When it comes to Cyber Security, there are endless topics to speak about. However one of the most impactful thing that can happen to a person in regards to theft on the internet, would be identity theft. Between credit card scams, email spam, etc., identity theft should be one of the most feared forms of theft when navigating the internet.
Facebook deleted almost 120 private groups totaling more than 300,000 members who promoted a host of activities on the social media network’s platform. The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools. (Krebs) The biggest amounts of groups banned from the site were those promoting sales of “mass-hacking” emails and passwords of thousands of accounts including Amazon, Google, Netflix, and even PayPal-the supposedly “unhackable” financial banking website. It does not stop there though. This year cybercriminals have been at an all time high in numbers. So high, that even the IRS is getting involved in warning people about the potential of being targeted. (Krebs) Criminals are starting to use “keyloggers” which enters a device through the 4th layer through malware and begins to monitor everything done on a device, down to the single keystroke. According to Alex Holden of Hold Security he states, “If you’ve never seen one of these keyloggers in action, viewing their output can be a bit unnerving. This particular malware is not terribly sophisticated, but nevertheless is quite effective. It not only grabs any data the victim submits into Web-based forms, but also captures any typing — including backspaces and typos.”
Identity theft is the illegal use of someone else’s personal information. (Identity Theft 101) In today’s society, technology is a must. Technology and even the internet, is so constant in everyday life. Simple things like communication, the basis of human life, can be done over the internet. This makes everyone and anyone, connected, even those who are not wanted to be connected to. This opens a ton of holes in personal security.
So how does it happen? According to True Identity, online identity theft begins with devices and accounts not being protected by passwords, or even poor passwords. Insecure online data can be a huge detriment to someone’s personal information as well. There are 5 main ways a thief can get to personal information through insecure data. The first would be an unsafe connection. This would be on the considered on the Network Layer in regards to the OSI Model. Filtering information, making sure that harmful data is mostly considered IP information which would happen at layer 3. Next would be insecure websites. Many web browsers now a days do a well job at making sure unsafe websites are blocked from viewing. However, these websites can still slip through firewalls and web browser filters. Especially when online shopping and handling personal and valuable information, only trust sites with an HTTPS domain. These domains ensure the data being transferred is encrypted and extremely difficult to track/steal valuable information. Next is password security. This is probably one of the topics people are least worried about when it comes to cyber attacks. People tend to use the same password for multiple accounts, unsafe passwords, and passwords easy to guess. Some even go to the extent of storing these passwords somewhere easy to find. Passwords should never be kept in a location easy for someone else to get. “Phishing” is a term used to describe scams which are when a criminal poses as a legitimate entity. These can include banks, administrators, auctions, etc., just to get to either enter information on a site for them, or make a targets for another website. Cybercriminals can then install malicious software onto computers and steal information that way as well. (Microsoft) Key points to look for when dealing with phishing are bad grammar or spelling, weird looking links,spoofing off of other websites, or even someone making a threat. Never trust an email or website when these things are being produced. Finally is “doxing”. This refers to a situation where the cybercriminal will obtain someone’s information, and then threaten them with it unless the victim performs certain tasks. Obviously, this can also be considered “black-mailing”.
One of the largest ways someone could get their information stolen is through company wide breaches. “Earlier this month, Forbes reported that “An authorized third party gained access to Equifax data on as many as 143 million Americans… Included among files accessed by hackers was a treasure trove of personal data: names, dates of birth, Social Security numbers, addresses…” If that doesn’t sound bad enough, consider this additional irony – Equifax, as one of the leading credit reporting agencies, is expected to secure its customers from abuse of their personal data!” (USC Marshall) These breaches are a massive deal and put millions of people at risk. Not only the employee’s of the company, but the clients of that company as well. A “data breach” can be defined as “an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.” For example, the Equifax breach referred to earlier, is considered one of the largest and most serious data breaches in history.
According to the USC Marshall, hackers also exploit weak access controls around where data is stored or how it is transferred. The recent work trend towards BYOD (bring your own devices) has increased this risk as many of these devices do not have recommended mobile security solutions. Risk also comes from MITM (man in the middle) type attacks on Wi-Fi networks that do not use security measures like WAP, WPA, or WPA2. Earlier this year, a contractor employee at Anthem stole the personal health information, including Social Security and Medicare information data, of more than 18,000 Anthem Medicare enrollees, by simply copying the data from Anthem systems and emailing it to his personal email address.
This is not stopping though. According to the City of San Jose, there were more than 9.9 million cases of identity theft last year, and that is just in the United States. These thefts have seen a steady increase over the last couple of years, and do not seem to show any patterns of slowing down anytime soon.
Once thieves get into a personal computer, it is almost game over. They can begin to start monitoring internet habits, keystrokes, programs being run, and even start collecting personal information like social security numbers and credit card information. These scammers then turn around and sell these cards on the black market or make purchases on them themselves. Not only that, but they are getting as complex as even being able to open bank accounts in a victim’s name. (Webroot) Things are getting scarier and scarier when it comes to security over the internet. Not only can these people steal a life, but they can make it seamlessly disappear as well.
It does not have to end there, however. There are many precautions one can take to make sure they do not become victim to these attacks. First of all and mainly, be cautious about phishers. What to look for has already been specified, so go back and look at that if needed. Do not use the same password for multiple accounts, sites, etc. This can lead to many accounts being compromised, not just one. Passwords should be long phrases that can be remembered, but not guessed. Use capital letters and symbols. The more characters the better. If the hackers cannot get the information in the first place, the safer one is. Buy antivirus software. These softwares work on the application level and scan all the way down to the physical layer for threats. Then blocking them making sure no damage is done. (Webroot)
Identity theft is not the only theft needed to be worried about, though. DDoS attacks (Distributed Denial of Service) is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information. (DAM) These attacks can even be purchased on a black market. According to TrendMicro, $150 and you have a week-long DDoS attack on a large corporation, rendering their service completely useless for a whole week. Which for some companies, is massive. More than 2000 daily DDoS attacks are observed around the world by Arbor Networks according to ATLAS Threat Reports, and a third of all downtime incidents are DDoS attacks.
So how does this happen? Well, Attackers build networks of infected computers, known as ‘botnets’, by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong. (DAM) They then generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity. (DAM) It doesn’t end there either. Specialized online marketplaces exist to buy and sell botnets or individual DDoS attacks. Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organization’s online operations. A week-long DDoS attack, capable of taking a small organization offline can cost as little as $150. (DAM)
When it comes to possibilities of attacks on different OSI Layers, every layer can be considered in danger. Starting at the application layer, these would include application monitoring practices and monitoring software applications using a dedicated set of algorithms and technologies. However, once identified these attacks can be stopped and traced back to a specific source more easily than other types of DDoS attacks. (NCCIC) This could lead limits of even resource starvation, where all resources are compromised and therefore unable to be used. In the presentation layer the main threat would be malformed SSL Requests, SSL encryptions, using SSL to tunnel HTTP attacks. These could affect systems to stop accepting SSL connections or restarting automatically. In the session layer DDoS attackers exploit flaws in a server running on a switch, therefore rendering the whole service unavailable. These become a problem when an administrator cannot go back into the server to perform switch management, leaving the service completely useless. For this, version updates and patch mitigations are key to keep vulnerability to a minimum. In the transport layer, this is where most attacks happen. Data, malware, viruses, softwares, all are transferred in this layer. This layer is extremely important, yet also extremely vulnerable. SYN flood attacks, smurf attacks, can all be accomplished here. This can result in bandwidth connections being broken, networking equipment being compromised, and even a network host shutting off. The network layer uses protocol IPs, ICMP, ARP, etc., and can be prone to ICMP Flooding which is A Layer 3 infrastructure DDoS attack method that uses ICMP messages to overload the targeted network’s bandwidth. This can affect available network bandwidth and impose extra load on firewalls. This can be countered by rate-limit ICMP traffic and prevent the attack from impacting bandwidth and firewall performance. The data link layer can have MAC flooding which overwhelms the network switches with data packets. This disrupts sender/recipient flows of data because all ports are clogged up. This usually is an easy fix, by limiting MAC addresses learned on the network. This allows authentication of MAC addresses and is very smart if on a large network. Finally, the physical layer, if attacked, could have physical destruction, obstruction, manipulation, or malfunction of physical assets. Probably the most scary layer of all seven, this layer could become unresponsive and could have to be completely repaired.
DDoS attacks are theft. They are stealing time and money from corporations that the corporations would not need to spend if the attacks were never made. DDoS attacks also use innocent civilian information to perform these attacks. They obtain these informations the same way identity thieves do. The best idea is to protect information and network. These can be valuable to a company and even a life. Society is at a time where internet is a necessity, and as humans we need to embrace it.
1. Where is the most hacking done?
Most hacking is done on layer 4. The transportation of different systems and programs, malware, etc happen here. Now they can attack other layers, but it starts at 4.
2. Who conducts DDoS attacks?
Criminals, activists, normal guy with a hate for Facebook, anyone can.
3. Why is the physical layer the scariest layer to be attacked?
Because so much loss can happen here. You’re talking about major physical assets
becoming completely unresponsive. That can be extremely detrimental.