Janash Plata Cyber Crime Crimes Hacking Theft Cyber Stalking Identity Theft Malicious Software Definition Prevention This is a type of crime wherein a person’s computer is broken into so that his personal or sensitive information can be accessed. Use up-to-date anti-virus and anti-spyware software This crime occurs when a person violates copyrights and downloads music, movies, games and software. There are even peer sharing websites which encourage software piracy and many of these websites are now being targeted by the FBI. Reduce the number of preapproved credit card offers you receive This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Password protect all accounts including cell phones, land lines, e-mails, banking and credit cards with a secure password that would be difficult for anyone to guess. Change it every year. Your secret questions should not be easily answered. This has become a major problem with people using the Internet for cash transactions and banking services. In this cyber crime, a criminal accesses data about a person’s bank account, credit cards, Social Security, debit card and other sensitive information to siphon money or to buy things online in the victim’s name. Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact. These are Internet-based software or programs that are used to disrupt a network. Software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. Install anti-virus software and keep it up-to-date. This is your first line of defense against computer viruses and other malicious software. There is free anti-virus software, which I will tell you about in a moment, available for download online. Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared. Janash Plata Trap Doors or Back Doors Denial-of-service attack Eavesdropping A backdoor in a computer system, a cryptosystem or an algorithm, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. A special form of asymmetric encryption attacks, known as kleptographic attack, resists to be useful to the reverse engineer even after it is detected and analyzed Removing a backdoor is a difficult and complex process. The ideal approach is to make sure that a backdoor is never planted in the first place. This is best achieved by hiring a security consultant who works for a well-known and respected organization; an individual with an extensive track record of working with companies in a particular field. The worst approach is to hire a consultant, perhaps via a Craigslist ad or a newspaper classified, without asking for credentials and a verifiable list of clients. Not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. Locked in a file cabinet somewhere may be a document explaining the original purpose of your network design and its interdependencies. For any change to the network to be made, the document should be consulted and updated. Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks. Stops a computer or other device from seeing network traffic that is not intended for that port. When Eavesdrop Prevention is configured on a port of one of these hubs, the hub compares the port's authorized station address with the destination address of any outbound packets. Janash Plata Software Masquerade Social Engineering Computer Harassment A masquerade is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for. Used in computer security, intrusion detection refers to the process of monitoring computer and network activities and analyzing those events to look for signs of intrusion in your system. The point of looking for unauthorized intrusions is to alert IT professionals and system administrators within your organization to potential system or network security threats and weaknesses. Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter. NEVER provide confidential information or, for that matter, even nonconfidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources. If you receive an email with a link to an unknown site AVOID the instinct to click it immediately even if it seems to have been sent from one of your contacts. Take a look at the URL to see if it looks suspicious. Often the email might seem to have arrived from one of your contacts but if you check the email address you will see that it is not legitimate. REMEMBER if it looks fishy, it probably is! Computer and internet Recognize the situation for harassment can come in all what it is: Online types of forms. It can even harassment. tie into social media abuse. If you are receiving emails from someone that contain content of threats, inappropriate messages or sexual in nature you need to contact a professional to determine where these message are coming from and who is sending them. This can be very difficult to trace and utilizing the right partner is very important to obtain the identity of the person harassing you via the computer. Janash Plata Data Diddling Dumpster Diving Data diddling can occur at various points along the chain of information entry, and it is often very subtle and virtually undetectable. It can be something as small as a time clerk substituting his own name or employee number for another employee's name or number. It can be combated by ensuring that all information is identical, whether it is a hard copy or the data within a digital system. Accounting controls, supervision, auditing, separation of duties, and authorization limits. Dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Destroy all sensitive information including junk mail and paperwork that includes: Account numbers Addresses Birth dates E-mail addresses Names Passwords and PINs Phone numbers Signatures Social Security Numbers War Dialing Salami Attack Logic Bomb War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Avoid scam A salami attack is when small attacks add up to one major attack that can go undetected due to the nature of this type of cyber crime. Avoid suspicion from the unsuspecting customer A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the c Logic bombs are difficult to prevent because they can be deployed from almost anywhere. An attacker can plant the logic bomb via a variety of means on multiple platforms, such as hiding the malicious code in a script or deploying it on a SQL server. Janash Plata