Monday, May 4, 2015

Drrrrrrrruuuuuuuuuuuuuummmmmmmmmmmmm Rrrrrrrrrrrrrrrooooooooooooooooooooooooooolllllllllllllllllllllll Pppppppppppppllllllllllllleeeeeeeeaaaaaaaaaaaassssssssssssssssssssssseeeeeeeeeee!

The final tally is in!  ADMIRAL THISTLE TAKES IT ALL!!!!

Leaderboard
Final
Name
Points
Admiral Thistle 
59
Captain Black X31
55
Admiral Aquamarine
45 (1 ethical exclusion)
Pink Mystery    
44
MzQueen Green
30 (2 Failed Attempt)
Agent Raven Blue
27 ( 1 Failed Attempt)
InspectorGreen2013     
22 (3 Failed Attempts)
TheBlack Capo  
19 (2 Failed Attempts)


Saturday, May 2, 2015

Final Blog Post – Albert Gonzalez vs TJXX Companies

It is so much easier to pay with a credit/debit card.  Most of us have one, or a few of them. A lot of people don’t like to carry cash with them anymore, and if you need cash, you can easily find an ATM close by, since there are so many around. We also love shopping, and a lot of us use our credit/debit cards to pay for the items we purchase. In order to obtain a Credit/Debit card you have to provide your name, address, social security number, among other personal information to the Bank. So since it’s your personal information, wouldn't you want Companies to protect it when you use your Credit/Debit card to purchase items from them? I would like them to keep my information secure, I hope you would too. But unfortunately when it comes to information security, not all companies and industries are alike.  

Albert Gonzalez was accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million cards and ATM numbers from 2005 through 2007. The biggest such fraud in history. He stole card information from TJX Companies like T.J Maxx, BJ’s Wholesale Club, DSW, Office Max, Boston Market, Barnes & Nobles, and Sports Authority. He hacked stores in different states like New York, Massachusetts, and New Jersey. Gonzalez was arrested on May 7, 2008 and On March 25, 2010, he was sentenced to 20 years in federal prison.

I believe that Albert Gonzalez actions were wrong, and he is guilty as charged, but I have to ask, do you think Albert Gonzalez was the only one at fault? Many would say yes, he was, but I would argue the opposite.

One of the Companies he hacked was T.JX Companies, he hacked T.J Maxx and Marshalls, and these are retail clothing store owned by T.JX that sells designer clothes for a discounted price. Therefor a lot of customers walk in to theirs stores and purchase their items. I am not talking about a small store I am talking about a very big company that is making a very good amount of money. But surprisingly they were using out of date and vulnerable security encryption for their machines and networks. I believe that if a person uses their Credit/Debit card at a store for instance, it is the store’s responsibility to keep the information safe. Once the costumer swipes their card thought the store’s credit machine, the card information is stored, so it becomes the store’s property. Probably more than 90% of the customers affected were not aware that their Credit/Debit card information was compromised. There is a quote by Luke that says ‘to whom much is given, much will be required’ (Luke 12:48). I believe that this quote backs up my argument because when the customer uses their credit/debit card, they are giving the store money in exchange for the items they are purchasing, the company stores the data into their data centers, so therefor there is that required or expected responsibility to keep the data secure.

So I ask, why weren't they protecting their costumer’s private information with up to date security? T.JXX was using WEP security encryption for their network. Almost every hacker out there likes a challenge, but when the security is outdated and weak is like a day at the park for them. I believed that T.JXX Companies did not took the necessary security measures to maintain the data they were responsible to secure. I hope that they learned from this security breach and they can provide better security for their customers.


Sources:
http://www.gotquestions.org/much-given-required.html


Anonymous are the Defenders of the Defenseless

“Defenders of the Defenseless” can anonymous truly make these claims. In an interview with CNN Anonymous was asked a question of why they would get involved in certain types of cases such as Rape or hate cases when they are supposedly “The Rulers of the Internet”. I too have question why they get involved and then that’s when the Defenders of the Defenseless comment was brought up. My issue with this is how Anonymous can call themselves the defenders of the defenseless if they only try to get involved in high profile cases.

I have noticed that they get involved in cases where the victim or guilty has been treated unfairly or an error has been made within the case or trial but upon further investigation they only target the cases that are the most covered or televised. It makes me wonder if maybe they get involved because yes they believe that’s something wrong was done and someone needs to make a stand but also to get more media attention for themselves. Are their actions done because they truly believe in the cause or case or are they just seeking the media attention? I want to believe that it’s more than just an attention getting act because I believe in some of the things Anonymous stands for. I have followed Anonymous for years and have been intrigued by their protests and hacktivism activities. That’s not to say I haven’t been frustrated or disagreed with some of them as well.

Edmund Burke (January 12, 1729 - July 9, 1797) was an Anglo-Irish statesman, author, orator and political philosopher, who served for many years in the British House of Commons as a member of the Whig party. He is chiefly remembered for his support of the American colonies in the struggle against King George III that led to the American Revolution, as well as for his strong opposition to the French Revolution. His ideas resembled the ideology of Anonymous for he stood against an oppressive force then. What I found interesting is how it almost seems as if time were repeating itself and Edmund Burke was a part of an original group of Vigilantes which then were seen exactly how we see anonymous. Is it possible that the things they are doing and have done are truly in searching for justice are they our future liberators?

I tried to find a word better than the phrase defenders of the defenseless that could really describe what anonymous is: Vigilantes which is defined as members of a self-appointed group of citizens who undertake law enforcement in their community without legal authority, typically because the legal agencies are thought to be inadequate. The big question after reading that is whether that is what Anonymous is and whether what they are doing is actually in defense of the defenseless. In one instance they protested the Westboro Baptist church that planned to protest the Newtown memorial service. In this situation I would have agreed but the way they did it seemed more harmful then helpful. Anonymous released addresses and phone number of members of the church and thus endangering anyone who lived there including innocent children. There is a phrase that’s says two wrongs don’t make a right. That seems to be true in most cases. Also how many cases have the victims asked for Anonymous help it seems Anonymous is more bent on the punishment then the help. A better term for them to use is maybe “Punishers of the Wrong.” A clear picture pops into my head when I think of defending the defenseless and it’s a mother protecting her child; that is defending the defenseless.

Do the research do you think Anonymous are the “Defenders of the Defenseless”?
Sources

http://quotationsbook.com/quote/6929/

Clark, J. C. D. (2001). Edmund Burke: Reflections on the Revolution in France: a Critical Edition. Stanford. p. 25. 
  Edmund Burke, A Letter from The Right Honourable Edmund Burke to a Noble Lord, on the Attacks made upon him and his pension, in the House of Lords, by The Duke of Bedford and The Earl of Lauderdale, Early in the present Sessions of Parliament. (F. and C. Rivington, 1796), p. 20.

Friday, May 1, 2015

Final Post: Hacker's Loyalty

Adrian Lamo is an ex-hacker who was also known as the “Homeless Hacker”. He was called the “Homeless Hacker” because he accessed hotspots in various locations to penetrate internal networks of high profile companies and alerted them of their vulnerabilities. He offered his services to fix it because he felt he was doing the right thing by notifying them of this security breach and the potential harm that could be done  if someone with bad intentions accessed it. Most companies took him up on his offer and did not press charges.  It wasn’t until 2002 when one of the companies NY Times, to which he hacked, didn’t think so kindly of Lamo’s actions. Instead they notified the U.S. Attorney’s office who started an investigation. He would later be found guilty and be placed on 6 months probation and also having to pay restitution. While on probation, he cleaned up his act and attended school to become a Threat Analyst.

In 2010, a U.S. Soldier by the name of Bradley Manning contacted Adrian Lamo via AOL chat room. During their chat, the two discussed Lamo’s past hacking history, Manning awaiting to be discharged due to his gender identity issue and both their experience in the IT world.  As the conversation progressed, Manning eventually confided that he had been penetrating the U.S. classified network and forwarding classified information to Wikileaks. This information he believed the public needed to know. Not believing what he was hearing, Lamo asked Manning for specific stories and Manning supplied. Lamo contacted the U.S. military and informed them of his conversation.  Manning was later arrested and charged with several offenses, with one being “aiding the enemy”, which led to a 35 year sentence.

Lamo claimed that his action for turning Manning in was to help the nation, "Mr Manning's well being was not as important as the security of our armed forces. I had never considered myself particularly patriotic, but when push came to shove the wellbeing of the nation was of paramount importance to me." (excerpt from http://www.theguardian.com/world/2011/dec/15/hacker-adrian-lamo-bradley-manning-wikileaks)

I think that Lamo is a hypocrite, just as he thought that he was doing good exposing the companies whose systems he penetrated and then offering to fix it instead of doing ill will, Manning felt the same way about his actions; he felt as though the classified information needed to be known by the public so the truth would be out.  According to Wired article, there are three different types of Hackers: whitehats (employed with companies in which they hack within the law), Blackhats (penetrate networks illegally for fun), and Grayhats (hackers who protect security holes from vandals). It would seem as though Lamos is regarded as a Grayhat. Since when is a grayhats loyalty to the law enforcement?
“The distinction between obligation and loyalty might be stated schematically in terms of that with which, respectively, they are connected: obligation is displayed toward rules or requirements of more or less formalized roles and is derived from acceptance of either the legitimacy of the rules or the appropriateness of the roles, or both, whereas loyalty is shown to persons and is founded upon solidary commitment to them. (An Internet Journal of Philosophy 17- 2013, John Riser) Was Lamo obligated to his country to report Manning? Well, he did feel that it was his civic duty as an American citizen to turn Manning in for his wrongdoing. He felt like where was Manning’s loyalty to the military that he so proudly served. Did Lamo owe Manning some kind of loyalty seeing as how he’s been in Manning’s shoes before and seeing as how Manning confided in him because he had no one else to turn to? Josiah Royce stated, “Loyalty is thoroughgoing in that it is not merely a casual interest but a wholehearted commitment to a cause.” Lamo would turn around and state that he did not want to turn Manning in, but he feared what kind of punishment he could face for retaining that type of information.


So to conclude, Lamo turning Manning in, was not because he wanted to be a stand-up citizen and prove that he was totally rehabilitated. If Lamo wasn’t curious as to what would happen to such a person who knew of such a leak then he probably would’ve went on his merry way. In the end, Lamo’s loyalty was to himself and no one else. 

Final Blog Post: The Hack on the PSN (2011)

The Sony PlayStation Network (PSN) has had a handful of hacks and incidences since its release in November of 2006. From jail broken PS3s to a mass intrusion of private information, but the hacks that took place in April and June of 2011 were two for the record books. In April, Sony said it discovered that between the 17th  and 19th,  an "illegal and unauthorized person" got access to 77 million PSN users names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more. At first, Sony and the rest of the world believed it to be George Hotz, the hacker that made public instructions on how to jailbreak your PS3. They later found out that the splinter hacktivist group of Anonymous known as Lulzsec was responsible by using a DDoS attack on the network, deliberately flooding the PSN server with traffic causing a loss of income for a company that does business online. Jake Davis (20), Mustafa Al-Bassam (18), Ryan Ackroyd (26) and Ryan Cleary (21) from Lulzsec all claimed responsibility and plead guilty. This hit Sony big time, shutting them down for nearly a month to try to recover at a cost of about $171.1 million in damages. A few months later, a separate attack on the PlayStation Network, Sony Online Entertainment and Sony's Qriocity media-streaming service led to the theft of private data pertaining to more than 100 million user accounts, including credit-card numbers. All three services were offline for more than three weeks. Anonymous later came forward and took credit for the attack, saying that it was unintentional that they obtained the information of all PSN’s users. Using a basic SQL injection attack to expose millions users' personal data, 3.5 million digital coupons and 75,000 music codes. 

A couple questions that I ask Sony are: Why were PSN passwords apparently stored in plain, human-readable text? Why were email addresses, personal details, and credit card details also stored in unencrypted form? While it might be impossible to fully prevent unauthorized access to a system, it’s very simple to encrypt data in a way that both secures user privacy, and makes it almost valueless to any hacker with an intent to use that information for their own personal gain, profit or otherwise. Some questions that I have for the hacktivist groups are: Why make user accounts public? Users aren’t the ones at fault so they shouldn’t be the ones that are punished. Instead of hacking a big league company like Sony, why not simply inform them that their security was not as tightly secured as they claimed it to be? Why was the result of your hacking necessary? If I was in either of the hacktivist’s shoes; I would probably have the same ideals in terms of trying to make being online safe for all users. As I mentioned in one of my questions to the hacktivists, I would simply inform a company that did business online that the security that they claim to be fool proof, isn’t. I wouldn’t put any of the users at risk because that isn’t my main goal. 

I completely agree with the moral reason in which the hacktivists hacked Sony to make them aware that their use of simple security programs to protect tons of valuable information, was not, in fact, fool proof. However, I strongly disagree with the result in which the methods used, produced. Morally, it’s a breach of privacy on an enormous scale. The hacktivists took the Fourth Amendment and twisted it to have themselves believed they were in the right.

I thought of how many people might misconstrue the definition of “privacy”, and then I found William A. Parent (1983). Parent explains that he proposes to defend a view of privacy that is consistent with ordinary language and does not overlap or confuse the basic meanings of other fundamental terms. He defines privacy as the “condition of not having undocumented personal information known or possessed by others”. Parent stresses that he is defining the condition of privacy, as a moral value for people who prize individuality and freedom, and not a moral or legal right to privacy. When I think about how valuable information and privacy are, I looked up Adam Moore (2003). Moore argues that privacy is objectively valuable; human beings that do not obtain a certain level of control over access will suffer in various ways. Moore claims that privacy, like education, health, and maintaining social relationships, is an essential part of human flourishing or well-being.


Sources:

Final draft: Blame and Fairness

In 2013, Shahab “David” Yousheei was arrested in an undercover sting operation at Boston Common. Yousheei and his crew had a kiosk in Downtown Crossing where he sold items with a credit card encoder. He steals his customer’s identities to create credit cards. With those fraudulent credit cards he purchased gift cards. He then uses the gift cards to buy merchandise (including iPads, cellphones, etc.) and resold those merchandises for profit. This scheme allows them to make cash with stolen identities and make it harder to trace.

Yousheei stole thousands of dollars’ worth of items from identity theft. He and his crew repeatedly used the same scheme. They saw an open opportunity and the lack of responsibility from customer’s not protecting their identity and took advantage to steal from them. Identity fraud is against the law but it makes me wonder if it’s entirely the attacker’s fault that the victim is not protecting their identity. This leads to the moral aspect of blame. Philosopher John Rawl’s A Theory of Justice (1971), stated fair circumstances for everyone to have the opportunity to pursue their aims. People argued that blame leans more towards personal responsibilities. So who’s at fault? I do believe identity theft is wrong, but I also believe it is a person’s responsibility to protect their identity. Almost anyone can sell anything in a stand, some stands don’t require licensing. I do believe when a customer is making a purchase, it is their choice whether to trust who they’re buying from. If they choose to purchase with them, they’re technically “trusting” them and that makes the buyer accountable for their purchase. Now at department stores, they are licensed to sell and that makes the store accountable for our purchases and personal information given at purchase. In the same time, any form of identity is wrong and unacceptable. Rawl believes the blame is associated with their attitudes, which is the outcome of people’s voluntary choices. He believes in choices with social or biological circumstances. Circumstances on how the society views situations and actions led from how a person was raised. On the other hand, Robert Nozick’s Anarchy, State, and Utopia (1974), believed in individual rights and personal responsibilities. This situation would be problematic because the individual has the right to fight for their identity but they also have to fight to keep their identity.

Yousheei was arrested when Boston Police set him up to buy counterfeit money. According to Counterfeiting Laws and Penalties, someone guilty of counterfeiting can face up to 20 years in prison, but the person who passes or attempts to pass counterfeit faces only 5years. I understand we need to keep criminals in jail but the Boston Police Department stated “we will continue to join forces with our law enforcement partners to put you out of business and in jail.” I agree that Yousheei should not have accepted to purchase counterfeit money and that he should be arrested for identity theft but I don’t agree that they set him up with a different crime for longer sentencing, is this fair? Dan-Cohen believes, “the main goal of the criminal law ought to be to defend the unique moral worth of every human being.” I feel like the Boston Police is selecting his fate. What Yousheei did was wrong and he shall be arrested but it's unfair that he will be punished more than his wrong doing.

Final Blog Post - Institutional Loyalty



Institutional Loyalty

In 2011 Aaron Swartz, was arrested for downloading nearly five million files from JSTOR, a digital library of mass academic journals, by infiltrating a network on the Massachusetts Institute of Technology campus. Swartz was caught on camera by MIT when he was re-entering the network closet to replace the storage devices he was using at the time to hold the downloaded information. Swartz believed that information should not be wholesaled, especially when the research for the journals were funded by tax dollars. He believed that the information should have been open source, and available to anyone interested, for free. Swartz only downloaded these journals and did not release them, however, MIT filed charges. Due to the lack of institutional loyalty, MIT concluded that this downloading was theft before any other possibility. The prosecutors on this case pushed for the firmest penalties, and MIT stood silently by and watched. These criminal charges led to Swartz taking his own life in 2013.

The heart of this institutional disloyalty comes from MIT’s contradictory tradition of encouraging its colleagues to follow their curiosity wherever it may lead them, even if that’s somewhere they are not authorized. MIT’s main lobby doors are always unlocked, and the computer networks are set up for easy guest access. The concept of sharing information, the same one that Swartz stood for, was born in MIT’s computer labs in the 1950’s and 60’s. Due to this many say that MIT has Swartz’s blood on its hands. MIT could have asked for the charges to be dropped just like JSTOR did. Instead, the university chose to remain neutral, and in doing so contradicted its adopted culture that encourages openness.

How could a university that boasts about its community of hackers and hackers abilities turn around and let a member of that community be prosecuted? Every year MIT holds a self-declared hackathon where students are asked to show off their hacker abilities, the results are then posted on MIT’s site and can be read here. This begs the question of where MIT’s obligation and/or loyalty reside. Is it with their self-produced hacker community, or with obsolete and unjust laws? I believe MIT should not contradictorily prosecute hackers for their success and abilities. Philosopher Josiah Royce argued that as a member of a group, “We share the standards of that group”. With this in mind, MIT is the leader of a group, and should set equal standards for all while reaming loyal to that culture. Royce also argued that loyalty gives security, and offers ready-made standards. This holds very true to this case. MIT should have remained loyal to Swartz and his quest to share information paid for by the public, to the public. Another philosopher, W.E.B. DuBois also argued that values are bound up with social group identity. DuBois stated, “We are members of a nation first, then of a culture, and then a subculture, and we may adopt values consistent with loyalty to those groups”. The group in question here is the hacker community. With being a “hacker” there is a hacker ethic or philosophy that is adopted. The vital topics within these ethics are access to information, freedom of information, and improvement to quality of life via information. This is what Swartz was striving for, and MIT put a stop to. 


I agree with philosopher John Riser and his stance on obligation to society and loyalty to community. He argued that obligations are displayed toward rules or requirements of formalized roles stemming from a membership in society. I believe that MIT should have been obligated to take a stance in the Swartz case to protect the community that it cultivates. Instead they remained silent and in the process of doing so, the community tragically lost a valuable member.





Sources: