A web of fraud: viruses and worms were just the start. Make way for phishing, spoofing, and spyware.Many in the IT community have wondered why the internet's bad actors have poured their efforts into penetrating computers and networks but generally refrained from inflicting the worst kinds of damage on those systems. Data erasures are not very common, despite media alarm to the contrary. Entirely disabling a computer is also fairly rare. Instead, the intruders have concentrated on finding ways to repeat their surreptitious SURREPTITIOUS. That which is done in a fraudulent stealthy manner. entry on related computers, run processes undetected by users, and work in coordination with other compromised systems. To be sure, the thrill of the hack is still the motivation for some of the authors of network-borne mischief. But, in recent years, as the internet has become a massive economic world in it self, another readily understood incentive seems obvious: the lure of money. The waves of viruses, worms, and Trojan-horse insertions that peaked in the fall of 2003 look increasingly like a round of research-and-development for the spyware, phishing exploits, and spare onslaught that has developed since then. That year's infestations have turned out to be the means for transmitting, planting, and managing code used to prey on To take prey from; to despoil; to pillage; to rob To seize as prey; to take for food by violence; to seize and devour. - Shak. To wear away gradually; to cause to waste or pine away; as, the trouble preyed upon his mind s>. - Shak. See also: Prey Prey Prey the unwary. Viruses established the ability to override computers' normal functions. Worms explored methods for collecting information normally secure behind a computer's access controls. Trojanhorse code makes possible to activate later some unsuspected action. But these are just the carriers of deeper trouble. Spyware is a kind of covert software agent installed without a computer's owner suspecting. It sends observations about the computer and its user back to some outside handler. Crime is not necessarily the objective, but the unauthorized diversion of usage data opens doors for the unscrupulous. Any day's worth of navigating the internet is likely to leave at least one of these unseen informers in a computer. Anti-spyware has joined anti-virus software anti-virus software n → Antivirensoftware f as a necessary defense on every workstation. Users have many choices among free and paid anti-spyware programs. Lavasoft's Ad-aware SE is available in both free and paid versions. Computer Associates' Pest Control pest control n → control m de plagas pest control n → lutte f contre les nuisibles pest control pest n software requires both purchase fee and a paid renewal. SaferNetworking's Spybot S&D is free and compares very favorably with its paid competition. CANNING SPAM Spam, the term applied to unwelcome e-mail (taking its name from the ubiquitous canned meat product of World War II), has become a form of sales cold-calling on a scale nobody imagined possible just a few years ago. If one person in 100,000 agrees to buy, then the logic for sending millions of inquiries is quite clear. Spam is surely more a nuisance than an overtly criminal act, but its effects on the world of the internet are worrisome. Sending a high volume of automatically generated mail to users or internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. denies use of the network to the recipients, satisfying some vindictive need, at least temporarily. But spam, which by numerous estimates has come to account for between 60 and 80 percent of world e-mail traffic, overwhelms a mail readers' ability to focus on trustworthy correspondence. One incautious in·cau·tious adj. Not cautious; rash. in·cau  tious·ly adv.in·cau click (on an attachment or an imbedded link) can release a nasty surprise. Combating spam takes place on two fronts: network management and workstation defense. Enterprise-level tools include Cisco's Clean Access product and BigFix's Enterprise Suite comprise a range of security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security : patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique (diagnosis and remediation), workstation configuration, detection and isolation of compromised systems, and enforcement of network-wide security policy. Arizona State University Arizona State University, at Tempe; coeducational; opened 1886 as a normal school, became 1925 Tempe State Teachers College, renamed 1945 Arizona State College at Tempe. Its present name was adopted in 1958. , an early adopter of Clean Access, credits the product with achieving network security compliance in the hard-to-regulate sector of dorm computing without tying down a large number of IT staff. On a smaller scale, Linksys--maker of the popular line of consumer-level wireless access point devices uses network address translation to conceal computing activity on the user's side of its router product. Their routers also include built-in firewalls that examine incoming data packets for suspicious characteristics. Microsoft's XP operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. itself includes a firewall, evidence of the merger of security into basic desktop computer operations. PHISHING AND SPOOFING AND HOAXES--OH MY These countermeasures do not assure that internet-carried threats all can be stopped automatically. Computer users are warned to be vigilant and to follow good network usage practices. After an incident of internet fraud A crime in which the perpetrator develops a scheme using one or more elements of the Internet to deprive a person of property or any interest, estate, or right by a false representation of a matter of fact, whether by providing misleading information or by concealment of , the University of Colorado University of Colorado may refer to:
Phishing (which is sometimes said to stand for "password harvesting fishing," but is more likely a cyber-jargon spelling, as in "warez (soft "wares") Pirated software distributed over the Internet. A warez site may also provide hackers with viruses and Trojans as well as tips, techniques and scripts for gaining illegal entry into networks and systems. It may also offer ways to cheat at online games. " and " phreaking (jargon) phreaking - /freek'ing/ "phone phreak" 1. The art and science of cracking the telephone network so as, for example, to make free long-distance calls. 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications ") is a set of techniques for deceiving network users into revealing confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , such as passwords, PINs, or bank account numbers. Common ploys include e-mail that appears to come from a reputable company, claims that something is amiss with a user's account, asks them to follow a link, and asks for confidential information--which the misrepresented company would not ask a customer to divulge. Banks will determine an account number after authenticating a customer. ISPs and other legitimate computer account sources never ask a user to reveal a password, and will generate a new one if the user forgets it. The path from phished information to fraud is, naturally, very short. Seton Hall University Seton Hall University is a private Roman Catholic university located 14 miles from Manhattan in historic South Orange, New Jersey. Founded in 1856 by Archbishop James Roosevelt Bayley, Seton Hall is the oldest diocesan university in the United States. advises its network users that a community member was recently victimized by an e-mail that included what appeared to be a link to a bank. The link led to an address that appeared legitimate, complete with the bank's logo, but asked account information under threat that the account would be dosed otherwise. Spoofing is the assumption of a false identity, usually one trusted by the targeted user in order to seek unauthorized information or to give false instructions. One recent spoof incident involved e-mail that appeared to come from a system administrator and requested users to change their password--which was then transmitted to the spoofer. One of the major weaknesses in internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. is that--for technical and usage reasons--it is effectively impossible to tag every message with an authentic identification of origin. Most network users have had the experience of receiving e-mail with a colleague's address as the sender, but which was in reality a forgery sent to the address directory in the e-mail program Software in the user's computer that can access the mail servers in a local or remote network. Also known as an "e-mail client," "mail client," "mail program," and "mail reader," it provides the ability to send and receive e-mail messages and file attachments. of a compromised computer A computer that has a virus, Trojan or other malevolent program. See botnet. . Hoaxes, too, play a role in breaking down network security--even where they claim to alert users to viruses and other threats. These messages typically make a semi-plausible assertion about a "new" risk. They often claim that some authoritative source has announced the problem (betting that the reader will not follow up to verify that claim), and generally urge the recipient to send the message to their lists of contacts. The hoax is essentially a variant on the chain letter, one of the original abuses of e-mail The harm in hoaxes and chain letters is nominally that they take up storage space and waste users' time, but the more serious damage is that they erode the vigilance and good practices of those who receive them. Too frequent false scares undermine good practices: the best way to avoid viruses is to keep up an anti-virus subscription, and not to panic every time well-meaning co-workers send messages warning about a particular threat. MISPLACED mis·place tr.v. mis·placed, mis·plac·ing, mis·plac·es 1. a. To put into a wrong place: misplace punctuation in a sentence. b. TRUST The cascade of intrusions in trusted streams of communication, erosions of information privacy, theft of identity, and traps for the unwary sets the stage for fraud. Offers of opportunities too good to be real take a few more victims every day--including some otherwise well-educated people. Most of us are familiar with the so-called "Nigerian bank scam." Strangers offering to share a fortune, but needing access to a helping bank account seem too ridiculous to credit, but members of the higher education community are not immune to that swindle swindle v. to cheat through trick, device, false statements or other fraudulent methods with the intent to acquire money or property from another to which the swindler is not entitled. Swindling is a crime as one form of theft. (See: fraud, theft) . Playing on the emotions of unsuspecting web surfers is certainly not off limits to scammers. A number of fraudulent websites claiming to collect money for tsunami victims' relief have been revealed in recent months. A single lapse of good judgment or misplaced trust is all that is needed for a successful crime. College and university communities depend on an unusual level of trust. But the illusion of safety that comes with electronic communications, which pass through the physical fences and doors that have generally dosed the ivory tower to ordinary threats, is a growing danger. Technologies and products are important defenses, but IHEs must recognize that they need to raise awareness in their communities so that the choices--and casual negligences--of their members do not lead to crime. Resources: BigFix www.bigfix.com Cisco Systems www.cisco.com Computer Associates www.ca.com Lavasoft www.lavasoft.com Linksys www.linksys.com Microsoft www.microsoft.com SaferNetworking www.safernetworking.com Tom Warger is a consulting principal for Edutech International www. edutech-int.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion