What are they? What do they have to with me? MALICIOUS ATTACKS Introduction You may not know exactly what it is, but chances are you have encountered one at some point on the internet Ever get a pop-up that tells you that you just won a free iPhone? Ever been asked to click on a link to redeem your prize or “find out who has a crush on you”? Then you have encountered an attempted malicious attack. So what is it? A malicious attack is anything that attempts to spread damaging viruses or “phishing” What is phishing? It’s a criminal attempt at stealing your private information such as your credit card details, passwords, or bank account number using electronic mediums. Also, it’s important to remember that dumpster diving is another form of phishing. How do I know if I’m a victim? Viruses are usually spread through e-mails and pop up windows. You may be infected by simply opening an email or you may be presented with a link that will direct you to a false website that will contaminate your system. Phishing is done by fooling you into thinking you are entering a trustworthy electronic communication. For instance, sending you an e-mail informing you that there is a complication with your bank account and presenting you with a link to a page that is designed to make you believe that it is your bank’s official website. Once you are on the false site you will usually be asked to give your personal information and you do so without any idea that you have been made a victim. Background (Evolution) Malicious attacks are considered cyber crimes. Cyber crime = crimes that target computers directly or crimes facilitated by use of computer. 1820 – first recorded cyber crime. 1970 – developments in networking technology (email). 1990 – birth of internet. Some important milestones Wild virus, experimental virus Robert Morris’s Worm AIDS Trojan First Macro Virus, Hackers Windows 98 Denial of Service (DoS) Steps towards lessening the problem. Keep your antivirus up to date Use anti-spam software Use back-up systems Don’t enter sensitive or financial information into pop-up windows Use a Firewall Don’t open hyperlinks in an email Get educated (especially on phishing and hacking) Criticisms Things like encryption and copy protection mechanisms do not fully solve the issue. Encryption usually protects the data only on the transport channel, and as soon as the data is decrypted for display or playback, it can be copied. Copy protection mechanisms are difficult to realize in open systems. Even in proprietary systems they are often circumvented sooner or later. Thus, both encryption and copy protection offer only limited security. Currently, heavy firewalls and watermarking are really the best options. In our personal opinion… We do not recommend malicious attacks of any kind. Malicious Attacks such as phishing (email, IM, Phone calls, and Dumpster Diving.) Once again… Keep your antivirus up to date Use anti-spam software Use back-up systems Don’t enter sensitive or financial information into pop-up windows Use a Firewall Don’t open hyperlinks in an email get educated (especially on phishing and hacking) Contact the Information Security Office (412) 268-2044 Iso-ir@andrew.cmu.edu