Techjav: Threats to Your Online Safety You Need to Know About

To protect yourselves you need to know about different ways in which cyber criminals can compromise your computer and infringe your privacy. In this first post of a two part series, we discuss a few common tools and techniques employed by cyber criminals. This isn't an exhaustive list by any means, but will give you a comprehensive idea of the loopholes in networks and security systems, which the attacker can exploit.

1. Hacking

In simple words, hacking is an act committed by an intruder by accessing your system without your permission. Hackers are computer programmers, who have an advanced understanding of computers. But they misuse their knowledge for devious reasons.

As for motives, there could be several, but the most common are pretty simple and human tendency such as greed, fame, power, etc. explains them.

2. SQL Injections

An SQL injection is a technique that allows hackers to play upon the security vulnerabilities of the software that runs a website. It can be used to attack any type of unprotected or improperly protected SQL database. This process involves entering portions of SQL code into a web from entry field – mostly usernames and passwords – to give the hacker further access to the site backend, or to a particular users account. When you enter logon information into sign-in fields this information is converted to an SQL command. This command checks the data you’ve entered against a relevant table in the database. If your input data matches the data in the table, it grants you access, if not, you get an error.

3. Cross-Site Scripting

Also known as XSS, is an easy way of circumventing a security system. Cross-site scripting is a hard-to-find loophole in a website, making it vulnerable to attack. In a typical XSS attack, the hacker infects a web page with a malicious client-side script or program. When you visit this web page, the script downloads to your browser and executes. Attackers inject HTML, JavaScript, VBScript, ActiveX or Flash into a vulnerable application to deceive you and gather confidential information.

4. Virus Dissemination

Viruses are computer programs that attach themselves to or infect a system or files, and have a tendency to circulate to other computers on a network. They disrupt the computer operation and affect the data stored – either by modifying it or deleting it altogether.

“Worms” unlike viruses don’t need a host to cling on to. They replicate until they eat up all available memory in the system.

“Trojan horses” are different from viruses in their manner of propagation. They masquerade as a legitimate file, such as an email attachment from a supposed friend with a believable name and don’t disseminate.

5. Logic Bombs

A logic bomb, also known as “slag code”, is a malicious piece of code which is inserted into software to execute a malicious task when triggered by a specific event. It’s not a virus, although it usually behaves in a similar manner. It is stealthily inserted into the program where it lies dormant until specified conditions meet.

Malicious software such as viruses and worms often contain logic bombs which trigger at a specific payload or at a predefined time. The payload of a logic bomb is unknown to the user of the software, and the task that it executes unwanted.

6. Denial-of-Service Attack

A Denial-of-Service (DoS) attack is an explicit attempt by attacker to deny service to the intended users of that service. It involves flooding a computer resource with more requests than it can handle consuming its available bandwidth. This results in server overload. This causes the resources (e.g. a web server) to crash or slow down significantly so that no one can access it. Using this technique the attacker can render a website inoperable. He does this by sending massive amounts of traffic to the targeted site.

Another variation to a Denial-of-Service attack is known as a “Distributed Denial of Service” (DDoS) attack. In this attack many geographically widespread perpetrators flood the network traffic. Denial-of-Service attacks typically targets high profile web site servers.

7. Phishing

This is a technique of extracting confidential information such as credit card numbers and username password combos by masquerading as a legitimate enterprise. Phishing is typically carried out by email spoofing. Cyber criminals use social engineering to trick you into downloading malware off the internet or make you fill in your personal information under false pretenses.

Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to victims using fake identity fooling you into considering the call to be from a trusted organization. Treat all unsolicited phone calls with skepticism and never provide any personal information.