Why You Should Learn More About Computer Security (4)

I recently read an alarming series of articles, “Hacker Economics: Malware as a Service”, in CIO Magazine, in which the author, Scott Berinato, described the evolution of Internet crime into a service-oriented economy centered on identity theft and fraud (обман, мошенничество). Hackers are forming well funded organizations similar to drug cartels, and like the drug cartels, the fundamental principles of their success are “distributed pain with concentrated gain, and distributed risk».

The immense size of the market allows these criminals to distribute the pain by stealing a small amount of money from a large number of people. For example, if they steal $20 from 5,000 credit cards, they make $100,000, and no one person noticed or chose to investigate the charge (издержки). If those charges are distributed amongst ten different card issuers (выпуск), no one bank lost more than $10,000, which they simply write off as acceptable loss. If a victim goes to law enforcement, the law enforcement agency cannot justify the resources to investigate the fraud unless they hear from multiple victims and can determine that the incidents are related.

Even if law enforcement decides to open an investigation, the distributed risk principle hinders (препятствовать) the investigation. The hackers themselves barely handle the stolen data, and in many cases they contract out (предпринимать) the distribution of their malware. Furthermore, the information is sold to individuals who themselves do not commit fraud, but instead, sell the information to others who actually commit the fraud. The risk is shared by several links in a supply chain, but all of the money flows up to the cartel. Some researchers estimate that these cartels earn their members millions of dollars each month.

One of the first Trojans used to steal personal information is believed to have operated undetected for as long as nine months, during which it collected millions of personal credentials. Each month, Secure Science, a security research firm, discovers 3 million compromised login credentials (удостоверение личности) for banks, online e-mail accounts and anything else that requires a username and password on the Internet.

One of the first Trojans used to steal personal information is believed to have operated undetected for as long as nine months, during which it collected millions of personal credentials. Each month, Secure Science, a security research firm, discovers 3 million compromised login credentials (удостоверение личности) for banks, online e-mail accounts and anything else that requires a username and password on the Internet.

“Do you have a credit card? They've got it,” - states a former hacker turned Internet security researcher. “I'm not exaggerating. Your numbers will be compromised four or five times, even if they’re not used yet.”

How do they do it? The current distribution method of choice is to use an iFrame to download a form-grabbing Trojan onto the victim's computer. iFrames are a feature of your web browser that allows websites to deliver content from remote websites in a frame on a page. As an example, think of the current weather conditions streamed from weather.com into a small box on a newspaper’s website. Hackers, on the other hand, build invisible iFrames into webpages. The iFrame contains a tiny piece of software called a downloader which downloads malware onto the user's computer.

iFrames are so effective that a new business has emerged around them. These new companies pay for clickthroughs. If you agree to host their iFrame code on your website, you will receive a payment each week, contingent on 1,000 clickthroughs. They will even sell you malware code if you do not have your own. With a portfolio of infected sites, some companies sell access to their network at one dollar per infection.

In yet another example of hacking as a service, security researchers recently found a website which uses a botnet (infected computers under the control of hackers) of several million computers to infect other vulnerable (уязвимый) computers. For 20 cents per successful infection (or load), the customer can pay for loads based on IP address. Consequently, a user of this service could target a specific company or a university.

Anti-virus software, alone, is not sufficient protection. Hackers sell their malware to other hackers who modify the code to create variants or entirely new malware. In effect, the malware evolves, and with each evolution it gets better at avoiding detection and removal. Anti-virus vendors (продавцы) cannot keep pace.

How do you protect yourself from these hackers? First, secure your computer with 10 top tips. Second, protect your identity by reviewing your credit report on an annual basis. The three credit reporting agencies must provide, upon request, a copy of your credit report at no charge once a year. Third, remember, it is much simpler and far less risky to steal confidential information from your computer, than to compromise the security measures of a bank or online merchant, and then steal the information from them. Unfortunately, properly securing a computer is not a trivial exercise, and hackers take advantage of our naïveté. Each of us should endeavor (стараться) to learn more about computer security and the methods used by hackers. In this new age of Internet crime, our computers and ultimately our very identities are under attack. We must be proactive in securing our computers and protecting our identities.

Brice Knotts, Director

Student Affairs Administrative Technology Development

Техts for discussion

New Software Responds to Students´ Emotions

 

Researchers at the University of Notre Dame say they have created an emotion-sensing computer software that is able to assess (оценить) and respond to students´ emotions, including boredom and frustration (расстройство).

"AutoTutor" offers learning possibilities for students by providing "information regarding (оценивающую) the cognitive states, motivation levels and social dynamics of the students". It was tested on 1,000 students and delivers learning gains of one letter grade.

"Much like a gifted human tutor, AutoTutor attempts to keep the student balanced between the extremes of boredom and bewilderment (замешательство) by subtly (тонко) modulating the pace, direction and complexity of the learning task," researcher Sidney D´Mello says.

Teaching without teachers – why not? A Perfect AutoTutor is only a matter of time.

Teaching is an obsolete way of training. Any information is available now, we may use it at any suitable time.