Ethics FINAL!

In my current journey of Ethical Hacking, I have learned many new skills but the main ones I feel that will further my concentration in I.T are social engineering, masking malware/keylogger into look alike programs, and more importantly an understanding of power and control in the field. First social engineering has brought me to an understanding that not everyone in life, or the world are who they seem they are. Given that maybe 90%+ of the population of people we come to interact with may seem harmless but it’s the little things in life that people don’t pay attention to, which may come back to haunt them.

            I refuse to be social engineered after being in this class. What may seem harmless in class will not be the same in real life. We are constantly bombarded with social engineering at a workplace that most of the time we do not think about. It is important “I” as an educated I.T personal do not fall victim to social engineering. This important to me as the powers I have acquired through this class may make me invulnerable to such attacks. J

When I worked in Fidelity, people were being social engineered on a daily basis and most of it was harmless, it was noticeable in businesses that this is becoming a norm. Social engineering such as shoulder surfing, piggybacking, passwords sharing are extremely common in day to day activities. What I did not realize was this was a really bad practice and not just that, but the lack of security enforcement through the I.T team. Nobody honestly cared other than fulfilling their jobs.

I did not understand the trend going on in business workplaces where people shared passwords through active directories. We had specific logins where our account ID’s would have specific access to certain materials. This yielded lack of responsibility and failed to ensure ownership of errors and poor decision making that could fall into the wrong hands. This is not how a business should be ran from a security point of view.

There was never an issue with any of the mentioned activities but I realized that once something does happen, it could get really ugly, really fast. Jobs could be lost, people could get fired, managers & supervisors could get written up etc.. Further, I have learned that it is not hard at all to hide simple keyloggers into everyday programs such as internet explorer or firefox. There are some keyloggers out in sourceforge.net that will not show up as malware. Also I have noticed friends and family around me fail to be aware of phishing emails and the drive-by malware downloads. They will click on anything and everything that they get in their e-mails. I can say my I.T awareness are much higher than prior to me engaging in the class.

During production hours, I have never seen such a poor attitude and commitment to their job. We had dozens of team members including supervisors and management keeping themselves busy with facebook posts, flash games, and social e-mails. During my time there, we had 2 major incidents where phishing e-mails were clicked on and some yielded worms which took almost 2 weeks to get rid of. These e-mails that undereducated staff members clicked on spread throughout the internal network of contacts and quickly reproduced itself thousands of times in everyone’s mailbox. Results included shutting down e-mail services, and hundreds of hours of wasted time. Again, these situations are not ideal and are a total waste of resources. If I was I.T supervisor, I’d turn off certain ports such as HTTP:80/ or even block certain webpages such as facebook/social media, and disable the installation of java and flash players. These are the most common ways of workers misusing the internet while in production.

Last but not least, I don’t know if this is considered a power or not, but I’ve come to understand and learn the use of power and self-control in the field. In every job I’ve been at, you are given some type of login and password, whether admin or not, there are an insane amount of information you can get with such logins, I knew before I got laid off, I could of easily disclosed confidential information by being a disgruntled employee and gotten away with it since 95% of workforce was told be laid off. During my last weeks of employment, I was given a final task to break down the entire network of PCs, and was given all types of access physically into secure areas of the building and remotely to reestablish access to other data center sites located in other states. I have learned that given such privileges and access comes with strong desire and will to control it. This was something that was entrusted to me and not something to be abused with. Obviously being disgruntled and all, I did what was the right thing to do, finish my job and understand the limits and boundaries of what I should and shouldn’t do.

            This is not a power but I’ve learned the value of my moral responsibility when it comes to information technology. Knowledge is power, but also the understanding and preaching of such knowledge is important to me. I want to educate the people around me at home, and at work that the internet is a wild place to be in. You can get yourself in problems really quickly. There are dozens of defensive measures one can take. Often I find family members bringing me their PCs or workstations to be fixed either for viruses/malware or for upgrades. I’ve also learned that family members will buy anything they’re told they need at places such as Best Buy. It pains me to see people who need laptops for school buying 1300$ apple or ultrabooks when they could of easily bought what they needed at less than HALF the price. I also want to educate others around me on the importance of I.T security. As technology evolves further, there is a need for security. Viruses and malware are hitting the marketplace harder than ever in Android, iOS, and even Windows Stores in the mobile market.