Issues in Email Hacking - Essay Example

?Email Hacking Introduction Information is one of the most fundamental necessities of every individual in the contemporary age. People will access toinformation find plenty of opportunities of exceling in their academic and professional careers as well as their personal and social life. These days, the Internet is the fundamental source of information for people of all age groups everywhere in the world. Many companies e.g. budget airlines employ the Internet as their only means through which they conduct the business. This provides people with a good know-how of the use of networks as well as access to them have a great edge over others who do not have these resources. Accordingly, the more technically trained and informed people are in the position to not only subjugate the rights of others but also offend their rights. The technology-savvy people can easy use the Internet to hack into the computer systems so that they can steal money, infect others’ computers with viruses, and change information in their private profiles. Emails are frequently used for business transactions these days. People use email to share vital information with one another. Hacking of an email account can yield disastrous results for the account owner and not many people are quite technically skilled enough to recover their email accounts after they have been hacked. This paper discusses several ways in which email accounts can be hacked and the ethical and legal implications of hacking. If an individual is aware of the potential ways in which he/she can be fooled, he/she can take the preventive measures in time to overcome such threats and has fair chances of escaping the attack by the offender. Issues in Email Hacking Ethical issues According to the Hacker Manifesto, a hacker commits only one crime which is the crime of curiosity (Trodick, 2011). Levy (2010) identified sex tenets to exemplify the ethics of hacker; according to the first tenet, “access to computers - and anything which might teach you about the way the world works- should be unlimited and total” (Levy, 2010, p. 23) whereas according to the second tenet, “all information should be free” (Levy, 2010, p. 24). The hacker ethic is a belief that the sharing of information is a very positive and powerful good. It implies that hackers assume the ethical responsibility to share the expertise they have by enhancing the access to information, writing open-source, and computing all possible resources. There exists a belief that if system is cracked for the purposes of exploration or fun, it is ethically justified till the time the attacker does not commit any vandalism, theft, or a breach of confidentiality. Every time an individual accesses a system in an unauthorized manner, he/she acts unethically. Ethics varies from one individual to another. Ethics cannot be completely defined by one individual so that a certain action can be deemed right or wrong. Nevertheless, in the democratic system that prevails in the society, every individual’s right to security of privacy and property is acknowledged. This privacy covers the information stored by people on their personal computers or the computers that they are authorized to use. “The Fourth Amendment explicitly affirms the 'right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures’” (Head, 2012). The Fourth Amendment is interpreted generally as an individual’s right to privacy, though such right cannot be stated explicitly. Nevertheless, every individual in the US says that he/she has a fundamental privacy right of their possessions, though hackers disagree with this. Legal Issues The Computer Fraud and Abuse Act of 1986 illegalized the unauthorized access to computer or stealing of the information that is related to credit card or private government (teamidesign.com, n.d.). According to Section 3, gaining unauthorized access to the government computers is illegal. On the other hand, the hackers argue that as long as they do not take anything, there is no problem in gaining unauthorized access to the computer. Nevertheless, certain laws consider trespassing illegal. Not everybody would approve of a stranger entering their homes who just want to have a look into the house. Similarly, breaking into someone’s computer system or email account is trespassing’s technological version. Although the hackers think it is fine to break into others’ computer systems, yet people expect to have their privacy and when this sense is taken away from them, something priceless is lost. Methods of Email Hacking An individual cannot single-handedly hack an email account. The attacker needs the user’s help. Here, the word “help” does not mean that the user slips any information to the attacker knowingly. Instead, the user unknowingly helps the attacker by clicking on some link sent to him by the attacker in the email account. Some methods of email hacking are discussed as follows: Phishing Phishing is amongst the most commonly employed methods of email hacking. This method uses spoof web pages to trap the legitimate user of the email account. In this method, the attacker creates pages that are the exact copies of the real pages so that the user cannot know that he/she is using fake web pages. Once the user logs in, the password is retrieved by the attacker. RATS RATS stands for “Remote Administration Tools”. RATS is a more complicated method of email hacking as compared to phishing and is accordingly less popular (SecurityHunk, 2010). These tools are installed and kept hidden in the cybercafe. RATS steal the passwords. This imparts the need for the users to avoid opening an email account in a cybercafe. Keylogging In keylogging, the attacker uses a hardware keylogger or a software and keeps track of the users’ keystrokes. The online downloads and torrent files blind the software keylogger. Social engineering This attack is made through the forgot password option. In this method, the attacker attempts to guess the user’s email account’s security question and resets the password. The attacker tries to penetrate the human intelligence by compromising the account. Implications of Hacking There are numerous economic, physical, social, and psychological implications of hacking both for the legitimate users of computers whose computers or email accounts are hacked and the attackers that get caught. Implications of hacking are disastrous for the sufferers. Just one email account if hacked can put the entire chain and all associated workers’ careers at risk. Email is considered as one of the securest means of exchange of information and thus is frequently used for the exchange of information of extremely sensitive nature. Attackers if caught have to bear heavy punishment and torture. Hacking is essentially a crime, and is dealt with in the same way. Likewise, its implications are the same as the implications of crime and violence. Security Mechanisms to Prevent Phishing The legitimate user of an email account must always type complete url to login to the email account. Anti-virus with the facility of web browser integration must be installed into the computer to help prevent phishing. Some very effective anti-virus include Kaspersky and Bitefender. Users should avoid clicking on links in their email accounts whose authenticity is not verified. RATS To avoid the threat of RATS, users should avoid opening the email accounts at the cybercafes. If it is inevitable, then the security tips discussed above must be followed before opening an email account. Users should never click the option of remember password. Keylogging To avoid the threat of keylogging, the users can employ such anti-keyloggers as KEYSCRAMBLER and ZEMANA. In addition to that, files can be scanned using online engines of multiple anti-virus. Social engineering To prevent this attack, users should always keep a very difficult and personal security question. Inside the email account, there should be a secondary email address. Users must be very cautious never to leak out personal information to the strangers or untrustworthy people. “[T]his sort of fraud is one reason to keep your e-contact list as short as possible. You don’t really need the address of everyone who’s ever sent you an email; keeping your list clean reduces exposure to scams like this” (Gallinger, 2012). Some of the ways in which the threat of being hacked can be reduced at least in academic and industrial organizations is by providing every individual with a fair chance of equal access to such networks as the Internet as well as training about ways to avoid the threats of email hacking by the attackers. To achieve this, organizations should have sufficient supply of computers as well as Internet connections everywhere especially in the cafes and libraries and must have well-qualified trainers to train the organizational personnel. Measures of Physical Security Generally, the technology savvy people tend to take measures to protect their data from cyber attacks in order to be secure, but it is equally important to provide the sensitive information with physical security as well. There is a variety of ways in which the security can be breached that include but are not limited to the electronic data thefts, hacking attacks, and physical theft of the IT equipment. In their attempt to avoid the advanced sophisticated techniques of hacking, many organizations overlook the need to protect the information against the possible physical attacks. While carrying out risk assessments, organizations also need to take the physical security into consideration. To achieve this, IT departments need to make a detailed list of the locations of sensitive data storage that include the network as well as the physical locations. They also need to assess in what potential ways the information can be hacked. Narisi (2012) list five precautionary measures to provide the IT departments with physical security that are discussed below: Locking the server room Most of the organizations do have a decent lock on the door of the server room. However, the responsibility to ensure that the lock is actually being used by the staffers rests with the IT manager. Securing the decommissioned equipment A lot of sensitive information remains in the hard drives that have been used but have not been appropriately wiped when discarded. This information can be of a lot of value to the criminals. An effective plan of physical security needs to include the ways to properly dispose off the used IT equipment. Locking up the vulnerable devices In many organizations, vulnerable access points that include but are not limited to the network hubs can be located out of the server room. To provide them with physical security, it is important to lock the network hubs and other vulnerable access points inside the server room or any other secure area. Securing the workstations Malicious insiders can easily copy data from the machines of their co-workers during the time in which the co-workers leave their desks for breaks. This threat can be eliminated by setting the machines in such a way that the users need to enter passwords after the time-out. Organizations must have firm policies in place to oblige the users working with sensitive information to keep their computers locked when they leave the desks. Locking up the portable devices A vast majority of workers use their laptops instead of the desktop computers these days. For the workers that do not take their computers with them when they leave for home, management must provide them with cable locks that can be securely attached to their desks. Training of the workers In addition to the measures of physical security discussed above, it is very important for the management to provide the workers with the training to notify the management or the security whenever there is unavailability of the security personnel. Organizations must make all workers wear badges containing their named and designations so that outsiders can be easily identified even by the newcomers. Training of the workers should also include the issues of social engineering. For instance, “an employee should know that when a stranger tells him or her that they are replacing the widget control on the computer’s frazzilator, there may be something amiss” (Olzak, 2009). Conclusion As the world has become increasingly globalized and the societies have become smaller with the increase of technology, privacy has become all the more important because the threats to privacy have increased manifolds. The right to privacy of an individual is far more important as compared to another person’s right to know. Since the start of the 21st century, there has occurred a dramatic change in technology. Today, finding personal information about someone is as simple as clicking a mouse. Methods of email hacking include but are not limited to phishing, RATS, keylogging, and social engineering. There are different ways to provide the email accounts with security against each of these threats. Generally, the legitimate users of the email accounts get help from the installation of antivirus. In addition, they should avoid sharing personal or sensitive information with others and also should not click on the unnecessary links they receive in their email account. In addition to taking these measures, it is equally important to provide the IT equipment containing the sensitive information with physical security which can be achieved by locking the server room, securing the decommissioned equipment, keeping the vulnerable devices inside the locks, securing the workstations, locking up the portable devices, as well as providing the workers with training in all aspects including social engineering. While the lawmakers are yet busy weighing the problems linked with computer privacy and cyber crime, it is primarily individuals’ own responsibility to respect others’ rights. Hacking into someone else’s computer or email account is undoubtedly unethical irrespective of what the hacker thinks about this. It is essentially a virtual trespass that is hardly any different from the physical trespass, and thus needs to be taken quite as seriously and treated in the same way. References: Gallinger, K 2012, Email hacking issues raise ethical questions: Gallinger, viewed 16 December 2012 at http://www.thestar.com/living/article/1260749--email-hacking-issues-raise-ethical-questions-gallinger. Head, T 2012, Where Did the Right to Privacy Come From?, viewed 16 December 2012 at http://civilliberty.about.com/od/equalrights/tp/Where-Did-the-Right-to-Privacy-Origins-Come-From.htm. Levy, S 2010, Hackers: Heroes of the Computer Revolution – 25th Anniversary Edition, USA: O’Reilly Media Inc. Narisi, S 2012, 5 physical security measures IT departments shouldn’t miss, viewed 16 December 2012 at http://www.itmanagerdaily.com/physical-security-measures-it-departments-shouldnt-miss/. Olzak, T 2009, Hardware Hacking Defense: Can you say physical security? Viewed 16 December 2012 at http://olzak.wordpress.com/2009/08/05/hardware-hacking-defense-can-you-say-physical-security/. SecurityHunk 2010, Email hacking methods, viewed 16 December 2012 at http://www.securityhunk.com/2010/06/email-hacking-methods.html. teamidesign.com n.d., The Computer Fraud and Abuse Act (as amended 1994 and 1996), viewed 16 December 2012 at http://teamidesign.com/computer-fraud-and-abuse-act.html. Trodick, S 2011, Ethical issues in hacking, viewed 16 December 2012 at http://www.examiner.com/article/ethical-issues-hacking. Read More