Computer Security & Risks

Chapter 11 Part 1
 2

Outline
• Overview
• Computer Forensics
• Computer Theft
• Malwares
• Hacking
 3

Overview
• Computer Security
▫ The protection of computing systems and data
that they store or access from unintended or
unauthorized access, change or destruction.
• Computers could be used for either:
▫ Upholding laws
 E.g Computer forensics, etc …
▫ Breaking the laws
 E.g Viruses, Identity theft, etc …
 4

Computer Forensics (YouTube)

• Investigation of a wide variety of computer
crimes.
▫ Use special software to store and reference clues
in complex cases
▫ Trace digital fingerprints “deleted files”
▫ Automated Fingerprint Detection
 5

Computer Crime
• Cybercrime
▫ Any crime using Computer
Technology
 Billion of dollars are lost
 Majority are conducted by
company insiders
 Insider crimes are covered up to
avoid embarrassment
 6

Computer Crime
• Cyberstalking
▫ A form of harassment repeatedly harm or
harass other people in a deliberate manner
on the internet
▫ To help yourself, limit how much your share
your personal info
• Cyber bullying
▫ Targeting children and young adults online,
involves humiliation, rumors, lies, taunts or
threats.
▫ Stop cyberbullying! (Video Link)
 7

Computer Crime Types

• Computer Theft
• Software Piracy
• Identity Theft
• Viruses
• Worms
• DDoS
• Hacking
 8

Computer Theft
• Theft of computer itself
▫ Laptops, PDAs and Smartphone's are often
stolen
▫ The SW and data on the computer are more
valuable than the hardware
 9

Computer Theft
• Intellectual Property Theft
▫ Software Piracy
▫ File sharing of copy righted songs
▫ Illegal duplication and distribution of movies
▫ Plagiarism of copy righted text
10
 11

Computer Theft
• What is stolen?
▫ Money
▫ Goods
▫ Information
▫ Software Resources
• Getting sensitive data through:
▫ Spoofing
▫ Identity Theft
▫ Phishing
 12

Computer Theft
• Spoofing/Social Engineering
▫ Trick that target to extract secret information
 E.g. Making a phone call and posing as an internet technician,
to extract sensitive data especially passwords.
• Shoulder surfing
▫ Is a type of social engineering technique used to obtain
information by looking over the victim's shoulder.
 E.g. Passwords and other confidential data
 13

Computer Theft
• Identity Theft
▫ Extract personal information to commit
a crime in another person identity
 National ID
 Driving License
 Credit card number
▫ “Catch Me if you Can”
 Movie about Frank Abagnale
 Between the ages of 15 and 21. He became one of
the most famous impostors ever
 14

Computer Theft
• Phishing (Video Link)
▫ Is the act of attempting to acquire sensitive
information by masquerading as a trustworthy
entity in an electronic communication
 Sending an email posing as a bank representative
and asking to fill a fake bank web form.

 Adults sites asking users to reveal credit card

numbers to prove age
 15

Computer Theft
• Facebook Phishing Example:
▫ URL: fuizuebooks/update/index4.php
 16

Computer Theft
 17

Computer Theft
• Identity theft protection
▫ Use separate credit card for online use
▫ Use secure websites (https://)
▫ Don’t disclose personal info on phone
▫ Handle email with care
▫ Don’t put your national ID on checks
▫ Copy your cards to get replacement in case stolen
▫ Report Identity theft promptly
 18

Software Sabotage
• Malicious software Video Link
▫ Used to disrupt computer
operation, gather sensitive
information, or gain access to
private computer systems
 Viruses
 Worms
 Trojan horses
 Spyware
 19

Software Sabotage
• Viruses
▫ Normally it is embedded in a file and travels as an
email attachment, or infected flash memory disks.
▫ When the virus program is executed it cause
 Damages to the Operating systems
 Display messages
▫ Viruses are OS specific but New types are cross-
platform.
▫ Macro viruses: attach themselves to documents that
contain macros
 E.g MS Office applications
 20

Software Sabotage
• Worms
▫ They are independent programs
▫ Capable of reproducing themselves
▫ Causes memory freezes
▫ Spreads through the internet
• Famous worm:
▫ Code Red (2001)
 Didn’t attack PCs, it attacked internet servers running
Microsoft Servers
 21

Software Sabotage
• Trojan Horse
▫ Disguise themselves as useful
programs or apps, but has hidden
destructive program
 Often posted in shareware
 Names look like games, utilities or
pictures
 Track and monitor your keystrokes
 Act as a backdoor allowing the attacker
to control your PC
 22

Software Sabotage
• Spyware:
▫ Gets installed and collects information without
user’s knowledge
 Called Spybot or Tracking software

▫ Tracks
 Keystrokes (Key Logger)
 Web sites visited
 Screen displays
 23

Software Sabotage
• Ransomware
▫ It is a malware type that locks your computer and encrypts data
in your hard drive and then demands that you pay a ransom to
unblock the files again.
• How do you get infected?
▫ Open an infected email attachment or malicious link

• Attackers usually ask you to pay the ransom using digital currencies,
such as Bitcoin because it is untraceable
• Ransomware Examples:
▫ TeslaCrypt: uses super strong uncrackable encryption
 24

Hacking and Electronic Trespassing

• Zombie Computers
▫ Internet connected computers that have been hijacked
using viruses to perform malicious acts without the
knowledge of the owners
 25

Hacking and Electronic Trespassing

• Botnets
▫ Network of computers
 That have been hijacked using viruses
 To perform malicious acts without knowledge of the owners
 26

Hacking and Electronic Trespassing

• DDOS (YouTube Link)
▫ Distributed Denial of Service
 attacks bombard servers and web sites with traffic that shuts
down Web sites  uses botnets
 27

Hacking and Electronic Trespassing

• Hackers
▫ People who break into computer systems (In 70s it
was considered intelligent and harmless). But now
it is synonymous with Cracking.
• Cracking
▫ Breaking into computer systems with criminal
intention.
 28

Hackers
• Black Hat Hacker
▫ Criminals develop new
techniques to penetrate
security systems with
harm intentions
• White Hat Hacker
▫ Security experts
developing new
techniques to protect us.
▫ Called Ethical Hacker
 29

Inspiring white hackers videos

• James Lyne
: Everyday cybercrime -- and what you can do ab
out it

• Mikko Hypponen
: Fighting viruses, defending the net

• https://www.youtube.com/watch?v=mwj2NkTY