“Cybercrime: a secret underground economy”
This article denounces the stereotype of geeks creating and sending out viruses and maintains that it is a growing industry. Cyber criminals steal one’s personal information such as credit card numbers or bank account numbers by way of malware, spyware viruses, Trojan horses etc. And then sell that information online to a third party. David Goldman describes this as a “multi-billion dollar business” and goes on to that if every stolen credit card was wiped clean last year that would have totaled some 8 billion dollars. One must ask so what is the government doing to prevent these crimes? Well the FBI is currently going undercover in IRC (internet relay chat rooms) and posing as cyber criminal. Once a criminal is caught they offered deals in order to get them to help turn over more cyber criminals although Goldman cites Albert Gonzalez in saying that doesn’t always work one can always look at the TJ Max situation. A situation where a cyber criminal was working for the FBI in order to get vital information that helped his friends evade detection (cnn.com, 1). According to eh article Rowan Trollope the senior vice president of product development at Symantec the current anti-virus technology is not enough one must perform personal step to educate oneself in order to say safe from cyber criminals. This directly correlates with this week’s text because it involves the technological aspect of protecting vital information but also states that one must also encompass an educational aspect to the technology in order to have information lost due to human error. In a discussion with one of my co-worker I discovered that Norton and McAfee antivirus systems were not that great because they are the most popular antivirus programs used and thus make it more attractive for hackers to get breach. My co-worker a computer technician recommended AVG and various other antivirus programs as alternative.
David Goldman, CNNMoney.com staff writer
http://money.cnn.com/2009/09/16/technology/cybercrime/index.htm?postversion=2009091613
This article hits at two main points from Chapter 4. One point is that companies need to be aware of security and constantly working to stay one step ahead of hackers. The second point it brings up is the use of White-Hat Hackers. Theses are hackers who are usually paid by the company to try and break a computer code to gain access. Apple made a clear point at stating there case and made a potential negative situation work as a marketing tool.
http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&scp=10&sq=security%20&st=Search
At my place of work, we have a very safe guarded type of software that will catch or not allow the user to enter in with out giving a prior warning. Nothing is full proof, especially with the bad guys finding new ways of dismantling current software to be able to penetrate into the system.
I correlated this article to the different types of policies that are mentioned in the chapter and how spam or malicious code cause companies to spend a substantial amount of their capital to neutralize from being the next victim. It’ll be interesting to see
Microsoft continued efforts to spread its own secure software development program with today’s release of a free fuzzer and tool for analyzing binary code. BinScope Binary Analyzer is an in-house Microsoft tool that analyzes binary source code to ensure the code has flags set for detecting buffer overflows, data execution, and other potential vulnerabilities. The Mini-Fuzz File Fuzzer automatically runs various tests at the code to spot unexpected behaviors that could make it vulnerable. MS open the security department lifecycle(SDL) last year. As part of its SDL-sharing strategy, Microsoft has released several free tools for developers, including the SDL Treat Modeling Tool, the !exploitable (pronounced “band exploitable”) Crash analyzer, an add-on to Microsoft’s Windows debugger fuzzing tool; and the SDL Process Template, which integrates Microsoft’s SDL directly into third-party and enterprise development environments.
MS eared money from computer and anything concerned with computer. So I think developing anti-virus program and other security programs are also kind of their responsibility. Every successful corporation has a responsibility to use its resources and influence to make a positive impact on the world and its people. And in the event, that kind of effort will make much more profit in their field. Like good a/s(after service) can bring another new purchase.
http://www.darkreading.com/security/app-security/showArticle.jhtml;jsessionid=1R1ZZZ3BVMMRLQE1GHPSKHWATMY32JVN?articleID=220000750
The internet has brought many advantages like a broader customer-base, but it has also brought risks. An important risk that is overlooked is the security of information. According to Robert O’ Brien, the biggest threat to information security is people. O’ Brien is the chief executive of Barons-court, a company that specializes in IT and IT security. He blames it on the inability of employees to follow procedures and policies. This has led to government investigations, fines, and damages to the firm’s reputation.
Employees are the main users of data and information and thus they are at the teeth of the problem. Employees of the organization must understand policies of IT security in order to have compliance. O’ Brien states that IT security is a “on going process” because data security threats are “ever evolving.”
Automation is a necessity for compliance of IT security policies. Since threat are always appearing, the policy creation process should be automated. This allows new policies and improvements on existing policy. Using automatic targeting technology allows the organization to track all users of the organization whether it be from a laptop or a PDA device. Automation of surveys shows who understands the policies of IT security. This increases participation of the employees. Automation helps identify problems and allows for a process that is repeatable to keep up with ever-changing security threats. The best practice of IT involves trained users who understand the policies. When it comes to information security, the more one knows the better it is for information security.
Source: http://www.computerweekly.com/Articles/2009/04/27/235799/infosec-2009-employee-behaviour-and-information-security.htm
In Hilary Whiteman’s article, “Security experts warn of dangers of rogue Wi-Fi hotspots,” Whiteman discusses the potential danger of travelers at an airport logging onto an unsafe Wi-Fi network. The danger of logging onto a rogue network is that hackers are able to gain access into people’s laptops and steal valuable personal information. Being able to distinguish between a good Internet access hotspot and a rogue is a problem that hackers aim to provide unsuspecting users of Wi-Fi. In 2008, AirTight Networks dispatched a number of so-called “white hat” hackers to 27 airports around the world to test the vulnerability of their Wi-Fi systems. They found that 80 percent of the private Wi-Fi networks tested were open or poorly protected(Whiteman, 2009).
In an effort to test the danger to unprotected Wi-Fi users, computer security expert Sean Remnant acted as a “white hat” hacker in London’s Heathrow airport. With the use of a laptop and a downloaded program called Airodump, Remnant quickly is able to see 20 wireless networks on his screen with about 5 having weak server security, but to regular Wi-Fi users’ eye not easily detectable.
According to Wi-Fi Alliance’s marketing director, Kelly Davis-Felner, the best way to protect one from unsuspecting hackers is to just enable the built-in security features on Wi-Fi enabled devices. Also using a Virtual Private Network(VPN), which encrypts data coming and going from your laptop will be able protect more sensitive information. Other tips in order to avoid being a victim of hackers is use networks you trust, make a list of Wi-Fi connections used and also to disconnect the wireless connection when not using it.
Whiteman, H. (2009). Security experts warn of dangers of rogue Wi-Fi hotspots. Retrieved September 16, 2009, from CNN Technology http://www.cnn.com/2009/TECH/science/08/11/wifi.security.hackers/index.html
Google acquires reCAPTCHA
While registering for various services and websites on the internet, I’m sure you’ve come across a box that has an oddly printed word or overlapping block letters asking you to type the word or alphanumeric combination. These sort of anti-bot technologies are called CAPTCHAs, intended to be easy enough for humans to identify the characters, but prevent automatic programs from registering.
In the linked article, Ryan Naraine talks about the purchase of reCAPTCHA, a company that creates a popular form of them, and how Google might use the company’s technology to improve both scanning print into plain text and their own security.
One of the basic necessities for most spammers and phishers (people who use mass emails to try to steal personal information) is an enormous number of email accounts. No matter how many account names you block with anti-spam filters, you can’t hope to completely block off someone with thousands of accounts. So sites that provide free email accounts, like Yahoo! and Google, face off against people trying to register incredible numbers of accounts using program tools that simply fill in the registration form and register automatically, as fast as the connection permits!
By posting an image that isn’t in anything like plain text and having the person registering answer certain questions about the image, CAPTCHAs make it difficult for simpler programs to do this. As bot programs become more sophisticated, they have some ability to scan the image and possibly correctly identify the obscured word, but they still contribute some improvement to the usually poor security of email.
Naraine, Ryan. “Google + reCAPTCHA could raise bar in anti-bot, anti-spam battle.” ZDnet.com. September 16, 2009. Retrieved from http://blogs.zdnet.com/security/?p=4328
article resource- nytimes. http://bits.blogs.nytimes.com/2009/03/31/spam-back-to-94-of-all-e-mail/?scp=1&sq=spam%20email&st=cse
In the article, Fighting Phishing, author Sebastian Rupley, talks about what major banks are doing concerning problems with phishing. Recently banks have been experiencing major problems with emails being sent to their customers that are phishing for highly sensitive information. The banks have joined forces to create a web site called; www.antiphishing.org. The website works by having customers report strange e-mails being sent to them requesting valuable information. The banks then use their resources to try to locate where the email originated from therefore allowing them to locate the hacker.
The reason the banks have joined together is due to the increase in phishing attempts on bank customers. Since banks are the keys to gaining non material money, phishers have targeted bank customers hoping to cash in for the big score. The problem with the program is the complexity in actually catching the predators. In some cases, phishers have been hacking into computers other than their own and sending the dangerous messages. Lately the program has been tracking people that have had their computers hacked and have no knowledge of the scam being pulled. On the other hand the program has encountered success in locating the hackers and bringing them to justice.
The article goes on to explain the difficulty in determining how much phishing has cost banks, this is because banks aren’t disclosing how much money they have lost from the scam in order to save face for customers. The best way to avoid being a victim of phishing is to not open emails that request valuable information that should not be done over email. While hackers do initiate the scam, it is carelessness of the banks customers that get the banks in trouble. The banks are trying vehemently to make their customers aware of the dangers to help prevent these scams from going on. With awareness, the situation can be avoided for good which is the main goal of the web site.
Rupley, Sebastian. Fighting Phishing. PC Magazine. December 8, 2008. www.pcmag.com/article2/0,2817,1407048,00.asp.
Chapter 4 is about Ethics in the workforce and Privacy policies. I found an article that talk about Ethics in the workplace from a different perspective. The article focuses on romances between co-workers, boss/employee and the awkward situation after it’s over. Most of us spent more hours at work with our co-workers than with any other person. According to Dr. Weinstein due to the amount of time spent at work, it seems like the most common place to find “love.” However, there are also many reasons of why people should avoid at all cost the temptation of an office romances. Although, they can be challenging and exciting, are the best troublesome and can very much damage the relationship with others affecting our performance at work. Perhaps that’s the main reason of why we should NOT get romantically involved with our co-workers.
According to Dr. Weinstein, a romance between two people at work affects more than two people. He describes the importance of ethics in the workplace. The two people involved should be considerate of other people’s well-being.
When you are involved with someone at work it is very easy to go against the Ethical Standards of work, especially if they have different levels of power and authority within the organization. What would happen if the relationship is over? More than one thing can be at stake, not to mention your job. However, what if the other person does not feel the same way you feel towards him/her, you could be charged with sexual harassment. So as Dr. Weinstein explains whatever you decide to do, make sure you are familiar with your company’s ethical standards.
Weinstein, Bruce, PhD. (Feb. 2, 2008). The Ethics of Office Romance. BusinessWeek. Retrieved on Sept. 16, 2009 from http://www.businessweek.com/managing/content/feb2008/ca20080212_702316.htm
Hackers Like Christmas Best of All
Robert McMillan’s 2009 article entitled Hackers Like Christmas Best of All is an article about hackers favorite time to hack into corporate networks. The article explains how many people think that summer (the time when the security guy might be on vacation) is the ideal time for hackers to try to get into corporate networks. They actually try to do it the most at Christmas time. The hacking may include spamming or spreading worms like the Koobface facebook one and the ones before it: Sobig, Blaster and Zotob.
There are several reasons included for it. The hackers like it because they think that people will be distracted and busy with other things. Another reason is that more people are taking vacation at the time, leaving companies short-staffed. This will leave them more vulnerable. People are also sending more messages to each other and have their guard down. They shop online, making it easier for hackers to get in undetected.
A main point of the article was that security professionals need to be more alert at this time of year. People have their parties and gift giving, but some need to be aware of the danger that they may face.
Our textbook states that the first line of defense to this hacking is people. If people are informed better, they have more of a chance to defend themselves. Perhaps an idea is to employ more stringent security practices for the month of December and January. Companies can also hire outside help at this time for further security measures. As the textbook states, companies may lose $108,000 every hour that their IT system is not working right.
McMillan, R. (2009) Hackers Like Christmas Best of All, PC World Business Center. Retrieved September 17, 2009, from http://www.pcworld.com/businesscenter/article/170799/hackers_like_christmas_best_of_all.html
found this article titled “Cybercrime: A Secret Underground Economy” and it caught my eye since the chapter I just read was about security and ethics. I have been educated and I’m aware of identity theft over in the internet. However, only I reading this article did I realize how often this occurs and the crime is done out in the open. Hackers and internet criminals do their illegal business on what is known as the “online black market”. Hackers will get into a system and steal credit card numbers, bank account information, and sometimes even whole identities. They then go into chat rooms on the internet and sell these items to other criminals. If all bank accounts and credit cards that were stolen last year were cleaned out the total lost would have exceeded 8 billion dollars.
One thing that really caught my attention in this article was how cheap this information was sold for. Credit card numbers go for as little as .98 cents when sold in bulk. Full identities go for about $10. Many hackers will sell a single credit card to many different buyers. Anti-software helps the threat of hackers but these people are learning how to get around the firewalls and other protection devices quicker than they can be improved. The article said the anti-intrusion software along with educating people on how to keep their information safe when sending it over the internet is the best way to protect yourself against identity theft.
This article related to this chapter because the chapter describes the importance of protecting information and only allowing authorized people access to the information. This chapter also talks about ethics and illegal activities. Obviously these actions illegal and the people stealing identities and selling them are not acting ethically. As I mentioned before, I have been educated and I know about identity theft and how important it is to protect your personal information, however, it disgust me how someone can ruin someone else’s life for such a small price.
Goldman, D. (2009) Cybercrime: A Secret Underground Economy. Retrieved Sept. 16, 2009, from CNN Money. HTTP://money.CNN.com/2009/09/16/technology/cybercrime/index.htm
According to the Business Week article written on September 15, 2009, the country of France is approving a bill that will allow the police and authorities to shut down the Internet usage of someone illegally downloading music/movies/ etc. There are millions and millions of Internet users in the world today and how France is planning on containing the population of Internet users in its country is mind blowing for me. How do they even plan on maintaining a close eye on who downloads what? They need for Internet users to install a program onto the computer user’s computer that will allow authorities to watch over what is being done over the time of Internet usage. Does this not violate privacy laws? I would not want the government to watch over everything that I do on the Internet. They would be able to read what I write, see what I see, and etc. I would have no privacy at all on my own computer usage and thus it violates my privacy as a citizen. This bill has been in circulation for the past year, having different versions declined. This latest version that was approved on Tuesday, allows for a judge to make the decision on cutting the Internet usage in a home because of illegal downloading and charging the person with up to 300,000 euros ( which is about $435,000 in US money).
I don’t know why this issue isn’t being brought up to the bigger public. I would not have known about this bill if I did not read this article. I believe that the government is moving away from a hands off approach to basically violating privacy rights of the public. If France allows this bill to pass, imagine other countries taking on the same law. Yes, illegal downloading is wrong and people should know that ethically it is not right, but people’s privacy should not be violated to correct this problem.
You can check out the article by clicking here. I’ll try to stay on top of what’s next to come.
“Virtual globing” has been huge for the last couple of years. In this article, it talks about how “virtual globing” is getting too far with just viewing an image. The internet is allowing anyone access to virtual globing. This is a threat to our society. Joel Anderson, a California assembly member introduced a bill in the state Legislature that would prohibit “virtual globe” services. He proposes that virtual globing of schools, churches and government or medical facilities in California should not be allowed unblurred. With this proposal he would also prohibit those services from providing street-view photos of those buildings. Anderson states that someone across the world sitting in a tent are able to view these images which causes major security alarms. He states he does not want to limit technology, he just wants to have common sense.
Without leaving the site of your home, you can take a tour of the nation’s 66 nuclear plants. This is a big alarm for national security. Just one click away you can see all four sides of the actual buildings. These imageries are a huge concern due to potential terrorist attacks. People are obviously going to rent airplanes and locate their target spot, they can sit right in their tent and facilitate the mission. “In the past we’ve considered such images to be dated and of sufficiently low resolution as to not be a concern. But we’re taking another look because the resolution of nuclear power plants is something we take very seriously, and we frequently assess and reassess risk as the situation changes,” said NRC spokesman Eliot Brenner.
This relates to our chapter this week because we too are discussing information security. This article is obviously stating that action needs to be taken against virtual globing. I definitely agree. One of the key points mention in the chapter is content filtering. Content filtering occurs when softwares are used in organization to filter out contents to prevent the transmission of unauthorize information. In this situation, they are doing just that. They are wanting to ax out the images of the nuclear plants for protection. I cannot believe this was not addressed when virtual globing became popular. I guess addressing it now than never is better than nothing.
http://www.cnn.com/2009/TECH/06/05/aerial.images.security/index.html
The current state of the economy is by no means breaking news. It’s in downfall and has been for some time now. During crisis situations people have been known to act in drastic and unethical ways. The reasoning and rationale for these actions are met with answers such as, ‘you have to do what you have to do.’ or ‘fighting fire with fire. Unfortunately, within the business realm, this full-hardy approach is neither beneficial nor ethical. This has caused the leading thinkers within the business world to look into the ways business are run and their policies regarding potentially harmful and ethical behaviors.
Most companies have ethical officers whom are meant to regulate and set into practice policies to prevent damaging behaviors to the company and economy as a whole. However, with many recent big news stories coming to light about malpractice and unethical business practices, what have these so called officers been doing? The fragile economy and such news stories have scared potential investors away, and left a cloud of mistrust around the business world. Compounded by revelations such as people losing pensions, losing jobs and losing their sense of financial security, something has to be done, and done quickly. According to many high ranking officials in large multinationals, the risk of fraud is increasing as the state of the economy worsens.
This state of panic within the high levels of fortune 500 companies is validated by the increase of calls to whistle blower hot lines. This may be a case of people still trying to act ethically amongst this mayhem, or is it the case that there is so much unethical behavior happening in the modern business world that it’s too hard to ignore. Viable solutions to this crisis are already in motion. Business ethics alliances have been set up and are open to companies to join. Such alliances will have companies commit to a pledge of ethical standards and to follow the letter of the law, as well as to work within the spirit of such ethics, and ultimately good business. Companies whom have pledged themselves to such alliances have shown good and transparent ethics and strong financial results.
Although a positive experience is beginning to show within companies, the same cannot be said for public opinion. Scandal after scandal is thrust upon the public, damaging their opinion evermore with each headline. Greed is to blame in an outsiders opinion, and it seems quite justified. As people are struggling financially, the corporate big-wigs are trying to take home more than their yearly wage. Unfortunately these opinions will not cease until the scandals cease. That will happen when all companies begin to operate at and transparent and ethical level. Until then, stories such as one worker who lost out on a bonus by not taking a bribe to complete a deal need to be engaged into the public conscience. Just to show the people that not all people are void of business ethics.
Parsons, Claudia.(2009) “Hard Times Turn Spotlight on Business Ethics” 16 Sept 2009. Retrieved from Businessweek.com, Website: http://bx.businessweek.com/business-ethics/view?url=http%3A%2F%2Fuk.reuters.com%2Farticle%2FbusinessNews%2FidUKTRE50R0C0200901
“Facebook nearly as large as U.S. population.” CNN. 16 Sept. 2009. Web. 16 Sept. 2006. .
Chapter 4, Ethics and information Security, talks about how downtime can cost businesses money and they should do what ever it takes to prevent this from happening. In an article by Search Engine Journal titled, “Google’s Downtime Affected 5% of the Internet” it stresses how important it is for other business that Google prevent this problems. As we all know Google is a search engine that can help us answer questions, do homework, and even shop for clothes or technology products. Many companies lost sales due to the down time that Google had. Also, many companies use this search engine to help them answer every day questions. Also, many companies have counted on Google due to their great reliability. Other than the downtime that affected millions in 2008 Google has been available 99.9% of the time and only averaging about 10-15 minutes of down time per month. The down time only occurred do to maybe a slow processing but that was within the whole month. As more and more companies courted on Google more companies become affected. Maybe 5% does not seem like a large percent but that small percent can be translated to millions of dollars. When shopping for a new product one might want to research such product before going out and buying it. Personally I have used Google to find websites that not only will help my find what product is best for me but also where should I buy the product. Another way I have used Google at work has been to help me answer any tax questions or even show me how to use specific software. Google has become a big part of the business world and it is difficult to run a business without it. Communication is key in business and Gmail is a large part of my job as well.
http://www.searchenginejournal.com/googles-downtime-affected-5-of-the-internet/10463/
http://googleblog.blogspot.com/2008/10/what-we-learned-from-1-million.html
Have you ever been “caught with your pants down” when you have said something about someone when you thought they were not listening? How about saying something incriminating with out realizing that the phone was still on the hook? I know I have accidentally called people on my cell phone and my only major concern was that I hope they did not hear me singing along to the radio in the car. My concerns might be different though if I were a high-profile CEO or mobster.
Well all of that doesn’t seem like much to worry about. That is until you realize that the FBI can remotely activate your cell phone and turn it into a “roving bug.” The privacy implications reach a darker place when you find out that these bugs can be activated even when the phone is off. As it is now, there is concern that using GPS tracking data on a phone is in violation of the constitution. Right now the only way to ensure that you are not being listened to or tracked by anyone is to pull the battery out of the cell phone. Several CEOs are in the habit of doing this to protect their assets.
The controversy surrounding warrant-less wiretapping is already energized. If the FBI can now quietly and remotely activate cell phones to be used as bugs privacy advocates will be up in arms. What if a CEO lost trade secrets? What if a mobster was convicted? The pros and cons of using this tactic, how it should be implemented, and its privacy implications need to be carefully weighed. Cnet News. (2009). FBI taps cell phone mic as eavesdropping tool . Retrieved September 16, 2009 From http://news.cnet.com/2100-1029_3-6140191.html
