HACKING: Making a system (any system) perform in a way which it wasn’t intended to operate..
CYBER CRIMES: Internet Fraud and Financial Crimes
A variety of internet scams, many based on phishing and social engineering efforts, targeting consumers and businesses.
These can be defined as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including but not limited to: Chat rooms, emails, notice boards and groups and mobile devices: cell phones, laptops, tablets, Bluetooth” (source: wikipedia). Cyber crimes may threaten a person or a nation’s defenses and financial security. Identity and Data Theft, Spoofing of IP and MAC addresses, Computer Certificate falsification and Data Alteration are only some of the common methods used to achieve these crimes, also making it feasible to falsely fabricate a victim’s involvement with a transaction or event. The vast majority of internet scams are based on social engineering efforts, which can be computer or human based.
SOCIAL ENGINEERING ATTACKS >>
A violent social engineering effort is called a “rubber hose” attack. As hilarious as the name sounds, it is responsible for an estimated 91% of data breaches worldwide (ref: https://www.darkreading.com/endpoint/91–of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704? and https://blog.securityinnovation.com/blog/2015/11/protect-organization-against-91-percent-data-breaches.html). Most peculiar to me, although this “trick” has been around since before the birth of the internet, only a small handful of people seem to know how to identify it. I call it a gimmick, because that’s it’s logical classification. It is based on taking advantage of certain personality traits and deceiving someone into giving up information or tricking a person into doing something they’re not supposed to do. Who hasn’t let a person through a lobby door first, because they’re carrying bags or look older? Who wouldn’t give their credentials to the “trusted” security guard? If you don’t hold that door open or deny giving that guard your accreditation, you may be considered “rude” or “antisocial”. However, the people that react this way to these every day circumstances, are those who just know better. It is human nature to be kind and considerate, to give information when we feel there is an urgency to provide it…and the desire to be helpful and liked by others, is also absolutely human. And all of these traits, are exactly what attackers pray upon. Computer based social engineering is accomplished mostly through phishing and human based social engineering is done through the phone or in person, as the name suggests. One of the best movies depicting a social engineer at work is “Catch Me If You Can”. If you haven’t seen it, do. It’s long, but you won’t be disappointed.
PHISHING ATTACKS >>
Phishing is the pursuit of accessing privileged information such as usernames, passwords, social security numbers, bank account details and more, often for nefarious reasons, under the pretext of a trustworthy entity, usually in electronic forms of communication. However phishing can also be “human based”. Information can be extracted through the phone or even in person, through a seemingly innocent line of questions and answers. It is widely used to establish social engineering intrusions.
Computer fraud is any counterfeit data display, executed with the intent of letting another do, or refrain from doing, something which can cause loss of funds or data. Fraud can result in securing an advantage for profit by:
a) Tampering with data in an illegitimate way. This common form of theft, is executed by employees or insider affiliates of a prospective company, and requires no technical expertise. This is accomplished by modifying data before entry in the system, or by entering unauthorized instructions or using unapproved processes; these employees may be disgruntled or simply under the influence of greed.
b) The alteration or deletion of stored data, which is extremely difficult to identify. Editing, sabotaging, concealing, or information embezzlement, most often to cover up illegitimate transactions, are only some of the ways used to carry out cyber crimes, without detection. This requires technical knowledge to achieve.
Have data breaches come to an end? Are we finally safe from “crackers”? Will the end of “net neutrality” bring a new era for web users, privacy and security? What difference will it make if our fundamental right to access information, becomes censored and tailored to whatever “ethical” stance each ISP stands behind? Or have we just hit the tip of CyberWars iceberg? Many believe, (and I share this opinion), that this is only the beginning, given the evidence at hand.