Internet Security Research Paper

!!!

!!

Research Paper

Internet Security and Privacy

Vinicius Lima de Moraes

AECP - ASU

!!!!!!!!!!!!

Research Paper Page !2

ABSTRACT

! This research presents important aspects regarding internet security, focusing on how

threats can affect users. Also, it describes the definitions of the most common attacks and web

threats, lists some numbers and charts obtained by Symantec, an well established security

company in the web market, and some analysis on government surveillance programs.

Furthermore, it intends to show how important is the Brazilian initiative over the Civil Rights for

the Internet Framework and its principles as a regulation tool.

!!!!!!!!!!!!!!


Internet Security And Privacy

! The internet is part of peoples life. Every person is connected by some electronic device

to the world wide web, accessing information, establishing relationship, taking care of their

finances, working, and etc. Day by day, the number of internet users increases, people try to

discover new ways of use, and companies explore opportunities to improve their business.

However nowadays it is reality, the need for web security has become imperative (Bhasin, 2003).

Most part of worries regarding security for web transactions are over e-commerce

operations and personal data. A large number of solutions specially developed to work as digital

wallets can be used for payments through the web. Also, there are many different social

networks, through which people share, with their friends, photos and information about their life.

Taking advantage of it, bad intentioned people are working to intercept such information and

committing crimes.

According to Shweta Bhasin (2003), another reason that is an important concern about

web safety is the number of different new programming languages emerging on this scenario.

The complexity of the breaches of internet security is getting higher, whereas the number of

people who can detect those attacks is getting scarce. Bhasin still says that as the use of internet

is increasing, the chances for breaches and consequently attacks increases too.

A breach can be defined as illegal access to information that can result in disclosure,

obliteration, or alteration of information (Bhasin, 2003).

!!


!!

Total Breaches

0

40

80

120

160

2012 2013

156

93

Figure 1 - Comparative of Number of Total Breaches!Source: Symantec Internet Security Threaten Report - 2014

Total Identities Exposed (Million)

0

150

300

450

600

2012 2013

552

253

Figure 2 - Comparative of Total Identities Exposed!Source: Symantec Internet Security Threaten Report - 2014


According to the Symantec Internet Security Threaten Report (2014) , in 2013 the main 1

issues that called organizations attention were cyber-espionage , threats of privacy and the acts

of malicious insiders. In the same year, eight breaches exposed more than 10 million identities,

causing problems of wild scam to many users and businesses. Following, the most important

trends in 2013 gathered by Symantech:

! 2013 Was The Year of Mega Breach

Targeted Attacks Grow and Evolve

Zero-day Vulnerabilities and Unpatched Websites Facilitated Watering-Hole Attacks 2 3

Ransomware attacks grew by 500 percent in 2013 and turned vicious 4

Social Media Scams and Malware Flourish on Mobile

Prevalence of Scams Fails to Change User Behavior on Social Media

Attackers are turning to the Internet of Things

! Bahsin (2003) says that there are several types of security breaches, as follows:

! Spam e-mails: companies access subscribers information from a service provider

database, without its permission, to send offers to users.

http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf1

An attack that exploits a previously unknown vulnerability in a computer application (Wikipedia).2

An attack that consists in observing a group of users and trying to infect them by the sites they trust (Wikipedia).3

A type of malicious software designed to block access to a computer system until a sum of money is paid 4(Google).


Unauthorized access of confidential data: usually an individual accesses a database to

get information such as address, social security number, bank details, intending to create

fake identities.

Eavesdropping: An intelligence agency of a country accesses the network of another

country to get confidential data.

Hosting stealth: A company gets unauthorized access to another companys web host to

store its own websites and promote themselves.

Login automated scripts: a hacker creates a script to automate login requests to a

computer.

E-mail servers invasion: Individuals get unauthorized access to e-mail servers to

adulterate or steal information.

Network invasion: Individuals get unauthorized access to a network, like banks,

companies, virtual stores, to generate scam, steal confidential information or even steal

money.

Virus attacks: Viruses spread over the internet in different ways.

DNS Hijacking: Hackers change the address map on a server to redirect users to a

malicious website.

DoS attacks: Hackers increase the data traffic directed to a website or online service,

blocking the access by other users due the high number of requests.

! However organizations are thinking of how to create better solutions to eliminate those

issues, security in the internet cannot be 100% effective. It usually happens because of the speed


how technology gets changed, whereas companies keeps their vulnerabilities unrevised, instead

of anticipate possible threats. Individual users usually dont realize how dangerous the lack of

knowledge about this problem can be. Even though they have some concerns about that, they

cannot solve the problems easily. Anyway, the risks can be minimized. As presented by the U.S.

Department of Homeland Security (2003), in the article entitled The National Strategy to Secure

Cyberspace, reducing vulnerabilities is a challenge. What makes it a tough work is the range of

different types of users and devices, which are not completely compatible among them. Still

according to the DHS, digital safety over the web should be analyzed on five levels:

Level 1: Home User / Small Business

Though it is not critical, the computer of home users can become part of a zombie network, being remotely controlled to perform attack over important organizations, usually denial-of-service attack.

Level 2: Large Enterprises

Corporations, government and university are in this level. These entities, considering they possess significant data and power, are constantly targeted by hacker attacks.

Level 3: Critical Sectors / Infraestructures

If the organizations of a sector are grouped, working together over a situation which can affect all the sector, better is the effectiveness of the actions.

Level 4: National Issues and Vulnerabilities

A hacker issue can affect seriously a nation, what can undermine different sectors at the same time. Such issues cannot be solved by an individual enterprise. The solutions usually relies over professionals' training, and research to improve technologies.

Level 5: Global

The world is immersed in the internet, mixing a huge variety of systems. Hence, it depends on global shared standards to shape it in a full compatible communication system and minimize the effects of cyber attacks.

Figure 3 - The five levels of the cyber security scope!Source: The Reference Shelf - Internet Safety


Regarding threatens existent in the internet, they are uncountable. According to Richard

Joseph Stein (2009), viruses maybe are the most common form of computers threat. In general,

people use to call virus anything causing problems on their computer operation, no matter the

reason. Another threat are the spam e-mails, what is defined as a non wanted advertisement via e-

mail. Mostly, this type of threaten collaborates to elevate the rates of identities theft, once they

can embed viruses or links to capture the users personal data. This practice is known as

phishing. Also, as threatens, there are the ones called botnets. The botnets are originated from

contaminated machines which, after that, can be controlled automatically to trigger malicious e-

mails or others types of bad content. Normally the computers owner doesnt know about this

issue. It is necessary a scan by an anti-virus tool to detect the problem. However there are several

classifications for viruses, in general their aim is steal information from users and use it in order

to generate money illegally.

Figure 4 - Top-ten botnets, 2013.!Source: Symantec Internet Security Threaten Report - 2014


The consequences of data stealth for companies and domestic users can be disastrous.

The Symantec report (2014) presents that a company can suffer heavy impacts in its reputation.

The consumers can lose trust in it and replace them for another competitor. Furthermore, there is

the risk of lawsuit if any personal data stealth causes bigger problems to the consumer, so they

were exposed. Also related in the same report, it is said the the governments are monitoring

communications on the internet, and it relates directly to privacy policies.

!The web privacy and security in Brazil

! Recently, an incident involving information security aspects between Brazil and the US

was called into attention: the NSA (National Security Agency) was accused by the Brazilian

President, Dilma Roussef, based on the Edward Snowden revelations, of spying on her

conversations. It can be considered a serious security flaw by the Brazilian authorities, as well as

a privacy invasion. In order to avoid any other problems on this issue, the Brazilian government

decided to adopt some preventive measures, which are not all feasible. Nevertheless, due to

coincidence or not, all of this comes up in a moment that the Brazilian Civil Rights Framework

for The Internet is being discussed.

Currently, Brazil has one of the highest rates of internet usage of the world (Lourdes

Garcia-Navarro, 2013). The popularization of the internet all over the country came rapidly,

mainly after incentive actions regarding digital inclusion in distinct areas of metropolitan centers

and suburbs. Consequently, it increased the worries about information security and privacy, and


Brazilian internet users are mindfully following the government discussion about internet

regularization.

As publicized on the ICT Households and Enterprises 2012 - Survey on the use of

information and communication technologies in Brazil (2012), The Civil Rights Framework is

based on three pillars: freedom, neutrality and privacy. Freedom relates to how people can

express their ideas or share their opinions. It guarantees that communication can flow and not be

censored unfairly, or only comply with a particular political will. The responsibility for any

inappropriate content, which can eventually offend someone, goes to its owner. But the vehicle

or channel where that content is publicized is obligated under legal request to remove the content

in case of any complaint properly judged. Hence the website no longer plays the role of judge,

but the judge himself. Under this topic, the controversy resides on the fact that many people

dont believe justice will prevail, and they think it will not work: basically the law will turn into

censorship in disguise.

Neutrality applies to data traffic through the web. Specifically, it defines mechanisms to

avoid big companies which provide internet access by data packages, on establish commercial

agreement with third-parties that favor certain types of content. In other words, telecom

companies can offer different data packages, but they cannot define how fast is a connection to a

specific service will be, so the speed has to be the same for all the services a user accesses. It can

be considered a victory by consumers, who will benefit from market competition. On the other

hand, from the companies' point of view it has not been a good deal and they argue that the

decision can prejudice their business. Actually, it would undermine the consumer's freedom of

choice, the free competition on internet, and innovation possibilities.


Privacy has to do with information traffic and data storage, and how it can be protected.

Pretty much people's personal information is circulating on the Internet. It is easy to get that

information. Based on it, Internet providers and websites no longer can keep users data without

their express permission. However, nothing was defined regarding how the users personal

information can be used, what is a significant weakness. Anyway, the Brazilian government is

using the President Dilma's incident as an extra argument to defend the Civil Rights Framework

approval. It makes sense, once that document regulates important aspects over the internet in

Brazil.

Along this matter, Brazil wants to determine limits over national data circulation by

requesting data storage to be done only inside the country, even for international giants, like

Google, says Lourdes Garcia-Navarro (2013). In parts, it could be interesting, but as said before:

it is not feasible. The reason lies on the fact that it could affect, significantly, a huge number of

international operations in the country. At the same time, it could jeopardize hundreds of new

foreign investors who wanted to put their money in Brazil's digital economy. Further more,

Brazilian companies already established and counting on foreign suppliers, would have to find

alternatives to attend to the government decision, expending extra capital.

!Conclusion

! The importance of web safety remains on the fact that the use of the internet for

important operations is reality nowadays. People and organizations depends on the web network

to pretty much everything they need to do. The amount of data stored into servers and the


perception of its value, collaborates to increase the cyber crimes rates. Besides that, the variety of

electronic devices which have internet connection available supports even more the human

dependence on the online world. So, in order to protect all the digital environment and its users,

the adoption of regular measures is necessary to improve risk mitigation and preserve the

security and the privacy over the internet.

!!!!!!!!!!!!!!!!!


References

!Molon, A. (2012). Marco Civil da Internet: Em Defesa da Liberdade, Neutralidade e

privacidade. Retrieved from http://www.cgi.br/media/docs/publicacoes/2/tic-domicilios-

e-empresas-2012.pdf.

!Praise For Brazils Internet Rights Framework (2014, April). Retrieved from http://

www.waccglobal.org/articles/praise-for-brazil-s-internet-rights-framework.

!Garcia-Navarro, L. (2013, September). There Are Pitfalls If Brazil Wants To Secure Its

Internet From Spies. Retrieved from http://www.npr.org/templates/story/story.php?

storyId=226205888.

!U.S. Department of Homeland Security (2003). Cyberspace Threats and Vulnerabilities. In R. J.

Editor, The Reference Shelf - Internet Safety (pp 28-34). Dublin, NY: H. W. Wilson.

!Stein, J. (ed.). (2009). Viruses, Spam, and NetBots - Editors Introduction. In R. J. Editor, The

Reference Shelf - Internet Safety (pp 43-44). Dublin, NY: H. W. Wilson.

!Stein, J. (ed.). (2009). Safety in Numbers? An Overview of Internet Safety - Editors

Introduction. In R. J. Editor, The Reference Shelf - Internet Safety (pp 3-4). Dublin, NY:

H. W. Wilson.


Stein, J. (ed.). (2009). On-Line Identity Theft - Editors Introduction. In R. J. Editor, The

Reference Shelf - Internet Safety (pp 65-66). Dublin, NY: H. W. Wilson.

!Symantec (2014). Internet Security Threat Report - 2014. 2013 Trends, Volume 19. Retrieved

from http://www.symantec.com/content/en/us/enterprise/other_resources/b-

istr_main_report_v19_21291018.en-us.pdf

!Bashin, S. (2003). Web security basics [electronic resource]. Cincinnati, OH: Premier Press.

Documents

Internet Security Research Paper