IT 9626 Chapter 5th eSecurity Fahim Siddiq 03336581412

What is Personal Data?

Any data that can be used to identify or recognize somebody is classed as personal data.
One useful definition of personal data is;

Personal data is any information that relates to an identified or identifiable living

individual. Different pieces of information, which collected together can lead to the
identification of a particular person, also constitute personal data.

So, it also means that any data which can be reconstituted so that it does enable an
individual to be identified can also be classed as personal data. So, even if personal data
has been de-identified, encrypted or pseudonymized, it is still classed as personal data.

De-identification is a common strategy when trying to prevent a person’s identity from

being revealed. Items of personal data might be removed from a record, such as the
individual’s name. If the person could still be recognized from the remaining data it would
be possible to re-identify the data and add the removed data, for example the name, back
in.

Pseudonymized data is when, instead of removing the personal items of data, they are
replaced with a temporary ID. This means instead of seeing the person’s name, you would
see an ID which would mean nothing to you. The problem is that if, similar to de-
identification, somebody can recognize that individual from the rest of the record, they
can replace the ID with the individual’s name.

Examples of personal data are;

1. a name and surname

2. a home address
3. an email address, such as name.surname@company.com
4. an identification card number
5. location data (for example from the location data function on a mobile phone)
6. an IP address
7. a cookie ID
8. the advertising identifier of your phone
 9. data held by a hospital or doctor, which could be a symbol that uniquely identifies
a person.

How to protect personal data?

1- Don’t share personal details with strangers on social media or through email.
2- Do not become friends on social networking sites with people you do not know.
3- Ensure privacy setting in social media sites.
4- Only use websites recommended by teachers.
5- Use a search engine that has a filter to remove inappropriate content
6- Only email/text to people you know.
7- Report the person who is bullying you on social media.
8- Be cautious about any pictures or opinions that you post or send to people.
9- Use a nickname or pseudonym when using the internet for entertainment, for
example, playing games.

Why do we need to keep data confidential?

1. If it were to fall into the wrong hands, the data could be used for identity theft or
to withdraw huge sums of money from bank accounts.
2. Identity theft is when a fraudster pretends to be another individual online by using
that individual’s personal information.
3. Fraudsters who have accessed an individual’s personal data can use their login
details to access their bank accounts or commit other types of fraud, while
pretending to be that individual. They can take your banking information and make
unauthorized withdrawals and purchases, and transfer money between accounts.
4. If burglars obtain personal data such as addresses and information about when a
person is at work, then they can burgle that person’s house.

Organizations and businesses can take certain measures to ensure the confidentiality of
data.

1. It is essential that personal information should only be seen by those people who
are authorized to see it.
 2. Workers who deal with confidential information must not tell anybody or use the
information for any reason except with the permission of the person who gave it.
In order for this to happen workers are often asked by their employers to sign an
agreement to this, which is called a confidentiality agreement.
3. Online services, particularly online banking and shopping, allow organizations to
have access to private data such as names, addresses, phone numbers, financial
records and so on. This information should not be passed from organization to
organization without authorization from the individual. Organizations must be held
responsible for their decisions to pass on information.
4. Individuals can keep their data confidential by not putting too much personal data
on social media. Insurance companies in many countries around the world often
use the same approach and might charge much higher premiums (monthly
payments) depending on the customer’s lifestyle and in addition may use this as
evidence when deciding not to pay out on a claim.
5. The photos and videos people take with their smartphone contain information,
known as metadata, including the time and place they were taken (geotag). If these
photos are intercepted, the individual’s address or where they work can be
discovered.

How to keep personal data secure?

1. Firewall
It can be in the form of a software or a hardware. Firewall sits between the user’s device
and the whole of the internet. Firewalls examine data coming into the network to see if
it is allowable. It examines data packets and breaks them down into smaller pieces of
information such as the IP address they came from. An IP (internet protocol) address is a
combination of numbers that identifies each computer in a network. If it is an IP address
that is not allowed, the firewall can block that traffic. It can prevent certain computers
from gaining access to the network.

Firewalls do not always prevent hackers from accessing networks, however. Although a
hacker’s computer is prevented from accessing the network, the hacker could physically
steal a computer that is permitted to access the network. More likely, they can use
software which can change the IP address of their computer to one which is acceptable
to the firewall.
 2. Penetration Testing
A penetration test, sometimes referred to as a ‘pen test’, is when companies employ
somebody to deliberately attack their computer network. They do this so that the
authorized ‘hacker’ will identify the weaknesses in their system’s security and the
company can then take measures to improve it if necessary.

3. Authentication Techniques
In order to prevent hackers accessing a computer network, users are required to log on.
This means that they have to identify themselves to the system so that it can be sure it is
not a hacker trying to gain access. This is called ‘authentication’. There are many ways in
which a person can prove to a computer system that they are who they say they are:

» Typing in a user ID and password which only the user knows

» Inserting or swiping a smart card which belongs to the user
» Using biometric data which relates to a unique physical characteristic of the user.
Biometrics can involve the use of iris or fingerprint scanning, as these are both felt to be
the best at providing unique data.

When using online banking, additional information such as the user’s date of birth is often
required. When a customer carries out certain transactions using a smartphone, some
banks will send a one-time PIN or password in a text message for them to enter as part
of the authentication process. This is also called two-factor authentication.

4. Levels of Access
If hackers do gain access to a network, their ability to retrieve personal data can be limited
by network settings created by a network manager. Different groups of users can be
granted different levels of access to the data on the network. This is particularly the case
with hospitals, for example, where doctors may be able to see the illnesses and diagnoses
of their patients but administration staff may only be able to find out other, not health-
related, information about patients.

Another example is the use of online shopping websites that require a login; customers
will only see data that is relevant to them. However, if programmers employed by the
company access the customer database, they will be able to view all the accounts.
With social networks, it is the owner of the data that can grant different levels of access.
It is possible for individuals to amend settings so that only ‘friends’ are allowed to see
their data, or they could allow both ‘friends’ and ‘friends of friends’ to see their data.

5. Network Policies
Network policies are sets of rules that allow companies to choose who is allowed to access
their computer network and control their use of the network once they have gained
access. When workers join a company, they are normally required to sign an agreement,
such as an acceptable use policy. This specifies what type of use is acceptable and what
is not. They have to agree not to use the network for illegal, unethical or distracting non-
work-related activities, such as downloading copyrighted material or spending time on
social networking sites to communicate with friends.

6. Software Updates
As well as being vital for updating a computer’s operating system, software updates are
often made available for different types of application software. Although these updates
are useful in eliminating bugs and making the software easier to use, probably their most
useful function is when they eliminate specific security weaknesses. It is important for
users to install updates as soon as possible in order to limit the amount of time hackers
have to find and exploit these weaknesses. If a system or app is left without updating for
a long time, more hackers may become aware of any vulnerabilities and use that
information to gain access to personal information stored on the system or app.

Other measures
There are other measures which can be taken to increase network security. Encryption
has already been discussed in terms of the fact that data, even when illegally accessed,
will not be understandable. The use of digital certificates also provides security. If a device
is lost or stolen; the owner can send a command to it using another phone that will
completely remove any data, such as personal data, from it.

Common Security Threats, and how to prevent them?

1- Phishing: User is sent to a fake or bogus website when the user clicks a legitimate
looking link in the email/ attachment
Effects of phishing:
1- Creator of the email can gain personal data, bank account etc.
 2- It can lead to fraud or identity theft.

Methods to overcome this security threat:

1. Good ISPs filter out such emails.
2. Be careful and cautious when opening emails or attachments.
3. Always double check the URL and email address. Users should check the URL
that they are being linked to, to see if it is legitimate. This can be done by
hovering over the link and looking to see if the address is the real address of the
site, for example www.paypal.com would be legitimate but www.paipal.com
4. Email can be identified as fake because of the spelling mistake.

2- Smishing: It means SMS phishing. A fake SMS is sent to the user containing a URL
or telephone number. The user is asked to log on to the website or make a
telephone call.

An SMS text message is sent to a user that will ask them to telephone a number or click
on a link. When that number is telephoned, the person receiving the call will attempt to
get personal details from the caller. The caller could also be charged a great deal of money
for the call. When a link is clicked malware is downloaded onto the user’s phone. The
malware can be used to collect the user’s data to commit identity fraud and theft. It can
also make the device part of a bot network. The link could also take the user to a
legitimate looking website, as it does in phishing, and cause the user to give away their
personal details. Smishing will often entice a user into telephoning a number or clicking
the link by advising them of a profitable gain they will receive if they do so, for example a
voucher or a gift card that will give them money off a product or service.

Effects of smishing:
1- Creator of the sms can gain personal data, bank account etc.
2- It can lead to fraud or identity theft.

Methods to overcome this security threat:

1- Users should be very cautious in telephoning any numbers they are sent in an SMS
message.
2- Users should be very cautious when clicking on any links in messages.
 3- Users should not install any applications from senders they do not know.
4- If a user receives a suspicious message from someone they do know, they should
check with the person that they have actually sent that message.
5- Users should be wary of numbers that do not look like usual mobile numbers, such
as '5000’.
6- Users can add security software to their mobile to help detect any malware.

3- Vishing: Voice mail phishing, it uses a voice mail message to trick the user into
calling the telephone number contained in the message.

The person who is vishing will either say they are alerting the victim to an issue with their
account, or advising the victim of a profitable gain. They will often ask the victim subtle
questions to get the personal data they want.

Effects of vishing:
1- Creator can gain personal data, bank account etc.
2- It can lead to fraud or identity theft.

Methods to overcome this security threat:

1- People should exercise caution when any institution contacts them, especially
when they ask for personal details. If in doubt hang up and call them back on a
number that is known.
2- People should never give out any personal details regarding a security issue with
their account. A bank will prevent any kind of attack on an account without needing
assistance from the account holder.

4- Pharming: User is redirect to a bogus or fake website due to malicious code

installed on user’s hard drive or webserver.

Effects of pharming:
1. Creator can gain personal data, back accounts
2. It can lead to fraud and identity theft
Methods to avoid pharming:
1. Use of anti-spyware software.
2. User should remain careful and cautious.
3. Always double check the URL to see if it is the same one you typed in.
4. Users should check if the website looks the same as when they last visited it.
5. Users should look for the padlock security symbol
6. Used to signify the HTTPS, showing that the website is secure, before entering
any personal and financial details.
7. Users should run regular scans of their computer with anti-virus software that
is designed to detect pharming programs.

Types of Malware
1. Virus A computer virus is a type of malware that is designed to spread from one
computer to another, usually by means of the internet, causing changes in the way
each computer operates as it spreads. They have the ability to replicate
themselves, just like real viruses.

Effects of Viruses
1. Some types of virus delete the data on the disk or just corrupt or change the data.
2. They insert themselves or attach themselves to another computer program.
Symptoms that can indicate a virus is present are that popup windows suddenly
start appearing frequently, the user’s homepage is changed so that it is different to
what it is normally, or their password is different, preventing the user from being
able to log on. Viruses can cause large numbers of emails to be sent from the user’s
email account. The computer may frequently crash or its processing speed can
noticeably slow down.

Methods to avoid the security threat

1. Anti-virus software must be kept up to date, running all the time, with scans
scheduled to run at frequent intervals.
2. Anti-malware software can be used.
3. Firewall, which filters incoming traffic and prevents malicious software entering
 2. Trojan Horse: A Trojan horse is a malicious computer program that disguises itself
as another application, such as a game or a utility program. When the application
is run, the Trojan horse will act as a computer virus would, deleting and corrupting
files in the computer system or even a backdoor trojan gives malicious users
remote control over the infected computer.

Effects of Trojan Horse:

1- It may delete critical system elements, thus disabling the OS.
2- Overload the network.
3- A backdoor trojan gives malicious users remote control over the infected computer.
4- They enable the author to do anything they wish on the infected computer –
including sending, receiving, launching and deleting files, displaying data and
rebooting the computer.
Methods to avoid this security threat:
1- Use an anti-virus.
2- Remove the latest extension or software you installed on your computer.
3- Avoid installing software from unknow sources.

3- Worm: A computer worm is a standalone malware computer program that

replicates itself in order to spread to other computers. It often uses a computer
network to spread itself, relying on security failures on the target computer to
access it.
Effects of a Worm:
1- It can delete files on a host system.
2- Some worms allow the computer to be remotely controlled by the worm author.
How to avoid this security threat?
1- Anti-virus and anti-spyware software are helpful.
2- Keep anti-virus up-to-date with new pattern files at least every few days.
3- The use of a firewall is also recommended.
 4- Spyware\key-logger: Software that generates information by monitoring key
presses on the user’s keyboard and send back to the creator.
Effects of Spyware:
1. Give access to all the data entered using key board
2. It can read cookies
3. Can change user’s default web browser
4. Can install another spyware software.

How to overcome this security threat?

1. Use of anti-spyware software
2. Using a mouse to select characters rather than typing
3. Be careful and cautious
5- Adware: Adware is short for advertising-supported software. In its most basic form,
it is simply a software program that is used to display adverts that are targeted at
the user. It can analyze the websites the user visits and will target them with
advertising of a similar nature.
Effects of Adware:
1- Collecting and reporting data about the user, to be sold or used for targeted
advertising or user profiling.
2- Irritation for user due to popups or windows that cannot be closed.
3- It may not act maliciously, but will often serve as a method of advertising for the
company.

How to overcome?
1- Use an ad blocker
2- Pay for premium, ad-free versions of popular services:
3- Use an antivirus.
4- Use an adware removal software.

6- Rootkit: A rootkit is a computer program that enables a person to gain

administrator access to a victim’s computer. A rootkit may contain a number of
 malicious tools such as keyloggers, banking credential stealers, password stealers,
antivirus disablers, and bots for DDoS attacks.

Effects of Rootkit:
1- Personal data can be stolen.
2- It can lead to identity theft.
3- Banking credentials can be stolen.
How to Overcome this threat?
1- Use anti-virus suite.
2- Use a strong firewall.
3- Reinstall the OS.

7- Malicious Bots: A bot is an application that is automated and used to carry out
simple and repetitive tasks. These are normally tasks that a human would find
mundane and time-consuming. Bots can be used for very productive reasons, but
they can also be used as a form of malware. Malicious bots are used by
cybercriminals in a variety of
ways:
1- SPAM bots are used to bombard people’s email inbox with SPAM emails.
2- Zombie bots are used to create a bot network. The bot will lay dormant on a
computer until an attack is launched. The computer will then be connected with
lots of other computers that have been compromised by zombie bots to launch a
large-scale attack on an organization.
3- Chatter bots will pretend to be humans on sites such as social networking and
dating sites.

8- Ransomware: Ransomware is a type of malware that restricts a user’s access to

their computer system and files. The ransomware will normally demand that the
user pays a ransom in order to regain access to their computer system. Some
ransomware programs will completely lock a user’s system and some will encrypt
all of the files on their system in a way that renders them useless. Ransomware will
normally try to enter a system in a similar way to a Trojan horse. The message or
ransom with which the user is presented will often imitate a law enforcement
agency. It will falsely claim that the system has been used for illegal activity and
that a ransom must be paid to regain access to the system.
 9- Fileless: It is a type of malware that does not rely on files and leaves no evidence
once it has been executed. It is very difficult for anti-malware software to detect
and remove. It only resides in the main memory (RAM). Fileless malware does not
perform any actions which affect the computer’s hard drive. It ceases to work
once the system is rebooted.
10- Scareware: It is a type of malware that tricks the computer user into thinking
that their computer has been infected with a virus. It appears as a popup and seems
to come from a genuine anti-virus provider. The user then pays the ‘provider’ to
download the anti-virus and then discovers, too late, that it is a scam.

How Malware Is Used?

1- Fraud
Computer fraud involves using a computer to take or alter electronic data, or to gain
unlawful use of a computer or system to illegally benefit financially. Several different
types of malware and general misuse of personal data have been described. For example,
spyware collects a user’s personal data, browsing habits and keystrokes. This can lead to
credit card fraud as well as identity theft. Once fraudsters have gained a user’s personal
and financial data, they can either sell the information to other criminals or they can
impersonate the user. They can use the user’s financial data to ask the bank for a new PIN
or even an extra card. They can buy goods via the internet using the credit card details
they have obtained. They can also withdraw large sums of money from the user’s bank
account. Most credit card fraud victims are unaware of what has happened until it is too
late.

Scareware, as we have seen, is used to obtain money under false pretense. Phishing,
vishing, smishing and pharming are intended to get the user to divulge their passwords,
credit card numbers and bank account information so that the fraudster can access the
user’s account to withdraw money, make money transfers and also use the details to shop
over the internet.

Ransomware, as we have seen, is used to blackmail users into paying large sums of
money, usually in Bitcoin so that it cannot be traced.
 2- Industrial Espionage
It is ‘spying directed towards discovering the secrets of a rival manufacturer or other
industrial company’. It is usually the theft of business trade secrets. It used to be carried
out by getting an employee to work for a rival company and spy from the inside; it is now
more often carried out by hacking into databases or computer networks. Malware has
become a major tool in industrial cyber espionage, with the purpose of stealing
information in the form of company secrets. Regardless of what type of malware is being
used, each one attempts to exploit weaknesses in software to gain access. There exists a
form of malware that is designed to target a specific computer and thus lends itself to
industrial espionage where a particular company is being spied on. Hostile actors are
people who organize themselves into teams of hackers with a collective aim. They include
foreign states, criminals, groups of hackers with a common goal, as well as terrorists.
Foreign states are usually best placed to conduct the most damaging cyber espionage and
computer network attacks.

Cyber espionage can be conducted in order to hack into specific business computer
networks to steal large amounts of data without detection. This could include intellectual
property, research and development projects, or a company’s merger and acquisition
plans. In the past, companies employed spies but now they are turning more and more
to computer hackers to steal these secrets.

Intellectual property theft in the USA alone is estimated to cost companies hundreds of
billions of dollars per year. Certain countries have been held responsible for these
activities, but more private companies are now getting involved in this type of espionage.
Groups of hackers are offering their services for hire for millions of dollars. Some are
actually hacking into company secrets and offering the information they have gathered
to the highest bidder. This activity has been made easier by the development of the Dark
Web, where an auction-based marketplace exists. Most of the transactions are now
taking place using Bitcoin. It is a bit disconcerting for companies to realize that their most
confidential data may already be up for auction on the Dark Web. It is imperative for large
corporations to have their own counter-espionage operatives and to make their IT
systems secure. They need to investigate which of their secrets have already been offered
at auction.
 3- Sabotage
The term computer sabotage refers to making deliberate attacks which are intended to
cause computers or networks to cease to function properly. The idea is that businesses,
education establishments and other organizations are attacked in order that their normal
operations are disrupted. It has been estimated that billions of dollars in the USA alone
have been spent on legal fees so that damages could be paid out to victims of sabotage
involving identity theft. A great deal of money has been spent on repairing computer
systems in hospitals and banks.

Computer sabotage within organizations is often carried out by disgruntled employees’

intent on causing the organization to lose money. Employees might make unauthorized
attempts to view, disclose, retrieve, delete or change information by misusing the system
privileges they have been granted. Some acts of sabotage are committed by former
employees, perhaps unhappy with the way they lost their job. However, most attacks by
employees or former employees are carried out remotely.

It is clear to see that not all sabotage is the result of sending malware, but it can consist
of a virus being sent to a computer which prevents users from logging on, and it can take
the form of distributing malware to allow hackers to illegally access an organization’s
network. Organizations need to guard against computer sabotage by taking measures to
protect all their hardware and software. This will not only require a firewall and use of
anti-virus software, but must include guidelines about the use of separate user IDs and
passwords for each individual user of a computer, including advice to change passwords
regularly.

Physical Methods of Prevention

1- A record should be kept of any known malicious websites, which should then be
blocked by the firewall from accessing the network.
2- Dedicated stand-alone virus-checking computers which are equipped with anti-
virus software should be provided.
3- All employees should be educated so that they understand the risks from malware
and are aware of the day-to-day procedures they can follow to help prevent
malware infections.
4- They need to be aware that they must report any strange or unexpected system
behavior to a technician or member of the IT department.
 5- Good advice to both organizations and individuals is that operating systems and
browser software should always be kept up to date.
6- Emails should be read with suspicion, since encouraging the user to download
malware only works if the user is not paying sufficient attention to who sent the
email and what it might be suggesting.
7- Strong passwords should be used, that is ones that are unique, changed often and
do not relate to the owner’s personal information.

Consequences OF Malware for Organizations and Individuals

1- Malware poses a major threat to any organization. It can ruin the organization’s
security arrangement regarding its computer network and systems. it can disturb
its business operations, leading to financial losses.
2- Personal information can be accessed, leading to identity theft on a massive scale,
as well as user IDs and passwords being compromised through the use of spyware.
3- Some organizations, particularly banks, have had to pay out a great deal of
4- money in the form of compensation when personal data has been stolen.
5- The three main implications of malware for an organization are the loss of data and
time and the costs it incurs. If a virus has infected one computer on a network, each
computer has to be disconnected from the network and cleaned by using anti-virus
software to remove viruses. Each computer must be clear of viruses before being
reconnected to the network. Cleaning a computer while it is still connected to the
network leaves it open to further infection.

Looking at the impact on an individual and their personal computer or laptop, malware
enables hackers to gain valuable information such as bank details, date of birth, email
address and passwords. The hacker can then commit identity fraud.