Ethics, Computer Crimes, Security and Health Issues:

Ethics, Computer Crimes, Security and Health Issues:
The crime is defined as the use of computers to commit criminal acts. It is a felony to illegally access confidential programs or data. computer crime is very serious, costly, and very hard to pin down. Why hard? 1. It is difficult to decide when a questionable act is really a crime. It is easy to label someone's stealing money from your account in a bank as a crime; but how about a student who uses someone else's time to complete an assignment, or use the E-mail service to send a personal friend a private message? 2. The courts and judges are overwhelmed by the complexity of this technical issue. Companies who may think of reporting a crime are reluctant because they are not sure the case will be prosecuted and criminals will be caught. 3. Many businesses are very reluctant to report computer crimes to avoid bad and adverse publicity. Would you invest in a bank that lost $200 million last year to computer crimes?
Computer Crimes: They can occur in four ways:
The computer can be the target of the crime – like stolen or destroyed
The computer can be the medium of the attack by creating an environment in which a crime can occur like entering false data to mislead or cheat someone.
The computer can be the tool by which the crime is committed like using the computer to plan for a crime, but the crime does not involve the computer.
The computer can be used to intimidate or deceive like a financial advisor who can steal money by convincing the client that he had a computer program with which he could increase the client’s earnings.
Crimes can be performed by outsiders who penetrate the system, or by insiders, who are authorized to use the system but abuse their authorization.
The hacker is the outside person who penetrates the computer system.
The cracker is a malicious hacker who may cause a serious damage.
The profile of the computer criminal:
Mostly male
Ages 19-35
Work mostly with computers
Generally very bright Major motives behind crimes:
Economical
Ideological
Psychological
Egocentric Types of Computer Crimes:
Some forms of computer crimes include: 1. Data Diddling: it involves altering some key operations on a computer system in some un-sanctioned way. An example is student changing grades in a school file.
2. Trojan Horse: adding concealed instructions to a computer program so that it will still work but will also perform illegal duties. An example is a bank worker who can change a program that contains thousands of lines by adding few lines of code to stop the system from showing withdrawals from his account. Viruses travel this way on the Internet embedded in other programs.
3. Salami Shaving: small amounts are shaved from large amounts and are accumulated elsewhere. A bank employee may shave few cents from clients' accounts. Clients may not notice the shaving, but when these small amounts accumulate, they become large. Supermarkets are often accused of this crime when they do not update prices to reflect lower shelf prices.
4. Trapdoors: leaving, within a completed program, an illicit program that will allow illegal access
5. Logic and Time Bombs: a virus that sabotages a program or trigger damage based on certain conditions. It is usually set to go off at a later date like time bomb or Trojan horse.
6. Viruses: an illicit program created for the purpose of causing harm to computer programs and data. The virus passes itself on to other programs in which it comes in contact.
7. Piggybacking: using another person's identification code or using that person's files before he logs off:
8. Zapping: using illicitly acquired software package to bypass all security systems.
9. Software piracy: more is said about this later. 10. other crimes include: Hacking, Cellular Phone Fraud, Counterfeiting
viruses and worms: the worm is a program that transfers itself from computer to computer over a network and plants itself as a separate file on the target computer. one way of manifesting itself, the worm multiplies itself uncontrollably until it fills the computer's memory. the virus, however, is an illicit program that passes itself with other programs with which it comes in contact. The virus is very contagious and may cause considerable damage like deleting or corrupting files and programs. The most common method of transmitting viruses is through diskettes.
Motivation: prank, boredom, anger, intellectual challenge etc..It is possible to minimize the damage of viruses:
Do not stick the disk where it does not belong.
use anti virus programs
create clean backups New viruses always appear, so damage is continuing.
Hardware theft:
Increased with miniaturization. It is easier to steal a small computer. portables are the most attractive because they can be used anywhere (battery operated). Accessories and peripherals are frequently stolen. To reduce this loss:
Use cables
Do not leave computers unattended
Security code on hardware and alarm will signal if the hardware leave main door Software piracy: it includes making illegal copies for the purpose of using on more machines or selling to other users. Software is copywrited. Commercial software costs money and must not be copied without permission from the manufacturer. If this is done, it is called software piracy. In the past, software manufacturers tried to protect their software by copy protection, a software or hardware block making it difficult to break the code and make the copy. It did not work mostly because hackers broke the code and made illegal copies and this procedure was seen as a punishment to the innocent and those who legally acquired the software and now they can not make backup copies to their software. Now, companies offer a sire license, which permits the customer to make a limited number of copies of a given piece of software, and concurrent licensing, which allows a customer to use only a limited number of copies of a certain program simultaneously. Violators are subject to fines and jail terms.
Identification and Access: Granting access to authorized users, one or more of the following FOUR categories may be used: 1. What you have: like cards and keys to give you physical access to computer room. Nowadays, there is the Active Badge, a badge that has an embedded computer chip used to send a signal of the user's location by using infrared signals. These signals are constantly read by computers throughout the building. 2. What you know like passwords or identification information. 3. What you do like signatures. This is not impossible to copy, so alone does not make the best security measure. 4. What you are: Biometrics - the science of measuring individual body characteristics like finger-printing, voice recognition and the identification of the retina of the eye.
Ergonomics and health hazards Are there unhealthy side effects to this seemingly harmless thing called computers. Research suggest that the following health hazards are directly linked to working with computers:
Physical complaints and that includes back and hand aches.
Chip toxins from the exposure to those chemicals used in the manufacturing of computer accessories. It was reported that pregnant women working in contact with the making of chips and other parts of the computer system had a higher rate of miscarriages. Another report mentioned that more that seventy police officers in texas developed testicle cancer because of their work with the radar - speed detecting units.
Stress: users now are expected to produce more and better products. Time is money and there is no need to waste any time. An example is the pressure on office workers to complete perfect word-processing documents - free of spelling errors and formatted to the liking of the supervisor.
Social Isolation: there are many people who for one or more reasons work from home (telecom muting). Because of this, they lose of the chances of interacting with other employees and lose opportunities of staff development and other occasions. Telecommuters are also paid less wages. Ergonomics is the science of adapting the working environment to the human needs and conditions. People nowadays are more aware of the possible negative health impact computers can have on them and they are doing something about that. Some of the things users can do to minimize the harm of working with computers include:
Turn the screen away from the window to reduce glare. Turn off all unnecessary lights in the room
Put the monitor on a tilt-and-swivel base
Use an adjustable chair with supporting back.
Place the keyboard low enough to avoid arm fatigue.
You can use a raised wrist rest.
Sit with the feet firmly on the floor.
Exercise regularly by rotating your wrists and stretching your arms and shoulders. Better yet, take short walks away from the computer.
Keep your fingernails short or at least not very long. Disaster Recovery Plan: It is a method of restoring computer processing operations and data files if operations are halted or files are damaged. there are different approaches. 1. Some organizations revert temporarily to manual services like a bank employee issuing a manually printed cash receipt. 2. Others buy time at a service bureau, but this is not practical in the long-run and not efficient for companies that serve in rural areas. 3. A group of companies / banks create a consortium, a joint venture to support a complete computer facility. this facility is always tested and made ready, but only used in the event of a disaster. this facility is called a hot site, a fully-equipped computer center to serve in the event of a disaster. A cold site is an environmentally suitable empty place (shell) in which a company can install its own computer system.
The use of such a facility and the type of recovery depends on a plan. This plan should include the following:
Priorities: a list of programs that must be up and running. A bank would give a priority to an account inquiries program
rather than employees vacation planning.
Personnel requirements: procedures for notifying employees of changes in locations and procedures.
Equipment requirements: a list of needed equipment and where it can be obtained to speed up the recovery efforts.
Facilities: a list of alternative computing facilities, if the organization can not afford being a member of a consortium.
Capture and distribution: an outline of how input and output data will be handled in a different environment.
Defense strategies or controls to protect Information Systems:
Prevention and deterrence: by denying access to those who should have no access, or use access controls like passwords.
Detection: the earlier we discover a potential problem; the easier it will be to stop it.
Limitations: minimizing losses once a malfunction or error has occurred.
Recovery: a plan that explains how to fix a damaged information system as quickly as possible.
Correction: correcting damaged systems can prevent the problem from occurring again.
Types of Controls: General controls and Application controls:
General controls are used to protect the system regardless of its specific application. The Application controls are safeguards intended to protect specific applications.
General Controls include:
· Physical: protection of computer facilities and resources - protection against natural disasters, theft. This can be done with guards or locks.
· Access control: authorization and authentication, like using login in process or firewall.
· Biometric controls: a system to verify the identity of the person, based on physiological or behavioral characteristics. This includes:
o Hand geometry to check characteristics of the hand like length and thickness of fingers. o Blood vessels of the retina of the eye: compare what the systems scans with a pre-scanned and stored image. o Voice: a match between the user’s voice and stored voice. o Signature: also a match against stored signature o Keystroke dynamics: pressure of the fingers and speed of typing matched with stored information. o Facial thermograph: the picture of the user’s temperature emanating from underlying blood vessels and compared with stored information. o Fingerprints: matching the user’s fingerprint against stored fingerprint.
Application Controls include:
Input controls to prevent data alterations. Data are checked for correctness, completeness and consistency.
Processing controls to ensure data are valid and complete when being processed. Only authorized user should access this phase of processing.
Output controls to ensure the results are accurate, valid and complete.
Firewalls and Networks:
Networks have become increasingly popular way for banks, airlines and many other types of businesses to do business. Networks that provide businesses with connections save them money and provide speed of connection and service. They deserve protection. The most common ways to protect networks are:
Access Control: passwords and other types of authorization and authentication devices.
Encryption: encoding regular digitized text into unreadable scrambled text or number for transmission. The encrypted message has to be decoded or decrypted at the other end. Purposes of encryption are: first, identification - help identify the legitimate sender and receiver; second, control, by preventing changing a transaction or message; and third, privacy by impeding eavesdropping.
Cable testers: troubleshooting to detect any faulty cable.
Firewalls: a system that enforces an access control policy between two networks. It is a barrier between the secure company intranet, or other internal networks, and the Internet. Firewalls are very useful because of hackers (there are more than 80,000 sites for hacking from which anyone can download free programs to hack systems). Firewalls provide the most cost-effective security to networks, although they are not 100% effective.