Professional Documents
Culture Documents
What is this
Why is computer engineering one
How can we join up and where
How must we behave and act?
What are the issues and problems
Do we impact on society - Do we have roles,
functions - Do we contribute to society and economy
What’s ahead
1
How must we behave and act?
Where we talk about professional ethics,
represented by guidelines in the CODE OF
CONDUCT/ETHICS of various engineering
professional associations.
*SCOPE*
What is ethics?
Codes of ethics
2
What on earth is ethics?
…...zzzzzzzzz
3
•Interaction raises ethical questions,
example, decision-making.
12
ETHICAL REALITIES/EXAMPLES
http://www.washingtonpost.com/wp-srv/liveonline/02/business/business_egan080202.htm
13
And Singapore??? How ethical and
professional is our business/corporate
scene?
Transparency International 2004 Singapore world's
fifth least corrupt country - behind Finland, New
Zealand, Denmark and Iceland.
14
In the largest cheating case in history, Chia Teck
Leng, former finance manager of Asia Pacific
Breweries, was jailed May 2004 for 42 years. He
pleaded guilty to cheating four banks out of
S$117mil.
Possible fraud or insider trading investigation
launched into these listed companies:
17
Reasons people give
for not being ethical
18
Rationalizations to justify unethical
behavior, including:
Denying responsibility: actors convince
themselves they had no choice but to
participate in unethical behavior.
Denying injury: if no one is hurt, the
behavior isn't really unethical.
Denying victims: blaming violated parties
for what happened on the grounds they
"deserved it."
19
Corrupt individuals depend on rationalizations to justify their behavior, including:
*SCOPE*
What is ethics?
Codes of ethics
21
*CODE OF CONDUCT/ETHICS*
For Computer Engineers/IT Professionals
US many computer associations and societies and most have code of
ethics/conduct.
22
Rationale
23
*CODE OF CONDUCT/ETHICS*
Background/overview
Professions differ from commercial trades and
enterprises - members governed by professional
ground rules of ethical and professional behavior
and legislation. These ground rules known as codes.
Violations of code liable to censure or disciplinary
action by regulatory board for serious breaches. But
more a moral sanction. (Where most of difficulty
arises).
24
Possession of code hallmark of professions.
What it is
List of prescribed recommended behaviors and values –
defines roles and responsibilities. Measure of professional
conduct.
Framework for ethical judgment.
Public avowal of engineers commitment to behave in ways
not harmful to society, or bring shame to society and rest of
profession.
Indicates to society concern of members to act
responsibly.
Collective recognition of responsibilities of profession.
25
*CODE OF CONDUCT/ETHICS*
27
Why – Functions, what does it achieve, do?
28
Code of ethics especially for computer
engineers
Area of technology
Dangers of technology – computer crimes...
29
*CODE OF CONDUCT/ETHICS*
For Computer Engineers
IT Professionals
US many computer associations and societies and most have code of
ethics/conduct.
30
EXISTING CODES
Professional engineers code of professional
conduct and ethics:
http://www.peb.gov.sg/peb/html/per_code.html
31
*CODE OF CONDUCT/ETHICS*
Professional honesty
Adherence to confidentiality agreements
Data privacy
Handling of human subjects
Impartiality in data analysis and professional
consulting
Professional accountability
Resolution of conflicts of interest
Software piracy
32
Common themes
Personal integrity – claim of competence
Personal responsibility for work (no one but you on computer)
Responsibility to employer/client
Responsibility to profession
Confidentiality of information
Conflict of interest
Dignity
Respect for persons/Worth of people
Public safety, health, welfare
Participation in professional societies
Increase public knowledge about technology.
33
So we have a code but
what good is it?
34
Criteria of good code
Must be more than mere motherhood statements but
must contain reasonable policies to ensure that the
practice of the profession is provided adequately to
the public and not merely to enforce a monopoly
situation or to restrict competition amongst
practitioners.
35
What it DOES do:
36
LIMITATIONS: What it DOESN’T do,
can’t do, won’t do
37
Not a legal document. Not legally binding.
38
Protection from employers – code supports
professional and ethical decisions - but cannot
sue employer.
39
Codes only tell us what is the right thing to do, advocating
long established principles, highlighting what is considered
honorable to uphold the dignity and pride of the profession,
but the code would be as good as dead if persons had no
such inclination toward acting in these ways.
40
Not a recipe for ethical behavior. Cannot be
applied cookbook fashion. Cannot generally
tell people what to do in specific situations.
43
Character counts. Ethics is not for wimps.
45
Unethical computer/ IT use
Information technology will be the most
fundamental area of ethical concern for
46
So what do we get??????
50
51
Using term loosely – computer crimes
52
What’s a crimes ?
53
Why crime?
Crime
Intentioned harm to others, violation, usually of
rights. Ignorance not excuse.
Breaking of law – problem - laws against unethical
use recent. 54
Why ccccccrime - Violating rights
57
Areas/types vulnerabilities
58
Computer RISKS
Examples
Example, DoS
60
E-MAIL
E-mail risks/vulnerabilities:
Hard to destroy
Deleted e-mail remains -most electronic documents
backed up and recoverable. Email “evidence” now
acceptable as legal records in courts of law. Example:
Microsoft court case dredged up incriminating old emails 62
Personal/home computer and user
63
Definition of terms : Computer RISKS
65
Examples
67
CASES: What is stealing?
69
CASES: What is stealing?
70
CRIMINAL ACTIVITY
Fraud, embezzlement, forgery, sabotage
http://www.taipeitimes.com/News/worldbiz/archives/2005/06/22/2003260310/print
http://msnbc.msn.com/id/8307418/
http://www.cybercrime.gov/compcrime.html
73
Getting Better…Or Worse…
Cheating goes hi-tech – plagiarism old hat, now UK using
outsourcing websites where bidders compete to write
assignments - “contract cheating” - students put
coursework out to tender and suppliers bid to complete
work. Legitimate outsourcing webs but illegitimate use.
74
CASE Ransomware
75
It happened in Singapore…
76
Why crime?
Crime
Intentioned harm to others, violation, usually of
rights. Ignorance not excuse.
Breaking of law – problem - laws against unethical
use recent. 77
Ccccccrime - Violating rights, exploiting
risks
Right to know. To what extent do we have right to
know, have access to, the information that relates to us in a
database? What about others’ right to know – about us?
Right to privacy. To what extent do we have a right to
control the use of information that relates to us? What
privacy rights do others have in regard to the data we hold
on them?
Right to freedom of speech/expression. People who
restrain us from speaking out – crime
Right to property (intellectual property). To what
extent do we have a right to protect our computer resources
from abuse and misuse? 78
How technology helps us be crooks – software,
computer pirates, thiefs, creeps, liars, etc.
80
How technology helps us be crooks
81
Guesses can be made from username, example, test,
admin.
Username key to successful attack – through
default passwords, then common username and
password combinations.
Dictionary attack – running through common
words.
Brute force – attempts to crack code like a safe,
bombarding with different combinations.
Inurl:service.pwd OR
Simply call organization and ask. 82
FOCUS: Internet Fraud
http://news.bbc.co.uk/1/hi/business/637094.stm
84
http://news.bbc.co.uk/1/hi/business/637478.stm
Internet Fraud
85
WEB WATCH OUT FOR:
Business Opportunity/"Work-at-Home" Schemes
Online. Advertise business opportunities to earn thousands
of dollars a month in "work-at-home" ventures. Have to
pay to join, but only thing delivered is depleted bank
account.
88
You Wont Need This but To Amuse…
Internet “divorce”
Forms
Obtain passwords and delete information
Create programs to steal passwords
Rummage through garbage to get information
Create and transmit computer viruses.
Wf What is a hacker?
90
Hacking (Hackery?)
History: http://library.thinkquest.org/04oct/00460/hackingHistory.html
Have we come full cycle? 1970’s hacking was positive, a person who wrote very good and
clever programs – first computer games and operating systems. Then negative, 70s-90s – did it because could do it,
challenge & thrill, is it now positive again? Mainly teenage culprits. 90s onwards – whitewashed image good hackers,
bad hackers.
91
Hacking (Hackery?)
92
TYPES
Internals. Either employees dissatisfied with
company management or ex-employees who know
security “ropes”. Use knowledge to hack in.
93
TYPES
94
Hacking Singapore
95
Examples of punishment:
Hacking Singapore
96
Examples of punishment:
Hacking Singapore
97
Who usually guilty ?
Students!!!!!!!!
White-hat hackers--after breaking into the system, they
usually inform the victims
Black-hat hackers--are cyber vandals who deliberately
cause trouble for people
Crackers--hackers for profit
Hacktivists--politically motivated hackers
Script bunnies/kiddies -wanna-be’s, but don’t have
technical expertise – trying-hards, don’t quite hack it, no
pun intended. May unleash harmful or destructive attacks
without even realizing it. Generally no goal in mind but to
see how much chaos can create.
98
Is hacking an issue any longer?
Usual justification
Information should be free – no longer. Laws.
To show system insecure, flaws. So do home security
services break into homes to show homes need them, or
same with car alarm systems?
Does no harm – no one need know. Helps hacker find out
something about system. Did hacker have to break in to
find out? Hacking not only way. Giving children electric
99
shocks to learn good way, too. Still violation of our rights.
Hacktivism/hacktivity
102
Hacktivism/hacktivity
CASE
Student Hacks System to Alter Grades
CASE
Hacking for love
108
HOW?
“Flood" network, thereby preventing legitimate network
traffic
Disrupt connections between two machines, thereby
preventing access to a service
Prevent particular individual from accessing service
Disrupt service to a specific system or person
Send large amounts of junk e-mail in one day -
"mail bomb"
Malware- virus, worms malicious program that puts the
processing unit into an infinite loop, or,
Flood server with bogus requests for webpages - deny
legitimate users opportunity to download page and also
possibly crashing server.
109
DoSSingapore
One way DoS – code gets into computer and take controls
turning them into “bots” – network of compromised
computers – then used to launch DoS. Bots can now be
rented out. What next???
110
MALWARE
Broad concept, umbrella term – anything that harms via
computer – intentionally – malicious intent.
Malicious code
Malicious program
Rogue program
Scary statistics
70% of malware detected during Q1 2006
cybercrime-related - "designed to generate
financial returns."
40% spyware (collecting data on users'
Internet activities)
17% Trojans (including software that steals
confidential data related to bank services)
8% dialers (code that deals up premium-rate
phone numbers without a user's knowledge) and
"bots," which involves the sale or rental of
networks of infected computers.
112
MALWARE
Cause various types of damage and nuisance to computer
and users. Include mainly worms, Trojan Horses, viruses,
spyware and adware. May slow down Internet, use
computer to spread the evil to other Webbers.
Worms
Trojan Horse
Often comes bundled with other programs (KazaA, iMesh, and other file sharing
programs biggest bundlers).
114
HOW IT HAPPENS…
115
Carriers - Where they hide
118
What these will do…
119
What these will do…
Information theft
121
Charges: What they earn
122
Case: Malware from Craigslist
As soon as you download it, you will have all the necessary
data: description, photos, and other details. Please, make
sure you are well acquainted with the info so that your
decision would be reasonable. The car is in excellent
condition, no accident. Thank you.
How?
126
VIRUS
Drab readmore: http://computer.howstuffworks.com/virus.htm
A little history…
129
VIRUS
Examples
March 1999, Melissa virus so powerful Microsoft and a number of other very large
companies forced to completely turn off email until virus could be contained.
132
VIRUS
PC Magazine artix:
http://www.pcmag.com/print_article2/0,1217,a=148845,00.asp HOAX!!!
Computer virus and hoax different!
Virus Hoaxes
Easier than writing a program to make computers mess
themselves up - writing a letter to make humans mess
computers up.
How?
Copy of worm scans network for another machine that has
specific security hole. Copies itself to this using security
hole, and then starts replicating from there, as well.
134
Worms
Distinction between a virus and worm
135
Worms
136
EXAMPLE WORM Code Red July 19 2001
Each copy scanned Internet for Windows NT or Windows 2000 servers that did not have
Microsoft security patch. Each time an unsecured server, copied itself to that server. New
copy then scanned for other servers to infect. Depending on the number of unsecured
servers, a worm could conceivably create hundreds of thousands of copies.
Designed to :
Replicate itself for the first 20 days of each month
Replace web pages on infected servers with a page that
declares "Hacked by Chinese"
Launch concerted attack on White House Web server137in
attempt to overwhelm it
Trojan horse
138
Trojan horse
139
logic bomb is a program that "detonates" when
some event occurs. The detonated program might
stop working (e.g., go into an infinite loop), crash the
computer, release a virus, delete data files, or any of
many other harmful possibilities.
140
Case
141
Case
142
Even if benefits to society, still unauthorized access.
Argument weak because doesn’t make it legal, or that
should then be allowed because shows up a problem.
143
PHISHING
Phishers are the new con artists of cyberspace.
144
PHISHING
Phishers are the new con artists of cyberspace.
Phishing not really new -- scam that predates computers -
done over the phone for years – “social engineering”.
Attempt to fraudulently acquire sensitive information by
masquerading as trustworthy person.
145
Example::http://www.nus.edu.sg/comcen/security/security_alert0502.htm
147
Example
148
Phishing email example
Date: Wed, 9 Jun 2004 10:34:16 -0500
From: USbank-securijt@UsBank.com
Reply-To: product@u.washington.edu
Subject: USBank.com Security Update – URGENcs
To update your account information and start using our services please click
on the link below:
http:www.usbank.com/interfnetBanking/RequestRouter?requestCmdId=DisplayLo
ginPackage
Virtually identical to legitimate Web site except for possible additional fields and
behind the scenes coding changes.
150
Football phishing
151
Now Pharming !!!!!!!
152
Singapore Scene:
http://www.pacific.net.sg/article.php?id=393062
153
SPYWARE Malicious websites may attempt to install spyware on
readers' computers, example, pop-up that offers spyware in the guise of a
security upgrade.
154
Don’t confuse with ADWARE
Adware generally software that installs
reminder service or spawns targeted ads as
you surf.
Referred to in advertising as interstitials or
simply “pop-ups”.
Might also profile surfing and shopping habits,
gather information.
155
Adware
156
SPYWARE
Malicious websites
157
SPYWARE
Examples
Posers up to no good
158
SPYWARE
165
How its done
IDENTITY THEFT
Spyware biggest culprit because can surreptitiously gather
confidential information without anyone being wiser.
How?
Thief gets hands on enough information to pretend to be
you. May open up fraudulent credit card accounts, apply
for loans, or try to secure other property using YOUR
identity. Some may even go as far as using your name to
get job and stick you with the taxes. Scariest aspect - be
arrested for crime someone else committed while being
YOU. 167
How its done
IDENTITY THEFT
169
CASE
2003: 27.3 million Americans victims of identity theft in
last five years. Example: Crooks allegedly obtained names
and Social Security numbers of U.S. military officers from
Web site, then used more than 100 of these names and
numbers to apply via Internet for credit cards with local
bank.
170
Everybody’s fave activity in Singapore:
Online shopping!!!!
171
How it might happens…
173
CASE
eBay
Accused of auctioning off paintings which were
originals, but passed off in someone else’s name. Example,
selling a Picasso but in your name. Also a copyright
problem.
Also bogus Tiffany items – law suit. Claims eBay
promoting fakery. EBay – nay – cannot check zillions of
items offered - eBay only providing channel.
177
SOFTWARE/COMPUTER PIRACY
178
Thots to think about
Does everyone perceive these as unethical,
crimes? Nothing wrong?
179
Thots to think about
Rules because we want freedom. Ironical.
Rules don’t restrict freedom but preserve it.
180
*THOTS TO THINK ABOUT*
What do professionals
have that others don’t?
181
*THOTS TO THINK ABOUT*
Can be USED
Can be MISused
182