An Introduction to the Im Profession and Ethics Paper

De La S completelye University Manila An Introduction to the IM Profession and Ethics Paper Presented to The Faculty of the College of information processor Studies De La University Manila In Partial Fulfillment Of the Requirements for the Degree of live of Science of Information Systems By Changcoco, Amos Dimla, Ysabel Nicole Ramchand, Pavan Tanchuling, Bianca Denise Tibayan, Jan Michael 1. 0 COMPUTER AND earnings CRIME 1. 1 Types of Exploits 1. 1. 1Virus It is a cattish code that is attached to a file or executable program that bottom of the inning jadestone the files of the victims raise reckoner and reformat, delete or modify the files.The computing device figurer virus is put to death solo when the file that contains the virus is opened or if the program with the virus is executed as well. It leaves infections as it travels from one calculator to a nonher. The spread of the virus relies on the procedurers whenever users would use removable media devices, smooth enload or with e-mails. An ideal of a figurer virus would be the Pikachu virus which was the first information processing arranging virus directed to children. It was said that the virus started on June 28, 2000 from Asia or the peaceful Ocean region.The virus was an email titled, Pikachu Pokemon with the sum, Pikachu is your friend. The email contained the image of the cartoon character, Pikachu from the TV series Pokemon, with the message, Between millions of throng around the human I open you. show upweart forget to remember this day every(prenominal) metre MY FRIEND. The Pikachu virus infected simply a few companies in the coupled States through Microsoft Outlook email attachments or through Microsofts cyberspace Explorer browser.The reason why unless a few companies were harmed and why the virus was non as viral is that the virus was not coded flop and would ask the user if the virus canful delete the files in the user. 1. 1. 2Worm A worm is a spiteful c ode that is utilize for bringing down the computer dodging. A worm does not infect files, however, it monopolies the computers CPU and operate agreement and is capable of deleting data and programs. It infects a computer by move uping vulnerability in an application or operating system. A worm is self-replicating and uses a network to replicate itself to former(a) computer.It does not rely on human inter treat for spreading to other computers. An mannikin would be the Morris Worm or too know as the large(p) Worm. Created by a Cornell University student named Robert Tappan Morris in the year 1968, the Morris Worm consisted of 99 lines of code. Robert Morris wanted to know how big the profit was and make the worm to find the answer. It is noted that the creator did not come malicious intent in making this worm however, the worm infected immense amounts of stability problems that made m whatsoever another(prenominal) systems unusable.The damage was oer 6,000 infected UNIX mac hines which cost between $10,000,000 and $100,000,000. This causa is an ethical dilemma because the creator did not have evil intentions in making the worm but did have bad effects on some sight in America. This dilemma would be ethical ground on the psychological vanity hypothesis because Robert Morris acted on his selfish motive(prenominal) whether he should or not, which made him moral. ground on the hedonism theory, it was ethical of Morris because he was only doing his duty without knowing that his actions would bring upon negative effects. 1. 1. 3trojan saw cater HorseNamed afterwardsward the fifth column horse from Troy which was apply to infiltrate the enemys grease through a disguise, the trojan horse is disguised as some amour else ( much(prenominal)(prenominal) as a program or file) but is actually a malicious code or may contain malicious code. Similar to viruses, a fifth column horse is executed when the file with the virus is opened or the program wit h the malicious code is executed overly. A Trojan horse can do from light damages such as changing the desktop and the like, to terrorening damage, such as deleting files, stealing data, or set off and spreading other malwargon, to the victims softw ar.Trojan horses ar likewise used to create a back door in the operating system so that the issues can memory portal the system. However, the Trojan horse cannot duplicate itself nor it can self-replicate. It would need the user to spread to other computers. An example of a Trojan horse would be from the pirated version of Apples suite of software, iWork. iServices was the Trojan horse part of the pirated version of iWork, which would signal the ward-heelers that the Mac is infected and the hacker has access to the system.This is an ethical dilemma because the tidy sum who buy pirated software such as the iWork do not know that there is a Trojan horse in the software. It was unethical of the sellers to place a Trojan horse in the software without the consent of their customers because deontology theory states that it was not the duty of the vendors to hack into the systems of their customers in the first place. Another reason why it was unethical because of the theory of altruism because the interest of others was not thought about since m whatever(prenominal) mountain will suffer due to the actions of the vendors.This is another reason why it is unethical, because of the utilitarianism, which is consequences-based. Lastly, the affectionate contract theory states that the actions of the vendors were unethical because it is against the law to hack and infiltrate snobbish property. Logic bomb is a type of Trojan horse that is triggered only by a series of specific events such as a specific sequence of keystrokes or a change in a file. 1. 1. 4Botnets A botnet is a network of infected computers that are controlled by bots.Named after the word robot, a bot is a type of malware that allows an assailer to relieve oneself control of an affected computer. Criminal can take over the controlled computer such as sending out spam, spread viruses, attempt computer and can even cause crime and fraud, without the possessor knowing it. Bots are also called computer zombie because the computer has no control over its actions since hackers are in charge of its actions. 1. 1. 5Distributed Denial-Of-Service Attacks (DDoS Attacks) A Distributed Denial-of-Service Attack is when a malicious hacker controls computers through the Internet.It is an sample in preventing the computer owner to use network resource or machine. It is composed of one or much people trying to disenable a certain host from beingness connected to the Internet. 1. 1. 6Rootkits The name rootkit comes from the two words root, which pertains to the point it attacks, which would be the administrator or the source or the root, and kit because of the set of programs. A rootkit is a set of programs that enables its user to gain ad ministrator level access to a computer without the users consent or fellowship.The owner of the rootkit is capable of executing files and changing system configurations on the pose machine, as well as accessing log files or monitoring practise to covertly spy on the users computer usage. It is hard to detect if a computer system has a rootkit malware. 1. 1. 7Spam E-mail spam is when e-mail systems send unasked e-mail to large numbers of people. Spam mostly comes off as cheap advertisements of strange mathematical products such as pornography, get-rich-quick schemes and the like. Spam can also be used to deliver harmful worms or other malware. . 1. 8Phishing Phishing is an attempt to steal someoneal identity data by tricking users into entering reading on a counterfeit Web site. 1. 2Types of Perpetrators 1. 2. 1Hackers and Crackers Hackers are people who test the limits of the system, find the holes, and check which data they could access. The knowledge that they get is actuall y captureable in various media, ordinarily the profit. They are not usually considered bad but due to many of them who used such knowledge to cause harm to systems, the term became negative.A more appropriate term for these kinds of people is actually called crackers. 1. 2. 2 Malicious Insiders Malicious insiders are people who obtain goodnesss, service, or property through deception or trickery, also known as fraud. In other words they lie to gain. 1. 2. 3 industrial Spies Industrial spies are people who illicitly obtain t to distributively oneing from competitors for the take in of their sponsor. The act is called industrial espionage and the opposite which is to obtain knowledge legally is called agonistic intelligence.In 1993, Opel accused the rival Volkswagen of industrial espionage after the formers top dog of production and seven executives moved to the latter go with due to lacking documents. (Julian, 2011) 1. 2. 4 Cybercriminals These perpetrators hack to the go withs system and will do anything with the knowledge secure to gain money. One of the most famous hackers of the world is Albert Gonzalez, who used hacking to steal and resell millions of card and ATM numbers in a span of three years. He did this by attacking many systems which would eventually give him the information needed to steal the card numbers. Verini, 2010) Albert Gonzalez is in ethical dilemma because he used his skills to steal the information for money. found on the deontological theory, its unethical because it is not the duty of hackers to steal information. Based on hedonism under the utilitarian theory, it is ethical because he found sport from the act. Social contract theory, however, makes this act unethical, and so does virtue theory. 1. 2. 5 Hacktivists and Cyberterrorists Hacktivists, corporate trust the words hacking and activist, are people who hack to promote regimeal ideology.Cyberterrorists attack to get the attention of the government as part of the ir political objectives. Anonymous is one of the most famous hacktivist groups due to their appearance on various media in which members appear wearing the Guy Fawkes mask. Their advocacy is to equal the Internet censorship and surveillance, government corruption and homophobia. This is why they attacked several government sites. (Katich, 2013) The ethical dilemma the group faces is that they use hacking skills to infiltrate the systems notwithstanding they get going to the side of the people as their objective is to make the government view their voice.This is ethical based on deontology because it is their duty to make the government mind to them their voice. This is also ethical based on the altruistic approach as more will benefit from their act. However, social contract theory states that it is unethical since this act has violated the law. 1. 3Laws for Prosecuting Computer Attacks 1. 3. 1electronic Commerce enactment of 2000 (RA 8792) 1. 3. 1. 1E-Commerce in gild The pr ocess of buying and selling goods electronically by consumers and from friendship to company through computerized worry transactions.This act has the purpose of protecting those who pursue business in electronic office through multiple communication networks through the Internet. 1. 3. 1. 2 Elements in the Law Electronic data messages these are principally the information that is in every transaction of the business. Electronic document these are the type of information specified with text, symbols, or other modes of written rule yet similar in nature with the electronic data messages. Electronic Signature these are any distinctive marks that approve a transaction which are done by a person or an entity using electronic means. . 3. 1. 3Relation to other Laws Such laws that are affected with this are the Intellectual Property Rights, Copy even ups Protection. These laws give protection to the parties involved in any business activities through electronic means. Fraud is also related as the government can charge you when you make accept payment illegally by disguising your site as a reliable option for payment. 1. 3. 1. 4 CASE in E-Commerce Censorship is very an all- outstanding(a) tool to line the moralities of websites and the cooperation of companies to acknowledge said moralities.In mainland China, Googles operations created a storm of criticism when the company agreed to comply with the governments wishes and censor pro-democracy and other websites. In 2010, Google relocated its Chinese operations to Hong Kong, putting it outside Chinas censorship regime. Supporters of the decision say Google shouldnt second with Chinas repressive policies, while critics say Googles withdrawal cut off millions of Chinese citizens from the companys services and weakens its presence in one of the worlds largest markets. This case has very unvarnished ethical issues including the move of Google to relocate its operations to Hong Kong.This made the jurisdiction of Chinas censorship polity not reachable so that they can use their assets more freely. These however made the citizens of China that is inside the jurisdiction of the censorship policy long for their beneficial search engine. If seen in Googles benefits this is a rather good trade for them to maximize the use of their services in a commercial area such as Hong Kong yet they couldve served the citizens so they can keep up their reputation of improving spirit in the world and be consistent of the famous line Dont be evil.I generally disagree with their decision to relocate as they couldve followed the modifyd utilitarianism and give their services to those who would need them the most. Still they acted the ethical egoism to censor pro democracy sites which are morally good to their perspective. 1. 3. 1. 5Another slip Including Google Google gathers incredible amounts of data on people who use its search engine. As of 2011, the companys website states that although it stores record s of your searches as a tool to improve corporate efficiency, it renders them anonymous after nine months and deletes cookies used to track visitors after two years.Governments could use Googles information to investigate individuals visiting particular websites, however, and Google Earths photo collection also has increase privacy questions In 2008, a couple sued on the grounds the online photos of their nucleotide violated their privacy, but a judge threw out the lawsuit the following year. This case is generates insight to how Google can be of every use to our clubhouse as they can help the government catch fugitives, queers and criminals with their records of the searches of the every person using their search engines yet this leaves them to violate certain privacy issues when they demoralise that kind of motive.The lawsuit of the couple may be dismissed by a judge but their lawsuit are supported by ethical theories namely the sets based theories which states that ther e are social contracts that should be acknowledged and that includes their decent for privacy. They may be legal to store records such as the photo from their Google Earth but they should have to limit their power to exercise their duty as they are also supported by the duty based theories due to their daily or continual lying-in of improving corporate efficiency as well as prominent us access to unlimited knowledge. 1. 3. 2 Cybercrime cake Act of 2012 (RA 10175) 1. . 3. 1 Preliminary Provisions 1. 3. 3. 2. 1. 1 Brief History of RA 10175 Cybercrime Prevention Act of 2012 or also known as Re populace Act No. 10175 was approved on September 12, 2012. This is first law in the Philippines which specifically criminalizes computer-related crimes. The Cybercrime Prevention Act in its current form is the product of House Bill No. 5808, authored by Representative Susan Tap-Sulit of the second regularise of Tarlac and 36 other co-authors. The final version of the Act was later subscrib e into law by President Benigno Aquino III on September 12, 2012. 1. 3. 2. 1. 1 Declaration of PolicyThe main objective of this Act is to protect the people from cybercrimes and also from the harmful effects associated with it. The state also nonpluss to recognize the vital roles of information and communications industries in the country. The state also recognizes the need to protect and sentry go the citizens of the state, and also to protect the integrity of computers and its users. The state also wants to recognize the splendour of providing an environment conducive to the development acceleration, and rational application and exploitation of information and communications technology. . 3. 3. 2. 1 General Provisions 1. 3. 3. 2. 2. 2. 1 Punishable Acts In this Act, there are 10 penal acts indicated in the bill, and those punishable acts each have penalties that are associated. In the bordering sentences, the punishable acts will be discussed briefly. Offenses against the conf identiality, integrity, and availability of computer data and systems A. Illegal Access accessing a computer or a part of a computer without any right B.Illegal Interception the interception made by the use of any technical device without any right of non-public transmission of datum to or from any computer system including electromagnetic emissions from a computer system carrying such data C. entropy Interference the wise to(p) or any reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without any right including the transmission or transferring viruses into a system. One example is the ILOVEYOU message transmitted through electronic mail way back in the year 2000.D. System Interference the intentional or any reckless hindering or folie with a functioning computer system, or a computer network by inputting, transmitting, damaging, deleting, deteriorating, altering, or supressing computer data or compute r program without any right or place in doing so. E. Misuse of Devices the use of any material without any right of it. Acts like producing, manufacturing, selling, and distribution. F. Cyber-squatting the simplest way is identity theft, using another individuals identity to gain profit or scam other people in the internet.G. Computer-related Forgery the illegal use of a computer into write ones work, and gaining illegal access to a computer to duplicate the content of a system or database. H. Computer-related Fraud the unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system. I. Computer-related Identity Theft the intentional acquisition, use, transfer, or possession of any observeing information belonging to another person, whether born(p) of juridical. Under these are Cybersex and Child Pornography. J.Libel de delicatelyd as a public and malicious imputation of a crime, or of a vice or defect, ech t or imaginary, or any acts, omission, condition, status or circumstance assistance to discredit or cause the dishonour or contempt of a natural or juridical person committed through a computer system or any other similar means which may be devised in the future. The above stated are the punishable acts by the law enforced and written in the bill, and these acts have synonymic penalties if have been proven to the court. The penalties include imprisonment or a fine of at least two hundred thousand pesos (Php. 00,000. 00) up to a maximum amount commensurate to the damage incurred or both. Prison mayor is equivalent to imprisonment from 6 years and one day to 12 years. 1. 3. 3 Ethical/ Moral Dilemmas 1. 3. 4. 2 Situation A 16-year senile male named Josh Evans was registered on the account used for bullying messages to a girl named Megan Mier. Lori Drew, the mother of Sarah, a former friend Mier, later admitted creating the MySpace account. She was help by Sarah and Ashley Grills , an 18-year-old employee of the elder Drew.The senior Drew and several others ran the fake account, with an aim to get information about Megan and use that information against her and also for her to be humiliated. This caused spreading gossips about Megan, and thus creating a traumatic experience not only for her but also to her family. 1. 3. 4. 3 Analysing using the Four major(ip) Ethical Theories A. Duty-based Theory According to the Duty-based theory, an act is considered ethical if it has good intentions. addicted the situation, I can distinctly state that it is not an ethical thing to do. Creating or spreading false rumours is not even close to be called as a good intention.Also, gathering information about a certain person is not ethical if it will be used against or be held against to a person. Using the Duty-Based Theory, I can clearly state that the situation of gathering information of Megan is not ethical because it does not serve a good intention. B. Utilitarianism A ccording to the Utilitarianism Theory an act is only to be considered ethical if it produces desirable consequences or outcomes. The outcome of the situation stated earlier is that the experience Megan was traumatic not only for herself, but it also affected her family.Just by looking at this outcome, we can say that it is not also considered ethical in this theory, because of the outcomes that the actions of the group had caused not only their target but also the relationship of other people to Megan. C. Social arrangement Theory According to the social contract theory an act is considered ethical if the act does not violate any rules or laws according to the well-behaved Code of the Philippines Persons and Family Relations, under Chapter 2 which is Human Relations the Articles 19, 20 and 21 discusses the diverse rights a person possesses and how a person should exercise his or her rights.Chapter 2 Article 19 presents the basic principles that are to be observed for the rightfu l relationship between human beings and the stability of the social order. Chapter 2 Article 20 presents that you are liable for any damage that you have caused to another person, whether wilfully or negligently. Chapter 2 Article 26 presents that right essential never abused, the moment that it is abused, the moment rights are abused they ceased to right. D. celibacy According to the Virtue theory, the action that is considered to be ethical is when the action is came from a good moral principle.Looking to the situation, it is not an ethical thing to do because it does only harm the person involved but also the moral principles of the suspect is to be questioned. 1. 3 Trust worthy Computing 1. 4. 1 Microsofts 4 Pillars of trustworthy Computing The 4 Pillars of trustworthy computing help site the key elements in computing especially in an organization with legion(predicate) employees to manage. Guidance is a key to help implement a good and stable system such as how the pillars bunk not just Microsoft employees but users alike. 1. 4. . 1 protective covering Creation of a trust worthy environment for a safe computing environment 1. 4. 2. 2 concealment The protection and confidentiality of design, development and testing in any organization is essential as to be part of the competitive market today. 1. 4. 2. 3 dependability Working as expected or promised by the developers and their entity 1. 4. 2. 4 cable Integrity Being responsible and transparent in you duties and expectation as part of a work force that strives to be excellent a mistake is bound to happen.Admitting a mistake is the 1st step to a growing process of learning new things to come. 1. 4. 2 Risk sagacity It is the process of assessing certification related risks to an organizations computers and networks from both versed and external (Reynolds, 2011) A risk assessment is a process to identify potential hazards and analyse what could happen if a hazard occurs. (Federal Emergency attenti on Agency, 2013) The assessment would assure the IT security measures team that they will be ready when an attack comes because of the determined risk assessment they perform. 1. 4. 1 General Security Risk Assessment ProcessStep 1 Identify IT assets and prioritize ones that are of most importance Step 2 Identify the threats/risks that could occur Step 3 Assess the likelihood of threats Step 4 learn the impact of each threat, how large to small is the impact if affected Step 5 Determine how each threat can be prevented/blocked Step 6 Which is the most effective prevention method Step 7 coif cost benefit analysis before taking any action Step 8 Make the decision to implement or not to implement the decided risk prevention found through extreme research and development 1. 4. 3 Establishing a security policyDefines an organizations security requirements, as well as controls and sanctions needed to meet those requirements. (Reynolds, 2011) A good security policy can possibly improve and provide a smooth flow of operations within an organization. NIST (National Institute of Standards and Technology) is a non-regulatory federal agency within the US department of commerce. The computer security division creates security standards for organizations to implement in their own system. 1. 4. 4 Educating the Employees, declarer and Part-Time Workers Surveys show that most security problems come from negligence and unknowingness of the security policies.Teaching good security practices like not giving out your passwords, making sure you do not meddle in different departments. Knowing the Dos and DONTs of everyday computing will help guide any workplace and direct them to the good ways of being a good user. 1. 4. 5 Threat Prevention The key to a threat prevention system are layers of security systems that challenge the perpetrator to hack into the system. Firewall stands guard between an organizations internal network and the internet Intrusion Prevention Systems prev ents an attack by blocking viruses, malformed packets and other threats from getting into a protected network.Antivirus software should be installed on each users personal computer to scan a computers disk drives and memory regularly for viruses. User accounts that remain agile after employees leave cause an uncertain threat to the company, IT staff must promptly delete and make sure to wipe out all the privileges of the former employee. The US-CERT (United States Computer Emergency Network Team) and SANS(SysAdmin, Audit, Network,System) Institute regularly update a summary of the most frequent and high impact threats to a computer system specifically viruses and worms. . 4. 6 Security Audit An important prevention tool that evaluates whether an organization has a good security policy and if it is being followed. An example would be a requirement to change passwords every week or month with this in place a security for companies are much more protected compared to others without this requirement. Basically to test, check and go off the systems security and look for loop holes and easy targets. 1. 4. 7 Detection The preventive measures made for a computer system is not always enough to protect important data.Intrusion detection system is a software/hardware that monitors system and network resources, notifies a system admin when an assault occurs Knowledge based intrusion system contains information about attacks and system vulnerabilities, then trigger an alarm (ex. Repeated login, repeated data events) demeanor based intrusion system compares users system behaviour with an admin created model that detects when a user is not following the needful model, this would trigger an alarm. (Example Unusual activity with an account in the HR department accessing the IT departments data. 1. 4. 8 ResponseAn organization should be prepared for the worst, like a system attack that stops all operations and steals data from the company. The top priority during an a ttack is not to catch the perpetrator but to regain control and hold open what is left. Who needs to be assured? And who not to notify? Reputation and credibleness is at stake in any security breach. A company should document all details of a security breach and be able to review it after to assess and further study. Eradication of the discredited/breached information is essential but before everything a log is required to keep track 1. . 9 Ethical Moral Dilemmas You are a member of a large IT security support group of a large manufacturing company. You have been awakened late at night and informed that someone has defaced your organizations website and also attempted to gain access to computer files containing a new product under development. What are your next steps? How much time would you spend tracking down the hacker? -Deontological 1. 5 References * (1999, 10). Electronic Commerce. StudyMode. com. Retrieved 10, 1999, from http//www. studymode. com/essays/Electronic-Commerc e-731. tml * THE ELECTRONIC COMMERCE ACT (R. A. 8792) AN OVERVIEW OF IT? S (INFORMATION TECHNOLOGY) have-to doe with ON THE PHILIPPINE LEGAL SYSTEM(2005 006). www. ustlawreview. com/pdf/vol. L/Articles/The_Electronic_Commerce_Act_RA_8792. pdf * What Is the Difference Viruses, Worms, Trojans, and Bots? lake herring Systems. (n. d. ). Cisco Systems, Inc. Retrieved from http//www. cisco. com/web/about/security/intelligence/virus-worm-diffs. html * What Is A Rootkit? (n. d. ). Internet / Network Security Tips, Advice and Tutorials About Internet Security and Network Security.Retrieved from http//netsecurity. about. com/od/frequentlyaskedquestions/f/faq_rootkit. htm * Julian. (2011). 10 Most Notorious Acts of Corporate Espionage. Retrieved from http//www. businesspundit. com/10-most-notorious-acts-of-corporate-espionage/ * Katich, A. (2013). Anonymous (Annie Katich). Retrieved from http//socialactive. wordpress. com/2013/02/25/anonymous-annie-katich/ * Verini, J. (2010). The Great Cy berheist. Retrieved from http//www. nytimes. com/2010/11/14/magazine/14Hacker-t. html/