With the growth of the Internet over the past few years and the Internet shopping boom its no wonder that identity theft statistics have risen to new levels as well. Global Internet usage has grown some 182% from 2000-2005 per Nielsen/NetRatings accumulated worldwide. Between January and December of 2005 alone, more than 685,000 consumer fraud and identity theft complaints were reported to the Federal Trade Commission's Sentinel Complaint Database.
Since the database was launched in 1997 almost 3 million complaints have been registered there. In the 2005 statistics, 37% of those 680,000 complaints were said to be identity theft cases. Some of the more significant identity theft complaints included credit card fraud (26%), phone or utilities fraud (18%), bank fraud (17%), employment fraud (12%), government documents/benefits fraud (9%), and loan fraud coming in at (5%).
As you can clearly see the theft of personal information is a major problem and is getting worse every day. If you are doing business over the Internet the odds increase that you could fall prey to an Internet predator and become a victim of these type of malicious acts. There are, however, some things that you can do to protect yourself from these crimes which we will discuss later in this document but for now, we will discuss the term "hacker" and some of the methods used by these "hackers".
What is a hacker?
In the general media, the term "hacker" describes a person that thrives on performing malicious acts with computer systems in order to gain public popularity with his or her peers. This might be someone that gains access to unauthorized computer systems via their extensive knowledge of their operating systems by means of finding exploits (bugs) in the code and using them to their advantage. Perhaps a person intends to disable computer systems by means of DoS (Denial of Service) attacks such that the resources are no longer available to the users making legitimate requests to the systems. We will discuss these types of attacks later on in this document in more detail.
In reality "hackers" are generally considered the good guys and would be someone that spent a vast amount of time learning about and building computer security systems. The term "cracker" would be what you would use to describe a person that would perform the types of malicious activity that we discussed previously. However, in the rest of this document, we will use the more widely known term of "hacker" as an equivalent of the real term "cracker" to avoid confusion.
One of the most famous network hacking attacks in history was the 1994 attack of Tsutomu Shimomura's computer network by the famous hacker Kevin Mitnick on Christmas day. By using various types of Denial of Service and access attacks on the network Kevin Mitnick was able to gain control of Shimomura's system. This was what you would call a "structured attack" because of the expertise required in order to perform the attack. Another type of "structured attack" that some of you might remember is the February 7-11 2000 attacks where web heavyweights like eBay, Amazon, and CNN among others drastically slowed down and even denied access completely for hours at a time by use of Distributed Denial of Service attacks.
The more common types of attacks are the unstructured kind. Often these attacks start from within a network by a person that has no idea what they've ever done. These type of attacks can also be executed by a "Script-Kiddy". A "Script-Kiddy" is a person that uses pre-made hacking scripts coded by a professional hacker and has little to no real knowledge of what they're doing. Some of these hacking tools require no more than the input of the address of the target host and a push of a button. This threat is very real due to the vast amount of hacking tools (scripts) readily available for download on the web like winnuke, SATAN, NMAP, and Naptha. More complex hacking tools like Trinoo, TFN, TFN2K and Stracheldraht (used in the Feb 2K attacks) can also be found fairly easily but require more in-depth knowledge in order to use effectively. In order to break these attacks down for simplicity, we can put them in two main categories.
No comments:
Post a Comment