The Threat of Online Security: How Safe is Our Data?

Introduction
E-Commerce is growing at a tremendous rate. In the year 2007-08 the total ecommerce volume includes railways and flights ticketing, e-tailing, etc. But still it is a very small part of the total retail business in India. Why?? Because people still feel insecure transacting online. We have to provide our personal and confidential information like credit card details, name, address, etc to the online portals.

Denial of service attacks against web giants like Yahoo and eBay garnered a lot of attention from the media and from the Internet community. When it comes to problems with Internet security, it is usually major attacks against big companies that get the headlines. Unfortunately, many small or home business owners do not realize that they are just as likely to be targeted as any large company. As a consequence of existing in the digital age, almost everyone is vulnerable to breaches of security.

Today we all resort to online transactions some or the other way. Everybody is hooked on to internet these days irrespective of the field or area. But do we ever ask ourselves the question as to is it safe??

This question becomes more vital when we relate it to internet banking. At times we are required to provide some of our personal information online but how can we trust that its is secure and safe as well. There have been cases when we have heard about so many frauds taking place online. But do we really take the necessary steps that we are required to in order to ensure safety and security to our data or personal information being transferred online?

What is online security?
What is online security? Online security, also known as internet security, refers to the protection of information and other digital assets, communication networks, traditional and e-commerce business operations to ensure their integrity, availability and authorized use and to defend against against financial loss and liability. Internet security involves the protection of a computer's internet account and files from intrusion of an outside user.

These days, damaging threats like viruses, adware, spyware, scumware, hacker attacks and even identity theft and fraud are a common occurrence. A recent survey suggested that people are generally more concerned about their online security & Internet safety than they are about their cars being broken into.



Major forms of online security threats - Identify how safe actually our data is

Viruses
Virus a program or a fragment of code that replicates by attaching copies of itself to other programs. It receives its name from the program’s ability to attach itself to “infect” other computer programs, without the owner of the program being aware of the infection. Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, viruses infect your computer programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the Mydoom worm virus infected a quarter-million computers in a single day in 2004. Tens of thousands of viruses now operate over the Internet, and new ones are discovered every day.


What can a computer virus do to me?
Some computer viruses are programmed to harm your PC by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful viruses can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes







Spyware
Spyware is any program that monitors your online activities or installs programs - without your consent - for profit or to steal personal information. Even though spyware detection is becoming more difficult, you can stay ahead of the threats.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.




Pop-Ups and Spam
If you browse the Internet, odds are you're familiar with pop-ups. If you have e-mail, odds are you are familiar with spam These annoying ads come in many forms, but generally they are trying to sell you something. Close the window or click to learn more. Harmless enough, right? Don't be fooled. While many pop-ups and emails from reputable companies are safe, the adware programs that generate illegitimate pop-ups are capable of installing spyware to hijack your browser and capture your personal information.

In fact, pop-ups and spam often appear because you already have spyware on your machine.
Spam, or junk e-mail, is cost-shifted advertising. It takes a toll on Internet users' time, their resources, and the resources of Internet Service Providers (ISP). If your inbox is full of messages from people or companies you don’t recognize you may have malware on your PC. E-mail and instant messaging have become increasingly favored channels among spyware villains for spreading their malicious programs. Our experts estimate that 85 billion spam e-mail messages are sent every single day.

How do they do it? Malware is embedded in or attached to a spam e-mail message or pop-up.
Messages with malware can arrive from many sources and in a variety of forms. It can be sent as an attachment to spam e-mail, embedded in a seemingly harmless file or hidden in a link within the body of a message. Spam e-mail and instant messages laced with malware often try to mislead you into clicking on an attached file or on a link within the e-mail, which then initiates the download. However, sometimes simply opening the message itself starts the download process.



Phishing
Phishing is a scam in which the attacker sends an email purporting to be from a valid financial or eCommerce provider. The email often uses fear tactics in an effort to entice the intended victim into visiting a fraudulent website. Once on the website, which generally looks and feels much like the valid eCommerce/banking site, the victim is instructed to login to their account and enter sensitive financial information such as their bank PIN number, their Social Security number, mother's maiden name, etc. This information is then surreptitiously sent to the attacker who then uses it to engage in credit card and bank fraud - or outright identity theft.

This style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishers lure you with spam e-mail and instant messages requesting you to “verify your account” or “confirm your billing address” through what is actually a malicious Web site. Be very cautious. Phishers can only find you if you respond.

After you’ve responded to a phishing scam, the attacker can:

1. Hijack your usernames and passwords
2. Steal your money and open credit card and bank accounts in your name
3. Request new account Personal Identification Numbers (PINs) or additional credit cards
4. Make purchases
5. Add themselves or an alias that they control as an authorized user 5o use your credit
6. Obtain cash advances
7. Use and abuse your Social Security number




Hackers and Predators
People, not computers, create computer threats. Predators victimize others for their own gain. Give a predator access to the Internet and to your PC — and the threat they pose to your security increases exponentially. Hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access information you really don’t want them to have.

Anyone who uses a computer connected to the Internet is susceptible to the threats hackers and predators pose. These online villains typically use phishing scams, spam e-mail or instant messages and bogus Web sites to deliver dangerous malware to your computer and compromise your computer security. Hackers can also try to access your computer and private information directly if you are not protected with a firewall. They may also monitor your chat room conversations or peruse your personal Web page. Usually disguised with a bogus identity, predators can lure you into revealing sensitive personal and financial information, or much worse.



Online Fraud
Online fraud is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials; offers of easy money, such as work at-home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges; and charity facades.


Identify Theft
Identity theft is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take this information (such as credit card numbers) and
do with it what they will. This is one of the reasons for which it is critical that consumers and organizations avail themselves of appropriate computer security tools, which serve to prevent many such interceptions.


Data Theft
Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data. Examples of data theft abound. In 1996, a 16-year-old British youth and an accomplice stole order messages that commanders sent to pilots in air battle operations from the Air Force's Rome Laboratory in New York. The two also used the Air Force's own computers to obtain information from NATO headquarters and South Korea's Atomic Research Institute .



Denial of service attacks
Denial of service attacks, another form of malicious code, are carefully crafted and executed. Denial of Service Attacks are not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000.

The attacker sends a list of the Internet Protocol (IP) addresses of the target machines via strong encryption. With all components ready, the attacker then instructs each machine to simultaneously send data packets against the given IP addresses using false source addresses, in a process known as "spoofing." Since the attack contains too much information to be processed and originates from too many different machines with fraudulent IP addresses, the target servers can survive the attack only by disconnecting from the Internet or by denying serviceindiscriminately to all clients sending incoming data. Hence, the Distributed Denial of Service attack is so-named in order to describe the resulting consequences of a multi-machine attack. Not surprisingly, for any business on line, a DDOS attack severely restricts its ability to maintain the availability of its commercial service.