Zenisa : Ethical Hacking and Infosec

Firewalls

In the context of buildings, a firewall is a fireproof wall intended to prevent the spread of fire from one room or area of a building to another.   It has acquired a related but an outside-to-inside attack prevention meaning in the context of the Internet.  A typical intranet these days is not connected to the Internet directly.  Instead, we connect it to a firewall, and channel all transmissions through the firewall.  

A firewall is a computer system dedicated to protect a LAN from the Internet at large.  It is at the entry point of the LAN it protects. All traffic from/to the LAN to/from any host on the Internet at large goes through a firewall.  They receive, inspect and make decisions about all incoming data before it reaches other parts of the system or network. They regulate outgoing data also.

From Internet Security Glossary [RFC 2828, (I) = Internet basis, (C) = Commentary and Additional Guidance] :

Firewall
(I) An internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be “inside” the firewall) and thus protects that network’s system resources against threats from the other network (the one that is said to be “outside” the firewall). (See: guard, security gateway.)  (C) A firewall typically protects a smaller, secure network (such as a corporate LAN, or even just one host) from a larger network (such as the Internet). The firewall is installed at the point where the networks connect, and the firewall applies security policy rules to control traffic that flows in and out of the protected network.
(C) A firewall is not always a single computer. For example, a firewall may consist of a pair of filtering routers and one or more proxy servers running on one or more bastion hosts, all connected to a small, dedicated LAN between the two routers. The external router blocks attacks that use IP to break security (IP address spoofing, source routing, packet fragments), while proxy servers block attacks that would exploit a vulnerability in a higher layer protocol or service. The internal router blocks traffic from leaving the protected network except through the proxy servers. The difficult part is defining criteria by which packets are denied passage through the firewall, because a firewall not only needs to keep intruders out, but usually also needs to let authorized users in and out.

A rigorous definition of what a firewall is not useful as the term has been used with a variety of meanings by the industry.  It can be a simple packet filter to an enormously complex computer system with extensive logging systems, intrusion detection systems, etc.  Nearly every topic of this course can fit under the heading of “building a firewall. “  Instead, let us discuss specific functionality that aids in securing a LAN.

Security Policy

 

 

 

 

 

 

 

Every organization that uses LANs should have rules governing acceptable use of computing resources, security practices, and operational procedures.  A firewall is designed to enforce these policies as they apply to the Internet.  A firewall cannot protect against inside attacks,  buffer overflow exploits, etc.

In this lecture, we discuss the technical details of what a firewall is leaving the development of a security policy to a later lecture.

Dual Homed Gateway

A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.

Routers

Routers are computer systems with a very focused functionality: route IP packets.  As a result, the base computer system is designed optimally for the routing purpose, and often run highly refined and hardened versions of an OS from ROM.  Because it is a router, it generally contains several NICs.

A Screening Router is a router configured to permit or deny traffic based on a set of permission rules. A Tunneling Router is a router capable also of encrypting the traffic and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.  A Screened Host is a host on a network behind a screening router. A screened subnet is a subnet behind a screening router.  Such a subnet is also called a ‘’sand box” or ”demilitarized zone” network   Conceptually, this is similar to a dual­homed
gateway, except that an entire network, rather than a single host is reachable from the outside.

A firewall uses NAT (Network Address Translation) to hide the internal workstation addresses, and to re-address all outgoing messages from workstations on the LAN by replacing internal IP addresses with the external IP address of the gateway.

Packet Filter

It filters packets based on certain rules (see Packet Filtering in the References).   This is the simplest of the firewalls.  Protocols such as Telnet and SMTP lend themselves to packet filtering. The type of router used in a packet filtering firewall is known as a screening router.  A screening router, unlike an ordinary router, determines not only whether or not it can route a packet towards its destination, but also whether or not it should. “Should” or “should not” are determined by the site’s security policy.

Here are some examples of ways in which you might program a screening router to selectively route packets to or from your site:

1. Block all incoming connections from systems outside the internal network, except for incoming SMTP connections (so that you can receive email).
2. Block all connections to or from certain systems you distrust.
3. Allow email and FTP services, but block dangerous services like TFTP, the X Window System, RPC, and the “r” services (rlogin, rsh, rcp, etc.).

You can configure most modern routers to pass or drop packets as above.

The primary disadvantage of any packet filtering gateway is that once access has been granted by the device to a host on the internal network, the attacker has direct access to any exploitable weaknesses in either the software or the configuration of that host. The ability to jump off to other internal hosts from that point is restrained only by the security present on those hosts.

Packet filtering can be static by letting desired methods of connecting between the internal and external networks left open at all times.  The advantages of static packet filtering are:

• Low Overhead / High Throughput
• Inexpensive or free
• Good for traffic management

Because it does very little work outside of routing traffic, the overhead is extremely low, so near or at hardware speed traffic is likely. The ability to setup packet filters is standard in most routers. Packet filtering is also always helpful for managing traffic on networks.  The disadvantages of static packet filtering are that it:

• Allows direct connections to internal hosts by external clients
• Permanently leaves holes open in the Network Perimeter
• Quickly becomes unmanageable in complex environments
• Remains vulnerable to attacks such as “spoofing” source addresses, unless specifically configured to prevent these
• Offers no user authentication

Dynamic packet filters open and close “doors” in the firewall based on header information in the data packet. Once a series of packets has passed through the “door” to it’s destination, the firewall closes the door.

Things you cannot do with packet filters include:

• URL-level filtering of http transfers,
• blocking of Java or ActiveX or other things riding on top of HTTP,
• screening FTP commands, for example to allow PUTs but not GETs,
• screening e-mail for Sendmail attack scenarios.

Bastion Host

A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be “outside” Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Linux, UNIX, VMS, Winodws, etc.) rather than a ROM-based or firmware operating system like commercial routers do.  Bastion hosts are also referred to as ”gateway hosts.”

DMZ

A Demilitarized Zone (DMZ) is a neutral zone between the private LAN and the public Internet. FTP servers, Web servers and the like are located in DMZ.

Stateful Inspection

Stateful packet filtering is an enhancement to dynamic packet filtering.  A stateful inspection firewall examines the state of any active network connections and based on this information determines what packets to accept or reject. This is an active process that does not rely on static rules. The advantages of dynamic packet filtering are that it only temporarily opens holes in the network perimeter, and has low overhead and high throughput.

Circuit Relay

 

 

 

 

 

A Circuit Relay is also called a “Circuit Level Gateway.”   It determines whether the connection between both ends is valid according to configurable rules, then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time.

Whether a connection is valid may be based upon:

• destination IP address and/or port
• source IP address and/or port
• time of day
• protocol
• user
• password

Every session of data exchange is validated and monitored and all traffic is disallowed unless a session is open.

Circuit Level Filtering takes control a step further than a Packet Filter. Among the advantages of a circuit relay is that it can make up for the shortcomings of the ultra-simple and exploitable UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

A disadvantage is that Circuit Level Filtering operates at the transport layer and may require substantial modification of the programming which normally provides transport functions (e.g. Winsock).

Proxy services

A proxy server is also called  an application gateway, or simply a proxy.  A proxy service requires two components: a proxy server and a proxy client. In this example, the proxy server runs on the dual-homed host.

 

 

 

 

 

A proxy client is a special version of a normal client program (e.g., a Telnet or FTP client) that talks to the proxy server rather than to the “real” server out on the Internet.  After connecting to the proxy, the user is authenticated to the firewall.  The proxy server evaluates requests from the proxy client, and decides which to approve and which to deny. If a request is approved, the proxy server contacts the real server on behalf of the client (thus the term “proxy”), and proceeds to relay requests from the proxy client to the real server, and responses from the real server to the proxy client. The proxies provide replacement connections and act as gateways to the services performing all data exchanges with the remote system on their behalf. This can render a host behind the firewall all but invisible to the remote system.  It is a gateway because all traffic to and from the remote node  goes through it. 

In some proxy systems, instead of installing custom client proxy software, standard software is used, but special user procedures are set up.

Transparency is the major benefit of proxy services. To the user, a proxy server presents the illusion that the user is dealing directly with the real server. To the real server, the proxy server presents the illusion that the real server is dealing directly with a user on the proxy host (as opposed to the user’s real host).

Using proxy services with a dual-homed host

Proxy works at the application (telnet, FTP, etc.) level.  For example, the FTP proxy might refuse to let users export files, or it might allow users to import files only from certain sites. Application proxies can also verify that the interaction between client and server actually conforms to the protocol in use (i.e., HTTP or FTP). The ability to verify the activities of the applications (rather than focus on packet headers) has been a selling point for proxy firewalls, which are marketed as having more control than packet filters and therefore more security. More sophisticated proxy services might allow different capabilities to different hosts, rather than enforcing the same restrictions on all hosts.  This type of firewall may also perform very detailed logging of traffic and monitoring of events on the host system, and can often be instructed to sound alarms or notify an operator under defined conditions. Because they are more involved in the connection, proxy firewalls tend to have lower performance than packet filters.

SOCKS is a proxy construction toolkit, designed to make it easy to convert existing client/server applications into proxy versions of those same applications. The Trusted Information Systems Internet Firewall Toolkit (TIS FWTK) includes proxy servers for a number of common Internet protocols, including Telnet, FTP, HTTP, rlogin, X11, and others; these proxy servers are designed to be used in conjunction with custom user procedures.

Three Myths of Firewalls

1. Firewalls make the assumption that the only way in or out of a corporate network is through the firewalls; that there are no “back doors” to your network. In practice, this is rarely the case, especially for a network which spans a large enterprise. Users may setup their own backdoors, using modems, terminal servers, or use such programs as “PC Anywhere” so that they can work from home. The more inconvenient a firewall is to your user community, the more likely someone will set up their own “back door” channel to their machine, thus bypassing your firewall.
2. Firewalls make the assumption that all of the bad guys are on the outside of the firewall, and everyone on the inside of the can be considered trustworthy. This neglects the large number of computer crimes which are committed by insiders.
3. Newly evolving systems are blurring the lines between data and executables more and more. With  macros, JavaScript, Java, and other forms executable fragments which can be embedded inside data, a security model which neglects this will leave you wide open to a wide range of attacks.

---

Lab Experiment

All work should be carried out in the Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   Use any of the PCs numbered 192.168.17.19 to .30.  No other WSU facilities are allowed. 

1. The following are links to two directories of files that can together be built as an ISO image to be burned as a bootable Linux CD.
   1. BootCD
   2. IPtables
2. The above were for a previous version of Linux kernel and distribution.  Update them and build a new bootable CD based on current versions of all needed components.

---

Lab Experiment 2

All work should be carried out in the Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   Use any of the PCs numbered 192.168.17.19 to .30.  No other WSU facilities are allowed. 

On a Windows machine that you “own”, download, install and properly configure a firewall.  There are several “well known firewalls” that are free for personal use:

1. Agnitum Outpost
2. Sygate Personal Firewall
3. Zone Alarm

Please web-search for download locations.

---

Acknowledgements

The figures are from the “Web”.

---

References

1. D. Brent Chapman & Elizabeth D. Zwicky; Building Internet Firewalls. O’Reilly & Associates. ISBN 1-56592-124-0, 517 pages.  Reference.
2. Simson Garfinkel, Gene Spafford, “Practical Unix and Internet Security,”  2nd edition (April 1996), O’Reilly & Associates; ISBN: 1565921488.  Errata: http://www.oreilly.com/catalog/puis/errata/ Chapter 21: Firewalls.  Required Reading.
3. Mark Grennan,  Firewall and Proxy Server HOWTO, Aug 21, 2000, http://www.tldp.org/HOWTO/Firewall-HOWTO.html.   Recommended Reading.
4. Microsoft, Frequently Asked Questions About Internet Firewalls, Last Updated: March 10, 2004, http://www.microsoft.com/security/protect/firewall.asp Required Reading.
5. Robert L. Ziegler, and Carl B. Constaintine, “Linux Firewalls,” 2nd Edition, ISBN: 0735710996, New Riders Publishing, October 2001. Describes how to set up a Linux based firewall. Reference.
6. R. Shirey, Internet Security Glossary, RFC 2828, www.rfc-editor.org.  Reference.

Viruses, Worms and Trojans

Unix.  The world’s first computer virus.
Title of Chapter 1 of The Unix Haters Handbook, ISBN: 1-56884-203-1

The above is indeed the title of a chapter! The book is in fact written by serious computer scientists.  Nevertheless, we must disregard the suggestion that Unix is a virus as an attempt at being hilarious.  Equally unhelpful are the news media that use the term virus in referring to any piece of malicious software. The academic world uses the term “malware” for these.  Rigorous definitions have been given by many computer security experts but they do not match the typical use even by other security experts.  Thus, we must settle for practical “definitions” of malicious software.

Definitions

• Security tools are designed to be used to protect computer systems and networks.  These can also be used by unauthorized individuals to probe for weaknesses.  Many of the programs that fall in the malware categories below have benevolent uses. For example, worms can be used to distribute computation on idle processors; back doors are useful for debugging programs; and viruses can be written to update source code and patch bugs.  The purpose, not the approach, makes a program malicious.
• Back doors, sometimes called trap doors, allow unauthorized access to your system.
• Logic bombs are programmed threats that lie dormant for an extended period of time until they are triggered; at this point, they perform a function that is not the intended function of the program in which they are contained. Logic bombs usually are embedded in programs by software developers who have legitimate access to the system.
• Viruses are “programs” that modify other programs on a computer, inserting copies of themselves.  A program is a file that adheres to a strict description of how its content is organized.  On Linux systems, the ELF document of some 50-pages describes this format.  In this sense, viruses are not programs - they cannot run on their own, and need to become part of some host program.  When such an infected program is executed, the virus attaches itself to another and so on.
• A worm is a malicious program that copies itself from one computer to another on a network. A worm is an independent program, in the sense described above, unlike a virus which is a part-program that must insert itself into a whole-program. A worm typically does not modify other programs.  A typical worm may carry other code, including programs and viruses.
• Trojan horses are programs that appear to have one function but actually perform another function. Trojan horses are named after the Trojan horse of the Greek Trojan War.
• Bacteria, or rabbit programs, make copies of themselves to overwhelm a computer system’s resources. Bacteria do not explicitly damage any files. Their sole purpose is to replicate themselves. A typical bacteria program may do nothing more than execute two copies of itself simultaneously on multiprogramming systems, or perhaps create two new files, each of which is a copy of the original source file of the bacteria program. Both of those programs then may copy themselves twice, and so on. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying the user access to those resources.
• A dropper is a program that is not a virus, nor is it infected with a virus, but when run it installs a virus into memory, on to the disk, or into a file. Droppers have been written sometimes as a convenient carrier for a virus, and sometimes as an act of sabotage. Some anti-virus programs try to detect droppers.
•  [From http://securityresponse.symantec.com/avcenter/refa.html ] “Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:
  * Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
  * Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
  * Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
  * Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
  * Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
  Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.”

Virus Varieties

Stealth Virus

A stealth virus  has code in it that seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it.  The stealth virus adds itself to a file or boot sector but, when you examine, it appears normal and unchanged. The stealth virus performs this trickery by staying in memory after it is executed. From there, it monitors and intercepts your system calls. When the system seeks to open an infected file, the stealth virus displays the uninfected version, thus hiding itself.

Macro Viruses

Macro languages are (often) equal in power to ordinary programming languages such as C.  A program written in a macro language is interpreted by the application.  Macro languages are conceptually no different from so-called scripting languages.  Gnu Emacs uses Lisp, most Microsoft applications use Visual Basic Script as macro languages. The typical use of a macro in applications, such as MS Word, is to extend the features of the application. Some of these macros, known as auto-execute macros, are executed in response to some event, such as opening a file, closing a file, starting an application, and even pressing a certain key.  A macro virus is a piece of self-replicating code inserted into an auto-execute macro. Once a macro is running, it copies itself to other documents, delete files, etc.  Another type of hazardous macro is one named for an existing command of the application.  For example, if a macro named FileSave exists in the “normal.dot” template of MS Word, that macro is executed whenever you choose the Save command on the File menu. Unfortunately, there is often no way to disable such features.

In May 2000, an OutLook mail program macro virus called LOVELETTER propagated widely. 

Unix/Linux Viruses

The most famous of  the security incidents in the last decade was the Internet Worm incident which began from a Unix system.  But Unix systems were considered virus-immune — not so.  Several Linux viruses have been discovered. The Staog virus first appeared in 1996 and was written in assembly language by the VLAD virus writing group, the same group responsible for creating the first Windows 95 virus called Boza.

Like the Boza virus, the Staog virus is a proof-of-concept virus to demonstrate the potential of Linux virus writing without actually causing any real damage. Still, with the Staog assembly language source code floating around the Internet, other virus writers are likely to study and modify the code to create new strains of Linux viruses in the future.

The second known Linux virus is called the Bliss virus. Unlike the Staog virus, the Bliss virus can not only spread in the wild, but also possesses a potentially dangerous payload that could wipe out data.

While neither virus is a serious threat to Linux systems, Linux and other Unix systems will not remain  virus-free.  Fortunately, Linux virus writing is more difficult than macro virus writing for Windows, so the greatest virus threat still remains with Windows.  [July 2000, http://www.boardwatch .com/ mag/ 2000/ jul/ bwm142pg2.html ]

Spreading Malware via the Internet

Whereas a Trojan horse is delivered pre-built, a virus infects.  In the past, such malicious programs arrived via tapes and disks, and the spread of a virus around the world took many months.  Antivirus companies had time to identify a new viral strain, and create cleaning procedures.  Today, Trojan horses, and viruses are network deliverable as E-mail, Java applets, ActiveX controls, JavaScripted pages, CGI-BIN scripts, or as self-extracting packages. 

Integrated mail systems such as Microsoft Outlook make it very simple to send not only a quick note edited within a limited text editor but also previously composed computer documents of arbitrary complexity to anyone, and to work with objects that you receive via standards such as MIME. They also support application programming interfaces (such as MAPI) that allow programs to send and process mail automatically. Well over 500 million E-mail messages are delivered daily in July 2000.

Mobile-program systems are becoming more and more widespread.  The most widely-hyped examples today are Java and ActiveX.  This technology became popular with Web servers and browsers, but it is now integrated (e.g., Java into Lotus Notes, and ActiveX into Outlook) mail systems. Both Java and ActiveX have been found to have security bugs.

Structure of Viruses

Here is a simple structure of a virus.  In the infected binary, at a known byte location in the file, a virus inserts a signature byte used to determine if a potential carrier program has been previously infected.

V()
{
  infectExecutable();
  if (triggered()) {
    doDamage();
  }
  jump to main of infected program;
}

void infectExecutable()
{
 file = chose an uninfected executable file;
 prepend V to file;
}

void doDamage() {
   …
}

int triggered()
{
  return (some test? 1 : 0);
}

The above virus makes the infected file longer than it was, making it easy to spot.  There are many techniques to leave the file length and even a check sum unchanged and yet infect.  For example, many executable files often contain long sequences of zero bytes, which can be replaced by the virus and re-generated.  It is also possible to compress the original executable code like the typical Zip programs do, and uncompress before execution and pad with bytes so that the check sum comes out to be what it was.

Virus Detection

Known viruses are by far the most common security problem on modern computer systems. Several web sites maintain complete lists of known viruses.  There are thousands.  Visit, e.g., www.cai.com/ virusinfo/ encyclopedia/.  In the month of July 2000, there were 200+ “PC Viruses in the Wild” (www. wildlist. org).  Virus detection programs analyze a suspect program for the presence of known viruses.

Fred Cohen has proven mathematically that perfect detection of unknown viruses is impossible: no program can look at other programs and say either “a virus is present” or “no virus is present”, and always be correct. But, in the real world, most new viruses are sufficiently like old viruses that the same sort of scanning that finds known viruses also finds the new ones. And there are a large number of heuristic tricks that anti-virus programs use to detect new viruses, based either on how they look, or what they do. These heuristics are only sometimes successful, but since brand-new viruses are comparatively rare, they are sufficient to the purpose.

Virus scanners are sometimes classified by their “generation.”  The first generation virus scanners used previously obtained a virus signature, a bit pattern, to detect a known virus. They record and check the length of all executables. The second generation scans executables with heuristic rules, looking, e.g., for fragments of code associated with a typical virus. They also do integrity checking by calculating a checksum of a program and storing somewhere else the encrypted checksum. The third generation use a memory resident program to monitor the execution behavior of programs to identify a virus by the types of action that the virus takes. The fourth Generation Virus Detection combines all previous approaches and includes access control capabilities.

It is very educational to study the details of a scanner.  The paper by Sandeep Kumar, and Gene Spafford, “A Generic Virus Scanner in C++,” Proceedings of the 8th Computer Security Applications Conference, IEEE Press, Piscataway, NJ; pp. 210-219, 2-4 Dec 1992 [Local copy .pdf] is Required Reading.

---

Lab Experiment

None.

---

References

1. Vesselin Bontchev, Future Trends in Virus Writing, 1994, IFIP TC-11, www.commandcom.com/ virus/ trends.html  Recommended Reading.
2. Virus Bulletin is the technical journal on developments in the field of computer viruses and anti-virus products, www.virusbtn.com/VirusInformation/  Reference.
3. Simson Garfinkel, Gene Spafford, Practical Unix and Internet Security, 2nd edition (April 1996), O’Reilly & Associates; ISBN: 1565921488.  www.oreilly.com/catalog/puis/errata/  Chapter 11. Protecting Against Programmed Threats.  Required Reading.
4. Sandeep Kumar, and Gene Spafford, “A Generic Virus Scanner in C++,” Proceedings of the 8th Computer Security Applications Conference;  IEEE Press, Piscataway, NJ; pp. 210-219, 2-4 Dec 1992. [Local copy .pdf]  Required Reading.
5. Steve R. White, Morton Swimmer, Edward J. Pring, William C. Arnold, David M. Chess, John F. Morar, “Anatomy of a Commercial-Grade Immune System,” 1999, www.research.ibm.com/ antivirus/ SciPapers/ White/Anatomy/anatomy.html   The site (www.research.ibm.com/ antivirus/) has many other excellent articles.  Recommended Reading.
6. Dark Angel, “(Phalcon/Skism)Virus Writing Tutorials,” http://www.sirkussystem.com/virus.html  Required Reading.
7. Matthew G. Schultz, Eleazar Eskin, Erez Zadok, Manasi Bhattacharyya, and Salvatore J. Stolfo, “MEF: Malicious Email Filter A UNIX Mail Filter that Detects Malicious Windows Executables,” Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, June 25-30, 2001, Boston, Masssachusetts, USA; http://www.usenix.org/publications/library/proceedings/ usenix01/ freenix01/ schultz/ schultz_html/ index.html Reference.

Personal Security and Privacy on the Web

“On the Internet, Nobody knows you’re a dog.  True or False?”

Privacy and security are siblings.  The WWW has brought the Internet to every computer with a modem or a NIC. What is not as widely known is the loss of privacy and security it has caused. This lecture describes these issues, and present some measures that individuals can take.

In the real world you have the power to choose when and to whom you reveal certain parts of your identity. But on the Internet the digital footprints you leave can be tracked and compiled without your knowledge or consent.

Overview

“Internet security is akin to a three-tiered cake. The top layer is the Internet as a network, and this was the weak point hackers exploited in the February 2000 denial of service attack [on popular Internet sites, including Yahoo.com and Amazon.com]. The attack was composed of an excessive number of false, computer-generated hits on a given Web site causing the site to overload, and become unavailable to customers. The second layer of the cake is transactional security, or what is commonly called e-commerce and personal identity. This includes the question of who, really, sent you an email, or whose Web site are you accessing. The third layer of the Internet security cake is personal privacy, represented by encryption such as PGP. These three separate areas are commonly lumped together in discussions but must be understood independently to properly discern the Internet security issues.”  [From “Internet Security and the Courts”, Bradley J. Hillis, June 8, 2000, www.jurist. law.pitt.edu/ courttech4.htm.]

The talk by Mateti gives you an overview of personal security and privacy.  [Prabhaker Mateti, “Personal Security and Privacy on the Web,” June 2000, slides: HTML | ppt.  Required Reading.]

There are now numerous web sites educating the public on internet privacy.  Here are a few recommended sites:

• ACLU on Privacy, http://aclu.org/issues/privacy/hmprivacy.html
• Internet Privacy Coalition,  http://www.privacy.org/
• Privacy improving tools, www.junkbusters.com
• Pretty Good Privacy, http://web.mit.edu/network/pgp.html

Freedom

Publius Censorship Resistant Publishing System

The Publius software allows anyone with a Web browser to post a file online, with almost no fear of being traced or of having the content removed from the system without permission.  AT&T is supporting this online system designed to let Web surfers publish any content without fear of censorship.

Publius works by breaking a file into small pieces, making many different copies of each piece, and then distributing them individually across a network of volunteer Web servers. It is like putting a photograph on a jigsaw puzzle, making copies, taking the puzzle apart, and then hiding all of the individual pieces.  Using strong encryption, Publius develops the equivalent of a Web address, or URL, where the content can be “found.” The address contains coded instructions for finding all the hidden pieces and putting them back together. The address cannot be used to track down the original author or to track down all the individual pieces and delete them, however.

Authors can update the content themselves, but the URL coding system can detect whether unauthorized changes have been made to the content. A setting also allows the content publishers to keep even themselves from deleting files from the network, lest they are afraid of being coerced by some authorities at a future date.

[http://cs1.cs.nyu.edu/waldman/publius/  Recommended visit.]

Freenet

(Please note that there are organizations which include “freenet” as a substring in their names but unrelated to the following.)

Freenet is a peer-to-peer network designed to allow the distribution of information over the Internet in an efficient manner, without fear of censorship.  Freenet is completely decentralized, meaning that there is no person, computer, or organisation in control of Freenet or essential to its operation. This means that Freenet cannot be attacked like centralized peer-to-peer systems such as Napster. Freenet also employs intelligent routing and caching meaning that it learns to route requests more efficiently, automatically mirrors popular data, makes network flooding almost impossible, and moves data to where it is in greatest demand. All of this makes it much more efficient and scalable than systems such as Gnutella.  Ian Clarke,Brandon Wiley, Oskar Sandberg and Theodore W. Hong, “Freenet: A Distributed Anonymous Information Storage and Retrieval System”,  ICSI Workshop on Design Issues in Anonymity and Unobservability, July 25-26, Berkeley, California. [freenet.sourceforge.net/ index.php? page=theoppr  Required Reading.]

The Intermemory Initiative

“A planetary memory for all mankind is coming…  The initiative aims to develop highly survivable and available storage systems made up of widely distributed processors that are individually unreliable and untrustworthy — with the overall system nevertheless secure. Inspired by the Internet and Web, this project targets self-organization, self-maintenance, and effective administration in the absence of central control. It is basic research in the area of Internet distributed algorithms and protocols, and may lead someday to a standard for information archives — an important component of digital libraries.”  [www.intermemory.org/  Recommended visit.]

Cyber-Snooping

There is now (June 2000) commercially available software that covertly records every key an employee touches, and then tells the boss.   In fact, if you try to delete the keys out and back space over them, the software has a facility to unwork that…so you cannot delete what you were typing and get away with it.

---

Lab Experiment

None.

---

References

1. ACLU, “Privacy Rights Pocket Card,“  tips for protecting your own right to privacy.  aclu.org/ action/ privcard.html.  Required Reading.
2. Ian Clarke, Brandon Wiley, Oskar Sandberg and Theodore W. Hong, “Freenet: A Distributed Anonymous Information Storage and Retrieval System”,  ICSI Workshop on Design Issues in Anonymity and Unobservability, July 25-26, Berkeley, California. freenet.sourceforge.net/ index.php? page=theoppr  Required Reading.
3. Federal Trade Commission, Privacy Online: A Report to Congress, June 1998, http://www.ftc.gov/ reports/ privacy3/ toc.htm  Recommended Reading.
4. Simson Garfinkel, “Database Nation: The Death of Privacy in the 21st Century”, http://simson.net/2048.  Recommended Reading.
5. Reading list from Harvard, http://cyber.law.harvard.edu/ltac98/topic3-privacy.html  Reference.
6. M. E. Kabay, “Anonymity and Pseudonymity in Cyberspace: Deindividuation, Incivility and Lawlessness Versus Freedom and Privacy,” Annual Conference of the European Institute for Computer Anti­virus Research (EICAR), Munich, Germany 16­8 March 1998. [Local copy .pdf] Recommended  Reading.
7. Prabhaker Mateti, “Personal Security and Privacy on the Web,” June 2000, slides: HTML | ppt.  Required Reading.

Ethics in Internet Security

We describe our statement of ethics, and present a brief discussion of what ethics is in the context of Internet security.  In this article, there are many more questions than there are answers.  Our goal in including the topic of ethics in a course on Internet security is not to provide answers to ethical dliemmas you may have but to raise your level of awareness. 

The Meaning of Ethics

From http://www.m-w.com/cgi-bin/dictionary:  Main Entry: eth·ic Pronunciation: ‘e-thik Function: noun Etymology: Middle English ethik, from Middle French ethique, from Latin ethice, from Greek EthikE, from Ethikos Date: 14th century  1 plural but singular or plural in construction : the discipline dealing with what is good and bad and with moral duty and obligation 2 a : a set of moral principles or values b : a theory or system of moral values <the present-day materialistic ethic> c plural but singular or plural in construction : the principles of conduct governing an individual or a group <professional ethics> d : a guiding philosophy

The Macquarie Dictionary says:  ethics - a system of moral principles, by which human actions and proposals may be judged good or bad or right or wrong (may refer to a particular class of actions - e.g. professional) [derived from a Greek word meaning moral] morals - principles or habits with respect to right or wrong conduct [derived from a Latin word meaning manners or customs]

As you can see the dictionaries are not helpful in distinguishing between “ethics” and “morals”. A few years ago, sociologist Raymond Baumhart asked business people “What does ethics mean to you?” Among their replies were the following:
“Ethics has to do with what my feelings tell me is right or wrong.”
“Ethics has to do with my religious beliefs.”
“Being ethical is doing what the law requires.”
“Ethics consists of the standards of behavior our society accepts.”
“I don’t know what the word means.”
These replies might be typical of our own. The meaning of “ethics” is hard to pin down, and the views many people have about ethics are difficult to articulate.  Like Baumhart’s first respondent, many people tend to equate ethics with their feelings. But being ethical clearly is not a matter of following one’s feelings. A person following his or her feelings may recoil from doing what is right. In fact, feelings frequently deviate from what is ethical.
Ethics and religion are often coupled in ones mind because of our upbringing.  But ethics is not confined to religion, nor is it the same as religion.  Most religions, of course, advocate high ethical standards. Ethics applies as much to the behavior of the atheist as to that of the saint.

Being ethical also is not following the law. The law often incorporates ethical standards to which most citizens subscribe. But laws, like feelings, can deviate from what is ethical. American pre-Civil-War slavery laws and the apartheid laws of  South Africa, are grotesquely obvious examples of laws that deviate from what is ethical.
In the context of security and privacy, let us focus on ethics only.  Practical ethics through basic philosophy includes three elements: ethical thought; ethical definition; and ethical values.  If a person conceives of, say, engineering activity, as only making money, for example, then one’s definition of practical ethics, one’s actions and values will, be guided by this basic philosophical position.  Ethics is defined as a set of rules that clarify right conduct from wrong conduct.

Example Questions of Ethics

Here are a few examples.  Each of you need to discover your own answers, and the answers that our community gives, and how they change.

• Inserting oneself into a communication link between two other users, without their knowledge, is ok to do if the two users are terrorists.
• I was looking at my professor’s .emacs to learn how he setup his Emacs.  Then, I noticed that his Exams/ directory was read-open.  All the files were those of previous terms.  So I made a copy of his directory.
• I bought a PC that came with a Windows 2000 CD.   I don’t care for Win 2000, so I reformatted my hard disk and installed Linux on it.  I gave my CD to a friend who wanted to upgrade from Win 98.
• I was curious how Nessus would work.  On a real network.  So, I tried it from a lab.  Unplugged a PC, plugged in my laptop and started the scan.  Wow! How many alerts that it showed!  Ooops! It also crashed a few machines.
• Three years ago Diane started her own consulting business. She has been so successful that she now has several people working for her and many clients. Their consulting work includes advising on how to network microcomputers, designing database management systems, and advising about security.

  Presently she is designing a database management system for the personnel office of’a medium-sized company. Diane has involved the client in the design process, informing the CEO, the director of computing, and the director of personnel about the progress of the system. It is now time to make decisions about the kind and degree of security to build into the system. Diane has described several options to the client. Because the system is going to cost more than they planned, the client has decided to opt for a less secure system. She believes the information they will be storing is extremely sensitive. It will include performance evaluations, medical records for filing insurance claims, salaries, and so forth.

  With weak security, employees working on microcomputers may be able to figure out ways to get access to this data, not to mention the possibilities for on-line access from hackers. Diane feels strongly that the system should be much more secure. She has tried to explain the risks, but the CEO, director of computing and director of personnel all agree that less security will do. What should she do? Should she refuse to build the system as they request?  (Adapted from: Johnson, D. G. Computer Ethics, Second Ed. Prentice Hall, Englewood Cliffs, N.J., 1993.)[From http://www.onlineethics.org/privacy/scene3.html]

Is Ethics Private or Community Based?

Being ethical is not the same as doing “whatever our society accepts.” In any society, most people accept standards that are, in fact, ethical. But standards of behavior in society can deviate from what is ethical. An entire society can become ethically corrupt. Nazi Germany is a good example of an ethically corrupt society.

Squealing

Suppose you have come across a behavior of a colleague that in your mind is clearly unethical.  Should you squeal?  Why is it that squealing has such a negative connotation?

Under what circumstances is it either permissible or required for a technician repairing a computer to report the contents of files found there? A recent case of the firing of a Harvard administrator who had pornographic files on his university-owned computer raises questions of privacy and whistle-blowing.

That Which is Not Yours

Ownership of many things, such as your car, books, computer, etc., is usually quite clear.  Do you own the air?  When you buy a piece of software, what is it that you own?  The use of it — or, beyond that?  If you could reverse engineer the source code of the program, is the source now yours?

We are also usually clear that we must not enter someone’s house just because they left their back door wide open.  If my files are read open, should you assume that you are allowed to read?  What if they were also writeable? If my computer account has no password, should you login as me?

Sharing that Which is Yours

Protecting that Which is Yours

Nearly all present day effort in Internet security in “securing” computer systems, networks, web sites, etc. hopes to protect that which is theirs.

You stole it from me, so I can steal it back.  Is this attitude ethical?

Reasons for Hacking

To computer wizards, the term “hacker” is reserved for unusually clever programmers. To them, the electronic burglars who break into computers aren’t hackers but “crackers.”

Theft of services: The first reason is theft of service, if a system offers some type of service and a hacker has a use for it, they will hack the system. Examples of such systems are on-line information networks (CompuServe, America On-line, and Prodigy).

Take valuable files: The second reason a hacker may hack into a system is to take valuable files, e.g., credit-card numbers, or info on operation of telecommunication systems.

Vengeance and hate: Another reason for hacking is vengeance and hatred.

Thrill and excitement: The forth reason hackers break into systems is for the thrill and excitement of being somewhere you are not authorized to be.

For knowledge and experiment: The final reason why hackers do what they do is just for knowledge and experiment. Hackers learn great deal every time they break into a new type of system.

---

ACM Code of Ethics and Professional Conduct

Preamble

Commitment to ethical professional conduct is expected of every member (voting members, associate members, and student members) of the Association for Computing Machinery (ACM).

This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment. It contains many, but not all, issues professionals are likely to face.Section 1 outlines fundamental ethical considerations, while Section 2 addresses additional, more specific considerations of professional conduct. Statements in Section 3 pertain more specifically to individuals who have a leadership role, whether in the workplace or in a volunteer capacity such as with organizations like ACM. Principles involving compliance with this Code are given in Section 4.

The Code shall be supplemented by a set of Guidelines, which provide explanation to assist members in dealing with the various issues contained in the Code. It is expected that the Guidelines will be changed more frequently than the Code.

The Code and its supplemented Guidelines are intended to serve as a basis for ethical decision making in the conduct of professional work. Secondarily, they may serve as a basis for judging the merit of a formal complaint pertaining to violation of professional ethical standards.

It should be noted that although computing is not mentioned in the imperatives of Section 1, the Code is concerned with how these fundamental imperatives apply to one’s conduct as a computing professional. These imperatives are expressed in a general form to emphasize that ethical principles which apply to computer ethics are derived from more general ethical principles.

It is understood that some words and phrases in a code of ethics are subject to varying interpretations, and that any ethical principle may conflict with other ethical principles in specific situations. Questions related to ethical conflicts can best be answered by thoughtful consideration of fundamental principles, rather than reliance on detailed regulations.

1. GENERAL MORAL IMPERATIVES.

As an ACM member I will ….

1.1 Contribute to society and human well-being.

This principle concerning the quality of life of all people affirms an obligation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health and safety. When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and will avoid harmful effects to health and welfare.

In addition to a safe social environment, human well-being includes a safe natural environment. Therefore, computing professionals who design and develop systems must be alert to, and make others aware of, any potential damage to the local or global environment.

1.2 Avoid harm to others.

“Harm” means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: users, the general public, employees, employers. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems of “computer viruses.”

Well-intended actions, including those that accomplish assigned duties, may lead to harm unexpectedly. In such an event the responsible person or persons are obligated to undo or mitigate the negative consequences as much as possible. One way to avoid unintentional harm is to carefully consider potential impacts on all those affected by decisions made during design and implementation.

To minimize the possibility of indirectly harming others, computing professionals must minimize malfunctions by following generally accepted standards for system design and testing. Furthermore, it is often necessary to assess the social consequences of systems to project the likelihood of any serious harm to others. If system features are misrepresented to users, coworkers, or supervisors, the individual computing professional is responsible for any resulting injury.

In the work environment the computing professional has the additional obligation to report any signs of system dangers that might result in serious personal or social damage. If one’s superiors do not act to curtail or mitigate such dangers, it may be necessary to “blow the whistle” to help correct the problem or reduce the risk. However, capricious or misguided reporting of violations can, itself, be harmful. Before reporting violations, all relevant aspects of the incident must be thoroughly assessed. In particular, the assessment of risk and responsibility must be credible. It is suggested that advice be sought from other computing professionals. See principle 2.5 regarding thorough evaluations.

1.3 Be honest and trustworthy.

Honesty is an essential component of trust. Without trust an organization cannot function effectively. The honest computing professional will not make deliberately false or deceptive claims about a system or system design, but will instead provide full disclosure of all pertinent system limitations and problems.

A computer professional has a duty to be honest about his or her own qualifications, and about any circumstances that might lead to conflicts of interest.

Membership in volunteer organizations such as ACM may at times place individuals in situations where their statements or actions could be interpreted as carrying the “weight” of a larger group of professionals. An ACM member will exercise care to not misrepresent ACM or positions and policies of ACM or any ACM units.

1.4 Be fair and take action not to discriminate.

The values of equality, tolerance, respect for others, and the principles of equal justice govern this imperative. Discrimination on the basis of race, sex, religion, age, disability, national origin, or other such factors is an explicit violation of ACM policy and will not be tolerated.

Inequities between different groups of people may result from the use or misuse of information and technology. In a fair society,all individuals would have equal opportunity to participate in, or benefit from, the use of computer resources regardless of race, sex, religion, age, disability, national origin or other such similar factors. However, these ideals do not justify unauthorized use of computer resources nor do they provide an adequate basis for violation of any other ethical imperatives of this code.

1.5 Honor property rights including copyrights and patent.

Violation of copyrights, patents, trade secrets and the terms of license agreements is prohibited by law in most circumstances. Even when software is not so protected, such violations are contrary to professional behavior. Copies of software should be made only with proper authorization. Unauthorized duplication of materials must not be condoned.

1.6 Give proper credit for intellectual property.

Computing professionals are obligated to protect the integrity of intellectual property. Specifically, one must not take credit for other’s ideas or work, even in cases where the work has not been explicitly protected by copyright, patent, etc.

1.7 Respect the privacy of others.

Computing and communication technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Furthermore, procedures must be established to allow individuals to review their records and correct inaccuracies.

This imperative implies that only the necessary amount of personal information be collected in a system, that retention and disposal periods for that information be clearly defined and enforced, and that personal information gathered for a specific purpose not be used for other purposes without consent of the individual(s). These principles apply to electronic communications, including electronic mail, and prohibit procedures that capture or monitor electronic user data, including messages,without the permission of users or bona fide authorization related to system operation and maintenance. User data observed during the normal duties of system operation and maintenance must be treated with strictest confidentiality, except in cases where it is evidence for the violation of law, organizational regulations, or this Code. In these cases, the nature or contents of that information must be disclosed only to proper authorities.

1.8 Honor confidentiality.

The principle of honesty extends to issues of confidentiality of information whenever one has made an explicit promise to honor confidentiality or, implicitly, when private information not directly related to the performance of one’s duties becomes available. The ethical concern is to respect all obligations of confidentiality to employers, clients, and users unless discharged from such obligations by requirements of the law or other principles of this Code.

2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.

As an ACM computing professional I will ….

2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.

Excellence is perhaps the most important obligation of a professional. The computing professional must strive to achieve quality and to be cognizant of the serious negative consequences that may result from poor quality in a system.

2.2 Acquire and maintain professional competence.

Excellence depends on individuals who take responsibility for acquiring and maintaining professional competence. A professional must participate in setting standards for appropriate levels of competence, and strive to achieve those standards. Upgrading technical knowledge and competence can be achieved in several ways: doing independent study; attending seminars, conferences, or courses; and being involved in professional organizations.

2.3 Know and respect existing laws pertaining to professional work.

ACM members must obey existing local, state, province, national, and international laws unless there is a compelling ethical basis not to do so. Policies and procedures of the organizations in which one participates must also be obeyed. But compliance must be balanced with the recognition that sometimes existing laws and rules may be immoral or inappropriate and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept responsibility for one’s actions and for the consequences.

2.4 Accept and provide appropriate professional review.

Quality professional work, especially in the computing profession, depends on professional reviewing and critiquing. Whenever appropriate, individual members should seek and utilize peer review as well as provide critical review of the work of others.

2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.

Computer professionals must strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Computer professionals are in a position of special trust, and therefore have a special responsibility to provide objective, credible evaluations to employers, clients, users, and the public. When providing evaluations the professional must also identify any relevant conflicts of interest, as stated in imperative 1.3.

As noted in the discussion of principle 1.2 on avoiding harm, any signs of danger from systems must be reported to those who have opportunity and/or responsibility to resolve them. See the guidelines for imperative 1.2 for more details concerning harm,including the reporting of professional violations.

2.6 Honor contracts, agreements, and assigned responsibilities.

Honoring one’s commitments is a matter of integrity and honesty. For the computer professional this includes ensuring that system elements perform as intended. Also, when one contracts for work with another party, one has an obligation to keep that party properly informed about progress toward completing that work.

A computing professional has a responsibility to request a change in any assignment that he or she feels cannot be completed as defined. Only after serious consideration and with full disclosure of risks and concerns to the employer or client, should one accept the assignment. The major underlying principle here is the obligation to accept personal accountability for professional work. On some occasions other ethical principles may take greater priority.

A judgment that a specific assignment should not be performed may not be accepted. Having clearly identified one’s concerns and reasons for that judgment, but failing to procure a change in that assignment, one may yet be obligated, by contract or by law, to proceed as directed. The computing professional’s ethical judgment should be the final guide in deciding whether or not to proceed. Regardless of the decision, one must accept the responsibility for the consequences.

However, performing assignments “against one’s own judgment” does not relieve the professional of responsibility for any negative consequences.

2.7 Improve public understanding of computing and its consequences.

Computing professionals have a responsibility to share technical knowledge with the public by encouraging understanding of computing, including the impacts of computer systems and their limitations. This imperative implies an obligation to counter any false views related to computing.

2.8 Access computing and communication resources only when authorized to do so.

Theft or destruction of tangible and electronic property is prohibited by imperative 1.2 - “Avoid harm to others.” Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files associated with those systems, without explicit authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another’s computer system, software, or data files without permission. One must always have appropriate approval before using system resources, including communication ports, file space, other system peripherals, and computer time.

3. ORGANIZATIONAL LEADERSHIP IMPERATIVES.

As an ACM member and an organizational leader, I will ….

3.1 Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.

Because organizations of all kinds have impacts on the public, they must accept responsibilities to society. Organizational procedures and attitudes oriented toward quality and the welfare of society will reduce harm to members of the public, thereby serving public interest and fulfilling social responsibility. Therefore, organizational leaders must encourage full participation in meeting social responsibilities as well as quality performance.

3.2 Manage personnel and resources to design and build information systems that enhance the quality of working life.

Organizational leaders are responsible for ensuring that computer systems enhance, not degrade, the quality of working life. When implementing a computer system, organizations must consider the personal and professional development, physical safety, and human dignity of all workers. Appropriate human-computer ergonomic standards should be considered in system design and in the workplace.

3.3 Acknowledge and support proper and authorized uses of an organization’s computing and communication resources.

Because computer systems can become tools to harm as well as to benefit an organization, the leadership has the responsibility to clearly define appropriate and inappropriate uses of organizational computing resources. While the number and scope of such rules should be minimal, they should be fully enforced when established.

3.4 Ensure that users and those who will be affected by a system have their needs clearly articulated during the assessment and design of requirements; later the system must be validated to meet requirements.

Current system users, potential users and other persons whose lives may be affected by a system must have their needs assessed and incorporated in the statement of requirements. System validation should ensure compliance with those requirements.

3.5 Articulate and support policies that protect the dignity of users and others affected by a computing system.

Designing or implementing systems that deliberately or inadvertently demean individuals or groups is ethically unacceptable. Computer professionals who are in decision making positions should verify that systems are designed and implemented to protect personal privacy and enhance personal dignity.

3.6 Create opportunities for members of the organization to learn the principles and limitations of computer systems.

This complements the imperative on public understanding (2.7). Educational opportunities are essential to facilitate optimal participation of all organizational members. Opportunities must be available to all members to help them improve their knowledge and skills in computing, including courses that familiarize them with the consequences and limitations of particular types of systems. In particular, professionals must be made aware of the dangers of building systems around oversimplified models, the improbability of anticipating and designing for every possible operating condition, and other issues related to the complexity of this profession.

4. COMPLIANCE WITH THE CODE.

As an ACM member I will ….

4.1 Uphold and promote the principles of this Code.

The future of the computing profession depends on both technical and ethical excellence. Not only is it important for ACM computing professionals to adhere to the principles expressed in this Code, each member should encourage and support adherence by other members.

4.2 Treat violations of this code as inconsistent with membership in the ACM.

Adherence of professionals to a code of ethics is largely a voluntary matter. However, if a member does not follow this code by engaging in gross misconduct, membership in ACM may be terminated.

This Code and the supplemental Guidelines were adopted by the ACM Council on October 16, 1992.

---

IEEE Code of Ethics

We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree:

1. to accept responsibility in making engineering decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;

2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;

3. to be honest and realistic in stating claims or estimates based on available data;

4. to reject bribery in all its forms; 

5. to improve the understanding of technology, its appropriate application, and potential consequences;

6. to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;

7. to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;

8. to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;

9. to avoid injuring others, their property, reputation, or employment by false or malicious action;

10. to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.

Approved by the IEEE Board of Directors, August 1990

---

The Hacker’s Code

This is an evolving draft available at http://ils.unc.edu/gbnewby/code.

Preamble: Hackers are diverse, from all cultures and backgrounds. Every hacker is unique, yet we all share some characteristics. While not every hacker follows this Code, many believe it is a fair description of our shared traditions, goals and values.

1. Hackers share and are willing to teach their knowledge.
2. Hackers are skilled. Many are self-taught, or learn by interacting with other hackers.
3. Hackers seek knowledge. This knowledge may come from unauthorized or unusual sources, and is often hidden.
4. Hackers are tinkerers. They like to understand how things work, and want to make their own improvements or modifications.
5. Hackers often disagree with authority, including parents, employers, social customs and laws. They often seek to get around authority they disagree with.
6. Hackers disagree with each other. Different hackers have different values, and come from all backgrounds. This means that what one hacker is opposed to might be embraced by another.
7. Hackers are persistent, and are willing to devote hours, days and years to pursuing their individual passions.
8. This Code is not to prescribe how hackers act. Instead, it is to help us to recognize our own diversity and identity.
9. Every hacker must make his or her own decisions about what is right or wrong, and some might do things they believe are illegal, amoral or anti-social.
10. Hackers’ motivations are their own, and there is no reason for all hackers to agree.
11. Hackers have a shared identity, however, and many shared interests.
12. By reading this Code, hackers can recognize themselves and each other, and understand better the group they are a part of.

---

Hackers: Heroes of the Computer Revolution

Steven Levy published this book in 1984. Anchor Books; ISBN: 0385191952; 1st Ed. edition (November 1984).   Editorial Reviews of Amazon.com describes the book as follows.

Steven Levy’s classic book explains why the misuse of the word “hackers” to describe computer criminals does a terrible disservice to many important shapers of the digital revolution. Levy follows members of an MIT model railroad club–a group of brilliant budding electrical engineers and computer innovators–from the late 1950s to the mid-1980s. These eccentric characters used the term “hack” to describe a clever way of improving the electronic system that ran their massive railroad. And as they started designing clever ways to improve computer systems, “hack” moved over with them. These maverick characters were often fanatics who did not always restrict themselves to the letter of the law and who devoted themselves to what became known as “The Hacker Ethic.” The book traces the history of hackers, from finagling access to clunky computer-card-punching machines to uncovering the inner secrets of what would become the Internet. This story of brilliant, eccentric, flawed, and often funny people devoted to their dream of a better world will appeal to a wide audience.

Levy in this book lists the following hacker tenets:

1. Access to computers should be unlimited and total.
2. Always yield to the Hands-On Imperative
3. All information should be free.
4. Mistrust authority — promote decentralization.
5. Hackers should be judged by their hacking.
6. You can create art and beauty on a computer.
7. Computers can change your life for the better.

Do you subscribe any of them?  Why? Why not?

---

References

1. Dissident, “The Ethics of Hacking.” An opinion on hacking ethically.  Date unknown.  www.attrition.org/ ~modify/ texts/ hacking_texts/ hacethic.txt     [local copy]   Required Reading.
2. “Ethical Navigations through Virtual Technologies” Astrolabe project, Ohio State University, is about ethics and values issues involved in the development and use of  technologies.  Their “topics page” lists more than a dozen areas.  One of them is Hacker Ethics. Required visit.
3. “Instructional Resources in Engineering Ethics, Computer Ethics & Research Ethics,” an excellent web site. http://onlineethics.org/edu/instruct.html Recommended visit.
4. Hacker Sitings and News, http://www.infowar.com/hacker/hacker.shtml  Recommended visit.
5. “Ethics in Computing,” http://courses.ncsu.edu/classes-a/computer_ethics/.  Recommended visit.