Introduction
Computers are becoming an integral part of daily life every day and it is becoming a basic perception of our day-to-day activities extremely fast. Without a doubt, information technology has brought about profound changes to business functions. This article points out the fact that information technology has enabled increased efficiency, increased effectiveness, and an increased amount of IT-enabled processes within the personal and industrial fields. For example, payroll and health benefits processing can now be done more quickly and effectively by not only large businesses but also small businesses who utilize this technology under the context of business. (Yuan 2008)
Further, along with other variables, online recruitment centres, web-accessible training programs, and other technological reliant processes have expanded the reach of typical applications. (Zhang & Ming 2007) Now employee skills can more effectively be managed and upgraded, and potential employee bases can be expanded to allow for more diversity. These changes, among others, highlight the benefits that information technology has had on the different fields of human activities. However, increased reliance on IT is making it a point that one must continually update their knowledge about information technologies and thus may struggle to get up to speed on many widespread changes that occur over a relatively short time. (Mukherjee 2004) This is where the hackers come into play.
Background
Given an IP address, we can find a number of information about the administrator from it. For example, let us consider four IP addresses from the US:
199.252.162.251 = CON2R.NIPR.MIL
Organization Name: DoD Network Information Centre
Organization Identity: DNIC
Address: 3990 E. Broad Street, Columbus, OH
Postal Code: 43218
Country: USA
Organization Email: [email protected]
213.7.98.49 = 213-98-49.netrun.cytanet.com.cy
Network Name: CYTANET
Description: Cyprus Telecommunications Authority, Internet Service Provider
Admin-c: CM94-RIPE
Address: Cyprus Telecommunications Authority, Network Operation and Maintenance, P.O.Box
4929, Nicosia, Cyprus CY-1396
Country: CY
Phone: +357 22701711
Fax-no: +357 22701180
E-mail: [email protected]
209.76.125.28 = 209-76-125-28.ttsfo.com
Organization Name: AT&T Internet Services
Organization Identity: SIS-80
Address: 2701 N. Central Expwy 2205.15, Richardson, TX
Postal Code: 75080
Country: US
165.121.208.192 = user-2injk60.dialup.mindspring.com
Organization Name: EarthLink Inc.
Organization Identity: ERMS
Address: 1375 PEACHTREE ST LEVEL A, ATLANTA, GA
Postal Code: 30309
It is very simple to find the above information and people, like the hackers, can use this information. Nowadays it is easy for a hacker to enter into a firm and access the corporate network of the firm. They find all sorts of useful financial and other information about the firm and even manage to obtain an important password of the firm using standard technical hacking tools. Social engineering is a hacker manipulates a person taking him or her into confidence and then obtaining information from them to access a firm or system. The hacker can use psychological tricks to manipulate the legal user of a computer system and access it. (Miscaroni 2008)
The hacker’s sole goal is to obtain valuable information about a system for his benefit by committing certain frauds and intruding into the network, for industrial spying, identity thefts or simply to destroy the computer system or network. The major targets are mainly telephone companies, multinational companies, financial institutions, government and military agencies and even hospitals. A breach in a company’s security system is not just embarrassing but also hampers the firm’s reputation permanently. (Yuan 2008)
There are two levels of attacks due to social engineering, the psychological and the physical levels. Hackers first notice the physical layout of a certain firm, like the phone and work areas. They then start to communicate with the employees, exploiting them to obtain passwords or documents of importance. (Farmer 2004) Thus, it is obvious that hackers are individuals who understand the security system inside-out and can devise frameworks to find and manipulate the loopholes of the IS/IT system.
Discussion
According to Budi Arief, & Denis Besnard in their article Technical and Human Issues in Computer-Based Systems Security identification of a hacker is someone “that experiments with systems… [Hacking] are playing with systems and making them do what they were never intended to do. Breaking in and making free calls are just a small part of that. Hacking is also about freedom of speech and free access to information – being able to find out anything. There is also the David and Goliath side of it, the underdog vs. the system, and the ethic of being a folk hero, albeit a minor one” (Arief & Besnard 2005)
They also point out that hackers should be renamed as crackers, aligned with the idea of code-cracking, as according to them it would be a more relevant term to use. Budi Arief & Denis Besnard also identify the probable reasons that instigate these individuals to compel in acts such unethical as hacking. It has been estimated that a major section of the hackers indulges in this act to enjoy financial gains by the dint of stealing personal details like bank account or credit card details that would lead them to probable customers in the grey market who are willing to use this information or mine this information to their advantage. (Vasireddy 2007)
Furthermore, the hackers indulge in hacking on behalf of various companies who are willing to gain comparative advantage using this secured information of the rival companies like stocks and internal policies and strategies. But still, another aspect of hacking reveals more hazardous results. It has been found that quite a few hackers decode the security system of others just for fun and without any personal gain or interest. For these individuals, the only gain is the personal satisfaction gained by the measure of the destruction of data they instrumented. (Zia 2009)
In this context, it would be relevant to state that with the increased potential of malicious attacks on the computer and thereby on the personal lives of individuals it could be derived that the risk factors are becoming pervasive at a regular basis at a breathtaking pace. According to Budi Arief, & Denis Besnard in their article Technical and Human Issues in Computer-Based Systems Security published by Centre for Software Reliability, School of Computing Science, the University of Newcastle upon Tyne in 2005, “this vulnerability, along with our reliance on these systems, implies that it is important for us to do our best in securing them to ensure their proper functioning. It is necessary to tackle the security issues from both technical and human perspectives. From this dual standpoint, it is hoped to obtain a better understanding of how computer attacks are performed, including how to gain illicit access, the types of attacks, as well as the potential damage that they can cause.” (Arief & Besnard 2005)
In a general sense, the hackers of today are believed to be the fourth generation of mischief-makers. The first one is believed to be the pool of scientists, programmers and talented students like Richard Stallman who indulged themselves in the codes and intricate details of the computer programs and thereby invented a way out in the process.
The second generation is supposed to be formed with technological experts with radical outlook though they seldom ventured into anything else than petty law-breaking like phone bugging and soon enough they were followed by the third generation of hackers who were completely computer freaks who indulged themselves mostly into making copies of entertainment materials like games etc. the fourth generation of hackers are the real individuals of the current discussion. These people replaced games with hard cored criminal activities and to them, the concept of crime and games are blurred. (Miscaroni 2008)
In the same context, it is a much-needed trait to investigate the probable psychological and sociological factors involved within the framework of the attackers. The basic insight within the fundamental perception of the attackers would help us to reveal their work ethics, motives, taxonomy and community and thereby it would be possible to negotiate the issue in a formulated manner.
But there is a counter idea that suggests that having hackers or other systems intruders as Information Technology security guardians. The idea of having hackers or other systems intruders as Information Technology security guardians holds ground in the sense that as the hackers are in the best position to decode the existing security codes applied therefore logically enough they are the best possible individuals to impose a security system as they know the system inside out. (Simkhada 2009)
On the other hand, on the ethical ground, it is very improbable that people with such low moral outlook as hacking and illegal knowledge deportation could never be given such an important job of maintaining security where a vast amount of assets in form of information would be left open to these unethical people. As the stakes are extremely high it becomes a matter of faith whether having hackers or other systems intruders as Information Technology security guardians would be helpful or not in the context of both ethics and finance. (Podolski 2006)
There is no suspicion over the fact that the hackers are extremely capable of maintaining and implementing the security system if they want to. This is because they possess an elaborate understanding of information technology security measures and at the same time they a very much capable of following a formulated program while cracking codes. This knowledge can be harnessed if intended and it is seen in other parameters of life that when a lawbreaker is used as a person of law the result was substantially fruitful although, it is always a great stake to employ the fourth generation hackers as virtual security personnel or consultant. (Pant & Richman 2006)
Analysis
To conclude the whole topic, it would be relevant to comment that having the hackers or other systems intruders as Information Technology security guardians would be helpful or not is a subject of debate in terms of security and ethics but for the moment it would be better to take up a measure to the extent it can be dragged. The most logical move in this context would be to educate the users more on this topic so that they can withstand the problem as much they can on their own.
Other conventional measures may include the upgradation of security software of noted and reliable companies and installing them as a measurement in the form of anti-virus, firewall and checking IDS regularly. Lastly, the security administrators must be kept updated to deal with the problem. (Sabbah 2008) But these are measures to be taken however the basic debate remains in the same position and legal and ethical employment of the code crackers remains to be seen as the future development of corporate policies in alignment with ethical codes.
Conclusion
A possible risk arises when our computer connects with a network and starts to communicate and download programs. Protecting the files and the Internet account of our computer from other users who can cause harm to it is known as Internet Security. Certain security measures, which help us to protect our computer, would be making backup copies of our important data, changing file permissions now and then and assigning passwords, which only we know. The various IT systems, which are used in different businesses, view security concerns as an important aspect. Internet users need to be sure that their computers, which contain valuable information are completely secure.
Cybercriminals can cause many damages and thus, effective security measures are necessary. The professionals who handle Internet security need to be confident about certain areas like penetration testing, audit or legal compliance, incidence response and intrusion detection. However, it has been discussed that even there are disadvantages or risks involved, it is better to use individuals who actually know the loopholes of the system and thus are capable of providing adequate measures to mend those loopholes. Thus, hackers are the best guardians of IS/IT security systems.
References
Arief, B & Besnard, D. (2005) Technical and Human Issues in Computer-Based Systems Security; Web.
Farmer, D. (2004) Forensic Discovery, NY: Addison-Wesley.
Mukherjee, S. (2004) Thought Strategies and human components, Wellington: IBL & Alliance Ltd.
Podolski, V. (2006) IS Perceptions: An Approach Towards technological Intelligence, Auckland: IBL & Alliance Ltd.
Miscaroni, J. (2008) ‘Enforcing patient privacy in healthcare WSNs through key distribution algorithms’, Security and Communication Networks, vol. 1, no. 5, pp. 417-429.
Pant, H. & Richman, S. (2006) ‘Optimal availability and security for IMS-based VoIP networks’, Bell Labs Technical Journal, vol. 11, no. 3, pp. 211-223.
Sabbah, E. (2008) ‘An application-driven approach to designing secure wireless sensor networks’, Wireless Communications and Mobile Computing, vol. 8, no. 3, pp. 369-384.
Simkhada, T. (2009) ‘Combating against internet worms in large-scale networks: an autonomic signature-based solution’, Security and Communication Networks, vol. 2, no. 1, pp. 11-28.
Vasireddy, R. (2007) ‘Security posture for civilian and non-civilian networks’, Bell Labs Technical Journal, vol. 8, no. 4, pp. 187-202.
Yuan, S. (2008) ‘A secure business framework for file purchasing in vehicular networks’, Security and Communication Networks, vol. 1, no. 3, pp. 259-268.
Zia, T. (2009) Quality of security through triple key scheme in wireless sensor networks, Aus: Charles Sturt University.
Zhang, C. & Ming, Y. (2007) ‘Network routing and security: A review’, International Journal of Communication Systems, vol. 20, no. 8, pp. 909-925.