Windows 8 News

by Carl J Tengstrom

The absence of routine security precautions can make it a lot easier for unlawful attempts on computer systems to occur. Both the intruder and the person who has not taken proper security measures may be held liable for what happens.

Different Kinds of Computer Crimes

You may divide the typical crimes related to computers in four different groups:

• Assault against the results of the computer processing
• Damage of the software
• Computer espionage
• Damage of the hardware

The Extent of Computer Crimes

The technical character of computing is such that it opens possibilities and opportunities for crime in quite a different way than traditional crime does. By nature it is very hard to discover a computer crime and to follow its path.

In fact, the computing technique is not perfect in itself. That makes it even harder to tell if there has been a technical disturbance, a natural malfunction, or if an intruder willingly has manipulated the system in a criminal way.

Four different facts seem to be especially important when we try to discover why some people are prepared to commit crime.

• The person’s attitude towards morals and norms
• The person’s motives (psychological, economical, etc.)
• The person’s apprehension to the risk of being discovered and
• The opportunity

You may ask yourself what reasons you have to take some security measures in the system. It is, of course, important to weigh the costs of a security system against the importance of confident technique in the information system, the costs of an intrusion in the computing system, and finally, yet importantly, the possibility of being sued for damages as a result of the lacking information system and the ethical instability.

Recently there have been several attacks of viruses pointed against big companies all around the world. Today you could read in the paper that a recent security flaw has been discovered in a program’s email clients. According to the author it would be possible for a hacker using this hole in the system to open up your computer and completely take charge of it through an email that has been received by the email program. It isn’t even necessary to open the email; the malicious code would take control of the computer before you even have had a chance to read and delete the email. Recently, there have been several quite severe alarms about security flaws concerning products of a well-known company. Undoubtedly the question comes to mind if the company deliberately incorporates a low level of security. The customers are those who in this manner try out the products. When a flaw appears in the security system of a product, the company eventually hands out a patch to resolve the problem.

Two different parties discovered the vulnerability above independently of each other. They contacted the company that had made the email programs and agreed not to publish the vulnerability until a patch was in place.

It gives us something to think about when you learn that even security companies agree to be silent about email viruses of this kind. With this virus’ capability to spread, it is much more dangerous than previous ones. This way of handling a severe attack must be considered highly unethical.

Information security breaches appear in six areas of risk:

• Electronic (hacking and related) risk
• Malicious code (virus, Trojan worm and related) risk
• Privacy risk
• Downtime risk
• Physical risk
• Human factors risk

The Hacker’s Ethics

In his book, Hackers: Heroes of the Computer Revolution, Steven Levy introduced the following six guidelines:

• Access to computers — and anything, which might teach you something about the way the world works — should be unlimited and total. Always yield to the Hands-On imperative!
• All information should be free.
• Mistrust authority — promote decentralization.
• Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or position.
• You can create art and beauty on a computer.
• Computers can change your life for the better.

This creed was expanded with three principles published in PHRACK, the “official” hacker newsletter:

• First, hackers reject the notion that “businesses” are the only groups entitled to access and use of modern technology.
• Second, hacking is a major weapon in the fight against encroaching computer technology.
• Finally, the high cost of equipment is beyond the means of most hackers, which results in the perception that hacking and phreaking are the only recourse to spreading computer literacy to the masses.

Someone upholding ethical and legal rules of the society cannot take these “rules” seriously. But they still give us something to think about. Hackers usually acknowledge that their activities may occasionally be illegal. Nevertheless, a considerable amount of energy is placed on limiting violations only to those required to obtain access and learn a system. The hackers are hostile towards those who go beyond these limits.

Author: Carl J Tengstrom – Stockholm, Sweden