COMPUTER INFORMATION:

SECURITY THREATS

Greg Lamb

IntroductionIt is clear that we as consumers and entrepreneurs cannot

expect complete privacy when discussing business matters.

However…

There are three key aspects of privacy that we all do expect.

1. Freedom from intrusion

2. Amount of control of information about oneself that we have

3. Freedom from surveillance

Laws Protecting Our Privacy

4th Amendment in U.S. Constitution

Privacy Act of 1974○ Restrict the data in federal government records to “relevant

and necessary information” to the legal purpose for which they are collected.

○ Allow people to access their records and correct inaccurate information.

○ Require procedures to protect the security of the information in databases.

○ Prohibit disclosure of information about a person without his or her consent.

Personal Information Threats

Privacy threats come in several categories:

Intentional, institutional uses of personal information Unauthorized use or release by “insiders” Theft of information Inadvertent leakage of information through negligence or

carelessness Our own actions

○ Trade-offs○ Lack of knowledge (Invisible information gathering)

Statistics

Over 80% of security breaches are caused by insiders

More than 20% of attacks on the corporate web are coming from the inside

30% of companies, experience more than 5 attacks from the insider per year

Government Databases

Tax Records Medical Records Marriage/Divorce records Property Ownership Welfare records, including family details Motor vehicle records Books checked out at public libraries

Computer Error

ATM’s All transactions are recorded in a database at the bank.

This information can help track a persons whereabouts and activities.○ Example: An error in the computer program that operates ATM’s for a

New York bank caused accounts to be debited twice the amount of the actual withdrawal. Less than 24 hours More than 150,000 transactions Totaling around $15 million

Threats Customer database breaches can occur for any

number of reasons. Attack on a credit card company’s server A laptop lost by a health insurance employee Since 2005, more than 500 million customer records have been exposed

illegally.

Facebook While social networking sites are designed to help users share

information with others, it can be just as easy for unknown visitors to eavesdrop.

Within the past few years, Facebook has come under fire for allowing third-party app developers to collect and sell information about users.

Threats (cont.) Phishing

Sending millions of e-mails fishing for information to use to impersonate someone and steal money or goods

Pharming A technique that lures people to fake Web sites where

thieves collect personal data.

Cyber stalking The use of the internet or other electronic means to stalk or

harass an individual. ○ False accusations○ Monitoring○ Making threats○ Identity theft○ Damage to data or equipment

Threats (cont.)

Wi-Fi Hijacking Public Wi-Fi spots often not setup with

security. (Un-secured network)This is when one user on a network grabs a

browser session from another user after he’s logged into a supposedly secure website, such as Facebook.

The attacker then has complete access to the victim’s account and can change the password to lock the victim out.