Activity 2.2
Research one of the following viruses, by either typing the keyword into a search engine or consulting one of the recommended texts:
- NIMDA virus
- I Love You virus
- Melissa virus
- Code Red virus
- Anna Kournikova virus
- MyDoom worm
How and where did the virus originate?Who was responsible for creating and distributing it?How did the virus work,and what effects did it have?What prosecutions were brought,if any?
Answer:
The ILOVEYOU virus comes in an e-mail note with “I LOVE YOU” in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient’s Microsoft Outlook address book and, perhaps more seriously, the loss of every JPEG, MP3, and certain other files on the recipient’s hard disk. Because Microsoft Outlook is widely installed as the e-mail handler in corporate networks, the ILOVEYOU virus can spread rapidly from user to user within a corporation. On May 4, 2000, the virus spread so quickly that e-mail had to be shut down in a number of major enterprises such as the Ford Motor Company. The virus reached an estimated 45 million users in a single day.
Two young Filipino computer programming students named Reomel Ramores and Onel de Guzman, show his intent, the NBI investigated AMA Computer University where de Guzman dropped out on his senior year. There, it was found that de Guzman was not only quite familiar with computer viruses, he had in fact, proposed to create one. For his undergraduate thesis, he proposed the commercialization of a Trojan virus, one that innocently enters another computer but would later steal passwords, addresses, and files, much like the Trojan Horse. He contended that through the Trojan virus, the user would be able to save on, if not totally make do without, prepaid Internet usage cards since passwords could be obtained by the virus. The thesis proposal was rejected by the College of Computer Studies board, forcing him to drop out.
The attachment in the ILOVEYOU virus is a VBScript program that, when opened (for example, by double-clicking on it with your mouse), finds the recipient’s Outlook address book and re-sends the note to everyone in it. It then overwrites (and thus destroys) all files of the following file types: JPEG, MP3, VPOS, JS, JSE, CSS, WSH, SCT and HTA. Users who don’t have a backup copy will have lost these files. The ILOVEYOU virus also resets the recipient’s Internet Explorer start page in a way that may cause further trouble, resets certain Windows registry settings, and also acts to spread itself through Internet Relay Chat (Internet Relay Chat).
Activity 2.4
BCS Code of ConductVisit the British Computer Society (BCS) website and read through the BCS Code of Conduct at the following address: www.bcs.org/BCS/Join/WhyJoin/Conduct.htmConsider which clauses in the BCS code of conduct are most relevant to hacking, and explain how and why.
Answer:
BCS Code of Conduct sets out the professional standards required by the Society as a condition of membership. It applies to all members, irrespective of their membership grade, the role they fulfil, or the jurisdiction where they are employed or discharge their contractual obligations.
Regarding with Hacking, the most relevant clauses to the issue of hacking include the following:
Public Interest
- You shall have due regard for the legitimate right of Third Parties.
- Third parties could be considered as businesses, government bodies or the general public. Upon involving one’s self to any kind of unauthorised access which engages alteration of data, virus and malicious action distribution, he/she is capable of denying the rights of these parties.
Professional Competence and Integrity
- You shall ensure that you have the knowledge and understanding of Legislation and that you comply with such Legislation, in carrying out your professional responsibilities.
- Unauthorized access constitutes as offense under any other legislation, would contradict this clause. This sets hacking in an international context, where computing professionals have a responsibility to be aware of, and understand, the jurisdiction of the law in the country in which they are working.
Duty to the Profession
- You shall seek to improve professional standards through participation in their development, use and enforcement.
- With this clause, somehow hackers and BCS code of conduct goes together with the idea of improving the standards through participation. Hackers tend to penetrate system security and eventually expose weak points for improvements. In fact, hackers were also called as consultants because breaching of systems can provide more effective security in the future, so that other, presumably less well-intentioned, hackers are prevented from causing real harm.
Can hacking be consistent with any of these professional codes of conduct, or is it contrary to all of them?
Answer:
Hacking is not totally consistent to any professional codes of conduct or contrary to all of them. Somehow, it may have the same to some of those identified codes of conduct. But in contrary, hacking could be a crime if, and only if, the intension is to penetrate systems for self interest and later cause harm to the majority.
Activity 2.6
Can hacking be be justified ethically, even when it involves breaking the law? How and under what circumstances?Describe a situation where hacking might be excused on ethical grounds. You must support your argument with cases drawn from the Press, Internet articles or textbooks.
Answer:
Most acts of computer hacking are illegal.
However, not all hacking is illegal – sometimes, companies hire professional security testers to purposely hack into their systems to determine how safe they are. This is known as penetration testing, also called “white-hat hacking” and “ethical hacking.” While such activities are technically hacking, they are not illegal because the attackers have permission.
This doesn’t mean that any hacking for which permission has been granted is legal, however. If someone gives you permission to hack their system, but they do not own the system or its network resources, it can be illegal.
