AVG (AU/NZ) helps home and business users understand who they need to protect themselves against they have provided us with this piece:
Today, almost all computers are connected to the Internet. This means they're connected to other computers – which involves risk.
We use our PCs for both work and play. We shop, bank and play games online – even when we're at work – but we also work when we're at home. The web is a research tool and an entertainment centre, letting us access music, movies, TV shows and much more. In doing so we store useful information, indeed even vital private and personal information, on our PCs.
Lloyd Borrett, Security Evangelist at AVG (AU/NZ) Pty Ltd, says: “Therefore, it is extremely important that you store your information properly and keep it secure. It’s also important that you protect your PCs from misuse, abuse and data loss. Why? Because there are bad guys out there and you don’t want them getting their hands on your information.
“Bad guys? Yes, it’s a term we Internet security people use frequently, but do you fully understand who the bad guys are? Before you can properly arm yourself against a security attack and/or breach by the bad guys, it helps if you know who to watch for so that you can put in place the proper layers of defence.”
There are actually quite a few unique categories of bad guys to look out for. They are variously referred to as hackers, crackers, script kiddies, cyber criminals, cyber spies, cyber extortionists, cyber activists, cyber terrorists, cyber warriors, and even unethical friends or staff. Technically a cyber crime is any intentional breach in computer security via the Internet, or some other illegal act facilitated by the Internet.
Know Your Enemy:
In the early days of computers, “hackers” were white hat good guys who tried to do no harm and hacker was a benign term. Hackers illegally accessed computers to learn more about them, or to find security holes in the computer or the network to which it’s attached. They did nothing malicious, used their skills for good purposes and took pride in the quality of hacks that would leave no trace of an intrusion. Today’s white hat hackers are typically computer security experts, who specialise in penetration testing and other security testing methodologies to ensure that a company’s information systems are secure.
During the early 1980s the lay of the land changed and we started to see the rise of “crackers”. This refers to a person who intentionally accesses a computer, or network of computers, for evil reasons - typically, with the intent of destroying and/or stealing information. Today these bad guy crackers are sometimes referred to as black hats, or mostly just hackers. Usually, both hackers and crackers have very advanced computer and networking skills allowing them to develop scripts or programs to help them attack computer systems and networks.
Hacking tools can sometimes fall into the hands of “script kiddies”, who often use them randomly and with little regard or perhaps even understanding of the potentially harmful consequences. These script kiddies usually have very limited computer skills and can be quite immature, trying to effect large numbers of attacks in order to obtain attention and notoriety.
We typically use the term “cyber criminals” to describe those who use the Internet in illegal ways, or to facilitate illegal or fraudulent activities.
More specifically, cyber criminals are the people trying to put malware onto your system so that they can obtain valuable information such as credit card and bank account details, user names and passwords. This is identity theft and those responsible will either use the information to defraud someone, or sell it on to someone else who will.
Cyber criminals are also scammers and phishers who try to con you into giving them money. They might claim to need your help to transfer large amounts of money, or that you’ve won a prize in a lottery you never entered. Sometimes it's the promise of an inheritance from a wealthy relative you’ve never heard of.
Some cyber criminals illegally distribute software, music, movies against copyright laws. They might even sell illegal forms of pornography. Typically their activities are entirely profit motivated, though in the cases of cyber bullying and cyber grooming the motivations lie elsewhere.
Not all cyber criminals have sophisticated computer and networking skills. Today, the vast majority of cyber criminals simply use the malicious tools and kits marketed for profit by those creating them.
In effect, most cyber criminals are simply up-to-date script kiddies, but now they’re motivated by profit, not notoriety. For about US$400, almost anyone can buy appropriate scripts and after about four hours of working through the instructions, be fully set up as a cyber criminal. Scary stuff.
People trying to illegally obtain information about companies or government organisations are known as “cyber spies”. Typically when the attack is against a business it is profit driven, while when it’s against government organisations it is espionage.
People who carry out blackmail via the Internet are “cyber extortionists”. For instance, threatening to release confidential information if an individual or company does not pay a large amount of money. Cyber extortionists may put in place a distributed denial of service attack (DDoS) against the web site or network of a business and demand payment to stop the attack. They might trick you into downloading and installing malware/scareware/scamware, for example rogue anti-virus software, and then demand payment in order for it to be removed.
Relatively new on the scene are “cyber activists” who use the Internet as a fast and cheap communications tool for their public movements. They may be involved in cause-related fundraising, community building, lobbying and organising public demonstrations. One example is Iranians using Twitter to organise mass protests in 2009.
Of course, one man’s freedom fighter is another man’s terrorist, so we also have “cyber terrorists”. These are cyber criminals who use the Internet to destroy computers or disrupt Internet-connected services for political reasons. Just like a regular terrorist attack, cyber terrorism typically requires highly skilled individuals, a lot of money to implement, and detailed planning. An example is when hundreds of DDoS attacks in 2007 virtually took down the Internet in Estonia.
It seems that many countries, including the USA and China, have decided that the Internet is a valid tool to fight a war against their enemies. While the Internet can be used to greatly enhance military and economic power, it also presents a soft underbelly to present and future adversaries. Thus governments are recruiting and training “cyber warriors” to use the Internet for offensive attacks, and to protect us from such attacks by others. Sad, but true.
How to protect your business and yourself
Borrett says, “By going online, everyone is exposed to all these forms of bad guys. Thus it’s crucial for both businesses and individuals to keep their information secure so that the bad guys can't gain access to it. Here’s some advice:
Have up-to-date and properly configured Internet Security software on all the PCs you use, for example AVG Internet Security at home and AVG Internet Security Business Edition at work.
Lock down desktop PCs, laptops and servers by limiting user privileges, eliminating unnecessary applications and having strong passwords.
Giving up administrator privileges is a simple way to remove 90% of the risk of malware being able to install and run.
Understand who might be looking to break through your defences and how they might go about doing it.
Think like the bad guys.
Hopefully the information we’ve provided here will help you to do this.”
AVG (AU/NZ) has a comprehensive range of security tips for home and business users on its web site at www.avg.com.au/resources/security-tips