20/06/15

Cyber Crime




Cybercrime, terjadi pertama kali di Amerika Serikat pada tahun 1960-an. Pada tahun 1970 di Amerika Serikat terjadi kasus manipulasi data nilai akademik mahasiswa di Brooklyn College New York, kasus penyalahgunaan komputer perusahaan untuk kepentingan karyawan, kasus pengkopian data untuk sarana kejahatan penyelundupan narkotika, kasus penipuan melalui kartu kredit. Selain itu, terjadi pula kasus akses tidak sah terhadap Database Security Pacific National Bank yang mengakibatkan kerugian sebesar $10.2 juta US pada tahun 1978. Selanjutnya kejahatan serupa terjadi pula disejumlah negara antara lain Jerman, Australia, Inggris, Finlandia, Swedia, Austria, Jepang, Swiss, Kanada, Belanda dan Indonesia. Kejahatan tersebut menyerang terhadap harta kekayaan, kehormatan, sistem dan jaringan komputer.

Sejarah Cyber CrimeAwal mula penyerangan didunia Cyber pada tahun 1988 yang lebih dikenal dengan istilah CyberAttackPada saat itu ada seorang mahasiswa yang berhasil menciptakan sebuah worm atau virus yang menyerang program computer dan mematikan sekitar 10% dari seluruh jumlah komputer di dunia yang terhubung ke internet Pada tahun 1994 seorang anak sekolah musik yang berusia 16 tahun yang bernama RichardPryce, atau yang lebih dikenal sebagai “the hacker” alias “Datastream Cowboy”, ditahan lantaran masuk secara ilegal ke dalam ratusan sistem komputer rahasia termasuk pusat data dari Griffits AirForce, NASA dan Korean Atomic Research Institute atau badan penelitian atom Korea Dalam interogasinya dengan FBI, ia mengaku belajar hacking dan cracking dari seseorang yang dikenalnya lewat internet dan menjadikannya seorang mentor, yang memiliki julukan “Kuji”.Hebatnya, hingga saat ini sang mentor pun tidak pernah diketahui keberadaannya.Hingga akhirnya, pada bulan Februari 1995, giliran Kevin Mitnick diganjar hukuman penjara untukyang kedua kalinya. Dia dituntut dengan tuduhan telah mencuri sekitar 20.000 nomor kartu kredit!Bahkan, ketika ia bebas, ia menceritakan kondisinya di penjara yang tidak boleh menyentuh komputer atau telepon.

Sejarah dan Perkembangan Cyber Crime di Indonesia

Di Indonesia sendiri juga sebenarnya prestasi dalam bidang cyber crime ini patut diacungi dua jempol. Walau di dunia nyata kita dianggap sebagai salah satu negara terbelakang, namun prestasi yang sangat gemilang telah berhasil ditorehkan oleh para hacker, cracker dan carder lokal. Virus komputer yang dulunya banyak diproduksi di US dan Eropa sepertinya juga mengalami “outsourcing” dan globalisasi. Di tahun 1986 – 2003, epicenter virus computer dideteksi kebanyakan berasal dari Eropa dan Amerika dan beberapa negara lainnya seperti Jepang, Australia, dan India. Namun hasil penelitian mengatakan di beberapa tahun mendatang Mexico, India dan Africa yang akan menjadi epicenter virus terbesar di dunia, dan juga bayangkan, Indonesia juga termasuk dalam 10 besar. Seterusnya 5 tahun belakangan ini China , Eropa, dan Brazil yang meneruskan perkembangan virus-virus yang saat ini mengancam komputer kita semua dan gak akan lama lagi Indonesia akan terkenal namun dengan nama yang kurang bagus alasannya, mungkin pemerintah kurang ketat dalam pengontrolan dalam dunia cyber, terus terang para hacker di Amerika gak akan berani untuk bergerak karena pengaturan yang ketat dan system kontrol yang lebih high-tech lagi yang dipunyai pemerintah Amerika Serikat.

Jenis-jenis cybercrime berdasarkan jenis aktivitasnya

·         Unauthorized Access to Computer System and Service : Kejahatan yang dilakukan dengan memasuki/menyusup ke dalam suatu sistem jaringan komputer secara tidak sah, tanpa izin atau tanpa sepengetahuan dari pemilik sistem jaringan komputer yang dimasukinya. Biasanya pelaku kejahatan (hacker) melakukannya dengan maksud sabotase ataupun pencurian informasi penting dan rahasia. Namun begitu, ada juga yang melakukan hanya karena merasa tertantang untuk mencoba keahliannya menembus suatu sistem yang memiliki tingkat proteksi tinggi. Kejahatan ini semakin marak dengan berkembangnya teknologi internet/intranet.

·         Illegal Contents : Merupakan kejahatan dengan memasukkan data atau informasi ke internet tentang sesuatu hal yang tidak benar, tidak etis, dan dapat dianggap melanggar hukum atau mengganggu ketertiban umum. Sebagai contohnya adalah pemuatan suatu berita bohong atau fitnah yang akan menghancurkan martabat atau harga diri pihak lain, hal-hal yang berhubungan dengan pornografi atau pemuatan suatu informasi yang merupakan rahasia negara, agitasi dan propaganda untuk melawan pemerintahan yang sah, dan sebagainya.

·         Data Forgery : Merupakan kejahatan dengan memalsukan data pada dokumen-dokumen penting yang tersimpan sebagai scriptless document melalui internet. Kejahatan ini biasanya ditujukan pada dokumen-dokumen e-commerce dengan membuat seolah-olah terjadi “salah ketik” yang pada akhirnya akan menguntungkan pelaku.

·         Cyber Espionage : Merupakan kejahatan yang memanfaatkan jaringan internet untuk melakukan kegiatan mata-mata terhadap pihak lain, dengan memasuki sistem jaringan komputer (computer network system) pihak sasaran. Kejahatan ini biasanya ditujukan terhadap saingan bisnis yang dokumen ataupun data-data pentingnya tersimpan dalam suatu sistem yang computerized.

·         Cyber Sabotage and Extortion : Kejahatan ini dilakukan dengan membuat gangguan, perusakan atau penghancuran terhadap suatu data, program komputer atau sistem jaringan komputer yang terhubung dengan internet. Biasanya kejahatan ini dilakukan dengan menyusupkan suatu logic bomb, virus komputer ataupun suatu program tertentu, sehingga data, program komputer atau sistem jaringan komputer tidak dapat digunakan, tidak berjalan sebagaimana mestinya, atau berjalan sebagaimana yang dikehendaki oleh pelaku. Dalam beberapa kasus setelah hal tersebut terjadi, maka pelaku kejahatan tersebut menawarkan diri kepada korban untuk memperbaiki data, program komputer atau sistem jaringan komputer yang telah disabotase tersebut, tentunya dengan bayaran tertentu. Kejahatan ini sering disebut sebagai cyber-terrorism.

·         Offense against Intellectual Property : Kejahatan ini ditujukan terhadap Hak atas Kekayaan Intelektual yang dimiliki pihak lain di internet. Sebagai contoh adalah peniruan tampilan pada web page suatu situs milik orang lain secara ilegal, penyiaran suatu informasi di internet yang ternyata merupakan rahasia dagang orang lain, dan sebagainya.

·         Infringements of Privacy : Kejahatan ini ditujukan terhadap informasi seseorang yang merupakan hal yang sangat pribadi dan rahasia. Kejahatan ini biasanya ditujukan terhadap keterangan pribadi seseorang yang tersimpan pada formulir data pribadi yang tersimpan secara computerized, yang apabila diketahui oleh orang lain maka dapat merugikan korban secara materil maupun immateril, seperti nomor kartu kredit, nomor PIN ATM, cacat atau penyakit tersembunyi dan sebagainya.

·         Cracking Kejahatan dengan menggunakan teknologi computer yang dilakukan untuk merusak system keamaanan suatu system computer dan biasanya melakukan pencurian, tindakan anarkis begitu merekan mendapatkan akses. Biasanya kita sering salah menafsirkan antara seorang hacker dan cracker dimana hacker sendiri identetik dengan perbuatan negative, padahal hacker adalah orang yang senang memprogram dan percaya bahwa informasi adalah sesuatu hal yang sangat berharga dan ada yang bersifat dapat dipublikasikan dan rahasia.

·         Carding Adalah kejahatan dengan menggunakan teknologi computer untuk melakukan transaksi dengan menggunakan card credit orang lain sehingga dapat merugikan orang tersebut baik materil maupun non materil.

Contoh Cyber Crime Sejarah Fraud

Mungkin banyak diantara kita sudah mengetahui bahwa pada Februari 1997, ASB (Auditing Standards Board) mengeluarkan Statement on Auditing Standards (SAS) Nomor 82 yang berjudul Consideration of Fraud in a Financial Statement Audit ( Pertimbangan Penipuan dalam Audit Laporan Keuangan), guna mengklarifikasi tanggung jawab auditor dalam mendeteksi dan melaporkan kecurangan (fraud) yang terjadi dalam laporan keuangan. Kongkritnya tampak pada kalimat berikut ini:

Auditor bertanggung jawab untuk merencanakan dan melaksanakan audit guna mendapatkan keyakinan memadai bahwa laporan keuangan bebas dari salah saji material, baik yang disebabkan oleh kekeliruan maupun kecurangan.

Kata kuncinya adalah keyakinan memadai. Tingkat keyakinan ini jelas subjektif sifatnya namun apakah yang dimaksud dengan Fraud itu pada tingkat minimal tertentu haruslah merupakan kesepakatan bersama. Berikut ini adalah sedikit gambaran tentang Fraud.

Sejarah fraud dikenal dari abad 16, Albrecht Dürer, pemalsu dari gaya printmaking, meningkatkan pasar untuk mencetak sendiri oleh mereka menandatangani, yang membuat mereka disebut pemalsuan. Pada abad ke 20 pasar seni hasil pemalsuan sangat menguntungkan. Ada yang berkembang terutama pemalsuan bernilai seni, seperti gambar yang dibuat oleh Picasso, KLee, dan Matisse.


Sumber :

http://artikelcybercrime.blogspot.com/2011/11/sejarah-cyber-crime-dan-perkembangan.html
http://danrayusuma.weebly.com/sejarah-cybercrime.html
http://cybercrime4c.blogspot.com/2013/04/sejarah-dan-perkembangan-cyber-crime.html
http://cybercrime4c.blogspot.com/2013/04/jenis-jenis-cyber-crime.html
https://larvoolovers.wordpress.com/2014/05/20/sejarah-fraud/

10/05/15

code of ethics for it professionals

Ethical codes can fill in the gaps in which laws and regulation fail to reach or simply can not be applied. Most professions have an ethical codes in which they must follow. Those codes signifies or states what they hold most dear. For example CPA'S and doctors each have a code of ethics that represent each of their professions values and principles.
Most IT Professionals, unlike Doctor's and other professionals, do not have a general rule making body, they may have many professional organizations specialized to specific groups.
·         Association of Information Technology Professionals(AITP)
·         CyberSecurity Institute (CSI)
·         Independent Computer Consultants (ICCA)
·         Information Systems Security Association (ISSA)
·         Association for Computer Operations Management(AFCOM)
·         Computing Technology Industry Association(CompTIA)
In fact the existence of these bodies signify a lack of respect for ethics in society in general, requiring not only the validation of this types of bodies but also rely on their power to enforce sanctions when ethical violation occur. Something that could be well covered by the state and the academia.
It can be argued that these ruling bodies should be in fact unnecessary, since ethical considerations do not depend on ones profession, even if very specific considerations can seem restricted in the function they will be shared by another professions. It could also be stated that this is a function of the state and the legal system, that delegating these functions in non governmental, even if public organizations, is detrimental to the public good, and overall block to transparency of procedures. These bodies will also promote the exertion of corporative influence toward their specific groups interests, one such interest is reducing competition by limiting or increase the difficulty of access to functions and a general increase in prices since they permit a coordinated fixing of payments in a monopolistic way and promote the practice of obtaining special treatment and recognition for those that depend on their specific activities.

10 code of ethics in IT professional
1.    will promote public knowledge, understanding and appreciation of Information technology.
2.    I will consider the general welfare and public welfare and public good in the performance of my work.
3.    I will advertise goods or professional services in a clear and truthful manner.
4.    I will comply and strictly abide by the intellectual property laws, patent laws and other related laws in respect of Information Technology.
5.    I will accept the full responsibility for the work undertaken and utilize my skills with competence and professionalism.
6.    I will make truthful statements on my areas of competence as well as the capabilities and qualities of my product and services.
7.    I will not disclose or use ant confidential information obtained in course of professional duties without the consent of the parties concerned except when required by the laws.
8.    I will strive to atain the highest quality in both the products and services that offer.
9.    I will knowingly participate in the development of the Information Technology.
10.  I will uphold and improve the IT professionals’ standards through continuing profession in order to enhance the IT profession.


The following is an example of ethical codes in a company

ACM Code of Ethics and Professional Conduct
1.1 Contribute to society and human well-being.
This principle concerning the quality of life of all people affirms an obligation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health and safety. When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and will avoid harmful effects to health and welfare.
In addition to a safe social environment, human well-being includes a safe natural environment. Therefore, computing professionals who design and develop systems must be alert to, and make others aware of, any potential damage to the local or global environment.
1.2 Avoid harm to others.
"Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: users, the general public, employees, employers. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems of "computer viruses."
Well-intended actions, including those that accomplish assigned duties, may lead to harm unexpectedly. In such an event the responsible person or persons are obligated to undo or mitigate the negative consequences as much as possible. One way to avoid unintentional harm is to carefully consider potential impacts on all those affected by decisions made during design and implementation.
To minimize the possibility of indirectly harming others, computing professionals must minimize malfunctions by following generally accepted standards for system design and testing. Furthermore, it is often necessary to assess the social consequences of systems to project the likelihood of any serious harm to others. If system features are misrepresented to users, coworkers, or supervisors, the individual computing professional is responsible for any resulting injury.
In the work environment the computing professional has the additional obligation to report any signs of system dangers that might result in serious personal or social damage. If one's superiors do not act to curtail or mitigate such dangers, it may be necessary to "blow the whistle" to help correct the problem or reduce the risk. However, capricious or misguided reporting of violations can, itself, be harmful. Before reporting violations, all relevant aspects of the incident must be thoroughly assessed. In particular, the assessment of risk and responsibility must be credible. It is suggested that advice be sought from other computing professionals. See principle 2.5 regarding thorough evaluations.
1.3 Be honest and trustworthy.
Honesty is an essential component of trust. Without trust an organization cannot function effectively. The honest computing professional will not make deliberately false or deceptive claims about a system or system design, but will instead provide full disclosure of all pertinent system limitations and problems.
A computer professional has a duty to be honest about his or her own qualifications, and about any circumstances that might lead to conflicts of interest.
Membership in volunteer organizations such as ACM may at times place individuals in situations where their statements or actions could be interpreted as carrying the "weight" of a larger group of professionals. An ACM member will exercise care to not misrepresent ACM or positions and policies of ACM or any ACM units.
1.4 Be fair and take action not to discriminate.
The values of equality, tolerance, respect for others, and the principles of equal justice govern this imperative. Discrimination on the basis of race, sex, religion, age, disability, national origin, or other such factors is an explicit violation of ACM policy and will not be tolerated.
Inequities between different groups of people may result from the use or misuse of information and technology. In a fair society,all individuals would have equal opportunity to participate in, or benefit from, the use of computer resources regardless of race, sex, religion, age, disability, national origin or other such similar factors. However, these ideals do not justify unauthorized use of computer resources nor do they provide an adequate basis for violation of any other ethical imperatives of this code.
1.5 Honor property rights including copyrights and patent.
Violation of copyrights, patents, trade secrets and the terms of license agreements is prohibited by law in most circumstances. Even when software is not so protected, such violations are contrary to professional behavior. Copies of software should be made only with proper authorization. Unauthorized duplication of materials must not be condoned.
1.6 Give proper credit for intellectual property.
Computing professionals are obligated to protect the integrity of intellectual property. Specifically, one must not take credit for other's ideas or work, even in cases where the work has not been explicitly protected by copyright, patent, etc.
1.7 Respect the privacy of others.
Computing and communication technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Furthermore, procedures must be established to allow individuals to review their records and correct inaccuracies.
This imperative implies that only the necessary amount of personal information be collected in a system, that retention and disposal periods for that information be clearly defined and enforced, and that personal information gathered for a specific purpose not be used for other purposes without consent of the individual(s). These principles apply to electronic communications, including electronic mail, and prohibit procedures that capture or monitor electronic user data, including messages,without the permission of users or bona fide authorization related to system operation and maintenance. User data observed during the normal duties of system operation and maintenance must be treated with strictest confidentiality, except in cases where it is evidence for the violation of law, organizational regulations, or this Code. In these cases, the nature or contents of that information must be disclosed only to proper authorities.
1.8 Honor confidentiality.
The principle of honesty extends to issues of confidentiality of information whenever one has made an explicit promise to honor confidentiality or, implicitly, when private information not directly related to the performance of one's duties becomes available. The ethical concern is to respect all obligations of confidentiality to employers, clients, and users unless discharged from such obligations by requirements of the law

2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.

As an ACM computing professional I will ....
2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.
Excellence is perhaps the most important obligation of a professional. The computing professional must strive to achieve quality and to be cognizant of the serious negative consequences that may result from poor quality in a system.
2.2 Acquire and maintain professional competence.
Excellence depends on individuals who take responsibility for acquiring and maintaining professional competence. A professional must participate in setting standards for appropriate levels of competence, and strive to achieve those standards. Upgrading technical knowledge and competence can be achieved in several ways:doing independent study; attending seminars, conferences, or courses; and being involved in professional organizations.
2.3 Know and respect existing laws pertaining to professional work.
ACM members must obey existing local, state,province, national, and international laws unless there is a compelling ethical basis not to do so. Policies and procedures of the organizations in which one participates must also be obeyed. But compliance must be balanced with the recognition that sometimes existing laws and rules may be immoral or inappropriate and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept responsibility for one's actions and for the consequences.
2.4 Accept and provide appropriate professional review.
Quality professional work, especially in the computing profession, depends on professional reviewing and critiquing. Whenever appropriate, individual members should seek and utilize peer review as well as provide critical review of the work of others.
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.
Computer professionals must strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Computer professionals are in a position of special trust, and therefore have a special responsibility to provide objective, credible evaluations to employers, clients, users, and the public. When providing evaluations the professional must also identify any relevant conflicts of interest, as stated in imperative 1.3.
As noted in the discussion of principle 1.2 on avoiding harm, any signs of danger from systems must be reported to those who have opportunity and/or responsibility to resolve them. See the guidelines for imperative 1.2 for more details concerning harm,including the reporting of professional violations.
2.6 Honor contracts, agreements, and assigned responsibilities.
Honoring one's commitments is a matter of integrity and honesty. For the computer professional this includes ensuring that system elements perform as intended. Also, when one contracts for work with another party, one has an obligation to keep that party properly informed about progress toward completing that work.
A computing professional has a responsibility to request a change in any assignment that he or she feels cannot be completed as defined. Only after serious consideration and with full disclosure of risks and concerns to the employer or client, should one accept the assignment. The major underlying principle here is the obligation to accept personal accountability for professional work. On some occasions other ethical principles may take greater priority.
A judgment that a specific assignment should not be performed may not be accepted. Having clearly identified one's concerns and reasons for that judgment, but failing to procure a change in that assignment, one may yet be obligated, by contract or by law, to proceed as directed. The computing professional's ethical judgment should be the final guide in deciding whether or not to proceed. Regardless of the decision, one must accept the responsibility for the consequences.
However, performing assignments "against one's own judgment" does not relieve the professional of responsibility for any negative consequences.
2.7 Improve public understanding of computing and its consequences.
Computing professionals have a responsibility to share technical knowledge with the public by encouraging understanding of computing, including the impacts of computer systems and their limitations. This imperative implies an obligation to counter any false views related to computing.
2.8 Access computing and communication resources only when authorized to do so.
Theft or destruction of tangible and electronic property is prohibited by imperative 1.2 - "Avoid harm to others." Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files associated with those systems, without explicit authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another's computer system, software, or data files without permission. One must always have appropriate approval before using system resources, including communication ports, file space, other system peripherals, and computer time.

3. ORGANIZATIONAL LEADERSHIP IMPERATIVES.

As an ACM member and an organizational leader, I will ....
BACKGROUND NOTE:This section draws extensively from the draft IFIP Code of Ethics,especially its sections on organizational ethics and international concerns. The ethical obligations of organizations tend to be neglected in most codes of professional conduct, perhaps because these codes are written from the perspective of the individual member. This dilemma is addressed by stating these imperatives from the perspective of the organizational leader. In this context"leader" is viewed as any organizational member who has leadership or educational responsibilities. These imperatives generally may apply to organizations as well as their leaders. In this context"organizations" are corporations, government agencies,and other "employers," as well as volunteer professional organizations.
3.1 Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.
Because organizations of all kinds have impacts on the public, they must accept responsibilities to society. Organizational procedures and attitudes oriented toward quality and the welfare of society will reduce harm to members of the public, thereby serving public interest and fulfilling social responsibility. Therefore,organizational leaders must encourage full participation in meeting social responsibilities as well as quality performance.
3.2 Manage personnel and resources to design and build information systems that enhance the quality of working life.
Organizational leaders are responsible for ensuring that computer systems enhance, not degrade, the quality of working life. When implementing a computer system, organizations must consider the personal and professional development, physical safety, and human dignity of all workers. Appropriate human-computer ergonomic standards should be considered in system design and in the workplace.
3.3 Acknowledge and support proper and authorized uses of an organization's computing and communication resources.
Because computer systems can become tools to harm as well as to benefit an organization, the leadership has the responsibility to clearly define appropriate and inappropriate uses of organizational computing resources. While the number and scope of such rules should be minimal, they should be fully enforced when established.
3.4 Ensure that users and those who will be affected by a system have their needs clearly articulated during the assessment and design of requirements; later the system must be validated to meet requirements.
Current system users, potential users and other persons whose lives may be affected by a system must have their needs assessed and incorporated in the statement of requirements. System validation should ensure compliance with those requirements.
3.5 Articulate and support policies that protect the dignity of users and others affected by a computing system.
Designing or implementing systems that deliberately or inadvertently demean individuals or groups is ethically unacceptable. Computer professionals who are in decision making positions should verify that systems are designed and implemented to protect personal privacy and enhance personal dignity.
3.6 Create opportunities for members of the organization to learn the principles and limitations of computer systems.
This complements the imperative on public understanding (2.7). Educational opportunities are essential to facilitate optimal participation of all organizational members. Opportunities must be available to all members to help them improve their knowledge and skills in computing, including courses that familiarize them with the consequences and limitations of particular types of systems.In particular, professionals must be made aware of the dangers of building systems around oversimplified models, the improbability of anticipating and designing for every possible operating condition, and other issues related to the complexity of this profession.

4. COMPLIANCE WITH THE CODE.

As an ACM member I will ....
4.1 Uphold and promote the principles of this Code.
The future of the computing profession depends on both technical and ethical excellence. Not only is it important for ACM computing professionals to adhere to the principles expressed in this Code, each member should encourage and support adherence by other members.
4.2 Treat violations of this code as inconsistent with membership in the ACM.
Adherence of professionals to a code of ethics is largely a voluntary matter. However, if a member does not follow this code by engaging in gross misconduct, membership in ACM may be terminated.
 copywrite: 
http://en.wikibooks.org/wiki/Ethics_for_IT_Professionals/Professional_Code_of_Ethics#
https://www.aitp.org/?page=EthicsConduct
https://www.sans.org/security-resources/ethics.php
https://mistercomputer.com/2010/06/09/code-of-ethics-of-the-filipino-it-professionals/