Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6:! Computer and Network Security Ethics for the Information Age Third Edition by Michael J. Quinn1-2 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-2 Chapter Overview • Introduction • Viruses, worms, and Trojan horses • Phreaks and hackers • Denial-of-service attacks • Online voting1-3 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-3 Introduction • Computers getting faster and less expensive • Utility of computers increasing – Email – Web surfing – Shopping – Managing personal information • Increasing use of computers → growing importance of computer security1-4 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-4 Viruses (1/2) • Virus: piece of self-replicating code embedded within another program (host) • Viruses associated with program files – Hard disks, floppy disks, CD-ROMS – Email attachments • How viruses spread – Diskettes or CDs – Email – Files downloaded from Internet1-5 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-5 Viruses (2/2) • Well-known viruses – Brain – Michelangelo – Melissa – Love Bug • Viruses today – Commercial antivirus software – Few people keep up-to-date1-6 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-6 Worms • Worm – Self-contained program – Spreads through a computer network – Exploits security holes in networked computers • Famous worms – WANK – Code Red – Sapphire (Slammer) – Blaster – Sasser1-7 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-7 The Internet Worm • Robert Tappan Morris, Jr. – Graduate student at Cornell – Released worm onto Internet from MIT computer • Effect of worm – Spread to 6,000 Unix computers – Infected computers kept crashing or became unresponsive – Took a day for fixes to be published • Impact on Morris – Suspended from Cornell – 3 years’ probation + 400 hours community service – $150,000 in legal fees and fines1-8 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-8 Ethical Evaluation • Kantian evaluation – Morris used others by gaining access to their computers without permission • Social contract theory evaluation – Morris violated property rights of organizations • Utilitarian evaluation – Benefits: Organizations learned of security flaws – Harms: Time spent by those fighting worm, unavailable computers, disrupted network traffic, Morris’s punishments • Morris was wrong to have released the Internet worm1-9 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-9 Trojan Horses • Trojan horse: program with benign capability that masks a sinister purpose • Remote access Trojan: Trojan horse that gives attack access to victim’s computer – Back Orifice – SubSeven • RAT servers often found within files downloaded from erotica/porn Usenet sites1-10 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-10 Bot Networks • Bot: A software program that responds to commands from a program on another computer • Some bots support legitimate activities – Internet Relay Chat – Multiplayer Internet games • Other bots support illegitimate activities – Distributing spam – Collecting person information for ID theft – Distributed denial-of-service attacks1-11 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-11 Defensive Measures • System administrators play key role • Authorization: determining that a user has permission to perform a particular action • Authentication: determining that people are who they claim to be • Firewall: a computer monitoring packets entering and leaving a local area network1-12 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-12 Hackers (1/2) • Original meaning – Explorer – Risk-taker – Technical virtuoso • Hacker ethic – Hands-on imperative – Free exchange of information – Mistrust of authority – Value skill above all else – Optimistic view of technology1-13 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-13 Hackers (2/2) • Meaning of “hacker” changed – Movie WarGames – Teenagers accessing corporate or government computers • Dumpster diving • Social engineering – Malicious acts • Destroying databases • Stealing confidential personal information1-14 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-14 Phone Phreaking • Phone phreak: someone who manipulates phone system to make free calls • Most popular methods – Steal long-distance telephone access codes – Guess long-distance telephone access codes – Use a “blue box” to get free access to long-distance lines • Access codes posted on “pirate boards”1-15 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-15 The Cuckoo’s Egg • Clifford Stoll: system administrator at Lawrence Berkeley Laboratory • Tracked accounting error, discovered unauthorized user • Hacker was accessing military computers • FBI, CIA, NSA, AFOSI, DIA joined search • Trail led to group of West German hackers1-16 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-16 Legion of Doom • Elite group of hackers/phreaks recruited by “Lex Luthor” • LOD member Robert Riggs copied E911 Document from a Bell South Computer • Craig Neidorf published edited E911 Document in his BBS magazine, Phrack1-17 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6-17 U.S. v. Riggs • Riggs and Neidorf arrested – Charged with wire fraud – Interstate transportation of stolen property valued at $79,449 – Computer fraud • Riggs pleaded guilty to wire fraud; went to federal prison • Neidorf pleaded not guilty – Defense showed similar info being sold for < $25 – Prosecution moved to