Threats of User

Threats of User

Networks and the Internet have created limitless possibilities for people to work, communicate, learn, buy and sell, play games, and interact with others around the world.

These possibilities come from the openness of networks-especially the Internet, which is available to virtually everyone, for virtually any kind of use.

However, the very openness that makes the Internet so valuable also has made it a conduit for many types of threats.

Still, we cannot blame the Internet for all computer-related problems.

Some issues, such as identity theft, are still best accomplished with little or no help from a computer.

Others, such as injuries stemming from computer use, are often the fault of poor design or poor work habits.

Identity Theft

Identity theft occurs when someone impersonates you by using your name, Social Security number, or other personal information to obtain documents or credit in your name.

With the right information, an identity thief can virtually "become" the victim, obtaining a drivers license, bank' accounts, mortgages, and other items in the victim's name.

Beyond monetary losses, however, victims of Identity theft pay in other ways, spending many hours trying to repair the financial damages and regain their good reputation.

Identity thieves can use several methods-low-techs as well as high-tech-to obtain the information they need:

• Shoulder Surfing

A trick known as shoulder surfing is as simple as watching someone enter personal identification information for a private transaction, such as an ATM machine.

• Snagging

In the right setting, a thief can try snagging information by listening in on a telephone extension, through a wiretap, or over a cubicle wall while the victim gives credit card or other personal information to a legitimate agent.

• Dumpster Diving

Other techniques are as simple as stealing mail containing personal information. A popular low-tech approach is dumpster diving.

Thieves can go through garbage cans, dumpsters, or trash bins to obtain cancelled checks, credit card statements, or bank account information that someone has carelessly thrown out .

The thief wins when he finds items that have account numbers or personal information.

Some ID thieves are brazen enough to swipe documents right out of your mailbox.

Some of the most important documents you use come to you in the mail every month: bills, account statements, credit card offers, financial records, and many others.

On a good day, a thief could snag everything he needs right from your, mailbox.

• Social Engineering

This method is not as sophisticated as it sounds, but can still be effective.

In social engineering, the ID thief tricks victims into providing critical information under the pretext of something legitimate.

The thief can call an unwary victim, for example; claim to be a system administrator at the Web site of the victim's bank; and ask for the victim's user ID and password for a system check.

With this information in hand, the thief can go online and access the victim's account information directly through the bank's Web site.

• High-Tech Methods

Sophisticated ID thieves can get information using a computer and Internet connection.

For instance, Trojan horses can be planted on a system or a person's identity may be snagged from unsecured Internet sites.

Although not common, it happens. One reason it is not common is because of the general use of security technologies such as Secure Sockets Layer (SSL) and Secure HTTP (S-HTTP) to ensure the integrity and confidentiality of credit card and financial transactions.

Because so much attention is paid to protecting transmitted data, social engineering and lowtech swindles are the predominant sources of identity theft.

Loss of Privacy

Did you know that your buying habits are tracked electronically, in a range of commercial systems? This doesn't apply just to online transactions either.

Any time you use a "store loyalty" card to rent movies or buy groceries; the purchases are logged in a database.

Your medical, financial, and credit records are available to anybody authorized to view them.

Many of the companies you deal with every day-from your local supermarket to your insurance company-maintain databases filled with information about you.

You might expect these firms to know your name and address, but you might be surprised to learn that they know how many times each month you put gas in your car or buy a magazine.

And a lot of companies do not keep this information confidential; they may sell it to other companies who are interested in knowing about you.

Personal information is a business commodity that supports a huge shadow industry called data mining.

Data mining is a business-intelligence-gathering process that every large organization, from banks to grocery stores, employs to sift through computerized data.

Companies spot useful patterns in overall behavior to target individuals for special treatment.

Data mining is a $200-million-a-year industry, and it is growing rapidly because it pays big dividends.

Public Records on the Internet

Your personal information is available to anybody who has the few rupees required to buy it from commercial public record services.

For a minimal price, companies such as Intelius and WhoWhere.com will give you detailed reports about most people.

These reports contain such detailed information as

» Criminal records, including sex offender registry, felonies, misdemeanors, and federal and county offenses

» Background information, including marriage records, divorce records, adoption records, driving records, credit history, bankruptcies in the past 20 years, tax liens, small claims, past address history, neighbors, property ownership, mortgages, and licenses.

Records such as marriage licenses and divorce records are public records.

This means that they, along with many other kinds of legal records, are available to anybody who wants to view them.

There are a number of companies that collect public records, package them, and sell them to anyone who wishes to purchase them

Internet Monitoring, Profiling, and Spying

When using the Internet, you should be aware that your interests and habits are being monitored automatically.

The monitoring activity can be carried out by programs running on your own computer or a connected server.

This might not seem to be a problem since "if.you aren't doing anything wrong you have nothing to fear."

However, the interpretation of why you visit a particular site is in the eye of the beholder. You may not be aware of how your browsing habits are interpreted by others.

A single visit to one of the ubiquitous advertiser banner ads at the top of your browser identifies you as someone with an interest in related products.

Data about when you visited, what you looked at, and how long you stayed is used by most commercial Web sites.

Use of this data is called "online profiling" and is done to build a profile of your interests and habits. It is analyzed to learn more about you.

There are commercial profiles for most people in the United States based on the browsing activity of a particular IP address. This address is tied to the name of the owner of that address no matter who is doing the actual browsing.

The reports contain information about browsing habits and may contain accompanying marketing conclusions, called psychographic data.

This data makes guesses about who you really are based on your surfing behavior and elaborate inferences are drawn about your interests, habits, associations, and other traits.

These guesses are available to any organization willing to pay for access to the profile.

Online marketers, commercial information service providers, and, in some cases, federal agencies may have access.