8.2 When Security Gets PersonalThe increasing number of households connected to the internet has resulted in an increased need for vigilance by individuals to defend against cyberattacks, iden-tity theft, and other types of fraud. In addition, loss or damage to data resulting from inadvertently downloading damaging programs can be frustrating and costly. Historically, most security threats have targeted Windows users, but as Mac has gained double-digit market share in the last 10 years, and as Linux and Android operating systems become more prevalent, those systems have also become targets for cyber criminals. For example, in January 2018, Apple confirmed that Macs, iPhones, and iPads were all vulnerable due to flaws in Intel chips.

The prevalence of mobile devices in our daily lives has attracted hackers to the world of mobile malware. Originally, Android smartphones and tablets were the favorite targets for mobile mal-ware, but recently Apple iPhones and iPads have fallen prey, too. According to McAfee, mobile malware caused 16 million infections in the third quarter of 2017—double the rate for the same period in the previous year.

Tony Anscombe, a security analyst for another popular antivirus company, AVG Technologies, warns that hackers will take a popular app, such as Candy Crush Saga, insert malicious code into the program, and then publish the app on a third-party site. This allows them to avoid the malware detec-tion mechanisms found on Google Play or the Apple store. Bluetooth users must also beware of mobile security threats. Although Bluetooth connections are short-range, they can be used to intercept data or to send harmful files or viruses.

Protecting Your Home NetworkIf you have set up a home network that enables your computers to connect to the internet and you haven’t thought about security, it’s as if you just installed a back door to your house that’s left wide open 24/7. An unprotected network means that any-body who is near your home can “piggyback” on your internet connection, track your online activities, and possibly even hack into your computer.

You can take several simple steps to secure a home network. Wi-Fi home networks use an access point or router, which is a piece of equipment that comes with a preset password. The bad news is that these default passwords are pitifully predictable and simple. The good news is that you can go to the device manufacturer’s web-site and find instructions for changing the password to something that is harder to guess.

Another important step in securing a home network is to use encryption, a part of cryptography, which is the study of cre-ating algorithms and codes to protect data. Encryption scrambles a message so that it’s unreadable to anybody who doesn’t have

Routers have some built-in protections for your network, if you know how to use them.

“ Criminals want the biggest bang for their malware buck, which means the dominant operating systems, browsers, platforms, etc., are always going to be the better targets.”—Linda Criddle, privacy consultant at Intel Corporation

the right key. Say you want your friend to send you a message that will contain data you want to protect. You use your computer to generate a public key, which you send to your friend. Your friend applies the key, which encrypts the message, and sends the message to you. Your computer then applies a private key, known only to you, to decrypt the message. Because the message is encrypted, nobody but the intended recipient can read it. Figure 8.2 depicts this example of the public key encryption process. Two forms of encryption are Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Wi-Fi Protected Access 2 (WPA2) uses a stronger, more complex form of encryption than WPA.

In 2018, the security standard Wi-Fi Protected Access 3 (WPA3) was finalized. WPA3 will appear in new devices late in 2019. It includes features to make it harder for hackers to gain access to your wireless network with password-cracking tools, improves the security of public Wi-Fi networks, and makes it easier to connect IoT devices to the Wi-Fi router in your home. Check that your router uses the strongest encryption—WPA2 or WPA if WPA3 is not available.

The Menace of MalwareCollectively, nasty computer programs such as viruses and spyware are called malware (mal means bad or evil in Latin and ware refers to software). Malware installs itself on your computer without your knowledge or consent. Malware can do anything from pelting you with pop-up window advertisements to destroying your data to tracking your online activities with an eye toward stealing your identity or money.

In the early days of computers, individual hackers often planted viruses just to aggravate people or exploit a technological weakness. Today, most malware is created by less-than-ethical businesses, organized gangs, or criminals who aim to download dangerous code to your computer, co-opt your email contact list to send out spam (mass emails), or perform other illegal activities for profit-based motives. The follow-ing are descriptions of some common forms of malware.

Viruses A virus is a type of computer program that can reproduce itself by attaching to another, seemingly innocent, file. Viruses duplicate when the user runs an infected program. A typical scenario is that a virus is part of an email attachment.

FIGURE 8.2 Public Key EncryptionThe key for encrypted data is like your house key—it unlocks the data.

This is one of the ways viruses spread from computer to computer. When the user opens the attachment, the program runs and the virus is duplicated. If the user does not open the attachment, the program does not run and the virus does not duplicate itself. Many viruses eat through your data, damaging or destroying files. Figure 8.3 illustrates the ways in which a virus attacks.

Worms A worm is also a self-replicating computer program, but it doesn’t have to be attached to another file to do its work. A worm does not require the user to do anything. If your computer is connected to an infected network, you can put it at risk merely by powering it on. A worm has the nasty ability to use a network to send out copies of itself to every connected computer. Worms are usually designed to damage the network, in many cases by simply clogging up the bandwidth and slowing its per-formance. Figure 8.4 shows how a worm attacks.

Trojans Named after the infamous Trojan horse of Greek legend, a Trojan horse is malware that masquerades as a useful program. When you run the program, you let the Trojan into your system. Trojans open a “back door” to your system for malicious hackers, just as the Trojan horse allowed invaders to enter a city and then attack from within. Trojans are becoming more sophisticated, often disguising themselves as authen-tic operating system or antivirus warning messages that, when clicked, download the Trojan malware to your computer or mobile device. Figure 8.5 shows how a Trojan horse attacks.

FIGURE 8.3 How a Virus AttacksWhen you forward an email with an attachment such as a picture, you may be spreading a damaging virus.

Macro Viruses and Logic Bombs Other malicious programs come in the form of small pieces of code embedded in a program. A macro virus is usually found in files such as word processing documents and spreadsheets and can corrupt the computer when the user opens the document and executes the macro (a recorded series of keystrokes that can be played back to perform a task). A logic bomb virus might be placed in a software system to set off a series of damaging events if certain conditions are met (for example, if you try to delete a set of files).

Rootkit A rootkit is a set of programs or utilities designed to gain access to the “root” of a computer system or the system software that controls the hardware and software. With this access, a hacker can then monitor the user’s actions. This can take place on an individual system or on a network system. An important aspect of a root-

FIGURE 8.4 How a Worm AttacksA worm reproduces itself and attacks all the computers on a network.

FIGURE 8.5 How a Trojan Horse AttacksA Trojan horse pretends to be a useful program but ends up opening your system to hackers.

kit is that it cannot be detected, at least not easily, by the user (or the administrator, in the case of a network). While rootkits can serve harmful purposes, they can also be used for legitimate purposes. For example, programs used by parents to monitor chil-dren’s internet activities can be considered rootkits.

Botnet A botnet is a collection of zombie (or robotlike) computers, which are machines that have been taken over by malware for the purpose of causing denial-of-service attacks, generating spam, or conducting other mischief. The mal-ware sets up a stealth communication connection to a remote server controlled by the cybercriminal. Some security experts attribute most criminal activity on the internet to botnets.

There’s a growing trend of hackers co-opting smaller IoT devices into their bot-nets. Hackers used to deploy botnets mainly against Windows-based PCs. With the increased use of smart devices in offices and homes, this trend has caused the number of zombie attacks to increase substantially. Security experts have raised concerns about this because IoT devices typically don’t receive security updates as regularly as a Windows PC. Figure 8.6 shows how malware creates botnets to organize an attack.

Spyware Spyware is aptly named because it spies on the activity of a computer user without his or her knowledge. Some spyware is used by legitimate websites to track your browsing habits in order to better target advertisements to you. Spyware can also be used by businesses to track employee activities online. However, other spyware, such as a keystroke logging program, can be used by criminals to learn your bank account number, passwords, social security number, and more.

Adware Adware is a piece of software designed to deliver ads, often in pop-up form, and usually unwelcome, to users’ desktops. A related type of software is ad-supported software, which shareware writers allow to be included in their programs to help pay for development effort and time.

FIGURE 8.6 How Malware Uses BotnetsYour computer can be taken over by bots and used to send spam or malware to others.

Scareware Scareware is a scam in which an online warning or pop-up con-vinces a user that his or her computer is infected with malware or has another problem that can be fixed by purchasing and downloading software. In reality, the downloaded software may not be functional or may itself be malware. These scams are primarily used to steal the user’s money and credit card information.

Ransomware Ransomware is a scam in which access to one’s computer is locked or restricted in some way. In some cases the contents of the hard drive are encrypted. A message displays to the owner of the PC or mobile device demanding payment to the malware creator to remove the restriction and/or restore the owner’s data. Ransomware is growing. In late 2017, a cybersecurity research and market intel-ligence firm predicted that a ransomware attack would occur in a business every 14 seconds by the end of 2019. The cost of the damage inflicted by such attacks could reach $11.5 billion annually.

How Is Malware Spread?There are several ways in which malware, depending on its nature, can be spread:

• You can infect your computer by tapping or clicking an email attachment that contains an executable file.

• Pictures you download can carry viruses stored in a single pixel of the image.• Visiting an infected website can spread malware.• Viruses can spread from a computer storage device such as a DVD or flash

drive that you use on an infected computer and then insert into another com-puter drive.

• Worms can spread by simply connecting your computer to an infected network.• Mobile devices can be infected by downloading an app,

ringtone, game, or theme that carries malware.• A mobile device with Bluetooth enabled in “discoverable

mode” could be infected simply by coming within range of another Bluetooth device that has been infected and is run-ning the same operating system.

Security threats are a reality in our digital world. What’s also true is that several programs and technical tools are available to protect your computer against these potential hazards, as explained later in the chap-ter. In addition, knowing how to recognize trustworthy websites and how to manage cookies are two proactive strategies everyone can use.

Be especially cautious when you receive a chain letter via email. These are often simply devices for delivering malware or collecting email addresses for the purpose of building spam lists.

Playing It Safe

Products such as Malwarebytes’ Anti-Malware scan your computer for malware; some other products help prevent it from downloading in the first place.

Recognizing Secure Sites Although even a reputable site may occasionally pass on a dangerous download to your computer, it’s the sites that actively download malware that you have to be most cautious about.

Buying only from reputable businesses that sport various accreditations such as those from TRUSTe, SiteTrust, and ValidatedSite is one step toward safety.

Sites where you perform financial transactions should always have Transport Layer Security (TLS) in place. Developed from an older cryptographic protocol called Secure Socket Layer (SSL), TLS is a protocol that protects data such as credit card numbers as the data is transmitted between a customer and online vendor or payment com-pany. In a web browser, two things can signal that you are using TLS: “http” in the address line is replaced with “https,” and a small closed padlock appears next to the address bar or in the status bar of the window.

Other useful tools are products such as McAfee Site Advisor or similar tools built into browsers and security programs. These display an icon next to sites in your search results indicating websites that are known to have doubtful business practices or to routinely pass on malware to visitors.

It may be safer to do business with retailers you know from the “brick-and-mortar” world. Also, you should always type a URL into your browser to go to a site rather than tapping or clicking a link in an email or advertisement.

Managing Cookies (Hold the Milk)A cookie is a file stored on your computer by a web server to track information about you and your activities. Cookies can be completely harmless and even helpful. For example, if you shop at an online store often, when you next visit that site you might find that the store knows your name and has suggestions of items that might interest you. Sites can provide this personalized service by reading the information stored in the cookie.

However, some companies or individuals plant cookies on your computer for other reasons. They may be trying to track your activities to gather enough information to steal your identity, for example.

Every major browser has tools and settings for dealing with cookies. For example, in Microsoft Edge (shown here), you can adjust the settings to accept all cookies, block cookies from certain sources, or block all cookies.

When browsing online, your best defense is common sense. Free offers aren’t really free and often mask dangerous downloads. Following links in advertisements may download malware. Tapping or clicking an attachment in an email you weren’t expecting can get you a world of computer trouble. Don’t leave your common sense behind when you go online.

Playing It Safe

Look for these symbols from various organizations that verify the secure practices of sites.

Foiling Phishers: No Catch TodayPhishing (pronounced “fishing”) refers to the practice of sending email that appears to be from a legitimate organization in an attempt to scam the user into revealing information. Typically, the revealed information is used for identity theft. The email directs the user to tap or click a link that then goes to a bogus website that appears valid, often containing logos and color schemes that simulate the real organization’s branding. The bogus site prompts the user to update personal information such as the user name, password, credit card number, or bank account number. Once you follow these links and enter your information, you’ve basically handed over your sensitive information to criminals.

Delete any messages you receive that ask you to update information in a financial or retail account. Never follow a link to bank or other financial websites—always enter the URL into the browser address field yourself.

Advances in filtering technologies used by email providers and increased awareness of phishing attempts by the general public have forced hackers to innovate. Increasingly, hackers are directing their phishing techniques to customers of cloud providers. Rather than the typical financial or credit card request, hackers are seeking valid sign-in creden-tials to gain full access to cloud data. For example, in the summer of 2017, Gmail users received an email that appeared to be legitimate. It directed the recipient to an actual Google page. Individuals were asked to grant access permissions to a malicious third-party program planted by the hacker. Once an individ-ual complied, the hacker was able to view the person’s contacts, emails, and even see their location and files. Phishers are targeting cloud pro-viders to mass harvest sign-in credentials (such as for Gmail accounts) because individuals often use the same email address and pass-word combination for multiple online websites. This prac-tice exponentially increases the payoff for the hacker.

The SANS Institute (an information security and research organization) reported that 95% of all attacks on enterprise networks are the result of successful spear-phishing campaigns. In a spear-phishing attack, a person is targeted because of where he or she works. The hacker sends the individual a phishing email to get that person to reveal a trade secret or other data that lets the criminal gain financially. A digital security

Both PC- and Mac-based browsers allow you to set privacy levels that, in part, control how cookies should be handled.

firm predicted early in 2018 that hackers would be focusing their tactics on lower level employees who have access to sensitive company data (researchers and administrative staff). Aryeh Goretsky, a researcher at antivirus company ESET, aptly says, “Think before you click.”

Social Media Risks: Click WiselySocial media malware is becoming one of the most common forms of malware infection. Scammers use programs in social networks to impersonate brands and lure their custom-ers to the cybercriminal’s door. Antivirus programs do not protect users of social net-working sites because the malware is operating as part of the social media application.

Strategies used by cybercriminals include:• Phishing a family member. In the spring of 2017, a phish-

ing attack that was launched on Twitter successfully netted an employee of the US Department of Defense. The employee’s spouse was the source of the breach when she clicked a link to a vacation package after talking online about the family’s summer holiday plans.

• Profile cloning. In this technique the hacker impersonates an individual’s account and interacts with a target, making it more likely that the unsuspecting individual will share infor-mation with the imposter or click a link that leads to a mali-cious site.

• Impersonating a brand or manipulating content. Hackers can create fake accounts designed to impersonate a company or a brand’s support site. They can then spread malware to customers who are lured to the fake pages. Hackers also use these fake accounts to spread content using clicks and shares that end up affecting the news feed. Another frequent strategy is using fake accounts or botnets on social networks for click-fraud scams.

• Invitations to games. To play some games online, you may have to grant access to your profile, friends list, email address, and your birthday. Malicious hackers will then use the information to steal your iden-tity, apply for a credit card or loan in your name, or transfer money out of your bank account.

Hackers are succeeding on social networks because individuals are more com-fortable clicking links on sites like Facebook and Twitter than they are in their email inboxes. Victims believe they are safer because they have chosen to follow their friends and the companies with which they like to do business. Individuals are also more prone to share personal information on their favorite social network—opening the door for a hacker’s exploits.

Mitigating your risk on social networks includes taking a moment to think before clicking a link in a message.

• Ask yourself if the message makes sense and if there are spelling and grammar errors or a tone in the content that alerts you that the message is not from your friend.

• Change your passwords frequently on your social networks and avoid using the same password for all of them.

Remember, links aren’t the only online trap you need to avoid. Viruses can be contained within pixels of pictures or in files that you download. If you forward any kind of message to a large group of people, their email addresses could be captured and used for ID theft or other purposes. You may be told in a message that you’ve won a contest, but before you respond, remember, if you didn’t enter a contest, you couldn’t have won a prize.

Playing It Safe

• Always log out of the network’s site after checking in—especially on your smartphone.

• Lastly, avoid clicking links to ads making preposterous claims, such as those claiming that a celebrity has done something outrageous or has passed away.

Course ContentTake the Next Step ActivityEthics and Technology Blog