Tzuhen Tsui

Threats to Info Security

Hacking (wiki)

Hacking is the act of finding the weaknesses of a computer or a network of computers with the intention of bringing attention to the problem. Hacking is generally broken down into two categories: white hat and black hat. White hat refers to the intention of hacking into a system just to notify officials or simply test the system. Black hat refers to the hacker with the intention of breaking into the system as a means of self-benefit. These attacks are often malicious and frequent unsuspecting patron’s sensitive information such as credit card numbers or website usernames/passwords.

YouTube Video



Spoofing (wiki)

Spoofing is much like phishing but in the context of making the origin seem legitimate. Caller ID, email addresses, and URLs are all subject to spoofing. Caller IDs are most vulnerable due to less security measures. An individual may be more willing to give up sensitive information when the caller ID lists the number as a trusted entity such as a bank.


Sniffing (wiki)

Due to the nature of the internet protocols, data is often sent in packets. Sniffing refers to the programs used by hackers to scour the internet for these data packets. The data packets are then opened and read by hackers. Sensitive information is often secured by encryption but if not, “sniffing” by hackers will reveal data. Individual networks are often targeted one at a time to be more efficient as a network sending unsecured data will often repeat the pattern, allowing easy work for hackers.


Spyware (wiki)

Spyware is a type of malware where it is installed unknowingly and stays hidden from the user while collecting sensitive information. Malware is used to gain access to a system by force but spyware will conceal itself into background programs. This makes spyware very hard to detect and when detected, it has already embedded itself into the root which then makes it additionally hard to remove. Spyware is often installed by the user through deceptive means or piggybacks its way through another program (also known as a Trojan Horse). Spyware can record a user’s behavior on the internet as well as other sensitive information. The best way to preventing these malicious programs is to be smart about the internet presence. Do not install of even click on suspicious links and it is always best to schedule a weekly anti-virus check.


Phishing (wiki)

Phishing is the act of masquerading as a false individual/entity in an attempt to acquire sensitive information directly from the user. A very common technique in doing so is to email users asking for a username and password to maintain that the account is indeed active. Although it may seem legitimate, many of these emails are made to look very official as to fool the user. Many phishing attacks often appear through email but phone calls have begun to gain ground as well. Phone phishing can vary but the main objective is to acquire sensitive data such as a “bank” calling to report suspicious activity and the only way to verify that the receiving end of the phone call is indeed the bank customer, a credit card number “must” be entered. Be very wary of phishing scams as these scams are made to look very legitimate, often fooling the uninformed. The following email example makes the user think it is legitimate, but a few grammatical errors tip the user off. Also the URL is real but the hyperlink leads to the phishing website.
Example of a phishing email (Wikipedia)

Malware (wiki)

An abbreviation of MALicious softWARE, the sole purpose of malware is to gain unauthorized access into a network or computer. Malware usually arrives into a computer as code set by a website or by installation under false pretenses. Malware will often install itself into a computer’s roots therefore making removal very difficult. Once embedded malware often collects very sensitive data, such as credit card numbers, passwords, and even keystrokes, which is then sent to a central hub. Anti-virus scans can be used as a detective measure, not a preventative measure, as malware creators often work one step ahead of these companies. The best way to avoid malware is to stay away from unknown “shady” websites and not to open emails from unknown, or unverified, users.

YouTube Video



Comments