Safety is a natural concern. Over past decade, it has become one of our top priorities. We have spent a lot of money safe guarding ourselves from physical. To the contrary, we have not mastered the art of cyber defense yet. We keep our children from talking to strangers on streets. We do our best to safeguard our cash from thieves. Conversely, this sense of responsibility has not entered our cyber lives to date. In this paper, I introduce you to most dominant cyber threat today — identity theft. I will also provide you with tips to avoid such threats in future.
According to Federal Trade Commission’s website, “Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes” (Fighting Back Against Identity Theft). When we perform transactions online the input is sent to a remote server for being processed. This information can be intercepted and used by an identity thief for committing fraud. With this personal information, an identity thief can borrow loan, open an account with a phone company, or even give your information to police during an arrest. According to FTC, these actions of an identity thief can lead a victim to credit card debt and even a warrant from police.
I. How Identity Theft Works
Identity theft can be stopped by use of precaution in cyber world just like we do in physical world. Theft that occurs on World Wide Web does not differ much from physical theft. In following paragraphs I discuss a few of many methods that identity thieves use today.
An identity thief’s best weapon is our trust for others. We trust our bank’s website, I-T Director’s email address, and PayPal’s service desk. What do not realize is that all these fronts can be personas of an identity thief. Our trust combined with today’s technology makes it easy for a malicious party to fake a legitimate front. Phishing techniques are very sophisticated and take more than an antivirus to be detected.
Tech-savvy identity thieves can try to hack your computer or website passwords. This will provide them easy access to your personal information. Hackers make use of key loggers to steal your key strokes. They can also hide malicious code in software or image downloads. Networks or computers that do not have a firewall installed become more vulnerable to hacking. Irresponsible use of social media has increased number of identity thefts occurred through hacking (Javelin Strategy and Research, 2012).
Malware is any malicious software designed to gather sensitive information without consent (Nash, 2005). There are many types of malware including spyware, worm, Trojan horse, adware, and most malicious of them all — rootkit. Malware can reach your computer from a software download or by simple web surfing. As its name suggests, a Trojan horse is designed to be undetectable. Rootkits take this concept even further by altering your operating system to avert detection and enable privileged access to resources (Hoglund & James, 2006). A spyware is sometimes able to change your internet settings to redirect your to a malicious website (Types of ID Theft).
II. Preventing Cyber Threats
While an identity thief can use malware and viruses to corrupt your operating system and steal your critical personal information, antivirus and anti-malware software can help reduce the threat. Most of software use signature based techniques to detect malicious activity. This technique involves search known pattern in executable code. To aide against unknown patterns, anomaly based antivirus and anti-malware programs look for deviant behavior in running processes. There are many free security software available online. Two well recommended and free Antivirus applications are Microsoft Security Essentials (Windows) and Sophos (Mac).
A host or network based firewall can help keep hackers out of your home or office network. Firewalls create a barrier between your trusted internal network and internet (Oppliger, 1997). By applying certain set of rules to incoming traffic, firewalls decide whether some data is forwarded to destination or not. Firewalls can also be combined with an Intrusion Detection and Prevention System (IDS) to monitor malicious activities (Scarfone & Mell, 2007). Zone Alarm offers a much recommended firewall for personal use for free.
c. Strong passwords
Passwords are keys to our personal information. Their purpose is to restrict access to services and resources. By using a strong password, one can keep intruders out of secure area. Many standards have been written to suggest nature of a good password. Most commonly, a password is considered strong if it combines alphanumeric characters and symbols at random. As todays computers become faster and faster, it is hard to suggest a good password length. However, a password with length of 9 or more alphanumeric characters and symbols and no dictionary words is difficult to break by an average hacker.
Encryption is a method of converting data and information into a form that is not readable by an authorized party (Office of Information Technology, 2011). Many banks and online merchants use HTTPS protocol to provide secure online transactions. HTTPS combines encryption algorithms and digital certificates to provide confidentiality. It is recommended that you only exchange critical information with websites that use HTTPS protocol.
e. Onion Routing
While confidentiality of our data is important, we sometimes require privacy. Onion routing is a method of routing a packet through multiple pseudo-random routes. This method, combined with encryption, provides confidentiality and anonymity. Data is encrypted-decrypted-encrypted at each route to guarantee anonymity (Mathewson, Syverson, & Dingledine). The U.S. Navy project The Onion Router is a well recommended product for surfing internet anonymously.
With advance in technology, internet has become an essential part of our culture. While it provides opportunities for research, fun, and business; many criminals have learned to use it for fraudulent activities. With use of strong passwords, firewalls, antivirus software and other methods described in this paper, it is possible to achieve a safer presence online.
Fighting Back Against Identity Theft. (n.d.). Retrieved 05 07, 2012, from Federal Trade Commission: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html
Hoglund, G., & James, B. (2006). Rootkits: Subverting the Windows Kernel. Upper Saddle River: Addison-Wesley Professional.
Javelin Strategy and Research. (2012, 02 22). Identity Fraud Rose 13 Percent in 2011 According to New Javelin Strategy & Research Report. Retrieved 05 07, 2012, from The Wallstreet Journal: http://www.marketwatch.com/story/identity-fraud-rose-13-percent-in-2011-according-to-new-javelin-strategy-research-report-2012-02-22
Landesman, M. (n.d.). What is a Virus Signature? Retrieved 05 07, 2012, from About.com: http://antivirus.about.com/od/whatisavirus/a/virussignature.htm
Mathewson, N., Syverson, P., & Dingledine, R. (n.d.). Tor: The Second-Generation Onion Router. Onion Router.
Nash, T. (2005). An Undirected Attack Against Critical Infrastructure: A Case Study for Improving Your Control System Security. Livermore: Lawrence Livermore National Laboratory.
Office of Information Technology. (2011, 06 20). Security Awareness – Encryption. Retrieved 05 07, 2012, from University of Colorado Boulder: http://oit.colorado.edu/it-security/security-awareness/encryption
Oppliger, R. (1997). Internet security: firewalls and beyond. New York: Communications of the ACM.
Quin, J. (2009). Understanding Password Cracking: The Key to Better Passwords. London: Info-Tech Research Group Inc.
Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). Gaithersburg: National Institute of Standards and Technology.
Types of ID Theft. (n.d.). Retrieved 05 07, 2012, from Identity Theft Security: http://www.identitytheftsecurity.com/protect.shtml