SOME THINGS YOU SHOULD KNOW ABOUT CYBER ATTACKS
The genies of the tech world have done so much good and harm, arguably with the same intensity. Individuals and corporate entities are now becoming awakened to the possibility of an attack whether in their private homes or their state-of-art modern fortress. I mean it's become easy to pursue evil whether for financial or political gains simply by tapping on "ENTER"
Today, we are beyond the denial phase; that we live in an age where humans have created an intelligence popularly known as The Artificial Intelligence or AI for short.
AI has undoubtedly served different purposes as personal assistants, rather than the traditional master-servant role you'd expect from a creator.
Nowadays the world is actually hooked on its 'high' for virtually all its needs.
Nowadays the world is actually hooked on its 'high' for virtually all its needs.
In a vastly digital world, the survival of our species is increasingly being threatened by the ease of a cyber attack from the cyber ‘space’.
For many of us still grappling with the potentials of AI; it’s a rude awakening to see that we are no longer alone on the planet.
For many of us still grappling with the potentials of AI; it’s a rude awakening to see that we are no longer alone on the planet.
We seem to have sold our freedom to the machines. We feed these machines lethal instructions and they do our dirty biding.
So let's talk about Cyber attack.
Cyber attacks are usually targeted at using the hallowed computer to commit fraud, propagate devious acts (as in the case of child porn), steal identities, and violate privacy to mention a few.
Cyber attacks or crimes aren't too different from traditional crimes except they are assisted by the use of a digital computer. It is really not an invention. Mostly when you consider that the use of Internet to cybercrimes, they are only an appendage to existing criminal proclivities made possible with the use of computers.
It is important to note that most cybercrimes are based on the information component of individuals, corporations, or governments. Another way to say this is that the attacks often do not take place primarily on the physical body but takes its power on its dependence on the informational attribute on people and institutions on the Internet. In the digital/information age, our virtual lives are as real as our everyday physical existence on mother Earth.
By now, it should be common knowledge that our lives make up the 'big' data stored on multiple databases owned by corporations and government.
Some scholars have argued on what makes cybercriminals more dangerous. They argue that even though the cybercriminal isn't different from the lot; the perception of what constitutes a crime often differs from one culture to the other or from location to location.
For instance, what is considered rights of individuals in a liberal society might not apply in a conservative society. This therefore creates problems; considering that most cybercrimes are perpetuated in remote locations. This however does not always mean that cybercriminals are phantoms as historical narrative tell. Like traditional criminals, cybercriminals leave 'footprints' that can unravel their location and eventually their identities.
In fact, several international bodies majorly in developed economies have designed protocols that can monitor and protect nations from terrorism, racial attacks, xenophobia and other forms that use the cyberspace that perpetuate crime.
Identity theft and invasion of privacy:
If you have attacked by an identity thief, then you'd agree in different shapes. In places where social security number is used as means of identity; the identity thief is likely to act the part of being you. How?
With the use of social security number, taxes for example are collected on the basis of each citizen's social security number. Many private institutions use the number to keep track of their employees, students, and patients. Access to an individual's Social Security number affords the opportunity to gather all the documents related to that person's citizenship—i.e., to steal his identity. Even stolen credit card information can be used to reconstruct an individual's identity.
When criminals steal a firm's credit card records, they produce two distinct effects. First, they make off with digital information about individuals that is useful in many ways. For example, they might use the credit card information to run up huge bills, forcing the credit card firms to suffer large losses, or they might sell the information to others who can use it in a similar fashion. Second, they might use individual credit card names and numbers to create new identities for other criminals. For example, a criminal might contact the issuing bank of a stolen credit card and change the mailing address on the account.
Next, the criminal may get a passport or driver's license with his own picture but with the victim's name. With a driver's license, the criminal can easily acquire a new Social Security card; it is then possible to open bank accounts and receive loans—all with the victim's credit record and background. The original card holder might remain unaware of this until the debt is so great that the bank contacts the account holder. Only then does the identity theft become visible."
Identity theft is a hot subject surely among scholars in the field of psychology. Yet when the primary purpose of acting the part of being another individual is aimed at indulging one's criminal tendencies particularly for financial gains, we see a pure evolution of analogy of the “hand of Esau – the voice of Jacob.”
Internet fraud:
Internet fraud ranks really high on the list of cybercrime. Called various names based on the location of the crime. In Nigeria, it is known by names like 419, yahoo yahoo etc. Often time, the mode of communication between the criminal and their prospective victims is usually via traditional email or telephone conversation.
"In the scheme, an individual receives an e-mail asserting that the sender requires help in transferring a large sum of money out of Nigeria or another distant country. Usually, this money is in the form of an asset that is going to be sold, such as oil, or a large amount of cash that requires “laundering” to conceal its source; the variations are endless, and new specifics are constantly being developed. The message asks the recipient to cover some cost of moving the funds out of the country in return for receiving a much larger sum of money in the near future. Should the recipient respond with a check or money order, he is told that complications have developed; more money is required. Over time, victims can lose thousands of dollars that are utterly unrecoverable.
ATM fraud:
The Automated Teller machine (ATM) is another common instrument target to rip individuals off, and this is aided by the aid of computer software. The ATM accepts and dispenses cash by requesting that a user supplies a card and personal identification number (PIN). Criminals have developed means to intercept both the data on the card's magnetic strip as well as the user's PIN. In turn, the information is used to create fake cards that are then used to withdraw funds from the unsuspecting individual's account. Unfortunately, given that ATMs are the preferred method for dispensing currency all over the world, ATM fraud has become an international problem.
Wire fraud:
Recently, the cashless policy is being sung globally. Commerce and financial transactions are done seamlessly over the Internet. With cybercrime, the international nature of cybercrime is particularly evident. Movies portray the dangers of wire fraud.
Stieg Larsson’s trilogy starting with "The girl with the dragon tattoo" speaks about the heroic exploits of a computer programmer Lisbeth Salander.
I've heard of black hat hackers that specifically target major corporations by infiltrating their computer network with ransomewares and other computer viruses. Then later demand their victim part away with a huge part of their wealth.
Historically, one of the largest and best-organized wire fraud schemes was orchestrated by Vladimir Levin, a Russian programmer with a computer software firm in St. Petersburg. In 1994, with the aid of dozens of confederates, Levin began transferring some $10 million from subsidiaries of Citibank, N.A., in Argentina and Indonesia to bank accounts in San Francisco, Tel Aviv, Amsterdam, Germany, and Finland. According to Citibank, all but $400,000 was eventually recovered as Levin's accomplices attempted to withdraw the funds.
Child pornography:
The Internet have also provided pedophiles with an unprecedented opportunity to commit criminal acts through the use of “chat rooms” to identify and lure victims. Here the virtual and the material worlds intersect in a particularly dangerous fashion. In many countries, state authorities now pose as children in chat rooms; despite the widespread knowledge of this practice, pedophiles continue to make contact with these victims in order to meet them “off-line."
Adult porn accessed from the 'cloud' may not be termed as criminal as most recording companies are probably legally allowed to promote their trade for profit. Yet in many countries, child pornography is seen as debasing and punishable under the law. The challenge here is that not everyone sees it this way.
There are reports that reveal that there are still countries that do not have cybercrime laws. Hence, for these countries accessing child pornography by a pedophile is not only possible but subtle encouraged if they even have a deeply conservative culture that forces children into early marriage, sex slavery and diverse forms of human trafficking.
Hacking:
I talked about black hat hackers earlier, there are also white hat hackers.
An hacker refer to individual who gained unauthorized access to computer networks, whether from another computer network or, as personal computers became available, from their own computer systems.
"The story of hacking actually goes back to the 1950s, when a group of phreaks (short for “phone freaks”) began to hijack portions of the world's telephone networks, making unauthorized long-distance calls and setting up special “party lines” for fellow phreaks. With the proliferation of computer bulletin board systems (BBSs) in the late 1970s, the informal phreaking culture began to coalesce into quasi-organized groups of individuals who graduated from the telephone network to “hacking” corporate and government computer network systems."
The 'good' hackers or white hat hackers may be authorized to breach privacy to detect possible cybercriminal activities. However, certain class of hackers often boasts about wreaking havoc on the very workings of the computer network infrastructure of corporations and government.
Most hackers have not been criminals in the sense of being vandals or of seeking illicit financial rewards. Instead, most have been young people driven by intellectual curiosity; many of these people have gone on to become computer security architects.
Furthermore, hacking activities could been done for the purpose of hijacking a government or corporation’s web site. There are many historical records of hacking (some individuals have argued in favour of Internet activism), as a means of gaining international support against human right abuses by governments.
A classic example was when the Web site of the U.S. Central Intelligence Agency (CIA) was altered by Swedish hackers to gain international support for their protest of the Swedish government's prosecution of local hackers.
Defacing Web sites however is a minor matter, when compared to the potential of terrorists using the Internet to attack the infrastructure of a nation. Such as rerouting airline traffic, contaminating the water supply, or disabling nuclear plant safeguards among others.
Computer viruses:
The deliberate release of damaging computer viruses is yet another type of cybercrime. "A virus consists of a set of instructions that attaches itself to other computer programs, usually in the computer's operating system, and becomes part of them. A virus is usually designed to execute when it is loaded into a computer's memory. Upon execution, the virus instructs its host program to copy the viral code into, or “infect,” any number of other programs and files stored in the computer. The infection can then transfer itself to files and code on other computers through magnetic disks or other memory-storage devices, computer networks, or online systems. The replicating viruses often multiply until they destroy data or render other program codes meaningless. There are actually several types of computer viruses that serve different purposes. A virus may simply cause a harmless joke or cryptic message to appear on a computer user's video monitor each time he turns on his computer. A more damaging virus can wreak havoc on an extremely large computer system within a matter of minutes or hours, causing it to crash and thereby destroy valuable data."
Spam:
There's that little tab that built by your email service provider that creates an archive of 'special' messages. Emails have spawned one of the most significant forms of cybercrime—spam, or unsolicited advertisements for products and services, which experts estimate to comprise roughly 50 percent of the e-mail circulating on the Internet.
"Spam can actually be seen as crime against all users of the Internet since it wastes both the storage and network capacities of internet service providers (ISP), as well as often simply being offensive. Yet, despite various attempts to legislate it out of existence, it remains unclear how spam can be eliminated without violating the freedom of speech in a liberal democratic polity.
Unlike junk mail, which has a postage cost associated with it, spam is nearly free for perpetrators—it typically costs the same to send 10 messages as it does to send 10 million.
One of the most significant problems in shutting down spammers involves their use of other individuals' personal computers. Typically, numerous machines connected to the Internet are first infected with a virus or Trojan horse that gives the spammer secret control. Such machines are known as zombie computers, and networks of them, often involving thousands of infected computers, can be activated to flood the Internet with spam or to institute DoS attacks.
While the former may be almost benign, including solicitations to purchase legitimate goods, Denial of service (DoS) attacks have been deployed in efforts to blackmail Web sites by threatening to shut them down. Cybercrime experts estimate that the United States for example accounts for about one-fourth of the 4–8 million zombie computers in the world and is the origin of nearly one-third of all spam."
E-mail also serves as an instrument for both traditional criminals and terrorists. By its very nature (including popularly instant messaging applications), they ensure the use of message encryption to ensure privacy in communication; yet criminals and terrorists may also use cryptographic means to conceal their plans.
Law enforcement officials report that some terrorist groups embed instructions and information in images via a process known as steganography, a sophisticated method of hiding information in plain sight. Even recognizing that something is concealed in this fashion often requires considerable amounts of computing power; actually decoding the information is nearly impossible if one does not have the key to separate the hidden data.
Denial of service (DoS) attacks:
Almost similar to computer viruses, these attacks can use computers at multiple locations to target for instance the computer systems of e-commerce sites. The aim may be to overwhelm their systems, thereby shutting down these e-commerce sites to legitimate commercial traffic reach it. One important insight offered by these events has been that many softwares are insecure, making it easy for even an unskilled hacker to compromise a vast number of machines. Although software companies regularly offer patches to fix software vulnerabilities, not all users implement the updates, and their computers remain vulnerable to criminals wanting to launch DoS attacks. In 2003, the Internet service provider PSINet Europe connected an unprotected server to the Internet. Within 24 hours the server had been attacked 467 times, and after three weeks more than 600 attacks had been recorded.
There's actually a long list of cybercrimes; some of them like cancer are benign while others have led dire consequences on the life and general wealth of a country. For instance; in the 2019 report by the African Defense Forum; the WannaCry attack is responsible for paralyzing banks, hospitals and governmental agencies in multiple countries including Kenya and Morocco. The attack spread malicious code, crippling systems and forcing others to shut down for fear of being hit. Nigeria was also reported to have lost over 649 million dollars per year due to the activities of cyber criminals.
In my search, I also stumbled on some interesting vocabs you may be interested in. They include:
Ransomeware - These attacks take control of a computer. Hijackers demand a ransom payment to release and/or decrypt the data they have seized. These attacks sometimes gain access to a computer when the user clicks on a link, but in other cases they are able to infiltrate a network and travel between computers automatically.
Phishing Scams - This typically involves an email asking the user to click on a link. The link might lead to a site that mimics a financial institution or email providers. The user may be led to a page that asks for a username and password with a claim that it need to be rest. The actual intention is to capture the user's password so the attacker can access the target's information.
Watering Hole Attack - Here, the assailant observe or guess a site that an individual, group or members of an organization are likely to visit. The attackers infect that site with malware or other harmful viruses. Once targets visit the site, they become infected, allowing the malware, in some cases, to infiltrate other members of the organization. The intent of the malware is to damage the system or steal information.
Any Solutions?
- In the case of ransomeware attacks, use antivirus software and a firewall when possible; use a virtual private network (VPN) when accessing the internet on public Wi-fi connection; back up all files regularly so they can be recovered in the event of an attack. Finally, if hit by ransomeware, do not pay the ransom. It only encourages future attacks and it offers no guarantee of data recovery.
- To avoid phishing scams, do not click on lists or open attachments from untrusted or unknown sources. Look for suspicious language in emails such as misspellings, and look for unusual email addresses. Install an anti-phishing toolbar on your browser. Use a firewall, anti-virus and be suspicious of all pop-up advertisements. Never give personally sensitive or financial information to unknown and untrusted sources.
- For malwares, use firewalls, antivirus software and do not visit or download content from untrusted sites.
- To avoid watering hole attack, hide online movement using a VPN. This prevents outside actors from tracking certain browsing activities. In addition, updating software to patch bugs and monitoring suspicious activity on a network help prevent intrusion.
Lastly, averting cyber attack either by individuals and corporations often requires a great deal of conscious effort on preparation, vigilance and rapid response.
Source:
Spam (2014). Encyclopædia Britannica. Encyclopædia Britannica Ultimate Reference Suite. Chicago: Encyclopædia Britannica.
Cybercrime (2014). Encyclopædia Britannica. Encyclopædia Britannica Ultimate Reference Suite. Chicago: Encyclopædia Britannica.
Comments
Post a Comment