Con artists search for potential victims for many types of scams such as phony lotteries, employment offers or business opportunities including investment fraud. They search for those on networking sites to become friends with and then go for the kill by asking for money for various reasons such as medical expenses, emergencies or even for a way to come to the United States from other countries. These types of scams are more common through email lists being sold but are now starting to show up more and more on networking sites.
Hacking is a common and almost everyday occurrence in cyber world. A hacker is defined as someone who can “hack” their way thought the security levels of a computer or network system. This can be as simple as figuring out what someone’s password is or as complex as writing a program to break into another computer’s security software. Hackers are the very reason, why software manufacturers release patches for security updates. ()
A recent hacking episode happened on August 6, 2009. Both Facebook and Twitter were compromised by hackers. According to Fox News, “Twitter said in its status blog Thursday that it was defending against a denial-of-service attack” in which hackers command scores of computers to a single site at the same time, preventing legitimate traffic from getting through”. (foxnews.com, 2009) Denial-of-service (DoS) is defined as an “attack on a computer system or website, aimed at disrupting its normal functions. A common method is used in DoS attacks is to deluge the system or site with a flood of messages that drastically slow down its response time, or overwhelm its data handling capacity resulting in a system crash” (businessdictionary.com, 2009). This is one of the most common attacks on social networking sites.
Another instance of this took place on May 14, 2009. Hackers attacked some of Facebook’s 200 million users by successfully gathering passwords from them in a phishing attack. (reuters.com, 2009) A phishing attack is when phishers send out emails that seem to come from a legitimate site such as Ebay, PayPal and other banking institutions where a link is provided. The email will direct the receiver to update or validate their information after clicking on the provided link and logging in. These e-mails may sometimes ask to enter more information such as a full name, address, phone number, social security number, and credit card number. Once you enter the username and password, the phisher will have access to your information. (, 2009) Once the hackers had the passwords on May 14, 2009, emails were sent to their friends directing them to click on a link. Once they clicked on the link, they were brought to the log on screen where they actually logged into a fake site designed to look like Facebook but controlled by the hackers. The purpose of these attacks is usually for identity theft or spam and this one in particular was believed to be for sending spam for pharmaceuticals and other goods.
Both Facebook and Myspace require senders of messages to be members and hide user information from those who do not have accounts. Because of this, most users are not as suspicious of messages they receive. It is important to be aware of hacker activities and the potential of what they can accomplish (www.reuters.com). It is also very important to avoid clicking on links within messages or posts of people that you don’t know or accept friend requests from unknown people or groups. "Research from Kaspersky Lab shows malware on social networking sites such as Facebook and MySpace is ten times more successful at infecting users than e-mail-based attacks". (www.blog.parametersecurity.com) Website busninessdictionary.com defines malware as software code such as a virus which is designed to invade a computer system and perform unauthorized activity or cause some type of destruction. There are currently many options for anti-spyware that are designed for detecting, removing and protecting computers from potential threats including spyware, adware, malware, Trojans, viruses, worms and much more. It is important to have this type of software installed on computers while spending time online. Without them, your computer has no defense against these attacks including hacker activity.
Another aspect of online privacy comes from something as simple as surfing the web. Companies gather information about consumers online and offline to more accurately target their advertising audience. One way that they accomplish this is by requesting that visitors complete a form when they visit their site. Users can typically accept or deny this. Should the site visitor decide not to complete the form, they are typically denied access to the information and services of the site. “A 1999 study found that 86 percent of internet users polled wanted the ability to exchange information about the use of their data with web sites so long as they knew the benefits for doing so and were informed about the use of their data“. (Protecting Privacy on the Internet by Jessica Melugin, Competitive Enterprise Institute, July 5, 2000)
Another way for companies to gather information is by using little files called "cookies". Users may unknowingly reveal information about their viewing habits, geographical location or even search terms they have entered on other sites. These are sent to the user's computer hard drive to keep track of visited sites and the advertisements that the user clicks on. The computer user can easily set their preference to ask before accepting any cookie requests or block the entirely. There are several ways to increase control by computer users to protect their personal information. The "Anonymizer" (www.anonymizer.com) allows users to browse the web and to surf privately. Anonymizer.com serves as an intermediary to prevent unauthorized parties from gathering information from the user. Instead of between sites, anonymizer.com users always leave from and go to the Anonymizer's protected location. This prevents sites from gathering personal and surfing information. Website www.zeroknowledge.com uses fake names to disguise users' identity while surfing online. The authenticated pseudonyms called "nyms", have no relationship to the user and is what gives anonymity to the users. Using nyms triggers a function that scrambles or encrypts outgoing data and messages from users. The users surfing traffic is then routed through "privacy enhancing detours" within a group of servers that remove location information and leaves only the nym. Freedom users are even anonymous to zeroknowledge.com including being able to match credit card numbers to the nym. Zero-Knowledge charges a fee of $49.95 for five nyms within a year of service. Another company that offers a free browser plug-in is Idcide Inc. The plug in is called Privacy Companion and it distinguishes between first party cookies (sent from current site) and third-party cookies (sent from other servers). It can be set to accept all cookies, just first-party cookies or none at all. The Enonymous Advisor (www.enonymous.com) provides a service that automatically starts when the browser is in use. After a user enters a web site address, a window automatically appears with link to the sites privacy practices. This site also points out sites that carry a Better Business Bureau Online or Trusted seal. Both seals indicate that the site has complied with privacy policies, information collection, etc. standards.
Surfing online is just what we do now so we even need to be cautious while simply being online especially on wireless networks. The problem with a wireless signal is that it can be challenging to control where the signal may travel. It is possible for the signal to travel to places unintended including into a hacker’s keystrokes that is searching for unsecured networks. There are several things that can be done to attempt to prevent this from happening. One is to change the system ID. Wireless devices already come with a default system ID called the SSID (Service Set Identifier). Hackers know how to find out what the default identifier are manufacturers of wireless equipment so it should be changed to something unique. Hackers also have access to default passwords of wireless systems so those passwords should be changed as well. Disabling Identifier Broadcasting that announces that you have a wireless connection will in turn not announce it to potential hackers. Enabling encryption will help guard your system against casual hackers but most could still be subject to denial-of-service attacks. By using a firewall will help the wireless system allow incoming or outgoing traffic that has only been approved. Patching and protecting computers is very important. To add to a computer’s defense, installing a personal firewall and anti-virus software will you’re your computer a defense with security vulnerabilities by updating the firewall with patches. (netsecurity.about.com) Hackers will always be on the lookout for computer vulnerabilities and as technology becomes stronger with protecting systems, so will hacker’s motivation to find new ways to break through firewalls and anti-virus software.
An interesting way that hackers work is through what is called port scanning. It is a popular way that attackers use to find the services that they can hack. A port scan helps a hacker find available ports to attack. A port scan is when a message is sent to each port one at a time. The response indicates whether or not the port is being used and can be probed for weaknesses and vulnerabilities. Website www.auditmypc.com compares port scanning to ringing the doorbell to see of someone is home. Another interesting fact about this is that authorities cannot do anything about this until an actual crime is committed. (www.auditpc.com) Port scanning itself is not necessarily harmful or illegal but if the potential hackers fingerprint a system and learn everything possible about its vulnerabilities, they can be setting up for a later intrusion. Preventing port scans cannot be avoided but it is important to utilize available system protections so that the scanner does not “find and attractive target” (www.networkworld.com). Internet service providers are unaware of port scans that originate from their networks but can try to track down and cancel accounts if they have enough information. However, it is an easy process for hackers to move on and attack a system from another computer or even an unknowing third party.
A “botnet” or “zombie army” is defined as a number of internet computers that have been unknowingly set up to forward transmissions including spam or viruses to other computers on the internet and this mostly applies to home computers. They are thus referred to as a zombie or computer robot that serves the commands of it’s originator. “According to a report from Russian-based Kaspersky Labs, botnets—not spam, viruses or worms—currently pose the biggest threat to the internet” (). The targets of these zombie armies are those computers without firewalls and other safeguards. A zombie or botnet is created through an internet port that has been left open and unprotected where a small Trojan horse program can be left for future activation. () A Trojan horse is defined as software programs that masquerade themselves as regular programs such as games, utilities, antivirus programs that if they are ran or clicked on, they can be quite malicious. () The computers that form a botnet can be programmed to redirect transmissions to a specific computer, such as a Web site that can be shut down by having too much traffic which would be a distributed denial-of-service (DDoS) attack. The motivation for a zombie master who creates a DDoS attack may be to cripple a competitor and the motivation for a zombie master sending spam is to make money. This is why they zombie masters search for unprotected computers. “According to the Symantec Internet Security Threat Report, through the first six months of 2006, there were 4,696,903 active botnet computers.” ()
Works Cited
"Denial of Service Attack". Business Dictionary. August 2, 2009 <http://www.businessdictionary.com/definition/denial-of-service-DOS-attack.html>.
Associated Press, "Hacker Attack Silences Twitter Users". Fox News. August 6, 2009 <http://www.foxnews.com/story/0,2933,537653,00.html>.
"Social Networking Security and Safety Tips". National Consumer League. August 1, 2009 <http://www.nclnet.org/technology/social_networking.htm>.
"Practical Tips for Protecting Online Privacy". Media Awareness Network. August 1, 2009 <http://www.media- awareness.ca/english/resources/issues_resources/issues_tipsheets/protecting_online_privacy.cfm>.
Finkle, Jim. "The Hacker Diaries". August 1, 2009 <http://blog.parametersecurity.com/tag/social-networking/>.
Melugin, Jessica. "Protecting Privacy on the Internet: Melugin Op-Ed in Washington Times". Competive Enterpise Institute. August 2, 2009 <http://cei.org/gencon/019,01787.cfm>.
Associated Press, "Hacker Attack Silences Twitter Users". Fox News. August 2, 2009 <http://www.foxnews.com/story/0,2933,537653,00.html?test=latestnews>.
Finkle, Jim. "Hackers launch phishing attack on Facebook users". Reuters. August 6, 2009 <http://www.reuters.com/article/newsOne/idUSTRE54D6BN20090514>.
Bradley, Tony. "Introduction to Wireless Network Security". About.com. August 6, 2009 <http://netsecurity.about.com/od/hackertools/a/aa072004b_2.htm>.
"Port Scanning". Audit My PC. August 6, 2009 <http://www.auditmypc.com/freescan/readingroom/port_scanning.asp>.
Reavis, Jim. "Are you safe from scanning?". Network World. August 6, 2009 <http://www.networkworld.com/newsletters/sec/0906sec2.html>.
"Botnet". SearchSecurity.com. August 6, 2009 <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1030284,00.html#>.
"The Tech Terms Computer Dictionary: Hacker". TechTerms. August 6, 2009 < >.
"The Tech Terms Computer Dictionary: Trojan Horse". Tech Terms. August 6, 2009 < >.
"The Tech Terms Computer Dictionary: Phishing". Tech Terms. August 7, 2009 <http://www.techterms.com/definition/phishing>.
by
asiracusa (student)
