Emin Guliyev | ICS 20 Pd. 6

The Issues Associated with Online Services

Introduction

Although the internet allows us to access information quickly, socialize with others frequently and entertain us in a moments notice,
there are also downsides to accessing all these online services. These problems range from being hacked online, network attacks and insecurities
to computer viruses online. Today I will be showing you 4 topics on these issues associated with online services. Although these are not all the
issues with online services, these are the main topics that you may face at least one or more times in your lifetime.

Password Insecurity

Online, a password is a barrier that prevents anyone accessing your personal account.
According to Merriam-Website Dictionary, a password is defined as "a secret series of numbers or letters that allows you to use a computer system" (1). It is a barrier between your account/personal information
and thieves who want to access your account. As a result, it is the first and last line of defence between someone accessing your account online. In 2015, 2 in 5 people were hacked, had a password stolen or had a notice that their account had been entered (2). Simple english words and a series of numbers can obviously be hacked very quickly, especially if your password happens to be "password", "1234567890" or your birthday etc. It is also patterns in human behaviour that allow hackers to hack the passwords for your accounts. For example, 50% of all passwords have a vowel, capital letters at the beginning are followed by vowels, and 66% of people use
the same 1 or 2 passwords for all of their accounts (3). It is human behaviour that allows hackers to enter online accounts easier. Frequently, we are too lazy to type in a complicated passwords that are hard to
remember multiple times throughout the day and hackers use that to their advantage. Even if your password is secure,
telling someone your password completely compromises its security. Since much of our information is online,
anyone accessing personal accounts will likely be catastrophic, since they are able to use our information against us,
steal our information as identity theft, or steal money from an online account. Thus, password insecurity
is one of the largest issues associated with online services.

Unless you want your account to be hacked and your personal information to be stolen,
it is in your best interest to follow the following criteria when creating your password.

Criteria To Create A Strong Password/Prevent Being Hacked:

A combination of uppercase, lowercase letters, numbers, and other characters (eg.~,@,$,^,*).
The length of at least 8 characters.
Do not use words/dates related to you (eg. your birthday, your pet's name etc.).
Change your passwords every 3-4 months.
Use different passwords for different websites.
Use Two-Factor Authentication (if possible).

You can always check the strength of your password here:
Check Your Password Strength! (4)

Identity Theft

Identity theft refers to collecting and acquiring someone else's personal information for criminal purposes (5). Hackers or thieves online use your information for their personal benefit, such as gaining access to bank accounts or other important online accounts. $16 billion dollars was stolen from 15.4 million people in the U.S. in 2016 (6). As a result, it is important to have a strong password online, share less personal information online, and use two-factor authentication in order to prevent hackers from accessing your personal information, which I talked about earlier on this page. However, thieves can also access your personal information or accounts through computer viruses, such as spyware, on the internet, which makes it important to use anti-virus/anti-malware programs to protect you from these sites. In addition, they use other elaborate schemes online in order to access your personal information. A few of these schemes include phishing and skimming scams. Skimming is the illegal theft of physically copying information from a credit card usually on ATMs, whilst phishing is the illegal theft of credit card information online, through a scam/untrusted website (7).

What are they looking for and how can they use it against me?

Online thieves are looking for your:

Full Name
Date of Birth
Address
Mother's Maiden Name
Signature
Username/Password
Driver's License Number
Passport Number
Personal Identification Number (PIN)
Credit Card Information
Social Insurance Number
Bank Account Numbers

With your personal information they can access your:

Email (to steal personal and financial information).
Online shopping accounts (to steal credit card and address information).
Banking accounts (to transfer funds and apply for loans).
Credit card accounts (to shop and apply for new cards).

With your information, they can also:

Spend money from your accounts.
Open new bank accounts.
Change your passwords and contact information for your online accounts.
Apply for loans, credit cards and benefits in your name.
Rent an apartment or car.
Commit other crimes using your credentials.

(8)

Denial of Service Attacks

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources (9). As a result, the online service becomes overloaded and cannot function properly any longer. For example, it relatable to a mental breakdown in humans. When we are overstressed and overworked, we also tend to break down. The same applies to online services. Daily, there are more than 2,000 denial of service attacks, targeting websites such as bank or news websites (9). As a result, no one can access that information online. They use something called "botnets" to overload these services. Similar to a computer virus, the people launching the attack will send bots through emails, websites and social media to infect your computer and eventually take control of it to overwhelm an online service (9). 1/3 of all downtime incidents come from DDoS attacks (9).

Types of DDoS attacks:

TCP Connection Attacks - Taking Up Your Connection

This type of DDoS attack exhausts all the avaliable connections and eventually
overload the server connection with their bots. The server cannot withstand
the mass of people connected to their server and the connection begins to timeout
and actual people cannot receive information from the server anymore.

Volumetric Attacks - Taking Up Bandwitch

This type of DDoS attack drains through the bandwidth of a server and stops
the connection between the network and the Internet. In short, these attacks
just conjest the network with the overflow of the bandwidth used by the bots.

Fragmentation Attacks - Packet Overflow

This type of DDoS attack takes packets of data and floods the victim with
all of these packets of data. The server/network attempts the reassemble
these packets of data, but is overwhelmed, limiting the performace of the
server/network.

Application Attacks - Specific Application Overflow

This type of DDoS attack targets a specific application or service and barrage
the application/service the victim is using. However, attackers do not need
to use as many bots to have the same effect, and as a result, it makes this
type of DDoS attack harder to detect.

(9)

Computer Viruses

A computer virus is a type of code that is written to harm a computer and change the
way they operate (10). They are designed to replicate themselves and spread from computer
to computer, similar to a virus or disease in real life. They have the power to destroy data,
software and even your computer, if left long enough. They attach themselves to programs within
the computer and once that program is opened, the virus begins to run (10). On top of being quite
destructive, some also have the ability to steal passwords/data, spam your email and manually
control your computer (10). They are able to replicate through social media, text and emails,
however, the easiest way of contracting a computer virus is by going to an unsafe website and
getting one there. However, you can stop it through anti-virus programs (eg. Norton Security,
Bitdefender or McAfee), that stop you from reaching unsafe/untrusted websites and help you remove
computer viruses if you do manage to get one by accident.

Here are examples of viruses you should look out for:

Trojan Viruses:

A trojan virus disguises itself as another harmless program you have and
as a result can be undetected, hence the name, trojan virus. It is a "silent
killer" as it will secretly change,adjust and delete files without you noticing.
As a result, it will not slow down your computer, but can still cause significant
damage if it does unnoticed.

Botnets:

A botnet is a virus that allows a hacker to access and gain complete control
of your computer. Obviously, having complete control over your computer is
very dangerous, as they can steal personal information, download a different,
more distructive virus onto your computer or even make your computer participate
in a DDoS attack.

Scareware:

A scareware virus is a virus that forces your into a lose-lose situation.
A pop-up message appears that informs you that you have a virus and tells
you to purchase a program to get rid of it. If you ignore it, it does not
go away and if you click on the message, it infects your computer. If you
buy their product, your computer is infected with a botnet and now the
criminal has full control of your computer. Thus, you should always have an
anti-malware program on your computer.

(11)

Questions!

What is a skimming?
What is a volumetric DDoS attack?
What is a trojan virus?

Answers

Bibliography

"Password." Password - Definition for English-Language Learners from Merriam-Websters Learners Dictionary, learnersdictionary.com/definition/password.
"Protect Yourself With A Password", https://assets.entrepreneur.com/static/1433198293-password-info.jpg?_ga=2.51037353.1069528750.1515600134-2030389628.1515600134.
"Passwords: Fascinating Facts and Smart Tips for Mankind." HALOCK, www.halock.com/blog/passwords-fascinating-facts/ .
Collider, Small Hadron. "How Secure Is My Password?" How Secure Is My Password?, howsecureismypassword.net/ .
Government of Canada, Royal Canadian Mounted Police, Federal and International Operations, Commercial Crime Branch. "Identity Theft and Identity Fraud." Identity Theft and Identity Fraud - Royal Canadian Mounted Police, 4 Dec. 2015, www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm .
"Facts Statistics: Identity theft and cybercrime." Facts Statistics: Identity theft and cybercrime | III, www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime.
Staff, RateCity. "Avoid skimming and phishing credit card fraud." RateCity.com.au, 4 Jan. 2010, www.ratecity.com.au/credit-cards/articles/avoid-skimming-and-phishing-credit-card-fraud.
Government of Canada, Royal Canadian Mounted Police, Federal and International Operations, Commercial Crime Branch. "Identity Theft and Identity Fraud." Identity Theft and Identity Fraud - Royal Canadian Mounted Police, 4 Dec. 2015, www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm .
"What is a DDoS Attack?" Digital Attack Map, www.digitalattackmap.com/understanding-ddos/.
"Malware." What Is A Computer Virus?, us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html.
Smith, Ned. "The 3 Most Common Types of PC Virus Infections." LiveScience, Purch, 27 Apr. 2010, www.livescience.com/g00/6355-3-common-types-pc-virus-infections.html?i10c.encReferrer=&i10c.ua=1.