Knowledge Society

Lecture 3

Digital Security
 One of the major issues I the ‘IT AGE’
o Increasingly more people trying to gain access to information
 Issue of finding a balance between security and usability
o If a system is completely secure no one can do anything
o If it is completely usable there is no security
 Security is like an “arms race”
o An evolutionary process
 Information Security Characteristics
o Confidentiality = Information should be available to those who
have right and proper access to it
 Not going to publish an exam before you take it.
 Need to establish who can have access and what
they can do with it
o Integrity = we need to be able to trust that the information is a true
and accurate record
o Availability = information should be available to those that need to
legitimately know it
 Personal Information Security Treats
o PC connectivity of the Internet has made it much easier for
intruders
 Its not a one way thing to the information – people are also
connecting to you
o People can view and manipulate your computer system remotely
o People often keep account numbers and passwords stored in
computers
 The only safe computer is a computer that is not connected
to anything
 We are such an information rich society that it’s hard to
keep up with all the usernames and password
o IDENTITY THEFT = the criminal act of using stolen information
about a person to assume that person’ identity
 People having to prove that they are them
 Nation and Global Security Threats
o Governments depend on IT and the Internet
 Governments are forming and shaping our future society
 They are also vulnerable
 Most government services are online and are thus a target
 o They have become a major target for organised crime and
terrorism (or cyber-terrorism)
 Taking out electronic resources – crucial to government
infrastructure
o Security agencies now regularly deal in digital security
o Problems with international attacks as there is no international
law under which to prosecute the attackers.
 Types of security
o Errors and accidents – errors and accidents are unavoidable,
despite how we may plan against them
 Human errors
 Enter a wrong number
 Procedural errors
 Not following instructions
 Software errors (‘bugs’)
 Computers don’t always trust the software
 Computer programmers can make errors in the code
 Updates are fixing these errors
 It is a ‘bug’ because in the 40s first computers based
on vacuum tubes
o One day a moth flew onto a vacuum tube and
it blew the tube and the programme had an
error
 Incorrect data/information (‘dirty data’)

o Terrorism
 Terrorism may destroy data and computer systems
 Sept 11 loss of important data and information
stored at the bottom of the buildings
 Without the particular knowledge of information it
is difficult to run your business (specific area of
expertise)
 Valuable technical and procedural experience is also lost
o Crimes against computers and communications – illegal acts
intended to destroy/harm computer and communications
equipment
 Hardware theft
 Stealing actual computers (Melbourne people in
official coats)
 Software theft
 Reinstalling software on other computers
 Time theft
 Stealing time away from computer system
o Loss of productivity – it could be doing what
you’re paid to do
 Information theft
 Taking information that they have access to and use
it for purposes that they shouldn’t
 Hardware/software destruction and vandalism
 Trashed computer labs
  Fraud, counterfeiting and impersonation
o Worms and viruses
 Designed to disrupt computers and computer services
 Leads to lost revenue and a large amount of downtime for
organisations
 Producing and releasing viruses and worms is an illegal
activity
 A worm is a program that copies itself repeatedly into
memory and/or hard disks drive until the computer stops
working or freezes
 Fills up memory and if it’s filled computer won’t
work
 A virus, however, is a program that is able to copy itself
from computer to computer and is capable of damaging
software and/or data
 It does specific harm
 Each does something different
 E.g. corrupt files on hard disk
o Delete all exe. Files
o Computer criminals
 Nearly 80% of computer crime is committed by employees
of organisations
 Time theft (unreported crimes)
 These crimes go largely unreported
 A hacker is a person who breaks into computers and their
networks, usually by gaining access to administrative
controls
 White hat
o The good people that try and show
government’s and organisations their
security vulnerabilities
 Black hat
o Evil people
o Trying to get access to computer systems and
are often making money (getting paid)
o Many from Russia- cyber criminal gangs
 Grey hat
o In between – depending on who pays them
 Act as both
o Software and networks
 Hackers exploit security holes
 They know they exists and how to gain access to
them
 This is why patches are released - updates
 A security hole is an error in the program that allows
violation of information security
 Sometimes patches are released to address security holes
 Information Security Measures
o Identification and level of access
  Having cards (e.g. credit cards), signatures, keys and badges
etc. (Old and Secure)
 PINs and passwords – very weak forms of security
protection
 Most people choose passwords and PINs that relate
to them
 Most people
o Physical Traits
 Physical attributes of our bodies are unique
 Include finger prints, retinal patters ad DNA
 USB with thumbprints are coming in
 Biometrics is the science of measuring individual body
characteristics
o Encryption
 The process of converting readable data (plaintext or clear
text)
 Makes a combination of letters and numbers that
have nothing related to the numbers
 Only people who have the right key can access the
information
 Decryption is the reverse process
 Commonly used encryption method uses a pair of public
and private keys unique to each individual
 on email signatures people sometimes have a public
key which can be used to encrypt the information
o this encrypted information can be sent to
them
o then only way you can decrypt this
information is using a private key (they have
to make sure they have it)
 makes sure that only the person that
has the private key can open it
 Encryption software built into browsers
 o Protecting software and data
 Achieved by controlling access to sensitive software/data,
keeping an audit log of files and controlling the activities of
people within the organisation
o Have a disaster recovery plan
 Executed in a time of emergency to restore normal
information processing activities
 Security for your PC
o Your computer contains a lot of valuable information
o Its management (particularly security) is very important
o Have a good password
o Don’t give your password to anybody or even write it down
o Encrypting personal data files is a good idea
o Application programs can do this with a password option (e.g.
Word)
o Regular and systematic backup is an essential activity
o Your computer contains a lot of valuable information
 Internet Security Measures
o Hackers
 Keep up to date with application software and operating
system patches
 Install a personal firewire
 A firewall is software that examines incoming packets from
the internet
 Data packets are how the internet communicates
 The firewall can filter out packets that are potentially
dangerous
 Organisations (such as Bond) run their own firewall that
protects their networks.
 As soon as a computer is networked it is vulnerable
to an attack
o Viruses and Worms
 Combated by installing the latest Anti-virus software
 Be careful about email attachments
o Denial of Service (DoS) Attacks
 Making repeated requests of a computer system or network
 Millions per second
 This can overload it and deny legitimate users access to it
 Will shutdown large computer systems, disrupting many
users and leading to lost business
 Particularly target large companies
o Spyware and Adware
 Software installed on your computer without your prior
knowledge
 Used to monitor the computer or even control it
 Adware sends you unsolicited advertising in the form of
pop-up windows
 Computer controlled though spyware it is called a zombie
 Zombie armies are known as ‘botnets’
 Anti-spyware software can be used to defend against this
o Wardriving
 The act of searching for WiFi wireless networks by a person
in a moving vehicle
 Secure your wireless network
o Scams and Hoaxes
 Internet is a very good medium for scams, hoaxes and
frauds
 Easy to hide illegitimacy effective in the electronic world
 The legal system has a great deal of trouble keeping up with
the latest digital developments
 An internet fraud is the crime of deliberately deceiving a
person over the internet in order to obtain property and
services from them unjustly
o Spoofing
 The electronic assumption of another’s identity
 Often email is sent using a fake sender name
 Used to trick people to open spam email messages
 Illegal in most criminal codes
 Phishing and Pharming
 Short for password harnessing fishing
o Try to make people reveal private
information
o Often accompanied by a fake or spoofed URL
o Making reveal bank account information
o Never respond to these
o Pharming = a DNS server is electronically
‘hijacked’ to automatically redirect users
from legitimate web-sites to spoofed web-
sites
o Spam
 It represents the bulk of the World’s email
 Simply delete it
o Virus hoax
 Is an email that warns of a virus that does not exist
 Sent just as a disruption
o Further strategies…
 Always be on your guard
 Never respond to an email requesting private information
 If you do not know who an email is from, delete it straight
away
 Never visit the URLs contained within spam messages
Knowledge Society
Computer Crime and Security

 Infor mation security is concerned with

– Confidentiality
– Integrity
– Availability
 Identity theft
– The criminal act of using stolen information about a person to
assumer a person’s identity
 Intellectual Property
– Refers to a product of the mind or intellect over which the owner
holds legal entitlement
– Ideas, intangible objects such as poetry, stories, music etc.
– Intellectual property rights concern the ownership and use of
intellectual property such as software, music, movies, data and
 information

 Security threats to businesses

– Virus
– Insider abuse of internet access
– Laptop theft
– Unauthorized access by insiders
– Denial-of-service attacks
– System penetration
– Theft of proprietary information
– Sabotage
– Financial fraud
– Telecommunication fraud
– Telecommunication eavesdropping
– Active wiretap
 Business intelligence = the process of gathering and analyzing ingormation
in the pursuit of business advantage.
 Competitive intelligence = concerned with information about competitors
 Counterintelligence = concerned with protecting your own information
from access by your competitors
 New laws to hold people responsible for maintaining the security of their
customers
 Cyberterrorism
– Uses attacks over the internet to intimidate and harm a population
 U>S Computer Emergency Readiness Team (US-CERT)
monitors the security of US networks and the internet and
respond to episodes of cyberterrorism
– Prevent cyber attacks against American’s critical
infrastructures
– Reduce national vulnerability to cyberattacks
– Minimize damage and recovery time from cyber
attacks
 Threats to information security
– Internet flaws
– Intentional and unintentional acts by law-abiding citizens (User
negligence)
– Attacks wishing to do serious damage
 Security holes (security vulnerability) are software bugs that allow
violations of information security
 Microsoft’s Trustworthy Computing initiative is a ‘long term, collaborative
effort to provide more secure, private and reliable computing experiences
for everyone’
 Software patches are corrections to software bugs that cause security holes
– in the form of updates
 Piracy = the illegal copying, use and distribution of digital intellectual
property
 Plagiarism = taking credit for someone else’s intellectual property
 Hacker = subverts computer security without authorization (system
penetration)
– Attackers or intruders
– Black hat hacker
 Takes advantage of security vulnerability to gain unlawful
access to private networks for the purpose of private
advantage
 White hat hackers
– Individual who considers it working for the
common good to hack into networks in order to call
attention to flaws in security so they can be fixed
 Grey hat hackers
– A hacker of questionable ethics
 Script kiddle
– A person with little technical knowledge who follows
the instructions of others to hack networks