Hacking, Viruses and Firewall

Transcription

1 Professional issues in interactive media CS6032 Hacking, Viruses and Firewall BY Haifa ALwahaby

2 Introduction: Ethics refers to a set of rules that define right and wrong behavior, used for moral decision making. In this case, Internet and computer ethics is one of the most important issues that we are facing today in term of Hacking, Viruses and Firewall. So this report will explore the ethical issues of Hacking, Viruses and Firewall and what are the legal and social consequences that are related to these subjects. Definition and history: Hacking and Viruses have been known from a long time. As it was a long journey since the first known hackers or virus until what we have today, In order to explore them more deeply we should first have a brief look at their definition and history in terms of how and when did they start. So in this part I ll shed some light on the Definition and history of each of them Brief definition of Hacking, hackers and virus: The word hacker has a checkered past. Originally the word was coined to mean an extreme programmer. Normal programmers write programs that do normal things. Hackers are very sharp people with a deeper understanding of how computers work and can write programs that do things programs are not supposed to do. Programmers can make computers compute, hackers can make a computer sing, dance and fly or crash. After the antics of some destructive hackers were publicly known, the news media started calling those destructive people hackers. The hacker community was quite upset. Hackers are good people, they cried. These criminals should be called crackers. However, the damage was done, today, hacker means a bad person, who writes programs designed to cause harm. Worms and viruses are the infections of the computer world. The worm is a self-contained, replicating program that burrows its way from computer to computer, causing harm. A virus is a program fragment that needs to attach itself to a host program in order to live. Once a virus attaches itself, then it can replicate and travel and cause harm. As for the effects they can cause, worms and viruses are identical.

3 In theory, worms and viruses cannot exist. Computer operating systems are designed such that external programs cannot be injected into them. But obviously this is not true. The first Internet Worm was written almost by accident. A graduate student at MIT, called Robert Morris, thought he had found a flaw in the way software works. He then wrote a program to exploit the flaw and to test his hypothesis. His program sent messages over the Internet to every machine it could find and made these machines send more messages over the Internet. Of course, general consensus was that writing such programs are not possible, because one machine cannot make another machine do something it is not supposed to do. But Morris was right. His program worked better than he had imagined. It clogged up the entire Internet on November 2, 1988 (at this point the Internet had less than a thousand machines connected to it). Of course no one knew how to stop the worm from spreading, as no one had ever seen anything like that. So the fix was drastic, all the machines on the Internet were shut off and rebooted. That killed the Morris worm. For trying this experiment, Morris went to jail. Morris had invented the Buffer Overflow Attack, the same technique used by the Code Red worm. This technique works as follows. Suppose a computer connected to the Internet is waiting to receive a message it expects a message of maybe 10 words. We send it a humongous message several million words long. The computer stores the message and then looks at it. However, while storing the message, the faulty software did not check to see if there was enough free memory. So the message ended up being stored on top of programs that were already in the computer memory (overwriting these programs). Subsequently when the computer tried to execute some of the now overwritten programs, it ends up executing the contents of the long message. This causes the sender of the message to obtain complete control of what the computer executes.

4 Over the years the hackers have found, invented, perfected and finessed a whole slew of innovative tricks to fool the protections built into the computer operating systems. Before the days of the Internet, the viruses were boot-sector viruses. These program fragments lived on diskettes, and when the diskette was put into a machine, attached themselves into some part of the operating system. Subsequently, any diskette written on the infected machine carried the virus. Then came macro viruses, using the programming language built into MS Word. An innocuous document is mailed to a user who opens it, and the macro in the document comes to life and damages the computer. Even maybe sends itself out via from the victim s computer. Quite easy to write, but also quite insidious. Then came many more viruses and worms that used a plethora of tricks called Trojan Horses. A complete documentation of the types and techniques would fill volumes. Finally, today, the virus writing state of the art has become really sophisticated. Any kid with a computer can find a phreaking site, that is, a web site run by senior hackers who want to tell everyone how to cause trouble. These sites have complete explanations of how to write viruses along with pre-written programs. All the kid has to do it to pick the features he or she wants and the site will generate a custom virus (also called a script) that can be used for nefarious purposes. The youngsters who use these virus generators are called script-kiddies. To help the script-kiddy out, the phreaked sites also provide root-kits. Root kits are sophisticated software that when aimed at to a site, will penetrate the site and then replace all the software on the site with software that makes the presence of the virus on the system invisible. For example, all the files containing the virus will become invisible, as the program that displays files, is replaced by a new program that displays all files other than virus files.

5 The ethical dilemma of hacking The ethical issues behind hacking are nothing new to the security world The attacks on the Internet are made possible by an ancient design error. The Internet was not designed to be a large public network. It was designed to be a closed network used by trustworthy people inside the US military and universities. Today the vulnerabilities are causing heartburn for all those who depend on the network. The hackers are running amok, and the fear of legal action is not enough of deterrence. Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. Most statistics show that the main reason behind what the hackers do is because they are only seeking for a fame or as a result of challenge but at the same time there a lot of them who are looking to achieve something bigger than that, So in this part I ll try to categorize hackers to groups according to their motivations (A)- Ethical hacking At first is there something called ethical hacking: how can hacking be ethical? Ethical hacking refers to a group of people hired to hack into a specified industries network: the idea being that these so-called ethical hackers will be able to expose certain weakness in networks before other hackers with malicious intentions hack their networks. This lead us to another question is there something called white hat hackers and black hat hackers And could we apply the term "the end justifies the means" in this case, what if the hackers have a noble goal behind what they are doing is that can be used as an Excuse for them. So who can be the judge in term of what is good or bad behavior

6 (Good behavior is that which pleases or helps others and is approved by them. There is much conformity to stereotypical images of what is majority or ``natural'' behavior. Behavior is frequently judged by intention- - the judgment ``he means well'' becomes important for the first time. One earns approval by being ``nice.'' ) [Kohlberg, p. 18] Hackers claim they ethically have the right to gain unauthorized access to computer systems as long as they cause no harm and only delete logs to cover their tracks. This intrusion by ethical standards is justified from the hacker s position, because the hacker can learn more about the way the system functions with no harm resulting from the intrusion. Careful scrutiny of this argument suggests that individuals might not be harmed physically by this intrusion, but individuals can nonetheless be harmed psychologically. Individuals have proprietary rights and rights to privacy. (B) Hacking under the name of religion One of the most common mistakes that people usually do is using the religion as excuse to justify their action. As it s the same way with a lot of hackers these day when they are working under the name of protecting there own religion or in a way to spread it, while the truth is there is no religion in the all word would Justify such act which are considered a violation of individual property, If we look at the situation from a wider angle we'll see that there is actually no difference between a terrorist who is doing bombing operation under the name of religion and the hackers who cause economic losses as a result of breaking a critical systems, both of them are equal in the terms of harms and losses.

7 (C) - The role of Hacking in politics (Case Study) This an example from recent story about how hacking could be used as a tool to deliver a politics message On Friday, April 20, 2012 A hackers group has claimed responsibility for a denial-of-service attack on the official Formula One website in protest over the running of Bahrain Grand Prix. The hacking collective Anonymous also attacked F1-racers.net, where it posted a message saying the "Formula 1 racing authority was well-aware of the Human Rights situation in Bahrain and still chose to contribute to the regime's oppression of civilians and will be punished." The Bahrain Grand Prix is going ahead despite violent clashes between riot police and demonstrators who believe the race should not be held until the government ends its rights abuses and enacts concrete reforms that benefit the Shiite majority. Formula1.com was unavailable to many users for some of the day Friday. Denial-of-service attacks work by overwhelming a website with bogus traffic. In This case we can see that hackers are not just criminal people with bad intention of damaging things but instead of that they are regular people like us with feelings and values they are trying to achieve but unfortunately by the wrong ways. When they used the website as a channel to broadcast their opinion and to object on some political issues they are creating a bigger problem instead of solving one and war could be started between the both sides as a result of that.

8 The social and legal consequences of hacking By asking this question what is the real difference between hacking a computer or breaking into a house: Both of them sharing the same concept in terms of breaching others privacy and property. But hackers claims that people should have the right to access any information stored on a computer network. Which lead us to The Utility Principle:" The greatest good for the greatest number of people, which mean that if that is going to allow the greater public to benefit more from this action it s seem to be ok The "Computer Ethics" states in part that all information belongs to everyone and there should be no boundaries or restraints to prevent disclosure of this information (Johnson, 1994). From most hacker's perspective, freedom of information includes the right to source codes and the programs themselves. This freedom also includes the right to access information stored on a computer network. At times, hackers argue that the freedom of information doctrine gives them the right to have unrestricted access to computer accounts, passwords and . At this point, the ethical position of hacking has become "system cracking" (Granger, 1994). When the information of the system has become free to everyone, there is no such thing of private property, and there is also no privacy concerns The consequences of losing privacy We cant imagine how the future of the internet would be like, in case hackers continues what they are doing and protection software became powerless against them,that would mean internet will loose it essence of security, privacy and confidential information. And this will lead us to huge issue where people would stop sharing their own personal information among the net and also government organization such as hospitals or health care system wont be able to contain and exchange any patient medical information, and even when it come to economy there wont be stocks market any more, or any online trading because such a thing would require huge amount of privacy.

9 How to prevent hacking in society It's no secret that a mature sense of ethics is something a person develops over time. Parents are supposed to exercise authority over their children because the children are not expected to know how to make certain decisions for themselves, so such awareness should be spread all over the community. And to prevent that we should teach our children how to live according to the golden rule s: Golden rule (Kant)" Treat others as you would like to be treated. Conclusion: In conclusion, we all have to agree that whatever the reason or the motivation behind what the hackers do there should be no excuse for their action. And the ethical stand supporting hacker activities are proven by this report to be mainly unethical. Even though hacking has led to productive improvement in computers and software security, it has in effect created many disruptive problems online and offline. Hacking is an activity that introduces a method of analysis that targets and works on various components. Hacking has the potential to cause harm and to violate legitimate privacy and property rights. By ethical standards hacking does introduce crucial security fixes, but does so at the expense of violating privacy and the security of individuals. Furthermore, hacking activities lead to disruptive and dangerous problems for society, which tend to be difficult to eradicate.

10 References Ess, Charles. (2009) Digital Media Ethics. Cambridge: Polity Press. Kohlberg, Lawrence. Essays on Moral Development, volume 1: The Philosophy of Moral Development. New York: Harper & Row, B.J. Baird, L. L. Baird, Jr., and R. P. Ranauro. The Moral Cracker? Computer Security. vol 6, Ermann, David. Computers, Ethics, and Society. New York: Oxford University Press Fried, Charles, Privacy, Yale Law Journal, vol : p. 477 Granger, Sarah. The hacker Ethic. University of Michigan ACM Chair Harper s Forum. Is Computer Hacking a Crime? In Cyber Reader, edited by Victor Vitanza. Boston: Allyn and Bacon Johnson, Deborah. Computer Ethics. New Jersey: Prentice Hall, 2001.