Internet information privacy
We live in a world where the internet plays a pinnacle role in our day to day lives. Discuss how the internet has caused an ethical debate on our information privacy.
Internet information privacy
Internet has become a common feature that affects every individual in the world in one way or the other. The use of internet services has been utilized in several activities ranging from the commercial to non-commercial activities. According to the Google report released in October 2012, more than 2.5 million people are online in every minute (Chung & Paynter, 2002). This is a remarkably high number of internet utilizers’ compared to the early years that the internet was introduced. The ranges of activities that are conducted online have also increased greatly. The internet has basically been utilized in the sharing and transferring of information between individuals all over the world who are set apart geographically. The increased numeracy of the internet users has led to the use of the internet services unethically (Chung & Paynter, 2002). Other people have utilized the internet for criminal gain. There are several websites that the individuals are asked to enter their details before they start using the services of those websites. The privacy and security of personal information is very questionable when conducting transactions and communications online. This paper focuses to address the degree of information privacy over the internet. The information security threats especially in money transactions have led to lack of trust among internet users especially in the commercial sector (Domingo, 1999). Businesses are faced with a very great challenge of securing customers information or users of their websites confidential information. Hackers have been recorded in the recent past as being responsible for accessing user’s information and using it for malicious purposes. Needless to say there is a dire need for websites and internet users to protect and keep their information private to avoid so many inconveniences.
Beckett (2004) identified the advantages of utilizing internet as a means of information transfer than any other media as follows; the internet is global, the use of internet in the transfer and exchange of information and data is not limited by geography. People who are utilizing the internet can be able to send and receive data or information from one point to another irrespective of the distance and geographical barriers between them.
The internet information exchange is very interactive. Human relation with the machines is very interactive and people are able to exchange information over the internet without any much difficult. just like in human-human interaction the machines once they are able to connect to the internet then the individuals can use their machines either phones, computers or any other digital device that is internet enabled to communicate with each other effectively.
Several websites have enabled the use of dialog in the communication. Skype recorded 12% of internet use according to the Google report 2012. The softwares that are used in this website are able to enable dialog between the individuals that are communication online. Video conferencing are some of the other services that are provided over the internet which have enabled live dialogues between individuals who are geographically set apart from each other. Organization conducting transactions online are able to reach and negotiate with the customers online and this leads to better customer relations.
One of the most outstanding advantages of utilizing the internet is that information transfer is almost instantaneous. When transferring information over the internet as long as the sender and receiver are available online then the transfer of the message is very fast irrespective of the distance between the users.
The cost of communication is also very minimal over the internet. Unlike communication over other media, the internet provides the cheapest type of communication that can be utilized by individuals to carry out communication. However, the cost varies depending on the gadget that is used in accessing the information. The size of screen used to display the information matters a lot and corresponds to the cost that is used in accessing the internet. For instance, large screen uses large amount of data in displaying the information over the Google search engine.
Yeshwantrao & Jadhav (2014) argue that huge numbers of internet attacks happening nowadays are focused on the exploitation of individuals, financial organizations and institutions in order to earn money. This has seen several institutions that are poorly protected loss millions of money over the internet transactions. according to the two one of the most serious threats to the internet is the presence of large number of infected computers in which either the owners are unaware of their computer infections or they are aware of it but do not know how to deal with those threats to get them out of their computers.
Yeshwantrao & Jadhav (2014) Botnets are the most dangerous threats to the internet security. The botnet problem is very global in nature. The authors have defined a botnet as a network of computers that are infected with malicious programs that allows cybercriminals to control the infected machines remotely without the knowledge of the users. Other authors refer a botnet as a zombie network. Zombie network is a network of infected computers (zombies) that allows cybercriminals to control the infected machines remotely without the owner’s knowledge (Ahmad, 2009).
Botnet refer to the computer networks using the distributed computing software by the botnet controller giving instructions directly to the small number of machines that are infected within the network. These smaller machines take the responsibility of passing the instructions to other computers in the same networks usually through the Internet Relay Chat. In this order the instructions are passed in a hierarchical order just like in administration in an organization. We have the botnet master which is the point of origin of all the instructions; this is like the CEO of an organization. Then we have the small machines, just like the supervisors in an organization they take the instructions from the CEO. Then the computers (zombies) are the ones on the ground to perform the tasks.
Bots enter into a person’s computer in many ways. One of the ways that they enter is through searching along the network for those computers that are highly vulnerable and unprotected computers to infect them. When they find any machine along the network that is unprotected they quickly infect the machine and report back to the bot master that they have infected a specific machine along the network. After reporting to the master then they have to keep hidden until they are instructed to perform a specific function by their master. The image below adopted from Yeshwantrao & Jadhav (2014, p.123) shows the working of a botnet using DDoS attack.
After understanding the working of a botnet we need to understand how the botnet attack threatens the privacy and security of information over the internet.
Distributed Denial-of-Service (DDoS) attack on a network basically causes the loss of service provision to the computer users. This entails loss of internet connectivity when actually the internet is stable and should be available to the computer. To launch a DDoS attack using Botnet has several advantages that include multiplying impact of the attack without the requirement of any IP address spoofing. Attackers have spent a lot of time and effort on improving such attacks.
Spamming is also another information security threat. A spam is basically a range of messages that are similar to each other that are sent to a series of receivers who have actually not requested for them services of the emails or who have not subscribed to receive the emails that are sent to them. A person involved in spamming is called a spammer. Blogs, forums, social networking sites and any other form of online sharing are very vulnerable to this type of attacks. Individuals should be very careful on the type of messages that they receive in their inboxes on either facebook or the emails. In addition, commenting and sending messages anyhow without understanding the intention of the message receiver can also be vulnerable to these attacks. Some of them are designed in such a way that the moment you respond to the emails or messages then an automated software crates rubbish posts with links that are usually unnecessary and unwanted. Spamming has advanced and nowadays it has gone over to undesirable adverts on wireless devices such as phones.
Phishing and Identity Theft (ID Theft) is an information security threat. The term phishing relates to the term fishing. Fraudsters and attackers behave like fishermen. They send out a lot of deceptive messages over emails (the bait) to mostly random addresses over the internet. These emails are very deceptive in nature and they appear very promising in terms of finances. For instance, they can come in form of engaging in a competition, which the email receiver never participated in the real sense. At the end, they deceive the receivers to reveal their personal information in terms of things like the social security number, financial account details and other identity information.
Ahmad (2009) classifies phishing into three types. The first one is bonk- an attack on the Microsoft TCP/IP that can crash the attacked computer because it hinders data communication in the stacks of the computer. The second one is the RDS shell- this is a method of exploiting the Remote Data Services components of the Microsoft Data Access Components that lets remote attackers run commands with system privileges. The third one is Win Nuke- an exploit that can cause NetBIOS to crash older Windows computers.
A malware is a malicious software designed d to cause damage to the computer without the owners prior consent. Viruses and worms are the mostly used malwares. According to Ahmad (2009), a computer virus is a program written to alter the way the computer operates without the permission of the user. a worm on the other hand are viruses that replicates and executes themselves spreading all the computer causing damage to the way the computer functions.
`Another form of attack is installing of advertisement add-ons and browser helper objects (BHO’s).In advertising, the Botnets are used to spread new bots through the use of adwares (used in placing adverts on the internet).this one normally becomes very easy as all bots can implement mechanisms to download and execute a file through HTTP or FTP. Some bots may cat as HTTP or FTP servers for malware. Fake websites are set up through which companies p[lace adverts by signing up and registering for what they believe is true advertising of their products. with the help of a botnet automatic clicks can be enabled which are meant to deceive the company that there are a thousands of people who clicked to view their products when in the real sense nobody clicked.
Sniffing Traffic (Traffic Monitoring) is a very sensitive botnet attack.Bots can also be used as a packet data top watch for certain specific information that is used by individuals over the internet. This information entails the passwords and log in details that individuals use in logging in to specific sites. When the attackers get this information then they can use it to log in to the site and get access to other useful information. In this case, the individual assumes the responsibility of the original owner of the details. Then they can alter the details for their own personal gain.
Attacking IRC Chat Networks is a security threat. The victim network is flooded by service requests from thousands of bots or by thousands of channel-joins by bots. In this way, the victim IRC network is brought down similar to a DDoS attack.
Recently mobile Botnets was brought in notice as viruses, worms, Trojans, spyware and adware targeting the mobile platform. Mobile phones seem overtake desktop and laptop computers as the preferred way of connecting to the internet. Android Botnets (such as Spam Soldier) have now been discovered. Spam Soldier Botnet steals money by sending an SMS to selected numbers without the Android user knowledge. The malware spreads by sending SMSs from the infected device to other mobile phones, attracting the user to install the malware. Android Botnets can be used for identical attacks that personal computer based. Botnets have been used, such as DDoS attacks, identity theft, etc. The surface area of devices is thus rapidly growing, making Botnets a much greater threat – along with the complementary increase in the threat of malware, DDoS, identity theft, phishing
Al-Fadhli (2008) recommends the actions that should be taken by the network administrators in order to prevent the attack by bots. The first one is the usage of the Intrusion Preventive Systems. These are systems which are designed to monitor network activities in order to detect undesirable activities in real time with the task to block them from acting. Undesirable activities include activities that usually come in form of malicious inputs to target application or computer in order to gain control of the machine. General awareness of the security threats for all online users is very important .Set the operating system to download and install security patches automatically and the activation of antivirus software. Use firewall to prevent the system from attacks while online. Downloading software from websites, that one knows and which have good reputation in the software market. Use antivirus, antispyware and anti-Trojan tools and regularly update them. Use CAPTCHA texts as tests against websites that are not genuine.
In detecting botnet the following should be used to detect the botnet attack. Signature-based Detection: this technique entails identifying the Botnet commands and storing them on the computer so that when the system comes into the commands which are similar to the one stored it gives an alert. Anomaly-based Detection: in this method it requires observation of the system for unexpected behaviors of the system. This includes traffic jams that are unnecessary and an abnormal behavior of the computer system. DNS-based Detection: DNS-based Botnet detection based on the DNS information because bots normally begin connections at the with the C&C server to get commands. Data mining-based Detection: Data mining aims at detecting patterns of data in order to discover regularities and irregularities in large packets of data.
In responding to botnet attacks the following can be applied; The user should disconnect from both the internet and any other local network connections immediately they discover a virus infection. Secondly scan the entire computer system with fully updated anti-virus software and anti-spyware. Inform appropriate organization or institution if the user had stored some confidential information on the system. This includes banking details. Change passwords and other usernames with immediate effect. Network administrators should isolate the attacked machine from the network. Report unauthorized access actions to the authorities.
From the discussion above network information security is indeed a threat to internet users. Information security is everybody’s responsibility as long as they are utilizing a network and accessing the internet. In order to ensure that the organization takes care of its information it is necessary to educate the internet users on the various security threats that come with internet transactions.
How to use usage of the Intrusion Preventive Systems in botnet prevention
Ahmad, A., 2009. Type of security threats and its prevention. Ateeq Ahmad, International
Journal Computer Technology & Applications vol. 3(2), 750-752. Northern Border University: Saudi Arabia.
Al-Fadhli, M., 2008. internet and privacy. Information Systems and Information Society,
research training programme, 2007-2008.The university of Sheffield.
Beckett, R., 2004. Communication ethics and the internet: intercultural and localizing
influencers. International Journal of Information Ethics, Vol. 2 (11/2004). Communication Ethics Limited: United Kingdom
Chung, W. & Paynter, J. 2002. Privacy Issues on the Internet. Proceedings of the 35th Hawaii
International Conference on System Sciences – 2002. The University of Auckland: New Zealand
Domingo R. Tan, 1999. Personal Privacy in the Information Age: Comparison of Internet Data
Protection Regulations in the United States and European Union, 21 Loy. L.A. Int’l &
Comp. L. Rev. 661 (1999).
Yeshwantrao, S. & Jadhav, J. 2014. Threats of Botnet to internet security and respective defense
strategies. International Journal of Emerging Technology and Advanced Engineering l,
Volume 4, Issue 1, January 2014.