Looking for something?

Google

Thursday, March 08, 2007

Crimes Against Internet Security


In this day and age, technology affords endless convenience to the consumers. On the other hand, these conveniences enjoyed also opened doors for malicious attackers to strike against unsuspecting users using technology itself. How much do you know about these threats? Are you aware of these threats? Are you aware that you can be the next target? Let me attempt to outline these crimes here and provide you with a basic understanding of each.


First off let's talk about the very basic stuff like malware, adware, spyware, worms, viruses. What are they? They are malicious programs that users inadvertently download without realizing that they've been attacked or infected. These parasitic software hijacks web browsers, launch unsolicited ads, and sometimes upload some important data and the inner workings of a computer to a remote server.


How do you protect yourself? Here are a few tips.



  • Stay away from the dark alleys of the internet. How? You can use an internet site advisor that warns you about dangerous sites based on their tests on thousands of web sites. The site advisor is a software that sits on your desktop and as soon as you do a site search through a search engine, it provides a coding scheme to the results as follows: green--considered safe; yellow--enter at your own risk; red--a complete no-no; gray--never been tested. It's like a parent telling a child which parts of the neighborhood are safe to go to.


  • Do not open unsolicited e-mails. Just delete them. Better yet, turn on the spam guard or spam protection feature of your e-mail.


  • Stay away from p2p services or file-sharing networks. This is where worms and malwares abound.


  • Before downloading a free software make sure that it's from a trusted site--that is it's got an authentication certificate. Always take extra precaution on trusting downloads from an unknown site.


  • Invest in a good virus protection software. Prevention is better than cure.

  • Download a good anti-spyware utility and regularly clean up your computer from malwares after each use.


  • Always choose strong passwords and guard them like your priceless possessions.



There are a thousand other ways to protect yourself, and what I have listed above are just the basic stuff that can already spell the difference between your protection and your vulnerability.


Now let's tackle the most common internet crimes, phishing and pharming. Notice the 'ph' thing instead of an 'f'? It's because all these 'ph' crimes started with the earliest form of 'ph' hacking known as 'phreaking'. And what exactly is phreaking?



Phreaking or Phone Freaking

An act of manipulating the telephone system by hackers to enable them to make free phone calls. This term was first coined in the United States in the 1950s

There you go. Add that to your geek terminologies. I call it my 'terminologeeks'.



Phishing

It is a form of electronic scam, by which fraudsters attempt to acquire details of a victim’s private information often through e-mail. A good illustration is and e-mail directing the user to visit a website masquerading as a trustworthy institution, asking the user to update sensitive information such as financial information and passwords, without realizing that the website is bogus and was only set up to steal highly sensitive information that can later be used for identity theft. Phishing evolved from the idea of 'fishing' wherein a 'bait' is thrown to lure an unsuspecting user into 'biting'. The term was first coined in the 1990s by computer hackers. Phishing has several variations and they are as follows:

  • Mophophishing or mobile phone phishing. A form of phishing wherein attackers send out fake banking applications to unsuspecting mobile phone users that prompt them to enter important account details into the application, while tricking them into thinking that they were accessing their accounts when actually the data is being sent back to the hacker. Mophophishing can also be carried out with the use of a rogue server which monitors and caches data between a phone and an online banking website, tapping out important information that is then used to attack the user's identity.


  • Wiphishing or wireless phishing. Hackers set up a rogue access point using a laptop that has been set up as an ad-hoc connection. As soon as all other laptops in a hot spot detects the bogus network they mistakenly connect to the hacker's laptop allowing the attacker to gain access to data contained in the user's shared folders. Other important information can also be potentially jeopardized such as a laptop's authenticated connection to an office network and its access to other network-connected resources.


  • Spear phishing. Phishing attempts that target employees of a particular company.

You can counter phishing by reporting it to Castlecops an internet phishing watchdog. Using their Phried Phish project you can submit phishing address and skilled hunters will go after them and shut them down


Pharming

Similar in nature to phishing, it seeks to obtain personal or private (usually financial related) information through domain spoofing. Spoofing is a variety of ways to fool a network's hardware or software. Instead of spamming using malicious e-mails, users are diverted to spoofed web sites which appear legitimate. This is carried out by 'DNS poisoning ' which is basically poisoning a server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere without the knowledge of the user. The browser itself shows that the web site or web address is correct.


The difference between phishing and pharming is, phishing attempts to maliciously attack people one at a time with a e-mail scams while pharming allows malicious attackers or hackers to target a large group of users at one time.




Let's talk more about spoofing. There are several kinds of spoofing--DNS spoofing; IP spoofing; and e-mail spoofing. Let us concentrate on e-mail spoofing. What is it?



E-mail Spoofing

It is an act of forging an e-mail to make it appear as if it came from somewhere or someone other than the actual attacker or source.

In case you didn't know 'joe job' is a term coined to e-mail spoofing. Joe Job means someone uses your e-mail server to send mass quantities of e-mails. Victims are made aware of the attack only when they receive a rather unusual quantities of failed delivery notices. This term was coined after an e-mail spoof attack on Joes.com in January of 1997.



What measures can you take to protect yourself?


These are the ways you can protect yourself from e-mail spoofing according to spam consultant Ben Westbrook, CEO of Mail-Filters.com.


  • Don't unsubscribe from anything. Unsubscribing lets spammers know that they have a valid email address.
  • Don't open Web-based emails, as it also alerts spammers to a valid address.
  • And of course, keep your email address off websites.

Another concern that poses a threat to security are the so-called Greynets. What is a Greynet?


Greynet


A greynet is an elusive networked computer application that is downloaded and installed on end user systems without express permission from network administrators and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and malware. Greynet categories include instant messaging and peer-to-peer file sharing as well as other applications that are not officially sanctioned or supported by the enterprise or IT staff.



All these crimes of phishing, pharming, spoofing are forms of identity theft. Identity thieves use all available tools like malwares, spywares, adwares, worms, viruses, malicious applications and other forms of trickeries that users are unaware of. Identity theft is a serious crime. Its effects to the victim is usually devastating and usually takes a long period of recovery. Are you aware of these dangers?


Sometimes, we only become aware after we too become victims to these crimes. It shouldn't take another Mark Foley or Julie Amero before we take action. It's your choice.

Find it here