1. Introduction to Computer Science
Security and Privacy
Lecture b
This material (Comp 4 Unit 7) was developed by Oregon Health & Science University, funded by the Department
of Health and Human Services, Office of the National Coordinator for Health Information Technology under
Award Number 90WT0001.
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0
2. Security and Privacy
Learning Objectives - 1
• Define cybercrime and cybersecurity
(Lecture a)
• List common information technology (IT)
security and privacy concerns (Lecture a)
• List hardware components that are usually
attacked by the hackers (Lecture a)
• Explain some of the common methods of
attack (Lecture b)
2
3. Security and Privacy
Learning Objectives - 2
• Describe common types of malware
(Lecture b)
• Explain social engineering methods used
by cybercriminals (Lecture b)
• Describe methods and tools available for
protection against cyberattacks (Lecture c)
• Describe practices designed to minimize
the risk of successful cyberattack (Lecture
d)
3
4. Security and Privacy
Learning Objectives - 3
• Address specifics of wireless device
security (Lecture d)
• Explain security and privacy concerns
associated with EHRs (Lecture e)
• Describe security safeguards used for
health care applications (Lecture e)
• Provide the basics of ethical behavior
online (Lecture e)
4
5. Some of the Hackers’ Methods
• Packet sniffers can intercept Internet traffic
– Internet traffic consists of data “packets”,
which can be “sniffed”
– Usernames, passwords, sensitive information
• Software attacks
– e.g. Trojans, Viruses, Worms, Rootkits
• Guess at usernames and passwords
• Social Engineering
– Phishing, hoaxes
5
6. Malware - 1
• “Malware, short for malicious software, is
any software used to disrupt computer
operations, gather sensitive information,
gain access to private computer systems,
or display unwanted advertising”
(Wikipedia, 2016)
6
8. Trojan Horse - 1
• Name comes from the analogy with the
Trojan Horse from Greek mythology
• Malware program that is usually disguised
as useful and harmless software
• User tricked into installing it
– Misleading description or ad
– Trojan is injected into otherwise legitimate
software
8
9. Trojan Horse - 2
• Trojan Horse can
– Have an immediate or delayed effect
– Destroy and/or steal sensitive data
– Install other unwanted software
– Display unsolicited advertisements
– Transmit passwords, key strokes, etc. back to
the attacker.
9
10. Viruses - 1
• A program that, when executed,
replicates itself into
– Other computer programs
– Operating system files
– Data files
– Boot sector of the hard drive
– Attached drive (external HDD, flash drive,
etc.)
10
11. Viruses - 2
• Computer can get infected with a virus
from:
– Another computer in the same network
– Infected external drive
– Email attachment
11
12. Viruses - 3
• A virus can
– Reformat your hard drive
– Corrupt data
– Access private information
– Spam your contacts
– Log your keystrokes
– Consume infected computer’s resources:
CPU time or hard disk space
12
13. Viruses - 4
• A virus can
– Display advertisement and redirect web browsers
– In extreme cases, render the computer useless
• Majority of viruses target computers running
Microsoft Windows
• Removal may involve formatting the hard disk
and reinstalling the operating system or
restoring from a virus-free backup
13
14. Macro Viruses - 1
“Macro language is a special-purpose
command language used to automate
sequences within an application such as a
spreadsheet or word processor”
www.yourdictionary.com
• Microsoft Office applications commonly
use macros written in the Visual Basic for
Applications (VBA) macro language
14
15. Macro Viruses - 2
• Macro viruses target Microsoft Office
applications
– Written in a macro language such as VBA (Visual
Basic for Applications)
– Take advantage of MS Office applications
allowing for macro programs to be embedded in
documents, spreadsheets, or even email
– Activated when user opens a file in which the
macro virus resides
• Don’t even click on email from unknown sender
15
16. Worms
• Standalone malware program
– Uses a computer network to propagate
– Install a backdoor on the computer making it a
bot – computer under full control of a hacker
o Networks of bots referred to as botnets
o Commonly used for sending junk email or
attacking other computers or websites
– May cause significant harm to a network by
consuming bandwidth
16
18. Rootkits - 1
• Malware that actively conceals its actions
and presence
• Concealment occurs through:
– Removing evidence of original attack and
activity that led to rootkit installation
– Gaining control of the system
– Installing additional malicious tools to widen
scope of the attack
– Hiding files, processes, network connections
18
19. Rootkits - 2
• Removal
– Can be complicated
– May require
o Reformatting the hard drive
o Reinstalling the operating system
o Reinstalling all application software
19
20. Adware - 1
• Downloads and displays unsolicited ads
• Redirects searches to certain advertising
websites
• Collects information used for targeted
marketing without the user's knowledge
– Types and frequency of websites user visits
– User’s web searches
• Usually downloaded and installed without
user’s knowledge
20
21. Adware - 2
• Computer can get infected by:
– Visiting an infected website
– Adware embedded in legitimate applications
– Hacker technologies
• Adware that operates without user’s
consent is considered malicious
21
22. Spyware - 1
• Covertly collects information and
transmits.
• Common targets:
– User logins (usernames, passwords)
– Bank or credit account information
– Email contacts and addresses
– Keystrokes (also called keylogger)
– User’s surfing habits
22
23. Spyware - 2
• Can assert control over a computer
– Change computer and software settings
– Install additional software
• Can result in
– Slow Internet connection speed
– Unusual web browser behavior
23
24. Ransomware - 1
• Restricts access to files by:
– Locking the system
– Encryption
• Attacker demands payment to remove the
restriction
• User may have to reformat the hard drive
and reinstall the operating system and
application software
24
25. Ransomware - 2
• Some ransomware displays fake warnings
from law enforcement claiming:
– Computer has been used for illegal activity
– Stores inappropriate material, such as
pornography
– Runs a non-genuine version of Microsoft
Windows
25
26. Scareware
• Pop-up messages
claiming computer
is infected
• The pop-ups
cannot be closed
• In some cases
scareware makes
computer files
inaccessible
• Manipulates users
to purchase fake
security software –
frequently malware
(FBI, 2011, PD-US)
26
27. Personal Information Attacks - 1
• Phishing – fishing for sensitive information
– Attempt to trick user into revealing personal
information
– Typical phishing email appears asking to login
for verification purposes – do NOT respond
– Email link brings user to site that looks like
real web site of impersonated institution
– Remember: no reputable organization will
ever ask you to verify your log in credentials
27
28. Personal Information Attacks - 2
• Immediately report the phishing attempt to
the organization being impersonated
• Some email programs move suspicious
email to a quarantined Junk folder
– Removing email from the Junk folder also
takes it out of quarantine
28
29. False Information - 1
• Hoax
– Attempt to convince user of something false
– Usually come in form of an email
o IRS “official” notice
o Request to send money to facilitate inheritance
processing
o Request contributions
• Exercise common sense
– Search for email’s text, include the word hoax
29
30. False Information - 2
• Uncloak a hoax
– Use trusted Internet sites to detect hoaxes
o Snopes.com - http://www.snopes.com/
o Urban Legends Online -
http://urbanlegendsonline.com/
• Never forward email chains without
verifying their source
30
31. Security and Privacy
Summary – Lecture b
• Explored some of the common methods of
attack used by computer hackers
• Described common types of malware
• Explained some of the social engineering
methods used by cybercriminals
31
32. Security and Privacy
References – Lecture b
References
Macro language - computer definition. (n.d.). Retrieved July 10, 2016, from
http://www.yourdictionary.com/macro-language
Malware. (n.d.). In Wikipedia. Retrieved July 10, 2016, from
https://en.wikipedia.org/wiki/Malware
Images
Slide 17: Screenshot of Beast 2.07 malware. (n.d.). Turkcebilgi. Retrieved from
https://www.turkcebilgi.com/kötücül_yazılım_(malware) [Turkish]. This file is licensed
through the GNU Free Documentation License.
Slide 26: Scareware image. (2011, June 22). In ‘Scareware’ Distributors Targeted.
Federal Bureau of Investigation. Retrieved April 18, 2016, from
https://www.fbi.gov/news/stories/scareware-distributors-targeted.
32
33. Introduction to Computer Science
Security and Privacy
Lecture b
This material was developed by Oregon
Health & Science University, funded by the
Department of Health and Human Services,
Office of the National Coordinator for Health
Information Technology under Award
Number 90WT0001.
33
Editor's Notes
Welcome to the Introduction to Computer Science: Security and Privacy. This is Lecture b.
The component, Introduction to Computer Science, provides a basic overview of computer architecture; data organization, representation and structure; the structure of programming languages; and networking and data communication. It also includes the basic terminology of computing.
The objectives for this unit, Security and Privacy, are to:
Define cybercrime and cybersecurity
List common information technology, or IT, security and privacy concerns
List the hardware components that are usually attacked by hackers
Explain some of the common methods of attack
Describe common types of malware
Explain social engineering methods used by cybercriminals
Describe methods and tools available for protection against cyberattacks
Describe practices designed to minimize the risk of successful cyberattack
Address specifics of wireless device security
Explain security and privacy concerns associated with Electronic Health Records, or EHRs
Describe security safeguards used for health care applications
And, provide the basics of ethical behavior online
In this lecture, we will explore some of the hackers more commonly used methods of attack, describe common types of malware, and explain some of the social engineering methods used by cybercriminals.
Hackers use software known as a packet sniffer to read Internet traffic. An attacker lurking in a wireless café may be able to view all Internet traffic on that wireless network by using a packet sniffer. The hacker could capture the usernames and passwords of everyone in the café, which would be especially devastating if someone logged into their bank or credit card account while using the café’s wireless.
Another hackers’ method is to infect computers with malware such as adware, spyware, Trojans, viruses, worms, and rootkits.
Hackers also try to guess usernames and passwords and use social engineering techniques such as phishing to obtain sensitive information. We will talk more about each of these later in this lecture.
Malware is a broad term for software that is used by hackers and criminals. There is some overlap in the definitions and functionalities of some malware types.
According to Wikipedia, “Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising”.
Most computer users likely have experience with some form of malware. You may have inadvertently clicked on a file which, in turn, forced installation of some software on your computer. Although you didn’t approve the installation, it happened anyway. Or maybe you visited a web page and clicked on a link or button on the page that automatically installed software on your computer without your knowledge or consent. Everyone finds this experience frustrating so everyone must be mindful when opening email attachments, opening unfamiliar files, and clicking any links and buttons when surfing the web.
Types of malware include Trojan horses, viruses, macro viruses, worms, rootkits, adware, spyware, ransomware, and scareware. We will examine each of these in the following slides.
The name “Trojan” is based on an analogy with the Trojan Horse from Greek mythology. Just like in that story, this type of Trojan horse is not what it seems to be.
Trojan horses, or simply Trojans, are malware programs disguised as useful and harmless software.
The user gets tricked to installing a Trojan by a misleading description or advertisement.
Sometimes Trojans get onto your computer as malicious code injected in otherwise legitimate software.
An installed Trojan may start acting immediately, or it may wait a certain amount of time set by the hacker who created the Trojan. Delaying a Trojan’s activation makes it more difficult to control or prevent damage.
Many Trojans steal sensitive data for use by the hacker in blackmail schemes. Other Trojans destroy data found in the machine it’s installed on or across entire networks.
Some Trojans install other unwanted software. Others display unsolicited advertisements. Sensitive information such as bank accounts, passwords, or even key strokes can be transmitted back to the attacker from the Trojan.
When executed, a virus replicates by inserting copies of itself into other computer programs, operating system files, data files, boot sectors of the hard drive, or any other drive attached to the computer.
Viruses can be transmitted to your computer from another computer on the same network, from an infected external drive that got connected to your computer, or from opening a malicious email attachment.
Viruses can do a number of nasty things to your computer, including:
Reformatting your hard drive
Corrupting data
Accessing private information
Spamming your contacts
Logging your keystrokes
And consuming infected computer’s resources, such as CPU time or hard disk space
Viruses can also:
Display unwanted advertisements and redirect web browsers away from the site you were trying to access.
In extreme cases, viruses can render a computer completely useless. For example, some viruses disable important operating system functionality such as the ability to back up a hard disk. Some viruses will reformat a hard disk.
The majority of the existing viruses are designed to infect computers running the Microsoft Windows operating system.
When trying to remove a virus, you must be sure to eliminate all replicas of that virus. If even a single replica remains, the computer is still infected.
Often, the best option for getting rid of a virus is to format the hard disk and reinstall the operating system or restore from a virus-free backup.
According to the online version of PC Magazine, “macro language is a special-purpose command language used to automate sequences within an application such as a spreadsheet or word processor”.
Microsoft Office applications commonly use macros written in the Visual Basic for Applications, or VBA, macro language for good purposes.
Macro viruses can take advantage of Microsoft Office applications because those applications allow programs written in a macro language to be embedded in Microsoft Office documents, spreadsheets, or even email.
A macro virus gets activated when a computer user clicks a file in which the macro virus resides. Once installed, macro viruses can be as harmful as any other malware.
It is important to be aware of those risks when receiving files and/or emails from an untrusted source. If the sender is not known or trusted, it is best not to even click on the email or its attachment because that simple act may activate the macro.
Some email programs quarantine suspicious email, preventing it from doing harm to the system.
Unlike a macro virus or a Trojan, a worm is a standalone malware program. A worm spreads itself through computer networks by exploiting security vulnerabilities.
Worms install a backdoor on the infected computer. A backdoor is a stealthy method of bypassing normal computer system authentication. The worm gains complete control of the computer and turns it into a zombie, or bot.
Networks of such computers are referred to as botnets and are commonly used by spammers for sending unsolicited email. Botnets are also used for attacking other computers or websites.
Worms can create a lot of network traffic, and merely by their presence may cause significant harm to a network by consuming bandwidth.
This is a screen shot from the graphical user interface, or GUI, of Beast. Beast is a Windows-based backdoor Trojan, commonly known in the hacking community as a Remote Administration Tool or a RAT.
This Trojan remains harmless until it is opened. When opened, it uses the code injection method to inject itself into other applications. Once that happens, it gives the hacker full control over the infected computer.
A rootkit is malware that actively conceals its actions and presence.
Rootkits conceal themselves by:
Removing the evidence of the original attack and activity that led to the rootkit’s installation
Gaining control over the system
Installing additional malware
And hiding the files, processes, and network connections that it uses.
Removal of a rootkit can be extremely difficult and frequently it is more time and cost efficient to reformat the hard drive and reinstall the operating system and all application software.
Adware does what its name suggests: it downloads and displays unsolicited ads.
It can also redirect web search requests to certain advertising websites.
Some adware collect data that can be used for targeted marketing, such as the types of online purchases you make, which websites you visit and how often you visit them, or the content of your web searches.
Based on this information, customized advertisements can be displayed.
Usually adware is downloaded and installed without the user's knowledge.
A computer can get infected with adware by
Visiting an infected website that results in unauthorized installation of adware
Adware being embedded in otherwise legitimate applications
And use of hacker technologies
Strictly speaking, not all adware is considered malware; only adware that installs and operates without user’s consent is regarded as malicious.
Spyware covertly collects information about a person or organization and transmits that information in the background to another entity. Spyware can collect almost any type of data. Data that is commonly targeted includes:
User logins
Bank or credit account information
Email contacts and addresses
Keystrokes
and user’s surfing habits
Spyware can also assert control over a computer without the user's knowledge. It can change computer and software settings and install additional software. This can result in slow Internet connection speeds and unusual behavior of Internet browsers.
Ransomware blocks access to files on the infected computer. The motivation for doing this is to coerce the victim into paying a ransom to get the files released.
Restricting access to a computer’s data can be achieved in a number of ways, among them:
Locking the computer system
And encrypting the files
If the victim pays the ransom, the ransomware operator may or may not remove the restriction.
In some cases, there is no choice but reformat the hard drive and reinstall the operating system and application software to get rid of the ransomware.
Some versions of the ransomware display fake warnings that impersonate law enforcement agencies. These warnings may claim that the computer has been used for illegal activities, contains inappropriate material such as pornography, or runs a non-genuine version of Microsoft Windows.
Again, the user is forced to pay off the hacker or face having to do a lot of reformatting and reinstalling.
Scareware produces pop-up messages falsely claiming the computer is infected with a virus. These warnings are persistent and the pop-ups usually can’t be closed easily.
The pop-ups often tell users to click a provided link to buy their anti-virus software, which is “guaranteed” to clean the computer.
In some cases, scareware behaves similarly to ransomware by blocking access to files on the computer until the user buys the advertised anti-virus software. Unfortunately, that software often mimics legitimate security software but is useless in the best case, and frequently is itself malware.
Personal information attacks are accomplished through an activity called phishing.
Phishing is an attempt to trick a user into revealing personal information to an attacker so that they can impersonate the user.
For example, the attacker will send an email that appears to be from the user’s bank, commonly used internet purchasing sites such as Amazon and eBay, or even from a corporation’s CEO. The message asks the user to log in to verify a transaction or to verify a username and password.
Clicking a link that appears in a phishing email will open a website that looks very similar to the website belonging to the institution that the phishing email is trying to impersonate. Gullible users will type in their credentials for the site and, by doing so, give away valuable information.
Never respond to such an email request and never click links contained therein. Banks or financial institutions―indeed, any reputable Internet merchant―would never send an email asking for such actions.
If you are the subject of a phishing attack, contact the institution being impersonated by an attacker and report the incident immediately so that they can investigate.
Most email software, such as Microsoft Outlook, monitors for phishing activity and moves suspicious email to a non-functional folder called “Junk Email.” The email is quarantined and isolated from the rest of the computer system and is not actionable as long as it remains in the Junk email folder. Be wary of moving email out of the Junk email folder. Doing so takes it out of quarantine.
Hoaxes are attempts to convince a user of something that is not true. They usually come in the form of an email. Some hoaxes ask users to send money to someone in another part of the world. Others ask users to contribute to find missing children.
In some cases, emails requesting funds for missing children are valid, but in most cases they are not. Unfortunately, there are always stories of people who respond to email requests for money from another part of the world and are scammed out of their money. For example, an email may read “Send us $10,000 and we’ll send you $50,000.” It may be hard to believe, but people do fall prey to these types of scams. If these types of attacks were not successful, they would cease to exist.
If an email appears to be a hoax, use a search engine to determine whether the email’s message is real. For example, if the subject line of the email contains, “Missing Child” in some city, enter the text of the subject line in a search engine, adding the word “hoax” to the end. The search results will usually indicate whether the email is a hoax.
It is important to use trusted Internet sites to detect hoaxes. Therefore, when running a search, look for results from reputable sites. Snopes and Urban Legends Online are two such sites. They display an image of the email on their site and share whether their investigation reveals it to be a hoax.
Never forward email chain letters, which are typically hoaxes, without verifying their source and identifying them as true.
This concludes lecture b of Security and Privacy. In summary, this lecture
Explored the common methods of attack used by computer hackers
Described common types of malware
And explained social engineering methods used by cybercriminals