The threat of online security: How SAFE is our data???

Online security can be defined as the practice of protecting and preserving private resources and information from loss, damage, and misuse such as making sure that you have the latest security updates and patches, installing anti-virus software, use personal firewall and so on. Anyhow, there are still issues exist indeed. In fact,when we create, store and manage critical information or even make transaction through online services, how SAFE our data actually is???

Recently, there are few cases regarding the threat of online security had occurred worldwide and one of the most popular one is:
Looming Online Security Threats in 2008 and 2009
Web-based services, including social networks MySpace and Facebook, are becoming prime targets for hackers seeking your personal information.

Generally, there are few threat of online security as following:
(i) Accidental Actions
(ii) Malicious Attacks
-Computer viruses
-Denial of service attacks or distributed denial of service attacks
(iii)Online Fraud
-Identity Theft
-Data Theft
(iv)Phishing

(i)Accidental actions
One of the most common online security threat which encompasses problems such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and
erroneous or outdated software.


(ii)Malicious attacks
Attacks that specifically aim to do harm and they can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to on line fraud and identity theft. Malicious code, on the other hand, is at the root of so-called "crackings" and "hackings" - notable examples of which include:
Computer Viruses
- A program or a fragment of code that replicates by attaching copies of itself to other programs. The most common form of malicious code which includes virus, worms, Trojan horse and so on. In addition, there are four main classes of viruses:

1. The first class consists of file infectors, which imbed themselves into ordinary executable files and attach to other system executables when the file is run.
2. The second category is system or boot-record infectors, which infect the first sector on a driver from which the operating system is booted-up. These viruses are not as prevalent now that floppy disks are less frequently used.
3. The third group of viruses is called macro viruses, which infect data files that include scripting "macros."
4. Finally, viruses that use more than one attack method are called multi-part viruses.

*For Instance: "Melissa" virus/worm of 1999 and May 2000 "I LOVE YOU"


Denial of Service (DOS)














It is another form of malicious code which are carefully crafted and executed. DOS are not new but they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000.

(iii)Online Fraud
It is referring to broad term which covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents such as fake IDs, diplomas, recommendation letters sold as credentials and so on.

Identity Theft
Identity theft is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take this information (such as credit card numbers) and do with it what they will. This is one of the reasons for which it is critical that consumers and organizations avail themselves of appropriate computer security tools, which serve to prevent many such interceptions.



Identity theft can also be undertaken on a large scale, as in the case of a company or even a city. For example, in January 2001, the entire municipality of Largo, Florida lost e-mail service for over a week when an unknown company based in Spain compromised its identity. The company hacked into the city's e-mail relay system to steal the Largo.com identity. Soon enough, e-mail spam seemingly from Largo.com addresses flooded the net, and many Internet Service Providers blacklisted all incoming and outgoing electronic messages from the city.

Data Theft
Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data. Examples of data theft abound. In 1996, a 16-year-old British youth and an accomplice stole order messages that commanders sent to pilots in air battle operations from the Air Force's Rome Laboratory in New York. The two also used the Air Force's own computers to obtain information from NATO headquarters and South Korea's Atomic Research Institute.

Another example is, in April 2001, two employees of Cisco Systems were indicted for obtaining unauthorized access to Cisco stock. These two men, who worked in the company's accounting division, broke into the computer system that handled stock distribution and were able to transfer stock shares to their private portfolios. The total value of their shares over two separate transfer attempts was nearly $6.3 million, according to the US Department of Justice. These are but a few examples. Anyone, young or old, whether inside or outside a company, can disrupt proper national and business activities by compromising systems in such a manner.

(iv)Phishing
Phishing is a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information and financial information. For example, some phishing e-mail messages ask you to reply with your information, or a pop up window that looks like a website, that collects the information. The damages caused by phishing can be crucial in fact.

For example, in 21 June 2007, a spear phishing incident at the Office of the Secretary of Defense (OSD) stole sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD. This incident has cost administrative disruptions and personal inconveniences, as well as huge financial loss in making system recovery.

In conclusion, how safe is our data or information actually is?? No one knows . However, there are ways we can implement and develop in order to prevent it happen. Perhaps, it can greatly increase our protection towards the data. For instance:
(i) Read our password advice as passwords are the key to your online account information so it's important to keep them safe.
(ii)Install and use anti spy ware program in order to prevent information about your online activities being collected by third parties;etc

Reference and Related links:
http://www.iec.org/online/tutorials/int_sec/index.asp

http://www.businessweek.com/technology/content/nov2007/tc2007119_234494.htm?campaign_id=rss_tech&upsid=037803170953

http://www.ehow.com/how_2246099_online-security-threats-online-frauds.html?ref=fuel&utm_source=yahoo&utm_medium=ssp&utm_campaign=yssp_art

www.bsagovernment.com/downloads/MajorOnlineThreats.pdf

Posted by ttR