The Term Anonymity Refers to the Ability to Convey a Message Without Disclosing the User

The Term Anonymity Refers to the Ability to Convey a Message Without Disclosing the User

Chapter 9: Privacy, Crime, and Security

Chapter 9

Privacy, Crime, and Security

The term anonymityrefers to the ability to convey a message without disclosing the user’s name or identity. Computers and the Internet enable marketing firms, snoops, and government officials to harness all the power of technology in order to collect information in ways that are hidden from the user’s view. The same technology is also making it increasingly difficult for citizens to engage in anonymous speech.

Privacy in CyberspacePrivacy refers to an individual’s abilityto restrict the collection, use, and sale of confidential personal information; The Internet is eroding privacy through the selling of information collected through registration forms on Web sites; Few laws regulate selling personal information; Technology is not only making it easier to invade someone’s privacy, but it is also providing a means to protect against privacy invasion.

The types of computer crime and cybercrime.

Computer crime and cybercrime include identity theft; computer viruses; and other rogue programs such as time bombs, worms, zombies, and Trojan horses; fraud and theft, password theft; salami shaving and data diddling; forgery; and blackmail.

Identity TheftIdentity theft is one of the fastest growing crimes in the United States and Canada; Identity theft occurs when enough information about an individual is obtained to open a credit card account in his or her name and items are charged to that account; Examples of information needed are name, address, Social Security number, and other personal information; Laws limit liability to $50 for each fraudulent charge; An individual’s credit report is affected by identity theft.

How Virus Infections Spread Virus Infections spread by: Inserting a disk with an infected program and then starting the program; Downloading an infected program from the Internet; Being on a network with an infected computer; Opening an infected e-mail attachment.

Fraud and TheftSelling Social Security numbers; Memory shaving—taking RAM chips from computers; Salami Shaving—Programmer alters a program to take a small amount of money out of an account; Data Diddling—Data is altered to hide theft.

The various types of computer criminals.

Computer criminals include crackers, cybergangs, virus authors, swindlers, shills, cyberstalkers, and sexual predators.

Understand computer system security risks.

A computer security risk is any event, action, or situation—intentional or not—that could lead to the loss or destruction of computer systems or the data they contain. Threats include wireless networks, corporate espionage, information warfare, security loophole detection programs, and attacks on safety-critical systems, such as air-traffic control.

How to protect your computer system and yourself?

No computer system is totally secure, but you can do several things to cut down on security risks. Use an uninterruptible power supply (UPS) to combat power-related problems. Use good passwords, know-and-have authentication, biometric authentication, and firewalls to control access to computer systems. Avoid scams, and prevent cyberstalking by doing business with well-known companies and by guarding your identity online.

Controlling AccessTo control access to a computer: Use authentication passwords; Use callback systems; Use know-and-have authentication: Tokens—Electronic devices that generate a logon code; Smartcards—Credit card-sized devices with internal memory; Biometric authentication—Voice recognition, retinal scans, thumbprints, and facial recognition.

Encryption and how it makes online information secure.

Encryptionrefers to a coding or scrambling process by which a message is rendered unreadable by anyone except the intended recipient. Until recently, encryption was used only by the intelligence service, military, and banks. But powerful encryption software is now available to the public. A person who uses the latest encryption technology to scramble e-mail messages can be reasonably certain that the message will remain secret. Strong, unbreakable encryption is needed for electronic commerce—otherwise, money could not be safely exchanged on the Internet. Because it allows two parties who have not previously met to exchange secret messages, public key encryption is an essential foundation of electronic commerce.

Public Key EncryptionPublic key encryption uses two different keys: Public key is the encryption key, Private key is the decryption key; They are used in e-commerce transactions; A secure channel for information is provided when the keys are used.

Digital Signatures and CertificatesDigital signatures are a technique used to guarantee that a message has not been tampered with; Digital certificates are a technique used to validate one’s identity; Secure Electronic Transactions (SET) are online shopping security standards used to protect merchants and customers from credit card fraud.

The U.S. government's proposed key recovery plan and why it threatens the growth of Internet commerce.

In 1998, FBI director Louis Freeh called for a new back-door-based encryption system. Called keyrecovery, this back door would be built into encryption software, rather than implemented by means of a microprocessor chip. This would enable encryption product vendors to fix vulnerabilities such as the one discovered in the Clipper Chip. By eliminating the cumbersome key escrow bureaucracy, the key recovery system would function much faster and, for this reason, would be more attractive to investigators.

A key recovery system could impede the further development of e-commerce, which some see as a major factor to continued U.S. economic growth. Corporations and banks will not wholeheartedly embrace electronic commerce without strong, secure encryption, but cryptography experts are wary of key recovery systems. Until cryptographers are reasonably certain that an encryption algorithm is safe to use, businesses will not use it to transfer anything other than trivial amounts of money, thus slowing the growth of e-commerce.

key terms

anonymity—On the Internet, the ability to post a message or visit Web sites without divulging one’s identity. Anonymity is much more difficult to obtain than most Internet users realize.

back door—A secret decoding mechanism that enables investigators to decrypt messages without first having to obtain a private key.

banner ad—On the World Wide Web, a paid advertisement—often rectangular in shape, like a banner—that contains a hyperlink to the advertiser’s page.

biometric authentication—A method of authentication that requires a biological scan of some sort, such as a retinal scan or voice recognition.

boot sector virus—A computer virus that copies itself to the beginning of a hard drive, where it is automatically executed when the computer is turned on.

ciphertext—The result of applying an encryption key to a message.

Clipper Chip—A microprocessor that could encrypt voice or data communications in such a way that investigators could still intercept and decode the messages.

computer crime—Action that violates state or federal laws.

computer security risk—Any event, action, or situation—intentional or not—that could lead to the loss or destruction of computer systems or the data they contain.

computer virus—A program, designed as a prank or as sabotage, that replicates itself by attaching to other programs and carrying out unwanted and sometimes dangerous operations.

cookie—A text file that is deposited on a Web user’s computer system, without the user’s knowledge or consent, that may contain identifying information. This information is used for a variety of purposes, such as retaining the user’s preferences or compiling information about the user’s Web browsing behavior.

corporate espionage—The unauthorized access of corporate information, usually to the benefit of one of the corporation’s competitors.

cracker (black hat)—A computer user obsessed with gaining entry into highly secure computer systems.

cybercrime—Crime carried out by means of the Internet.

cybergang—A group of computer users obsessed with gaining entry into highly secure computer systems.

cyberlaw—A new legal field designed to track developments in cybercrime.

cyberstalking—A form of harassment in which an individual is repeatedly subjected to unwanted electronic mail or advances in chat rooms.

denial of service (DoS) attack (syn flooding)—A form of network vandalism that attempts to make a service unavailable to other users, generally by flooding the service with meaningless data.

digital certificate—A form of digital ID used to obtain access to a computer system or prove one’s identity while shopping on the Web. Certificates are issued by independent, third-party organizations called certificate authorities (CA).

digital signature—A technique used to guarantee that a message has not been tampered with.

employee monitoring—When large employers routinely engage in observing employees' phone calls, emails, Web browsing habits, and computer files.

encryption—The process of converting a message into ciphertext (an encrypted message) by using a key, so that the message appears to be nothing but gibberish. The intended recipient, however, can apply the key to decrypt and read the message. See also public key cryptography and rot-13.

encryption key—A formula that is used to make a plaintext message unreadable.

ethical hacker (white hat)—Hackers and crackers who have turned pro, offering their services to companies hoping to use hacker expertise to shore up their computer systems' defenses.

file infector—A computer virus that attaches to a program file and, when that program is executed, spreads to other program files.

firewall—A program that permits an organization’s internal computer users to access the Internet but places severe limits on the ability of outsiders to access internal data.

global unique identifier (GUID)—A uniquely identifying serial number assigned to Pentium III processor chips that can be used by Web servers to detect which computer is accessing a Web site.

hacker—Traditionally, a computer user who enjoys pushing his or her computer capabilities to the limit, especially by using clever or novel approaches to solving problems. In the press, the term hacker has become synonymous with criminals who attempt unauthorized access to computer systems for criminal purposes, such as sabotage or theft. The computing community considers this usage inaccurate.

hacker ethic—A set of moral principles common to the first-generation hacker community (roughly 1965–1982), described by Steven Levy in Hackers (1984). According to the hacker ethic, all technical information should, in principle, be freely available to all. Therefore, gaining entry to a system to explore data and increase knowledge is never unethical. Destroying, altering, or moving data in such a way that could cause injury or expense to others, however, is always unethical. In increasingly more states, any unauthorized computer access is against the law. See also cracker.

identity theft—A form of fraud in which a thief obtains someone’s Social Security number and other personal information, and then uses this information to obtain credit cards fraudulently.

information warfare—A military strategy that targets an opponent’s information systems.

key escrow plan—The storage of users’ encryption keys by an independent agency, which would divulge the keys to law enforcement investigators only on the production of a valid warrant. Key escrow is proposed by law enforcement officials concerned that encryption would prevent surveillance of criminal activities.

key interception—The act of stealing an encryption key.

key recovery—A method of unlocking the key used to encrypt messages so that the message could be read by law enforcement officials conducting a lawful investigation. Key recovery is proposed by law enforcement officials concerned that encryption would prevent surveillance of criminal activities.

know-and-have authentication—A type of computer security that requires using tokens, which are handheld electronic devices that generate a logon code.

macro—In application software, a user-defined command sequence that can be saved and executed to perform a complex action.

macro virus—A computer virus that uses the automatic command execution capabilities of productivity software to spread itself and often to cause harm to computer data.

memory shaving—A type of computer crime in which knowledgeable thieves remove some of a computer's RAM chips but leave enough to start the computers.

.NET passport—A free service Microsoft introduced as part of its .NET strategy in which users create a .NET Passport profile that stores an e-mail address and a password and allows the option to choose whether profile information will automatically be shared with participating Web sites to provide personalized services.

personal firewall—A program or device that is designed to protect home computer users from unauthorized access.

plaintext—A readable message before it is encrypted.

privacy—The right to live your life without undue intrusions into your personal affairs by government agencies or corporate marketers.

private key—A decryption key.

public key—In public key cryptography, the encoding key, which you make public so that others can send you encrypted messages. The message can be encoded with the public key, but it cannot be decoded without the private key, which you alone possess.

public key encryption—A computer security process in which an encryption (or private) key and a decryption (or public) key are used to safeguard data.

public key infrastructure (PKI)—A uniform set of encryption standards that specify how public key encryption, digital signatures, and CA-granted digital certificates should be implemented in computer systems and on the Internet.

Secure Electronic Transaction (SET)—An online shopping security standard for merchants and customers that uses digital certificates.

symmetric key encryption—Encryption technique that uses the same key for encryption and decryption.

time bomb (logic bomb)—A destructive program that sits harmlessly until a certain event or set of circumstances makes the program active.

trap door—In computer security, a security hole created on purpose that can be exploited at a later time.

Trojan horse—An application disguised as a useful program but containing instructions to perform a malicious task.

uninterruptible power supply (UPS)—A device that provides power to a computer system for a short period of time if electrical power is lost.

worm—A program resembling a computer virus that can spread over networks.

Zombie—Acomputer commandeered by a hacker to do what the hacker's program tells it to do.

1

Chapter 9: Privacy, Crime, and Security

Multiple Choice

  1. Which of the following is a rogue program disguised as a useful program that contains hidden instructions to perform a malicious task?

a. Trojan horseb. wormc. trap doord. macro

  1. What is the result of applying an encryption key to a message?

a. Cybertextb.decryptionc. ciphertextd. plaintext

  1. Of what type are most viruses?

a. file infectorsb. boot sector virusesc. wormsd. time bombs

  1. These are computer hobbyists who enjoy pushing computer systems to their limits.

a.crackersb.Trojan horsesc.hackersd.cybergang members

  1. Which method requires an encryption key to be transmitted to a recipient before a message can be decrypted?

a. key interceptionb.key recoveryc.symmetric key encryptiond.digital certificates

  1. A firewall usually protects a network from which of the following?

a.smoke damageb.unauthorized access through the Internet

c.electronic funds transferd.buggy programs

  1. Which of the following is not used to limit access to computer systems?

a.know-and-have authenticationb.password

c.UPS (uninterruptible power supply)d.firewall

  1. A recipient uses which of the following to read an encrypted message?

a. private keyb.public key

c. digital certificated.digital signature

  1. What do you call using information technologies to corrupt or destroy an enemy's information and industrial infrastructure?

a.data warfareb. technology bombs

c.information warfared. data infiltration

  1. This item is a rectangular advertisement that is not part of the Web page you are viewing, but is rather a page separately supplied by an ad network.

a.spamb. Adnet ad

c.Spamnet add. banner ad

Fill in the Blank

  1. A(n) ______is any event, action, or situation—intentional or not—that could lead to the loss or destruction of computer systems or the data they contain.
  2. A(n) ______is hidden code within a program that may be destructive to infected files.
  3. Hackers generally subscribe to an unwritten code of conduct, called the ______, which forbids the destruction of data.
  4. Crimes carried out over the Internet are known as ______.
  5. A(n) ______installs itself at the beginning of a hard drive where code is stored and then automatically executes every time you start the computer.
  6. In a computer network, a(n) ______resembles a computer virus but doesn't need an unsuspecting user to execute a program or macro file.
  7. A(n) ______takes advantage of the automatic command execution capabilities of productivity software.
  8. ______is the unauthorized access of corporate information to benefit a competitor.
  9. Disgruntled employees may discover or create security holes called ______that they can exploit after leaving the firm to get even with their former employer.
  10. ______refers to one's ability to convey a message without disclosing a name or identity.
  11. ______are programs or devices that protect home computers from unauthorized access.
  12. ______refers to a coding or scrambling process that renders a message unreadable by anyone except the intended recipient.
  13. ______is emerging to track developments in crime on the Internet.
  14. ______is a uniform set of encryption standards that specify how public key encryption, digital signatures, and digital certificates should be implemented in computer systems and on the Internet.
  15. A(n) ______is a technique for validating one's identity, like showing your driver's license when you cash a check.

Short Answer

  1. What are the different cookie settings on the browser that you use most often? (Hint: If you're not sure, click the browser's Help button and enter "cookies.") Describe how to switch the cookie settings. What cookie setting do you prefer? Explain why.

Students’ answer may vary. To change the cookies settings in Internet Explorer, on the Tools menu, click Internet Options. On the Privacy tab, move the slider up for a higher level of privacy or down for a lower level of privacy.

  1. What is a digital signature? What is a digital certificate? How do they differ?

A digital signature is a technique used to guarantee that a message has not been tampered with. A digitalcertificate is a form of digital ID used to obtain access to a computer system or prove one’s identity while shopping on the Web. Certificates are issued by independent, third-party organizations called certificate authorities (CA). Digital signatures deal with tampering with a message—digital certificates verify identities.

Top View