NSTIC’s Effect on Privacy


In May 2017, more than 230,000 computers around the world were taken hostage by the WannaCry malware worm. Known as ransomware, the unknown developers surreptitiously gained control of computers running the Microsoft Windows operating system, encrypted the users’ data, and demanded a payment of $300 in untraceable bitcoins to unlock the system and access information.

Cyber-attacks occur across borders and range from simple email “phishing” efforts to sophisticated software programs that quickly expand the attacks and hide the identity of the perpetrators. Motives of cyber criminals range from vanity (proving one’s technical expertise) to illegal profit. Some attacks are politically motivated while others are rarely publicized, state-sponsored sabotage. The attacks affect individuals, businesses, and governments.

According to a report by the Ponemon Institute, a successful hacker earns $14,711 for each attack and has 8.26 successful attacks per year. Sophisticated hacking tools are readily available on the Internet, especially the Dark Web. The criminals and the curious are stepping up their efforts to invade your privacy and steal your money. And the threats grow more diverse and sophisticated by the year. What actions can you take to harden the target and protect your assets? These are the best true wireless earbuds.

What actions can you take to harden the target and protect your assets?

Understand the Enemy
Malicious software can wreak havoc on your computer or operate covertly in the background. Malware (The Creeper Worm) was first detected on the ARPANET, the forerunner of the Internet, in the early 1970s. Since that time, spurred by the growth of personal computers and connected communication networks, many different types of malware have appeared, including:

Trojans: The most common malware is based on the Greek strategy to invade Troy: the Trojan Horse. In this case, users are tricked into allowing an outsider unlimited access to their computers by clicking on an unsafe Internet link, opening an email attachment, or completing a form. By themselves, Trojans are delivery vehicles, providing a “backdoor” into a computer or network. As a consequence, they open the door for malicious software to steal data, compromise operating systems, or spy on users. Trojans do not replicate themselves and spread to other devices like a virus or a worm.
Viruses: Just as a biological virus is transmitted to unsuspecting hosts, a computer virus replicates itself and infects new computers, then modifies operating programs to malfunction. Some have called viruses “diseases of machinery,” a term first coined in the 1972 futuristic film “Westworld.” One of the early viruses – Love Letter – delivered by an email with the subject line “I Love You” and an attachment “L0VE-LETTER-FOR-YOU.TXT” – attacked 55 million computers worldwide and caused an estimated $10 billion in damage, according to Wired magazine.
Worms: Unlike viruses, worms are software programs that travel from computer to computer on a network without any human action. A worm moves through the same network connections that computers use to communicate. For example, a worm could send a copy of itself to everyone listed in an email address book without knowledge of the sender and continue the cycle indefinitely with each new contact. The result can be an overloaded system, or worse, if combined with a virus – a blended threat. In 2008, one of the most notorious and widespread worms of all time, Conficker, appeared and created a worldwide botnet with millions of computers under its control. In 2009, Microsoft offered a $250,000 reward for the arrest and conviction of those who launched the worm on the Internet; the reward remains uncollected, and the purpose of the original authors is unknown. Nevertheless, versions of Conflicker continue to exist today and have appeared on connected MRI machines, CT scanners, dialysis pumps, and police body cameras.
Bots: Bots are automated processes that interact with other network services. These Internet robots are used to gather information and respond automatically to instant messaging, chat, and other web interfaces. Bots are used for beneficial or benign purposes, but can be exploited to self-propagate, connect throughout the network of connected devices, and remotely control attacks against vulnerable targets. Sometimes referred to as “zombies,” bots are more versatile than viruses or worms because they have the ability to log keystrokes, collect passwords, capture and analyze packets of information, gather financial information, launch DoS (Denial of Service) attacks, relay spam, and open backdoors on infected computers. They are more versatile, easily modified, and difficult to detect. Advertising Age reported in 2015 that Internet ad-fraud by bots mimicking human beings earned $18.5 billion annually.
Potential Attack Consequences
Potential Consequences of an Attack
The United States Congress is currently investigating several instances of alleged hacking by Russian agents that occurred during the 2016 presidential election. In the Philippines, a data breach by the hacker group Anonymous Philippines and the theft of encrypted and unencrypted biometric data affected 55 million voters. In 2017, newly elected French President Emmanuel Macron and his subordinates complained of cyber-attacks during the country’s presidential campaign.

In February 2016, hackers stole records for almost 30,000 employees of the FBI and Homeland Security. In 2015, a data breach reported by the Internal Revenue Service exposed tax information on more than 700,000 individuals. That same year, the Federal Government’s Office of Personnel Management announced the theft of personal information for more than 21 million federal employees and contractors.

Governments are not the only targets. According to the Heritage Foundation, cyber intruders hacked multiple company databases in 2016, including Hyatt Hotels Corporation, Alliance Health, Wendy’s Restaurants, Citibank, and Banner Health. The victims also included leading social network companies, such as Yahoo, Dropbox, Myspace, and LinkedIn. The consequences of hacking affect all web visitors in a variety of ways.

Potentially Unwanted Programs
Potentially Unwanted Programs (PUPs) include adware and programs that slow your computer down, track you, and clutter your screen with advertisements. According to How-To Geek, all of the free Windows and Mac software download sites bundle PuPs with their freeware. Once installed, the software loads advertising that obstructs content or interrupts web browsing with unwanted pop-up and pop-under windows. It can also hijack search engines and home pages, install toolbars, redirect Web pages, alter search results, and display false ads.

Distributed Denial of Service
In 2016, Distributed Denial of Service (DDoS) attacks affected some of the major technology companies on the Internet, limiting access to websites like Twitter, PayPal, and Spotify. According to Al Jazeera, that particular attack focused on the web traffic processor Dyn and used hundreds of thousands of connected devices, including webcams and digital video recorders that had previously been infected with malware. Even WikiLeaks founder Julian Assange’s Internet connection was affected.

The danger of DDoS attacks cannot be overstated since critical infrastructure – power systems, hospitals, air traffic systems, police and fire units, money transfer systems – could go offline and be unavailable to provide necessary services. An Incapsula survey estimates that the average DDoS attack costs its victim $40,000 per hour, with a median cost per incident of $500,000. Over 90% of the 270 U.S. companies that responded to the survey reported a DDoS attack over the last year, while two-thirds of the companies had been targeted two or more times.

Spyware
Spyware is software that is secretly loaded on an electronic device and can track keystrokes typed on a computer or phone keyboard, monitor data entered into digital forms, or record audio and video information covertly. Adware – while less intrusive than most malware – is another form of spyware and is used by advertisers and web hosts to target advertising content.

Software downloaded from the Internet often includes spyware. It can also be covertly downloaded while visiting certain Web pages, especially pornographic sites. The pages contain scripts that automatically trigger a spyware download that opens as soon as the page is accessed.

In a case involving the Lower Merion School District of Pennsylvania, 2,300 MacBooks issued by the District contained spyware that secretly snapped thousands of webcam pictures of students at home, in bed, and partially dressed. According to Wired magazine, the District agreed to pay $610,000 to two students and their attorneys. Another case involved pictures of Miss Teen USA that were taken using her webcam as she changed.

  1. #1 by David C. Kibbe on August 29, 2012 - 6:13 am

    Aaron: Very helpful post. Can you site some specific examples of what “commoditization of human identity” would look like?
    Thanks, dCK

(will not be published)