spywares and viruses

Friday, 26 June 2015

Identity Theft

Identity theft

Identity Thief (film)Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if they are held responsible for the perpetrator's actions. Identity theft occurs when someone uses another's personally identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes.

"Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained," and identity theft is not always detectable by the individual victims, according to a report done for the FTC. Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A US Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft". The report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known," but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%". More recently, an association of consumer data companies noted that one of the largest data breaches ever, accounting for over four million records, resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.

An October 2010 article entitled “Cyber Crime Made Easy" explained the level to which hackers are using malicious software. As one security specialist named Gunter Ollmann said, “Interested in credit card theft? There’s an app for that.” This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users’ computers is called Zeus; and the program is so hacker friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do to a computer and the user. For example, the article stated that programs like Zeus can steal credit card information, important documents, and even documents necessary for homeland security. If the hacker were to gain this information, it would mean identity theft or even a possible terrorist attack.

Types

Sources such as the non-profit Identity Theft Resource Center sub-divide identity theft into five categories:

· Criminal identity theft (posing as another person when apprehended for a crime)

· Financial identity theft (using another's identity to obtain credit, goods and services)

· Identity cloning (using another's information to assume his or her identity in daily life)

· Medical identity theft (using another's identity to obtain medical care or drugs)

· Child identity theft.

Identity theft may be used to facilitate or fund other crimes including illegal immigration, terrorism, phishing and espionage. There are cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.

Identity cloning and concealment

In this situation, the identity thief impersonates someone else in order to conceal their own true identity. Examples might be illegal immigrants, people hiding from creditors or other individuals, or those who simply want to become "anonymous" for personal reasons. Another example are posers, a label given to people who use somebody else’s photos and information through social networking sites. Mostly, posers create believable stories involving friends of the real person they are imitating. Unlike identity theft used to obtain credit which usually comes to light when the debts mount, concealment may continue indefinitely without being detected, particularly if the identity thief is able to obtain false credentials in order to pass various authentication tests in everyday life.

Criminal identity theft

When a criminal fraudulently identifies himself to police as another individual at the point of arrest, it is sometimes referred to as "Criminal Identity Theft." In some cases criminals have previously obtained state-issued identity documents using credentials stolen from others, or have simply presented fake ID. Provided the subterfuge works, charges may be placed under the victim's name, letting the criminal off the hook. Victims might only learn of such incidents by chance, for example by receiving court summons, discovering their drivers licenses are suspended when stopped for minor traffic violations, or through background checks performed for employment purposes.

It can be difficult for the victim of a criminal identity theft to clear their record. The steps required to clear the victim's incorrect criminal record depend in which jurisdiction the crime occurred and whether the true identity of the criminal can be determined. The victim might need to locate the original arresting officers and prove their own identity by some reliable means such as fingerprinting or DNA testing, and may need to go to a court hearing to be cleared of the charges. Obtaining an expungement of court records may also be required. Authorities might permanently maintain the victim's name as an alias for the criminal's true identity in their criminal records databases. One problem that victims of criminal identity theft may encounter is that various data aggregators might still have the incorrect criminal records in their databases even after court and police records are corrected. Thus it is possible that a future background check will return the incorrect criminal records. This is just one example of the kinds of impact that may continue to affect the victims of identity theft for some months or even years after the crime, aside from the psychological trauma that being 'cloned' typically engenders.

Synthetic identity theft

A variation of identity theft which has recently become more common is synthetic identity theft, in which identities are completely or partially fabricated. The most common technique involves combining a real social security number with a name and birthdate other than the ones associated with the number. Synthetic identity theft is more difficult to track as it doesn't show on either person's credit report directly, but may appear as an entirely new file in the credit bureau or as a subfile on one of the victim's credit reports. Synthetic identity theft primarily harms the creditors who unwittingly grant the fraudsters credit. Individual victims can be affected if their names become confused with the synthetic identities, or if negative information in their subfiles impacts their credit ratings.

Medical identity theft

Privacy researcher Pam Dixon, founder of the World Privacy Forum, coined the term medical identity theft and released the first major report about this issue in 2006. In the report, she defined the crime for the first time and made the plight of victims public. The report's definition of the crime is that medical identity theft occurs when someone seeks medical care under the identity of another person. In addition to risks of financial harm common to all forms of identity theft, the thief's medical history may be added to the victim's medical records. Inaccurate information in the victim's records is difficult to correct and may affect future insurability or cause doctors relying on the misinformation to deliver inappropriate medical care. After the publication of the report, which contained a recommendation that consumers receive notifications of medical data breach incidents, California passed a law requiring this, and then finally HIPAA was expanded to also require medical breach notification when breaches affect 500 or more people.

Child identity theft

Child identity theft occurs when a minor’s identity is used by another person for the impostor’s personal gain. The impostor can be a family member, a friend, or even a stranger who targets children. The Social Security numbers of children are valued because they do not have any information associated with them. Thieves can establish lines of credit, obtain driver’s licenses, or even buying a house using a child’s identity. This fraud can go undetected for years, as most children do not discover the problem until years later. Child identity theft is fairly common, and studies have shown that the problem is growing. The largest study on child identity theft, as reported by Richard Power of the Carnegie Mellon Cylab with data supplied by AllClear ID, found that of 40,000 children 10.2% were victims of identity theft.

Financial identity theft

The most common type is financial identity theft, where someone wants to gain economic benefits in someone else's name. This includes getting credits, loans, goods and services, claiming to be someone else.

Techniques for obtaining and exploiting personal information for identity theft

Identity thieves typically obtain and exploit personally identifiable information about individuals, or various credentials they use to authenticate themselves, in order to impersonate them. Examples include:

· Rummaging through rubbish for personal information (dumpster diving)

· Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or sold on without having been properly sanitized

· Using public records about individual citizens, published in official registers such as electoral rolls

· Stealing bank or credit cards, identification cards, passports, authentication tokens ... typically by pickpocketing, housebreaking or mail theft

· Common-knowledge questioning schemes that offer account verification and compromise: "What's your mother's maiden name?", "what was your first car model?", or "What was your first pet's name?", etc.

· Skimming information from bank or credit cards using compromised or hand-held card readers, and creating clone cards

· Using 'contactless' credit card readers to acquire data wirelessly from RFID-enabled passports

· Observing users typing their login credentials, credit/calling card numbers etc. into IT equipment located in public places (shoulder surfing)

· Stealing personal information from computers using breaches in browser security or malware such as Trojan horse keystroke logging programs or other forms of spyware

· Hacking computer networks, systems and databases to obtain personal data, often in large quantities

· Exploiting breaches that result in the publication or more limited disclosure of personal information such as names, addresses, Social Security number or credit card numbers

· Advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants' names, home and email addresses, telephone numbers and sometimes their banking details

· Exploiting insider access and abusing the rights of privileged IT users to access personal data on their employers' systems

· Infiltrating organizations that store and process large amounts or particularly valuable personal information

· Impersonating trusted organizations in emails, SMS text messages, phone calls or other forms of communication in order to dupe victims into disclosing their personal information or login credentials, typically on a fake corporate website or data collection form (phishing)

· Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions

· Obtaining castings of fingers for falsifying fingerprint identification.

· Browsing social networking websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities

· Diverting victims' email or post in order to obtain personal information and credentials such as credit cards, billing and bank/credit card statements, or to delay the discovery of new accounts and credit agreements opened by the identity thieves in the victims' names

· Using false pretenses to trick individuals, customer service representatives and help desk workers into disclosing personal information and login details or changing user passwords/access rights (pretexting)

· Stealing cheques (checks) to acquire banking information, including account numbers and bank routing numbers

· Guessing Social Security numbers by using information found on Internet social networks such as Facebook and MySpace

· Low security/privacy protection on photos that are easily clickable and downloaded on social networking sites.

· Befriending strangers on social networks and taking advantage of their trust until private information is given.

Individual identity protection

The acquisition of personal identifiers is made possible through serious breaches of privacy. For consumers, this is usually a result of them naively providing their personal information or login credentials to the identity thieves as a result of being duped but identity-related documents such as credit cards, bank statements, utility bills, checkbooks etc. may also be physically stolen from vehicles, homes and offices, or directly from victims by pickpockets and bag snatchers. Guardianship of personal identifiers by consumers is the most common intervention strategy recommended by the US Federal Trade Commission, Canadian Phone Busters and most sites that address identity theft. Such organizations offer recommendations on how individuals can prevent their information falling into the wrong hands.

Identity theft can be partially mitigated by not identifying oneself unnecessarily (a form of information security control known as risk avoidance). This implies that organizations, IT systems and procedures should not demand excessive amounts of personal information or credentials for identification and authentication. Requiring, storing and processing personal identifiers (such as Social Security number, national identification number, driver's license number, credit card number, etc.) increases the risks of identity theft unless this valuable personal information is adequately secured at all times.

To protect yourself against federal tax-identity theft, you are advised the following:

· do not give out personal information (and the SSN in the case of the US) on the phone, fax or on social media platforms

· use a shredder to destroy tax related documents after tax time is over and keep the necessary ones in a safe (thieves can look through the trash)

· for taxpayers planning to e-file their tax returns, it is recommended to use a strong password. Afterwards, save the file to a CD or flash drive and keep it in a secure location. Then delete the personal return information from the computer hard drive

· US citizens should show employers their Social Security card at the start of a job, but otherwise do not routinely carry the card or other documents that display their SSN. Additionally, it is recommended not to fill the Social Security number on medical forms and such documents (in case your wallet or purse gets stolen)

· only use secure websites while making online financial transactions (thieves access information you provide to an unsecured Internet site)

· if working with an accountant, query him or her on what measures they take to protect your information.

Identity thieves sometimes impersonate dead people, using personal information obtained from death notices, gravestones and other sources to exploit delays between the death and the closure of the person's accounts, the inattentiveness of grieving families and weaknesses in the processes for credit-checking. Such crimes may continue for some time until the deceased's families or the authorities notice and react to anomalies.^[

In recent years, commercial identity theft protection/insurance services have become available in many countries. These services purport to help protect the individual from identity theft or help detect that identity theft has occurred in exchange for a monthly or annual membership fee or premium. The services typically work either by setting fraud alerts on the individual's credit files with the three major credit bureaus or by setting up credit report monitoring with the credit bureaux. While identity theft protection/insurance services have been heavily marketed, their value has been called into question.

Identity protection by organizations

In their May 1998 testimony before the United States Senate, the Federal Trade Commission (FTC) discussed the sale of Social Security numbers and other personal identifiers by credit-raters and data miners. The FTC agreed to the industry's self-regulating principles restricting access to information on credit reports. According to the industry, the restrictions vary according to the category of customer. Credit reporting agencies gather and disclose personal and credit information to a wide business client base.

Poor stewardship of personal data by organizations, resulting in unauthorized access to sensitive data, can expose individuals to the risk of identity theft. The Privacy Rights Clearinghouse has documented over 900 individual data breaches by US companies and government agencies since January 2005, which together have involved over 200 million total records containing sensitive personal information, many containing social security numbers. Poor corporate diligence standards which can result in data breaches include:

· failure to shred confidential information before throwing it into dumpsters

· failure to ensure adequate network security

· credit card numbers stolen by call center agents and people with access to call recordings

· the theft of laptop computers or portable media being carried off-site containing vast amounts of personal information. The use of strong encryption on these devices can reduce the chance of data being misused should a criminal obtain them.

· the brokerage of personal information to other businesses without ensuring that the purchaser maintains adequate security controls

· Failure of governments, when registering sole proprietorships, partnerships, and corporations, to determine if the officers listed in the Articles of Incorporation are who they say they are. This potentially allows criminals access to personal information through credit rating and data mining services.

The failure of corporate or government organizations to protect consumer privacy, client confidentiality and political privacy has been criticized for facilitating the acquisition of personal identifiers by criminals.

Legal responses

International

In March 2014, after it was learned two passengers with stolen passports were on board Malaysia Airlines Flight 370 which went missing on March 8, 2014, it came to light that Interpol maintains a database of 40 million lost and stolen travel documents from 157 countries which it makes available to governments and the public, including airlines and hotels. The Stolen and Lost Travel Documents (SLTD) database however is little used. Big News Network which is based in the UAE, observed that Interpol Secretary General Ronald told a forum in Abu Dhabi the previous month this was the case. "The bad news is that, despite being incredibly cost effective and deployable to virtually anywhere in the world, only a handful of countries are systematically using SLTD to screen travelers. The result is a major gap in our global security apparatus that is left vulnerable to exploitation by criminals and terrorists," Noble is quoted as saying.

India

Under the Information Technology Act 2000 Chapter IX Sec 66C

“

SECTION 66C

PUNISHMENT FOR IDENTITY THEFT Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

”

Notification

Most states followed California's lead and enacted mandatory data breach notification laws. As a result, companies that report a data breach typically report it to all their customers.

Spread and impact

Surveys in the USA from 2003 to 2006 showed a decrease in the total number of victims and a decrease in the total value of identity fraud from US$47.6 billion in 2003 to $15.6 billion in 2006. The average fraud per person decreased from $4,789 in 2003 to $1,882 in 2006. A Microsoft report shows that this drop is due to statistical problems with the methodology, that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude.

The 2003 survey from the Identity Theft Resource Centerfound that:

· Only 15% of victims find out about the theft through proactive action taken by a business

· The average time spent by victims resolving the problem is about 330 hours

· 73% of respondents indicated the crime involved the thief acquiring a credit card

Tuesday, 23 June 2015

Optical vs. Laser mice

Computer mice used to come in one simple design, a mouse ball that when rolled measured distance and moved your cursor on screen accordingly. Today mice come in a two different types and people are often confused by the difference between optical and laser mice. The first important thing to understand is when someone refers to optical or laser they are talking about how the mouse detects when you move it not how it is connected to your computer. Optical and laser mice can be connected either through USB cables or wireless adapters and just because a mouse is an optical or a laser will not tell you if it’s wired or wireless.

To determine if your mouse has moved and in what direction your mouse uses a very small camera which takes a picture of the surface under the mouses sensors. Since your mouse is covering the surface at the time it’s very dark so it needs some form of light to illuminate it. Optical mice use a LED light source to illuminate the surface while lasers use a laser light to illuminate it.

How can you tell the difference? It’s simple: Turn the mouse over. If you can see light glowing from the sensor area it’s an optical mouse because optical mice use LED’s humans can see the light from. If you can’t see any light glowing it’s a laser mouse because laser mice use infrared lasers human’s can’t see.

So which is better? What’s the pro’s and con’s of each?

Optical:

Pro: Cheaper to produce, less prone to damage, lower dpi makes movement across big screens easier. Longer lifetime of LED bulb.
Con: Less accurate, does not track on very shiny or black surfaces well, low dpi prevents very precise movements.

Laser:

Pro: Very accurate. Ability to track accurately on nearly any surface. Very smooth movement due to laser resolution.
Con: More expensive, has problems tracking on clear glass. More prone to damage. Shorter lifetime than LED light sources.

Now is this true for EVERY laser mouse and EVERY optical mouse? No. Some new technologies such as BluTrack from Microsoft improves the accuracy of optical mice greatly and very expensive gaming mice based on latest optical sensors can outperform lower end laser mice in terms of DPI and accuracy on many surfaces. Logitech has also introduced dark field laser mice which can track on glass very well.

Remove viruses easily

Step 1 - Downloading & Install

There are two excellent and FREE computer virus removal programs we use. Download and install these programs to your desktop.

* Malwarebytes

* CCleaner

You should not have to pay for these - there is no need to upgrade from the free version that is offered.

Step 2 - Safe Mode

Reboot your computer into safe mode.

For most Windows based systems, you can use F8 to access the Safe Mode menu when you reboot.

How: Go to the start button, select restart. Once the computer/laptop turns off and back on, immediately hit the F8 key over and over again even if the computer starts beeping at you keep pushing the F8 key. It should bring up the menu to ask you if you would like to boot into safe mode.

If this does not work, you can always do a hard reboot - pull power while your computer is on. If you are using a laptop, make sure you pull power and the battery while it is on. This should force you to the Safe Mode menu.

Step 3 - Run Programs & Reboot

Once in Safe Mode, run Malwarebytes and CCleaner. One right after another. If one program doesn't catch the virus, the other program will.

After both programs run in safe mode, reboot your computer and your virus should be removed. It is really that simple - 3 steps!

Now we recommend you remove these programs once your virus is gone. You will always need to download the newest version from the website if you get a virus again.

*Bonus - Free Anti-Virus Program

You can use AVG for a free anti-virus program to hopefully stop you from downloading another virus in the future. It is extremely important you keep your anti-virus program updated often as thousands of new viruses are created each day.

*Tip

You can always create a Guest user account and that will not allow a virus to download on your computer without your permission.

You are the best defense against a virus. Spam emails will not harm you as long as you do not open the link in the emails. Keep your anti-virus software updated often as thousands of new viruses are released daily. Once you have removed your virus with this process, we recommend you delete your virus removal programs and download new ones if you ever need to use this process again.

Tuesday, 22 July 2014

Complexity Science in Cyber Security

1. Introduction

Computers and the Internet have become indispensable for homes and organisations alike. The dependence on them increases by the day, be it for household users, in mission critical space control, power grid management, medical applications or for corporate finance systems. But also in parallel are the challenges related to the continued and reliable delivery of service which is becoming a bigger concern for organisations. Cyber security is at the forefront of all threats that the organizations face, with a majority rating it higher than the threat of terrorism or a natural disaster.

In spite of all the focus Cyber security has had, it has been a challenging journey so far. The global spend on IT Security is expected to hit $120 Billion by 2017 [4], and that is one area where the IT budget for most companies either stayed flat or slightly increased even in the recent financial crises [5]. But that has not substantially reduced the number of vulnerabilities in software or attacks by criminal groups.

The US Government has been preparing for a "Cyber Pearl Harbour" [18] style all-out attack that might paralyze essential services, and even cause physical destruction of property and lives. It is expected to be orchestrated from the criminal underbelly of countries like China, Russia or North Korea.

The economic impact of Cyber crime is $100B annual in the United states alone [4].

There is a need to fundamentally rethink our approach to securing our IT systems. Our approach to security is siloed and focuses on point solutions so far for specific threats like anti viruses, spam filters, intrusion detections and firewalls [6]. But we are at a stage where Cyber systems are much more than just tin-and-wire and software. They involve systemic issues with a social, economic and political component. The interconnectedness of systems, intertwined with a people element makes IT systems un-isolable from the human element. Complex Cyber systems today almost have a life of their own; Cyber systems are complex adaptive systems that we have tried to understand and tackle using more traditional theories.

2. Complex Systems - an Introduction

Before getting into the motivations of treating a Cyber system as a Complex system, here is a brief of what a Complex system is. Note that the term "system" could be any combination of people, process or technology that fulfils a certain purpose. The wrist watch you are wearing, the sub-oceanic reefs, or the economy of a country - are all examples of a "system".

In very simple terms, a Complex system is any system in which the parts of the system and their interactions together represent a specific behaviour, such that an analysis of all its constituent parts cannot explain the behaviour. In such systems the cause and effect can not necessarily be related and the relationships are non-linear - a small change could have a disproportionate impact. In other words, as Aristotle said "the whole is greater than the sum of its parts". One of the most popular examples used in this context is of an urban traffic system and emergence of traffic jams; analysis of individual cars and car drivers cannot help explain the patterns and emergence of traffic jams.

While a Complex Adaptive system (CAS) also has characteristics of self-learning, emergence and evolution among the participants of the complex system. The participants or agents in a CAS show heterogeneous behaviour. Their behaviour and interactions with other agents continuously evolving. The key characteristics for a system to be characterised as Complex Adaptive are:

The behaviour or output cannot be predicted simply by analysing the parts and inputs of the system
The behaviour of the system is emergent and changes with time. The same input and environmental conditions do not always guarantee the same output.
The participants or agents of a system (human agents in this case) are self-learning and change their behaviour based on the outcome of the previous experience

Complex processes are often confused with "complicated" processes. A complex process is something that has an unpredictable output, however simple the steps might seem. A complicated process is something with lots of intricate steps and difficult to achieve pre-conditions but with a predictable outcome. An often used example is: making tea is Complex (at least for me... I can never get a cup that tastes the same as the previous one), building a car is Complicated. David Snowden's Cynefin framework gives a more formal description of the terms [7].

Complexity as a field of study isn't new, its roots could be traced back to the work on Metaphysics by Aristotle [8]. Complexity theory is largely inspired by biological systems and has been used in social science, epidemiology and natural science study for some time now. It has been used in the study of economic systems and free markets alike and gaining acceptance for financial risk analysis as well (Refer my paper on Complexity in Financial risk analysis here [19]). It is not something that has been very popular in the Cyber security so far, but there is growing acceptance of complexity thinking in applied sciences and computing.

3. Motivation for using Complexity in Cyber Security

IT systems today are all designed and built by us (as in the human community of IT workers in an organisation plus suppliers) and we collectively have all the knowledge there is to have regarding these systems. Why then do we see new attacks on IT systems every day that we had never expected, attacking vulnerabilities that we never knew existed? One of the reasons is the fact that any IT system is designed by thousands of individuals across the whole technology stack from the business application down to the underlying network components and hardware it sits on. That introduces a strong human element in the design of Cyber systems and opportunities become ubiquitous for the introduction of flaws that could become vulnerabilities [9].

Most organisations have multiple layers of defence for their critical systems (layers of firewalls, IDS, hardened O/S, strong authentication etc), but attacks still happen. More often than not, computer break-ins are a collision of circumstances rather than a standalone vulnerability being exploited for a cyber-attack to succeed. In other words, it's the "whole" of the circumstances and actions of the attackers that cause the damage.

3.1 Reductionism vs Holisim approach

Reductionism and Holism are two contradictory philosophical approaches for the analysis and design of any object or system. The Reductionists argue that any system can be reduced to its parts and analysed by "reducing" it to the constituent elements; while the Holists argue that the whole is greater than the sum so a system cannot be analysed merely by understanding its parts [10].

Reductionists argue that all systems and machines can be understood by looking at its constituent parts. Most of the modern sciences and analysis methods are based on the reductionist approach, and to be fair they have served us quite well so far. By understanding what each part does you really can analyse what a wrist watch would do, by designing each part separately you really can make a car behave the way you want to, or by analysing the position of the celestial objects we can accurately predict the next Solar eclipse. Reductionism has a strong focus on causality - there is a cause to an affect.

But that is the extent to which the reductionist view point can help explain the behaviour of a system. When it comes to emergent systems like the human behaviour, Socio-economic systems, Biological systems or Socio-cyber systems, the reductionist approach has its limitations. Simple examples like the human body, the response of a mob to a political stimulus, the reaction of the financial market to the news of a merger, or even a traffic jam - cannot be predicted even when studied in detail the behaviour of the constituent members of all these 'systems'.

We have traditionally looked at Cyber security with a Reductionist lens with specific point solutions for individual problems and tried to anticipate the attacks a cyber-criminal might do against known vulnerabilities. It's time we start looking at Cyber security with an alternate Holism approach as well.

3.2 Computer Break-ins are like pathogen infections

Computer break-ins are more like viral or bacterial infections than a home or car break-in [9]. A burglar breaking into a house can't really use that as a launch pad to break into the neighbours. Neither can the vulnerability in one lock system for a car be exploited for a million others across the globe simultaneously. They are more akin to microbial infections to the human body, they can propagate the infection as humans do; they are likely to impact large portions of the population of a species as long as they are "connected" to each other and in case of severe infections the systems are generally 'isolated'; as are people put in 'quarantine' to reduce further spread [9]. Even the lexicon of Cyber systems uses biological metaphors - Virus, Worms, infections etc. It has many parallels in epidemiology, but the design principles often employed in Cyber systems are not aligned to the natural selection principles. Cyber systems rely a lot on uniformity of processes and technology components as against diversity of genes in organisms of a species that make the species more resilient to epidemic attacks [11].

The Flu pandemic of 1918 killed ~50M people, more than the Great War itself. Almost all of humanity was infected, but why did it impact the 20-40yr olds more than others? Perhaps a difference in the body structure, causing different reaction to an attack?

Complexity theory has gained great traction and proven quite useful in epidemiology, understanding the patterns of spread of infections and ways of controlling them. Researchers are now turning towards using their learnings from natural sciences to Cyber systems.

4. Approach to Mitigating security threats

Traditionally there have been two different and complimentary approaches to mitigate security threats to Cyber systems that are in use today in most practical systems [11]:

4.1 Formal validation and testing

This approach primarily relies on the testing team of any IT system to discover any faults in the system that could expose a vulnerability and can be exploited by attackers. This could be functional testing to validate the system gives the correct answer as it is expected, penetration testing to validate its resilience to specific attacks, and availability/ resilience testing. The scope of this testing is generally the system itself, not the frontline defences that are deployed around it.

This is a useful approach for fairly simple self-contained systems where the possible user journeys are fairly straightforward. For most other interconnected systems, formal validation alone is not sufficient as it's never possible to 'test it all'.

Test automation is a popular approach to reduce the human dependency of the validation processes, but as Turing's Halting problem of Undecideability[*] proves - it's impossible to build a machine that tests another one in all cases. Testing is only anecdotal evidence that the system works in the scenarios it has been tested for, and automation helps get that anecdotal evidence quicker.

4.2 Encapsulation and boundaries of defence

For systems that cannot be fully validated through formal testing processes, we deploy additional layers of defences in the form of Firewalls or network segregation or encapsulate them into virtual machines with limited visibility of the rest of the network etc. Other common techniques of additional defence mechanism are Intrusion Prevention systems, Anti-virus etc.

This approach is ubiquitous in most organisations as a defence from the unknown attacks as it's virtually impossible to formally ensure that a piece of software is free from any vulnerability and will remain so.

Approaches using Complexity sciences could prove quite useful complementary to the more traditional ways. The versatility of computer systems make them unpredictable, or capable of emergent behaviour that cannot be predicted without "running it" [11]. Also running it in isolation in a test environment is not the same as running a system in the real environment that it is supposed to be in, as it's the collision of multiple events that causes the apparent emergent behaviour (recalling holism!).

4.3 Diversity over Uniformity

Robustness to disturbances is a key emergent behaviour in biological systems. Imagine a species with all organisms in it having the exact same genetic structure, same body configuration, similar antibodies and immune system - the outbreak of a viral infection would have wiped out complete community. But that does not happen because we are all formed differently and all of us have different resistance to infections.

Similarly some mission critical Cyber systems especially in the Aerospace and Medical industry implement "diversity implementations" of the same functionality and centralised 'voting' function decides the response to the requester if the results from the diverse implementations do not match.

It's fairly common to have redundant copies of mission critical systems in organisations, but they are homogenous implementations rather than diverse - making them equally susceptible to all the faults and vulnerabilities as the primary ones. If the implementation of the redundant systems is made different from the primary - a different O/S, different application container or database versions - the two variants would have different level of resilience to certain attacks. Even a change in the sequence of memory stack access could vary the response to a buffer overflow attack on the variants [12] - highlighting the central 'voting' system that there is something wrong somewhere. As long as the input data and the business function of the implementation are the same, any deviations in the response of the implementations is a sign of potential attack. If a true service-based architecture is implemented, every 'service' could have multiple (but a small number of) heterogeneous implementations and the overall business function could randomly select which implementation of a service it uses for every new user request. A fairly large number of different execution paths could be achieved using this approach, increasing the resilience of the system [13].

Multi variant Execution Environments (MVEE) have been developed, where applications with slight difference in implementation are executed in lockstep and their response to a request are monitored [12]. These have proven quite useful in intrusion detection trying to change the behaviour of the code, or even identifying existing flaws where the variants respond differently to a request.

On similar lines, using the N-version programming concept [14]; an N-version antivirus was developed at the University of Michigan that had heterogeneous implementations looking at any new files for corresponding virus signatures. The result was a more resilient anti-virus system, less prone to attacks on itself and 35% better detection coverage across the estate [15].

4.4 Agent Based Modelling (ABM)

One of the key areas of study in Complexity science is Agent Based Modelling, a simulation modelling technique.

Agent Based Modelling is a simulation modelling technique used to understand and analyse the behaviour of Complex systems, specifically Complex adaptive systems. The individuals or groups interacting with each other in the Complex system are represented by artificial 'agents' and act by predefined set of rules. The Agents could evolve their behaviour and adapt as per the circumstances. Contrary to Deductive reasoning[†] that has been most popularly used to explain the behaviour of social and economic systems, Simulation does not try to generalise the system and agents' behaviour.

ABMs have been quite popular to study things like crowd management behaviour in case of a fire evacuation, spread of epidemics, to explain market behaviour and recently financial risk analysis. It is a bottom-up modelling technique wherein the behaviour of each agent is programmed separately, and can be different from all other agents. The evolutionary and self-learning behaviour of agents could be implemented using various techniques, Genetic Algorithm implementation being one of the popular ones [16].

Cyber systems are interconnections between software modules, wiring of logical circuits, microchips, the Internet and a number of users (system users or end users). These interactions and actors can be implemented in a simulation model in order to do what-if analysis, predict the impact of changing parameters and interactions between the actors of the model. Simulation models have been used for analysing the performance characteristics based on application characteristics and user behaviour for a long time now - some of the popular Capacity & performance management tools use the technique. Similar techniques can be applied to analyse the response of Cyber systems to threats, designing a fault-tolerant architecture and analysing the extent of emergent robustness due to diversity of implementation.

One of the key areas of focus in Agent Based modelling is the "self-learning" process of agents. In the real world, the behaviour of an attacker would evolve with experience. This aspect of an agent's behaviour is implemented by a learning process for agents, Genetic Algorithm's being one of the most popular technique for that. Genetic Algorithms have been used for designing automobile and aeronautics engineering, optimising the performance of Formula one cars [17] and simulating the investor learning behaviour in simulated stock markets (implemented using Agent Based models).

An interesting visualisation of Genetic Algorithm - or a self-learning process in action - is the demo of a simple 2D car design process that starts from scratch with a set of simple rules and end up with a workable car from a blob of different parts: http://rednuht.org/genetic_cars_2/

The self-learning process of agents is based on "Mutations" and "Crossovers" - two basic operators in Genetic Algorithm implementation. They emulate the DNA crossover and mutations in biological evolution of life forms. Through crossovers and mutations, agents learn from their own experiences and mistakes. These could be used to simulate the learning behaviour of potential attackers, without the need to manually imagine all the use cases and user journeys that an attacker might try to break a Cyber system with.

5. Conclusion

Complexity in Cyber systems, especially the use of Agent Based modelling to assess the emergent behaviour of systems is a relatively new field of study with very little research done on it yet. There is still some way to go before using Agent Based Modelling becomes a commercial proposition for organisations. But given the focus on Cyber security and inadequacies in our current stance, Complexity science is certainly an avenue that practitioners and academia are increasing their focus on.

Commercially available products or services using Complexity based techniques will however take a while till they enter the mainstream commercial organisations.

Save Your Computer From Dreaded Computer Viruses

When it comes to your business computers it is imperative that you protect yourself and your business computers from virus, malware and other threats that can harm your computers, servers and operating systems. This article will outline some tips on how to create an environment free of computer viruses.

Firstly, when your purchase new computers it is important that you have antivirus installed on it correctly. Make sure the antivirus is update to date and maintained to ensure that your computer can defend itself from viruses that try to access your emails, files and servers. There are more and more viruses appearing everyday now, setup your computer so that antivirus runs every day at a time when you are not working and it is updated automatically to prevent the newest of viruses from getting into your systems.

The most popular virus comes from human error. When employees open emails from unknown senders their computers can be infected which then can lead to the whole business network being infected. The rule of thumb when opening emails is to open emails that you are expecting or from people that you know.

It is important to keep your antivirus up to date, it is important to update your operating system as required. Microsoft will update your windows operating regular with updated security releases. You can automate this.

You can also add the windows firewall that will detect anything that is considered suspicious. If a virus, malware or hacker attempts to get into your system the firewall will prevent it. If a virus or hacker gets past a firewall it should still help protect the OS from having harmful programs from being downloaded.

When searching the internet make sure the browser privacy settings are turned on. This prevents websites from using your private browsing information and prevents fraud and identity theft,

Use a pop-up blocker along with the browser protection. Turning off pop-up windows will help create safer browsing although popups are usually advertisements that can contain files that can be infectious to your computer. Pop-up blockers eliminate the windows from appearing all together.

These steps help eliminate the possibility of a virus on your computer. Although you may apply all the steps above to prevent an infection for your computer, a virus might still get into your computer. If you suspect that your computer has an infection contact your local tech support guy or your local IT services company.

Six (6) Sure Signs You Have Been Hacked

There are several ways in which antivirus scanners try to detect malware. Signature-based detection is the most common method.

This involves searching the contents of a computer's programs for patterns of code that match known viruses. The anti-virus software does this by checking codes against tables that contain the characteristics of known viruses. These tables are called dictionaries of virus signatures.

Because thousands of new viruses are being created every day, the tables of virus signatures have to be updated constantly if the anti-virus software is to be effective. But even if the software is being updated daily, it usually fails to recognise new threats that are less than 24 hours old.

To overcome this limitation and find malware that has not yet been recognised, anti-virus software monitors the behaviour of programs, looking for abnormal behaviour. This technique is called heuristics. The software may also use system monitoring, network traffic detection and virtualized environments to improve their chances of finding new viruses.

Nevertheless, anti-virus software is never 100 percent successful and every day new malware infects computers throughout the world.

Getting hacked

There are three main ways you can get infected with malware.

These are: (a) running unpatched software, ie software that you have failed to update; (b) falling for a desirable freebee and downloading a Trojan horse along with the freebee; and (c) responding to fake phishing emails.

If you can manage to avoid these three failings, you won't have to rely so much on your anti-virus software.

Expecting that some day someone will release anti-virus software that can detect all viruses and other malware with complete accuracy is a vain hope. The best you can do is to keep your security up to date, avoid the three main ways you can get infected, and learn to recognise the signs that suggest your computer has been hacked so that you can take appropriate action.

Here are some sure signs you've been hacked and what you can do about it.

[1] Fake antivirus messages

A fake virus warning message popping up on screen is a pretty sure sign that your computer has been hacked-provided you know it's fake. (To be able to recognise a fake warning, you need to know what a genuine virus warning from your anti-virus software looks like.) The warning will reassure you by saying that it is can scan your system to detect the malware.

Clicking no or cancel to stop the scan won't help, because you computer has already been compromised. The purpose of the fake virus warning (which will always find lots of viruses that need to be eliminated) is to lure you into buying their virus removal service or other product.

Once you click on the link provided for that purpose, you will likely land on a very professional-looking website. There you'll be invited to buy and download the product by filling in your credit card details.

Bingo! As well as having complete control of your system, the hacker now has your personal financial information.

What to do: as soon as you see the fake virus warning message, turn off your computer. Reboot it in safe mode (no networking) and try to uninstall the newly installed software (which can often be uninstalled just like a regular program).

Then, whether you succeed in uninstalling the rogue program or not, restore your system to the state it was in before you got hacked. In the old days, this meant formatting the computer and reinstalling the operating system as well as all programs and data. Nowadays, you can normally revert to a previous state with just a few clicks.

Once you have turned back the clock, so as to speak, restart your computer in the normal way and make sure that the fake virus warning has gone. Then do a complete anti-virus scan to eliminate any traces of the malware.

[2] Unwanted browser toolbars

Finding your browser has a new toolbar is probably the second most common sign of being hacked. Unless you recognize the toolbar, and know that you knowingly downloaded it, you should dump it.

Very often these toolbars come bundled with other software you download. Before you begin a download, you should always read the licensing agreement which may contain a clause allowing other software to be downloaded with the software you want. Hackers know that people seldom read these agreements yet having these kinds of clauses makes the downloading quite legitimate.

What to do: Most browsers allow you to remove toolbars. Check all your toolbars and if you have any doubts about a toolbar, remove it. If you can't find the bogus toolbar in the toolbar list, check to see if your browser has an option to reset it back to its default settings.

If this doesn't work, restore your system to the state it was in before you noticed the new toolbar as described in the previous section.

You can usually avoid malicious toolbars by making sure that all your software is fully up-to-date and by being ultra-cautious when you are offered free software for downloading.

[3] Passwords changed inexplicably

If you discover that a password you use online has been changed without your knowledge then it is highly likely you have been hacked. If not, your internet service provider (ISP) has been compromised.

If you have been hacked, it is probably because you replied with your log-in details to a phishing email that seemed to come from the service for which the password has been changed. If so, the hacker used the information you gave him to log-in and change the password. Now he can avail of the service you were getting or, if it was your internet banking details you sent, steal your money.

What to do: report the change in your password to the online service provider who should be able to get your account back under control within a few minutes. If the log-in information you sent is used on other websites, you should immediately change those passwords also.

Above all, you need to amend your behaviour for the future. Reputable websites will never ask for you log-in details by email. If they do appear to do so, do not click on the link in the email. Instead go directly to the website and log on using your usual method. You should also report the phishing email to the service by telephone or email.

[4] Unexpectedly finding newly installed software

If you find new software in your computer that you don't remember installing, you can be fairly sure that your system has been hacked.

Most malware programs nowadays are trojans and worms which install themselves like legitimate programs, usually as part of a bundle with other programs that you download and install. To avoid this you need to read the licence agreement of the software that you do want to install closely to see if it comes with 'additional' software.

Sometimes you can opt out of these 'free' extras. If you can't, your only option, if you want to be sure you are not going to be hacked, is not to download the software you do want to install.

What to do: the first thing you should do (in Windows) is to go to Add or Remove Programs in the Control Panel. However, the software program may not show up there in the list. In so, there are plenty of programs available on the Internet (usually for free) which will show all the programs installed on your computer and enable you to disable them selectively.

This approach has two problems. Firstly, these free programs cannot guarantee to find every installed program. Secondly, unless you are an expert, you will find it hard to determine what are and what are not legitimate programs.

You could, of course, just disable a program you don't recognise and restart your computer. If some functionality you need is no longer working, you can re-enable the program.

However, your best bet in my view is to stop taking risks (and wasting time) by calling an expert technician at an online computer maintenance company who can scrutinise your system for illegitimate programs and delete them as necessary.

[5] Cursor moving around and starting programs

Cursors can move around randomly at times without doing anything in particular. This is usually due to problems with hardware.

But if your cursor begins moving itself and makes the correct choices to run particular programs, you can bet your last dollar that you've been hacked and that your mouse is being controlled by humans.

The hackers who can take control of your computer in this way can start working in your system at any time. However they will usually wait until it has been idle for a long time (eg, during the early hours of the morning) before they start using it, which is why it is important that you turn off your computer at night and disconnect it physically from the internet.

Hackers will use their ability to open and close programs remotely to break into your bank accounts and transfer money, buy and sell your stocks and shares, and do all sorts of other nefarious deeds in order to deprive you of your treasure.

What to do: If your computer suddenly swings into action some night, you should turn it off as soon as possible. However, before you do so, try to find out what the hacker is interested in and what they are trying to do. If you have a digital camera handy or a smartphone, take a few pictures of the screen to document what the hacker is doing.

After you have closed it down, disconnect your computer from the internet and call for professional help. To solve this problem you will need expert help from an online computer maintenance firm.

But before you call for help, use another computer that is known to be good, to change all your log-in details for your online accounts. Check your bank accounts, stockbroker accounts and so on. If you discover that you have lost money or other valuables, call the police and make a complaint.

You have to take this kind of attack seriously and the only option you should choose for recovery if a complete clean-out and re-installation of your operating system and applications.

But before you do so, if you have suffered financial losses, give a forensic team access to your computer so they can check exactly what took place. You may need a report from them to recover your monetary losses from your insurer, banker, broker or online merchant.

[6] Anti-virus program, Task Manager or Registry Editor disabled and won't restart

Stuff can happen, so one of these three applications could go wrong on its own. Two of them might go wrong at the same time in a million-to-one coincidence. But when all three go wrong together...

In fact, a lot of malware does try to protect itself by degrading these three applications so either they won't start or they start in a reduced state.

What to do: you cannot know what really happened, so you should perform a complete restoration of your computer system.

In conclusion

The above are just six fairly common signs that you have been hacked. There are plenty more.

These include: money missing from your bank account; your internet searches being redirected to places to which you do not want to go; being plagued by pop-up ads when you visit websites that normally don't generate them; and so on.

Once you've been hacked you can never really know for sure what's going on inside your system. A compromised system can never be fully trusted.

How to Remove TrojanADH2 Completely

What Is Trojan.ADH.2?

Trojan.ADH.2 is a malicious Trojan horse designed to have ability to do destructive activities on the infected computer. It can badly destroy a victim's computer system and steal the users' confidential information without any knowledge. Usually, it hides itself in websites which have been hacked by the rogue hackers. If users visit the hacked websites, it may be downloaded to the computers furtively. It can also enter into users' computers via spam emails. When users click on the suspicious links embedded in the spam emails or open the attachments (which look harmless but actually not), they would activate the malicious codes of the Trojan horse. Besides, freeware is also used by this Trojan horse to spread itself. It hides its installer in the freeware, and once user download and install such freeware to their computers, this Trojan horse is installed as well.

When installed, Trojan.ADH.2 will create and inject its registry entries into the Windows registry so that it can make changes to default system configuration such as Master Boot Record, one important part of Windows that takes control of the operating system's boot loader. By doing so, it is able to run automatically every time Windows boots up. While running in the background, this Trojan horse will try to do a series of malicious activities according to the commands received from the remote hackers. It randomly deletes some system files as well as folders, and disables certain programs or services without any permission, which causes some programs to be unable to start or the computer system to run abnormally. It also stealthily connects to certain websites and downloads other malware to the infected computer, which will put the system at great risk and greatly degrade the computer performance. Furthermore, it may create a backdoor in the system, allowing the remote hackers to access the files and data stored on the computer. Having this Trojan horse in their computers, users may end up spending much money to fix the problems caused by this Trojan horse and even encountering identify theft and data loss. It is no doubt that Trojan.ADH.2 is very dangerous and must be removed as soon as possible.

Effects of the Trojan Horse

1. It may significantly slow down the computer's performance.

2. It may generate a lot of pop-ups which may include fake alert messages and commercial ads.

3. It may damage some system files and disable certain programs, causing the system to malfunction.

4. It may cause the network speed to become slower and users have to wait for a long time to access the desired websites.

5. It may track users' online activities, collect valuable data stored on the computer, and then send them to the rogue hackers.

How to Remove Trojan.ADH.2?

There are two ways to get rid of the threat, the manual way and the automatic way. In the following, we will give the detailed steps of these two ways. You can choose one of them to deal with the Trojan horse, depending on your own situation.

Steps of the Manual Way (For Advanced PC Users):

Step 1: Reboot your computer into the Safe Mode with Networking.

a. Reboot your computer. When it starts loading up, you should keep pressing the F8 key repeatedly.

b. Use the arrow keys to highlight "Safe Mode with Networking", when the "Advanced Boot Options" shows up on the screen.

c. Press Enter to go ahead.

Step 2: Stop the process of Trojan.ADH.2.

a. Right click on the taskbar and select the "Task Manager" option. Then the Windows Task Manager will be launched.

b. Click "Processes" tab, scroll down to search for the Trojan horse related process.

c. Click on it and click the "End Process" button to stop it.

Step 3: Show all hidden files and folders.

a. Click Start menu and then select "Control Panel" option.

b. Click on "Appearance and Personalization" link.

c. Select "Folder Options", and click the "View" tab.

d. Under "Advanced settings", tick "Show hidden files, folders and drives", non-tick "Hide protected operating system files (Recommended)" and then click OK.

Step 4: Navigate to local disk C, find out and remove all the files related to Trojan.ADH.2.

Those malicious files may be found in the following folders:

Step 5: Delete all registry entries associated with the Trojan horse.

a. Open Registry Editor (Go to the Start menu, type "Reg" into the search box and click the program named "Registry Editor" from the result list).

b. Find out all Trojan.ADH.2 associated registry entries and remove them all.

Steps of the Automatic Way (For Novice Users):

The manual way should not be attempted by novice users, since it involves several complicated steps. If users make any mistakes during the process, the system would be damaged and malfunction. The automatic way is here for all users, especially the users who have less experience in computer operation. Please take the steps below to automatically remove Trojan.ADH.2.

Step 1: Download and install an advanced removal tool on the infected computer.

Step 2: Run the tool to start a full system scan. Now the removal tool will completely scan the hard drives and then show all detected threats in the system.

Step 3: Make sure that no any legitimate files are in the result list, check all malicious items, and then click the Remove button to remove all threats on the system.

Step 4: Reboot the computer after the removal. Run a full system scan again whether the Trojan horse and other related threats have been removed completely.

Conclusion:

Trojan.ADH.2 is a vicious Trojan horse designed by hackers to damage the infected computers and steal sensitive information or data from the users. This Trojan horse is often distributed by some free software downloaded from unreliable resources, spam emails with suspicious links and attachments, or websites that have been hacked by the rogue hackers. So, users should use caution when surfing online, if they want to avoid unwanted infections or loss. Basically, this Trojan horse will do many malicious things according to commands from the hackers. It can do many malicious things inside the infected computer and causes various unpleasant problems. To avoid unnecessary trouble, users should remove Trojan.ADH.2 as early as possible. Generally, users tend to use antivirus programs to remove threats on their computers. However, the Trojan horse is able to bypass the detection and removal by common antivirus programs. In this case, users can consider manually get rid of the Trojan horse, or download a more advanced removal tool to automatically remove it. It just depends on users' own situation.

Important Note: The manual removal is not for everyone. Sometimes, even the computer geeks have to rely on a removal tool when encountering malware threats. So, if you are a novice user, it is highly recommend using an automatic removal tool to deal with the Trojan horse.