Group 1: Arun, Chris, Kevin, Tenzin, Wei

From wiki.ucalgary.ca
Jump to: navigation, search

Identity theft is defined as the deliberate and wrongful act of obtaining someone's personal information typically for economic gain, though there can be other motives, such as evasion of law. In 2006, almost 8000 victims reported losses of (CDN) $16 million in identity theft to PhoneBusters, the Ontario Provincial Police, Royal Canadian Mounted Police (RCMP) and Competition Bureau Canada-managed anti-fraud call centre in Canada. The Canadian Council of Better Business Bureaus has estimated that identity theft may cost Canadian consumers, banks and credit card firms, stores and other businesses more than $2 billion annually. From January 1 to February 28, 2009 alone, 1,743 complaints in Canada were made to PhoneBusters, and the money lost from that in total was (CDN) $2,246,839.09.

IT Cops logo.jpg

Who We Are

Due to the wide usage and growing accessibility of information on the internet, the World Wide Web has become more and more of a minefield for those not acquainted with the ever-growing methods of identity theft. Our group is dedicated to the mission of spreading the word of such theft as pertaining to computers, and thus hope to arm the general public with prevention know-how. We are... the IT COPS!

IT Cops, T27 Division

  • Arun Brar
  • Chris Chung
  • Wei Dai
  • Tenzin Dratsangshema
  • Kevin Feng

Phishing

Definition

The Internet's near limitless accessibility has given rise to an ever-increasing problem: phishing.

Webopedia defines phishing as: “The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.” Phishers may disguise themselves as just about any company/institution, from financial ones (i.e. banks) to even government agencies. Other terms for phishing include email/website “spoofing,” or “carding.”

The term for phishing derives from the word “fishing,” to convey the sense that this act intends to cast “bait” (the bogus e-mails) in the hope that someone will bite (i.e. be tricked into giving away their personal information). The “ph-” substitution of the “f-” in phishing goes back to hackers’ frequent substitution of “f” with “ph.”


How to detect- Characteristics:

An example of a real life phishing e-mail. In this picture: 1) an official-looking but fake "from" address, 2) the inclusion of a company logo (to contribute to the seeming authenticity of the e-mail) that could have easily been copied and pasted from the company website, and 3) a link to a URL whose display (i.e. "here") obscures the original URL, which can be revealed by hovering your mouse on the link and reading the actual URL in the bottom left-hand corner of the screen.

1) The main characteristic of phishing e-mail messages is that they ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

2) The “From” address appears to be legitimate, although it is often very easy to make it so without actually being part of the original company. Includes images and logos that can easily be taken from the Internet.

3) Often gives you a premise/incentive for taking serious note of the e-mail and following their instructions. Common phrases centre around things like:

  • "Verify your account." Businesses should not ask you to send passwords, login names, Social Security Numbers, or other personal information through e-mail.
  • "You have won the lottery." Phishing e-mails often designate you as a winner of a contest of some kind without any prior application, and asks for your personal information to claim your prize. Try to remember if you have applied for a lottery or some type of contest/draw from the company before. If you have not, there’s obviously something "phishy" about it (Cue lame laughter). If it’s too good to be true, it often is.
  • "If you do not respond within 48 hours, your account will be closed." This conveys a sense of urgency and may prompt recipients to act without thinking. May include phrases like, “Your account has been compromised. Please respond to reactivate it.”

4) Usually includes a clickable link that directs you to an official-looking website, where they hope you will give your personal information away. The hyperlink’s appearance is often falsely and deliberately typed to display a legitimate and official-looking URL (weblink). This can be done through HTML, so that what the hyperlink displays does not correspond to the actual URL. For example, in one case, the weblink displayed showed “https://oIb.westpac.com.au/ib/defauIt.asp.” After hovering the mouse over the link, at the bottom left corner of the screen, the real link was found to be “http://olb.westpac.com.au.userdll.com:4903/ib/index.htm.” In HTML, the code could be something like: <a href= http://olb.westpac.com.au.userdll.com:4903/ib/index.htm> https://oIb.westpac.com.au/ib/defauIt.asp</a>.

5) The bogus website looks real, frequently giving you something like a login page, which obviously asks for your personal information. It collects your login information when you type it in.

6) The occurrence of spelling and grammar mistakes, some characters seemingly accidentally replaced with others (for example, the use of lower case L’s for replacing lowercase I’s), and the addition of hidden words (i.e. written in white to appear invisible due to the standard white background of an e-mail), which are deliberately done to avoid standard anti-spam detection. Official company messages almost always do not includes such mistakes.

Prevention

1) Never give out personal information through the Internet (i.e. e-mail); it is not secure! From this rule, it should be plain obvious that any e-mail that asks for your personal information is often not authentic. Businesses (or at least well-established ones) never ask for personal information, like your Social Insurance Number and account information.

2) Never click on the links provided by any such e-mails. Doing so may release spyware onto your computer. Delete it, and also delete it from your trash bin, for safeguarding against any accidental clicking.

3) If you really think that the e-mail you received is authentic, contact (i.e. call or e-mail) the company in question to inquire about the message. If you wish, type the URL of the displayed link in the e-mail, as opposed to the quick route of clicking the link, which may redirect you to a fake and dangerous website (as explained previously). However, even this may not be entirely recommended (Let’s just say phishers can be pretty smart). Stick with contacting the company first.

Sharpening the phishing pole: spear phishing

Spear phishing entails targeting a smaller population.

Definition

The original method of phishing entailed spreading mass e-mails to as many people as possible, in the hopes that even though the vast majority would refuse to “bite” on the bait, a small percentage may be tricked. However, a new form of phishing has recently taken form: spear phishing. Spear phishing, unlike the original phishing, targets a substantially smaller population, like a single person/member of a company (i.e. an employee), a department of a company, etc. In this, the phisher disguises himself as coming from a position of high authority, such as a boss, a higher-ranking level of administration, human resources, staff from the IT (information technologies) department, etc., and often asks things like updating personal information. In the face of such seeming authenticity, authority, and trustworthiness, the victim often follows the instructions to his/her great peril.

Prevention

As with the original brand of phishing, be aware and cautious. Never, ever give personal information through e-mail. It is not secure! Verify that this message is real by calling your head or the sender of the e-mail (i.e. the human resources department).

Chat Rooms

What are chat rooms?

Chatroom2.gif

Chat rooms are meeting places on the Internet where the user can start or join live, real-time conversations with people across the world. There are three forms of online chat, Web-based, Real-time, and Internet Relay Chat (IRC). Web-based chat rooms are forums which may be devoted to particular topics (e.g. movies, sports, music etc.) that allow for messages to be written and read in real time by all individuals who are present in the room at the time. Real-time chat often called IM’s (Instant Messaging), allow for individuals to converse with one another in real time but only if they have been added to a “friends” list. Finally, Internet Relay Chat or IRC involves individuals who communicate with users around the world in real time and who are connected to the same network or server. Similar to the web-based chat rooms, IRC conversations are theme based as well.

Furthermore, chat rooms can be either public or private conversations. Public chat rooms enable users to communicate with each other in a public online setting. A private chat room setting occurs when the user initiates or accepts private messages or one-on-one chat sessions. Some chat room conversations can be controlled by monitors who manage what is written before it is viewed by others and have the ability to remove a participants from the room if they act inappropriately. Chat room conversations may also be led by a moderator who overseas a particular topic or discussion with the users and others may be unmonitored open conversations in chat rooms.

Risks

Since it is difficult to control all the information available on the Internet, there are a variety of risks that are associated with chat room use alone. These threats may involve, online bullying or harassment, internet luring, and fraud. Eventually these threats can result in the physical harm, non-physical harm (i.e. loss of money, mental well being, stress, etc.) or possibly both, to individuals within society.

Know the risks associated with chat rooms before chatting.

In particular, our focus will be on Identity Theft in chat rooms as it is a growing concern and is actually a place where identity theft can occur. Online predators constantly search for people they can befriend and gain their trust in order to collect personal information and possibly money from them. These so called “friends” may also send links containing Trojan horses or Viruses which infect the computer system and allow for hacking and stealing of personal information. Social networking sites, such as Facebook and MySpace are fast becoming a target of information that thieves can use to gather photos and more personal information on the individuals they chat with.

They might assume the stolen identity of another person, or identity impersonation, in order to gain the trust of the individual(s) that they are chatting with. In an article by CNW Group/NEWSTALK 1010 CFRB, two Canadian radio personalities discovered that they were victims of Identity Theft when a Toronto man had called onto the show confessing on air of impersonating them on internet chat rooms. He had even sent personal family photos of both radio personalities to convince others that they were in fact chatting with the actual hosts. In addition, this predator, in the guise of one of the hosts had a three year on-line relationship with various people around the world. This scam had surfaced when the women he had communicated with began emailing the personalities at work asking why their messages were not being responded. The man’s identity was later provided to the police and he did deny meeting with any of the individuals whom he had corresponded with online and using the host's identities to acquire money or favors from people or businesses. However, this does not denote the fact that these individuals whom he had been chatting with had left themselves susceptible to various risks of having personal information taken, loss of money, and harm come to them.

Recently it has become an issue that chat rooms have now become the online black market for hackers selling personal information to predators. There are actually chat rooms where online thieves bond and compare notes, exchange credit card or social insurance numbers, and other valuable information. These cyber criminals post a few identities in the chat room and those that they refer to as fulls "contains enough information to take a thief on a multiyear identity theft ride, as it will include someone’s Social Security number, home phone number, e-mail account and password, debit card PINs, credit-card numbers, and mother’s maiden name. Hackers sell them in bulk for $1 to $5 a pop in an international ring that’s as sophisticated as it is blatant. The chat rooms offer the opportunity to check the validity of stolen credit card numbers in real time.” ID Theft Protect These criminals are smart and they sometimes impart or sell information for cheap by selling used cards to others in order to prevent tracking by investigators.

In addition, these chat rooms often have administrators that have the capability to remove people from a room, set passwords and load programs which allow other hackers to confirm in real time the validity of the stolen credit cards.

Who does this affect?

Chat rooms are a haven for online predators.

Both children and adults alike can be affected by this. Cyber criminals seek and prey on users who are vulnerable or naive, in other words, anything that would make it easier for them to steal information quickly.

Children are susceptible to being lured into providing their personal contact information. Predators often conduct online scams where a child is tricked into providing a credit card number or exposing family information.

Adults too can meet with unexpected consequences of unsafe internet chatting. Users can be lured in to friendships that would eventually result in the individual sending money or providing personal information to these thieves. Adults who are looking for companionship can be found on internet dating sites, seniors, users who are not familiar with the internet are just some examples of persons of target for these online criminals.

Prevention

Take your precautions, there are numerous ways that you can protect yourself and your family when chatting online.


Parents and Children:

1) Talk to your children and about their internet usage and risks associated with it and create a handy list of internet rules for the family (i.e. time limits on the computer, not to open attachements that they are unsure of, not to provide contact information or personal information etc).

2) Keep the computer in a common area of your home.

3) Parents can install software which can block certain inappropriate sites for children or can log and provide a detailed account of the websites their child visited, the visited chat rooms and what was said during the conversations.

4) Children between the ages of 10-13 should be in monitored chat rooms and under close supervision of an adult. For teens, it is recommended that they should always be in a monitored chat room and always under the "Public" chat rooms.

5) Parents should also review with their children all names that are on their "friends" list to ensure that they are chatting with friends they actually know.

6) Be informed. Parents should educate themselves about computers and the Internet. In addition, there is certain lingo which is involved with chatting. Chatting Lingo


Adults:

1) Keep personal information (i.e. name, age, date of birth, phone number etc) off of websites and social networking sites.

2) Never divulge personal or financial information to others.

3) Use a "handle" or "nicknames" that are non-identifiable for gender or age.

4) Be cautious when downloading attachments that may be sent.

5) Block senders or leave conversations that make you feel uncomfortable.

6) Take caution when posting photos and post photos that represent you (i.e. clean, safe photos).

7) Do not chat with people you do not know on webcam.

8) Do not arrange to meet in person without taking proper safety measures first. If you feel you should meet, then arrange to meet but with a group of your friends.

9) Save copies of your chat room conversations.


Some additional tips - Protect Yourself Diagram:

Protect Yourself Diagram.gif

Here is a link for a short video on "Internet Safety - Chat rooms" by the Calgary Police Service: Chat Room Safety

RSA

In cryptography, RSA is a mathematician algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. When dealing with identity theft, RSA is the first well know method.

History

RSA are developed by Ron Rivest,Adi Shamir and Leonard Adleman. At that time, they all work in MIT. RSA is a collection of first letter in each of their last name.

In 1973,a English mathematician named Clifford Cocks also provides a equivalent method, but his work has considered as national secrecy and not published until 1997.

The RSA is secure because finding roots modulo n is hard. Until 2008, there is no efficient way to decrepit RSA, and technically, if the n is large enough, the decryption of RSA is impossible.

Operation

Produce of public and private key

If Alice wants to send a private message to BobShe can use the following method to produce a public and private key.

  1. randomly pick two primepqp does not equal to q,calculate N=pq
  2. According toEuler's totient function,a number which is smaller than N and shares no common factor than 1 is the number(p-1)(q-1)
  3. Pick a interger e which share no common factor with the product of(p-1)(q-1), and e is smaller than(p-1)(q-1)
  4. Use the following the method to calculate dd× e ≡ 1 (mod (p-1)(q-1))
  5. Now, erases p and q from the record.

e is the public key,d is the private key. d is secret to the public,andN is known to the public. Alice will send the her public key to Bob,and keep the private key to her own.

Encryption

Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. Bob knows the key (n,e). He first turns M into an integer 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the cipher text c corresponding to Unicode, and he links all the numbers from Unicode to a series of number. If the number is long enough, he can put it into several parts, and translate each part to be n. Using the following formula, he can encrpt n to c

<math> n^e \equiv c\ (\mathrm{mod}\ N) </math>

Actually, calculate cis not hard. When Bob getsc, he can send the message to Alice.

Decryption

When Alice gets Bob's message c, she can use her private key d to decrypt the message. She can use the following message to decrpt c to n

<math> c^d \equiv n\ (\mathrm{mod}\ N) </math>

When she gets’,She can decrypt the message m to its original text。

The math principle of decryption is

<math> c^d \equiv n^{e \cdot d}\ (\mathrm{mod}\ N)</math>

and when ed ≡ 1 (mod p-1)anded ≡ 1 (mod q-1)。Fermat's Little Theoremproves

<math> n^{e \cdot d} \equiv n\ (\mathrm{mod}\ p) </math>     和     <math> n^{e \cdot d} \equiv n\ (\mathrm{mod}\ q) </math>

This means (Because p and q are different prime)

<math> n^{e \cdot d} \equiv n\ (\mathrm{mod}\ pq) </math>


Security

The RSA problem is defined as the task of taking eth roots modulo a composite n: recovering a value m such that c = memo n, where (n,e) is an RSA public key and c is an RSA cipher text. Currently the most promising approach to solving the RSA problem is to factor the modulus n. With the ability to recover prime factors, an attacker can compute the secret exponent d from a public key (n,e), then decrypt c using the standard procedure. To accomplish this, an attacker factors n into p and q, and computes (p − 1)(q − 1) which allows the determination of d from e. No polynomial-time method for factoring large integers on a classical computer has yet been found, but it has not been proven that none exists. See integer factorization for a discussion of this problem.

As of 2008[update], the largest (known) number factored by a general-purpose factoring algorithm was 663 bits long (see RSA-200), using a state-of-the-art distributed implementation. The next record is probably going to be a 768 bits modulus[5]. RSA keys are typically 1024–2048 bits long. Some experts believe that 1024-bit keys may become breakable in the near term (though this is disputed); few see any way that 4096-bit keys could be broken in the foreseeable future. Therefore, it is generally presumed that RSA is secure if n is sufficiently large. If n is 300 bits or shorter, it can be factored in a few hours on a personal computer, using software already freely available. Keys of 512 bits have been shown to be practically breakable in 1999 when RSA-155 was factored by using several hundred computers and are now factored in a few weeks using common hardware.[6] A theoretical hardware device named TWIRL and described by Shamir and Tromer in 2003 called into question the security of 1024 bit keys. It is currently recommended that n be at least 2048 bits long.[citation needed]

In 1994, Peter Shor showed that a quantum computer could factor in polynomial time, breaking RSA. However, only small scale quantum computers have been realized.[citation needed]


RSA, The Security Division of EMC[1]

computer virus

A computer virus is a program that copies itself and infects a computer without the permission of the owner. Computer virus is different than malware, adware and spyware. Malware, adware and spyware do not have the reproductive ability. Only true virus can spread from one computer to another. It uses such as network or the internet or any removable medium such as CD, DVD, or USB drive.

Infection strategies In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

Nonresident viruses Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. Resident viruses Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer. Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem when using anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.

Conclusion

Despite the shortcomings, the Internet carries a wealth of information that is and will continue to be a vital asset for all users. By no means do we advocate the total boycott and avoidance of such a versatile tool. What we do advocate is the greater awareness and understanding of some of the dangers associated with the Internet, so that you may use it with greater confidence and less susceptibility to exploitation. If we have succeeded in such for even a handful of people, we feel that we have accomplished our mission. This is the IT Cops, signing off!

Sources

Identity Theft

Phishing and Spear Phishing (Chris Chung)

Chat rooms (Tenzin Dratsangshema)

Picture sources:

Logo component sources (logo by Chris Chung)

Phishing pictures

Chat rooms pictures