Sei sulla pagina 1di 14

!

!
!
!
!
Research Paper
Internet Security and Privacy
Vinicius Lima de Moraes
AECP - ASU

!
!
!
!
!
!
!
!
!
!
!
!

Research Paper

Page !2
ABSTRACT

!
This research presents important aspects regarding internet security, focusing on how
threats can affect users. Also, it describes the definitions of the most common attacks and web
threats, lists some numbers and charts obtained by Symantec, an well established security
company in the web market, and some analysis on government surveillance programs.
Furthermore, it intends to show how important is the Brazilian initiative over the Civil Rights for
the Internet Framework and its principles as a regulation tool.

!
!
!
!
!
!
!
!
!
!
!
!
!
!

Research Paper

Page !3

Internet Security And Privacy

!
The internet is part of peoples life. Every person is connected by some electronic device
to the world wide web, accessing information, establishing relationship, taking care of their
finances, working, and etc. Day by day, the number of internet users increases, people try to
discover new ways of use, and companies explore opportunities to improve their business.
However nowadays it is reality, the need for web security has become imperative (Bhasin, 2003).
Most part of worries regarding security for web transactions are over e-commerce
operations and personal data. A large number of solutions specially developed to work as digital
wallets can be used for payments through the web. Also, there are many different social
networks, through which people share, with their friends, photos and information about their life.
Taking advantage of it, bad intentioned people are working to intercept such information and
committing crimes.
According to Shweta Bhasin (2003), another reason that is an important concern about
web safety is the number of different new programming languages emerging on this scenario.
The complexity of the breaches of internet security is getting higher, whereas the number of
people who can detect those attacks is getting scarce. Bhasin still says that as the use of internet
is increasing, the chances for breaches and consequently attacks increases too.
A breach can be defined as illegal access to information that can result in disclosure,
obliteration, or alteration of information (Bhasin, 2003).

!
!

Research Paper

Page !4

Total Breaches
156

160

120

93
80

40

2012

2013

Figure 1 - Comparative of Number of Total Breaches!


Source: Symantec Internet Security Threaten Report - 2014

Total Identities Exposed (Million)


600

552

450

300

253

150

2012

2013

Figure 2 - Comparative of Total Identities Exposed!


Source: Symantec Internet Security Threaten Report - 2014

!
!

Research Paper

Page !5

According to the Symantec Internet Security Threaten Report (2014)1, in 2013 the main
issues that called organizations attention were cyber-espionage , threats of privacy and the acts
of malicious insiders. In the same year, eight breaches exposed more than 10 million identities,
causing problems of wild scam to many users and businesses. Following, the most important
trends in 2013 gathered by Symantech:

!
2013 Was The Year of Mega Breach
Targeted Attacks Grow and Evolve
Zero-day2 Vulnerabilities and Unpatched Websites Facilitated Watering-Hole3 Attacks
Ransomware4 attacks grew by 500 percent in 2013 and turned vicious
Social Media Scams and Malware Flourish on Mobile
Prevalence of Scams Fails to Change User Behavior on Social Media
Attackers are turning to the Internet of Things

!
Bahsin (2003) says that there are several types of security breaches, as follows:

!
Spam e-mails: companies access subscribers information from a service provider
database, without its permission, to send offers to users.

http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf

An attack that exploits a previously unknown vulnerability in a computer application (Wikipedia).

3 An

attack that consists in observing a group of users and trying to infect them by the sites they trust (Wikipedia).

A type of malicious software designed to block access to a computer system until a sum of money is paid
(Google).

Research Paper

Page !6

Unauthorized access of confidential data: usually an individual accesses a database to


get information such as address, social security number, bank details, intending to create
fake identities.
Eavesdropping: An intelligence agency of a country accesses the network of another
country to get confidential data.
Hosting stealth: A company gets unauthorized access to another companys web host to
store its own websites and promote themselves.
Login automated scripts: a hacker creates a script to automate login requests to a
computer.
E-mail servers invasion: Individuals get unauthorized access to e-mail servers to
adulterate or steal information.
Network invasion: Individuals get unauthorized access to a network, like banks,
companies, virtual stores, to generate scam, steal confidential information or even steal
money.
Virus attacks: Viruses spread over the internet in different ways.
DNS Hijacking: Hackers change the address map on a server to redirect users to a
malicious website.
DoS attacks: Hackers increase the data traffic directed to a website or online service,
blocking the access by other users due the high number of requests.

!
However organizations are thinking of how to create better solutions to eliminate those
issues, security in the internet cannot be 100% effective. It usually happens because of the speed

Research Paper

Page !7

how technology gets changed, whereas companies keeps their vulnerabilities unrevised, instead
of anticipate possible threats. Individual users usually dont realize how dangerous the lack of
knowledge about this problem can be. Even though they have some concerns about that, they
cannot solve the problems easily. Anyway, the risks can be minimized. As presented by the U.S.
Department of Homeland Security (2003), in the article entitled The National Strategy to Secure
Cyberspace, reducing vulnerabilities is a challenge. What makes it a tough work is the range of
different types of users and devices, which are not completely compatible among them. Still
according to the DHS, digital safety over the web should be analyzed on five levels:

Level 1:
Home User / Small Business

Though it is not critical, the computer of home users can


become part of a zombie network, being remotely controlled
to perform attack over important organizations, usually
denial-of-service attack.

Level 2:
Large Enterprises

Corporations, government and university are in this level.


These entities, considering they possess significant data and
power, are constantly targeted by hacker attacks.

Level 3:
Critical Sectors / Infraestructures

If the organizations of a sector are grouped, working together


over a situation which can affect all the sector, better is the
effectiveness of the actions.

Level 4:
A hacker issue can affect seriously a nation, what can
National Issues and Vulnerabilities undermine different sectors at the same time. Such issues
cannot be solved by an individual enterprise. The solutions
usually relies over professionals' training, and research to
improve technologies.
Level 5:
Global

The world is immersed in the internet, mixing a huge variety


of systems. Hence, it depends on global shared standards to
shape it in a full compatible communication system and
minimize the effects of cyber attacks.

Figure 3 - The five levels of the cyber security scope!


Source: The Reference Shelf - Internet Safety

Research Paper

Page !8

Regarding threatens existent in the internet, they are uncountable. According to Richard
Joseph Stein (2009), viruses maybe are the most common form of computers threat. In general,
people use to call virus anything causing problems on their computer operation, no matter the
reason. Another threat are the spam e-mails, what is defined as a non wanted advertisement via email. Mostly, this type of threaten collaborates to elevate the rates of identities theft, once they
can embed viruses or links to capture the users personal data. This practice is known as
phishing. Also, as threatens, there are the ones called botnets. The botnets are originated from
contaminated machines which, after that, can be controlled automatically to trigger malicious emails or others types of bad content. Normally the computers owner doesnt know about this
issue. It is necessary a scan by an anti-virus tool to detect the problem. However there are several
classifications for viruses, in general their aim is steal information from users and use it in order
to generate money illegally.

Figure 4 - Top-ten botnets, 2013.!


Source: Symantec Internet Security Threaten Report - 2014

Research Paper

Page !9

The consequences of data stealth for companies and domestic users can be disastrous.
The Symantec report (2014) presents that a company can suffer heavy impacts in its reputation.
The consumers can lose trust in it and replace them for another competitor. Furthermore, there is
the risk of lawsuit if any personal data stealth causes bigger problems to the consumer, so they
were exposed. Also related in the same report, it is said the the governments are monitoring
communications on the internet, and it relates directly to privacy policies.

!
The web privacy and security in Brazil

!
Recently, an incident involving information security aspects between Brazil and the US
was called into attention: the NSA (National Security Agency) was accused by the Brazilian
President, Dilma Roussef, based on the Edward Snowden revelations, of spying on her
conversations. It can be considered a serious security flaw by the Brazilian authorities, as well as
a privacy invasion. In order to avoid any other problems on this issue, the Brazilian government
decided to adopt some preventive measures, which are not all feasible. Nevertheless, due to
coincidence or not, all of this comes up in a moment that the Brazilian Civil Rights Framework
for The Internet is being discussed.
Currently, Brazil has one of the highest rates of internet usage of the world (Lourdes
Garcia-Navarro, 2013). The popularization of the internet all over the country came rapidly,
mainly after incentive actions regarding digital inclusion in distinct areas of metropolitan centers
and suburbs. Consequently, it increased the worries about information security and privacy, and

Research Paper

Page !10

Brazilian internet users are mindfully following the government discussion about internet
regularization.
As publicized on the ICT Households and Enterprises 2012 - Survey on the use of
information and communication technologies in Brazil (2012), The Civil Rights Framework is
based on three pillars: freedom, neutrality and privacy. Freedom relates to how people can
express their ideas or share their opinions. It guarantees that communication can flow and not be
censored unfairly, or only comply with a particular political will. The responsibility for any
inappropriate content, which can eventually offend someone, goes to its owner. But the vehicle
or channel where that content is publicized is obligated under legal request to remove the content
in case of any complaint properly judged. Hence the website no longer plays the role of judge,
but the judge himself. Under this topic, the controversy resides on the fact that many people
dont believe justice will prevail, and they think it will not work: basically the law will turn into
censorship in disguise.
Neutrality applies to data traffic through the web. Specifically, it defines mechanisms to
avoid big companies which provide internet access by data packages, on establish commercial
agreement with third-parties that favor certain types of content. In other words, telecom
companies can offer different data packages, but they cannot define how fast is a connection to a
specific service will be, so the speed has to be the same for all the services a user accesses. It can
be considered a victory by consumers, who will benefit from market competition. On the other
hand, from the companies' point of view it has not been a good deal and they argue that the
decision can prejudice their business. Actually, it would undermine the consumer's freedom of
choice, the free competition on internet, and innovation possibilities.

Research Paper

Page !11

Privacy has to do with information traffic and data storage, and how it can be protected.
Pretty much people's personal information is circulating on the Internet. It is easy to get that
information. Based on it, Internet providers and websites no longer can keep users data without
their express permission. However, nothing was defined regarding how the users personal
information can be used, what is a significant weakness. Anyway, the Brazilian government is
using the President Dilma's incident as an extra argument to defend the Civil Rights Framework
approval. It makes sense, once that document regulates important aspects over the internet in
Brazil.
Along this matter, Brazil wants to determine limits over national data circulation by
requesting data storage to be done only inside the country, even for international giants, like
Google, says Lourdes Garcia-Navarro (2013). In parts, it could be interesting, but as said before:
it is not feasible. The reason lies on the fact that it could affect, significantly, a huge number of
international operations in the country. At the same time, it could jeopardize hundreds of new
foreign investors who wanted to put their money in Brazil's digital economy. Further more,
Brazilian companies already established and counting on foreign suppliers, would have to find
alternatives to attend to the government decision, expending extra capital.

!
Conclusion

!
The importance of web safety remains on the fact that the use of the internet for
important operations is reality nowadays. People and organizations depends on the web network
to pretty much everything they need to do. The amount of data stored into servers and the

Research Paper

Page !12

perception of its value, collaborates to increase the cyber crimes rates. Besides that, the variety of
electronic devices which have internet connection available supports even more the human
dependence on the online world. So, in order to protect all the digital environment and its users,
the adoption of regular measures is necessary to improve risk mitigation and preserve the
security and the privacy over the internet.

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

Research Paper

Page !13

References

!
Molon, A. (2012). Marco Civil da Internet: Em Defesa da Liberdade, Neutralidade e
privacidade. Retrieved from http://www.cgi.br/media/docs/publicacoes/2/tic-domiciliose-empresas-2012.pdf.

!
Praise For Brazils Internet Rights Framework (2014, April). Retrieved from http://
www.waccglobal.org/articles/praise-for-brazil-s-internet-rights-framework.

!
Garcia-Navarro, L. (2013, September). There Are Pitfalls If Brazil Wants To Secure Its
Internet From Spies. Retrieved from http://www.npr.org/templates/story/story.php?
storyId=226205888.

!
U.S. Department of Homeland Security (2003). Cyberspace Threats and Vulnerabilities. In R. J.
Editor, The Reference Shelf - Internet Safety (pp 28-34). Dublin, NY: H. W. Wilson.

!
Stein, J. (ed.). (2009). Viruses, Spam, and NetBots - Editors Introduction. In R. J. Editor, The
Reference Shelf - Internet Safety (pp 43-44). Dublin, NY: H. W. Wilson.

!
Stein, J. (ed.). (2009). Safety in Numbers? An Overview of Internet Safety - Editors
Introduction. In R. J. Editor, The Reference Shelf - Internet Safety (pp 3-4). Dublin, NY:
H. W. Wilson.

Research Paper

Page !14

Stein, J. (ed.). (2009). On-Line Identity Theft - Editors Introduction. In R. J. Editor, The
Reference Shelf - Internet Safety (pp 65-66). Dublin, NY: H. W. Wilson.

!
Symantec (2014). Internet Security Threat Report - 2014. 2013 Trends, Volume 19. Retrieved
from http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v19_21291018.en-us.pdf

!
Bashin, S. (2003). Web security basics [electronic resource]. Cincinnati, OH: Premier Press.