Cyber Security Primer IV

 

ATTACKS AND THREATS- I

Dealing with Cyber-bullies

What is cyber-bullying?

Cyber-bullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice.

Forms of cyber-bullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyber-bullying is a growing problem in schools.

Why has cyber-bullying become such a problem?

The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims.

Cyber-bullying may also indicate a tendency toward more serious behavior. While bullying has always been an unfortunate reality, most bullies grow out of it. Cyber-bullying has not existed long enough to have solid research, but there is evidence that it may be an early warning for more violent behavior.

How can you protect yourself?

     Be careful where you post personal information - By limiting the number of people who have access to your contact information or details about your interests, habits, or employment, you reduce your exposure to bullies that you do not know. This may limit your risk of becoming a victim and may make it easier to identify the bully if you are victimized.

     Avoid escalating the situation - Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, if you are receiving unwanted email messages, consider changing your email address. If the bully does not have access to the new address, the problem may stop. If you continue to get messages at your new account, you may have a stronger case for legal action.

     Document the activity - Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy.

     Report cyber-bullying to the appropriate authorities - If you are being harassed or threatened, report the activity to the local authorities. Law enforcement agencies have different policies, but your local police department or CBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors. Depending on the activity, it may also be appropriate to report it to school officials who may have separate policies for dealing with activity that involves students.

Protect your children by teaching them good online habits. Keep lines of communication open with your children so that they feel comfortable telling you if they are being victimized on line. Reduce their risk of becoming cyber-bullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.).

Understanding Hidden Threats: Corrupted Software Files

What types of files can attackers corrupt?

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a web site. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files (such as a particular piece of software running on a particular operating system) or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses. However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including

     interfering with your computer's ability to process information by consuming memory or bandwidth (causing your computer to become significantly slower or even "freeze")

     installing, altering, or deleting files on your computer

     giving the attacker access to your computer

     using your computer to attack other computers

How can you protect yourself?

     Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

     Use caution with email attachments - Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first. Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file.

     Be wary of downloadable files on web sites - Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate. If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.

     Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

     Take advantage of security settings - Check the security settings of your email client and your web browser. Apply the highest level of security available that still gives you the functionality you need.

Understanding Hidden Threats: Rootkits and Botnets

What are rootkits and botnets?

A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it. Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.

Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks

Why are they considered threats?

The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.

Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms.

What can you do to protect yourself?

If you practice good security habits, you may reduce the risk that your computer will be compromised:

     Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.

     Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send. Some operating systems actually include a firewall, but you need to make sure it is enabled.

     Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords.

     Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

     Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection.

Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator. As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system

Preventing and Responding to Identity Theft

Is identity theft just a problem for people who submit information online?

You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.

The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.

How are victims of online identity theft chosen?

Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

Are there ways to avoid being a victim?

Unfortunately, there is no way to guarantee that you will not be a victim of online identity theft. However, there are ways to minimize your risk:

     Do business with reputable companies - Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information.

     Take advantage of security features - Passwords and other security features add layers of protection if used appropriately.

     Check privacy policies - Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.

     Be careful what information you publicize - Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.

     Use and maintain anti-virus software and a firewall - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date.

     Be aware of your account activity - Pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months.

How do you know if your identity has been stolen?

Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:

     unusual or unexplainable charges on your bills

     phone calls or bills for accounts, products, or services that you do not have

     failure to receive regular bills or mail

     new, strange accounts appearing on your credit report

     unexpected denial of your credit card

What can you do if you think, or know, that your identity has been stolen?

Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:

     Contact companies, including banks, where you have accounts - Inform the companies where you have accounts that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. In addition to calling the company, send a letter so there is a record of the problem.

     Contact the main credit reporting companies - Check your credit report to see if there has been unexpected or unauthorized activity. Have a fraud alerts placed on your credit reports to prevent new accounts being opened without verification.

     File a report - File a report with the local police so there is an official record of the incident.

Comments

Post a Comment

Popular posts from this blog

OROP: A DROP IN THE OCEAN 1.  Last few days have seen some unprecedented actions, reactions and lack of action regarding "demand" of OROP by veterans of Indian Armed Forces. Debates on audio and visual media, messages on social media and heated arguments over a glass of beer in messes / clubs have focused on how successive Govts have failed to fulfill long standing demand of OROP, how the wily bureaucrats are putting spokes in its implementation, the base year for calculations and the estimates of budgetary allocations and cash outgo for the treasury. Few enterprising guys have even put up calculated revised pensions for various ranks. People in armed forces - both serving and veterans are agitated that their 'dues' are not being given and that while others like MTNL/BSNL losses of 10000 Cr are being written off, $ 10 Billion aid is being given to Nepal and 6000 Cr worth loans have been waived off, Govt is nickpicking and calculating how it can save a few / few h
Read more

Surgical Strike by Indian Special Forces in POK

1.     Since 1205 hrs on 29 Sep 16 the issue which has been "dissected" by all and sundry specially in Indian Media is the declaration by Lt Gen Ranbir Singh, DGMO of Indian Army that Indian Special Forces conducted surgical strikes inside POK and neutralized terrorists and "those who supported them".  Social media is abuzz like beehive with all kinds of messages being forwarded to all and sundry. Now let me enumerate what happened thereafter:- (a)  Pakistan gave out conflicting statements ranging from flat denial of any such operations, to accepting death of two of its army personnel in cross border" firing (Do they mean LOC is now IB?) to total silence from their Defence Minister who was talking of dropping nuclear bombs on India in case of any military action by India as also Gen Sharief their COAS who retires in a few weeks. Her efforts to raise the matter in UNO have elicited absolutely no response. (b) South Asian Countries gave either thum
Read more