Académique Documents
Professionnel Documents
Culture Documents
CSCI 2070, Cyberethics Morality and Law in Cyberspace, 3rd edition, Richard Spinello,
Jones and Bartlett, 2006.
. There are companies on the net that sell source code of popular viruses. Our book
mentions a company selling a CD-ROM with source code for viruses and also virus-
writing tools, newsletters about destructive code, and a db describing how various viruses
work.
. Why?
- there is nothing illegal about publishing the source code of a virus.
-It IS illegal to release a damaging virus over the Internet however
. What are some obstacles to the growth of electronic commerce on the Internet? (ask
class)
- public apprehension about Nets security flaws
- faith in companys promises
. What are some security measures that companies use? (ask class)
Firewalls, security scanners, intrusion prevention products,
- phishing (emails sent to users to appear to come from a bank or an online retailer.
They look authentic and direct users to a web site where they are asked to enter sensitive
information like passwords, bank account numbers, or credit card information
. What happens to e-commerce if people begin to lose trust in online companies web sites?
If phishing successes become to prevalent, what does that do to the legitimate companies?
. What is a macro virus? A virus that exploits a macro. A macro is a piece of code that
can be written in MS Word, MS Excel. They are pieces of code that are inserted into the
instruction sequence when activated.
. A survey of 300 North American companies found that the companies (who responded)
had a monthly average of 103 virus infections per 1,000 computers
. Some terms/definitions:
Virus: A computer program that replicates itself by copying itself into other
programs stored on a computer. Usually with the intention to cause mischief or damage.
It attaches itself to a program or file that allows it to move from computer to computer.
The virus spreads by human action, unknowingly sending it in email attachments or
sharing infected files.
Worms: A computer worm is a type of virus that replicates itself, but does not
alter any files on your machine. Computer worms create problems by multiplying
frequently and taking up a computer's available memory or hard disk space. The worm
can travel without human interaction taking advantage of information in files and
transport mechanisms on your computer to move to other computers.
Trojan Horses: Are different than viruses in that they dont replicate themselves.
They are programs that appear to do one thing but do something else instead. It is
possible for a Trojan horse to attach itself to a virus file that spreads to multiple programs.
Spyware: Software that spies on your computer. Could record web browsing
habits, keystrokes, eMail information, usernames, passwords, credit card account
numbers, etc. Could be installed by opening an email or by running another program that
has the spyware installer attached.
. Text discusses the famous Internet Worm launched by Cornell student, Robert Morris
in November 1988. Made Nightline TV Show. The student released the room and it
quickly spread to other systems on the Internet. The worms progress was facilitated by a
bug in Unix. Once invaded, the pgm reproduced itself over and over consuming large
volumes of memory. It did not modify system files or destroy other information. But
performance of computers deteriorated and many crashed. About 12 hrs after the worm
was introduced, Computer Systems Research Group at Berkeley developed a pgm to halt
the Worms spread.
Morris claimed he was running an experiment, he was convicted under the Computer
Fraud and Abuse Act and sentenced to a term of 3 years probation and fined $10,000. It
infected 2,500 computers in some way and clean up cost was reported to be over $1
million.
We dont see attacks like the Internet Worm often but there are still problems:
The architecture of the Net is open, designed to share information, not to conceal
it
1) cybercrime
2) trespass, unauthorized access
3) Security measures that should be adopted to protect electronic commerce and online
communications
4) encryption and public policy debate in the U.S. on this topic
As weve said before, this class is an introductory one, all of these topics will be
introduced. Full courses could be offered on all of these topics
Cybercrime p 186.
Cybercrime is a special category of criminal act usually committed through the use of a
computer and/or network technologies.
1) software piracy
2) computer sabotage
3) electronic break ins
1) input crime
2) output crime
3) process crime
. How would the above specific types of cybercrime be categorized into the general
categories used by other authors?
The Tenth United Nations Congress on the Prevention of Crime and the Treatment of
Offenders (Vienna, 10-17 April 2000) categorized five offenses as cyber-crime:
unauthorized access, damage to computer data or programs, sabotage to hinder the
functioning of a computer system or network, unauthorized interception of data to, from
and within a system or network, and computer espionage.
Time bomb: Typically malicious in intent, triggered by a particular date or time and can
deliver a virus or a trojan horse.
Surveys by the Computer Security Institute indicate that 10 to 15 new viruses are
launched each day.
Some viruses are very costly, the Blaster worm and the SoBig virus from the summer of
2003 are estimated to have caused losses of $35 billion.
The SW to send the mock requests is implanted in computers around the world
and when signaled they bombard a selected web site w/ requests.
What are some famous DoS attacks? What was the impact? What are the ethical
issues? What are the economic issues?
In the physical world, how does one demonstrate trespass? Spinello writes that
one must focus on the trespassers intent to enter into a forbidden property w/o
permission.
Possible 5-minute break to work in groups to determine how one might do this.
Lastly, Spinello does not include in his definition of cybercrime those crimes that are
facilitated thanks to the use of computer and network technologies.
These crimes do not require computer technology but may aid in the commission
of the crime.
What about phishing, he says it is not direct cybercrime but would be Internet-
related fraud.. It is a crime facilitated by the Internet. There are also crimes planned
and/or carried out with the Internet. Spinello refers to these as computer-related crimes.
. There are more requests for relying on code to address this and content providers are
increasing their demands.
Michael Eisner, CEO Disney, accused Apple, MicroSoft, and Dell of failing to develop
secure systems b/c they helped sell more computers.
. The entertainment industry would like to incorporate copy-protection into PCs, DVD
players, and other digital media devices.
an unlawful act causing injury to the person, property, or rights of another, committed
with force or violence, actual or implied.
a wrongful entry upon the lands of another.
an encroachment or intrusion.
. Many individuals do not see a parallel between trespassing on a computer system and
physical trespass.
. Class, what are the differences, why do people feel this way? (write on board)
. Is unsolicited e-mail or spam a form of trespass? Does it force itself into anothers
virtual mail box? Is that part of an individuals personal space?
What are some parallels to the real world and some differences? What are some
informal ethical guidelines to help determine an answer?
The Computer Fraud and Abuse Act (CFAA) passed in 1986, amended in 1996 makes it
a crime to access any protected computer w/o authorization and as a result of such
access to defraud victims of property or to recklessly cause damage.
.Due to the 1996 amendment, protected computers include those used by the government,
financial institutions, or any business engaged in interstate or international commerce, or
anyone involved in interstate communications.
. The category of protected computer includes then, virtually any computer connected
to the Internet.
. The CFAA then makes trespass a federal crime if one does so to pilfer classified
information, to perpetrate fraud, or to cause damage.
. Also a federal crime to cause the transmission of a pgm or piece of code (like virus) that
intentionally causes damage to a protected computer.
Lastly, it prohibits unauthorized access that causes damage regardless of whether or not
the damage was recklessly caused.
. Most states have laws now that make unauthorized use of computers a crime even if the
motive is just curiosity. There are harsher penalties for computer trespass where entry
has occurred to commit another crime (like theft of material).
You read pg. 192-193 where Lessigs framework is applied to hacking. Test Question!!!
Some ISPs have sued spammers for trespass to chattels seeking injunctions to protect
their property
Trespass to chattels is a tort action based on the unauthorized use or interference with
anothers property.
Def: Tort: Wrongful act, other than a breach of contract, that injures another and for
which the law permits a civil (noncriminal) action to be brought. Relief may be obtained
in the form of damages or an injunction. The term derives from Latin tortum, meaning
"something twisted, wrung, or crooked." Assault, defamation, malpractice, negligence,
nuisance, product liability, property damage, and trespass are all (apart from their
potentially criminal and contractual aspects) torts. (From, Britannica Concise
Encyclopedia and Answers.com)
The revival of the trespass to chattels doctrine in the context of cyberspace has
had unexpected and far-reaching consequences. Trespass to chattels, a doctrine developed
to protect physical property, initially seemed to courts to be merely a useful doctrinal tool
to control spam, unwanted commercial bulk e-mail. However, the doctrine has recently
expanded into other situations, making visible the flaws inherent in applying to
cyberspace doctrines based in real and tangible property. (from The Continuing
Evolution of Cyberspace Trespass to Chattels,
http://www.law.berkeley.edu/institutes/bclt/pubs/annrev/exmplrs/final/lqfin.pdf)
In 1997, Judge ruled against cyberpromotions and the courts reasoning has been met with
mixed reviews
One part of the definition of property is the right to exclude others from use. A corollary
of that right is the need to seek permission of the owner to use his or her property.
This case leaves unanswered a larger question concerning the target of SPAM. Does
spam constitute trespass at the user level?
What about search engines, are their activities ever equivalent to trespass? Most use a
software robot, spider bot that automatically search and retrieve information.
What about one going through commercial sites extracting pricing information?
In eBay v. Bidders Edge a court sided w/ eBay in a request for injunction to provide
Bidders Edge from using spider technology to aggregate comparative auction data
Firewalls
Filtering Systems
Virus Protection Software
Encryption
Offsite backups