Threats are things or conditions that pose a threat to secured data or programmes. Threats may include unauthorised modification, capture, and destruction or disclosure. Personal data are not the only vulnerable data. Confidential data on market strategies and product development must be kept from the eyes of competitors. Large sums of money transferred daily by electronic fund transfer must be kept against theft. The very high volume of business information processed by computers today means that the rewards of industrial espionage and fraud are of much higher magnitude than in the past and are increasing.

Records must also be protected from threats such as accidents and natural disasters. For example a breakdown in air conditioning may cause some computers to overheat, resulting in loss of computer facilities. Fire, floods, hurricanes, and even heavy snowfall causing a roof to collapse can cause the destruction of data and valuable computers. Action taken to avert possible threats is called mitigation. Below we discuss two very common security threats:

VIRUSES AND MALWARES

Researchers have not agreed upon a final definition of a virus. A common definition is,” a programme that modifies other programmes to contain a possibly altered version of it”, this definition is attributed to Fred Cohen. Another possible definition is an entity that uses resources of the host (system computer) to reproduce itself and spread without informed operator action.

Malwares are generally all forms of malicious or damaging of software, including viral programmes, Trojan Horses, Logic Bombs, and the like. It is generally taken to include so-called benign viruses that have no intentionally damaging pre-loads.

Worms are programmes that usually spread across networks and don’t attach themselves parasitically to another programme. However they can be said to infect an operating system, a mail application or a network.

Trojan Horses (or Trojan, for short), we mean something that probably isn’t a virus, or a worm, because it doesn’t self-replicate. That is, it moves from system to system if someone is persuaded to move it directly because it doesn’t include a programme infection routine. Trojan Horses are often defined as “programmes that claim to do something useful or desirable, and may do so, but also perform actions which victims wouldn’t expect or want’. These actions may include payload such as password stealing Trojans use fake login screens while others use simple social engineering. Some anti-virus software’s detect these routinely not only by signature recognition but also heuristically.

Logic Bomb pre-programmed into a large programme that waits for some trigger event to perform some very damaging function. Logic Bombs do not reproduce and so are not viral, but a virus may contain a Logic Bomb as a pre-load. Logic Bombs that trigger at pre-programmed time are sometimes known as ‘Time Bombs’.

HACKING & CRACKING

Hacker was originally someone who had or was on the way to acquiring an unusual degree of skill in various aspects of computer use. Now the term is used almost exclusively to refer to computer vandals, people who break into systems, and so on. Sometimes they are also called criminal hackers. Cracker, the word is often used as a synonym to hacker though they actually don’t mean the same. The term is particularly associated with password “cracking” (gaining un-authorised access) the crackers copy protected programmes, allowing easy installations of illegal copies. Investigators hold crackers in disdain for they pose no investigative challenge.

COMMON METHODS USED BY HACKERS

SOCIAL ENGINEERING

It is widely used in hacking, yet poorly investigated. Social engineering attracts such a range of definitions;

The question is does accepted definitions meet the needs of those charged with addressing these classes of threats? The term is originally derived from social science but even there it seems to have shades of meanings. While most security managers and investigators still don't know what social engineering is, criminals are making use of the psychology to subvert systems. Security officers and investigators should now begin to give considerable attention to this type of threats in training, conferences and articles. Common Red Flags of password stealers through social engineering include mail apparently sent by the systems administrator, yet asking for a password. Many site and internet service providers will often tell you that system administrators will never need your password.” Some common definitions of social engineering include:

“The skilful manipulation of a governed population by misinformation to produce a desired change.”------ Keytel
“Psychological manipulation of an individual or set of individuals to produce a desired result”. ------ David Harley
“Deceptive practice that attempts to obtain information from people using social/business of technical discourse”. ------ SRI International
“The term used by crackers and samurai (hackers for hire) for techniques that target the weakness in wetware (people) rather than hardware or software”. ------ Jargon file
“Plain old con game”. ------ Robert Slade

SHOULDER SURFING

This usually means standing where you can watch somebody type in sensitive data such as passwords, user names, pins, phone card numbers and so on. Even seeing what kind of hand held authentification device employers use may be of some use to a hacker.

EAVESDROPPING AND SURVEILLANCE

Hackers use a variety of ways to conduct surveillance:
a. “Using electronic snifters”- vampire taps, directional microphones, phone taps and so on.
b. “Being there”- around the corner, at the next table, or in the reception area at the right time.
c. “Being invisible”- temps, cleaners, janitors, electricians, telephone company engineers, contractors, messengers, courier and similar workers tend to be overlooked by professionals. Moral: “Check out strangers cautiously”

BEING SOCIABLE

Socialising creates an opportunity to gather information:
a.After work hours activities such as chats down the pub, in news groups.
b. In the course of business, including social chat during business calls.

PHONE PHONIES

People are accustomed to some freedom in responding to callers claiming to be conducting surveys, journalist enquiries, or sales cold calling, and may give away valuable organisational information.

DUMPSTER DIVING

For every firm that shreds everything, there are dozens that do not. Skip (dumpsters), wastebaskets, recycling bin and such are often sources of organisational information, classified information obsolete media and even hardware.

ELECTRONIC LEFTOVERS

Systems produce a lot of electronic ‘waste’ that can yield valuable information. Disk, file print, spool and terminal buffers are often left untidied and unflushed. ‘Deleted’ files are often still accessible I.e. to someone with even a bare minimum of technical knowledge or basic recovery tools.

If you have access to a PC, there is a good chance you can retrieve something interesting if, for instance the owner has not logged out of a network connection.

PHISHING

Also called carding or brand spooning is an email scam using known logos from known organisations to ‘phish’ for personal information…The victim receives a legitimate-looking e-mail proclaiming problems with account information, ”just click on the link and provide some additional personal and financial information to clear-up a few questions.” everything looks authentic, but you are actually being redirected to a site that is here one moment and gone the next taking your identity with it…

Those who are responsible for phished messages use psychological tactics to prey on their victims. They use the name of familiar company and create urgency that gets people to act quickly.

WHAT THE INTRUDER MAY WANT TO KNOW:

Who owns the target machines?
From Human Resources. “What jobs are available?” The issue in his mind is, (would applying for one get me access to anything interesting?)
From Public Relations. “What can you tell me about the organisation and your current projects?” The issue in his mind is, (Are you worth further interest?)
From Security. “Are you interested in product ABC?” The issue in his mind is, ( so you are using XYZ).
From Sale and Marketing. “What current products are you selling?”

WHAT MALICIOUS HACKERS DO

The process of hacking is 80% reconnaissance. Reconnaissance refers to the process of gathering information about the supposed target, and it is done both in the computer but also outside using the methods mentioned above. The remaining 20% is the actual hacking done either remotely, in a local network terminal or on the actual computer. Passive reconnaissance involves acquiring information without interacting with the organisation. Whereas active reconnaissance requires interaction process of social engineering.

After the reconnaissance stage, the hacker will move to scanning. This basically refers to the pre-attack phase when the hacker scans the network for specific information on the basis of information gathered during reconnaissance. Hackers have to get a single point of entry to launch an attack. Scanning can include use of diallers, port scanners, network mapping, sweeping, vulnerability scanners and so on.

The third phase of hacking is gaining access. During this stage, the hacker exploits the vulnerability of the system. The exploit can occur over LAN or the internet.

The fourth stage occurs when the hacker tries to maintain access after he has compromised the system. The hacker will create a backdoor, rootkits or install a Trojan. Hackers can upload, download, or manipulate data, applications and configurations on the system.

The final phase of hacking is covering the tracks. This refers to the steps to conceal the misdeeds. The reasons for concealment could include the need for prolonged stay, continued use of resources, removing evidence of hacking and avoiding legal action. This process is done using steganography, tunnelling and changing log files.