Introduction to Computing
Identity Theft
Impersonation by private information to obtain documents and credit in your name
- Thief can ‘become’ the victim
Reported incidents rising
Methods of stealing information
- Shoulder surfing
- Snagging
- Dumpster diving
- Social engineering
- High-tech methods
Loss of privacy
Personal information is stored electronically
Purchases are stored in a database
- Data is sold to other companies
Public records on the Internet
Internet use is monitored and logged
- monitoring activity can be carried out on your computer or a connected server
- Data about when you visited, what you looked at, and how long you stayed is used by most commercial Web sites “online profiling”
None of these techniques are illegal
Online Spying
Software downloaded to a computer
Designed to record personal information
can track a computer user’s activities and report them to someone else
Typically undesired software
Hides from users
Several programs exist to eliminate
Another common term for spyware is adware,
- Internet advertising is a common source of spyware
Cookies
Cookies are named after the ‘magic cookie’ a small text file that a Web server asks your browser to place on your computer
Cookie contains information that identifies your computer (its IP address), you (your user name or e-mail address), and information about your visit to the Web site..
Files delivered from a web site
Originally improved a site’s function
Cookies now track history and passwords
Browsers include cookie blocking tools
Web bugs
Small GIF format image file embedded in web page or HTML format e-mail
Behind the tiny image lies code that functions in much the same way as a cookie, allowing the bug’s creator to track many of your online activities.
A bug can record
- what Web pages you view
- keywords you type into a search engine
- personal information you enter in a form on a Web page, and other data.
Because Web bugs are hidden, they are considered by many to be eavesdropping devices
Gets around cookie blocking tools
Companies use to track usage
Blocked with spyware killers
Spam
is Internet “ junk mail.”
Unsolicited commercial email (UCE)
Almost all spam is commercial advertising
Networks and PCs need a spam blocker
- Stop spam before reaching the inbox
Spammers acquire addresses using many methods
- Purchasing lists of e-mail addresses through brokers.
- “Harvesting” e-mail addresses from the Internet.
- Generating random strings of characters in an attempt to match legitimate addresses
Online Theft, Online Fraud, and Other Dot Cons
- Dot Con
–A fraud or scam carried out through the Internet
–The Internet Crime Complaint Center received and processed more than 24,000 complaints per month in 2012
- Data or Information Theft
–Theft of data or information located on or being sent from a computer
–Can occur in several ways
- Stealing an actual computer or mobile device
- A hacker gaining unauthorized access
- Identity Theft
–Using someone else’s identity to purchase goods or services, obtain new credit cards or bank loans, or illegally masquerade as that individual
–Information obtained via documents, stolen information, spyware, etc.
–Expensive and time consuming to recover from
–Millions of Americans have their identity stolen each year
- Phishing
–Use of spoofed e-mail messages to gain credit card numbers and other personal data
- Spear Phishing
–A personalized phishing scheme targeted to specific individuals
- Social Media Hacks
–The act of accessing someone else’s social media account to make changes to the content or to perform an activity as that individual
- Pharming
–The use of spoofed domain names to obtain personal information
–DNS servers are hacked to route requests for legitimate Web pages to spoofed Web pages (DNS poisoning)
- Drive-by Pharming
–Hacker changes the victims designated DNS server to the pharmer’s DNS server
- Online Auction Fraud
–Occurs when an item purchased through an online auction is never delivered or the item is not as specified
–Illegal, but as with other types of online fraud, prosecution is difficult
- Other Internet Scams
–Loan and pyramid scams
–Work-at-home cons
–Nigerian letter fraud scheme
–Pornographic sites
–Fake job site postings
Threats to Hardware
Affect the operation or reliability
Power-related threats
- Power fluctuations
▪Power spikes or browns out
- Power loss
- Can result in loss of data
Countermeasures
▪Surge suppressors
▪Line conditioners
▪Uninterruptible power supplies
▪Generators
Theft and vandalism
- Thieves steal the entire computer
- Accidental or intentional damage
- Countermeasures
▪Keep the PC in a secure area
▪Lock the computer to a desk
▪Do not eat near the computer
▪Watch equipment
▪Chase away loiterers
▪Handle equipment with care
Unauthorized Access and Unauthorized Use
- Unauthorized Access
–Gaining access to a computer, network, file, or other resource without permission
- Unauthorized Use
–Using a computer resource for unapproved activities
- Both can be committed by insiders and outsiders
- Codes of Conduct
–Used to specify rules for behavior, typically by a business or school
- Hacking
–Using a computer to break into another computer
system
- A serious threat for individuals, businesses, and the country (national security), i.e., cyberterrorism
- Often performed via wireless networks today
– Many wireless networks are left unsecured
- War Driving
–Driving around an area to find a Wi-Fi network to access and use without authorization
–Wi-Fi Piggybacking
- Accessing an unsecured Wi-Fi network from the hacker’s current location without authorization
- Interception of Communications
–Unsecured messages, files, logon information, etc., can be intercepted using software designed for that purpose
–New trend: intercept credit and debit card information during the card verification process
- Packetsniffing software
- Access Control Systems
–Used to control access to facilities, computer networks, company databases, and Web site accounts
–Identification Systems
- Verify that the person trying to access the facility or system is an authorized user
–Authentication Systems
- Determine if the person is who he or she claims to be
- Possessed Knowledge Access Systems
–Use information that only the authorized user should know
- Typically passwords
- Passwords should be strong and changed frequently
- Typically used in conjunction with usernames
–Disadvantages
- Passwords can be forgotten
- If known, password can be used by someone who is not an authorized user
–Cognitive Authentication Systems
- Use information the individual knows or can easily remember (birthplace, pet names, etc.)
- Used in many password recovery systems
- Two-Factor Authentication
–Using two different methods to authenticate users
- Typically possessed knowledge (password) with either
–Biometric Feature – something you are
–Possessed Object – something you have
- Hard token – physical object used
- Soft token – supplies a one-time password (OTP)
- Controlling Access to Wireless Networks
–In general, Wi-Fi is less secure than wired networks
–Security is usually off by default; wireless networks should be secured
–Wireless network owners should:
- Change the router’s default password
- Enable encryption (WPA2 is more secure than WPA)
- Enable other security features as needed
– Can hide network name (SSID)
Securing a Wireless Home Router
–Use router’s configuration
screen
–Be sure to change the access password
–Enter the SSID name, select the security mode, and type a secure passphrase
–Can use MAC filtering
- Firewalls
–A collection of hardware and/or software intended to protect a computer or computer network from unauthorized access
–Typically two-way, so they check all incoming (from the Internet) and outgoing (to the Internet) traffic
–Important for home computers that have a direct Internet connection, as well as for businesses
–Work by closing down external communications ports
- Intrusion Prevention System (IPS) Software
–Monitors traffic to try and detect possible attacks
–If an attack is discovered, IPS software can immediately block it
- Encryption
–Method of scrambling contents of e-mail or files to make
them unreadable if intercepted
–Secure Web pages use encryption
- SSL and EV SSL
Threats to Hardware
¡Natural disasters
- Disasters differ by location
- Typically result in total loss
- Disaster planning
▪Be aware that a disaster could strike
▪Anticipate it when conditions are right
▪Plan for recovery
▪List potential disasters
▪Plan for all eventualities
▪Practice all plans
Example of natural disaster
floods, lightning storms, snow storms, earthquake, forest fires, failure in building structure, war and terrorism
Threats to Data
- Data, Program, or Web Site Alteration
–Sabotage occurs when a hacker breaches a computer system in order to delete/change data or modify programs
–Student changing grades
–Employee performing vengeful acts, such as deleting or changing corporate data
–Data on Web sites can also be altered
- Hacking into and changing social networking account contents (Facebook pages, Twitter tweets, etc.)
- Altering legitimate site to perform malware attacks
- Mobile Malware
–Can infect smartphones, media tablets, printers, etc.
–Smartphones with Bluetooth are particularly vulnerable to attack
–Mobile threats are expected to continue to increase
- Denial of Service (DoS) Attacks
–Act of sabotage that attempts to flood a network server or Web server with so much activity that it is unable to function
–Distributed DoS Attacks target popular Web sites and use multiple computers
- Computer Viruses
–A software program installed without the user’s knowledge and designed to alter the way a computer operates or to cause harm to the computer system
–Often embedded in downloaded programs and e-mail messages (games, videos, music files)
- Computer Worm
–Malicious program designed to spread rapidly by sending copies of itself to other computers via a network
–Typically sent as an e-mail attachment
Malware describes viruses, worms, Trojan horse attack applets, and attack scripts.
- These virulent programs represent the most common threat to your information
Viruses
- Pieces of a computer program (code) that attach themselves to host programs.
- Software that distributes and installs itself
- Ranges from annoying to catastrophic
- Countermeasures
▪Anti-virus software
▪Popup blockers
▪Do not open unknown email
Categories of Viruses
Bimodal, Bipartite, or Multipartite Viruses
- Can infect both files and the boot sector of a disk
Time bomb
- Hides on the victim’s disk and waits until a specific date (or date and time) before running
Logic bomb
- May be activated by a date, a change to a file, or a particular action taken by a user or a program
Stealth Viruses
- Take up residence in the computer’s memory, making them hard to detect
- Can conceal changes they make to other files, hiding the damage from the user and the operating system
Boot Sector Viruses
- regarded as one of the most hostile types of virus
- infects the boot sector of a hard or floppy disk
- This area of the disk stores essential files the computer accesses during startup.
- moves the boot sector’s data to a different part of the disk.
- When the computer is started, the virus copies itself into memory where it can hide and infect other disks
- allows the actual boot sector data to be read as though a normal start-up were occurring
¡Cluster Viruses
- makes changes to a disk’s file system
- If any program is run from the infected disk, the program causes the virus to run as well
- creates the illusion that the virus has infected every program on the disk
E-mail viruses
- transmitted via email messages sent across private networks or the Internet
- Some e-mail viruses are transmitted as an infected attachment—a document file or program that is attached to the message
File-Infecting Viruses
- infects program files on a disk (such as .exe or .com files)
- When an infected program is launched, the virus’s code is also executed
Macro virus
- designed to infect a specific type of document file, such as Microsoft Word or Excel files
- can do various levels of damage to data from corrupting documents to deleting data
Polymorphic, Self-Garbling, Self-Encrypting, or Self-Changing Viruses
- can change itself each time it is copied, making it difficult to isolate
Threats to Data: Malicious Program
- Trojan Horse
–Malicious program that masquerades as something else
–Usually appears to be a game or utility program
–Cannot replicate themselves; must be
downloaded and installed
–Rogue antivirus programs (scareware) are common today
–Ransomware
- Computer Crime (cybercrime)
–Any illegal act involving a computer, including:
- Theft of financial assets
- Manipulating data for personal advantage
- Act of sabotage (releasing a computer virus, shutting down a Web server)
- Phishing and Internet scams
- All computer users should be aware of security concerns and the precautions that can be taken
Categories of Cybercrime
Cyberextortionist is someone who uses e-mail as a vehicle for extortion
- send an organization a threatening e-mail message indicating they will
▪expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization’s network — if they are not paid a sum of money
Cyber terrorist is someone who uses the Internet or network to destroy or damage computers for political reasons
- might target the nation’s air traffic control system, electricity-generating companies, or a telecommunications infrastructure
- Cyber warfare, describes an attack whose goal ranges from disabling a government’s computer network to crippling a country
Cyber Bullying
- Children or teenagers bullying other children or teenagers via the Internet
Cyber Stalking
- Repeated threats or harassing behavior between adults carried out via e-mail or another Internet communication method
- Protecting Against Data and Information Theft
–Businesses should use good security measures
–Individuals should not give out personal information (Social Security number, mother’s maiden name, etc.) unless absolutely necessary
- Protecting Against Identity Theft, Phishing, and Pharming
–Shred documents containing sensitive data, credit card offers, etc.
–Order a full credit history on yourself a few times a year to check for accounts listed in your name
–Don’t place sensitive outgoing mail in your mailbox
–Watch bills and credit report to detect identity theft early
–Never click a link in an e-mail message to go to a secure Web site—always type the URL in the browser instead
–Antiphishing Tools
- Antiphishing tools built into Web browsers can help warn you of potential phishing sites
- Some secure sites use additional layers of security to protect against identity thieves
- Some banks and other financial institutions add an
¡additional step in their logon process
- Digital Certificate
–Group of electronic data that can be used to verify the identity of a person or organization
–Obtained from Certificate Authorities
–Typically contains identity information about the person or organization, an expiration date, and a pair of keys to be used with encryption and digital signatures
–Are also used with secure Web sites to guarantee that the site is secure and actually belongs to the stated individual or organization
- Can be SSL or EV SSL
- Digital signatures
–Unique digital codes that can be attached to an e-mail message or document
–Can be used to verify the identity of the sender
–Can be used to guarantee the message or file has not been changed since it was signed
–Uses public key encryption
- Document is signed with the sender’s private key
- The key and the document create a unique digital signature
- Signature is verified using the sender’s public key
- Protecting Against Online Auction Fraud and Other Internet Scams
–Use common sense
–Check online auction seller’s feedback before bidding
–Pay for online purchases via a credit card so transactions can be disputed if needed
–Use an online payment system
–Take advantage of buyer protection
–Use an escrow service for high-priced items
