ethical and social...j.m.kizza 1 module 9: computer crimes introduction history of computer crimes...

Ethical and Social...J.M.KizzaEthical and Social...J.M.Kizza 11

Module 9: Computer CrimesModule 9: Computer Crimes

IntroductionIntroduction

History of Computer CrimesHistory of Computer Crimes

Computer Systems AttacksComputer Systems Attacks

Motives Motives

Costs and Social ConsequencesCosts and Social Consequences


IntroductionsIntroductionsA computer crime is an illegal act that involves a A computer crime is an illegal act that involves a computer system or computer related system like a computer system or computer related system like a telephone, microwave, satellite or other telephone, microwave, satellite or other telecommunications system that connect one or more telecommunications system that connect one or more computers or computer related systems, either as an computers or computer related systems, either as an object of a crime, an instrument used to commit a crime object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime. or a repository of evidence related to a crime. Illegal acts fall within the domains of the commission of crimes Illegal acts fall within the domains of the commission of crimes which a legislature of a state or a nation has specified and which a legislature of a state or a nation has specified and approved. Human acts using computers or computer related approved. Human acts using computers or computer related technologies that encroach within the limits of the commission’s technologies that encroach within the limits of the commission’s boundaries, are considered illegal and they include:boundaries, are considered illegal and they include:– Intrusions of the Public Switched NetworkIntrusions of the Public Switched Network– Intrusions into Public Packet NetworksIntrusions into Public Packet Networks– Network integrity violations Network integrity violations – Privacy violations Privacy violations – Industrial espionage Industrial espionage


– Pirated computer software Pirated computer software – Fraud, Fraud, – Internet/email abuse,Internet/email abuse,– Using computers or computer technology to commit murder, Using computers or computer technology to commit murder,

terrorism, pornography and hacking terrorism, pornography and hacking

Most computer attacks on the resources above fall into Most computer attacks on the resources above fall into three categories below. Our focus in this chapter will be three categories below. Our focus in this chapter will be on the last category [1,2]:on the last category [1,2]:– Natural or Inadvertent attack that include accidents originating Natural or Inadvertent attack that include accidents originating

from natural disaster like fire, floods, windstorms, lightening from natural disaster like fire, floods, windstorms, lightening and earthquakes, and they usually occur very quickly without and earthquakes, and they usually occur very quickly without warning, and are beyond human capacity, often causing serious warning, and are beyond human capacity, often causing serious damage to affected cyberspace resources. damage to affected cyberspace resources.

– Human blunders, errors, and omissions that are usually caused Human blunders, errors, and omissions that are usually caused by unintentional human actions. Unintended human actions are by unintentional human actions. Unintended human actions are usually due to design problems, such attacks are called usually due to design problems, such attacks are called malfunctionsmalfunctions. Malfunctions, though occurring more frequently . Malfunctions, though occurring more frequently than natural disasters, are as unpredictable as natural disasters. than natural disasters, are as unpredictable as natural disasters.

– Intentional threats that are actually intended and they originate Intentional threats that are actually intended and they originate from humans caused by illegal or criminal acts from either from humans caused by illegal or criminal acts from either insiders or outsiders, recreational hackers, and criminal. For the insiders or outsiders, recreational hackers, and criminal. For the remainder of this chapter we are going to focus on this.remainder of this chapter we are going to focus on this.


History of Computer CrimesHistory of Computer Crimes Hacking, as a computer attack technique, utilizing the Hacking, as a computer attack technique, utilizing the internetworking between computers and communication internetworking between computers and communication devices did not start until the 1970s . The first recorded devices did not start until the 1970s . The first recorded hacking activity was in 1971 when John Draper, commonly hacking activity was in 1971 when John Draper, commonly known as "Captain Crunch," discovered that toy whistle known as "Captain Crunch," discovered that toy whistle from a cereal box can produce the precise tone of 2600 from a cereal box can produce the precise tone of 2600 hertz, needed to make free long distance phone calls [4] . hertz, needed to make free long distance phone calls [4] . With this act, "Phreaking", a cousin of hacking, entered our With this act, "Phreaking", a cousin of hacking, entered our language. language. Hacking activities started picking up pace in the 1980s. The Hacking activities started picking up pace in the 1980s. The movie “WarGames" in 1983, the science fiction watched by movie “WarGames" in 1983, the science fiction watched by millions, glamorized and popularized hacking and it is millions, glamorized and popularized hacking and it is believed by many that the movie gave rise to the hacking believed by many that the movie gave rise to the hacking phenomena. The first notable system penetration attack phenomena. The first notable system penetration attack actually started in the mid-80s with the San Francisco based actually started in the mid-80s with the San Francisco based 414-Club. The 414- Club was the first national news making 414-Club. The 414- Club was the first national news making hacker group (414 was based on a 414 Area code in hacker group (414 was based on a 414 Area code in Milwaukee, Wisconsin.)Milwaukee, Wisconsin.)


Small hacker groups started forming like the Legion of Small hacker groups started forming like the Legion of Doom in U.S.A. and the Chaos Computer Club in Doom in U.S.A. and the Chaos Computer Club in Germany. From that point on other headline making Germany. From that point on other headline making attacks from hacker groups in Australia, Germany, attacks from hacker groups in Australia, Germany, Argentina and U.S.A followed. Ever since, we have been Argentina and U.S.A followed. Ever since, we have been on a wild ride.on a wild ride.In 1984, the In 1984, the 2600: The Hacker Quarterly2600: The Hacker Quarterly, a hacker , a hacker magazinemagazine was launched and the following year, the was launched and the following year, the Electronic hacking magazine Electronic hacking magazine PhrackPhrack was founded. was founded. As the Internet grew as well as computer networks, As the Internet grew as well as computer networks, hacker activities increased greatly that in 1986 the U.S. hacker activities increased greatly that in 1986 the U.S. Congress passed the Computer Fraud and Abuse Act. Congress passed the Computer Fraud and Abuse Act. Hacker activities that had only been in U.S.A started to Hacker activities that had only been in U.S.A started to spread worldwide. spread worldwide. In 1987 the Italian hacker community launched the In 1987 the Italian hacker community launched the DecoderDecoder magazine similar to the U.S.A’s magazine similar to the U.S.A’s 2600: Hacker 2600: Hacker QuarterlyQuarterly [4]. [4].


The first headline making hacking incident that used a The first headline making hacking incident that used a virus and got national and indeed global headlines took virus and got national and indeed global headlines took place in 1988 when a Cornell graduate student created a place in 1988 when a Cornell graduate student created a computer virus that crashes 6,000 computers and computer virus that crashes 6,000 computers and effectively shut down the Internet for two days [5]. Robert effectively shut down the Internet for two days [5]. Robert Morris action forced the U.S.A government to form the Morris action forced the U.S.A government to form the federal Computer Emergency Response Team to federal Computer Emergency Response Team to investigate similar and related attacks on the nation’s investigate similar and related attacks on the nation’s computer networks. computer networks. The 1990s saw heightened hacking activities and serious The 1990s saw heightened hacking activities and serious computer network “near” meltdowns including the 1991 computer network “near” meltdowns including the 1991 expectation without incident of the "Michelangelo" virus expectation without incident of the "Michelangelo" virus that was expected to crash computers on March 6, 1992, that was expected to crash computers on March 6, 1992, the artist's 517th birthday. In 1995 the notorious, self-the artist's 517th birthday. In 1995 the notorious, self-styled hacker Kevin Mitnick was first arrested by the FBI styled hacker Kevin Mitnick was first arrested by the FBI on charges of computer fraud that involved the stealing of on charges of computer fraud that involved the stealing of thousands of credit card numbers. thousands of credit card numbers. Mitnick’s hacking activities, however, started in the mid Mitnick’s hacking activities, however, started in the mid 1980s with his secret monitoring of e-mails of officials of 1980s with his secret monitoring of e-mails of officials of companies like MCI and Digital Equipment.companies like MCI and Digital Equipment.


The year 2000 probably saw the most The year 2000 probably saw the most costly and most powerful computer costly and most powerful computer network attacks that included the network attacks that included the “Melissa”, the “Love Bug”, the “Killer “Melissa”, the “Love Bug”, the “Killer Resume”, and a number of devastating Resume”, and a number of devastating Distributed Denial of Service attacks. The Distributed Denial of Service attacks. The following year, 2001, the elusive “Code following year, 2001, the elusive “Code Red” virus was released. The future of Red” virus was released. The future of viruses is as unpredictable as the kinds of viruses is as unpredictable as the kinds of viruses themselves.viruses themselves.


Types of Computer AttacksTypes of Computer Attacks

Types of Computer Attacks:Types of Computer Attacks:– Penetration Attack TypePenetration Attack Type - -involves breaking into a involves breaking into a

system using known security vulnerabilities to gain system using known security vulnerabilities to gain access to any cyberspace resourceaccess to any cyberspace resource – –

There is steady growth of these attacks – see the CERT There is steady growth of these attacks – see the CERT Report below.Report below.

Denial of Service AttacksDenial of Service Attacks – they – they affect the affect the system through diminishing the system’s ability system through diminishing the system’s ability to function; hence, they are capable of bringing to function; hence, they are capable of bringing a system downa system down without destroying its resourceswithout destroying its resources


02000400060008000

1000012000

1988

1989

1990

1991

1992

1993

1994

1995

1996

1997

1998

2000

Years

Num

ber o

f Inc

iden

ts


Motives of AttacksMotives of Attacks

– Vendetta/Revenge Vendetta/Revenge – Joke/Hoax/Prank Joke/Hoax/Prank – The Hacker's Ethics - This is a collection of The Hacker's Ethics - This is a collection of

motives that make up the hacker character motives that make up the hacker character – Terrorism Terrorism – Political and Military Espionage Political and Military Espionage – Business ( Competition) Espionage Business ( Competition) Espionage – Hate (national origin, gender, and race)Hate (national origin, gender, and race)– Personal gain/Fame/Fun/Notoriety Personal gain/Fame/Fun/Notoriety – Ignorance Ignorance


Costs and Social ConsequencesCosts and Social Consequences

psychological effects – These depend on the attack motive and may psychological effects – These depend on the attack motive and may result in long psychological effects such as hate. Psychological result in long psychological effects such as hate. Psychological effects may lead to individual reclusion, increasing isolation, and effects may lead to individual reclusion, increasing isolation, and such trends may lead to dangerous and costly repercussions on such trends may lead to dangerous and costly repercussions on the individual, corporations and society as a whole.the individual, corporations and society as a whole. moral decay – There is a moral imperative in all our actions. moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society is moral decay. There are numerous immoral and bad by society is moral decay. There are numerous e-attacks that can cause moral decay. In fact, because of the recent e-attacks that can cause moral decay. In fact, because of the recent spree of DDoS, and email attacks, one wonders whether people spree of DDoS, and email attacks, one wonders whether people doing these acts seriously consider them as immoral and illegal doing these acts seriously consider them as immoral and illegal any more!any more!Loss of privacy – After the recent headline making e-attacks on Loss of privacy – After the recent headline making e-attacks on CNN, Ebay, E*Trade, and Amazon, and the email attacks that CNN, Ebay, E*Trade, and Amazon, and the email attacks that wrenched havoc on global computers, there is a resurgence in the wrenched havoc on global computers, there is a resurgence in the need for quick solutions to the problem that seems to have hit need for quick solutions to the problem that seems to have hit homehome

ethical and social...j.m.kizza 1 module 9: computer crimes introduction history of computer crimes...

Documents