Legal and Ethical Aspects of Computer Hacking

Size: px

Start display at page:

Download "Legal and Ethical Aspects of Computer Hacking"

Randolf O’Connor’
10 years ago
Views:

1 Legal and Ethical Aspects of Computer Hacking ECE4883 Internetwork Security Georgia Institute of Technology Acknowledgement: Kiran Tajani

2 In Class Today Hacking Policies Ethical Constraints Legal Constraints

3 What is Hacking? An event where one enjoys learning the details of a computer system A culture where people find their computer and its surroundings fascinating. The process of creating a new program or making changes to existing programs using complicated software Hacking is Art

culture where people find their computer and its surroundings

4 Types of Hacking Three types! Good Hacking! Bad Hacking! Dangerous Hacking

5 Morals of Hacking Ways of hacking! Ethical Hacking! Inform first! For fun

6 Hacktivism The use of hacking to promote a political cause Modern form of civil disobedience Political form of cyber-terrorism A cover for ordinary pranks

7 Hackers Termed by the media Hacker: a person who enjoys exploring the details of programmable systems and how to stretch their capabilities; one who programs enthusiastically. New Hacker s Dictionary

8 Then VS. Now Different types:! Novice! Crackers! Experts! Dangerous! Ethical

9 Hacker s Morals Why hack?! They DON T have morals What s in it for them?! Promote tighter security! Detect flaws and patches

10 Learn to Hack Hacking Schools Hacking Classes! They exist?! What do they teach?

11 Schools: Zi Hacademy, Paris Civil Hacker s school, Moscow The Hackers Compendium The Law

12 Ethical or Not? So who is responsible for the outcome from these teachings?! It s the teachers! They are the ones teaching such techniques and tools.! It s the students! They are responsible for the actions they decide to take after learning tools to protect themselves.

13 The Law What types of policies are in place? How do they differ from each other? What kind of defined lines are there? Should these be there? Are these clear enough?

14 United States Code Title 18 Part 1 > Chapter 119 > Section 2511! Interception and disclosure of wire, oral, or electronic communications prohibited. Part 1 > Chapter 121 > Section 2701! Unlawful access to stored communications

15 Georgia Computer Systems Protection Act HB 822 Computer Invasion of Privacy! Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.

employment, medical, salary, credit, or any other financial or personal data relating to any

16 Patriot Act USA Patriot Act: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act U.S. government s anti-terrorism policy

17 Homeland Security Department of Homeland Security AKA: National Police Force Connect 22 different Agencies Exchange of information becomes a norm Centralized institution with the power to keep track of computer and usage

Exchange of information becomes a norm Centralized

18 Georgia Institute of Technology Computer and Network Usage Policy! Available for all students and faculty Authorize users and uses Privileges for individuals User Responsibilities! Access to Facilities and Information

19 Ethical and Legal Constraints How easy is it to catch hackers and how many hackers have been caught? Are these policies good enough? Do the current policies actually define the limits of hacking? Can companies hack into their own systems and find vulnerabilities? Can other find vulnerabilities for them without being asked to?

Do the current policies actually define the limits of hacking?

20 What if? A Georgia Tech student uses their personal PC and the school s network to do a port scan on a commercial web site. A Georgia Tech student uses their personal PC and a commercial ISP to do a port scan on a commercial web site. A Georgia Tech student sends a spoofed mail from the school account that appears to come from another user. A Georgia Tech student uses a school computer and password guessing software to access and crack the administrator password. A Georgia Tech student discovers that another user failed to log off when departing. The student uses the account to send an inflammatory to the department chair.

A Georgia Tech student sends a spoofed mail from the school account that appears to come from another user.

21 References 1. Pfleeger, Charles. (2000). Security In Computing (2 nd ed.). Upper Saddle River, NJ: Printice Hall PTR. 2. From RedDragon on IRC, handed to newbies. January 16, Protect Yourselves From Hackers CDs Vasilyev, Ilya V. Civil Hackers' School. April 12, Coomarasamy, James. Learning to Hack. December 1, Georgia Computer Systems Protection Act. Last Modified: June 29, Title 18, Part 1, Chapter 119, Section 2511 Interception and disclosure of wire, oral, or electronic communications prohibited. US Code Collection Title 18, Part 1, Chapter 121, Section 2701 Unlawful access to stored communications. US Code Collection Minow, Mary. The USA PATRIOT Act and Patron Privacy on Library Internet Terminals. February 15, Bush Homeland Security bill nears passage by US Congress. The Editorial Board. November 18, Georgia Institute of Technology Computer and Network Usage Policy. Office of Information Technology. Last Modified October 20, Baase, Sara. A Gift of Fire: Social, Legal, and Ethical Issues for Computers and the Internet. 2nd edition. Prentice Hall Page Palmer, C.C. Ethical Hacking. International Business Machines Corporation. Copyright Harvey, Brian. Computer Hacking and Ethics. April Shell, Barry. Ethical Hacking. Georgia Straight Weekly, Vancouver, BC. September 14,

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles