An Introduction to the Im Profession and Ethics Paper

De La S solelye University Manila An Introduction to the IM work and Ethics Paper Presented to The Faculty of the College of ready reck nonp atomic number 18ilr Studies De La University Manila In partial t unmatched Fulfillment Of the Requirements for the Degree of Bachelor of cognition of Information Systems By Changcoco, Amos Dimla, Ysabel Nicole Ramchand, Pavan Tanchuling, Bianca Denise Tibayan, Jan Michael 1. 0 COMPUTER AND INTERNET CRIME 1. 1 Types of Exploits 1. 1. 1Virus It is a bitchy code that is affiliated to a commit or possible architectural plan that fag end trim lot the files of the victims info cultivateor and reformat, red proceed or modify the files.The electronic ready reckoner figurer estimator virus is exe melt offed nonwithstanding when the file that contains the virus is opened or if the schedule with the virus is executed as well. It leaves infections as it travels from one figurer to an author(a). The cattle ranch of the virus relies on the go forrs whenever drug users would use extr roleplayable media devices, download or by e-mails. An illustration of a calculator virus would be the Pikachu virus which was the archetypal nurture processing organisation virus sended to children. It was verbalise that the virus started on June 28, 2000 from Asia or the Pacific Ocean region.The virus was an email titled, Pikachu Pokemon with the message, Pikachu is your friend. The email contained the image of the animated cartoon character, Pikachu from the TV serial publication Pokemon, with the message, Between millions of race around the innovation I prove you. Dont for necessitate to bring forward this day whatsoever time MY FRIEND. The Pikachu virus septic yet a some companies in the United States with Microsoft canisterdidate email attachments or through Microsofts Internet Explorer browser.The reason wherefore oftover a few companies were harmed and wherefore the virus was non as viral is that the virus was non coded properly and would contend the user if the virus can delete the files in the user. 1. 1. 2Worm A louse is a malicious code that is use for deliverance down the calculating machine arranging. A convolute does non infect files, however, it monopolies the computing devices CPU and operating brass and is sure as shootingfooted of deleting info and weapons platforms. It infects a figurer by finding vulnerability in an action or operating governance. A rick is self-replicating and uses a meshing to replicate itself to a nonher(prenominal) computer.It does not rely on charitable interaction for pass oning to another(prenominal) computers. An poser would be the Morris Worm or in resembling manner spotn as the Great Worm. Created by a Cornell University student named Robert Tappan Morris in the socio-economic class 1968, the Morris Worm consisted of 99 melodic lines of code. Robert Morris wanted to know how big the Internet was and make the worm to find the answer. It is noted that the creator did not moderate malicious intent in fashioning this worm however, the worm infected immense amounts of stability problems that made mevery an(prenominal) systems unusable.The damage was over 6,000 infected UNIX machines which court between $10,000,000 and $100,000,000. This caseful is an estimable predicament be intellect the creator did not view as execration intentions in making the worm except did have bad effects on closely muckle in America. This dilemma would be estimable based on the psychological egoism guess because Robert Morris acted on his selfish motive whether he should or not, which made him moral. Based on the hedonism theory, it was honest of Morris because he was precisely doing his work with go forth keen that his actions would bring upon negative effects. 1. 1. 3 fifth column HorseNamed later the trojan clam sawhorse from Troy which was use to pass across the enemys territory through a disguise, the fifth column horse is draped as something else ( much(prenominal)(prenominal) as a program or file) exactly is actu every(prenominal)y a malicious code or whitethorn contain malicious code. Similar to viruses, a Trojan horse is executed when the file with the virus is opened or the program with the malicious code is executed managewise. A Trojan horse can do from light damages such as changing the desktop and the like, to threatening damage, such as deleting files, stealing data, or activating and cattle ranch other malwargon, to the victims softw be system.Trojan horses ar besides used to build a back door in the operating system so that the hackers can vex the system. However, the Trojan horse cannot duplicate itself nor it can self-replicate. It would invite the user to spread to other computers. An example of a Trojan horse would be from the pirated version of orchard apple trees suite of softwargon, iWork. iServices was the Trojan horse part of the pirated version of iWork, which would signal the hackers that the mac is infected and the hacker has access to the system.This is an honourable dilemma because the raft who buy pirated softw argon such as the iWork do not know that at that place is a Trojan horse in the softw ar. It was wrong of the sellers to hind end a Trojan horse in the softw atomic number 18 without the consent of their customers because deontology theory states that it was not the job of the vendors to hack into the systems of their customers in the first place. Another reason why it was unethical because of the theory of altruism because the interest of others was not thought about since m whatever volume forget suffer collectible to the actions of the vendors.This is other reason why it is unethical, because of the utilitarianism, which is consequences-based. Lastly, the brotherly decoct theory states that the actions of the vendors were unethical because it is a fall uponst the law of nature to hack and permeate private property. Logic miscarry is a type of Trojan horse that is triggered only by a series of specific events such as a specific sequence of keystrokes or a change in a file. 1. 1. 4Botnets A botnet is a ne twainrk of infected computers that ar reign overled by bots.Named by and by the word zombie, a bot is a type of malware that allows an assailant to take control of an affected computer. distressing can take over the controlled computer such as get downing out spam, spread viruses, ack-ack gun computer and can even cause crime and fraud, without the proprietor knowing it. Bots are alike called computer zombie because the computer has no control over its actions since hackers are in stick of its actions. 1. 1. 5Distributed Denial-Of-Service Attacks (DDoS Attacks) A Distributed Denial-of-Service Attack is when a malicious hacker controls computers through the Internet.It is an attempt in preventing the computer owner to use entangl ement resource or machine. It is composed of one or to a greater extent pot nerve-racking to disenable a certain soldiers from beingness connected to the Internet. 1. 1. 6Rootkits The name rootkit comes from the two words root, which pertains to the point it fill outs, which would be the administrator or the source or the root, and kit because of the set of programs. A rootkit is a set of programs that enables its user to gain administrator level access to a computer without the users consent or knowledge.The owner of the rootkit is capable of executing files and changing system configurations on the conduct machine, as well as accessing log files or monitoring exercise to covertly denounce on the users computer usage. It is hard to encounter if a computer system has a rootkit malware. 1. 1. 7Spam E-mail spam is when e-mail systems send unsolicited e-mail to large song of the great unwashed. Spam mostly comes off as cheap advertisements of strange mathematical products s uch as pornography, get-rich-quick schemes and the like. Spam can also be used to deliver harmful worms or other malware. . 1. 8Phishing Phishing is an attempt to steal person-to-person identity data by tricking users into come in nurture on a wangle Web site. 1. 2Types of Perpetrators 1. 2. 1Hackers and Crackers Hackers are passel who test the limits of the system, find the holes, and check which data they could access. The knowledge that they get is actually gettable in various media, usually the internet. They are not usually considered bad but due to mevery of them who used such knowledge to cause harm to systems, the enclosure became negative.A more appropriate term for these kinds of people is actually called crackers. 1. 2. 2 venomous Insiders Malicious insiders are people who take hold dependables, work, or property through deception or trickery, also known as fraud. In other words they lie to gain. 1. 2. 3 Industrial Spies Industrial spies are people who illegit imately obtain randomness from competitors for the acquire of their sponsor. The act is called industrial espionage and the opposite which is to obtain cultivation legally is called competitive intelligence.In 1993, Opel incriminate the rival Volkswagen of industrial espionage after the causations chief of production and septette executives moved to the latter society due to missing documents. (Julian, 2011) 1. 2. 4 Cybercriminals These culprits hack to the friendships system and will do anything with the information just to gain money. virtuoso of the most famous hackers of the world is Albert Gonzalez, who used hacking to steal and resell millions of card and aura numbers in a continue of three age. He did this by struggle many systems which would eventually give him the information quested to steal the card numbers. Verini, 2010) Albert Gonzalez is in ethical dilemma because he used his skills to steal the information for money. Based on the deontological theory, it s unethical because it is not the duty of hackers to steal information. Based on hedonism at a lower place the utilitarian theory, it is ethical because he embed pleasure from the act. Social direct theory, however, makes this act unethical, and so does virtue theory. 1. 2. 5 Hacktivists and Cyberterrorists Hacktivists, bodily avow the words hacking and activist, are people who hack to promote political ideology.Cyberterrorists attack to get the attention of the government as part of their political accusings. Anonymous is one of the most famous hacktivist themes due to their bearing on various media in which members come forward wearing the Guy Fawkes mask. Their advocacy is to contend the Internet guiltyiseship and surveillance, government decadency and homophobia. This is why they attacked several government sites. (Katich, 2013) The ethical dilemma the group faces is that they use hacking skills to infiltrate the systems heretofore they belong to the side of the p eople as their objective is to make the government hear their voice.This is ethical based on deontology because it is their duty to make the government find out to them their voice. This is also ethical based on the altruistic approach as more will usefulness from their act. However, social contract theory states that it is unethical since this act has violate the law. 1. 3Laws for Prosecuting Computer Attacks 1. 3. 1Electronic Commerce comport of 2000 (RA 8792) 1. 3. 1. 1E-Commerce in Society The process of buying and market placeing intimatelys electronically by consumers and from company to company through computerized business transactions.This act has the offer of sheltering those who pursue business in electronic means through quaternate communication networks through the Internet. 1. 3. 1. 2 Elements in the Law Electronic data messages these are generally the information that is in e precise transaction of the business. Electronic document these are the type of in formation specified with text, symbols, or other modes of scripted expression yet like in nature with the electronic data messages. Electronic Signature these are any distinctive marks that O.K. a transaction which are through by a person or an entity using electronic means. . 3. 1. 3Relation to other Laws much(prenominal) laws that are affected with this are the apt Property Rights, Copy indemnifys Protection. These laws give protection to the parties regard in any business activities through electronic means. artifice is also relate as the government can pullulate you when you make accept payment illegally by disguising your site as a reliable option for payment. 1. 3. 1. 4 side in E-Commerce Censorship is very an midland peckerwood to distinguish the moralities of entanglementsites and the cooperation of companies to acknowledge said moralities.In chinaware, Googles operations created a storm of reproof when the company agreed to comply with the governments wishes and criminalise pro-democracy and other websites. In 2010, Google moved its Chinese operations to Hong Kong, putting it outside mainland Chinas surety measures recap regime. Supporters of the decision word Google shouldnt cooperate with Chinas restrictive policies, while critics say Googles withdrawal cut off millions of Chinese citizens from the companys services and weakens its forepart in one of the worlds largest markets. This case has very evident ethical issues including the move of Google to relocate its operations to Hong Kong.This made the jurisdiction of Chinas censorship form _or_ system of government not reachable so that they can use their assets more freely. These however made the citizens of China that is inside the jurisdiction of the censorship insurance policy long for their beneficial anticipate engine. If seen in Googles benefits this is a rather dandy trade for them to maximize the use of their services in a commercial domain of a function such as Hong Kong yet they couldve served the citizens so they can carry through up their temperament of improving life in the world and be consistent of the famous line Dont be iniquity.I generally disagree with their decision to relocate as they couldve followed the updated utilitarianism and give their services to those who would need them the most. Still they acted the ethical egoism to censor pro democracy sites which are chastely good to their perspective. 1. 3. 1. 5Another Example Including Google Google gathers incredible amounts of data on people who use its inquisition engine. As of 2011, the companys website states that although it repositions records of your searches as a tool to improve corporate efficiency, it renders them anonymous after nine months and deletes cookies used to track visitors after two years.Governments could use Googles information to suss out individuals visiting particular websites, however, and Google lands photo assemblage also has raised conc ealing questions In 2008, a touch sued on the thousand the online photos of their home violated their privacy, but a judge threw out the caseful the future(a) year. This case is renders insight to how Google can be of every use to our society as they can sponsor the government mate fugitives, suspects and criminals with their records of the searches of the every person using their search engines yet this leaves them to violate certain privacy issues when they abuse that kind of agent.The lawsuit of the couple may be dismissed by a judge but their lawsuit are supported by ethical theories namely the rights based theories which states that there are social contracts that should be acknowledged and that includes their right for privacy. They may be legal to store records such as the photo from their Google Earth but they should have to limit their power to exercise their duty as they are also supported by the duty based theories due to their daily or continual task of improvi ng corporate efficiency as well as giving us access to numberless knowledge. 1. 3. 2 Cybercrime measure actuate of 2012 (RA 10175) 1. . 3. 1 Preliminary nutriment 1. 3. 3. 2. 1. 1 apprise History of RA 10175 Cybercrime Prevention venture of 2012 or also known as Republic Act No. 10175 was approved on family 12, 2012. This is first law in the Philippines which specifically criminalizes computer- think crimes. The Cybercrime Prevention Act in its current form is the product of House Bill No. 5808, authored by Representative Susan Tap-Sulit of the second district of Tarlac and 36 other co-authors. The final version of the Act was later signed into law by President Benigno Aquino III on September 12, 2012. 1. 3. 2. 1. 1 Declaration of PolicyThe main objective of this Act is to protect the people from cybercrimes and also from the harmful effects associated with it. The state also aims to discern the vital roles of information and communication theory industries in the country. T he state also recognizes the need to protect and strongguard the citizens of the state, and also to protect the integrity of computers and its users. The state also wants to recognize the splendour of providing an environment conducive to the training acceleration, and rational application and exploitation of information and communications technology. . 3. 3. 2. 1 General Provisions 1. 3. 3. 2. 2. 2. 1 Punishable Acts In this Act, there are 10 guilty acts indicated in the bill, and those punishable acts each have penalties that are associated. In the next sentences, the punishable acts will be discussed briefly. Offenses against the confidentiality, integrity, and availability of computer data and systems A. Illegal Access accessing a computer or a part of a computer without any right B.Illegal Interception the interception made by the use of any technological device without any right of non-public contagion of datum to or from any computer system including electromagnetic em issions from a computer system carrying such data C. data Interference the intended or any reckless alteration, damaging, deletion or handicap of computer data, electronic document, or electronic data message, without any right including the transmission or transferring viruses into a system. One example is the ILOVEYOU message transmitted through electronic mail way back in the year 2000.D. System Interference the learned or any reckless obstructive or interference with a operate computer system, or a computer network by inputting, transmitting, damaging, deleting, deteriorating, altering, or supressing computer data or computer program without any right or bureau in doing so. E. Misuse of Devices the use of any material without any right of it. Acts like producing, manufacturing, selling, and distribution. F. Cyber-squatting the simplest way is identity theft, using some other individuals identity to gain profit or scam other people in the internet.G. Computer-related Forgery the illegal use of a computer into copy ones work, and gaining illegal access to a computer to copy the topic of a system or database. H. Computer-related Fraud the unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system. I. Computer-related Identity Theft the intentional acquisition, use, transfer, or possession of any identifying information belonging to another person, whether rude(a) of juridical. downstairs these are Cybersex and Child Pornography. J.Libel defined as a public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any acts, omission, condition, status or circumstance aid to discredit or cause the set on or contempt of a natural or juridical person affiliated through a computer system or any other similar means which may be devised in the future. The above stated are the punishable acts by the law en crushd and written in the bill, and these act s have corresponding penalties if have been proven to the court. The penalties include imprisonment or a fine of at least two hundred thousand pesos (Php. 00,000. 00) up to a maximum amount adequate to the damage incurred or both. Prison mayor is equivalent to imprisonment from 6 years and one day to twelve years. 1. 3. 3 Ethical/ clean-living Dilemmas 1. 3. 4. 2 land site A 16-year old male named pull the leg of Evans was registered on the account used for blustering(a) messages to a girl named Megan Mier. Lori draw, the mother of Sarah, a former friend Mier, later admitted creating the MySpace account. She was assisted by Sarah and Ashley Grills, an 18-year-old employee of the elder Drew.The senior Drew and several others ran the fake account, with an aim to get information about Megan and use that information against her and also for her to be humiliated. This caused spreading gossips about Megan, and thus creating a traumatic live not only for her but also to her family. 1. 3. 4. 3 Analysing using the Four major(ip) Ethical Theories A. Duty-based conjecture According to the Duty-based theory, an act is considered ethical if it has good intentions. Given the line, I can clearly state that it is not an ethical thing to do. Creating or spreading false rumours is not even shutdown to be called as a good intention.Also, gathering information about a certain person is not ethical if it will be used against or be held against to a person. Using the Duty-Based Theory, I can clearly state that the situation of gathering information of Megan is not ethical because it does not serve a good intention. B. Utilitarianism According to the Utilitarianism Theory an act is only to be considered ethical if it produces desirable consequences or outcomes. The outcome of the situation stated sooner is that the experience Megan was traumatic not only for herself, but it also affected her family.Just by smacking at this outcome, we can say that it is not also consider ed ethical in this theory, because of the outcomes that the actions of the group had caused not only their target but also the kin of other people to Megan. C. Social Contract Theory According to the social contract theory an act is considered ethical if the act does not violate any rules or laws harmonise to the Civil Code of the Philippines Persons and Family Relations, low Chapter 2 which is Human Relations the Articles 19, 20 and 21 discusses the different rights a person possesses and how a person should exercise his or her rights.Chapter 2 Article 19 presents the basic principles that are to be observed for the rightful relationship between human beings and the stability of the social order. Chapter 2 Article 20 presents that you are liable for any damage that you have caused to another person, whether wilfully or negligently. Chapter 2 Article 26 presents that right must(prenominal)iness never abused, the moment that it is abused, the moment rights are abused they ceased to right. D. truth According to the Virtue theory, the action that is considered to be ethical is when the action is came from a good moral principle.Looking to the situation, it is not an ethical thing to do because it does only harm the person involved but also the moral principles of the suspect is to be questioned. 1. 3 Trustworthy cypher 1. 4. 1 Microsofts 4 Pillars of trustworthy Computing The 4 Pillars of trustworthy work out assist identify the key elements in computing especially in an face with many employees to manage. Guidance is a key to facilitate implement a good and perpetual system such as how the pillars guide on not just Microsoft employees but users alike. 1. 4. . 1 pledge Creation of a trust worthy environment for a safe computing environment 1. 4. 2. 2 silence The protection and confidentiality of design, development and testing in any organization is essential as to be part of the competitive market today. 1. 4. 2. 3 Reliability Working as expecte d or promised by the developers and their entity 1. 4. 2. 4 Business Integrity Being accountable and transparent in you duties and expectation as part of a work force that strives to be excellent a misplay is bound to happen.Admitting a mistake is the maiden step to a growing process of learning new things to come. 1. 4. 2 attempt Assessment It is the process of assessing security related take a chances to an organizations computers and networks from both internal and external (Reynolds, 2011) A risk discernment is a process to identify strength endangerments and analyse what could happen if a hazard come to passs. (Federal Emergency Management Agency, 2013) The assessment would interpret the IT security team that they will be ready when an attack comes because of the determined risk assessment they perform. 1. 4. 1 General pledge Risk Assessment Process amount 1 target IT assets and prioritize ones that are of most importance Step 2 Identify the threats/risks that could occur Step 3 Assess the likelihood of threats Step 4 make up the concussion of each threat, how large to small is the rival if affected Step 5 Determine how each threat can be prevented/blocked Step 6 Which is the most effective bar method Step 7 Perform cost benefit analysis before taking any action Step 8 bring out the decision to implement or not to implement the decided risk saloon found through thorough investigate and development 1. 4. 3 Establishing a security policyDefines an organizations security emergencys, as well as controls and sanctions needed to spiel those requirements. (Reynolds, 2011) A good security policy can possibly improve and provide a smooth flow of operations within an organization. NIST (National form of Standards and Technology) is a non-regulatory national agency within the US incision of commerce. The computer security division creates security standards for organizations to implement in their own system. 1. 4. 4 Educating the Employees, Contractor and Part-Time Workers Surveys show that most security problems come from negligence and unawareness of the security policies.Teaching good security practices like not giving out your passwords, making sure you do not intercept in different surgical incisions. Knowing the disk operating system and DONTs of everyday computing will help guide any workplace and direct them to the good ways of being a good user. 1. 4. 5 Threat Prevention The key to a threat prevention system are layers of security systems that take exception the perpetrator to hack into the system. Firewall stands guard between an organizations internal network and the internet Intrusion Prevention Systems prevents an attack by blocking viruses, malformed packets and other threats from getting into a protected network.Antivirus parcel should be installed on each users personal computer to survey a computers disk drives and memory regularly for viruses. User accounts that go forward active after empl oyees leave cause an uncertain threat to the company, IT staff must promptly delete and make sure to wipe out all the privileges of the former employee. The US-CERT (United States Computer Emergency interlocking Team) and SANS(SysAdmin, Audit, Network,System) Institute regularly update a abridgment of the most frequent and high usurpation threats to a computer system specifically viruses and worms. . 4. 6 Security Audit An master(prenominal) prevention tool that evaluates whether an organization has a good security policy and if it is being followed. An example would be a requirement to change passwords every week or month with this in place a security for companies are much more protected compared to others without this requirement. Basically to test, check and review the systems security and look for loop holes and easy targets. 1. 4. 7 spying The preventive measures made for a computer system is not always affluent to protect important data.Intrusion detection system is a software/hardware that monitors system and network resources, notifies a system admin when an encroachment occurs Knowledge based onset system contains information about attacks and system vulnerabilities, therefore trigger an alarm (ex. Repeated login, restate data events) Behaviour based intrusion system compares users system behaviour with an admin created mystify that detects when a user is not undermentioned the required model, this would trigger an alarm. (Example Unusual activity with an account in the HR department accessing the IT departments data. 1. 4. 8 ResponseAn organization should be prepared for the worst, like a system attack that stops all operations and steals data from the company. The top priority during an attack is not to catch the perpetrator but to regain control and save what is left. Who needs to be assured? And who not to notify? Reputation and credibility is at stake in any security divulge. A company should document all details of a security breach and be able to review it after to assess and further study. Eradication of the modify/breached information is essential but before everything a log is required to keep track 1. . 9 Ethical Moral Dilemmas You are a member of a large IT security support group of a large manufacturing company. You have been rouse late at night and informed that someone has defaced your organizations website and also attempted to gain access to computer files containing a new product under development. What are your next steps? How much time would you spend tracking down the hacker? -Deontological 1. 5 References * (1999, 10). Electronic Commerce. StudyMode. com. Retrieved 10, 1999, from http//www. studymode. com/essays/Electronic-Commerce-731. tml * THE electronic COMMERCE ACT (R. A. 8792) AN OVERVIEW OF IT? S (INFORMATION TECHNOLOGY) conflict ON THE PHILIPPINE LEGAL SYSTEM(2005 006). www. ustlawreview. com/pdf/vol. L/Articles/The_Electronic_Commerce_Act_RA_8792. pdf * What Is the Difference Viruses, Worms, Trojans, and Bots? Cisco Systems. (n. d. ). Cisco Systems, Inc. Retrieved from http//www. cisco. com/web/about/security/intelligence/virus-worm-diffs. hypertext mark-up language * What Is A Rootkit? (n. d. ). Internet / Network Security Tips, Advice and Tutorials About Internet Security and Network Security.Retrieved from http//netsecurity. about. com/od/frequentlyaskedquestions/f/faq_rootkit. htm * Julian. (2011). 10 closely Notorious Acts of Corporate Espionage. Retrieved from http//www. businesspundit. com/10-most-notorious-acts-of-corporate-espionage/ * Katich, A. (2013). Anonymous (Annie Katich). Retrieved from http//socialactive. wordpress. com/2013/02/25/anonymous-annie-katich/ * Verini, J. (2010). The Great Cyberheist. Retrieved from http//www. nytimes. com/2010/11/14/ cartridge clip/14Hacker-t. html/