WHAT YOU SHOULD KNOW ABOUT COMMONLY USED COMPUTER ATTACKS

Very frequently, computer and network security is not really considered about until a real problem occurs. By this time it might be too late because the violation in security can cause massive and possibly damaging complications to your computers. The data present in our computers can be exploited by unauthorized invasions. Prevention of data theft like passwords, bank account numbers or credit card information is vital to our day-to-day life as many of our activities depend on the security of the data paths. Such data theft can lead to identity theft. The most widely used attacks against a computer system are malware, adware, phishing and many more.

Malware

Malware is a shortened term for malicious software. Malicious software is precisely designed to damage a computer or gain access without the owner actually knowing it. There are numerous kinds of malware; worms, keyloggers, spyware, or any kind of malicious code that penetrates a computer. Normally, the software is reflected as malware based on the intent of the maker rather than its real characteristics. There are numerous reasons that can make computers more exposed to malware attacks. It could be because of the flaws in the operating system design, running all of the computers on a network through the same operating system (OS), giving unauthorized user permissions to the system or network. It could also be because of using the Windows operating system as it has gained more popularity throughout the years and it gets the most malware written for it. The greatest defense from malware is to be cautious about what email attachments one opens, be careful when using the Internet, do not open unknown or suspicious websites, and make sure to install and maintain software updates in your computer as they have new updates to block malware to fix bugs and make sure to buy a quality antivirus program.

Adware

Adware is a shortened term for Advertising Supported Software. Adware is used when referencing any kind of program that downloads or shows unsolicited banner commercials in the software being used. Adware is frequently shoved within software a computer owner buys. The creators of these applications incorporate added code that delivers the advertisements, that is viewed through pop-up windows or through a bar that emerges on a computer screen. The explanation for the adware is that it supports in recovering development expense and it also supports to hold down the cost for the user. The adware has been critiqued highly because it typically includes code that tracks the user's private information and passes it on to third parties, without the user's permission or awareness. There is antivirus software that is available in the market, which can detect and remove spyware. Some of those antivirus software’s are Kaspersky, ESET, AVG and McAfee.

Phishing

When impostors through the Internet impersonate as a business to trick you into giving out your private information, it is called phishing. In order to capture the user’s login and password credentials, the imposters incorporate a URL in a spam e- mail that links to a bogus Web site controlled by the imposter, but that imitates the login page of some gaming, banking or similar site. This is typically incorporated in some message telling that critical action is needed by the user to validate their account, to avoid it from being locked. If the users are insensitive and do not comprehend that they are being tricked, then following the link and providing the requested specifics could surely result in the imposters abusing the users account using the captured credentials. Deleting emails and text messages that request you to verify or provide private information like social security number, bank account numbers, credit card and passwords would be the wise step to take as legitimate companies do not request for this kind of sensitive information through text or email.

References

Case, D. W. (2013). Business Data Communications: Infrastructure, Networking and Security (7th Edition ed.). Upper Saddle River, NJ: Pearson Education, Inc.

DII Consulting. (2015, n.d n.d). Photo Credit: Computer Repair: DIY Malware Removal. Retrieved February 04, 2016, from DII Consulting – Computer Repair & Web Design: http://www.diiconsulting.com/computer-repair-diy-malware-removal/

Robinson, B. (2015, n.d n.d). Photo Credit: Decoding Malware at Sonoma State. Retrieved February 04, 2016, from KRCB North Bay Public Media: http://radio.krcb.org/post/decoding-malware-sonoma-state

Rouse, M. (2015, n.d n.d). Adware. Retrieved February 05, 2016, from Search Security TechTarget: http://searchsecurity.techtarget.com/definition/adware

Symantec. (2010, n.d n.d). What is malware and how can we prevent it? Retrieved February 05, 2016, from PC Tools by Symantec: http://www.pctools.com/security-news/what-is-malware/

ENCRYPTION

When we hear of data security, one of the terms we hear most often is encryption. But how many people does actually know what encryption is? Let’s get to know about encryption a little bit more.

The word encryption is derived from the Greek word kryptos, which means concealed or secret. The encryption use is almost as ancient as the art of communication itself. Before the introduction of the Diffie-Hellman key exchange and RSA algorithms, governments and their armies were the only real users of encryption. With the introduction of Diffie-Hellman and RSA led to the extensive use of encryption in the consumer and commercial areas to safeguard data both being sent across a network, which is called the data in transit and stored on flash drive, smartphone or a hard drive which is called data at rest.

Encryption is the method of changing an original message into an arrangement that cannot be used by unsanctioned persons. With this procedure, anybody that does not have the understanding and equipment to change an encrypted message back to its original format will be incapable of deciphering it. The science of encryption is known as cryptology and it incorporates two disciplines, which is known as cryptography and cryptanalysis. Cryptography comprises of procedures that is involved in coding and deciphering messages so that others cannot comprehend them. Cryptanalysis is the procedure of decrypting the original message or plaintext from an encoded message or ciphertext without the knowledge of keys and algorithms used to perform the encryption.

Data that is frequently signified to as the plaintext is encrypted using an encryption algorithm and an encryption key. This procedure creates ciphertext, which can only be viewed, in its original form if decrypted with the right key. Decryption is merely the opposite of encryption, following the same procedure but reversing the order in which the keys are applied. Currently encryption algorithms are separated into two categories: symmetric and asymmetric. Symmetric encryption algorithms can be separated into stream ciphers and block ciphers. Stream ciphers encrypt a single bit of plaintext at a time, while block ciphers take a number of bits, which is normally 64 bits in modern ciphers, and encrypt them as a single unit. Some of the example of common symmetric encryption algorithms is blowfish, cast 5, serpent etc. Asymmetric encryption algorithms also known as public key algorithms, on the other hand use different keys for encryption and decryption. The decryption key cannot be derived from the encryption key. Public key procedures are significant as they can be used for transmitting encryption keys or other data securely even when the parties have no chance to concur on a secret key in private. Some of the common asymmetric encryption algorithms are RSA encryption algorithm, Diffie-Hellman, Digital Signature Algorithm etc.

The knowledge of the distinctive states of data can be of help in choosing the kinds of encryption and security measures that are suitable for protecting it. There are three fundamental states of data: data at rest, data in motion, and data in use. Data at rest is a term that signifies to data stored on a device or backup medium in any arrangement. It can be data stored on hard drives, in offsite cloud backup, backup tapes, or even on mobile devices. It makes it a data at rest because it is an inactive data that is not presently being transferred across a network or actively being read or processed. Data at rest is normally in a constant state. The second stage of data is data in motion. It is a data that is presently moving across a network or sitting in a computer’s RAM prepared to be read, updated, or processed. Data passing through the networks from local to cloud storage or from a central mainframe to a remote terminal must be encrypted so that it becomes impossible to read or be manipulated by hacker or any machine amid the data’s destination and the source. This data in motion contains data moving through cables and wireless transmission and it can also be emails or files transferred over FTP or SSH. The third stage is the data in use. It is a data that is not just being kept inactively on an external storage media or hard drive but is being processed by one or more applications. The data is presently in the process of being created, updated, added, or deleted. It also comprises data being watched by users retrieving it through numerous endpoints. Data in use is vulnerable to different kinds of threats contingent upon where it is in the system and who is able to use it. The most defenseless point for data in use is at the endpoints where users are able to access and interact with it.

Data at rest may exist on any kind of long-lasting storage media, such as disk or tape. The media is protected using encryption procedures, which gives the advantage of preventing it from reading or writing of data without the accurate decryption key. Algorithms used in encryption guarantees that reading data without the right key is almost impossible. One of the big disadvantages of encrypting a data at rest as it relates to keys is that the security of data turns out to be the security of the encryption key. If one looses that security key then they successfully lose the data. Encrypting data and generating the keys is essential to encrypt and decrypt the data and it can be very expensive. Regardless of the type of encryption used, the systems performing the heavy lifting must have accessible resources.

References

ASPG. (2015, n.d n.d). The Three States of Digital Data. Retrieved January 28, 2016, from Advanced Software Products Group: http://aspg.com/three-states-digital-data/#.VVdx01yNQRY

E&D.com. (2015, n.d n.d). Encryption Algorithms. Retrieved January 28, 2016, from Encryption and Decryption.com: http://www.encryptionanddecryption.com/algorithms/encryption_algorithms.html

Mattord, M. E. (2014). Management of Information Security (Fourth ed.). Stamford, Connecticut: Cengage Learning.

Rouse, M. (2015, n.d n.d). Encryption. Retrieved January 28, 2016, from Tech Target Search Security: http://searchsecurity.techtarget.com/definition/encryption

Tangient LLC. (2015, n.d n.d). Encryption Advantages and Disadvantages. Retrieved January 28, 2016, from Networking116: http://networking116.wikispaces.com/Encryption+Advantages+and+Disadvantages

Rakhmanov, M. (2011, February 23). Picture Credit: Network Encryption in Modern Relational Database Management Systems. Retrieved January 28, 2016, from Team Shatter: http://www.teamshatter.com/topics/general/team-shatter-exclusive/network-encryption-in-modern-relational-database-management-systems/ 

COMMONLY DEFINED CYBERCRIME CATEGORIES

     Last week, we talked about some of the information on the most common Internet crimes that takes place on a regular basis. This week, we will talk about most commonly defined cybercrimes.

So what are they? If you haven’t already guessed, here are some.

In the world of technological advancement and the increasing dependence on the technology, cybercrime can occur anytime and anyplace. There are several methods that criminals use to commit a cybercrime. Cybercrime however depends on the skill-set and nature of the criminal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or 'cyber' aspect. Most commonly defined cybercrimes are categorized into four types: The Computer as a Target, The Computer as an Instrument of a Crime, The Computer as Incidental to Crime, and Crimes Associated with the Prevalence of Computer.

The Computer as a Target: The offender uses the computer to obtain information or to damage operating programs in this nature of crime. Crimes related to the computer as a target include theft of intellectual property, theft of marketing information, stealing (personal, business, and the government) data by gaining the access to the owner’s computer. Accessing the confidential government records is another crime that targets the computer directly. Most concurrent examples of this crime that were see and hear about on a daily basis are manipulating the criminal history data of an individual, creating a fake legal documents, deleting the negative records from the tax and credit history and tampering and interfering with the proprietary information.

The Computer as the Instrumentality of the Crime: Computer as the Instrumentality of the Crime defines the criminal activities where the computer analytical processes are manipulated or tampered by the programs designed by the criminals. New programming codes are introduced to break the existing process and get access to the data. In this category, the processes of the computer facilitate the crime. Crimes in this category include fraudulent use of Debit/Credit cards and accounts, theft of money from accrual, money transfer tampering, credit card fraud, computer transactions and telecommunications fraud.

Computer is Incidental to Other Crimes: In incidentals, computers are only related to the criminal act but are not essential for the crime. In this scenario, crime can take place without the use of technology and even if it does, it only acts as a catalyst to the entire crime. It make the crime to occur at a faster pace, provides more information to the criminals and ultimately helps in concealing the identity of the criminal by making it difficult to identify the criminal. Changing a patient’s medication by hacking into the computer system is an example of a crime where computer has worked as an incidental than the crime itself.

Crimes Associated With the Prevalence of Computers: In the world of computation and technology, criminal activities are not only limited to the traditional crimes. Technological growth has invited the new series of criminal activities. Software piracy, distributions of software without permission, unlawful copy of the software are few examples of criminal activities that fall under this category. Common example of such crime can be seen on the third world countries where we find the huge trades of copyright software are being reproduced and sold on a daily basis. In international market, the price of the original computer software is reasonably high. In such countries, people depend on illegal software because of the high price. Software companies are losing a significant amount of money.

References

RCMC. (2014, December 14). Cybercrime: an overview of incidents and issues in Canada. Article and Photo Credit: Retrieved January 20, 2016, from Royal Canadial Mounted Police: http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-eng.htm

Symantec Corporation. (2015, n.d-n.d). What is Cyber Crime. Retrieved January 20, 2016 from Symantec Corporation: http://us.norton.com/cybercrime-definition

Ngubeni, T. (2014, 14-November). Photo Credit: How cyber-crime-as-a-service stays alive. Retrieved January 20, 2016 from IT Web: http://www.itweb.co.za/index.php?option=com_content&view=article&id=139316

TOI. (2014, 28-December). Photo Credit: India logs 40 per cent annual increase in cyber crime cases. Retrieved January 20, 2016 from The Economic Times: http://articles.economictimes.indiatimes.com/2014-12-28/news/57462649_1_cyber-crime-cyber-attack-cyber-space

INTERNET AND CRIME

Just like the different form of physical crimes (murder, arson, robbery etc.) that we hear about on a regular basis, there are many virtual crimes that takes place over the Internet.

How many of you are aware of cybercimes?  

If you are not aware, here are some of the information on the most common Internet crimes that takes place on a regular basis. These are only few. But, keep in mind that they are not limited to the list below.

The past decades have brought a massive increase in the availability of electronic resources. With the increased availability has come a new form of criminal activity that takes gain from electronic resources, namely computer crime and computer fraud. Today, these new forms of crime are developing and pose a new and lasting challenge to law enforcement agencies at all levels including how to prevent, investigate, and prosecute these crimes. Law enforcement agencies from local all the way to the federal level are beginning to establish specific units dedicated to handling computer-related offenses. But currently there is no uniform method to define or address computer crime and computer fraud. Technologies such as cellular phones, iPad, desktop computers, the Internet, websites, have added a whole new aspect to crime. Many categories of crimes, such as fraud, theft, organized crime rings, prostitution, harassment, stalking, and child pornography have been fused into the digital world. Offenders find new opportunities to perpetrate their crimes using this new digital medium.

Internet piracy is better known form of theft in a digital world. Piracy is the act of replicating or reproducing copyrighted material without consent or approval. For the past few years, private and law enforcement organizations have been putting a concentrated effort on stopping this offense. Organizations such as the Recording Industry and the Motion Picture routinely engage in both civil as well as criminal lawsuits to curb piracy. The Motion Picture alone estimates its potential revenue loss because of piracy to be over three billion dollars a year.

Internet fraud is another most quickly growing forms of computer crime. Internet fraud is also commonly stated as Computer fraud. Basically, Computer or Internet fraud is any type of fraud scheme that uses one or more components of the Internet-such as chat rooms, e-mail, social network, or world wide web to present fraudulent transactions to financial institutions or to others connected with the scheme. There are multiple forms of Internet fraud. One form of Internet Fraud is the Nigerian e-mail fraud. In this particular crime, the victim receives e-mail from someone in Nigeria, who happens to be the heir to millions of dollars. The e-mail recipient is made to believe that they are to receive some of the fortune but in exchange they need to help them with a lawyer’s fee of several thousand dollars in order to claim the money. The people who fall prey to this crime send their money through Money Gram, Western Union and others sources thinking that their luck changed. They believe that soon they are going to get thousands of dollars but they never receive their expected fortunes.

Another form of Internet crime is spam mail. Spam mail is the dispersal of bulk e-mail that offers recipients deals on products or services. The purpose of spam mail is to trick people into believing that they are going to receive product or service at a low-price. For example, the cost of the Mac Book Pro is $1200 in the market. The spam mail leads them to believe or gives them an offer that they will receive the Mac Book Pro for $500 if they order within certain minute or hour. People actually fall into this trick. However, before the deal can occur, the sender of the spam asks for payment, the recipients’ credit card number or other personal information. The customer will enter their payment information on the computer and never receive the product nor hear from the spammer.

Individuals all over the world use the Internet to commit numerous amounts of crimes, some of it is not known to public and they cannot even imagine that it is capable of being done electronically. As a result, it is challenging to establish the full scope and nature of Internet crime. The absence of suitable empirical evidence creates an intimidating challenge to precisely establish the course of Internet crime rates, and the psychological, physical and financial results on Internet crime victims.

References

Aung, Y. (2013, May 19). Photo Credit: Internet Piracy . Retrieved January 14, 2016, from Prezi: https://prezi.com/ve-1csnrvh7m/internet-piracy-ye-aung/

Elgin, C. (2014, January 16). Photo Credit: Fraud Knowledge & Prevention. Retrieved January 14, 2016, from William Vaughan Company: http://blog.wvco.com/tag/internet-fraud/

Emaze. (n.d, n.d n.d). Photo Credit: The Internet Age And... Retrieved January 14, 2016, from Emaze Amazing Presentation: https://www.emaze.com/@AORFQFFR/The-Internet-Age-and-Cybercrime(1).pptx

Kunz, M., & Wilson, P. (2004,16-February). Computer Crime and Computer Fraud. Retrieved 2016, 12-January from montgomerycounty: http://www.montgomerycountymd.gov/content/cjcc/pdf/computer_crime_study.pdf

Schweber, A. (2012, July 11). Beward Pop-Up Software Updates While. Retrieved January 12, 2016, from Absolute Software Corporation: http://blogs.absolute.com/lojack-for-laptops/2012/07/beward-pop-up-software-updates-while-traveling/

UPENN. (2010, April 23). Photo Credit: Junk E-mail and Newsgroup Postings, a.k.a. "spam". Retrieved January 14, 2016, from Information Systems and Computing, University of Pennsylvania: http://www.upenn.edu/computing/security/advisories/spam.php