INFORMATION TECHNOLOGY LAW AND
ETHICS
Courtesy: Computer Science
Department
CSC 225 / CSC
Prof. O. Folorunso
Mrs. C.O Tinubu
1
COURSE OUTLINE
• Proliferation of Computers in our World: Computers and the Business
World, Computers and Health, Computers and Education, Computers and
e-Government
• Ethics and Professionalism
• Regulatory Approaches to Information Technology
• Cyber Crimes
• Intellectual Property Rights
Recommended text book: Ethics In Information Technology, Fourth
Edition. George W. Reynolds
2
LEARNING OUTCOMES
Upon successful completion of this course, you should be able to:
1. Discuss the ethical issues related to Information Technology
2. Discuss the principles of intellectual property and issues related to
the infringement of intellectual property.
3. Identify major national and international laws relating to
Information Technology
3
•
Information Technology (IT) is an umbrella term that covers a vast array
of computer disciplines that permit organizations to manage their
information resources.
•
•
Information Technology (IT) can be defined as the use of systems
(especially computers and telecommunications) for storing, retrieving,
processing and sending information.
IT is beneficial to many domains, such as Education, Health, Business,
Governance, etc.
Discuss the roles of IT in various domains.
Impact of Information Technology in the Workplace
1.
2.
3.
4.
5.
Creation of new business models, products and services
enhances communication with customers, vendors and other business
partners
increases sales
improves productivity
efficiency of operations:
• Telecommuting enables work from home option
• Organizations can use the best and most cost-effective human resources in a large
geographical region
6.
Job deskilling: occurs when skilled labor is eliminated due to high
technology.
Information Technology (IT) Laws
Laws are rules and regulations governing the behaviors and operations of
people in the society.
• Information Technology law (also called cyberlaw) concerns the laws of
Information Technology, including computing and the internet.
•
IT law consists of the laws (statutes, regulations, and caselaw) which
governs the digital dissemination of both information and software itself,
and legal aspects of information technology more broadly.
• IT law covers mainly the digital information (including information
security and electronic commerce). It raises specific issues of intellectual
property in computing and online, privacy, freedom of expression and
jurisdiction.
•
6
What is Ethics?
•
Ethics is a set of beliefs about right and wrong behaviors within a society.
Ethical behavior conforms to generally accepted norms, many of which are
almost universal. However, although nearly everyone would agree that lying
and cheating are unethical, opinions about what constitutes ethical behavior
often vary dramatically. For example, attitudes toward software piracy that is,
the practice of illegally making copies of software or enabling others to
access software to which they are not entitled- range from strong opposition
to acceptance of the practice as a standard approach to conducting business.
7
Ethical Issues of Information Technologies
•
Information Technology Ethics is the field that investigates the ethical issues
arising from the development and application of information technologies.
•
Information Technology offers opportunities for unethical behaviors due to
ease of collecting and disseminating information.
This leads to increase of cybercrime, cyberfraud, identity theft and
intellectual property theft
•
Organizations can reduce unethical behavior of employees by developing
and enforcing codes of ethics.
The Difference between Morals, Ethics, and Laws
Morals are one’s personal beliefs about what is right and wrong.
• Ethics describes standards or codes of behavior expected of an individual
by a group (nation, organization, profession) to which an individual belongs.
• Law is a system of rules that tells us what we can and cannot do. Laws are
enforced by a set of institutions (the police, courts, law-making bodies).
•
Legal acts are acts that conform to the law. Moral acts conform to what an
individual believes to be the right thing to do.
9
A code of ethics is a statement that highlights an organization’s key ethical
issues and identifies the overarching values and principles that are important
to the organization and its decision making.
• The code frequently includes a set of formal, written statements about the
purpose of the organization, its values, and the principles that should guide
its employees’ actions. An organization’s code of ethics applies to its
directors, officers and employees.
• The code of ethics focuses employees on areas of ethical risk relating to
their role in the organization, offers guidance to help them recognize and
deal with ethical issues, and provides mechanisms for reporting unethical
conduct and fostering a culture of honesty and accountability within the
organization.
• The code of ethics helps ensure that employees abide by the law, follow
necessary regulations and behave in an ethical manner.
•
10
11
Four common approaches to ethical decision making
Philosophers have developed many approaches to aid in ethical decision
making. Four of the most common approaches are:
1. Virtue ethics approach: The ethical choice best reflects moral virtues in
yourself and your community.
Virtue ethics approach to decision making focuses on how you should behave
and think about relationships if you are concerned with your daily life in a
community.
It does not define a formula for ethical decision making, but suggests that
when faced with a complex ethical dilemma, people do either what they are
most comfortable doing or what they think a person they admire would do.
12
2. Utilitarian approach: The ethical choice produces the greatest excess of
benefits over harm. The utilitarian approach to ethical decision making states
that you should choose the action or policy that has the best overall
consequences for all people who are directly or indirectly affected.
The goal is to find the single greatest good by balancing the interests of all
affected parties.
3. Fairness approach: The ethical choice treats everyone the same and shows
no favoritism or discrimination. The fairness approach focuses on how fairly
actions and policies distribute benefits and burdens among people affected by
the decision. The guiding principle of this approach is to treat all people the
same. However, decisions made with this approach can be influenced by
personal bias toward a particular group, and the decision makers may not even
realize their bias.
13
4. Common good approach: The ethical choice advances the common good.
The common good approach to decision making is based on a vision of
society as a community whose members work together to achieve a common
set of values and goals.
Decisions and policies that use this approach attempt to implement social
systems, institutions, and environments that everyone depends on and that
benefit all people. Examples include an effective education system, a safe and
efficient transportation system, and accessible and affordable health care.
14
INFORMATION TECHNOLOGY LAW AND
ETHICS
CSC 225 / CSC
Prof. O. Folorunso
Mrs. C.O Tinubu
1
Four common approaches to ethical decision making
Philosophers have developed many approaches to aid in ethical decision
making. Four of the most common approaches are:
1. Virtue ethics approach: The ethical choice best reflects moral virtues in
yourself and your community.
Virtue ethics approach to decision making focuses on how you should behave
and think about relationships if you are concerned with your daily life in a
community.
It does not define a formula for ethical decision making, but suggests that
when faced with a complex ethical dilemma, people do either what they are
most comfortable doing or what they think a person they admire would do.
2
2. Utilitarian approach: The ethical choice produces the greatest excess of
benefits over harm. The utilitarian approach to ethical decision making states
that you should choose the action or policy that has the best overall
consequences for all people who are directly or indirectly affected.
The goal is to find the single greatest good by balancing the interests of all
affected parties.
3. Fairness approach: The ethical choice treats everyone the same and shows
no favoritism or discrimination. The fairness approach focuses on how fairly
actions and policies distribute benefits and burdens among people affected by
the decision. The guiding principle of this approach is to treat all people the
same. However, decisions made with this approach can be influenced by
personal bias toward a particular group, and the decision makers may not even
realize their bias.
3
4. Common good approach: The ethical choice advances the common good.
The common good approach to decision making is based on a vision of
society as a community whose members work together to achieve a common
set of values and goals.
Decisions and policies that use this approach attempt to implement social
systems, institutions, and environments that everyone depends on and that
benefit all people. Examples include an effective education system, a safe and
efficient transportation system, and accessible and affordable health care.
4
Regulatory Approaches to Information Technology
Generally, three approaches have been taken by countries to address
convergence:
(i) a legislative approach;
(ii) a regulatory approach; and
(iii) a self-regulation approach.
Each of the approaches presents advantages and disadvantages, but no one
approach results in an optimal solution. In general, countries see more
effective results when several approaches, especially the legislative and the
regulatory ones, are combined.
5
i. Legislative Approach: The legislative approach involves developing
legislation that responds to convergence, either in the immediate term or in
anticipation of convergence trends.
Legislative solutions define new laws or create new regulatory frameworks to
respond to convergence and guide future policy direction.
This can be done by developing and implementing a reform of the entire legal
framework for telecommunications or by amendments to existing laws.
ii. Regulatory Approach: Under the regulatory approach, countries modify
existing regulations or institute new regulations to address new technologies
rather than developing new legislation to address convergence. The regulatory
approach can be a practical way of addressing convergence. This approach,
however, must be carefully managed to minimize inconsistencies between new
and existing rules.
6
Most often, the regulatory approach is used by policymakers in conjunction
with the legislative approach. This complementary mix allows governments
to establish new legal frameworks to address convergence while dealing with
its specific effects through regulation.
iii. Self-Regulation Process: The self-regulation process consists of
developing and designing convergence policy through an ad-hoc or existing
consultative body. This body typically is composed of several government
agencies, industry representatives, and other interested parties.
7
Jurisdiction Content Liability
•
•
Internet liability is becoming extremely important for all businesses. The way
we do business has changed drastically over the past decades. Doing business
now requires companies to have websites, Facebook pages, LinkedIn
accounts and blogs. All of these examples leave a company at risk for data
breaches and content liability. Content liability could be useful in resolving
and fixing content that could cause harm to the image of a company.
The internet has opened up a new forum for business to be weary of. The
openness of the internet means that some users may post content or engage
in activity that is unlawful or otherwise offensive.
8
•
Jurisdiction Content Liability is the different laws governing the legality of
an internet content and the approach of resolving them. There is no
uniform, international jurisdictional law of universal application regarding
internet contents, and such may result into conflict of laws. An example
would be where the contents of a web site are legal in one country and
illegal in another. In the absence of a uniform jurisdictional code, legal
practitioners are generally left with a conflict of law issue.
9
Internet Filtering
•
•
•
•
An Internet filter is software that can be used to block access to certain web
sites that contain material deemed inappropriate or offensive.
The best Internet filters use a combination of URL, keyword, and dynamic
content filtering.
With URL filtering, a particular URL or domain name is identified as
belonging to an objectionable site, and the user is not allowed access to it.
Keyword filtering uses keywords or phrases- such as sex, Satan, and
gambling- to block Web sites. With dynamic content filtering, each web site’s
content is evaluated immediately before it is displayed, using such techniques
as object analysis and image recognition. Organizations may direct their
network administrators to install filters on employees’ computers to prevent
them from viewing sites that contain pornography or other objectionable
materials.
10
•
Another approach to restricting access to web sites is to subscribe to an
Internet service provider (ISP) that performs the blocking. The blocking
occurs through the ISP’s server rather than via software loaded onto each
user’s computer.
Anonymity on the Internet
• Anonymous expression is the expression of opinions by people who do not
reveal their identity.
• The freedom to express an opinion without fear of reprisal is an important
right of a democratic society. Anonymity is even more important in
countries that don’t allow free speech.
• However, in the wrong hands, anonymous communication can be used as a
tool to commit illegal or unethical activities.
11
Defamation and Hate Speech
• In the United States, speech that is merely annoying, critical, demeaning,
or offensive enjoys protection under the First Amendment. Legal
recourse is possible only when hate speech turns into clear threats and
intimidation against specific citizens. Persistent or malicious harassment
aimed at a specific person can be prosecuted under the law, but general,
broad statements expressing hatred of an ethnic, racial, or religious
group cannot. A threatening private message sent over the Internet to a
person, a public message displayed on a Web site describing intent to
commit acts of hate-motivated violence at specific individuals, and libel
directed at a particular person are all actions that can be prosecuted.
12
Privacy and Data protection
The use of information technology in business requires balancing the needs of
those who use the information that is collected against the rights and desires of
the people whose information is being used.
Information privacy
• The concept of privacy that is particularly useful in discussing the impact of
IT on privacy is the term information privacy, first coined by Roger Clarke,
director of the Australian Privacy Foundation.
• Information privacy is the combination of communications privacy (the
ability to communicate with others without those communications being
monitored by other persons or organizations) and data privacy (the ability to
limit access to one’s personal data by other individuals and organizations in
order to exercise a substantial degree of control over that data and its use).
13
Data Collection on the Web
• Due to the increase in online shopping, personal details of individuals are
prone to misuse
There arises the issue of personal information being sold to telemarketing
firms resulting in spam.
• Information provided on the Web can be combined with other information
and technologies to produce new information.
Technologies Used for Data Collection includes:
1. Cookies: Small text files with unique ID tags that are embedded in a web
browser and saved on the user’s hard drive.
Help websites customize pages for users
• Considered an invasion of privacy when users’ information is used without prior
consent
• Installing a cookie manager helps users disable cookies
•
2. Log files: Generated by web server software, records a user’s actions on a
website.
INFORMATION TECHNOLOGY LAW AND
ETHICS
CSC 225 / CSC
Prof. O. Folorunso
Mrs. C.O Tinubu
1
Intellectual Property
•
Intellectual Property is a term used to describe works of the mind, such as
art, books, films, formulas, inventions, music, and processes- that are
distinct, and owned or created by a single person or group.
•
Intellectual property is protected through copyrights, patents, trademarks
and trade secret laws.
2
•
•
Copyright law protects authored works, such as art, books, film, and
music; patent law protects inventions (new processes); trademark
protects names and identifying marks and trade secret law helps
safeguard information that is critical to an organization’s success.
Together, copyright, patent, and trade secret legislation forms a
complex body of law that addresses the ownership of intellectual
property. Such laws can also present potential ethical problems for IT
companies and users. For example, some innovators believe that
copyrights, patents, and trade secrets stifle creativity by making it
harder to build on the ideas of others. Meanwhile, the owners of
intellectual property want to control and receive compensation for the
use of their intellectual property.
3
Advantages of Patent laws to organizations
• Generates revenue by licensing the patent
• Attracts funding for research and development
• Keeps competitors from entering certain market segments
Assignment:
• What is Software Piracy?
• Discuss any two (2) laws covering Software Piracy
4
Protection of Intellectual property
1. Copyrights
•
•
•
A copyright is the exclusive right to distribute, display, perform, or
reproduce an original work in copies or to prepare derivative works based
on the work.
Copyright protection is granted to the creators of original works of
authorship in any tangible medium of expression, now known or later
developed, from which they can be perceived, reproduced, or otherwise
communicated, either directly or with the aid of a machine or device.
The author may grant this exclusive right to others. As new forms of
expression develop, they can be awarded copyright protection.
5
Copyright infringement is a violation of the rights secured by the owner of a
copyright. Infringement occurs when someone copies a substantial and
material part of another’s copyrighted work without permission.
Digital Copyright Laws
• Copyright law guarantees developers the rights to their works for a certain
amount of time.
Fair Use Doctrine
• Copyright law tries to strike a balance between protecting an author’s rights
and enabling public access to copyrighted works. The fair use doctrine was
developed over the years as courts worked to maintain that balance. The fair
use doctrine allows portions of copy righted materials to be used without
permission under certain circumstances.
•
6
Software Copyright Protection
• The use of copyrights to protect computer software raises many
complicated issues of interpretation. For example, a software manufacturer
can observe the operation of a competitor’s copyrighted program and then
create a program that accomplishes the same result and performs in the
same manner. To prove infringement, the copyright holder must show a
striking resemblance between its software and the new software that could
be explained only by copying. However, if the new software’s manufacturer
can establish that it developed the program on its own, without any
knowledge of the existing program, there is no infringement.
•
For example, two software manufacturers could conceivably develop
separate programs for a simple game without infringing the other’s
copyright.
7
2. Patents
•
•
A patent is a grant of a property right issued by the United States Patent and
Trademark Office (USPTO) to an inventor. A patent permits its owner to
exclude the public from making, using, or selling a protected invention, and
it allows for legal action against violators. Unlike a copyright, a patent
prevents independent creation as well as copying.
Even if someone else invents the same item independently and with no prior
knowledge of the patent holder’s invention, the second inventor is excluded
from using the patented device without permission of the original patent
holder. The rights of the patent are valid only in the United States and its
territories and possessions.
8
3. Trademark
A trademark is a logo, package design, phrase, sound, or word that enables a
consumer to differentiate one company’s products from another’s.
Consumers often cannot examine goods or services to determine their quality
or source, so instead they rely on the labels attached to the products.
Trademark law gives the trademark’s owner the right to prevent others from
using the same mark or a confusingly similar mark on a product’s label. The
United States has a federal system that stores trademark information;
merchants can consult this information to avoid adopting marks that have
already been taken.
9
Examples of Trademarks
10
4. Trade Secrets
•
•
•
A trade secret can be defined as business information that represents
something of economic value, has required effort or cost to develop, has
some degree of uniqueness or novelty, is generally unknown to the public,
and is kept confidential.
Trade secret protection begins by identifying all the information that must
be protected- from undisclosed patent applications to market research and
business plans- and developing a comprehensive strategy for keeping the
information secure.
Trade secret law protects only against the misappropriation of trade secrets.
If competitors come up with the same idea on their own, it is not
misappropriation; in other words, the law doesn’t prevent someone from
using the same idea if it was developed independently.
11
Trade secret law has several key advantages over the use of patents and
copyrights in protecting companies from losing control of their intellectual
property, as summarized in the following list:
• There are no time limitations on the protection of trade secrets, as there are
with patents and copyrights.
• There is no need to file an application, make disclosures to any person or
agency, or disclose a trade secret to outsiders to gain protection. (After the
USPTO issues a patent, competitors can obtain a detailed description of it.)
• While patents can be ruled invalid by the courts, meaning that the affected
inventions no longer have patent protection, this risk does not exist for trade
Secrets.
• No filing or application fees are required to protect a trade secret.
12
Key Intellectual Property Issues
This section discusses several issues that apply to intellectual property and
information technology, including plagiarism, reverse engineering, open source
code, competitive intelligence, and cybersquatting.
1. Plagiarism
• Plagiarism is the act of stealing someone’s ideas or words and passing them
off as one’s own. The explosion of electronic content and the growth of the
web has made it easy to cut and paste paragraphs into term papers and
other documents without proper citation or quotation marks.
• Plagiarism is also common outside academia. Popular literary authors,
playwrights, musicians, journalists, and even software developers have been
accused of it.
13
2. Reverse Engineering
• Reverse engineering is the process of taking something apart in order to
understand it, build a copy of it, or improve it.
• Reverse engineering was originally applied to computer hardware but is now
commonly applied to software as well.
• Reverse engineering of software involves analyzing it to create a new
representation of the system in a different form or at a higher level of
abstraction. Often, reverse engineering begins by extracting design-stage
details from program code. Design-stage details about an information system
are more conceptual and less defined than the program code of the same
system.
14
3. Open Source Code
• Open source code is any program whose source code is made available for
use or modification, as users or other developers see fit. The basic premise
behind open source code is that when many programmers can read,
redistribute, and modify a program’s code, the software improves.
•
Programs with open source code can be adapted to meet new needs, and
bugs can be rapidly identified and fixed. Open source code advocates
believe that this process produces better software than the traditional
closed model.
15
4. Competitive Intelligence
• Competitive intelligence is legally obtained information that is gathered to
help a company gain an advantage over its rivals. For example, some
companies have employees who monitor the public announcements of
property transfers to detect any plant or store expansions of competitors.
• An effective competitive intelligence operation requires the continual
gathering, analysis, and evaluation of data with controlled dissemination of
useful information to decision makers. Competitive intelligence is often
integrated into a company’s strategic plan and decision making. Many
companies, such as Eastman Kodak, Monsanto, and United Technologies,
have established formal competitive intelligence departments.
16
5. Cybersquatting:
• This is the act of registering, selling, or using a domain name to profit from
someone else’s trademark.
• Typosquatting: relies on typographical errors made by web users when
typing a website address into a Web browser
Typosquatting is a variation of cybersquatting
• Called URL hijacking
•
17
Standards and Competition
•
•
A standard is a definition that has been approved by a recognized
standards organization or accepted as a de facto standard within a
particular industry. Standards exist for communication protocols,
programming languages, operating systems, data formats, and electrical
interfaces. Standards are extremely useful because they enable hardware
and software from different manufacturers to work together.
Competition may be one of the reasons why people protect their
intellectual property. This is because the protection of a person’s
intellectual property keeps such person in competitive edge over other
people with same competing technologies. Competition is especially true if
the software’s creator refuses to cooperate by providing documentation to
help create interoperable software. From the consumer’s standpoint, such
stifling of competition increases costs and reduces business options.
18
•
•
•
In general, standard setting, the process of determining the common set of
characteristics for a good or service, often promotes competition to the
benefit of the consumers.
Standards are particularly important in the Information and
Communication Technology (ICT) sector because they allow product to
interoperate and therefore make networks more valuable.
However, ICT standards also raise challenges because they often rely on
patented technologies. A tension arises because patent protect the owner’s
exclusionary right to exploit an innovation, while standards are intended for
widespread use.
19
INFORMATION TECHNOLOGY LAW AND
ETHICS
CSC 225 / CSC
Prof. O. Folorunso
Mrs. C.O Tinubu
1
CYBER CRIME
•
•
•
•
•
A crime committed or facilitated via the Internet is a CYBER CRIME.
A Cyber crime is any criminal activity involving computers and networks.
A Cybercrime is criminal activity that either targets or uses a computer, a
computer network or a networked device.
Cyber crimes range from frauds to unsolicited emails (spam). It can include
the distant theft of government or corporate secrets through criminal
trespass into remote systems around the globe.
Cyber crimes incorporates anything from downloading illegal music files to
stealing millions of dollars from online bank accounts. Cyber crimes also
includes non-money offenses, such as creating viruses on other computers
or posting confidential business information on the Internet.
2
The Nature of Internet Crime
• Cyber criminals can operate from anywhere in the world, targeting large
numbers of people or businesses across international boundaries.
There are challenges posed by the scale and volume of the crimes, the
technical complexity of identifying the perpetrators as well as the need to
work internationally to bring them to justice.
•
The internet opens up new opportunities to cyber criminals and enables
aspiring criminals to enter the environment, based on a belief that law
enforcement struggles to operate in the online world.
3
CYBERSECURITY AND CYBER CRIMES
• Cyber crimes and Cyber security are issues that can hardly be separated in
an interconnected environment.
• Cyber security is the protection of internet-connected systems such as
hardware, software and data from cyber crimes. The practice is used by
individuals and enterprises to protect against unauthorized access to data
centers and other computerized systems.
• Cyber security plays an important role in the ongoing development of
information technology, as well as Internet services.
• Enhancing Cyber security and protecting critical information infrastructures
are essential to a nation‟s security and economic well-being.
• Making the Internet safer (and protecting Internet users) has become
integral to the development of new services as well as government policy.
4
Classification of Cyber crimes
The term “cyber crime” is used to cover a wide variety of criminal conducts.
One approach can be found in the convention on Cybercrime, which
distinguishes between four different types of offences:
1.
Offences against the confidentiality, integrity and availability of
computer data and systems: All offences in this category are directed
against (at least) one of the three legal principles of confidentiality, integrity
and availability.
2.
Computer-related offences: This category covers a number of offences
that need a computer system to be committed. Unlike previous categories,
these broad offences are often not as stringent in the protection of legal
principles. The category includes computer-related fraud, computer-related
forgery, phishing, social engineering, shoulder surfing, Dumpster Diving,
identity theft and misuse of devices.
5
3. Content-related offences: This category covers content that is considered
illegal, including child pornography, xenophobic material or insults related to
religious symbols. The development of legal instruments to deal with this
category is far more influenced by national approaches, which can take into
account fundamental cultural and legal principles. For illegal content, value
systems and legal systems differ extensively between societies.
4. Copyright-related offences: One of the vital functions of the Internet is
the dissemination of information. Companies use the Internet to distribute
information about their products and services. In terms of piracy, successful
companies may face problems on the Internet comparable to those that exist
outside the network. Their brand image and corporate design may be used for
the marketing of counterfeit products, with counterfeiters copying logos as
well as products and trying to register the domain related to that particular
company. Companies that distribute products directly over the Internet can
face legal problems with copyright violations. Their products may be
downloaded, copied and distributed.
6
TYPES OF CYBER CRIMES
1. Hacking: In simple words, hacking is an act committed by an intruder by
accessing your computer system without your permission. Hackers (the
people doing the „hacking‟) are basically computer programmers, who have an
advanced understanding of computers and commonly misuse this knowledge
for devious reasons. They‟re usually technology buffs who have expert-level
skills in one particular software program or language. As for motives, there
could be several, but the most common are pretty simple and can be
explained by a human tendency such as greed, fame, power, etc. Some people
do it purely to show-off their expertise – ranging from relatively harmless
activities such as modifying software (and even hardware) to carry out tasks
that are outside the creator‟s intent, others just want to cause destruction.
7
•
•
•
Greed and sometimes voyeuristic tendencies may cause a hacker to break into
systems to steal personal banking information, a corporation‟s financial data,
etc. They also try and modify systems so hat they can execute tasks at their
whims. Hackers displaying such destructive conduct are also called
“Crackers”. At times, they are also called “Black Hat” hackers.
On the other hand, there are those who develop an interests in computer
hacking just out of intellectual curiosity. Some companies hire these computer
enthusiasts to find flaws in their security systems and help fix them. Referred
to as “White Hat” hackers, these guys are against the abuse of computer
systems. They attempt to break into network systems purely to alert the
owners of flaws.
“Grey Hat” is another term used to refer to hacking activities that are a cross
between black and white hacking.
8
•
•
A white hat (or a white hat hacker) is an ethical computer hacker, or
a computer security expert, who specializes in penetration testing and in
other testing methodologies that ensures the security of an
organization's information systems. While a white hat hacker hacks under
good intentions with permission, and a black hat hacker, most often
unauthorized, has malicious intent, there is a third kind known as a grey
hat hacker who hacks with good intentions but at times without
permission.
Black Hat hackers are criminals who break into computer networks with
malicious intent. They may also release malware that destroys files, holds
computers hostage, or steals passwords, credit card numbers, and other
personal information.
9
TYPES OF CYBER CRIMES
2: Denial-of-Service attack: A Denial-of-Service (DoS) attack is an explicit attempt
by attackers to deny service to intended users of that service. It involves flooding a
computer resource with more requests than it can handle consuming its available
bandwidth which results in server overload. This causes the resource (e.g. a web
server) to crash or slow down significantly so that no one can access it. Using this
technique, the attacker can render a web site inoperable by sending massive amounts
of traffic to the targeted site. A site may temporarily malfunction or crash
completely, in any case resulting in inability of the system to communicate
adequately. DoS attacks violate the acceptable use policies of virtually all internet
service providers.
Another variation to a Denial-of-Service attack is known as a “Distributed Denial
of Service” (DDoS) attack wherein a number of geographically widespread
perpetrators flood the network traffic. Denial-of-Service attacks typically target high
profile web site servers belonging to banks and credit card payment gateways.
Websites of companies such as Amazon, CNN, Yahoo, Twitter and eBay! are not
10
spared either.
Distributed DoS attacks
• Distributed DoS attacks (DDoS) are a type of cybercrime attack that
cybercriminals use to bring down a system or network. Sometimes
connected IoT (internet of things) devices are used to launch DDoS attacks.
• A DDoS attack overwhelms a system by using one of the standard
communication protocols it uses to spam the system with connection
requests.
• Cybercriminals who are carrying out cyber extortion may use the threat of a
DDoS attack to demand money. Alternatively, a DDoS may be used as a
distraction tactic while other type of cybercrime takes place.
• A famous example of this type of attack is the 2017 DDoS attack on the
UK National Lottery website. This brought the lottery‟s website and mobile
app offline, preventing UK citizens from playing.
11
TYPES OF CYBER CRIMES
3. Phishing: Phishing involves the use of fake email messages to get personal
information from internet users. It is a technique of extracting confidential
information such as credit card numbers and username password combos by
masquerading as a legitimate enterprise. Phishing is typically carried out by
email spoofing. You‟ve probably received email containing links to legitimate
appearing websites.
12
•
Not all phishing is done via email or web sites. Vishing (voice phishing)
involves calls to victims using fake identity fooling you into considering the
call to be from a trusted organisation. They may claim to be from a bank
asking you to dial a number (provided by VoIP service and owned by
attacker) and enter your account details. Once you do that, your account
security is compromised. Treat all unsolicited phone calls with skepticism
and never provide any personal information. Many banks have issued
preemptive warnings informing their users of phishing scams and the do‟s
and don‟ts regarding your account information.
13
TYPES OF CYBER CRIMES
4. Malware attacks: A malware attack occurs when a system or network is
infected with a computer virus or other type of malware. A computer
compromised by malware could be used by cybercriminals for several
purposes. These include stealing confidential data, using the computer to
carry out other criminal acts, or causing damage to data.
• Viruses: a hidden code within a program that may damage or destroy
infected files.
• Worm: a program that can spread from one computer to another and can
propagate over a computer network.
• Trojan Horse: a rogue program disguised as a useful program but contains
hidden instructions to perform a malicious task instead.
14
•
•
A famous example of a malware attack is the WannaCry Ransomware
attack, a global cybercrime committed in May 2017.
Ransomware is a type of malware used to extort money by holding the
victim‟s data or device to ransom. WannaCry is type of ransomware
which targeted a vulnerability in computers running Microsoft
Windows.
15
TYPES OF CYBER CRIMES
5. Web jacking: Web jacking derives its name from “hijacking”. Here, the
hacker takes control of a web site fraudulently. He may change the content of
the original site or even redirect the user to another fake similar looking page
controlled by him. The owner of the web site has no more control and the
attacker may use the web site for his own selfish interests. Cases have been
reported where the attacker has asked for ransom, and even posted obscene
material on the site. The web jacking method attack may be used to create a
clone of the web site, and present the victim with the new link saying that the
site has moved.
16
TYPES OF CYBER CRIMES
6. Cyber stalking: Cyber stalking is a new form of internet crime in our society
when a person is pursued or followed online. A cyber stalker doesn‟t physically
follow his victim; he does it virtually by following his online activity to harvest
information about the stalkee and harass him or her and make threats using
verbal intimidation. It‟s an invasion of one‟s online privacy. Cyber stalking uses
the internet or any other electronic means and is different from offline stalking,
but is usually accompanied by it. Most victims of this crime are women who are
stalked by men and children who are stalked by adult predators and pedophiles.
Cyber stalkers thrive on inexperienced web users who are not well aware of
netiquette and the rules of internet safety. A cyber stalker may be a stranger, but
could just as easily be someone you know.
Cyber stalkers harass their victims via email, chat rooms, web sites, discussion
forums and open publishing web sites (e.g. blogs). The availability of free email
/ web site space and the anonymity provided by chat rooms and forums has
17
contributed to the increase of cyber stalking incidents.
TYPES OF CYBER CRIMES
7. Identity Theft: Identity theft occurs when someone steals your identity and
pretends to be you to access resources such as credit cards, bank accounts and
other benefits in your name. The imposter may also use your identity to
commit other crimes. “Credit card fraud” is a wide ranging term for crimes
involving identity theft where the criminal uses your credit card to fund his
transactions. Credit card fraud is identity theft in its simplest form.
18
TYPES OF CYBER CRIMES
8. Salami slicing attack: A “salami slicing attack” or “salami fraud” is a
technique by which cyber criminals steal money or resources a bit at a time so
that there‟s no noticeable difference in overall size. The perpetrator gets away
with these little pieces from a large number of resources and thus accumulates
a considerable amount over a period of time. The most classic approach is
“collect-the-roundoff” technique. Most calculations are carried out in a
particular currency are rounded off up to the nearest number about half the
time and down the rest of the time. If a programmer decides to collect these
excess fractions of rupees to a separate account, no net loss to the system
seems apparent. This is done by carefully transferring the funds into the
perpetrator‟s account. Attackers insert a program into the system to
automatically carry out the task.
19
TYPES OF CYBER CRIMES
9. Software Piracy: Software piracy is the unauthorised use and distribution
of computer software. Software developers work hard to develop these
programs, and piracy curbs their ability to generate enough revenue to sustain
application development. Thanks to the internet and torrents, you can find
almost any movie, software or song from any origin for free. Internet piracy is
an integral part of our lives which knowingly or unknowingly we all contribute
to.
The following constitutes software piracy:
1. Loading unlicensed software on your PC
2. Using single-licensed software on multiple computers
3. Using a key generator to circumvent copy protection
4. Distributing a licensed or unlicensed (“cracked”) version of software over
20
the internet and offline.
TYPES OF CYBER CRIMES
10. Others:
• Data Diddling: a method that insiders modify data by altering accounts or
database records so that it is difficult to tell that they have stolen funds or
equipment.
• Forgery: a method that a user makes Internet data appear to come from one
place when it is really coming from another.
• Blackmail
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened attack).
• Cryptojacking (where hackers mine cryptocurrency using resources they do
not own).
• Cyberespionage (where hackers access government or company data).
21
•
In a nutshell, any offence committed using electronic means such as net
extortion, cyber bullying, child pornography and internet fraud is
termed as cyber crime.
• The internet is a huge breeding ground for pornography, which has
often been subject to censorship on grounds of obscenity.
• Child pornography is a serious offence, and can attract the harshest
punishments provided for by law
22
How to protect yourself against some cyber crimes
So, now you understand the threat cybercrime represents, what are the best
ways to protect your computer and your personal data? Here are top tips:
• Keep software and operating system updated: this ensures that you
benefit from the latest security patches to protect your computer.
• Use anti-virus software and keep it updated: Using anti-virus or a
comprehensive internet security solution is a smart way to protect your
system from attacks. Anti-virus software allows you to scan, detect and
remove threats before they become a problem. If you use anti-virus
software, make sure you keep it updated to get the best level of protection.
• Use strong passwords: Be sure to use strong passwords that people will
not guess and do not record them anywhere. Or use a reputable password
manager to generate strong passwords randomly to make this easier.
23
•
•
•
•
Never open attachments in spam emails: A classic way that computers
get infected by malware attacks and other forms of cybercrime is via email
attachments in spam emails. Never open an attachment from a sender you
do not know.
Do not click on links in spam emails or untrusted websites: Another
way people become victims of cyber crime is by clicking on links in spam
emails or other messages, or unfamiliar websites. Avoid doing this to stay
safe online.
Do not give out personal information unless secure: Never give out
personal data over the phone or via email unless you are completely sure
the line or email is secure.
Contact companies directly about suspicious requests: If you get
asked for data from a company who has called you, hang up. Call them
back using the number on their official website to ensure you are speaking
24
to them and not a cybercriminal.
•
Be mindful of the website URLs you visit: Keep an eye on the URLs you
are clicking on. Do they look legitimate? Avoid clicking on links with
unfamiliar or spammy looking URLs.
•
Keep an eye on your bank statements: Keep an eye on your bank
statements and query any unfamiliar transactions with the bank. The bank
can investigate whether they are fraudulent.
25
Guidelines to Minimize the Invasion of Privacy
• Browse anonymously by surfing from www.anonymizer.com
• Disable cookies on your Web browser
• Use a free e-mail address to place on Web pages, mailing lists, chat rooms,
or other public Internet spaces.
• Do not fill out site registration forms unless you see a privacy statement
indicating that the information gathered will not be sold to 3rd parties.
26
Forms of Attackers
• Hackers, Crackers (Black hats), Cybergangs, Virus Authors, Ethical Hackers
(White Hats).
• Swindlers: a person who cheat you by means of deception or fraud.
• Shills
• Cyberstalkers and Sexual Predators
27