In today’s world the information security becomes more and more important. Every year people use more electronic devices, sometimes trusting them their secrets, financial and physical security. Even if some people live in the quaint manner, and try not to use the products of high technology, the progress will approach them all the same, for example in the form of electronic identity cards, credit cards or cell phones. If a person is not a sweet spot for all sorts of scams, because of his/her low-wealth, it is possible to control his/her life. If a person is modern and uses all the benefits of modern technology, then he/she just needs to be prepared and armed against threats of leakage and misuse of the confidential data and personal information.
Hackers and crackers are people who break into systems of data protection. They can break into the unprotected computer on the Internet and use it in bad faith, as well as to steal or copy files and use them for illegal activities. Hackers know about computers and computer systems more than the average user. Some of them have extensive knowledge of technologies. However, they do not use this knowledge for crime. They, as a rule, do not have selfish purposes in their activities, and are willing to delve into the essence of the system for their own education. At the same time, there are hackers, who are also high-level computer specialists. However, they use their knowledge for prohibited activities. They break into people’s computers with selfish intentions and use them for criminal purposes. The best protection from computer hacking is protection through the use of security services and antiviral protection or proper maintenance of the operating system in order.
There are some rules that help protect person’s identity on the Internet. First of all a person should close a dubious pop-up. A pop-up is a small item with the content, impelling a person to move to the other link. When this pop-up is displayed, the safest way to close it is to press the icon X (usually located in the upper right corner). It is difficult to know what action will follow after a person click “No”. It is easy to hide someone’s identity on the Internet. It is recommended to verify the identity of a person you are communicating (for example, in discussion groups). A person should never reveal the personal information on the Internet, except for the people that he/she trusts. When it is prompted to provide the personal information on the website, a person should always look through the topic “Use conditions” to make sure that the operator of a Web site provides the information about the use of the information obtained and its transmission.
Usually the e-mail account is the center of person’s activity on the Internet. If someone gains an access to it, at least not for a long time, a person will likely be able to get passwords from accounts in social networks, forums and websites. For that reason, a person should be very careful to protect the e-mail account. It is desirable to have the e-mail address on well-known email services. Unknown services are unreliable. They filter spam poorly and often suddenly cease to exist with the loss of the address. It is not necessary to indicate the name, phone number or date of birth in the login. The best password is a collection of letters typed randomly on the keyboard and corrected for the best memorization. Six symbols are enough. It is desirable that they included numbers, upper and lowercase letters. It is better to create the answer to the security question as well as a password. The answer to the security question is no less important than a password. A person should not indicate any ID number or the maiden name.
Mass mailing of unsolicited e-mail is known as spam. It leads to an overload of e-mail and can lock mailboxes. As a means to spam senders sometimes use e-mail worms. There are five rules relative to e-mail:
- A person should never open suspicious messages or e-mail attachments received from unknown people. Instead, he/she immediately has to remove them by clicking on the menu messages.
- A person should never respond to spam.
- A person should use a spam filter.
- A person should create a new or use a family e-mail for Internet requests and discussion forums.
- A person should not forward “chain letters”. Instead, he/she must immediately delete them.
The main threats of the information leakage when using a computer are all sorts of programs, which, anyway, are able to collect, disclose and transfer person’s information. Viruses are the main threat. There are several types of viruses. Viruses and worms are malicious programs that can be distributed via e-mail or web pages. Viruses can damage files or software stored on the computer. Worms spread faster than viruses. They spread directly from one computer to another. For example, an e-mail worm can carry out an independent newsletter to e-mail from the address book. Internet worms are searching for computers that are connected to the Internet and do not contain the latest security updates. “Trojan Horses” (Trojans) are dangerous programs that seem harmless, for example games. However, after the activation they may damage files, and the user will not know about it. If a person performs a number of standard conditions, he/she will not hook any viruses. Namely, a person should not open files, and links that come from unknown people to e-mail, ICQ, and mobile phones. A person must have an antivirus program on the computer, and at least once a week update its database.
A person should know that most of passwords that were entered in the programs on the computer are stored in the same programs. They can be viewed and copied by hackers. These are passwords of email accounts of Outlook Express, or all of the passwords a person enters in web sites, viewing them by browsers, such as Opera, Firefox, Chrome, or Internet Explorer. To avoid this, a person needs either to restrict the ability to use the computer by unauthorized persons or indicate programs not to remember passwords. There are spyware programs that deliberately, directly or remotely are installed on the computer and are spying on person’s actions. This threat is the most difficult. When installing the program, the attacker gives a full access to it and disables all protection. Almost always these programs run in stealth mode. It is very difficult to find them without special tools (programs). A person should regularly use the scanner program or install security software beforehand.
In America about 3.6 million households were affected by such type of fraud as theft of personal information, including unauthorized usage of numbers and passwords of somebody else’s credit cards, phone and bank accounts, the use of personal information of another person to obtain a loan or open a new account. A total cost of these crimes amounted to 3.2 billion dollars. Losses from hacker attacks on large companies can make millions of dollars. Hackers use a variety of methods to steal someone else’s information or funds. The first one is phishing. It is a well-known method. A user enters his/her secret personal information, thinking that he/she is on the official website of the bank. In fact, the user confidently provides his/her data to cybercriminals. The victim receives a letter that looks like an official letter from the bank or online auction. There is a link in the letter, clicking on which the user gets to the page that is identical to the official website, for example, the bank. However, in reality it is not the official page of the bank. After that a person can just enter personal data, and the process is completed – hackers can easily use them. Ferming is a way, in principle, the same as fishing, but slightly improved. For example, the user enters the Internet address of the bank. A hacker using the embedded software forwards the request to his/her own page, apparently looking the same. Further, everything is the same as in phishing – password, account number and other personal details are known to criminals. The next method is the use of RFID (Radio Frequency Identification). RFID-chips implanted in items that have a wide circulation in everyday life (clothing, food, money and other tools that we use every day). By themselves they do not store information about its owner. For example, RFID-tag in a purchased shirt can contain only the information about the price and features of this product. However, an attacker, who has learned to read RFID-chips of the sample, can recognize a person on the street (cracking the shopping database, he/she finds out person’s card account number, and the name). The consequences can be very diverse. One more method is rootkits. These are tools used by hackers to hide their malicious activity: installing spyware or data theft. To do this, they modify the operating system on the computer, and can even replace the main functions. This means that they do not only hide their own presence, but also actions that the violator undertakes on the infected computer. Furthermore, the rootkit can hide the presence of other malicious software on the computer, simply by changing the file data, registry keys, or active processes. Despite the fact that they were originally designed for UNIX, there is now a growing number of rootkits for Windows that constitute a potentially serious threat. Keyloggers are programs to collect logs from the keyboard. Hackers use them to gather all the information entered by the user of the infected computer. Many keyloggers work only when users visit certain websites, such as online banking services. Trojans are software viruses that infect the victim’s computer and perform various unauthorized actions: collection of the information, transmission of the information to the attacker, its destruction or malicious modification and malfunction of the computer. Certain categories of Trojans cause damage to remote computers and networks, without compromising performance of the infected computer. One more method is sniffing. It is a view of network packets by hackers destined for another computer. A special sniffer program and the network, operating in the promiscuous mode are needed. In most cases this attack is used to obtain user names and passwords for the access to some resources. The user’s computer when logging, such as the FTP-server sends the data needed for the procedure. The sniffer can intercept them and give over to the attacker. Backdoors are a kind of Trojans, vulnerabilities in the software, entering through which an attacker has a possibility of unauthorized remote control of infected computers. Typically, an attacker can send and receive files, launch and destroy them, display a variety of messages, erase information, and restart the computer. Thus, the backdoors can be used to detect and transmit the confidential information, to launch viruses or destruct data.
There are some ways that can protect the user from hackers’ actions. There is a one-time password technology, implemented with the help of some hardware keys. A key member on special complex algorithm generates a keyword that is used to authorize and immediately expires. A malicious user intercepted the password, gets just a meaningless set of symbols. The next time the user key authentication generates a new key word. At the same time the most reliable and versatile method is to encrypt all data transmitted. This applies to the text information and passwords. To date, the most common Internet cryptography protocols are Secure Shell (SSH) and Secure Socket Layer (SSL).
So long as computer hacking exists more than 30 years, governments had enough time to develop and adopt a set of laws to combat cybercrime. At present, almost all developed countries in one form or another have a set of legislation to oppose hacking and electronic theft of the information that can be used to punish criminals. There are often attempts to make such laws more stringent. During the last years because of hacking and unauthorized access to the information many people were convicted. Cybercrime is the reality of the XXI century, which pledge is the wide availability of the Internet and a large number of connected inadequately protected computer systems. With detailed framework legislation and the growing number of international agreements in the field of counter of cybercrime, people hope that the world is moving in the right direction and the main goal is the safe and legalized cyberspace.