The Internet has become a part of us.
We surf the web, e-mail our friends, play games, watch movies and listen to music. Most of us carry a bit of it with us everywhere, using our phones to find a good place to eat or to network with friends. It is hard to imagine living without it.
Although it enriches our lives, the Internet contains a growing number of risks.
In this session, we’re going to explore the darker side of the Internet.
Social Engineering, the act of tricking people into divulging confidential information such as passwords or credit card numbers, is prevalent on the Internet.
The most common form of Social Engineering seen today is called Phishing.
Ever receive an e-mail from your bank warning you that your account was overdrawn and that you needed to click on a link to remedy the situation? Or how about a notice from your system administrator that there was a problem with your ONID account that could be resolved if you would please supply your username and password in a response to the e-mail?
Internet con artists are using these various methods to trick you into providing the information needed to steal from you. Phishing isn’t limited to e-mail; there are fake websites out there as well, often designed to take advantage of a misspelling of a common address.
And as technology advances, so does Phishing. We’re now seeing “spear phishing,” a highly targeted attack aimed at the employees of an organization—or the students of a school—and “whaling” which is a targeted phishing attempt aimed at executives of an organization.
Social Engineering doesn’t necessarily require you to be connected to the Internet or to even be using a computer. It is easy enough for someone to call you on the phone pretending to be someone else (such as a computer support person at the university or an employee of your bank) and ask you to provide information. By doing a little research on an organization via their website, an Internet con artist can be quite convincing in pretending to be someone else.
Malicious Software, or “malware,” comes in several forms.
Viruses are programs, typically small in size, which can copy themselves to infect another computer and are spread by sharing infected media, or files over the network, typically via e-mail, or malicious or hacked web sites.
Worms are a form of malware similar to viruses that spread automatically over a network. Worms take advantage of flaws in programs and can infect a large number of computers in a very short time.
A Trojan Horse or Trojan, like its namesake from The Aeneid, is a program that masquerades as something it isn’t. Trojans frequently carry other malware hidden inside their code: their main purpose is to evade detection by anti-virus programs.
Spyware and Adware are programs that track your activities on the web. They are frequently used to target spam e-mails to a more receptive audience based on their web browsing habits.
A Rootkit is particularly nasty. This malware imbeds itself deep within a computer’s software or hardware making detection extremely difficult. Computers with a rootkit installed are frequently used by attackers to compromise other systems.
Fake Anti-virus Software is one of the newest versions of malware being seen on the Internet. This software falsely reports a malware infection and then tries to con the victim into purchasing a “fix” to remove the infection.
Over the past decade there have been major changes in the quality of malicious software. Early on, viruses were simple scripts—easy to detect and, while often extremely damaging, were very manageable. The most common attacker creating a virus was a “script-kiddie,” a person without formalized training who was modifying other programs to create new viruses. As a result, viruses were often so poorly written that they were unable to run properly.
But, things have changed.
Organized crime has become involved in the generation of malware. Frequently used to steal information needed to commit identity theft, malware has become big business. “Screen scrapers” pass along what is shown on your computer screen to the identity thief. “Key loggers” keep track of everything you type, including passwords and account information.
Gone is the amateur “script-kiddie” creating viruses for thrills, replaced by skilled coders writing applications that create customized malware for the purchaser. One such application, called Zeus, offers different levels of service for a price—automatically generating malware to evade detection or disable those detection programs entirely. How successful they are depends on the price willing to be paid by the attacker.
Often referred to as hackers, a term which also applies to people doing good work on computers, crackers are people who break into computer systems using specialized knowledge and tools.
While often doing this for no other reason than to create mischief, some crackers do break into systems to steal data or to commit other crimes. Crackers take advantage of any insecurity in a system to gain a foothold, including social engineering.
Crackers vary greatly in skill level; neophyte crackers are easily thwarted while the most skilled will, if determined, break into even the most protected systems that are connected to the Internet.
The schoolyard bully has found new stomping grounds on the Internet. But the Cyber Bully, a person who posts mean-spirited messages or images about another person with the intent to hurt or embarrass them, has one big advantage—they can remain anonymous.
While you may think that a little name-calling is a normal part of life Cyber Bullies take this to the extreme. Attacks often become viral in nature with the victim having little or no means of recourse. E-mail, text messaging, social media, blogging and websites are the tools of the Cyber Bully and the results have a potential audience in the millions.
Cyber Threats on the other hand are typically more direct. Someone making a cyber threat can either threaten to do harm to themselves, such as threatening to commit suicide, or to others, such as threatening to kill or harm another person. Cyber threats should be taken seriously and reported to the appropriate authorities.
Cyber Predators are the stalkers of the Internet. They seek out others, typically teens and young adults of both sexes, in an attempt to use, control or harm. Social networking sites and forums help cyber predators locate their prey.
So that’s a brief look at the dark side of the Internet. Next, in Be Aware: The Rules, we’ll take a look at the policies and regulations that were created in response to these threats. In Be Aware: Respond, we’ll show you some things to do to protect yourself and your data from these threats.