SageWorld

Security Issues

Computer security is an issue that affects us all, from the very top to the very bottom of society. All our records, transactions and details will surely pass through a computer at some time. Almost all small businesses and shops have a PC on which they store their data. A great number of individuals have their own PCs too. Many new mobile telephones are being developed that have built-in PCs. The 3rd generation of mobile phones is being developed to have always-on Internet access. Those who use supermarket discount swipe cards are passing personal data to the supermarket every time they visit the shop. Almost all computers are connected to the Internet.

We need to ensure that our data is secure and in the right hands. To do this we need to minimise risk but we also need to know what the risks are. They fall into serveral distinct areas:

  1. Is your data in safe hands?
  2. Is your data liable to theft?
  3. Is your data liable to corruption?
  4. Is your data liable to espionage?
  5. Is your data liable to counter-espionage?
  6. Is your data liable to hacking?
  7. Is your computer safe?

We'll deal with these in turn. There are more issues involved but this serves as a biref introduction to the subject and why you need a security expert such as myself:

1.     Is your data in  safe hands? The question can also be rephrased as "Do you know who holds your data".
    Have you ever wondered why you receive adverts for flowers around your mother or wife's birthday or why you get reminders to pay your car tax, insurance, trade union fees etc on time? The information is all held on a computer which produces a list of all due dates, just before they're due. Car tax and Insurance one can easily grasp but why does one get adverts for flowers at anniversaries? Simple: each time one applies for a supermarket bonus or discount card, one's name and address is recorded. Each time subsequently that person buys anything, the card is passed through the till and whatever that person has bought is recorded in the computer system. Thus, if the computer notices that flowers are bought at a specific time of year, just before that time of year, advertisements for flowers are sent out. This is an increasingly common trend. Supermarkets now know more about their customers than their customers know about themselves. Do you still know who holds your data?
     A more sinister use of personal data comes from the Internet. Each time one passes out one's telephone number and/or address or even a name and date-of-birth, one passes out all of one's details. There is a CD available in Britain, sometimes available free as a computer magazine cover disk which holds a program that enables a person to be traced by entering just a name and date-of-birth, a phone number or the names of family members. Just by entering names, one's address and the names of everybody living at that address become available. Thus, any Internet predator - whether they're rapists, paedophiles, muggers, burglars or blackmailers - can find your home address and who else lives there. Does your Internet chat room friend really have big blue eyes, blonde hair and a 38-22-26 figure or is your friend a wolf in sheep's clothing?
 Top

2.    Is your data liable to  theft?
    If you make online transactions with credit cards then your wallet is most certainly at risk. Banks and electronic transactions companies face a continuing battle with criminals and hackers. A code is only good until it has been cracked. Teenagers and bored students are particularly adept at cracking codes. There was once a US company that produced a supposedly uncrackable code. They put an encrypted message onto the Internet, promising $100,000 to anybody who could crack it. Within 3 hours a student from the US had emailed the company with the message, correctly decrypted. He had networked serveral PCs together, producing the computing equivalent of a mainframe. Most secondhand computer shops will be selling old 486 systems for pocket-money sums. Those can be linked and within a few hours, many codes can be cracked. Online transactions are never a good idea. Only buy online if you can pay offline. In other words, by all means order online but pay by ringing a human and quoting your card number. To be doubly sure, make a recording of every telephone card transaction and let the company know you're recording it. That way you have something substantial to go into court with if necessary.
    There are ways around data theft. These usually involve various encryption methodologies. They are not 100% secure, as already stated but they're reasonably good. The problem comes with how secure one needs one's data. In France, it's illegal to encrypt data. In America, it's legal only to use minimal encryption so that law-enforcement forces can crack the codes easily. In Britain it's legal to encrypt to any standard but the law states that failure to supply a decryption key when requested merits a jail sentence. Thus, for personal data security encryption causes problems every way. For business, governments allow more freedom (because businesses finance political parties to a large extent)..The only surefire way of encrypting data is to use a code that's so long that it would take the fastest supercomputer a few years to crack it. Is your computer capable or is your modem capable of transmitting that quantity of code key?
 Top

3.    Is your data liable to  corruption?
    Data is always liable to corrupton, deletion or loss in transit or on your computer. The TCP/IP protocols used by ISPs will usually ensure that data transmitted will arrive as it's sent. However this is not always so. It's still possible for data to be corrupted or lost. How many emails have been sent that have not arrived? How many have been sent that have been corrupted in transit. The answer might be more than you imagine. How many times have you written a letter and lost it by overwriting it with another or accidentally deleted it? More than once, probably. Data is always liable to corruption whether in transit or on your own PC.
 Top

4.     Is your data liable to  espionage?
    This does not apply solely to diplomats. It applies to everybody. Who you work for might be important to somebody. Espionage doesn't necessarily imply government agencies, men in baggy suits and James Bond types. Industrial espionage is worth a lot of money. If, for example, you work for a company that's designing new aeroplanes or a new type of car engine, any information that a rival company can find will be useful to them. Take animal-rights activists as an example: they generate files on every individual working at animal research stations. They know who they are, where they live, where they go on holiday, how much they spent on that holiday etc. This information is all obtained through espionage. Much of this espionage is carried out by people with notepads, walkie-talkies, cellular telephones and telescopes. There are many other methods however.
    If your computer screen faces a window it's possible for somebody to video everything on your screen over your shoulder. They might not get all the data that way but they'll get a significant amount. There are also radio receivers that have been around since the 1980s which can read the radio signals emitted by computer monitors. The contents of the screen can be viewed remotely. There are software packages around in the Internet underworld that act as Trojan horses. these are, unsurprisingly, called Trojans. Common Trojans are NetBus and BackOriface. These allow other users to control your computer remotely. This means they can look at your data, alter it or even supply false data. Even if your computer is not connected to the Internet, data can still be obtained. The security services have a habit of burgling people's homes and businesses in order to view information. For more on this, read "Spycatcher".
    Data espionage might not be purely done for commercial or ideological gain. Some see knowledge as power and will thus try to obtain as much data on an individual as possible. These might be colleagues that see you as an obsticle on their path to promotion. They might be employees looking to get into their employer's good books by finding dirt on other employees. They could be employers trying to discover more about their employees. The list is endless and the reasons countless and often bizarre.
 Top

5.     Is your data liable to  counter-espionage?
    This will mainly only apply if you are involved in some form of information gathering. Typical counter-espionage tactics can be used with web pages. If you have a web page that has a lot of symbols at the end, these symbols can be altered by the person viewing them. Thus, if you wish to identify the viewer by the webpage selection, this identification has effectively been sabotaged. If you are a supermarket using bar codes to identify shoppers via their loyalty card then a simple extra stripe in pencil on the bar code might identify the shopper incorrectly. Similarly, a hacker could get into your computer system by means of a Torjan to plant false information.
 Top

6.     Is your data liable to  hacking?
    All computers are liable to hacking unless they have security features enabled. Your data is at risk unless you are absolutely certain that no children ever come near your machine. Passwords are a children's and student's favourite. They love the challenge of doing something naughty and the challenge of seeing something that they're not supposed to see. Thus, any password on a friend or family-member's computer is fair game. Computers connected to the Internet are similarly fair game for hackers and crackers. Unless you have security software installed, hackers may be able to enter your computer via any one of 65,536 ports. Trojans and viruses can lay your system open to attack. One noteable virus recently emailed the contents of user password lists, cookies and the contents of the Microsoft Wallet to an email address in the Phillipines. Your computer may be open to such attacks.
 Top

7.     Is your  computer safe?
    Your computer and your data are not safe unless you run regular backups and system checks. Your computer is not physically safe from theft unless it's in a lockable room. Too many people leave their computers, which represent several weeks or even months salary in open view, where the casual burglar can see them. Your data is not safe unless it is backed up. Many people do no backups whatsoever or do them so irregularly that they're worthless. Backups should be made from your data every week. The ideal would be to backup to a tape unit and have a supply of tapes in the standard Grandfather, Father, Son format. Each generation being a week older than the next. This way, if a backup is corrupted then the previous backup should be available, assuming total data loss of the system hard drive. Hard drives can and do crash or shatter. It's more common than you imagine. A program such as McAfee or Norton can spot when a drive is going to fail but data should have been backed up before that. When a drive is about to fail is the time to replace it. Don't run risks with your data. It's too valuable. Similarly, check your computer or have somebody check it for your either annually or every six months.
 Top