1. Explain how a denial-of-service attack works. How and why are these attacks effective in their goals? Who would be the primary targets for these types of attacks?
A denial of service attack (DoS attack) is a type of attack on a machine or a network of machines that is intended to make certain resources unavailable for use for the the users who are generally meant to be the intended users. There are a variety of different ways that a denial of service attack can be carried out, but the purpose is the same: to disrupt the proper functioning of a machine or a network. If a denial-of-service attack is carried out on a particular machine or network, the people carrying out the attack will cause the proper functioning of the machine or network to slow or even stop (Aycock, 2006).
A denial-of-service attack may consume resources that the machine or network needs to function. The attacker may even disrupt the configuration of the machine, or disrupt the physical network components of the machine. These attacks may prompt the machine to install and activate malware, which can take control of the machine and obtain information about the machine or network, or may even force the machine or network to perform other activities, like sending spam mail or personal information to a third party (Aycock, 2006).
The primary targets for these types of attacks are people or machines who are open to vulnerabilities in their system. Often, these attacks happen to personal computers; however, there are instances where networks and more professional and industrial groups of machines have fallen victim of a denial of service attack (Aycock, 2006). Many of these attacks take place over peer-to-peer networks, and individuals who are not savvy to computer viruses, malware, and fraud can fall victim to these types of attacks.
2. Describe and define a virus hoax. How does a virus hoax spread? Why are virus hoaxes potentially more dangerous than an actual virus? Explain.
A virus hoax is a type of hoax that often spreads via email or social media networks. It warns the user of a new virus that is present on the Internet, warning the user that this virus may do any number of things to his or her computer. This virus, if it does exist-- and it rarely if ever does-- cannot ever actually perform the amazing things that the emails will say that they will be able to do.
These virus hoaxes are spread across the Internet by the power of fear-- unlike other types of computer worms and computer viruses, the hoaxes in question may not ever change the nature or the performance of a computer. However, these virus hoaxes present a different type of issue for computer users; they prey on the lack of knowledge and lack of education that many people have about computers.
As these computer virus hoaxes grow in popularity, they will be spread further through the Internet with every user that forwards the messages to other users. Many computer companies, both software and hardware, have made specific policies regarding hoax messages: end users should not forward these messages to anyone except IT professionals. In the workplace, there should be IT professionals dedicated to the workplace, but at home, individuals should be wary and not forward these types of emails or messages to anyone else, as this perpetuates the computer virus hoax.
Virus hoaxes are potentially more dangerous than viruses because they spread false information regarding viruses to all corners of the web in the guise of providing information to users. These hoaxes can encourage behavior like downloading unknown files or executing unknown programs in the hopes of making one’s computer safe from viruses that are allegedly being spread.
3. How are phishing attacks used as Internet fraud schemes? How does this form of attack affect individuals? Provide and explain an example of phishing and evaluate its effects on the public.
The idea of “phishing” is most commonly used in the context of electronic fraud today, but it has not always been so. Today, phishing is considered to be the act of gathering private information via electronic channels; it usually involves gathering information like credit card information, user names, passwords, and other personal information for the purposes of stealing individuals’ identities at a later date (Stavroulakis and Stamp, 2010). There have been many different phishing scams perpetrated on people around the world, and many different types of “bait” have been used. One such “phishing” expedition has been perpetrated by people claiming to be part of the Internal Revenue Service (IRS) with the intent of obtaining personal information from the victims.
Individuals who become victims of this type of attack are not only having their computers or their networks attacked. They are attacked on a personal level, with their personal information falling into the hands of people who often either sell the information, or use it to take over the identity of the victim. These victims often fall victim to financial hardship as a result of the phishing that they experienced.
4. Compare and contrast viruses and malicious code. How do they differ? How is each built and executed? In your opinion, which one is more destructive? Why?
According to Stavroulakis and Stamp (2010), quoting the antivirus giant Norton, “Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy” (Stavroulakis and Stamp, 2010). This means that viruses are a type of malicious code, but not all malicious code is a computer virus.
Malicious code, or malware, may be any number of different types of code. The code may be active, or it may be passive; it may be downloaded onto a computer or network, or it may be present there in some other way. Computer viruses, as a form of malware, are always spread by placing themselves inside a machine and then replicating within the computer, machine, or other network (Aycock, 2006). According to Aycock (2006), those who create viruses ensure that the virus survives by combining their knowledge of code with social engineering and general lack of knowledge about viruses, computer security, and how viruses are spread.
Viruses are quite destructive, but malware as a whole may be more destructive, as it includes things like backdoors and Trojans, which are capable of using a system’s own security system against the user. Viruses can be eradicated, but malware often provides information to third parties about the user and his or her personal data.
5. Outline the Economic Espionage Act and explain how it applies to corporate espionage. Explain the two separate offenses that this Act covers. Explain how these offenses relate to corporate spying. Provide examples of corporate victims who have fallen prey to these two offense types.
The Economic Espionage Act covers two basic types of espionage. First, the Act prohibits theft or misappropriation of trade secrets (Dorsey.com, 2014). Essentially, this means that an individual, when leaving a company, cannot take that company’s protected secrets to the public or to that company’s competitor (Dorsey.com, 2014). If an employee left Coca-Cola, for instance, they could not bring the recipe for Coca-Cola to Pepsi. It also makes it illegal to sell company secrets (or government secrets) to a foreign power (Dorsey.com, 2014).
There have been very few people prosecuted under the Economic Espionage Act. However, one that was prosecuted-- Greg Chung-- was selling state secrets from Boeing to the Chinese government for more than thirty years before he was caught (Dorsey.com, 2014). However, many more have been prosecuted under the part of the Economic Espionage Act that prohibits the theft and sale of corporate secrets. Companies can use this Act to protect themselves and prosecute those individuals who try to infiltrate their computer systems and networks to steal company secrets (Dorsey.com, 2014).
Aycock, J. D. (2006). Computer viruses and malware. New York: Springer.
Dorsey.com. (2014). The economic espionage act: the double-edged sword. [online] Retrieved from: http://www.dorsey.com/newsevents/uniEntity.aspx?xpST=PubDetail&pub=186 [Accessed: 2 Feb 2014].
Stavroulakis, P. & Stamp, M. (2010). Handbook of information and communication security. Heidelberg: Springer.