jona’s blogs

Just another WordPress.com weblog

Malicious Programs…Viruses… Worms…

NIMDA

NIMDA worm was discovered on Sept. 18, 2001 and was spreading in the Internet rapidly.
Based on the reports posted Sept. 21, 2001(http://www.vnunet.com/vnunet/news/2116134/nimda-worm-virulent-virus-ever):
Joe Hartmann, director of virus research at Trend Micro, said “already Nimda has jumped to number one on our virus tracking map, with over 26,000 infected computers worldwide”.
Hong Kong branch of CERT identified that Nimda is “the fastest spreading worm in Hong Kong”, and although initial infections seem small, it is spreading at a faster rate than Code Red.


Origin and Author of NIMDA virus

The author of the Nimda worm was never identified, so there can be no legal consequences for him. The code for the Nimda contains a copyright notice stating that it originated in communist China, but there was no sufficient evidence for this(http://www.rbs2.com/cvirus.htm
revised 5 Oct 2002, revised links 19 Jan 2008).

How does it work?

It uses Trivial File Transfer Protocol (tftp) to distribute files, as well as through Windows-based email clients as a “readme.exe” attachment, sending itself to addresses in MAPI mailboxes, forging the source email address.
Once it infects a server, it adds a Javascript line to the bottom of every HTML page on the system. Simply viewing this page with an unpatched version of Internet Explorer will infect a machine. Nimda also scans for Samba and Microsoft file shares and attempts to log in using a guest account. It places attack files in each directory discovered.
And once a system is infected, the C: drive will be set for file sharing and a Guest account will be added to the Administrators group.

Any prosecutions made?

The creators of Code Red, Nimda and Slammer worms — which inflicted a combined $5 billion in damage the past two years — have not been caught.

References for NIMDA:
Middleton,J(2001). Nimda worm most virulent virus ever. Posted September 21,2001.Retrieved from http://www.vnunet.com/vnunet/news/2116134/nimda-worm-virulent-virus-ever
Standler, R.(2002). Examples of Malicious Programs. Retrieved May 10, 2009 from http://www.rbs2.com/cvirus.htm revised 5 Oct 2002, revised links 19 Jan 2008

CODE RED

What are Code Red and its variants?

“Code Red is a worm that exploits a vulnerability in one of the add-in components that is installed by default in Microsoft’s web server: Internet Information Server. There have been several variants of Code Red with side effects ranging from defaced web pages to changing system configurations and installing a Trojan Horse that will allow access to the compromised system, should the initial entry/infection point be closed”( http://support.microsoft.com/gp/codered).
The “Code Red II” worm is self-propagating malicious code that exploits a known vulnerability in Microsoft IIS servers (CA-2001-13)

Origin of Code Red

The Code Red was believed to have started in China at a university in Guangdong, China,” according to Keith Rhodes, the chief technologist. But there was sufficient elaboration on its origin. Subsequently, no prosecutions are made.

How it works?

(Quoted from http://www.cert.org/incident_notes/IN-2001-09.html)

The “Code Red II” worm attacks as follows:
1. The “Code Red II” worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found. Upon a successful connection to port 80, the attacking host sends a crafted HTTP GET request to the victim, attempting to exploit the buffer overflow in the Indexing Service described in CA-2001-13
2. The same exploit is sent to each of the randomly chosen hosts due to the self-propagating nature of the worm. However, there are varied consequences depending on the configuration of the host which receives this request.
o Unpatched Windows 2000 servers running IIS 4.0 or 5.0 with Indexing Service installed are likely to be compromised by the “Code Red II” worm.
o Unpatched Windows NT servers running IIS 4.0 or 5.0 with Indexing Server 2.0 installed could experience crashes of the IIS server.
o Unpatched Cisco 600-series DSL routers will process the HTTP request thereby exploiting an unrelated vulnerability which causes the router to stop forwarding packets. [http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml]
o Patched systems, or systems not running IIS with an HTTP server listening on TCP port 80 will probably accept the HTTP request, return with an “HTTP 4xx” error message, and potentially log this request in an access log.
3. If the exploit is successful, the worm begins executing on the victim host.

Impacts of the Attacks

The widespread, automated attack and propagation characteristics of the “Code Red II” may cause bandwidth denial-of-service conditions in isolated portions of the network, particularly near groups of compromised hosts where “Code Red II” is running.
Windows NT 4.0 systems and Cisco 600-series DSL routers may experience denial-of-service as a result of the scanning activity of the worm.

Monetary Damage

Computer Economics said the cost of cleaning an inspecting servers was $1.1 billion and that $1.5 billion in productivity was lost.
It figured the total impact of virus attacks around the world for 2001 has hit $10.7 billion.

References for CODE RED:
Danyliw,.R. et. al.(2001).Carnegie Mellon University. “[ISN] Code Red virus probably began in China, GAO official says .Retrieved May 10, 2009 from http://www.cert.org/incident_notes/IN-2001-09.html
http://support.microsoft.com/gp/codered

CONFICKER WORM

Conficker, also known as Downadup or Kido.

Origin and Author of Conficker Worm

A news was posted on the internet last April 24, 2009. This is about the false alarm on the attack of Conficker expected last April 1,2009. It mentioned that the Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, southeast Asia, China and Latin America.
Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world’s largest security software maker, Symantec Corp said that the creators still remained unidentified(http://www.goozad.com/news/Conficker+virus+begins+to+attack+PCs:+experts_20368).

What does the Conficker worm do?

Quoted from (http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm)
The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Monetary Damage

The average cost of such malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion in a recent blog post of Cyber Secure Institute. According to the most recent infection rate estimate courtesy of the Conficker Working Group, the number of infected hosts is 3.5 million(http://blogs.zdnet.com/security/?p=3207). The detail of the analysis follows:

“Any analysis of the true impact of Conficker must also factor in the (wasted) time, resources, and energies of the cyber-community, governments, companies and individuals. Extrapolating out from studies on the average cost of similar past attacks, the total economic cost of this worm (including the cost of efforts to combat the worm, the cost of purchasing counter-measure software) could be as high as $9.1 billion. Even using the single, outlying data source that suggests a much more limited scope of infection (<200,000 —vastly less than all other sources suggest—the cost of this virus is still roughly $200 million dollars.”

References for Conficker:
Finkie,J.(2009).Conficker virus begins to attack: PC’s Experts posted April 24, 2009.Retrieved May 10, 2009 from http://www.goozad.com/news/Conficker+virus+begins+to+attack+PCs:+experts_20368
(http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm
Danchev,D.(2009).Conficker’estimated economic cost? $9.1 billion Posted April 23, 2009. Retrieved from http://blogs.zdnet.com/security/?p=3207

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

Computer Addicts, Cyberthieves, Computer Geniuses or Simply Hackers?

ONEL DE GUZMAN linked to “I LOVE YOU VIRUS”

How and where did the virus originate?

It is believed that the virus originate in the Philippines particularly in Manila. “When the FBI traced the Love Bug virus to a student in Manila in 2000, he was not prosecuted because the Philippines had no laws against spreading computer viruses(http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm).”

Who was responsible for creating and distributing it?

Onel de Guzman, a student in AMA Computer College in Manila was traced to be the author of the I Love You virus.

How does it work?

This is how I LOVE YOU virus works as detailed in CNET News posted May 4, 2000.Quoted from the same source(http://money.cnn.com/2000/05/05/technology/loveyou/):
In an analysis provided by Security Focus, Elias Levy explained that the I Love You virus replicates in three different ways: through email attachments, Internet Relay Chat file transfers, and through shared drives on a computer network.
Once the virus has found its way in, it writes itself into three different locations: two under the Windows directory, one under the system directory.
Then it modifies the computer’s registry keys, which normally contain configuration information that tells the computer what programs to launch on start-up. The worm modifies the registry so that it starts running when the computer is restarted.
In a step now rendered impotent, the worm modifies the registry key that determines the start page for Microsoft?s Internet Explorer browser, pointing to one of four Web pages hosted by Sky Internet.
Those four pages linked to an executable called “win-bugsfix.exe.” Virus code made the executable run.
The executable then looked up the computer’s dial-up connection passwords, and mailed them to an email address in the Philippines.
Next, the executable created an HTML file on the computer’s hard drive to infect other computers connected on IRC. Giving it great and speedy virulence, it next spread to everyone listed in the victim’s Windows address book.
In one of the most malicious aspects of the virus, it then went on to overwrite various music and graphics files and rename them .vbs files.

How much monetary damage it caused around the world?
From http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm posted Sept. 2, 2003
From the chart below, I LOVE YOU virus caused an estimated damage of 10 billion dollars. It posed the biggest monetary damage compared to other viruses and worms created from 1999 to 2003.
Worms, viruses prove costly.
The estimated cleanup and lost productivity costs of worms and viruses add up:
Year Virus/worm Estimated damage
1999 Melissa virus $80 million
2000 Love Bug virus $10 billion
2001 Code Red I and II worms $2.6 billion
2001 Nimda virus $590 million to $2 billion
2002 Klez worm $9 billion
2003 Slammer worm $1 billion
Source: USA TODAY research

Were there any prosecutions?

There are no prosecutions done for the author of I LOVE YOU virus. As quoted from a news in USA Today posted September 2 , 2003,
“When the FBI traced the Love Bug virus to a student in Manila in 2000, he was not prosecuted because the Philippines had no laws against spreading computer viruses (http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm).”
“The Philippine authorities filed theft and other charges against Mr. de Guzman, but dropped them in August because of insufficient evidence. The case against him was weakened because at the time, the Philippines did not have laws governing computer espionage(http://www.nytimes.com/2000/10/21/business/a-filipino-linked-to-love-bug-talks-about-his-license-to-hack.html ).

References:
Festa,P and Wilcox, J.(2000).CNN News. Philippine Cooperating with FBI in virus probe Retrieved May 10, 2009 from http://money.cnn.com/2000/05/05/technology/loveyou/ Posted May 4, 2000
Swartz, J.(2003). USA TODAY.Cops take a bite, or maybe a nibble, out of cybercrime Retrieved May 10, 2009 from http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm Posted Sept. 2, 2003
Landler, M. (2000). The New York Times.A Filipino Linked to ‘Love Bug’ Talks About His License to Hack. Posted Oct. 21, 2000 Retrived May 21, 2009 from http://www.nytimes.com/2000/10/21/business/a-filipino-linked-to-love-bug-talks-about-his-license-to-hack.html

KEVIN MITNICK

Kevin Mitnick is a brilliant cyberthief. He has several cases varying from phone phreaking to stealing of software and operating systems. He is considered a computer addict.
In 1981,Mitnick with his two friends entered the Pacific Bell’s COSMOS phone center in downtown Los Angeles. COSMOS, or Computer System for Mainframe Operations, was a database used by many of the nation’s phone companies for controlling the phone system’s basic recordkeeping functions. They took lists of computer passwords, including the combinations to the door locks at nine Pacific Bell central offices and a series of operating manuals for the COSMOS system..
His next arrest was in 1983 by campus police at the University of Southern California, where he had gotten into minor trouble a few years earlier, when he was caught using a university computer to gain illegal access to the ARPAnet. This time he was discovered sitting at a computer in a campus terminal room, breaking into a Pentagon computer over the ARPAnet, and was sentenced to six months at the California Youth Authority’s Karl Holton Training School, a juvenile prison in Stockton, California.
In 1987, his use of illegal telephone credit card numbers led police investigators to the apartment he was sharing with his girlfriend in Thousand Oaks, California. He was convicted of stealing software from the Santa Cruz Operation, a California software company, and in December 1987, he was sentenced to 36 months probation.
In 1987 and 1988, Kevin and a friend, Lenny DiCicco, fought a pitched electronic battle against scientists at Digital Equipment’s Palo Alto research laboratory. Mitnick had become obsessed with obtaining a copy of Digital’s VMS minicomputer operating system, and was trying to do so by gaining entry to the company’s corporate computer network, known as Easynet. DEC claimed that he had stolen software worth several million dollars, and had cost DEC almost $200,000 in time spent trying to keep him out of their computers, Kevin pleaded guilty to one count of computer fraud and one count of possessing illegal long-distance access codes. He agreed to one year in prison and six months in a counseling program for his computer “addiction.”
Reference:
http://www.takedown.com/bio/mitnick.html Retrieved May 10, 2009

RAPHAEL GRAY

In March 2000, Gray from Wales was arrested for allegedly hacking into e-commerce Web sites managed to get credit card details on Microsoft Chairman Bill Gates and more than 26,000 other accounts from sites in the U.S., Canada, Thailand, Japan and Britain(http://articles.latimes.com/keyword/raphael-gray). It was alledgely accounted to 3 million dollars credit card fraud.
In 2001, Gray faced 10 charges under the Computer Misuse Act (Section 2) of downloading unauthorised information. He ended up pleaded guilty to six charges of unlawfully gaining access to corporate websites.
References:
Los Angeles Times(2000). Bill Gates among Victims of Hackers posted Mar. 26,2000 Retrieved May 6, 2009 from http://articles.latimes.com/keyword/raphael-gray
BBC News(2001). Teenage hacker admits website charges posted Mar. 28,2001 Retrieved May 6,2009 from http://news.bbc.co.uk/1/hi/wales/1248136.stm

MASTER OF DECEPTION

Masters of Deception (MOD) was a New York-based hacker group. MOD successfully controlled all the major telephone RBOC’s and X.25 networks as well as controlling large parts of the backbone of the rapidly emerging Internet. MOD’s initial membership grew from meetings on Loop-Around Test Lines that led to legendary collaborations to hack RBOC phone switches and the various minicomputers and mainframes used to administer the telephone network. Acid Phreak founded the Masters of Deception with Scorpion and HAC.
As a result of a major nationwide investigation by a joint FBI/Secret Service task force, five of MOD’s members were indicted in 1992 in federal court. Within the next six months (in 1993), all five pleaded guilty and were sentenced to either probation or prison.
Reference:
http://en.wikipedia.org/wiki/Masters_of_Deception Retrived May 2009

LEGION OF DOOM

The Legion of Doom (LOD) was a very influential hacker group that was active from the 1980s to the late 1990s and early 2000. Their name appears to be a reference to the main antagonists of Challenge of the Superfriends.
LOD was founded by the hacker Lex Luthor, after a rift with his previous group the Knights of Shadow (much as the Masters of Deception ).
LOD published the Legion of Doom Technical Journals and regularly contributed to the overall pool of hacking knowledge and information. LOD caused no harm to phone systems and computer networks but some of its members did.
Many LOD members were raided, charged and in some cases successfully prosecuted for causing damage to systems and reprogramming phone company computers (Grant, Darden and Riggs, etc). While the “Bellsouth” case could be construed as exploration of the phone system, with claims that no real damage was done, there are other former LOD members such as Corey A. Lindsly (a.k.a. Mark Tabas) who were clearly interested in for-profit computer crime, with no goal except personal gain.
Reference:
http://en.wikipedia.org/wiki/Legion_of_Doom_(hacking) Retrieved May 6, 2009

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

In the Philippines, do we have the legal constraints or laws against hacking?

From the news of USA TODAY dated September 2, 2003, it was stated:
“When the FBI traced the Love Bug virus to a student in Manila in 2000, he was not prosecuted because the Philippines had no laws against spreading computer viruses(http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm).”
From the New York Times posted on October 21, 2000, it has reported:
“The Philippine authorities filed theft and other charges against Mr. de Guzman, but dropped them in August because of insufficient evidence. The case against him was weakened because at the time, the Philippines did not have laws governing computer espionage(http://www.nytimes.com/2000/10/21/business/a-filipino-linked-to-love-bug-talks-about-his-license-to-hack.html ).”

From New York Times News entitled World Business Briefing: Asia; Philippine on Computer Crime published on June 15, 2000, the following is being quoted:
“Spurred by criticism that the Philippines had no system to punish perpetrators of last month’s ”I Love You” computer virus, the president of the Philippines, Joseph Estrada, signed an electronic-commerce law. Under the law, hackers and those who spread computer viruses can be fined a minimum of $2,350 and a maximum ”commensurate” with the damage caused and can be imprisoned for up to three years. The law does not apply retroactively to those involved in the ”I Love You” virus”( http://www.nytimes.com/2000/06/15/business/world-business-briefing-asia-philippine-law-on-computer-crimes.html).

What we have currently is the E-Commerce Law, REPUBLIC ACT NO. 8792 created on June 14, 2000. This is “ AN ACT PROVIDING AND USE OF ELECTRONIC COMMERCIAL AND NON-COMMERCIAL TRANSACTIONS, PENALTIES FOR UNLAWFUL USE THEREOF, AND OTHER PURPOSES.”

Sources:
Swartz, J.(2003). USA TODAY.Cops take a bite, or maybe a nibble, out of cybercrime Retrieved May 10, 2009 from http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm Posted Sept. 2, 2003
Landler, M. (2000). The New York Times.A Filipino Linked to ‘Love Bug’ Talks About His License to Hack. Posted Oct. 21, 2000 Retrived May 21, 2009 from http://www.nytimes.com/2000/10/21/business/a-filipino-linked-to-love-bug-talks-about-his-license-to-hack.html

New York Times News. World Business Briefing: Asia; Philippine on Computer Crime Published June 15, 2000. Retrieved May 21, 2009 from http://www.nytimes.com/2000/06/15/business/world-business-briefing-asia-philippine-law-on-computer-crimes.html

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

What is the extent of destruction that hacking posed in our society?

Excerpt from the essay of Ronald B. Standler from http://www.rbs2.com/cvirus.htm
Economic Damage
There are many different harms resulting from malicious programs:
• Many malicious programs delete or alter data in files on the victim’s hard drive. Recovering from such an attack requires either the use of a backup copy or tediously regenerating the data.

There will always be lost data after the last backup. The amount of lost data will be less than one day’s work, if one makes daily backups. However, daily backups are rare amongst computer users at home and in small offices. That means most victims will lose days, or even weeks, of wordprocessing and financial data. The value of that lost data far exceeds the cost of the computer hardware.
• Many malicious programs alter the Microsoft Windows registry file. All of those alterations must be undone, in order to recover from the malicious program.

Many malicious programs attach themselves to parts of the operating system or applications programs.

In some cases (e.g., CodeRed), the best recovery is to reformat the hard disk drive, make a clean installation of the operating system, then install all of the applications software, and finally copy all of the user’s data files from backup media. Such a process can take many hours if the user is familiar with the process and has a recent backup copy of the data files. Alternatively, if one has used special backup software that copies the entire operating system (including hidden files), all applications software, and all data files onto recordable media (e.g., compact disks or a tape cartridge), then one can use that media to recover more quickly.
• Malicious program that propagate by e-mail clog e-mail servers with millions of copies of a virus or worm, thus delaying receipt of useful e-mail, or causing valid messages to be lost in a flood of useless e-mail. Some companies switch off their e-mail servers during epidemics of malicious programs transmitted by e-mail, to prevent crashing their server, but that makes valid e-mail undeliverable. Many businesses rely on prompt delivery of e-mail for their routine operation, and slow e-mail will cause financial losses, such as the cost of lost productivity.

There is no definite information on the exact cost of recovering from an epidemic of a malicious program.

A quick calculation shows that the damage inflicted by a malicious program will be immense. Some of these malicious programs infected more than 105 computers worldwide. If the cost of removing the program from each computer is only US$ 200 (a very low estimate), then the total harm exceeds ten million dollars. This quick calculation shows that the cost of each widespread malicious program will be more than US$ 107, but we do not know how much more.

The estimated costs in the following table are from Computer Economics in January 2002. Journalists who write news reports about malicious programs commonly use damage estimates provided by Computer Economics.
name of program estimated US$ cost
Melissa 1.10 × 109
ILOVEYOU 8.75 × 109
CodeRed 2.62 × 109
SirCam 1.15 × 109
Nimda 0.635 × 109

The cost of recovery from malicious programs after ILOVEYOU was reduced by the availability of software tools from anti-virus software companies that automate much of the process of removing a worm.
________________________________________
Sources of Information
Early History of Malicious Programs
The following online resources describe the early history of malicious programs:
• Robert M. Slade, History of Computer Viruses, 1992. Posted at Univ. Wisconsin and cknow.com.
• Alan Solomon, A Brief History of PC Viruses, 1993 (?). Posted at Univ. Wisconsin and cknow.com.
• Joe Wells, Virus Timeline, 30 Aug 1996.
• Eugene Kaspersky, Computer Viruses, Nov 1998.

Some of the damages produced by hacking are the following:
1. Extortionists managed to hack into US power grids and shut them down, PC World reports, citing a CIA analyst speaking at a security conference(http://www.newser.com/story/16862/cybercrooks-hacking-power-grid.html).The analyst said:
“”In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks, but all involved intrusions through the Internet.”
2. The different viruses and worms which caused billions of dollars of damage. As mentioned above, examples are I LOVE YOU virus, NIMDA, CODE RED. Conficker worm has gone its damage up to aso up to $9.1 dollars.

3. Phone phreaking related to hacking also shut down some of the telephone companies and caused a lot of damage.

4. Advancement in technology is leading to the emergence of a new threat in the form of ‘cyber terrorists’, who attack technological infrastructures such as the Internet in order to help further their cause through hacking (http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-3W31NRB-6&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=de9715c265c83850832c8e49c569707b).
References:
PC World, Washington Post(2008). Cybercrooks Hacking Power Grid Posted Jan 20, 08 Retrieved May 21, 2009 from http://www.newser.com/story/16862/cybercrooks-hacking-power-grid.html

Danchev,D.(2009).Conficker’estimated economic cost? $9.1 billion Posted April 23, 2009. Retrieved from http://blogs.zdnet.com/security/?p=3207
Furnell, SM. Computer hacking and cyber terrorism: the real threats in the new millennium? Retrieved May 22, 2009 from http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-3W31NRB-6&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=de9715c265c83850832c8e49c569707b

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

Benefits of Hacking

Most of us would think that there was never a good side to hacking. As media amplified, hacking usually fostered destruction and is detrimental to a certain computer network or simply a personal computer. Bad effects of hacking are mostly reported neglecting the good sides of it which are made by the so called white hat hackers. This name was derived from the old western movies where the good guys always wore white hats and the bad guys wore black hats. Some of these are individuals and organizations who conduct security audits and research and publish their findings for the security industry. They opt to find security flaws and help users to fix them. They also develop security tools and techniques to help users to fight such attacks in the future. This is one good benefit of hacking.
Hacking also allows computer specialist to test a certain computer system or software. It allows hackers to examine the system’s weaknesses and look for solution to the discovered holes.
Aside from being security consultants, white-hat hackers also help in serving as public watchdogs. They sneak into computer systems to look for any anomalies and dishonesty in a government agency or any private corporation.
Duff (2005) mentioned of the two types of benefits from hacking. These are industry related and individual related benefits. Industry related benefits are the contributions which give profit to the computer industry. The development of today’s computers is the result of the early hackers who untiringly continue to renovate and improve the machine.
The following are the industrial related benefits:
a. Rapid advancement – Hacking plays a role in the rapid advancement of the industry.
b. Inability to stagnate – It drives the industry not to stagnate but to lead it to a continual improvement.
c. Diversify the industry – Hacking opens the opportunities to broaden the horizon of the computer industry.
d. Innovation – It allows the industry to go into modernization and promote continuous development.
Society enjoys some of the results of hacking. The endless interest of hackers to learn new things leads to the discovery of new ideas and brings new opportunities to improve the existing condition the industry have.
The individual benefits are as follows:
a. Continual improvement of security – Hacking continually develops the security of any computer systems. It looks for problems in a system and provide solutions to them.
b. Product improvement – New discoveries of software weaknesses contributes to further improve the products (hardware or software).
c. Increased attention to consumer’s needs – Hacking increase the industries’ effort to meet the needs of the consumers.
d. Reliable , free software – Hacking gives reliable and free software.
e. Free computer and software assistance – It also provides hardware and software assistance to the society.

Reference:

Duff, T. (2005). The Benefits of Hacking: A Different Perspective for the Security Conscious. Retrieved May 6, 2009 from http://www.trdtechnical.com/eportfolio/Final_Project_Tina.pdf

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

Hacking and its definitions

Stanford Encyclopedia of Philosophy defined hacking as breaking into someone’s computer system without permission. This is a major risk to computer security. A person who practices hacking is called a hacker. Some hackers intentionally steal data or commit vandalism, while others merely “explore” the system to see how it works and what files it contains. These “explorers” often claim to be benevolent defenders of freedom and fighters against rip-offs by major corporations or spying by government agents. These self-appointed vigilantes of cyberspace say they do no harm, and claim to be helpful to society by exposing security risks. However every act of hacking is harmful, because any known successful penetration of a computer system requires the owner to thoroughly check for damaged or lost data and programs. Even if the hacker did indeed make no changes, the computer’s owner must run through a costly and time-consuming investigation of the compromised system [Spafford, 1992].
Hacker, as it relates to computers, has several common meanings. “Hacker is often used by the mass media to refer to a person who engages in computer cracking and is also often by those in computing fields to refer to a person who is a computer enthusiast(http.www.WikiAnswers.com).” There are debates over time for the meaning of the term hacking or hacker when referred to a person. The term hacker was used as early in 1950’s in connection with electronic hobbyist. However, it first appeared in MIT student newspaper. As cited by Duff, Shapiro (2003) claims that the earliest known use of the word hacker was in a student paper from the Massachusetts Institute of Technology (MIT). He quotes the following from the November 20, 1963 issue and uses this as proof that the word hacker has always referred to someone with malicious intent:

“Many telephone services have been curtailed because of so-called hackers, according to Prof. Carlton Tucker, administrator of the Institute phone system. [....] The hackers have accomplished such things as tying up all the tie-lines between Harvard and MIT, or making long distance calls by charging them to a local radar installation. One method involved connecting the PDP-1 computer to the phone system to search the lines until a dial tone, indicating an outside line, was found. [...] Because of the “hacking,” the majority of the MIT phones are “trapped.””

As others used the term hackers to those individuals who are considered expert in the field of computing the previous statements connotes the term of hacking of having a negative meaning.

Duff stated in her paper that hacking is the act of exploring technology to expand one’s own knowledge. Hackers retain the responsibility of being ethical or not, just the same as any other professional does. She concluded in her paper that hacking also offers a lot of benefits. These hackers whose intentions are good are often named as white hat hackers. They serve as public watchdogs or security consultants. For example, they peek into a computer system to find information which can be used for whistle-blowing to inform the public for any dishonesty in any form in the government or in a private corporation. Another purpose of sneaking into computer systems is to test its stability and security.

On the other hand, black-hat hackers are those individuals that use their technical skill for personal gain. These include hackers from various disciplines and motivations. These are the malicious hackers who are intent on destruction and profit. These hackers may have personal motivations such as revenge or anger. And sometimes their aim is simply to gain money or notoriety(Duff, 2005).

With the different definitions for hacking, we can conclude that this action not only gives problems but also can provide solution to problems. Just like anything, hacking has good and bad effects depending on how it is used. Ultimately, it can be an instrument to pave the way to the development and advancement of the status quo in the computing industry.

May 22, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

An IT Professional or Not?

An accountant using the Microsoft Excel in making a payroll for a certain company, can he be considered an IT professional? How about a graphic artist designing some product cover, can we call him an IT professional? A person designing , monitoring and maintaining websites, is he an IT professional?
So, what’s an IT professional? Who can be considered as an IT professional then?
Computing has been a part of many jobs, such as reading and writing are essential skills in doing many jobs. A doctor uses his laptop in keeping some records of his patients as well as a teacher utilizes a computer in presenting her lessons. A worker making use of a computer is not considered a computer professional or IT professional per se but simply an accountant, graphic artist, doctor, engineer or a teacher. These occupations require having and using knowledge of computers. Therefore by using the computer alone does not consider one to be an IT professional.
IT profession or specifically computer profession is very broad. In fact, as I have posted in my last blog, it is still an argument whether to take IT professionals as “professionals”. However, considering it as a profession, it is still quite broad in application. Computer professionals include those who design, sell and maintain software and hardware, those who write documentation, those who design, monitor and maintain websites, the ones who work for ISP and also computer scientist ( Johnson, 2001). Computer professionals have specialized knowledge and often have positions with authority and respect in the community. Therefore, to be considered an IT professional specifically computer professional aside from the body of knowledge he is specialized of, he should also be aware of the significant portions of computer ethics or information ethics to guide him of his day to day activities.
“Information revolution” has altered many aspects of life significantly: commerce, employment, medicine, security, transportation, entertainment, and so on. Consequently, information and communication technology (ICT) has affected — in both good ways and bad ways — community life, family life, human relationships, education, careers, freedom, and democracy and others (from http://plato.stanford.edu/cgi-bin/encyclopedia/ Computer and Information Ethics (Stanford Encyclopedia of Philosophy).htm).
Since an IT professional affects a variety of spheres in man’s life, he should be aware of the effects of his practice of profession whether it adheres to retain his being a moral agent as a professional. For an IT professional to respond responsibly to all issues creeping regarding his area of specialization, he should be well-versed with the professional ethics embodying an IT professional or computing professional which will steer him to do his jobs in a professional way. Subsequently, it will turn him out to be a full-fledged IT professional.

Bibliography
• Johnson, D. (2001), Computer Ethics, Third Edition Upper Saddle River, NJ: Prentice-Hall.
• Bynum,T.(2008).Stanford Encyclopedia of Philosophy. Computer and Information Ethics Retrieved May 11, 2009 from http://plato.stanford.edu/cgi-bin/encyclopedia/ Computer and Information Ethics (Stanford Encyclopedia of Philosophy).htm

May 21, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

What is a Professional? an IT professional?

In the words of Guy Le Boterf, a French expert on the development of competencies, “A Professional is a person who possesses a personal body of knowledge and of know-how which is recognized and valued by the market. Because of this market recognition, the Professional benefits from an advantage not available to other workers: he or she can personally manage internal or external^professional mobility, in a specific firm or in the international market. A person who is recognized as a Professional possesses a social standing which is larger than the specific job he or she holds down (http://www.syre.com/versionanglaise/professionals.htm).” Professional is also defined as a person who is engaged in one of the learned profession (http://wordnet.princeton.edu/).

Professionals have roles in which they carry with them special rights and special responsibilities. Roles that are called “strongly differentiated”(Goldman, 1980). These roles give the role-holder powers and/or responsibilities that are “exceptions to ordinary morality”. For example, a doctor can operate surgery and a civil engineer can sign building permits.

How about an IT professional? Can he be classified as “professional”? What is the role of an IT professional or computer professional?

We have what we call as “occupational roles”. These are roles which are not strongly differentiated. Examples are sales personnel, secretary and construction worker. They are expected to adhere to the demands of ordinary morality. Occupational roles are taken into account as the efficacy of individuals acting in employment roles. Efficacy means “power to affect the world.” It is the ability to do things others don’t have the capacity to do. Important parts of the efficacy of a professional are skills and knowledge. Because professionals have this efficacy, they bear special responsibilities. They have as well special rights by virtue of being members of a profession.

However, the role of a computer professional is not strongly differentiated (Johnson,3rd ed.,p.57). Although an IT professional has the ability and opportunity to affect the world in ways that others can’t, they do not acquire any special, socially recognized power or privilege “by being a computer professional.” As one IT professional is employed in a company, he acquires powers and responsibilities by virtue of being an employee to the company but not by being an IT professional.

While some professionals have special rights and responsibilities by virtue of being members of a profession, computer professionals do not. They have special powers and privileges by virtue of their efficacy in the environment they are into. That is, they obtain those special privileges by virtue of their skill and knowledge in the positions they possess in organizations (Johnson,3rd ed).

May 12, 2009 Posted by tag051002 | Uncategorized | | No Comments Yet

Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

May 10, 2009 Posted by tag051002 | Uncategorized | | 1 Comment