Abstract
The research will mainly focus on existing computer crimes, and some of the ethical issues that should be taken into concern in information technology. Hacking as one of the ethical issues will be broadly looked at some of the topics about hacking will include; hacking methods, hacking vulnerabilities i.e. weaknesses exhibited in systems that make it easy for hackers gain access to a system, information contained in government websites and lastly the research will look at why at times hacking is viewed as a just practice and a right to people.
Introduction
The environment has direct influence on the personality and behaviors of individuals. In the past, the environment consisted of family, friends and the local community members. However, the environment has considerably changed after the invention of the internet, because globally many people have access to the internet and the use of internet make individuals establish contacts with new people from diverse backgrounds and culture. There exists a relation between new environment and the human personality or behavior, for example some people use technology for learning purposes, some for work or business while others use it for pleasure. There are some individuals or groups who use the internet for illegal purposes; this may involve obtaining sensitive information without permission and downloading of files or programs without permission. Computer crimes refers to the use of the computer system or the internet to commit criminal activities
Computer Crimes
A computer crime is an unlawful act done via a computer or a network and some of the habitual crimes that may be involved include; racket, theft, blackmail, falsification, and misappropriation of funds. The illegal activities take place when an unauthorized user gains access to a computer system, unlawfully intercepts data being transmitted by a computer, interferes with data, or interferes with the system (Bishop: 2005, p. 109).
Computer crimes can be divided into two categories; crimes that directly target computer devices or networks and crimes that are facilitated by computer networks or devices. Mean code, denial of service (DNA) and system viruses are examples of unlawful actions that aim computer networks. Crimes that use computers or networks include; cyber talking, theft, drug trafficking etc (Bishop: 2005, p. 103).
Some of the precise computer crimes include; spam which refers to the sending of mass mail messages for marketable purposes, fraud which may be defined by many activities; the altering of computer information in an unauthorized way, changing or damaging output with the aim of hiding unauthorized transactions, changing or deleting stored data, and writing code for fraud purposes, another computer crime is the obscene content, harassment whereby the content used may be offend to the user, drug trafficking whereby the transactions between the drug traffickers may take place via the internet, the last crime likely to take place is cyber terrorism which is defined as the act of terrorism that is committed through computer networks (Maxine: 1994, p. 72).
Ethics in computing
Computer ethics refers to a dissection of practical idea which deals with how computing professionals should make decisions concerning professional and social conduct. Computer ethics is the examination of the life and public force of computer technology and the subsequent formulation and explanation of policies for the ethical use of such technology.
Since the introduction of computers there are some ethical dilemmas that have raised an example of such a dilemma is hacking which will be explained later in the research paper. Some of the ethical issues in computing include; safe storage and recovery of information i.e. how should data in a large database be protected, software piracy the question that arise from software piracy is if it is morally right to replicate music or software, use of the internet as an instrument for abuse e.g. spreading pornography and lastly values promoted via the internet for example the internet can be used as a means to support democracy (Best, Picquet: 1996, p. 137).
Hacking
Hacking is one of the ethical issues that this research paper will cover broadly. Hacking is the unlawful use of a computer and networked resources. Hacking is considered to be unlawful and is only supposed to be implemented when an organization needs an ethical hacker to access its information. Hacking mostly occurs when there is the existence of vulnerabilities; examples of vulnerabilities are; condensed plan of Web servers, use of inappropriate software, disabled guard controls, and choosing of inferior passwords (Best, Picquet: 1996, p. 140).
Hacking as an activity has gained fame via the media this is through hacker magazines which publish hackers credentials, fame and there achievements, fiction books, and also non-fictional and fictional movies. A Hacker can be grouped into various categories depending on his activities, the various categories include; white hat who is a hacker who gains entry in to computer systems without any malevolent intentions his main aim is to learn more about computer systems such hackers end up being security system consultants for organizations, grey hat hacker who is a hacker that has uncertain ethics, black hat hacker who is a hacker who gains access in a system without authorization with his main aim being to maliciously damage users information, Cyber terrorist uses his skills to carry out acts of terrorism, script Kiddie who is a hacker who is not an expert but accesses systems using packaged programs written by other hackers and lastly a hacktivist who is a hacker who spreads political messages via the use of technology (Best, Picquet: 1996, p. 153).
Hacking methods
The whole process of hacking involves three processes; one of process is network enumeration and in this process the hacker gathers information about the device he plans to attack, Vulnerability analysis is the other process and at this stage the hacker identifies the means he will use to attack, the last process is the exploitation process and in this process the hacker attacks a system by using the vulnerabilities found in the vulnerability analysis stage. There exist a number of apparatus and techniques that are used by hackers to exercise the art of hacking, the tools and techniques include; security utilize which is a function that is all set and its main purpose is to take benefit over a known flaw, vulnerability scanner is a tool that checks for computer known weaknesses in a network, port scanners are also used which check which ports on a specified computer are open and available for access, Packet sniffer is used to capture data packets that capture passwords and data in a network, spoofing attack is a technique which involves a program masking itself as another by falsifying data with the intention of convincing users or systems in to enlightening secret information, roolkit is used with the projected use of hiding the recognition of a system security, social technology is the technique of convincing users to give out important information about a system this is mainly achieved by impersofinication whereby a hacker pretends to be someone else, A Trojan horse which is a program that seems to be doing one thing, but is actually doing another can be used to set up a back door in a computer system such that the impostor can gain access later, A virus which is a program that replicates itself and spreads by inserting copies of itself into other programs or documents, a worm also replicates itself but it differs from a virus in the sense that it penetrates system networks a user interference, A Keylogger is the last tool used it records each keystroke on an affected for later retrieval its main aim is obtaining confidential information that typed on the affected machine(Maxine: 1994, p. 63).
Hacking vulnerabilities
Websites are generally hacked due to existing vulnerabilities below we will look at the existing attacks that make websites vulnerable to attacks by hackers the vulnerabilities include.
Cross site scripting: It happens when a users program sends data to a web browser without first encrypting the substance. This gives hackers the opportunity to carry out mean code in a browser that lets them take control over user sessions, add unfriendly substance and carry out malware attacks. One of the options to protect a user from such attacks is through the use of a white list, a white list is used to confirm all arriving data, and any data that is not specified in the whitelist is discarded because it is regarded as being bad data (Best, Picquet: 1996, p92).
Injection flaws: This problem occurs when users’ data is sent to interpreters as either a control or a query, hackers’ ploy the interpreter with insertion flaws which permit the hacker to build, comprehend, revise or erase any data offered for the application. The only way to protect a user from this attack is by avoiding the use of an interpreter and if it is a must then safe application programming interfaces (API).
Malicious file execution: This problem occurs when web applications admit filenames or files from users which enable attackers to carry out remote program implementation, remote setting up of programs or entirely compromise a system. One way of protecting users from this vulnerability is by avoiding the use of input provided by users as filename for server based assets also firewalls policies should be set up to avoid new links to external websites(Bishop: 2005, p92).
Insecure direct object reference: The problem occurs when hackers maneuver straight object references to obtain un permitted entry to other objects, mostly happens when uniform resource locaters hold references to objects like files, database records or keys, a hacker can attack by searching for a valid key and expose information on the Web interface. This vulnerability is protected by the use of an index or reference map to evade revealing direct object references, the other way is to authorize users visiting the site.
Cross site request forgery: The attack takes power of affected web browser when logged in the site and transmits wicked program to the web application, websites are vulnerable to such an attack because they allow requests based on session cookies. One way of protecting the users from such an attack is to avoid the dependence on identifications that are submitted mechanically by Web browsers (Bishop: 2005, p. 105).
Information leakage: Error posts that are displayed by web applications to users offer information to hackers about program design and inner mechanism, hackers then use this information to initiate an attack. To protect an application from such an attack will entail the use of a testing tool to investigate the errors generated by an application; applications that are not tested will not produce error posts.
Broken authentication and session management: client and managerial accounts are attacked when web applications fail to guard qualifications and sessions, the problem occurs when the authentication system is rare, weaknesses are introduced through authentication procedures such as log out, password, remember me, and account update. Qualifications should be kept in an encrypted format and also users should avoid using convention cookies for authentication or session administration (Maxine: 1994, p. 86).
Insecure cryptographic storage: This problem occurs when web programmers do not encrypt sensitive data, or poorly plan the web encryption process, these failures lead to the revelation of sensitive data. The only way to protect websites from such attacks is through the use of standard public algorithms for encryption.
Insecure communications: Occurs when network traffic is not encrypted. Hackers can gain entry to non defended communications which include transmissions of qualifications and secretive information. To protect websites from such an attack, there should be use of legitimate link during the broadcast of perceptive data, and also use appropriate protocols to protect communications between networked resources such as servers and databases (Maxine: 1994, p. 45).
Failure to restrict Uniform resource locater access: This vulnerability occurs when web pages do not limit a small division of restricted users. Hackers use a method known as forced browsing which involves the process of guessing links and brute power techniques to find unguarded web pages. To guard users, guard all uniform resource locaters with an efficient admission control method that will validate the user’s task and privileges.
Hacking government Web sites
There some other areas that hacking is considered to be right and just even though most governments consider the art as being illegal. There are some reasons that make it difficult to burn the use of hacking programs, they include; use of a hacking tool such as a port scanner can help a network administrator identify vulnerable ports and protect them, password recovery tools can also be used to acquire an old password incase a user loses one, by governments restricting the use of hacking tools by its residents wont do it good because other this may not protect its citizens from hackers from other countries, businesses should be given an opportunity to use hacking tools to protect themselves from hackers, another reason for using hacking tools is the purpose of education students should be allowed to use hacking tools so that they can effectively learn how to use them for effective purposes (Best, Picquet: 1996, p142).
Information contained in government Websites
There exist a collection of information contained in government websites such information include;
Links to Government Websites: Government websites contains links to other government websites that are publicly available; the other governments may direct that there website not to be made public. It is considered just and right for country citizens to have information about there government operations and though hacking may be considered as un ethical it may be used to provide information to citizens which is there right and assists them in practicing justice. Government websites also offers links to non-government websites which offer government information that is not available on the official website. By hacking government sites information that may be hidden in the non government sites because it is considered confidential is made available to the citizens (Best, Picquet: 1996, p. 153).
Government sites also contain links of particular attention to citizens by momentarily posting them in a spot of distinction on the site. Some of the links may consist of: reports events, news, or other items of interest to the citizens. Hacking in to government websites not only provides concealed sensitive government information to the public, but it also enables hackers to spread information to the entire public regarding a particular topic for example hackers can hack in to a government website and post a message that prohibits homosexuality so that the whole public can have a view of the message and learn the consequences of supporting such an act, at this point hacking is considered to be right and the hackers are seen to be practicing justice (Maxine: 1994, p. 52).
Hacking can also be rightly used for counter terrorism acts which are considered to be right and just, for example an Indian group known as Indian cyber warriors alleged Pakistan for recent event of terrorism in Mumbai and termed it as one of the reasons for hacking into Pakistani government sites another reason was to revenge the act of hacking that was being practiced by a group naming itself as Pakistan cyber army on the Indian government websites (Bishop: 2005, p109).Another right and just reason for hacking will be convey messages to warn governments against participating in illegal activities such as supporting and funding terrorists.
Conclusion
The research first started by looking at various computer crimes that are practiced via the network some of the crimes looked at include; racket, theft, blackmail, falsification, and misappropriation of funds. The illegal activities take place when an unauthorized user gains access to a computer system, unlawfully intercepts data being transmitted by a computer, interferes with data, or interferes with the system. The research also categorized the computer crimes into two categories; crimes that directly target computer devices or networks and crimes that are facilitated by computer networks or devices. The next topic the research covered was ethics in computing and some of the ethical dilemmas mentioned included; Some of the ethical issues in computing include; safe storage and recovery of information i.e. how should data in a large database be protected, software piracy the question that arise from software piracy is if it is morally right to replicate music or software, use of the internet as an instrument for abuse. Later on the research narrowed down on one of the computer crimes which was Hacking, it defined Hacking as the unlawful use of a computer and networked resources, hacking methods were broadly looked. Hackers attack a system by first discovering a system vulnerability, the research looked at some of the vulnerabilities which were; Cross site scripting, Injection flaws, Malicious file execution, Insecure direct object reference, Cross site request forgery, Information leakage, Broken authentication and session management, Insecure cryptographic storage, Insecure communications and Failure to restrict Uniform resource locater access. The research further narrowed down on website security by looking at information that can be unlawfully accessed by hackers from a website, focus was then later on drawn to government websites where the research talked about why some hackers consider it to be just and right for them to hack in to Government websites.
References
- Bishop, M. (2005). Introduction to computer security.Publication: Boston: Addison-Wesley pp. 103-110.
- Best, Reba A., and D. Cheryn Picquet (1996). Computer crime, abuse, liability, and security: Jefferson, N.C., McFarland, pp. 136-155.
- MacCafferty, Maxine. (1994) Computer security. London, Aslib.pp. 43-91.