Physical theft of information devices like laptops, personal data assistants (PDAs), and disks is on the rise. With the increasing miniaturation of storage devices, like memory sticks, this is likely to continue. On a daily basis, the
Box.2..The.power.of.social.engineering.
Jennifer Rogh is finishing off her day’s work with a few minutes to 5 p.m., when a well- dressed lady knocks on her office door to announce that she is from the tech office and is updating the company’s systems. Jennifer has never seen the face before but there have been technical calls like this one. So she is confident that this is a real technician from her company’s tech office. The tech lady informs Jennifer not to switch off her machine as she will do it when she finishes. Being just a few minutes until the end of the work day and not wanting to start on anything new in such a short time, Jennifer decides to leave the lady in her office and tells her to just lock the door behind her when she leaves. Does this scenario sound familiar to you? It is a common thing and happens on a daily basis.
news media is full of stories of someone losing a laptop with sensitive infor-
mation. According to the computer-insurance firm Safeware, some 319,000
laptops were stolen in 1999, at a total cost of more than $800 million for the hardware alone (Hollows). Thousands of company executives’ laptops and PDAs disappear every year that contain years of company secrets.
Viruses
A virus is a self-propagating computer program designed to alter or destroy a computer system resource. In other words, just like medical viruses, com-
puter viruses find a way into your system and weaken it. Computer nerds stole the term in 1972 when it was first used to describe “a piece of unwanted computer code.” Then, an enterprising graduate student wrote five computer
programs—viruses—for a class demonstration (Kizza, 2002). Now, we have nasty infections with cheerful names, like Melissa or I Love You, that are out to destroy your computer.
Viruses have been a curse to computer networks and the computing community
as a whole. As tools to create them become more refined and evasive, we are
likely to get more viruses that are better written and more devastating. The good news is that we have not been hearing too much about viruses lately, probably because most people are at least aware of them and have a general idea how to keep them at bay. Some of the reasons viruses have been popular as a system attack tool are:
• They are easy to make. Virus developers, using free tools from the Internet, can easily write them.
Box.3..Laptops.disappear
As the demand for information by businesses to stay competitive and nations to remain strong heats up, laptop computer and PDA theft is on the rise. There is a whole list of incidents involving laptop computer theft, such as the reported disappearance of a lap- top used to log incidents of covert nuclear proliferation from a sixth-floor room in the headquarters of the U.S. State Department in January 2000. In March of the same year, a British accountant working for the MI5, a British national spy agency, had his laptop computer snatched from between his legs while waiting for a train at London’s Paddington Station. In December 1999, someone stole a laptop from the car of Bono, lead singer for the band U2; it contained months of crucial work on song lyrics.
• They can travel far and fast. For example, the Love Boy virus, which was developed in the Philippines, traveled to East Asia, Europe, and North America in less than a day.
• They copy themselves easily, quickly, and widely.
• It is an easy to get away with creating and distributing a virus. Unfor-
tunately, it is hard to find exactly who started a virus. Places you may find viruses include:
• Movable computer disks, (such as floppies and zip drives): This used to be the most common way to spread a virus, but lately this has not been the case. Now the number one way to spread viruses is through Internet downloadable software.
• Internet. downloadable. software: We will be stress throughout the chapter to be careful what you download. Currently downloadable software is the main way that viruses are transmitted, but the fastest growing way is through e-mail attachments.
• e-mail. attachments: It’s an e-mail from Aunt Maple! What did she send along with it? Open it up and see and the next thing you know, everyone in your.e-mail address book is receiving the same message.
Various types of viruses can cause havoc on computer networks. Error- generating.viruses.attack software and cause it generate errors. Data.and. program.destroyers.attach to software as a place to grow and reproduce—and then attack it later. System.crushers,.as you may guess, are the worst type of viruses and will completely destroy the program you are using. Hardware. destroyers.kill your hardware instead of your software. Finally, logic/time. bombs, like data and program destroyers, attach to computer software and attack when a “trigger” (for example, a certain date) goes off.
What.to.do.About.It
• Antivirus.software: It is worth the investment. Some computers come
either with pre-installed software that will last indefinitely or for a given
period of time. Also, some Internet service providers (ISPs), such as AOL, include virus protection.
• Be.aware: Eye all e-mail attachments carefully. If it looks suspicious, do not chance it. Would Aunt Maple really send an e-mail attachment named “Pikachu”? However, it is still worth checking out. Keep in mind, being aware might also mean doing a little research to determine.
• Real.or.hoax?:.There is a difference between being aware and sending
your entire address book every single virus warning that comes your
way. Look into it first. For example, check the Snopes Urban Legends
Web site at http://snopes.com/computer/virus/virus.asp.
• Be.careful.what.you.download.
Cookie.Monster
Another source of threats to systems is cookies. Cookies.are small pieces of data that a Web site will store on your hard drive. By using cookies, Web sites
are able to load specific information about a user whenever the user visits a
site on which these cookies are waiting to be launched. Cookies also allow Web sites to track what a particular user does whenever the site is visited.
What.to.do.About.It
If you would rather not allow cookies on your computer, check your OS manual for information on how to delete them. You also can use cookie killer programs to handle them. But keep in mind if you do get rid of them, you will be getting rid of Web site customization. Also, some Web sites require cookies to load.
Spyware.
Spyware is software that gathers information about you and then sends it back to a third party—all without your knowledge. What kind of information does this software obtain and send about you? This can be used to deduce certain things about you, such as your interests, preferences, and so forth. Many Web sites especially those of ill repute do have spyware. Spyware also will slow down your Internet connection; and it is the reason for a lot of pop-up ads.
What.to.do.About.It
Check out the following Web site for lists of all known spyware: http://www. pcpitstop.com/spycheck/SWList.asp. You can also scan your computer for spyware with the Geek Squad online spyware scan at http://geeksquad. com/securitycenter/.
Spam
Finally spam. Spam is unsolicited automated e-mail. Because of spam, you have to pay more for your Internet connection. In order to accommodate all the extra e-mail created by spam, ISPs have to buy more computers, faster Internet connections, more Internet space, and hire extra workers. And if they have to spend more money, it means we have to pay more for it.
What.to.do.About.It
Here are some ways to fight spam (Preston, 1999):
• Limit.e-mail.addresses.posted.in.a.public.electronic.place: E-mail
addresses usually posted at the bottom of personal Web pages are sure targets of spammers. Spammers have almost perfected a method of cruis- ing the Internet that hunts for and harvests these addresses. If you must
put personal e-mail on a personal Web-page, find a way of disguising
it. Also opt out of job, professional, and member directories that place member e-mail addresses online.
• Refrain from filling out online forms that require e-mail addresses:
Always avoid, if you can, supplying e-mail addresses when filling any
kind of forms, including online forms that ask for them. Supply e-mail addresses to forms only when replies are to be done online.
• Use.e-mail.addressees.that.are.NOT.easy.to.guess: It is easy to guess
passwords.
• Practice.using.multiple.e-mail.addresses: Always use several e-mail
addresses and use one address for strictly personal business. When fill- ing forms for nonserious personal business and pleasure, use a different e-mail address. In fact, it is easy to determine who sells your e-mail
address this way. By noting which address was used on which form and to whom, one can also easily track what sites are causing spam. Also use one-time disposable e-mail addresses one can easily get and use with little effort.
• Always use a spam filter at either the network level or application level to block unwanted e-mails. In either case, the spam is prevented
from reaching the user by the filter. Many ISPs are now offering spam filters.
• Enact.spam.laws: The outcry caused by spamming has led many national
and local governments to pass antispam laws. In Europe, the European Union’s digital privacy rules that were passed and are in force require companies get consent before sending e-mail, tracking personal data on the Web, or pinpointing caller’s location via satellite-linked mobile phones. The same rules also limit companies’ ability to use cookies and other approaches that gather user information (Texas A&M Research
Foundation,.2006). In the United States, efforts are being made to enact spam laws both at federal and state levels:
Federal.spam.law: The Senate approved a do-not-spam list and
ban on sending unsolicited commercial e-mail, using a false return address or misleading subject line.
State.spam.laws: All states have some form of spam laws on the
books.