Chapter 13: Information Security
Key Info and Terms
- Data harvesters: cybercriminals who infiltrate systems and collect data for
- Cash-out fraudsters: firms that purchase assets from data harvesters.
Actions may include stolen credit card numbers to purchase goods, creating
fake accounts via identity fraud, and more.
- These are efficient and sophisticated operations.
- Hackers may also infiltrate computer systems – hop from hardware to
- Botnets of zombie computers: hordes of surreptitiously infiltrated
computers, linked and controlled remotely.
o Click fraud, spam sending, or distributed denial of service (DDoS) --
- effectively shutting down web sites by overwhelming them with a
crushing load of seemingly legitimate requests sent simultaneously by
thousands of machines.
- Might be insiders, rivals, or foreign governments
- Cyber warfare a legit threat (terrorism, cut of power, cause explosions, etc.)
- Stuxnet: infiltrated Iranian nuclear facilities and reprogramed the industrial
control software operating hundreds of uranium-enriching centrifuges. Made
the devices spin so fast that they effectively destroyed themselves --- and
even made it look like nothing was out of place.
- 70% of loss-causing security incidents involve insiders
o employees can steal secrets, install malware, or hold a firm hostage.
o Also temporary staffers, contract employees,
o Cleaning or security staff
- Social engineering: con games that trick employees into revealing
information or performing other tasks that compromise a firm
Impersonating senior management
Making claims with confidenc
Answering bogus surveys
- Phishing: cons executed through technology, typically targeted at acquiring
sensitive information or tricking someone into installing malicious software.
o Lift logos, mimic standard layouts, and copy official language from
legitimate web sites
o Dupe users into downloading software that can record passwords
- Solutions to the password problem? Perhaps Biometrics: technologies that
replace conventionally typed passwords with fingerprint readers, facial