Question 1
Encryption defines the process involved in encoding information such that only the authorized person or computer, with a key, can decode it. This process is based on cryptography, the all-important tool for protecting information on computers and computer systems. Encryption has been used to protect information since time immemorial, being used by the Greek that created ciphers which are codes involving transpositions or substitution of letters and numbers. One of the most common ciphers is Caesar’s cipher who shifted each alphabetical letter to the right or left by a few positions, and the Polybius square, just to mention a few. This brief history highlights just how important encryption has been in the protection of information. According to Lee (2015, n.p), the main type of encryption currently in use is full disk encryption which has high privacy benefits and is built into all major operating systems making it the only sure way of protecting data in case of lost or stolen computers and takes little effort to use it. Password protection of operating systems can easily be compromised by booting to a new operating system via a USB stick or by removing the hard disk and putting it in another computer to gain access. Furthermore, it is the only surest way to protect against border agents, who may demand to check your computer in case you are traveling to countries like Canada and they will get all the information if you unlock it.
However, encryption only protects a computer against physical access but it’s still vulnerable to attacks over a network. You may still be tricked to install malware by hackers and they get the information they want. Encryption also doesn’t protect you from internet surveillance from spy agencies like the NSA. A classic example of a recent case where encryption failed is the FBI-Apple court drama where the FBI wanted to force Apple to unlock one of the San Bernardino shooter’s iPhone. Apple stood their ground and refused to breach their promise to protect the customers’ data but the FBI found a third party that decrypted the phone (Gokey, 2016, n.p). After getting hold of the source code, the FBI was able to access the terrorist’s phone and get all the information they wanted. This, however, means all iPhones in the world are now at risk because as Gokey (2016, n.p) puts it, “to unlock one phone is to unlock every phone” or rather, “to create one key, is to risk it being copied”.
Question 2
New technology has made networks less secure- with the advances in technology, our security over networks continues to become less and less assured with each passing day. One such example is the use of wireless networks in preference to wired networks. While they are easy and faster to install, allow connectivity beyond the physical connections over a range of distance, don’t require the use of hubs and switches, and can be shared by many people (Kaur and Monga, 2014, p. 34-35), wireless networks have some vulnerabilities which must be considered when you choose them over a wired network. The major vulnerabilities associated with wireless networks are because the signal is broadcast and shared, making it possible for any network device to listen to the traffic on the network as long as it’s within the range of the network. This makes maintenance of wireless network security very difficult compared to that of wired networks. It can also prove to be quite difficult to locate unauthorized users who can easily interfere with the network and degrade the performance of authorized devices and services; the other major concern is that the present wireless networking standards have inefficient encryption facilities that can’t be declared secure when compared to the standards of wired networks (Sandhu et al., 2013, p. 978).
Another good example of reduced security with advanced technology is the use of 4G networks instead of 3G networks. 4G mobile networks are all switched to IP (Internet Protocol) while 3G mobile networks are a hybrid of Internet Protocol and Mobile Signaling Protocols (SS7). IP is more exposed and well researched on than the more obscure protocols of the past years and has already been used numerous times by hackers to open up potential threats. According to Curtis (2014, n.p), there could be increased sophistication in the range of spam and phishing attacks, giving hackers new ways to pass information across like via video spam attacks. A recent case of decreased network security was the December 2013 attack on the Target where almost seventy million customers were affected by their detailed information getting in the wrong hands of hackers (Yang and Jayakumar, 2014, n.p). This information allowed the criminals to impersonate the victims or to cheat them into giving more sensitive information that compromised their security. This scandal was the worst for the company and triggered lawsuits from the clients who felt the firm failed to protect the data they had entrusted with them. It affected the company’s sales performance and bottom line as well as it having to incur massive payments to compensate the victims in the lawsuits. The other additional cost incurred was the offer by the retailer, based in Minneapolis, to do a one-year free monitoring of credit and protection of identity theft to all its shoppers.
Question 3
It is possible for a virus to rename itself to penetrate the firewall. Viruses just like any other programs on the computer are written by programmers. The viruses have the potential to infect an operating system and substitute portions of the OS code and hide. Only known viruses can easily be detected and cleared from the systems. A notorious culprit is the Zeus virus, the mostly known term in reference to the Zeus banking Trojan virus which was exploited by criminals to access bank account details and passwords in the United Kingdom (Baykal, 2015, n.p). Although not entirely new in terms of existence, the virus broke the internet again in the year 2013 when its new version re-emerged and caused infection to a big number of Facebook accounts. The main victims targeted by the virus are small and medium-sized enterprises whose funds can be aimed at to be stolen because they may be having weaker security as compared to larger enterprises.
The virus infects computers in a very nasty way by causing infections on sites that we consider very legitimate so that it hides and gets delivered to the target computer in a short time and in a sure way. It mostly provides links to downloads which are infected, the links are then spread through illegitimate profiles and pages on Facebook. On initial infection on a computer, the virus will create a folder “%windir%\system32\wsnpowem” where it then saves “audio.dll” or “video.dll” files which then store any data stolen from the infected computer system. The configuration file that is downloaded after the computer is attacked is also stored. The resultant folder can then be hidden by the virus after its creation. The virus then goes ahead to copy itself to “%windir%\system32\ntos.exe” or in some cases, it may modify itself and rename to “oembios.exe” and get stored in the same location. It then checks all running programs to see if there is an active firewall in the computer and if by bad luck there is no firewall, the virus conducts modifications to the registry and runs the malware when the computer is started up and spread throughout the whole system. Its 2013 variant can auto update and self-multiply via removable drives. It can change its signature when transferring to the removable drive and manage to still escape identification since anti-malware products may not recognize the new signature. (The Tech-Faq, 2016, n.p)
The virus steals very confidential and sensitive banking details as well as identifying websites to infect and further propagate itself. It is also capable of taking screenshots and capturing passwords for email accounts on FTP or POP3.
References
Baykal, A. (2015, February 25). A Guide to the Zeus Virus. FedTech.
Curtis, S. (2014, July). 4G is inherently less secure than 3G. The Telegraph.
Gokey, M. (2016, March 23). Apple’s encryption fight isn’t over, and the stakes have never been higher. Digital Trends.
Kaur, N., & Monga, S. (2014). Comparisons of Wired and Wireless Networks: A Review. International Journal of Advanced Engineering Technology, 5(2), 34-35.
Lee, M. (2015). Encrypting your Laptop like you mean it. The Intercept.
Sandhu, G. K., Mann, G. S., & Kaur, R. (2013). Benefit and security issues in wireless technologies: Wi-fi and WiMax. International Journal of Innovative Research in Computer and Communication Engineering, 1(4), 978.
The-Tech Faq. (2016). The Zeus Virus. Tech-Faq.
Yang, J. L., & Jayakumar, A. (2014, January 10). Target says up to 70 million more customers were hit by December data breach. The Washington Post.
