CYBERCRIME

 

 

Cybercrime is bigger business than ever — in the first six months of 2007, security firm Sophos tracked 42,629 new pieces of malicious software, an increase of 24 per cent from the same period last year.

 

But there are basic precautions you can take to avoid losing your savings or your identity on the internet.

 

Ask a security expert for advice on safe web surfing, and you'll almost invariably be told to make sure you use antivirus software. If you don’t have up-to-date protection software on your computer, some say you shouldn’t even be on the internet.

 

Det. Const. Mark Fenton of the Vancouver Police cybercrime unit suggests using more than one type of software to catch unwanted programs on your computer. In addition to a robust antivirus program, he recommends something like Ad-Aware, which detects and eliminates spyware.

 

Use a firewall
Antivirus programs can’t do it all. Your internet connection should use a router with a built-in firewall to keep online intruders at bay (a basic router with a firewall can be had for as little as $25 these days if you shop around).

 

It's also a good idea to equip each computer with its own software firewall. A good firewall will serve two purposes: Firstly, it will prevent malicious software, also known as malware, from getting onto your system in the first place. Secondly, if you do have some malware code installed, the firewall will stop it from reaching out to the web to talk to its master. Windows operating systems come with a built-in firewall nowadays, and most online security firms sell firewall software as part of a package.

 

Be careful where you surf
Some online activities are riskier than others. Fenton says that downloading movies and video from peer-to-peer file-sharing sites like Bittorrent is extremely hazardous.

 

"The bad guys like to infect the most popular files with trojans, and they’re usually ahead of the antivirus software so they don’t get detected," he said

 

So think twice before you try to save a couple of bucks by downloading Spiderman 3. Other dicey sites are porn, online gambling, and just about anything else your mother would disapprove of.

 

Don’t share a computer
But simply staying away from the seamier side of the internet is no guarantee that you won't run into malware.

 

Sophisticated crooks have taken to hacking into legitimate sites and infecting them with trojans or viruses that can be passed on to you. Cluley notes that about 8,000 websites a day are infected with malware, and 70 per cent of those are what are commonly considered to be safe, mainstream sites. That means that you can pick up an unwanted intruder while innocently shopping for electronics or checking the weather.

 

Terminology
A BOTNET, or robot network, is a group of web-linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perpetrate all kinds of online nastiness. Typically a 'bot' is installed on a machine through a trojan, an insidious program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected program. Once the bot has made itself at home, it "opens the doors" of its new host computer to its master, who can instruct the machine to engage in various nefarious activities such as sending out spam and phishing e-mails, or launching the distributed denial of service or DDOS attacks like the kind that almost brought down the internet. In some cases, these nasty little robots can steal personal data and return it to a central site to be used for identity theft purposes.

MALWARE
Is a catch-all term for malicious software such as computer viruses, spyware, trojans and so on that compromise the security or function of people's computers.

PHISHING
Is a technique in which criminals try to trick people into disclosing sensitive information, such as online banking names and passwords, and is often conducted through e-mails that direct people to a bogus website.

PHARMING
Is an attack in which malicious individuals try to redirect internet traffic from a legitimate website to a false one. This is sometimes done to collect a person's login or password information.

TROJANS
Are programs that appear to perform one function in order to hide a malicious function — for example, a downloaded game might contain a virus. Like the mythological Trojan horse such programs are named after, the deception tricks people into granting an outsider access to their computer.

ZOMBIES
are computers that have been hijacked to perform commands and functions issued to them by the attackers, often without the owners' knowledge. They are typically infected by Trojans, a type of software that enables attackers to use them in a botnet. An infected computer is sometimes referred to as a bot — short for robot.

Experts now recommend keeping two computers — one for sensitive online transactions like banking or business, and another for general surfing. This is especially important if your kids are computer users, as they tend to be more adventurous in their surfing than adults.

 

An alternative to having two computers is to equip your machine with a removable drive tray that fits into a computer's standard CD/DVD bay (less than 10 minutes of work with a screwdriver, or you can have one installed at a computer store). It allows you to put hard drives into cartridges that can be swapped in and out of the machine in seconds. You can set up one "secure" drive with an operating system for things like banking, e-commerce and office work, and set up another drive that you and the kids can use for general surfing.

 

Using removable drive trays is almost as simple as swapping a DVD in your home theatre system: Power down the computer, remove one drive, slide the other drive into the computer to replace it, and reboot. A removable tray and medium-capacity hard drive can be had for around $100, saving money and space since you only need one computer, mouse, keyboard and monitor.

 

Install patches
Malware often gets into your machine by exploiting loopholes in operating systems and other software. Make sure you download available patches and updates to fix these vulnerabilities as soon as they become available.

 

Most good software will do this automatically — all you have to do is say "yes" when it asks you whether you want to install an update. With older software and peripherals, you may have to visit the manufacturer's site yourself to check for updated software and drivers.

 

Change up your passwords
Cluley notes that around 40 per cent of people use the same password for all applications and websites, a dangerous practice. Vary your passwords, and don’t use obvious ones like kids’ names or a birthday. They’re the first things crooks try.

 

The same principle applies to security questions. You don’t have to enter your mother’s real maiden name, which is a matter of public record, just because someone asks for it. Type in "supergirl" or the name of your favourite actress instead.

 

Don’t respond to unsolicited e-mail
You did not win a lottery, get a job with an international bank, or inherit $10,000,000 from someone you don’t know. Don’t answer those e-mails, or anything else offered from an unknown source.

Likewise, banks, financial institutions and government departments will never ask you for sensitive information or to confirm passwords via e-mail. Phishing scams are e-mails which pretend to be from banks or internet providers and ask you to click through to their sites and enter personal data. Don’t.

 

If you get an e-mail that informs you that, say, your bank wants to update your password so you need to click on a link in the message and type in your old one, or that a government agency wants to confirm your social insurance number, ignore it. Call your local bank branch or the government department if you want to check the authenticity of the request (using numbers from the phone book, not those from the e-mail in question), but never enter sensitive information online in response to an e-mail.

 

Det.Const. Fenton says he’s amazed at how many people still fall victim to these kinds of cons. "I’ve had lawyers, doctors, engineers call me to say 'my Viagra never got delivered' after they ordered it by responding to an e-mail. How do you deal with people like that?"

 

Network with care
If you’re active on any online social networks, be careful what information you reveal.

 

Cluely says that in a study of Facebook users, 25 per cent disclosed their full address on their online profile, and 78 per cent gave a home phone number.

 

"Some of these people will then actually announce to their network that they’re going on holiday," he says. "You think, what are you doing?"

 

Use caution on public computers
Never do any sensitive business like banking on public computers, whether it's a public terminal or a machine at an internet cafe. There could easily be software that steals your information as you’re typing, sending it off to identity thieves.

 

It's also a bad idea to conduct sensitive transactions using a public WiFi wireless hotspot. Unencrypted transmissions can be monitored, and even "secure" encrypted links can be cracked.

The best advice? Don’t take anything you see on the web at face value.

 

"The problem is that people today just aren’t paranoid enough — they aren’t acting carefully," Cluley says. "It’s as if the motorcar had just been invented and everybody went racing down the freeway without taking any lessons."

 

Source:  CBC News, Dec.12/2007

 

 

---

 

DON'T BE A VICTIM OF CYBERCRIME

 

There are thousands of people around the world that make a living exploiting the security loop holes by accessing your personal identity, passwords and bank accounts. When you access the Internet through the world wide web it is extremely important that you safe guard your personal information.

 

Internet users who access bank accounts, e-currency accounts or any source of personal information online, should be aware of the methods used by criminals to convince you to reveal your confidential information. Here are some simple steps to help keep your information secure

 

1. Avoid being a victim of fraudulent email requests for personal information

 

This method is called "Phishing" and is a popular way for criminals who are acting as legitimate businesses to steal your personal information. This is usually accomplished by sending you an email with a hyperlink to a fraudulent website made to look like the real one. Once you have entered your information the perpetrator will have access to your account, many times unknown to you.

 

One way to avoid falling victim to this sort of scam is to never provide any personal details in response to an email. Legitimate businesses will never ask you for your password by email. Be aware of suspicious emails from unknown individuals. Delete before opening anything that you think might be harmful.

 

2. Make sure you visit your bank, e-currency or financial website via your Internet browser with the correct website address.

 

3. You should take care to never follow any suspicious hyperlink, url, or open an unknown sender’s attachment.

 

If you inadvertently reply to a "Phishing" email or respond to what you think could be a fraudulent website, contact your associated financial institution immediately for advice. Do not delay in seeking help. Check your account for any unusual activity.

 

Source:  crime-research.org

Apr.19/2008