Data Security

Many people these days are afraid of having electronic data stolen or used without their permission. Some of the issues and pros and cons of using electronic media will be explained,and hopefully you will get the impression that a lot of work goes into trying to protect your own data from other’s prying eyes or unscrupulous fingers.

There are also some things you can do yourself to protect your own data,but lets look at some of the places where data may become insecure or where your PC may have “Achilles Heels” and someone may gain access to it.


There are two main areas that you may like to think about.

 


Of these,possibly it is the online case that concerns people the most,since this is usually where they are entering personal details and security numbers and passwords.However,it maybe worth thinking about how to protect your computer even when it is not connected to the internet.

When connecting to the internet you may like to consider the following stories which raise issues about data security (taken from www.geocities.com/templarser/metro30.html)


I was a teenage hacker

Threat:Children can be hackers Picture posed by model

The arrest of Briton Gary McKinnon, accused of hacking into computer systems at the Pentagon and Nasa, has again thrown the spotlight on the world of hi-tech crime. The problems he allegedly perpetrated cost more than £500,000 to track and correct. @metro editor JONATHAN GODDARD tries to find out why hackers do it.

FORMER hacker LC uses his skills to help police, private companies,and the FBI tackle the problem of hacking. Now 21, the security consultant was in trouble for credit card fraud and hacking into his school's computer systems between the ages of 13 and 15. 'Anyone can connect up to a server, discuss whatever they want and no one can regulate it,' says LC.

CYBER GUIDE TO JARGON
  • Trojan horse: A program disguised as legitimate software to setup a 'back door' in a computer
  • Virus Self-replicating program that spreads by inserting copies of itself into other files
  • Worm: Another type of self-replicating program; it does not attach itself to other codes
  • Vulnerability scanner: A tool used to check computers on a network for known weaknesses
  • Firewall: A system that defends computers from intruders by limiting access
  • Exploit: Pre-prepared software that can take advantage of a known weakness
  • Root kit: A device for hiding the fact that a computer's security has been breached
  • Whitehat: A hacker who breaks security for non-malicious reasons
  • Script kiddie: A by-the-numbers hacker who simply follows without fully understanding the steps they are performing

'I started getting into piracy and was then introduced to hacking' groups. 'I wasn't in trouble work-wise at school, but was a geek. The only way I could really excel was to be this hacker. Police were more interested in how a 15-year-old did these things than messing up my future.'

Hacking has been a serious problem to computer systems and sensitive information for many years.
With the advent of the Internet, more data being stored and an ever-growing number of computer users with little knowledge of how to protect  files, hackers are prospering. 'There are good hackers - those hacking just to see what they can uncover as a challenge,' adds LC.

'And there are bad types - the script kiddies and malicious hackers, who make money from it.'

Most malicious hackers break into shopping sites and steal credit card numbers. 'Gary McKinnon most likely didn't know what he was doing,' adds LC. A hacker breaks into a system, gains knowledge and keeps control of that system or disappears.

'Nowadays you have tools you can download that, within 20 seconds, allow anyone to start scanning at the press of a button. It's a power buzz'

IT security consultancy Information Risk Management recently probed the online defences of 18 online banks including Barclays, HSBC, and Lloyds TSB, and found 72 per cent of them were vulnerable.

The need for banks to protect against cyber-crime was highlighted in March when police foiled an attempt to steal £220million from a London-based Japanese bank, Sumitomo Mitsui.

Hackers are breaking into about 30,000 PCs a day to send viruses around the globe or reveal bank account details - phishing.

LC says the problem is a slow reaction to security threats.

'We need a system worldwide which every government agrees on,' he adds.

'It's like earthquakes - you're never going to stop them, but you can minimise the damage.'

[Metro, June 13,2005]

Conmen 'phish' in your e-mail inbox

BY SARAH GETTY

ALMOST half of all Internet users have received spam emails aimed at tricking them out of money, a new poll by AOL found.

'Phishing' e-mails - designed to look like they come from a bank -ask users for their personal information and password details. Fraudsters can use the information to steal cash from users' accounts. The techniques being used are becoming increasingly sophisticated, with e-mails often directing users to false websites via hyperlinks. Yet there is little chance of getting money back if you are caught out by a phishing e-mail.

More than half those who lost cash were not compensated by their bank or credit card provider. The amounts stolen are often small - about £50 - because the conmen aim to carry on undetected. They know that few people check credit card and bank statements thoroughly.

Other online scams include paying for items ordered over the Internet which never arrive and sending cash following a demand from a bogus e-mail.

Will Smith, from AOL, said: 'It is often difficult to spot a scam so it's crucial people protect themselves.' AOL's advice includes:

·         Use spam filters, anti-virus software and firewall software

·         Be suspicious, especially of unsolicited e-mails

·         Do not click on links if you are suspicious - type in the company's web address instead

·         Check your bank balance and statements regularly.

[Metro May 3, 2005]

Teenager cracks e-mail code

Sarah Flannery

Sarah Flannery, 16, who baffled the judges with her grasp of cryptography They described her work as "brilliant"

BY AUDREY MAGEE, IRELAND CORRESPONDENT

An Irish schoolgirl was yesterday hailed as a mathematical genius after devising a code for sending secret messages by computer.
Sarah Flannery used the science of cryptography to design a code that is ten times faster than the one currently used to convert confidential information so that it can he sent via the Internet and e-mail. She has been inundated with offers of jobs and scholarships from international companies and universities.
Miss Flannery, 16, from Blarney, Co Cork, used matrices to formulate an alternative to RSA, the current data protection code, devised by three students at the Massachusetts Institute of Technology in 1977. The result is an algorithm, a mathematical blueprint, that is far faster than the RSA and equally secure.
Miss Flannery, whose father, David, lectures in mathematics at Cork Institute of Technology, devised her code to enter the Irish Young Scientists and Technology competition. She won at the weekend and left the judges unable fully to comprehend her project. They described her work as "brilliant" and one judge advised her to patent it.
Miss Flannery said she was thrilled. "I had to go through lots of stuff before I finalised the theory," she said. "I reached critical points where I would get stuck for three weeks or so.I just kept thinking about it and then the whole thing slipped into place." The oldest of five children, she earned eight As in her junior certificate, the Irish equivalent of GCSEs, with extra tuition from her father.
Miss Flannery is now deciding what to do with her new code, the Cayley-Purser, named after Arthur Cayley, an eminent 19th century Cambridge mathematician, and Michael Purser, a cryptographer who inspired her. She is considering publishing her findings rather than patenting as she does not want people to pay for her discovery.
She will represent Ireland at the EU Science Contest in Greece in September.

Hackers unravel key to Internet

Hackers have attacked US army and NASA computers after stealing codes which control the Internet. The gang is thought to have exposed security flaws in the networks but it  is not known how much data was stolen or destroyed. The attackers are believed to have been based in Europe and have targeted thousands of computers some serving research labs. The revelation follows the latest arrest over last May's theft of program instructions for machines which control the Internet. The suspect,detained in Sweden on Monday,is believed to be a 16-year old already charged with hacking into a university. The stolen CISCO SYSTEMS code was posted on the Net.

[Metro May 11,2005]

BY SARAH HILLS

HACKERS have unleashed an 'industrial-strength' attack in a bid to steal sensitive information from almost 300 Government departments, it emerged yesterday.

Businesses have also been targeted during months of concerted attacks, which are launched from bogus e-mails and contain a 'Trojan' attachment.

At first glance they appear harmless but, once opened, an invader can gain fill' control of the user's machine.

A 'recent rise in sophistication' in attacks on financial, telecommunications, energy, transport and health organisations has been noted by the National Infrastructure Security Co-ordination Centre.

The Government body aims to protect essential services and systems from electronic attack.

It issued a warning yesterday urging businesses to beef up security. 'There are businesses on the periphery of the critical national infrastructure that can be targeted by these attacks,' it confirmed. These could include banks,insurers and other financial units. 'This is not a few hackers sitting in their bedrooms trying to steal bank account details from individuals. This is aimed at organisations, targeted at gaining information and is extremely well organised and structured,' said NISCC director Roger Cumming.

Security consultant Carole Theriault, who helped the NISCC analyse the Trojans, said there were 17 types.

'They were basically information-stealing files hidden in the machines. It must have been serious enough for the NISCC to put a warning out,' she added.

Many of the messages were sent from addresses in Asia and efforts are now being made to shut them down.

The messages are spoofed to appear as though they come from a credible source and hackers use distribution lists to target large numbers of people. Nothing significant has been stolen so far, said the NISCC.

eBay Sellers warned over PayPal swindle

BY OLIVER STALLWOOD


TRICKSTERS are duping eBay users into giving goods away for free in a new scam on the Internet auction site. A seller is emailed asking if the item can be sent to Africa - even if the victim has agreed to post only to the UK or Europe. The buyer offers £40 postage using Paypal, an eBay firm allowing online payments.
Then an email allegedly from PayPal says the money has been received and seeks a Royal Mail tracking number If that is not sent, an email purportedly from eBay threatens action against the seller's eBay account.
The aim is to pressure victims into mailing the goods, even though they have never been paid.
IT boss John McGregor was almost duped by the scam when he tried to sell his mobile phone on eBay. But the Internet security specialist was able to spot that the emails were not legitimate.

A LEFTOVER Christmas sprout has fetched £1,550 on eBay. Leigh Knight, 18, put the sprout up for auction as a joke after saving it from the rubbish while washing up. Bids started slowly at £1 and someone even offered a carrot in exchange. After receiving the money from a buyer called Rachel, Leigh has given it to charity.


He said: 'The real concern is that there are thousands of people who may get caught and taken for a ride.'

The con is believed to originate from Nigeria. PayPal and eBay yesterday said its safeguards were 'a world class example of the tools that can be put in place to prevent these attacks'.

Members suspecting a hoax email should send it to spoof@ebay.co.uk or spoof@paypal.co.uk.

Within a few minutes, they will get a response confirming whether or not it is genuine.
[Metro Jan9,2006]

SUPERBUG THREAT TO COMPUTER NETWORKS

BY JO STEELE
MAJOR companies are at risk from a crippling new computer bug which targets their anti-virus software, it was revealed last night. Already, a division of the world's biggest media corporation, Time Warner, has heen hit. Experts believe a disgruntled hacker with a grudge against software firm Symantec is behind the new trojan virus, a version of the 'Rinbot' bug.
The US company designs anti-virus packages for major corporations. The 'worm' works by exploiting security loopholes in anti-virus software. It then spreads through the network by manipulating 'weak' spots such as simple passwords.
Once the virus is embedded, it takes over many other computers forming a 'zombie' network. Graham Cluley, a senior technology consultant with IT security firm Sophos, said: 'Traditionally hackers always went after Microsoft's anti-virus programs. But now they're targeting other programs such as Symantec's.'
He added: 'Without you knowing it, hackers will use your computer for a variety of purposes like sending out spam, or distributing denial of service attacks, or even blackmailing other websites.' Mr Cluley said the strain appeared to be hitting networks that run Microsoft Windows operating system. He added: 'We do know that it has hit CNN Time Warner in the US. That's the most high-profile place but we are aware of it hitting elsewhere.' Syrnantec said its Norton products were not affected and it had released new protection against the virus yesterday morning.
[Metro  Mar 2,2007]

ONLINE SECURITY


From the above stories it may be gleaned that some of the issues concerning online data security might be

  • Phishing - The attempt to get bank details using fraudulent Email requests.
  • Hacking – Breaking into computer systems by breaching security measures.
  • Firewalls – Limiting access to minimise security breaches.
  • Trojans/worms/viruses – Programs that attempt to damage computer files.
  • SPAM - Unsolicitied mail sent to your inbox.
  • Encryption – Techniques to render data secure. Anti-virus software can be installed.
  • Secure sites – Some sites need to be more secure than others.Some denote this with a small “padlock” symbol in the corner of a webpage.
  • Passwords – Using codewords to defeat unauthorised entry.



Note that there are also ways that your movements on the web can be tracked by data being stored automatically on your computer. “Cookies” are small data files which store data on your access to websites.”Adware” can also exist on your system which can enable pop-ups to crop up when accessing websites.

Internet Explorer's security systemInternet Explorer and Security
With specific respect to Internet Explorer,the security controls can be found under the TOOLS menu and INTERNET OPTIONS.The Tabs CONTENT,PRIVACY and SECURITY control aspects of IE to do with  the issues on this page.From this point it is possible to set levels of security.

OFFLINE SECURITY


Data on your computer system can be subject to virus attack even when your computer is not connected to the internet. This can happen either by a virus lying dormant on your system after being downloaded from the internet or because it gained access to your system via a file added to your system from a removable media,such as a floppy disk,CD or removable disk.


It is also good practice to make backups of any files that you have in case any files become corrupt.Copies of files that contain viruses would help spread the virus should those copies be used on another computer,it is therefore a good idea to make sure that an security backup copies have not got any viruses in them.

Points to remember about Security:

  • Do not open Emails if you do not know who they are from -especially if they have attachments.
  • Secure sites have a padlock in the corner of the webpage,but use common sense,don't give details away that can be used against you.
  • Ciphering systems are in use on some webpages and email systems.
  • Viruses need anti-virus software to keep your PC safe.

Child safety ad that led to porn site

BY MIKE TAIT
A HOME Office advert for a child protection website inadvertently directed people to porn, industry watchdogs revealed yesterday. The Government-sponsored radio commercial was publicising the thinkuknow.co.uk site, which advises children how to stay safe online. But a listener who wrongly typed the address as thinkyouknow.co.uk found links which led her to sites containing adult material and sexual services. The advert said: 'Giving out personal info could let a paedophile track you down. Be smart online, be safe online. visit thinkuknow.co.uk'. After investigating the complaint, the Advertising Standards Authority said the advert failed to make clear how the Web address was spelt. The ASA found the commercial in breach of its advertising code. It said the advert should not be broadcast again in that form and urged the Home Office to make the spelling of the Web address clear in future. 'This was particularly concerning as the ad was aimed at teenagers to help them stay safe online,' the ASA said. 'Although we recognised that there was no intention, we considered a significant effect of the ad was to indirectly publicise services unacceptable for broadcast.' The Child Exploitation and Online Protection Centre has since taken over the Home Office campaign. It defended the advert, saying inappropriate material was at least four clicks away from the misspelt website. However, it said it would comply with the ASA ruling.

Beware of the screen grab

Internet theft is fast overtaking paper-based identity fraud as more information goes online.

ID fraud: Modern hackers probably won't empty your account but they will use your details to apply for an account in your name

By JAYNE ATHERTON

FIVE TIPS ON HOW TO SPOT SPOOF EMAILS
  • Watch out for generic greetings. Many spoof e-mails begin with a general greeting - if you don't see your first and last name,be suspicious.Do not click on any links or buttons.
  • Look out for forged e-mail addresses in the 'from' field.This field is easily altered.
  • The term 'https' should precede any address where you enter personal information - the 's' stands for secure - otherwise don't enter data.
  • Spoof e-mails often contain misspellings,missing words and gaps,which help fraudsters avoid spam filters.
  • E-mail pop-ups are not secure.And never click on a suspicious attachment lest you download spyware or a virus.
    [Source:Paypal]

The Internet has become a potent weapon for identity thieves looking to get their hands on thousands of pounds at a time. Few fraudsters bother to rifle through bins for receipts, names and addresses any more. They can use a computer to get the information they need in minutes.
The online electoral roll, plus births, marriages and deaths records, reveal information such as mothers' maiden names, dates of birth and addresses. In many cases, it's all thieves need to apply for loans, credit cards, catalogue and store accounts in your name. The first a consumer will know about it is when multiple applications and missed repayments affect their credit rating.

Your ID is worth £85,0000
Online identity experts Garlick says an average identity is worth more than £85,000 to hackers, who can even apply for passports and driving licences using stolen personal information. Garlick CEO Tom Ilube says: 'ID thieves don't usually draw money directly from people's accounts. They are interested in using someone's credit rating to apply for credit or to manufacture documents that can be sold. 'If you bank or buy goods online, then you are handing over plenty of personal information for fraudsters to harvest. Virus checkers, firewalls and shredders won't protect against it.' The computer industry has responded, launching sophisticated security products for home computer users in recent weeks. But many come at a price.
Some are online services that track how your information is used online. Others alert users to suspicious websites that send 'phishing' e-mails and detect spyware, dodgy spam, hackers and viruses. Garlick's DataPatrol, for example, launched last week, claims to track personal information on 4billion web pages, key public records and credit files. Subscribers get a monthly report on how their details have been used, so that fraudulent activity can be picked up fast. It also gives an assessment of how vulnerable the subscriber is to ID theft. Subscription costs £29.99 a year.
US-firm Trend Micro updated its Internet security suite PC-cillin last month. It is designed to filter out trojan horses, which get details through keystrokes and spyware; and warns of unauthorised wireless access to a user's network. The system also protects laptops in hotels, coffee shops and airports. A household licence costs £49.95 a year and covers - three PCs. Earlier this year, the Financial Services Authority discovered that, while many consumers who banked online installed security software on their PCs, more than a quarter did not know when they last updated it or updated it infrequently. Five per cent of online bankers hadn't installed security at all. You don't have to pay a lot to get filter-installed. Nearly all broadband providers will provide an online filter for a small charge and often the service is free.
Although banks will generally cover losses from online fraud, the small print often reveals that you must keep your firewalls and anti-virus software up to date to get this financial protection.

Phish and chips
Chris Williams, broadband expert at switching website uSwitchcom, says: 'Hoax e-mails are a huge concern because they are growing at a staggering rate. It's more important than ever for consumers to protect their computers against the dangers of junk e-mails. 'Most broadband providers offer filters for free - something to think about when choosing a supplier.' [Metro Nov6,2006]

See also

The Mathematical Tourist   Ciphering  Melissa  Hackers  Safe Secret
Station X  Ntlworld Data Security The Prying Game ID Theft
10 ways to protect your facebook privacy