(Fake) anti-virus applications!

Funnily enough, at the same time I was thinking about a topic for my next (last) blog post something popped up on my laptop screen. It looked like a very sophisticated and reliable anti-virus application that says that particular programs on my computer were infected with worms. Before I could even react to the message, dozens of error messages started to pop-up continuously, stopping me from doing anything else. I tried to end the program using Task Manager but was unsuccessful in doing so. I, then, used another computer to research about it.

“Security Tool” is in fact a FAKE anti-virus application that keeps your computer hostage until you pay them an amount of money. It keeps throwing you messages to prevent you from doing anything to remove it. It also disables Task Manager. And the worst is that it blocks you from running malware removal tools.

SecurityToolI was really worried that my computer was infected just before exams and immediately looked out for help on forums. Almost all of them advice you to download and run SUPERAntiSpyware and Malwarebytes scan after making the virus sleep for a while suing different techniques. However, none of them worked for me. Every time I restarted my computer, Security Tool gets created automatically.

Following my friend’s advice I did a much simpleer task to get rid of it – I just deleted the Security Tool executable file and it seems to have done the job, at least for now. Malwares such as Security Tool is another way cyber criminals use to collect money from victims.

Therefore, before trusting any such applications (they might look sophisticated, trustworthy) please carefully research about them first.

Cloud Computing and Cyber Crime

The previous article highlighted the threats that social networking websites are exposed to in this Web2.0 era. In fact, another such Web2.0 area is Cloud Computing. It is widely defined as a style of computing that uses Internet technology to offer scalable and elastic IT-enabled capabilities as a service to customers. This ranges from routine tasks of communicating over the internet (e.g. Gmail), to sophisticated work such as Customer Relationship Management (CRM) that are operated and maintained in the “cloud” by providers.

Cloud computing benefits companies and individuals by saving time, money and resources compared to traditional on-premises computing. However, with the burgeoning amount of benefits in cloud computing comes several critical issues that have been viewed as drawbacks to this emerging technology and growing popularity of virtualization among companies could lead them to being the next possible target of cyber criminals.

One of the utmost concerns with cloud computing has always been the issue of data privacy and security. When a client decides to employ the use of cloud computing, the data no longer belongs to the client alone. The vendor, or the service provider, stores the user’s data on its own virtualized server and as such, vendors gain full access to the information available, confidential or not. Further, the servers are moved outside the traditional security perimeter making it easy for the reach of cyber criminals. This is a growing concern particularly when cloud computing stores sensitive data about customers.
Also, Cloud computing is often referred to as virtual, dynamic and borderless. These features of the cloud build a new layer of risk on the uncertainty over where sensitive data resides. The risk includes the wide distribution of information across different jurisdictions, each having different legal frameworks regarding data security and privacy. This makes it even more difficult to govern and regulate the information.

According to sources, cyber criminals can either manipulate the connection to the cloud or attack the data centre and cloud itself. However, there are no global standards or laws that regulate cloud computing against cyber criminals, yet. Governments and regulatory organizations need to recognize the potentials in cloud computing and take initiatives to create cloud specific laws and standards in order to make the cloud a safe and secure place for transactions.

Let’s fight against the “Silent digital epidemic” !

The post “Cybercrime today” ends by stating that the “first step to fight cyber attacks is to set up solid international rules and regulations […]”. On second thought, fighting against cybercrime starts at a lower level. It is not simply the duty of governments, Interpol or network administrators but the concern of all Internet users.

But do we actually act responsibly? Most of us have already been cybercrime victims in one way or another, but how many of us have reported them to relevant authorities and how many just ignored them?

A recent study revealed that 80 percent of the surveyed people (over 7,000 worldwide Internet users) do not believe in reporting cybercrime cases and think the criminals will never be brought to justice. And less than half of them don’t even bother to report the crime.

How about Singaporeans who are often described as responsible citizens? Well, a very recent Chanel News Asia article states that “70 per cent of Internet users in Singapore have fallen victim to cyber-crimes including computer viruses, online credit card fraud and identity theft. And, 71 per cent do not expect cyber-criminals to be brought to justice.”

Despite the increasing number of cybercrimes, most of the victims stay silent about it. This behaviour is considered as the “Silent Digital Epidemic” by some. Why?

Some say it takes time and costs money to report and follow a cybercrime case. Others say cybercrime evidences are difficult to collect making it almost impossible to bring the case to the court. In my opinion all these are just secondary reasons and the real reason is our tendency to ignore crimes that affect us less. The loss we suffer from a cybercrime is often considered negligible because most often we don’t even feel the loss. So what is the use of spending (in terms of time and money) more than what you have lost to report it? Also, victims or their peers do not see cybercrime the way they perceive real life crimes. Most of us are passive and unconcerned about virtual crimes compared to real life, often ignoring the fact that we can lose as much from cybercrimes as we do from real crimes.

This mind-set and behaviour increase the number of unreported cybercrime cases and make us uncooperative with authorities in fighting against cybercrimes. On a consequentialism perspective, decreasing cybercrimes will only benefit a large amount of people, therefore every action we take in fighting against cybercrimes is an ethical act. Governments have made it easier for us to report cybercrimes just like they did for real life crimes. Cybercrimes can be reported to local police or to related organizations and many other ways. For instance, in NUS, Computer Centre is doing a fine job in creating awareness about cybercrimes as well as taking actions on reported cases.

The famous philosopher Socrates once said he was “citizen of the world” and that is very suitable for today’s digital era where territorial boundaries have been removed making us citizens of the world and at the same time making crimes easier across the borders. Each Internet users should take personal responsibility for their as well as their society’s cyber wellness and security.

The fifth domain of warfare – Cyber Space

This post is a follow-up to the previous post on cyberterrorism.

After land, sea, air and space cyber space has become the next platform for warfare. Cyberwarfare is defined by Richard A. Clarke (government security expert) as ‘actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.’

What makes cyberwarfare the next big threat to many countries? In this electronic age almost all government activities have gone online giving way to the concept of “e-government”. E-Government is an easy and transparent interaction platform between citizens/companies/other governments and government. This means that an excessive amount of data is communicated through internet. These data together with other official information/systems are named as “digital assets” (e.g. official documents, trading systems, personal data…) and are treasured by nations. According to President Barack Obama, U.S’s digital infrastructure is considered as a “strategic national asset”. In fact in 2009, this cyberwarfare market was estimated at around 8.2 billion dollars.

On one hand digital assets are crucial to countries but on the other hand cyber weapons are so easily affordable, launched at low cost and deployed within minutes. Cyber attacks are becoming more common, frequent, sophisticated and intellectual.

We all know that internet was initially designed for connectivity and convenience rather than security. But the ever expanding internet network over unsecure platforms and growing dependence on computers only multiply the opportunities for cyber-attacks. Also, Internet has reduced distances between countries which is convenient for hackers since now states are just a firewall away. Manipulating trading systems and financial data, attacks on power grids may lead to financial chaos and economic damages within days. Cyber weapons are just too effective and are able to massively destruct, disrupt or manipulate digital content which worries governments.

The question is how are these countries fighting against cyber-attacks? More governments are planning to develop defensive and offensive cyberwarfare strategies and capabilities. In July 2010, about 15 countries (including US, UK, China and Russia) have signed an agreement to follow the norms of accepted behaviours in cyberspace imposed by the U.N. This is the first official agreement to fight cyberwarfare.

Singapore had a recent conference in June 2010 which discussed about the measures our country should adopt to be prepared and be able to fight cyberwarfare if such situation occurs. The chief executive of the International Institute of Strategic Studies, Dr John Chipman said that “the cyber space is unregulated and there is no law of cyber conflict, and no accepted rules or norms of engagement”.

In my opinion, cyberwarfare is probably the most dangerous that our world has seen so far. Cheap, fast and efficient weapons are what nations fear about. I think that countries should start taking more actions and at a faster pace. Hopefully, the first U.N. agreement will encourage more in the future.

President Obama’s Twitter Hacked !

As we all know, Twitter is a micro-blogging website used by millions of people including politicians, movie stars, sports celebrities and so on. People use this medium to express their opinions in a status message format which can’t be longer than 140 characters.

http://news.bbc.co.uk/2/hi/europe/8586269.stm

The above news article is about a young Frenchman who hacked into President Obama’s Twitter account. The accused confessed that he cracked passwords by simply trying different possibilities. He also said that it is against his ethics to steal or destroy any information and that his only aim was to prove that twitter is vulnerable to attacks.

The hacker’s act is clearly a cybercrime, however it has made everyone doubt and worry about the website’s security policies. This is called “White Hat” hacking, or ethical hacking, where the hacker’s only intention is to expose the security flaws of a particular system or website.

Now the obvious question is whether anyone can claim to be a “white hat” hacker and get involved in these types of activities?
In my opinion, if ethical hacking becomes an excuse for malicious hackers then there is no end to it. “White hat” hackers should be recognized legally and should work under a recognized firm and hacking should be part of their profession, not their hobby.

http://www.bbc.co.uk/news/10409802

Since the accused was unemployed and hacked into Obama’s account by sheer personal interest, he was given suspended jail terms.

On another note, to what extent is Twitter to be blamed in this hacking issue? Generally speaking, is a single password enough to verify identity when it comes to social networking websites?