaged [Name/ID] _______________________________________ [Date] _____________________

[Signature] _______________________

Learning Outcomes Assessed: LO1 LO2 LO3 LO5 LO6

Discuss the computer revolution and highlight the problems of global ethics Explain the computer security and human values Discuss the privacy issues relate it to the Information Age.

Discuss the propriety rights in computer software Apply the ethics in software development project Total Marks
10 20 20 25 25

Assessment Criteria
1. 2. 3. 4. 5. Introduction. Background study. Report format and structure. Specification and Discussion of the Requirements. The overall presentation skills.

Given Marks

100 Penalty

Coursework Specifications

Page 2

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Final Mark (30%) Lecturers Comments

Penalty for late submission: 1 day minus 20% of total mark awarded 2 days minus 50% of total mark awarded 3 days 0 mark for this piece of coursework

Description of Coursework #2:

Student to do research on topic related to computer ethics and produce report of their research. Students are also required to conduct presentation on the topic. Proposed topics: 1. Issues in computer privacy 2. Computer security 3. Intellectual Property 4. Any other suitable topic

The following guidelines must be adhered: 1. The contents of the report must have a cover page, contents page, and body of information, conclusion, and list of references. 2. The report should have 15-20 pages. 3. Font size: 12; Font type: Times New Roman; Spacing: 1.5

End of Coursework #2

Coursework Specifications

Page 3

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

TABLE OF CONTENTS No. 1. 2. 3. 4. Descriptions Introduction Background study Contents Hacking 3.1. Hackers Attitude Identity Theft 4.1. Phishing 4.2. Pharming Prevention Tips Conclusion References Plagiarism Detect Page Page No. 5 6 8 8 11 12 14 16 20 21 22

5. 6. 7. 8.

Coursework Specifications

Page 4

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

1. Introduction
Nowadays there are so many computer crimes all over the world. My research tells about computer security. So it will cover about some stealing techniques that the criminal use to steal our confidential information and how to protect our personal information. Computer security is a branch of technology known as information security and usually applied to computers and networks. The objectives of computer security consist of protection of information and property from theft, corruption, and natural disaster, while allowing the information and property to remain accessible and productive to its users needs. The terms computer system security, means the whole processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

Coursework Specifications

Page 5

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

2. Background study
The term computer security is often used, but the content of a computer is vulnerable to few risks even less the computer is connected to other computers on a network and as the use of computer networks, especially the Internet, the concept of computer security has expanded to denote issues refering to the networked use of computers and their resources. The most important areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. 1. Confidentiality means that information cannot be access by unauthorized parties and is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. 2. Integrity means that information is protected against changes without permission that are not detectable to authorized users and many incidents of hacking expose the integrity of databases and other resources. 3. Authentication means that users are who they claim to be and availability means that resources are accessible by authorized parties; "denial of service are attacks against availability which are sometimes the topic of national news. Other important concerns of computer security professionals are maintain access control and nonrepudiation. Maintaining access control means not only that users can access only those resources and services to which they are entitled, but also that they are not refused resources that they legitimately can expect to access. Nonrepudiation implies that a person who sends a message cannot refuse that he sent it and, on the other hand, that a person who has received a message cannot refused to receive it. In addition to these technical aspects, the forming of concepts reach of computer security is extensive and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is

Coursework Specifications

Page 6

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

referred with topics such as computer crime, the prevention, and detection, remediation of attacks, and identity and anonymity in cyberspace. While confidentiality, integrity, and authenticity are the most important aspects of a computer security, privacy is perhaps the most important concern of computer security for everyday Internet users. Although users may feel that they have nothing to hide when they are registering and filling a form with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem valuable. Because of the ease, the information in electronic format can be shared among third parties. Because small pieces of related information from different sources can be easily linked together to form a unit of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.

Coursework Specifications

Page 7

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

3. Hacking
Hacking is an action that breaks into computers, usually by gaining illegal or unauthorized access to administrative controls. Nowadays the subculture has evolved around hackers is often related to as the computer underground. Many people claim that the hackers are motivated by artistic and political ends, and are unconcerned about the use of illegal means to archive them. Other uses of the word hacker not only related to computer security, but also rarely used by the mainstream media. Some would say that the people that are now considered hackers are not hackers, as before the media explained the person who breaks into the computer security as a hacker there was a hacker community. This community was a community that people had a great interest in computer programming, and they often create and distribute open source software. Nowadays these people in the community refer to the cyber-criminal hackers as crackers. 3.1. Hackers Attitude Several groups of computer underground have different attitudes and aims use different ways to separate distinctly themselves from each other, or try excluding some specific group. The members of the computer underground should be called crackers. They usually reserve cracker refer to the black hat hacker or more generally hackers with unlawful intentions. There are 5 types of hackers that consist of white hat hacker, grey hat hacker, black hat hacker, script kiddie and hacktivist. 1. White hat hackers White hat hackers are known as ethical hackers. They are computer security experts, who have specialization in penetration testing and other testing methodologies. These computer professionals are employed by companies to ensure that a companys information systems are secure and they may utilize variety kinds of methods to carry out their tests, including social engineering

Coursework Specifications

Page 8

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas. 2. Grey Hat Hackers Grey hat hacker refers to a skilled hacker who sometimes acts illegally or without authorized permission, sometimes do good things, and sometimes not. They are a group of people between white and black hat hackers. They never hack for personal gain or have malicious purposes, but may or may not occasionally do crimes when the courses of their technological exploits. 3. Black Hat Hackers A black hat hacker is refers to a hacker who breaks into networks or computers illegally or creates computer viruses. Black hat hackers are also called crackers. They are hackers who have specialization in unauthorized penetration and use computers to attack computer systems for profit, for fun, or for political purposes or as a part of social cause. The penetration usually involves modification or destruction of data, and is done without authorization. These crackers may distribute computer viruses, internet worms, and deliver spam through the use of botnets. The way may also refer to hackers who crack software to remove protection methods such as copy prevention, trial/demo version, serial number, hardware key, data checks, CD check, or software annoyances like nag screens and adware. 4. Script kiddie In hacker culture, a script kiddie is sometimes call script bunny, is a term used to describe those who use scripts or program developed by other people to attack computer systems or networks. It is commonly assumed that script kiddies are juveniles who lack of programming ability to write complicated hacking programs or exploits on their own, and their objective is to try impressing their friends or getting credit in computer-enthusiast communities.

Coursework Specifications

Page 9

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

5. Hacktivism or Political Hacking Hacktivism (combination of hack and activism) is the nonviolent use of illegal or legal ambiguous digital tools to hack in pursuit of political ends. These digital tools include web site defacements, redirect, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. It is understood as the code writing to promote political promoting expressive politics, free speech, human rights, or information ethics. Acts of hacktivism are brought about in the belief that proper use of code will have increased effects the same to regular activism or civil disobedience. Hacktivism is a controversial way. Some argue it was found to describe how electronic direct action might work toward social change by combining programming skills with critical thinking. The others use hacktivism as practically synonymous with malicious and destructive acts that undermine the security of the internet as a technical, economic, and political platform. Fundamentally, the controversy reflects two divergent philosophical strands within the hacktivist movement. Some people think that malicious cyber-attacks are an acceptable form of direct action and the other strand thinks that all protest should be peaceful, refraining from destruction. Hacktivist activities cause many political ideals and issues. Freenet is a principal example of translating political thought (anyone should be able to speak) into code. Hacktivism is an offshoot of Cult of Dead Cow; its beliefs include access to information as a basic human right. The loose network of programmers, artists and radical militants 1984 network liberty alliances more concerned with issues of free speech, surveillance and privacy in an era of increased technological surveillance.

Coursework Specifications

Page 10

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

4. Identity theft
Identity theft is a term used to relate to fraud that involves someone presuming to be someone else in order to steal money or get other benefits. The term is relatively new and is actually like an error in naming, since it is impossible to steal an identity, only to use it. The person whose identity is stolen can suffer various kinds of consequences when he or she is held responsible for the criminals actions. It is a crime to use another persons personal identity for personal gain in many countries. Identity theft is a thing that different from identity fraud. However, the terms are often used get accidentally exchanged. Identity fraud is result of identity theft. Someone can steal or appropriate someone identifying information without actually performing identity fraud. The best example of this is when a data violation occurs. There has been very little evidence to link ID fraud to data violations. A Government Accountability Office study determined that most violations have not resulted in detected incidents of identity theft. However the title of that report is "Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown". A later study by Carnegie Mellon University concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ...around only 2%". More recently, one of the largest data breaches ever, accounting for over four million records, resulted in only about 1800 instances of identity theft, according to the company whose systems were breached. However, synthetic ID theft is not always detectable by the consumers whose information was used, according to an FTC report.

Coursework Specifications

Page 11

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

There are some stealing identity techniques such as phishing and pharming.

4.1. Phishing

Phishing is actually an online con game, and phishers are nothing more than tech-intellect con artists and identity thieves. Phishers use spam, fake Web sites, crimeware and other techniques to trick people into leaking sensitive information, such as bank and credit card account details. Once theyve captured enough victims financial information, they either use the stolen information themselves to deceive the victims, for example by opening up new accounts using the victims information or draining the victims bank accounts or they sell it on the black market as third party for a profit.

How phishing works In many cases, phishers send out a lot of spam email, sometimes up to millions of messages. Each spam email has contents of a message that appears from a famous and trusted company. Usually the message contains the companys name and logo, and it often tries to provoke an emotional response to a false crisis. Email contents are looks like business language and couched in urgent, the email often request for the users personal or financial information. And even sometimes the email provides the recipients to a fake web site. The web site, like the email, appears authentic and in some cases its URL has been covered so the web address looks real. The fake web site insists the visitor to provide confidential information such as social security numbers, account numbers, passwords, etc. Since the email and corresponding Web site look like the real one, the phisher hopes at least a fraction of recipients are fooled into submitting their personal data. While it is impossible to know the actual victim response rates to all phishing attacks, it is commonly believed that about 1 to 10 percent of recipients are tricked with a successful phisher campaign having a response rate around 5 percent.
Coursework Specifications Page 12

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Over 2005, phishers became much more complicated. They began using crime ware in conjunction with their fraud, hostile Web sites by increasing common Web browser vulnerabilities to infect victim machines. This trend means that by simply following the link in a phishing email to a fake Website, the phisher can simply steal our confidential information although we do not fill our information and the Trojan or spyware placed onto your machine would capture all of information the next time you visit the legitimate Web site of your bank or other online service. Throughout the past year, this genre of crime ware has become more targeted or capturing just the information the phisher wants and more silent, using rootkit and other aggressive stealth techniques to remain hidden on an infected system.

Another example of the growing skills of the phishing groups is their use of lacks in Web site design to make their attacks more convincing. For example, a lack in the IRS Web site allowed people to make their bait URLs appear to be the IRS Web site, even though the victim was headed to a different, criminallyowned Web server. This is one of many potential examples of the steadily advancing skills of online fraudsters. Phishing example Symantec operates a group of machines known as honey potsa network of intentionally vulnerable systems that are used to capture and study real-world attacks. This information is in turn used for research and refinement of Symantecs products. Symantec recently captured a stereotypical phishing attack in its honey pot network focused on the online auction service eBay. EBay become one of the most phished brands on the internet.

Coursework Specifications

Page 13

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

4.2. Pharming Pharming is another form of online fraud; it is almost similar to its cousin phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perform online scams, but are more difficult than phishing to detect in many ways because they are not reliant upon the victim accepting a bait message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead diverts victims to the bogus Web site if they type the right Web address of their bank or other online service into their Web browser. Pharmers re-direct their victims using one of several methods. The first method the one that earned pharming its name is commonly an old attack called DNS cache poisoning. DNS cache poisoning is an attack on the Internet naming system that allows users to enter in meaningful names for Web sites (e.g. www.mybank.com) rather than to remember series of numbers (e.g. 192.168.1.1). The naming system relies upon DNS servers to handle the conversion of the letter-based Web site names, which are easily recalled by people, into the machine-understandable digits that whisk users to the Web site of their choice. When a pharmer performs a successful DNS cache poisoning attack, they are effectively changing the rules of how traffic flows for an entire section of the Internet! The potential widespread impact of pharmers routing a enormous number of unsuspecting victims to a series of bogus, hostile Web sites is how these fraudsters earned their namesake. The difference between phishers and pharmers is phishers drop a couple lines in the water and wait to see who will take the bait but pharmers are more like cybercriminals harvesting the Internet at a scale larger than anything seen before.

Coursework Specifications

Page 14

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Pharming example One of the first known pharming attacks was happened in early 2005. The pharmer appears to have duped the personnel at an Internet Service Provider into entering the transfer of location from one place to another by taking advantage of a software lack. Once the original address was removed to the new address, the attacker had effectively hijacked the Web site and made the genuine site impossible to reach, complicating the victim company and impacting its business. A pharming attack that took place weeks after this incident had more dangerous consequences. Using a software flaw as their foothold, pharmers changed out hundreds of legitimate domain names for those of hostile, bogus Web sites. There were three waves of attacks, two of which attempted to load spyware and adware onto victim machines and the third that appeared to be an attempt to drive users to a Web site selling pills that are often sold through spam email.

Coursework Specifications

Page 15

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

5. Prevention Tips
Cybercrime prevention can be performed when faced with a little technical advice and common sense, many attacks can be avoided. In general, online criminals are trying to make their money as quickly and simple as possible. If you make their job more difficult, they will leave you alone and move on to an easier target. There are some tips below provide basic information on how you can prevent online fraud.

Keep your computer security current with the latest patches and updates. Make sure your computer is managed securely. Choose strong passwords and keep your information safe. Protect computer with security software. Protect your confidential information. Keep your computer security current with the latest patches and updates. One of the best ways to keep hackers away from your computer is to apply patches and other software fixes when they become available. By evenly updating your computer, you block attackers from being able to take advantage of software lacks (vulnerabilities) that they could otherwise use to go through into your system.

While keeping your computer up-to-date will not protect you at all, it only makes it more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to prevent a less-determined attacker to look for a more vulnerable computer elsewhere.

More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software and taking advantage of "autoupdate" features in your software is a great way to keep yourself safe online.

Coursework Specifications

Page 16

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Make sure your computer is managed securely. Dont think that a newly purchased computer the right level of security for you. Just check it whether it is secure enough and if you are installing your computer at home, pay attention not just to making your new system function, but also focus on making it work securely.

Configuring Internet applications such as your Web browser is one of the most important areas to focus on. For example, settings in your Web browser such as Internet Explorer or Firefox will decide what happens when you visit certain Web sites on the Internet. The strongest security settings will give you the most control over what happens online but may also disturbing some people with a large number of questions when they are searching some things ("This may not be safe, are you sure you want do this?") or the inability to do what they want to do.

Choosing the level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be simply configured without any sort of special expert skill by simply using the "Help" feature of your software or reading the vendor's Web site and if you are uncomfortable configuring it yourself call someone that experts in computer that you know and trust for assistance or contact the vendor directly. Choose strong passwords and keep your information safe. Passwords are a fact of life on the Internet today and we use them for everything such as online banking and logging into our favorite airline Web site to see how many miles we have collected. There are some tips can help make your online experiences secure: 1. Choose a password that cannot be easily guessed is the first step to keep passwords secure and away from the other people. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g. # $ %!?). Avoid using the following as your password such as your login name,
Coursework Specifications Page 17

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

anything based on your personal information such as your last name, your birthday and words that can be found in the dictionary. Try to select especially strong and unique passwords for protecting important activities like online banking. 2. Keep your passwords in a safe place and do not to use the same password for every service you use online. 3. Change passwords regularly, at least every 90 days. This can decrease the damage caused by someone who has already gained your password to access to your account. If you notice something weird with one of your online accounts, one of the best steps you can take is to change your password immediately.

Protect your computer with security software. Several types of security software are necessary for basic online security and security software includes firewall and antivirus programs. A firewall is usually your computer's first line defense. Firewall controls who and what can communicate and have access with your computer online. You could think of a firewall as a sort of "policeman" that controls all the data that flow in and out of your computer on the Internet and allows communications that it knows are safe and blocking bad traffic such as attacks from ever reaching your computer.

The next line defense is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. Most recent versions of antivirus software, such as Norton Antivirus, also protect from spyware and potentially unwanted programs. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe when you are going online. Your antivirus and antispyware software should be set to update itself, and it should update by itself every time you connect to the Internet.

Coursework Specifications

Page 18

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

Organized security suites such as Norton Internet Security combine firewall, antivirus, antispyware with other features such as antispam and parental controls have become very popular as they offer all the security software needed for online protection into one package. Many people find using a security suite an attractive alternative to installing and setting several different types of security software as well as keeping them all up-to-date. Protect your confidential information. Be careful when sharing personal information such as your name, home address, phone number, and email address online and to take advantage of many online services, you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. Since not leaking any personal information is rarely possible, the following list contains some tips for how to share personal information safely when going online: Keep an eye out and be careful for bogus email messages. Things that indicate a message may be deceitful are misspellings, poor grammar, odd phrasings, Web site addresses with strange formats, Web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often insist you that you have to act quickly to keep your account open, update your security, or urge you to provide personal information immediately or else something bad will happen. Don't respond to email messages that ask for confidential information. Real companies will not use email messages to ask for your personal information. When in hesitant, contact the certain company by phone or by typing in the company Web address into your Web browser and don't click on the links in these messages as they make take you to a fraudulent, malicious Web site.

Coursework Specifications

Page 19

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

6. Conclusion
Nowadays computer security is a vast topic that is becoming more important because the world is becoming highly interconnected, with networks being used to carry out important transactions. The environment in which machines must survive has changed fundamentally since the popularization of the Internet. The goal of my research is to familiarize you with the current best practices for keeping security flaws out of your software. Cybercrime can happen anytime and anywhere. We must have knowledge about that and how to keep our computer and confidential information safe so we can minimize damages or even we can prevent all unauthorized attacks. Good software security practices can help ensure that software performs properly. Safety-critical and high-assurance system designers have always taken great damages to analyze and to track software behavior and security-critical system designers must follow suit. We can avoid the Band-Aid-like penetrate-and-patch approach to security only by considering security as a important system property. This requires integrating software security into your entire software engineering process is a topic that we take up in the next chapter.

Coursework Specifications

Page 20

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

7. References

Science and Technology Resources on the Internet-by Jane F. Kinkus-11th October 2009 URL :< http://www.istl.org/02-fall/internet.html>

Computer security - Wikipedia, the free encyclopedia 11th October 2009 URL :< http://en.wikipedia.org/wiki/Computer_security>

Hacker (computer security) - Wikipedia, the free encyclopedia 9th October 2009 URL :< http://en.wikipedia.org/wiki/Hacker_(computer_security) >

Identity theft eHow.com 10th October 2009 URL :< http://www.ehow.com/identity-theft/ >

Online Fraud: Phishing 10th October 2009 URL :< http://www.symantec.com/norton/cybercrime/phishing.jsp > Online Fraud: Pharming 10th October 2009 URL :< http://www.symantec.com/norton/cybercrime/pharming.jsp>

Prevention tips 11th October 2009 URL :< http://www.symantec.com/norton/cybercrime/prevention.jsp >

Coursework Specifications

Page 21

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY

8. Plagiarism Detect Page

Coursework Specifications

Page 22