Professional Ethics - CS & IT Lec4 [23-24].pdf
Document Details
Uploaded by GrandPinkTourmaline
Hard Amount University
Full Transcript
Computer Security Viruses: · A virus is a piece of self-replicating code embedded within another program called the host. · Viruses can be spread from machine to machine via thumb drives or CDs. · They may also be passed when a person downloads a file from the Internet. · Sometimes viruse...
Computer Security Viruses: · A virus is a piece of self-replicating code embedded within another program called the host. · Viruses can be spread from machine to machine via thumb drives or CDs. · They may also be passed when a person downloads a file from the Internet. · Sometimes viruses are attached to free computer games that people download and install on their computers. · The Creeper program, often regarded as the first virus, was created in 1971 by Bob Thomas of BBN. · Creeper was actually designed as a security test to see if a self-replicating program was possible. · With each new hard drive infected, Creeper would try to remove itself from the previous host. · Creeper had no malicious intent and only displayed a simple message: "I'M THE CREEPER. CATCH ME IF YOU CAN!" Worms: · Propagate w/o human intervention. · Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. · A worm is a self-contained program that spreads through a computer network by exploiting security holes in the computers connected to the network. · Morris Worm: Also known as the Internet worm, this was one of the first computer worms to spread via the Trojan horses: · A Trojan horse is not a virus. · It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. · A Trojan horse is a program with a benign capability that conceals a sinister purpose. · When the user executes a Trojan horse, the program performs the expected beneficial task. However, the program is also performing actions unknown to, and not in the best interests of, the user. · ZeuS or Zbot Trojan horse on Microsoft Windows, active Logic bombs: Is malicious code that waits for the right time or the right opportunity to strike (execute conditionally). Bacteria or rabbits: Are programs that do not explicitly damage any files. Their sole purpose is to replicate themselves. Rootkits: · A set of programs that provide privileged access to a computer. · Once installed, a rootkit is activated every time the computer is booted. · Rootkits are difficult to detect because they start Spyware: · Is a program that communicates over an Internet connection without the user’s knowledge or consent. · Spyware programs can monitor Web surfing, log keystrokes, take snapshots of the computer screen, and send reports back to a host computer. · Spyware is often part of a rootkit. Adware: Is a type of spyware that displays pop-up advertisements related to what the user is doing. Bot · Is a particular kind of backdoor Trojan that responds to commands sent by a command-and-control program located on an external computer. · The first bots supported legitimate applications: Internet Relay Chat channels and multiplayer Internet games. · Today, however, bots are frequently used to support illegal activities. · A collection of bot-infected computers is called a botnet, and a person who controls a botnet is called a bot herder. · Botnets can range in size from a few thousand computers to over a million computers. Denial of service (DoS) attack: · It is an attack meant to shut down a machine or network, making it inaccessible to its intended users. · DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. · In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected. Privacy invasion of email, files, and own computer (cookies). Computer cookies are small files used by web servers to save b rowsing inform ation, allow ing we bsite s to remember your device, browser preferences, and associated online activity. Logical security: · Consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. · These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. · It is a subset of computer security. Cybercrime The term "cybercrime" was introduced after the latest evolution in the computer industry and networks. Cybercrimes are considered a major risk because they can have devastating effects like financial losses, breaches of sensitive data, failure of systems, and also, it can affect an organization's reputation. Cybercrime can be defined as “The illegal usage of any com m unication d ev ice to com m it or facil itate in committing any illegal act”. A cybercrime is explained as a type of crime that targets or uses a computer or a group of computers under one network for the purpose of harm. Cybercrimes are committed using computers and computer networks. They can be targeting individuals, business groups, or even governments. Investigators tend to use various ways to investigate devices suspected to be used or to be a target of a The Cybercriminals A cyb e rcrim inal is a pe rson w h o use s h is skills in technology to do malicious acts and illegal activities known as cybercrimes. They can be individuals or teams. Cybercriminals are widely available in what is called the “Dark Web” where they mostly provide their illegal services or products. Not every hacker is a cybercriminal because hacking itself is not considered a crime as it can be used to reveal vulnerabilities to report and batch them which is called a “white hat hacker”. However, hacking is considered a cybercrime when it has a malicious purpose of conducting any harmful activities and we call this one “black hat hacker” or a cyber-criminal. It is not necessary for cybercriminals to have any hacking skills as not all cyber crimes include hacking. Cybercriminals can be individuals who are trading in illegal online content or scammers or even drug dealers. Some examples of cybercriminals: - Black hat hackers - Cyberstalkers - Cyber terrorists - Scammers How do Cybercrimes happen? Cybercriminals take advantage of security holes and vulnerabilities found in systems and exploit them in o r d e r t o t a ke a f o o t h o l d i n s i d e t h e t a r g e t e d environment. Th e security h oles can be a form of using weak authentication methods and passwords, it can also happen for the lack of strict security models and policies. Why are Cybercrimes Increasing? Vulnerable devices: The lack of efficient security measures and solutions introduces a wide range of vulnerable devices which is an easy target for cybercriminals. Personal motivation: Cybercriminals sometimes commit cybercrimes as a kind of revenge against someone they hate or have any problem with. Financial motivation: The most common motivation of cybercriminals and hacker Classifications of Cybercrimes 1. Individual Cyber Crimes: This type is targeting individuals. It includes phishing, spoofing, spam, cyberstalking, and more. 2. Organization Cyber Crimes: The main target here is organizations. Usually, this type of crime is done by teams of criminals including malware attacks and denial of service attacks. 3. Property Cybercrimes: Th is type targets proper ty like credit cards or even intellectual property rights. 4. Society Cybercrimes: This is the most dangerous form of cybercrime as it includes Most Common Cyber Crimes 1. Phishing and Scam: A type of social engineering attack that targets the user and tricks them by sending fake messages and emails to get sensitive information about the user or trying to download malicious software and exploit it on the target system. 2. Identity Theft Occurs when a cybercriminal uses another person’s personal data like credit card numbers or personal pictures without their permission to commit a fraud or a crime. 3. Ransomware Attack Are a very common type of cybercrime. It is a type of malware that has the capability to prevent users from acce ssing all of the ir pe rsonal data on the syste m by encrypting them and then asking for a ransom in order to give access to the encrypted data. 4. Hacking/Misusing Computer Networks This term refers to the crime of unauthorized access to private computers or networks and misuse of it either by shutting it down or tampering with the data stored or other illegal approaches. 5. Internet Fraud Internet fraud is a type of cybercrimes that makes use of the internet and it can be considered a general term that groups Other Types of Cybercrime 1. Cyber Bullying It is also known as online or internet bullying. It includes sending or sharing harmful and humiliating content about someone else which causes embarrassment and can be a reason for the occurrence of psychological problems. It became very common lately, especially among teenagers. 2. Cyber Stalking Cyberstalking can be defined as unwanted persistent content from someone targeting other individuals online with the aim of controlling and intimidating like unwanted continued 3. Software Piracy Software piracy is the illegal use or copy of paid software with violation of copyrights or license restrictions. 4. Social Media Frauds The use of social media fake accounts to perform any kind of harmful activities like impersonating other users or sending intimidating or threatening messages. And one of the easiest and most common social media frauds is Email spam. 5. Online Drug Trafficking With the big rise of cryptocurrency technology, it became easy to transfer money in a secured private way and complete drug deals without drawing the attention of law 6. Electronic Money Laundering Also known as transaction laundering. It is based on unknown companies or online business that makes approvable payment methods and credit card transactions but with incomplete or inconsistent payment information for buying unknown products. 8. Cyber Extortion Cyber extor tion is the demand for money by cybercriminals to give back some important data they've stolen or stop doing malicious activities such as denial of service attacks. 9. Intellectual-property Infringements It is the violation or breach of any protected intellectual- property rights such as copyrights and industrial design. 10. Online Recruitment Fraud One of the less common cybercrimes that are also growing to become more popular is the fake job opportunities released by fake companies for the purpose of obtaining a financial benefit from applicants or even making use of their personal data.