You are in one of the category of Reflections of a Business Driven Life.  To read all posts, go to the main page, or you can choose to read or subscribe to a category:   on technology, on life, on business, favorite quotes, jokes, tidbits, EntrepreViews & reading reviews.

 

  Sunday, June 12, 2005

Network Security  (techdrivenlife)

It is really a hot topic nowadays.  Two months ago, I was in a Microsoft conference.  Priority no. 1 - Security.  Last week, I was in a Cisco conference.  Opportunity no. 1 -  Security.  The other week, Businessweek had its cover story the 'hacker hunters'.  It highlighted that things like viruses, spyware and the like are not only nuisances.  It is a big global business.

Total damage last year through cybercrime -- $17.5 billion dollars, which was 30% higher than 2003, according to Computer Economics Inc.  The number of internet fraud complaints monitored by the Internet Crime Complaint Center ( a joint venture of the National White Collar Crime Center and the FBI) reached 207,449 in the year 2004, up from only 48,252 in 2002.

The article highlighted the quest to run down a cybercrime syndicate called ShadowCrew.  The size of the syndicate -- over 4,000 members all over the world.  So far, the Secret Service has uncovered that the group alone had over 1.7 million credit card numbers, access data to more than 18 million e-mail accounts, and fake identity cards made for thousands of people, from driver's licenses to British passports. Yes, it is big business.

The important thing to be aware of that is today's malware authors are a different breed from those of 5 or 10 years ago.  They are really intent to use their skills for financial gain. 

One of the biggest devilish trickery occured in January 2004 when a virus called MyDoom  appeared purportedly to do a denial of service attack to the website of the SCO Group.  The SCO company was embroiled in a copyright battle against Linux, and security experts said the virus writer was probably a Linux fan seeking revenge.  In fact, in some websites, many even volunteered to be 'infected' so that they could help attack the SCO site.They were wrong.  It was a Trojan horse.  While it did attack the website, it also contains a key-logging program that can record a user's keyboard strokes.   There was a backdoor program that could steal passwords and credit card information through monitoring keystrokes, and mailing it out.

Here is a simplified guide to some 'cybertricks' that are prevalently used:

1. Phising.  These are normally emails that are sent to people purportedly from legitimate outfits ( like banks or telco companies) asking people for passwords, or asking them to link to a website to verify or give some personal data.  The website of course, is spurious, but designed to look legitimate.  Rhymes with fishing, which is actually what it is -- fishing for information.

2. Pharming.  This is the virus similar to MyDoom, which is normally a keyboard logger, that is planted to the computer so that it can monitor keystrokes.  The intent of course, is to steal confidential information, particularly passwords to financial websites.  Rhymes with farming, which is the accumulation or collecting the information.

3. Wi-Phising.  This is the trick where a fake wireless network is set up for consumers to log into the internet.  Of course, they use the network to steal passwords, and other information.  You should be wary of using wi-fi hotspots that are not properly identified.  Or hotspots that is made to look legitimate but is not.  For instance, if your wifi SSID is HotWire, some enterprising people may set up an almost similar Wifi spot like HotWise, which may lure the unexpected to log into their network instead of the correct one.

4. TypoSquatting.  Hackers may set up a website that may look like the real one, but may not.  When people type the wrong word, ( for instance,gooogle, instead of google), they may end up with computers that are infected with viruses.

5. BOT Networks.  Which computers are the least guarded?  Not the ones that belong to big corporations, but many of those small or individual computers.  The hacker can infect your computer, and use it to attack the big computers.  Many unprotected computers nowadays are used to be the staging point where to launch spam or network attacks.  BOT networks allows an unsuspecting person to be part of an international terrorist computer network without the user being aware of it.

hackers are dreaming of new scams everyday.  In case of doubt, always remember caution is essential when surfing the internet.

 


6:43:18 PM     comment []   trackback []


© Copyright 2005 Wilson Ng .
Last update: 7/5/2005; 5:47:04 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "The Techology Driven Life" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.