EE4758 COMPUTER SECURITY

IM3003 INFORMATION SECURITY

DR M Y Siyal

Computer/Information Security

P1-1

COURSE OUTLINES
OBJECTIVE
This subject intends to provide students with essential concepts
of computer/information security, cryptography, secure protocols,
security

Plan-Protect-Respond

cycle,

and

other

security

technologies, policies, and practices.

DESIRED OUTCOME
With the background obtained in this subject, a student should be
able to understand, develop, use and deploy appropriate security
technologies, policies, procedures and practices.
DR M Y Siyal

Computer/Information Security

P1-2

COURSE ASSESSMENT
The course assessment is done by:
CONTINUOUS ASSESSMENT (CA)

20%

One Quiz (date to be announced via course site)

20

Questions

MCQ, T/F, fill in blanks and short answers

ABSENTEE (WITHOUT OFFICIAL LEAVE)
WILL RECEIVE ZERO MARKS
EXAMINATION

80%

Four Questions
Closed Book
DR M Y Siyal

Computer/Information Security

P1-3

BOOKS
Text and Reference Books
William Stallings, Cryptography and Network Security: Principles
and Practices, 6 Ed, Prentice Hall, 2013.
William Stallings, Network Security Essentials: Applications and
Standards, 5 Ed, Prentice Hall, 2014.
Other Useful Books

A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied

Cryptography, CRC Press, 1997.
Alan G. Konheim, Computer Security and Cryptography, WileyInterscience, 2007, ISBN: 978-0-471-94783-7.
D. Gollmann, Computer Security, John Wiley & Sons, 2006.
A.W. Dent, C.J. Mitchell, User's Guide to Standards and
Cryptography, Artech House, 2005.
DR M Y Siyal

Computer/Information Security

P1-4

SAMPLE OF
COMPUTER/INFORMATION
SECURITY
INCIDENTS/ATTACKS
DR M Y Siyal

Computer/Information Security

P1-5

Computer 'Nerd' Jailed in Jan. 2003

for Global Virus Attack
Simon Vallor, a Welsh Web designer and hacker, created one of the most
widespread viruses.
Vallor admitted releasing Gokar
Gokar: the third most prevalent virus, at one point infecting hundreds of
thousands of computers in 46 countries. It clogged networks and crashed
computers.
All were in the form of email attachments.
When the email was opened, Gokar sent itself to addresses in the user's email
directory.
Crime: violating Computer Misuse Act.
His plea: guilty.
His sentence: 2 years in jail.
Reason for his capture: He boasted in an chat room that "at last there's a
Welsh virus" and used his traceable Internet name Gobo.
Like many hackers, he craved fame, which helps law enforcement capture
these criminals.
DR M Y Siyal

Computer/Information Security

P1-6

THE TJX DATA BREACH

A group of more than 2,500 retail stores companies operating in the
United States, Canada, England, Ireland, and several other countries.
On December 18, 2006, TJX detected suspicious software on its
computer systems.
Notified law enforcement immediately.
Only notified consumers a month later to get time to fix system and
to allow law enforcement to investigate.
Company estimated that 45.7 million customer records with personal
information were stolen.
Hackers first broke into poorly protected wireless networks in retail
stores and used this entry to break into central processing system in
Massachusetts.
Not detected despite 80 GB data being stolen.
TJX suffered damages of $256 million as of August 2007.
DR M Y Siyal

Computer/Information Security

P1-7

Hacker pleads guilty to huge theft of card numbers

(12 September 2009)
Albert Gonzalez, 28 , a computer hacker who was once a federal informant
and was a driving force behind one of the largest cases of identity theft in U.S.
history pleaded guilty in a deal which sent him to prison for up to 25 years.
He admitted pulling off some of the most prominent hacking jobs of the decade
stealing tens of millions of credit and debit card numbers.
Gonzalez, was a self-taught computer genius and was arrested in 2003 for
hacking but was not charged because he became an informant, helping the
Secret Service to find other hackers.
However over the next five years, he hacked into the computer systems of
Fortune 500 companies even while providing assistance to the government
and lived a lavish lifestyle (had $2.8 million, bought a Miami condo and a BMW
etc).
Gonzalez and two foreign co-defendants used hacking techniques that
involved cruising through different areas with a laptop computer and looking
for retailers' accessible wireless Internet signals.
Once they located a vulnerable network, they installed "sniffer programs" that
captured credit and debit card numbers and then tried to sell the data.
DR M Y Siyal

Computer/Information Security

P1-8

Securityextra.com Report (June 2011)

Two international cybercrime groups made $74 millions from fake
antivirus programs.
About 600 people suspected of implementing fraudulent online
schemes were arrested in 11 Southeast Asian countries.
Cybercriminals used Amazons cloud to host and distribute malware
that targeted Brazilian users and was designed to steal data from
customers of nine Brazilian banks.
Russian scammers tried their luck at making money for nothing in June
using the BitCoins virtual money system.
Over 200 million network attacks were blocked, 68 million web-borne
infections prevented, and 200 million malicious programs detected.
The Top 20 malicious programs on the Internet in June included a large
number of new entries.
Once again it was dominated by malware that makes use of drive-by
attacks: redirectors, script downloaders and exploits.
DR M Y Siyal

Computer/Information Security

P1-9

I am going to kill you: A Neighbor from hell

hacker gets 18 years jail (July 2011)
Barry Ardolf, 46, repeatedly hacked into the Wi-Fi network of his
neighbors, Matt and Bethany Kostolnik.
He created fake email accounts and online profiles in their name and
used them to harass superiors and co-workers and even send death
threats to US Vice President Joe Biden.
Matt was visited by FIB agents, however after interviewing him they
realized that he has been framed and started looking for the real
culprit.
Barry used password-cracking software to gain access to their wireless
router and he was then able to access the family's computers, stole
financial data and use the internet as though he was in their house.
US District Judge Frank, after listening to the tearful testimony of
Bethany Kostolnik, sentenced Barry Ardolf to 18 years in jail.
There have been similar cases in Australia, Europe and other parts of
the world as well.
DR M Y Siyal

Computer/Information Security

P1-10

Russian hacker leaks 6.5million LinkedIn account

passwords on cybercrime forum (June 2012)
LinkedIn has more than 160 million users in 200 countries.
6.5million encrypted passwords were published on a Russian hackers
web forum on 5 June 2012.
Security experts believe that the stolen passwords were used by
criminals.
The problem concerned a mobile app which sent unencrypted calendar
entries, such as phone numbers and passwords for conference calls,
to LinkedIn servers without the users knowledge.
Although LinkedIn does not contain a wealth of personal data like other
social networking sites such as Facebook, however there is a risk that
LinkedIn members who use the same password for other websites
could be at risk of having other personal data stolen, including bank
details.
DR M Y Siyal

Computer/Information Security

P1-11

2013 SINGAPORE CYBER ATTACKS

The 2013 Singapore cyber attacks were a series of hack attacks
initiated by organization called Anonymous.
Attack
People's Action Party's Community Foundation's webpage.
Ang Mo Kio Town Council.
The Straits Times (news reporter Irene Thams blog on the
newspaper's official website).
Seletar Airport website
Singapore Prime Ministers Website
Istana website
On 12 November 2013, James Raj was charged in Singapore court as
the alleged "The Messiah (name used by the hacker).
On 20 November, the websites of 13 schools were defaced.
DR M Y Siyal

Computer/Information Security

P1-12

2013 CYBER ATTACKS

Facebook: 318,000 Passwords Stolen
2013 saw 318,000 Facebook accounts fall to malicious Key Logging
Software called Pony.
LivingSocial: 50 Million Accounts Attacked
April 2013: A staggering 50 million customers were affected by the attack.
Evernote: 50 Million User Accounts Compromised
March of 2013: Evernotes 50M users accounts were compromised and
they needed to reset their passwords.
Drupal: 1 Million Passwords Stolen
29 March 2013: Drupal.org forced to reset all user passwords.
Adobe: 38 Million User Accounts Leaked
October 2013: Adobe suffered a massive data breach that exposed the
account information of 38 million users.
Twitter: Taken For 250,000 Accounts
February 2013: 250,000 usernames and passwords were stolen.
DR M Y Siyal

Computer/Information Security

P1-13

2014 CYBER ATTACKS

Ebay
May 2014: eBay revealed that hackers had managed to steal personal
records of 233 million users including usernames, passwords, phone
numbers and physical addresses.
Dominos Pizza
June 2014: Hacking group Rex Mundi held Dominos Pizza to ransom over
600,000 Belgian and French customer records.
P.F. Changs
June 2014: The chain restaurant suffered a huge data breach and hackers
started selling compromised credit cards in black market for $18.
Changs responded by going low-tech and using old manual credit card
imprinting machines.
1.2 Billion passwords stolen
August 2014: The biggest theft of Internet credentials in history. Russian
crime ring stealing more than 1.2 billion passwords and 500 million
email addresses from more than 420,000 websites.
DR M Y Siyal

Computer/Information Security

P1-14

2015 CYBER ATTACKS

Source: http://www.hackmageddon.com/2015/07/13/june2015-cyber-attacks-statistics/
DR M Y Siyal

Computer/Information Security

P1-15

2015 CYBER ATTACKS

Source: http://www.hackmageddon.com/2015/07/13/june2015-cyber-attacks-statistics/
DR M Y Siyal

Computer/Information Security

P1-16

2015 CYBER ATTACKS

Source: http://www.hackmageddon.com/2015/07/13/june2015-cyber-attacks-statistics/
DR M Y Siyal

Computer/Information Security

P1-17

2015 CYBER ATTACKS

Source: http://www.hackmageddon.com/2015/07/13/june2015-cyber-attacks-statistics/
DR M Y Siyal

Computer/Information Security

P1-18

SYMANTEC 2015 REPORT

DR M Y Siyal

Computer/Information Security

P1-19

SYMANTEC 2015 REPORT

DR M Y Siyal

Computer/Information Security

P1-20

SYMANTEC 2015 REPORT

DR M Y Siyal

Computer/Information Security

P1-21

SYMANTEC 2015 REPORT

DR M Y Siyal

Computer/Information Security

P1-22

SYMANTEC 2015 REPORT

DR M Y Siyal

Computer/Information Security

P1-23

SYMANTEC 2015 REPORT

Data Breaches
DR M Y Siyal

Computer/Information Security

P1-24

INTRODUCTION TO
COMPUTER/INFORMATION
SECURITY

DR M Y Siyal

Computer/Information Security

P1-25

WHAT IS COMPUTER/INFORMATIONSECURITY?
The protection afforded to an automated information system in order to attain
the applicable objectives of preserving the:
Confidentiality
Integrity
Availability
of information system resources
Hardware
Software
Firmware
Information/data
Telecommunications
Examples of Security Requirements
Confidentiality student grades
Integrity patient information
Availability authentication services
DR M Y Siyal

Computer/Information Security

P1-26

COMPUTER/INFORMATION SECURITY
SECURITY
State of freedom from a danger or risk
INFORMATION SECURITY
Tasks of guarding information that is in a digital format
Ensures that protective measures are properly implemented
Protect information that has value to people and
organizations
Value comes from the characteristics of the information
Security is achieved through a combination of three entities
Products
People
Procedures
DR M Y Siyal

Computer/Information Security

P1-27

COMPUTER/INFORMATION SECURITY
A successful organization should have multiple layers of
security in place:
Physical security (Products)
Personal security (People)
Organization security (Procedure)
Communications security
Network security
Information security (CIA)
DR M Y Siyal

Computer/Information Security

P1-28

COMPUTER/INFORMATION SECURITY
COMPONENTS

DR M Y Siyal

Computer/Information Security

P1-29

COMPUTER/INFORMATION SECURITY
COMPONENTS

C.I.A. TRIANGLE
Was standard based on Confidentiality, Integrity, and
Availability
Now expanded into list of critical characteristics of
information
DR M Y Siyal

Computer/Information Security

P1-30

COMPONENTS OF INFORMATION SECURITY

DR M Y Siyal

Computer/Information Security

P1-31

CNSS SECURITY MODEL

The McCumber Cube

DR M Y Siyal

Computer/Information Security

P1-32

INFORMATION SECURITY TERMINOLOGY

ASSET
Something that has a value
THREAT
Event or object that may defeat the security measures in place and
result in a loss
By itself does not mean that security has been compromised
THREAT AGENT
Person or thing that has the power to carry out a threat
VULNERABILITY
Weakness that allows a threat agent to bypass security
EXPLOITING THE SECURITY WEAKNESS
Taking advantage of the vulnerability
RISK
Likelihood that a threat agent will exploit a vulnerability
DR M Y Siyal

Computer/Information Security

P1-33

INFORMATION SECURITY TERMINOLOGY

DR M Y Siyal

Computer/Information Security

P1-34

SECURITY SERVICES
AUTHENTICATION
Assurance that communicating entity is the one claimed.
ACCESS CONTROL
Prevention of the unauthorized use of a resource.
DATA CONFIDENTIALITY
Protection of data from unauthorized disclosure.
DATA INTEGRITY
Assurance that data received is as sent by an authorized entity.
NON-REPUDIATION
Protection against denial by one of the parties in a communication.
AVAILABILITY
Resource accessible/usable.
SECURITY MECHANISM
Feature designed to detect, prevent, or recover from a security attack.
DR M Y Siyal

Computer/Information Security

P1-35

SECURITY GOALS
C.I.A.

INTEGRITY

CONFIDENTIALITY

DR M Y Siyal

AVAILABILITY

Computer/Information Security

P1-36

TOOLS FOR CONFIDENTIALITY

ENCRYPTION
The transformation of information using a secret (encryption) key, so that
the transformed information can only be read using another secret
(decryption key) which may, in some cases, be the same as the encryption
key.
Communication
channel

Sender

encrypt

Recipient

decrypt
ciphertext

plaintext

plaintext

shared
secret
key

DR M Y Siyal

Attacker
(eavesdropping)
Computer/Information Security

shared
secret
key

P1-37

TOOLS FOR CONFIDENTIALITY

ACCESS CONTROL
Rules and policies that limit access to confidential information to
those people and/or systems with a need to know.
This need to know may be determined by identity, such as a
persons name or a computers serial number, or by a role that a
person has, such as being a manager or a computer security
specialist.
AUTHENTICATION
The determination of the identity or role that someone has. This
determination can be done in a number of different ways, but it is
usually based on a combination of
something the person has (like a smart card)
Something the person knows (like a password)
something the person is (like a human with a fingerprint).
DR M Y Siyal

Computer/Information Security

P1-38

TOOLS FOR CONFIDENTIALITY

password=ucIb()w1V
mother=Jones
pet=Caesar

human with fingers

and eyes

Something you are

Something you know

radio token with

secret keys

Something you have

DR M Y Siyal

Computer/Information Security

P1-39

TOOLS FOR CONFIDENTIALITY

AUTHORIZATION
The determination if a person or system is allowed access to
resources, based on an access control policy.
Such authorizations should prevent an attacker from tricking the
system into letting him have access to protected resources.
PHYSICAL SECURITY
The establishment of physical barriers to limit access to
protected computational resources.
Such barriers include locks on cabinets and doors, the
placement of computers in windowless rooms, the use of sound
dampening materials, and even the construction of buildings or
rooms with walls incorporating copper meshes (called Faraday
cages) so that electromagnetic signals cannot enter or exit the
enclosure.
DR M Y Siyal

Computer/Information Security

P1-40

TOOLS FOR INTEGRITY

INTEGRITY
The property that information has not be altered in an unauthorized
way.
TOOLS
Backups
The periodic archiving of data.
Checksums
The computation of a function that maps the contents of a file to a
numerical value.
A checksum function depends on the entire contents of a file and is
designed in a way that even a small change to the input file (such
as flipping a single bit) is highly likely to result in a different output
value.
Data Correcting Codes
Methods for storing data in such a way that small changes can be
easily detected and automatically corrected.
DR M Y Siyal

Computer/Information Security

P1-41

TOOLS FOR AVAILABILITY

AVAILABILITY
The property that information is accessible and
modifiable in a timely fashion by those authorized to do
so.
TOOLS
Physical Protections
Infrastructure meant to keep information available
even in the event of physical challenges.
Computational Redundancies
Computers and storage devices that serve as
fallbacks in the case of failures.
DR M Y Siyal

Computer/Information Security

P1-42

HISTORY OF COMPUTER SECURITY

Computer security began immediately after the first mainframes were
developed.
Physical controls were needed to limit access to authorized personnel to
sensitive military locations.
Only rudimentary controls were available to defend against physical theft,
espionage, and sabotage.
THE 1960S
Department of Defenses Advanced Research Project Agency (ARPA) began
examining feasibility of redundant networked communications.
Dr. Lawrence Roberts developed the project from its inception.
THE 1970S AND 80S
ARPANET grew in popularity as did its potential for misuse.
Fundamental problems with ARPANET security were identified.
No safety procedures for dial-up connections to the ARPANET.
User identification and authorization to the system were non-existent.
In the late 1970s the microprocessor expanded computing capabilities and
security threats.
DR M Y Siyal

Computer/Information Security

P1-43

HISTORY OF COMPUTER SECURITY

The Federal Bureau of Investigation (FBI) made one of its first arrests
related to computer hacking in the early 1980s.
A group of hackers known as the 414s, were indicted for attacking 60
different computers.
A 25-year-old hacker named Kevin Mitnick began tapping into the e-mail
system used by computer security managers at both Digital Equipment
Corp. and MCI Communications Corp. As a result, Mitnick was arrested
and sentenced to one year in jail.
First National Bank of Chicago became the victim of $70 million computer
fraud.
Three of the most well known virusesCascade, Friday the 13th, and
Stoned, all originated in 1987.
Graduate student Robert T. Morris, Jr. of Cornell University launches a
Morris worm which spreads to 6,000 networked computers, clogging
government and university systems. Morris is dismissed from Cornell,
sentenced to three years probation, and fined $10,000.
DR M Y Siyal

Computer/Information Security

P1-44

HISTORY OF COMPUTER SECURITY

THE 1990S
As networks of computers became more common, so did the need to
interconnect the networks, which resulted into global network of networks.
By 1991, more than 1,000 viruses had been discovered by computer security
experts.
During 1995, computers at the U.S. Department of Defence were attacked
roughly 250,000 times and one in every five Web sites was hacked.
Russian crackers siphon $10 million from Citibank and transferred the money
to bank accounts in Finland and Israel. Vladimir Levin, the 30-year-old
ringleader, stands trial in the United States and is sentenced to 3 years in
prison.
A 15-year-old Croatian youth penetrates computers at a U.S. Air Force.
In January 1998, Yahoo! notifies Internet users that they might have
downloaded a logic bomb and worm planted by hackers.
In March 1999 the Melissa worm is released and quickly becomes the most
costly malware outbreak to date.
DR M Y Siyal

Computer/Information Security

P1-45

HISTORY OF COMPUTER SECURITY

2000
Hacking in 2000 increased 79% and many well known organizations lost
millions of dollars.
one of the key hackers in many of these attacks, a 16-year-old Canadian boy
operating under the name Mafiaboy, was arrested.
The ILOVEYOU worm infected millions of computers worldwide within a few
hours of its release. It is considered to be one of the most damaging worms
ever. It originated in the Philippines.
Code Red worm, infects tens of thousands of machines.
North Korea claims to have trained 500 hackers who successfully crack South
Korean, Japanese, and their allies' computer systems.
2006: A new worms is discovered. It had various names, including Kama Sutra
Black Worm, Mywife, Blackmal, Nyxem version D, Kapser, KillAV, Grew and
CME-24. The worm would spread through e-mail address book.
Largest Defacement in Web History is performed by the Turkish hacker
iSKORPiTX who successfully hacked 21,549 websites in one shot.
DR M Y Siyal

Computer/Information Security

P1-46

HISTORY OF COMPUTER SECURITY

2007
Estonia suffers massive denial-of-service attack.
United Nations website hacked by Turkish Hacker Kerem125.
FBI Operation Bot Roast II: 1 million infected PCs, $20 million in losses and
8 indictments.
2008
Around 20 Chinese hackers claim to have gained access to the world's most
sensitive sites, including The Pentagon.
2009
April 1: Conficker worm has infiltrated billions of PCs worldwide including
many government-level top-security computer networks.
July 4: The July 2009 cyber attacks occur and the emergence of the
W32.Dozer attack the United States and South Korea.
July 19: Kaspersky official website successfully hacked by Yusuf, a Turkish
Hacker
DR M Y Siyal

Computer/Information Security

P1-47

HISTORY OF COMPUTER SECURITY

2010
January: Google publicly reveals that it has been on the receiving end of
a "highly sophisticated and targeted attack originating from China that
resulted in the theft of intellectual property from Google.
June: The Stuxnet worm is found by VirusBlokAda. Its payload targeted
just one specific model and type of SCADA systems. It slowly became
clear that it was a cyber attack on Iran's nuclear facilities.
2011
April 17: An "external intrusion" sends the PlayStation Network offline,
and compromises personally identifying information (possibly including
credit card details) of its 77 million accounts, in what is claimed to be one
of the five largest data breaches ever.
June: The U.S Senate computers is hacked by hacker group Lulz
Security. World bank, IMF and other high profile sites are also attacked.
DR M Y Siyal

Computer/Information Security

P1-48

HISTORY OF COMPUTER SECURITY

2012
According to the Department of Homeland Security, in the first
quarter of 2012, there were 86 reported attacks on computer
systems in the United States that control critical infrastructure.
FLAME VIRUS: The Flame computer virus is not only capable
of espionage but it can also sabotage computer systems and likely
was used to attack Iran in April 2012.
JUNE 2012: LinkedIn Corp, has been sued for not having better
security in place when more than 6 million customer passwords were
stolen.
LONDON 2012: During Beijing Olympics, experts encountered about
12 million potential cyber security problems each day. In London,
they had 14 million security events per day.
DR M Y Siyal

Computer/Information Security

P1-49

HISTORY OF COMPUTER SECURITY

2013
15 May 2013: Lulzsec hackers caused millions of pounds of damage
during cyber attacks.
Group included an A-level student and a 20-year-old working in his bedroom
Ryan Cleary, 20 (left) and Mustafa Al-Bassam, 18 (right)

25 July 2013
Five hackers stole 160 Million credit card numbers in largest data theft case
ever prosecuted in the U.S.
Four Russians and a Ukrainian are charged with running sophisticated
hacking organization over seven year period.
One company - Heartland Payment Systems - suffered losses of about $200
million and 130 million cards numbers were stolen.
DR M Y Siyal

Computer/Information Security

P1-50

HISTORY OF COMPUTER SECURITY

2014
eBay asked its 145 million members to change their passwords as a their
data was compromised by hackers.
Sony data breach: The Interview became one of the most watched
movies of all time.
iCloud hack: Celebrities were most affected by the incident, but thousands
of non-famous people saw credentials stolen, private pictures made publicly
available, and activity histories illegally collected.
Heartbleed: A bug in OpenSSL, which is used by around 90% of websites,
enabled anyone to access memory systems in vulnerable versions of
OpenSSL code.
Home Department USA: 56,000,000 credit/debt cards were compromised
in September 2014.
Home Department USA: 53,000,000 email addresses were compromised
in November 2014.
DR M Y Siyal

Computer/Information Security

P1-51

FAMOUS HACKERS
KEVIN MITNICK
He was once one of the most wanted criminals, with break-ins
ranging from the Pentagon to Digital Equipment Corp.
Currently he runs Mitnick Security Consulting in USA, and is an
author.
His latest book is called "Ghost in the Wires" .
He has acquired a kind of celebrity status and regularly appears
at speaking engagements and book signings.

DR M Y Siyal

Computer/Information Security

P1-52

FAMOUS HACKERS
GEORGE HOTZ
A 22-year-old hacker best known for "jailbreaking" the iPhone
and hacking the PlayStation 3 (2011), which led to a showdown
with Sony Corp.
Sony sued Hotz, which resulted in a settlement forbidding Hotz
from hacking Sony products.
The hacking group Anonymous took up Hotz's cause,
retaliating with attacks against the company.
He was later hired by Facebook.

DR M Y Siyal

Computer/Information Security

P1-53

FAMOUS HACKERS
ADRIAN LAMO
He was arrested in 2003 for breaking into the New York Times'
computer network and was sentenced to house arrest.
Lamo returned to the spotlight in 2010 when he and a young
Army private named Bradley Manning leaked classified
government communications to WikiLeaks.
Manning was charged, while Lamo has been branded as a
traitor, leading to his harassment on the internet and at hacking
conferences.

DR M Y Siyal

Computer/Information Security

P1-54

FAMOUS HACKERS
ROBERT TAPPAN MORRIS
Robert Tappan Morris attained notoriety in 1988 when, as a graduate
student at Cornell University, he unleashed the first widespread worm attack
on the Internet, causing thousands of computers to crash.
The son of a high-ranking National Security Agency scientist, Morris said the
program was a research experiment that got out of control.
He became the first person charged under an anti-hacking law that made it
illegal to penetrate federal computers. He was fined $10,000 and ordered to
perform 400 hours of community service, a punishment some security
experts say was too steep considering the types of internet attacks that are
now launched daily.
Morris is currently a computer science
professor at the
Massachusetts Institute of Technology

DR M Y Siyal

Computer/Information Security

P1-55

FAMOUS HACKERS
MAX BUTLER
Max Butler is a former FBI informant who operated a stolen credit-card site
called CardersMarket.
Known online as "Iceman," he assembled one of the Internet's largest
cybercrime commerce sites, with thousands of users, and ran it out of his
San Francisco apartments.
A series of blunders by associates -- getting caught using stolen cards in
retail stores -- led to the site's unravelling and Butler's arrest and
incarceration. He was sentenced to 13 years in prison for stealing 2 million
credit-card numbers, which were used to rack up $86 million in fraudulent
charges.

DR M Y Siyal

Computer/Information Security

P1-56

FAMOUS HACKERS
MICHAEL LYNN
Michael Lynn rose to fame in 2005 when Cisco Systems Inc went to great
lengths to try to censor his presentation on software vulnerabilities that
would allow attackers to take over Cisco routers.
Cisco threatened a lawsuit, ordering workers to rip 20 pages out of the
program for the Black Hat security conference and destroy 2,000 CDs
containing the presentation.
Lynn quit his employer, Internet Security Systems Inc., which he says
pressured him to censor the talk as well.
He gave it anyway, becoming a hacker hero.
Lynn now works for Cisco rival
Juniper Networks Inc. as a senior engineer.

DR M Y Siyal

Computer/Information Security

P1-57

FAMOUS HACKERS
KEVIN POULSEN
Kevin Poulsen is a convicted computer hacker who has transformed
himself into a top security journalist.
He is the author of "Kingpin," a book about CardersMarket operator
Max Butler, and is the news editor at Wired.com.
Poulsen's specialty was hacking telephone networks.
He once commandeered all the phone lines of a Los Angeles radio
station to ensure he would be the winning caller in a Porsche
giveaway.
Poulsen served more than five years in prison.

DR M Y Siyal

Computer/Information Security

P1-58

FAMOUS HACKERS
Jonathan James
At only fifteen years of age, he managed to hack into a number of
networks, including the U.S. Department of Defense, and NASA.
Total cost to NASA was $1.7 millions, while NASA had to shut down for 3
days to complete the investigation, which incur another $41,000.
He was convicted and sent to prison while he was still a minor.
In 2007 a number of high profile companies fell victim to a massive wave
of malicious network attacks.
Even though James denied any involvement, he was
suspected and investigated.
In 2008, James committed suicide, believing he would
be convicted of crimes that he did not commit.

DR M Y Siyal

Computer/Information Security

P1-59

FAMOUS HACKERS
Albert Gonzalez
He was the leader of a hacker group known as ShadowCrew and stole
over 170 million credit cards and ATM cards and sold them online for profit.
ShadowCrew also fabricated $4.3 million fraudulent passports, health
insurance cards, and birth certificates for identity theft crimes.
He was caught when he hacked into the databases of TJX Companies and
Heartland Payment Systems for their stored credit card numbers.
In 2010, Gonzalez was sentenced to prison for 20 years.

DR M Y Siyal

Computer/Information Security

P1-60

MODERN DEFINITION OF INFORMATION

SECURITY
Policies, Practices, and Technology that must be in place
for an organization to transact business electronically via
networks with a reasonable assurance of safety.
ASSETS AT RISK
Data assets
Knowledge assets
Software assets
Physical assets
Monetary or financial assets
Employee assets
Customer and partner assets
Goodwill
DR M Y Siyal

Computer/Information Security

P1-61

THREATS AND RESPONSES

You cannot defend yourself unless you

know the threat environment you face.
DR M Y Siyal

Computer/Information Security

P1-62

THREATS AND RESPONSES

Companies defend themselves with a process

called the Plan-Protect-Respond Cycle.
DR M Y Siyal

Computer/Information Security

P1-63

THREATS AND RESPONSES

The Plan-Protect-Respond Cycle starts with Planning.

We will look at important planning principles.
DR M Y Siyal

Computer/Information Security

P1-64

THREATS AND RESPONSES

Companies spend most of their security effort

on the protection phase, in which they apply
planned protections on a daily basis.
DR M Y Siyal

Computer/Information Security

P1-65

THREATS AND RESPONSES

Even with great planning and protection,

incidents will happen, and a company must have
a well-rehearsed plan for responding to them.
DR M Y Siyal

Computer/Information Security

P1-66

THE THREAT ENVIRONMENT

DR M Y Siyal

Computer/Information Security

P1-67

ATTACKS AND ATTACKERS

WHAT ARE THE THREATS?
Various Types of attacks
Various Types of attackers
The Unchanging and Changing Nature of Attacks
UNCHANGING similar to bricks and mortar crimes
Robbery
Embezzlement
Fraud
CHANGING
More common
More widespread
Difficult to track, capture and convict
DR M Y Siyal

Computer/Information Security

P1-68

ATTACKS AND ATTACKERS

Internet has THREE CHARACTERISTICS that aid Attacks

1. AUTOMATION
Speed of computers and networks makes minimal rate of return
attacks possible.
Data mining is easy and getting easier, affecting privacy

2. ACTION AT A DISTANCE
Attackers can be far away from their prey and still do damage.
Interstate/International differences in laws can affect prosecution

3. ELECTRONIC TECHNIQUES EASILY TRANSFERABLE/DUPLICATED

Counterfeiting e-money
Attack tools can be created by single person
Easily modified per situation
DR M Y Siyal

Computer/Information Security

P1-69

ATTACKS AND ATTACKERS

TYPES OF ATTACKS
Criminal Attacks
Basis is in financial gain
Includes fraud, destruction and theft (personal, brand, identity)
Privacy Violations
Private/personal information acquired by organizations not authorized.
Includes surveillance, databases, traffic analysis
Publicity Attacks
Attacker wants to get their name(s) in the papers
Can affect ANY system, not just related to profit centers
Denial of service.
Legal Attack
Setup situation to use discovery process to gather information
Rare, but possibly devastating
DR M Y Siyal

Computer/Information Security

P1-70

ATTACKS AND ATTACKERS

TYPES OF ATTACKERS
Hackers
Attacks for the challenge
Own subculture with names, lingo and rules
Can have considerable expertise and passion for attacks
Lone Criminals
Attack for financial gain
Cause the bulk of computer-related crimes
Malicious insiders
Already inside the system
Knows weaknesses and tendencies of the organization
Very difficult to catch
Press
Gather information for a story to sell papers/commercial time
DR M Y Siyal

Computer/Information Security

P1-71

ATTACKS AND ATTACKERS

Industrial Espionage
Gain a competitive advantage by stealing trade secrets
Organized crime
Lots of resources to put behind their attacksusually very lucrative
Police
Lines are sometimes crossed when gathering information to pursue a
case
Terrorists
Goal is disruption and damage
National intelligence organizations
Highly funded and skilled
Very risk averse
Info-warriors
Military based group targeting information or networking infrastructures
Lots of resources
Willing to take high risks for short term gain
DR M Y Siyal

Computer/Information Security

P1-72

SECURITY ATTACKS

DR M Y Siyal

Computer/Information Security

P1-73

THREATS AND ATTACKS

EAVESDROPPING: PASSIVE ATTACK 1
The interception of information intended for someone else during
its transmission over a communication channel.

Alice

Bob

Eve
DR M Y Siyal

Computer/Information Security

P1-74

EXAMPLE: PASSIVE ATTACK 2

DR M Y Siyal

Computer/Information Security

P1-75

THREATS AND ATTACKS

ALTERATION OR MODIFICATION: ACTIVE ATTACK
Unauthorized modification of information.
EXAMPLE: The man-in-the-middle attack, where a network stream is
intercepted, modified, and retransmitted.

Communication
channel

Sender
encrypt

Recipient
decrypt

plaintext M

plaintext M
shared
secret
key

ciphertext C

ciphertext C

shared
secret
key

Attacker
(intercepting)

DR M Y Siyal

Computer/Information Security

P1-76

THREATS AND ATTACKS

MASQUERADING
The fabrication of information that is purported to be from someone who is
not actually the author.

From: Alice

REPUDIATION

(really is from Eve)

The denial of a commitment or data receipt.

This involves an attempt to back out of a contract or a protocol that
requires the different parties to provide receipts acknowledging that data
has been received.

DR M Y Siyal

Computer/Information Security

P1-77

THREATS AND ATTACKS

DENIAL-OF-SERVICE
The interruption or degradation of a data service or information
access.
EXAMPLE: Email spam, to the degree that it is meant to simply fill
up a mail queue and slow down an email server.

Alice

DR M Y Siyal

Computer/Information Security

P1-78

DELIBERATE SOFTWARE ATTACKS

Malicious software (malware) designed to damage, destroy, or
deny service to target systems
Includes:
Viruses
Worms
Trojan horses
Logic bombs
Back door or trap door
Polymorphic threats
Virus and worm hoaxes
Usually exploits system vulnerabilities
DR M Y Siyal

Computer/Information Security

P1-79

TAXANOMY OF MALICIOUS PROGRAMS

MALICIOUS
PROGRAMS

Bacteria

DR M Y Siyal

Computer/Information Security

Worms

P6-80

MALWARE
Vulnerability-Specific versus Universal Malware
Vendors release patches to close vulnerabilities.
However, users do not always install patches promptly or at all and so
continue to be vulnerable.
Also, zero-day attacks occur before the patch is released for the
vulnerability.
VIRUS
A program that piggybacks on other executable programs
Not structured to exist by itself
When the host program is executed, the virus code also executes and
performs its action
Typically, actions may be
Spreading itself to other programs or disks
Delete files
Cause systems to become unusable
DR M Y Siyal

Computer/Information Security

P1-81

VIRUS DETECTED

Source: http://isc.sans.org/diary.html
DR M Y Siyal

Computer/Information Security

P1-82

FIVE CHARACTERISTICS OF VIRUSES

PROPAGATION/MIGRATION
The way a virus replicates locally and over a network.
PAYLOAD
The mechanism by which a virus causes damage, such as a
computer command to delete files or send email. Payloads can be
harmless or cause severe file system corruption.
SIGNATURE
The identifier by which a virus is detected by AV software.
TRIGGER
The action that activates a virus. Many viruses are triggered when
a user clicks on an email attachment, often Visual Basic Script
(VBS).
DETECTION AVOIDANCE
The method by which a virus attempts to conceal or disguise
itself.
DR M Y Siyal

Computer/Information Security

P1-83

VIRUS
A typical virus goes through phases of:
DORMANT : The virus is idle
PROPAGATION: The virus places an identical copy of itself into
other programs
TRIGGERING: The virus is activated to perform the function for
which it was intended
EXECUTION: The function is performed
What Viruses CANT Do
Viruses CANT physically damage your computers hardware.
If your computer suddenly bursts into flames
it isnt a virus.
DR M Y Siyal

Computer/Information Security

P1-84

WAYS FOR VIRUSES TO GET INTO YOUR COMPUTER

In the late 1980s and early 1990s, most viruses were spread by
FLOPPYNET.
Someone inserts an infected floppy disk with a boot sector
virus into their computer, infecting their computer and
every other floppy they insert thereafter.
Most viruses today spread through
Contaminated media (USB drive, or DVD)
Email and peer-to-peer sites
Part of another program
Visits to Websites (even legitimate ones)
Social networking sites
DR M Y Siyal

Computer/Information Security

P1-85

TYPE OF VIRUS
ARMORED VIRUS

COMPANION VIRUS

MACRO VIRUS

MULTIPARTITE VIRUS

PHAGE VIRUS

RETROVIRUS

POLYMORPHIC VIRUS

STEALTH VIRUS

ARMORED VIRUS
It is designed to make itself difficult to detect or analyze
Cover themselves with a protective code that stop debuggers or
dis-assemblies from examining critical elements of the virus
Some part of the code may also act as a decoy to distract
analysis
Need to identify them quickly!
DR M Y Siyal

Computer/Information Security

P1-86

TYPE OF VIRUS
COMPANION VIRUS
Attaches itself to legitimate program and when a user types the name
of the legitimate program, the companion virus executes instead of
the real program
Or make changes to program pointers in the registry so that they
point to the infected program
The infected program perform its dirty deed and then starts the real
program
MACRO VIRUS
It exploits the enhancements made to many applications
Macro virus infects such macros such that the related documents are
infected and can spread to other systems via attached documents in
an email
DR M Y Siyal

Computer/Information Security

P1-87

TYPE OF VIRUS
MULTIPARTITE VIRUS
Attacks your system in multiple ways
May infects your boot sector, all your executable files and destroy your
application files (e.g., MS word documents) at the same time
The key is that you wont be able to correct all the problems and will allow
infestation to continue
PHAGE VIRUS
It modifies other programs and databases
Require reinstallation of programs or databases to remove virus
POLYMORPHIC VIRUS
The virus changes form in order to avoid detection
Attempt to hide from your antivirus program by
Encrypting itself
Change its signature to fool the antivirus program
DR M Y Siyal

Computer/Information Security

P1-88

TYPE OF VIRUS
RETROVIRUS
It bypasses the antivirus program
May directly attack the antivirus program
Destroy the virus definition database file
May leave you with a false sense of security
STEALTH VIRUS
Hide from antivirus program by masking itself from application
May attach itself to the boot sector
Redirects commands to avoid detection
Report a different file size
Move around from file to file, e.g., from file A (not yet scanned) to file B
(already scanned) during a virus scan
VIRUS TRANSMISSION
Some viruses destroy the target system immediately, while some use the
victim system as a carrier to infect other servers and eventually infects the
original victim system and destroy it completely.
DR M Y Siyal

Computer/Information Security

P1-89

WORMS
Viruses, as just noted, are pieces of code that attach themselves
to other programs.
Worms, in contrast, are stand-alone programs that do not need to
attach to other programs.
Can propagate like viruses through e-mail, and so on.
Antivirus programs search for worms as well as viruses.
Directly-propagating worms jump to victim hosts directly.
Can only do this if target hosts have a specific vulnerability.
Directly-propagating worms can spread with amazing speed.
Directly-propagating worms can be thwarted by firewalls and by
installing patches.
Not by antivirus programs.
DR M Y Siyal

Computer/Information Security

P1-90

MALWARE
PAYLOADS
After propagation, viruses and worms execute their payloads.
Payloads erase hard disks or send users to harmful sites.
Often, the payload downloads another program.
An attack program with such a payload is called a
downloader.
Many downloaded programs are Trojan horses.
Trojan horses are programs that disguise themselves as
system files.
Spyware Trojans collect sensitive data and send the data they
collect to an attacker.
Website activity trackers
Keystroke loggers
DR M Y Siyal

Computer/Information Security

P1-91

MALWARE
MOBILE CODE
HTML Webpages can contain scripts.
Scripts are snippets of code in a simplified programming language
that are executed when the Webpage is displayed in a browser.
A common scripting language is JavaScript.
Scripts enhance the user experience and may be required to see the
Webpage.
Scripts are called mobile code because they are downloaded with the
Webpage.
Scripts may be damaging if the browser has a vulnerability.
TROJAN HORSE
A program that hides its malicious nature behind the facade of something
useful or interesting
It is a complete and self-contained program that is designed to perform
some malicious actions
It may contain mechanism to spread itself
DR M Y Siyal

Computer/Information Security

P1-92

TROJAN HORSE ATTACK

DR M Y Siyal

Computer/Information Security

P1-93

MALWARE
LOGIC BOMB
Program or snippet of codes that execute when a certain
predefined events occurs
Events could also be based on a certain date (e.g., Christmas) or
set of circumstances (certain employee has being sacked)
It could send a message back to the attacker or launch an attack
such as DDoS, or grant access to the victim system at attackers
choice of time
HOAX AND SPAM
Hoaxes usually claim to do things that are impossible for viruses
to do the aim is to create widespread panic
Spams are annoying, unwanted, unsolicited emails and come in
large volume
Anti-spam and filtering software are used to prevent spams
DR M Y Siyal

Computer/Information Security

P1-94

SPAM RATE INCREASE

Source: http://isc.sans.org/diary.html
DR M Y Siyal

Computer/Information Security

P1-95

Damages caused by Malicious Software

Possible damages include
Deletion of files
Corruption of files
Cause systems unusable
Over consumption of resources
Denial of services (DoS)
Overload a network
Access and pass on of privilege information
MELISSA: both virus and worm
The worm part enabled it to travel from system to system.
The virus part replicated itself on local systems and did the damage.
DAMAGE: $1.2 billion worldwide.
Creator-author, David Smith, was sentenced to 20 months in prison and
fined $5,000 for releasing it.
DR M Y Siyal

Computer/Information Security

P1-96

ATTACKS ON INDIVIDUALS
SOCIAL ENGINEERING
Social engineering is a network intrusion technique based on
trickery.
Hackers use it to fool someone into revealing access codes,
passwords, or other confidential information and break into a system.
Works best if people dont know one another and high staff turn over.
IDENTITY THEFT
Collecting enough data to impersonate the victim in large financial
transactions
May take a long time to restore the victims credit rating
In corporate identity theft, the attacker impersonates an entire
corporation.
Accept credit cards in the companys name.
Commit other crimes in the name of the firm.
Can seriously harm a companys reputation.
DR M Y Siyal

Computer/Information Security

P1-97

Social Engineering EXAMPLE NTU

DR M Y Siyal

Computer/Information Security

P1-98

Social Engineering RESPONSE FROM NTU

DR M Y Siyal

Computer/Information Security

P1-99

HUMAN BREAK-INS
Viruses and worms only have a single attack method.
Humans can keep trying different approaches until they succeed.
HACKING
Informally, hacking is breaking into a computer.
Formally, hacking is intentionally using a computer resource
without authorization or in excess of authorization.
HACKER
Originally, an expert programmer.
Today, someone who breaks into computers.
TYPES OF HACKERS
Elite Hackers
Script Kiddies
Script writers
DR M Y Siyal

Computer/Information Security

P1-100

HACKER
ELITE HACKERS
Superior technical skills
Very persistent
Often publish their exploits
Not only have the ability to write scripts that exploit vulnerabilities but
also are capable of discovering new vulnerabilities
SCRIPT WRITERS
Writing scripts to exploit known vulnerabilities.
Much more technically competent than script kiddies
SCRIPT KIDDIES
Hacker in training
Script kiddies use the scripts written by Elite hackers to make attacks
Script kiddies have low technical skills
Script kiddies are dangerous because of their large numbers
DR M Y Siyal

Computer/Information Security

P6-101

HACKER

DR M Y Siyal

Computer/Information Security

P6-102

WHY DO HACKERS HACK?

GOVERNMENT SPONSORED HACKING
Cyber Warfare
Cyber Terrorism
Espionage
INDUSTRIAL ESPIONAGE
Attacks on confidentiality
Public information gathering
Trade secret espionage
WHITE-HATS/ELITE HACKERS
Publicize vulnerabilities
Hacking- Challenge
Financial gains
SCRIPT KIDDIES Gain Respect
INSIDERS Revenge
DR M Y Siyal

Computer/Information Security

P6-103

HUMAN BREAK-INS
AVENUES OF ATTACK
There are two general reasons a particular system is attacked:
It is specifically targeted
It is a target of opportunity
Equipment may be targeted because of the organization it belongs to or
for political reasons.
Targets of opportunity attacks are conducted against a site that has
software vulnerable to a specific exploit. In these instances, the
attackers are not targeting the organization, instead they are targeting a
vulnerable device that happens to belong to the organization
Typical Stages in a Human Break-In
Scanning Phase
The Break-In
After the Break-In
DR M Y Siyal

Computer/Information Security

P6-104

THE STEPS IN AN ATTACK

STEP
1
Gather information
Profiling on the target
organization

Check the SEC EDGAR web site

(www.sec.gov/edgar.shtml), whois look up,
Google

Determine systems
available

Ping sweep with nmap or superscan

3 Finger
printing

Determine the OS
and open ports

Nmap or superscan, banner grab

Discover applicable
exploits

Search web sites for vulnerabilities and

exploits that exist for the OSes and services
discovered

Execute exploit

Systematically execute exploits

DR M Y Siyal

Computer/Information Security

P1-105

The scanning phase: Probes and Exploits

First round of probe packets, such as

pings, identify active IP addresses
and therefore potential victims.
DR M Y Siyal

Computer/Information Security

P1-106

PROBES AND EXPLOITS

Second round sends packets to specific ports on identified

potential victims to identify applications.
DR M Y Siyal

Computer/Information Security

P1-107

HUMAN BREAK-INS
STAGE 2: The Break-In

Uses an exploit
A tailored attack method that is often a program.
Normally exploits a vulnerability on the victim computer.
The act of breaking in is called an exploit.
The hacker tool is also called an exploit.

DR M Y Siyal

Computer/Information Security

P1-108

PROBES AND EXPLOITS

Third round of
packets are exploits
used in break-ins.

DR M Y Siyal

Computer/Information Security

P1-109

HUMAN BREAK-INS
STAGE 3: After the Break-In
1. The hacker downloads a hacker tool kit to automate hacking work.
2. The hacker becomes invisible by deleting log files.
3. The hacker creates a backdoor (way to get back into the
computer).
Backdoor Account: An account with a known password and
full privileges.
Backdoor Program: A program to allow re-entry; usually
Trojanized.
The hacker can then do damage at his or her leisure.
Download a Trojan horse to continue exploiting the computer
after the attacker leaves.
Manually give operating system commands to do damage.
DR M Y Siyal

Computer/Information Security

P1-110

INTERNET ATTACKS
COOKIES
When you access a specific website, it might store information as a
cookie
Every time you revisit that server, the cookie is re-sent to the server
Effectively used to hold state information over sessions
Can also hold sensitive information
This includes passwords, credit card information, social security
number, etc.
Almost every large website uses cookies
Cookies are stored on your computer and can be controlled
However, many sites require that you enable cookies in order to use the
site
The expiration is set by the sites' session by default, which is chosen by
the server
This means that cookies will probably stick around for a while
DR M Y Siyal

Computer/Information Security

P1-111

INTERNET ATTACKS
COOKIES
First-party cookie
Third-party cookie
Cannot contain a virus or steal personal information stored on a hard
drive
Can pose a privacy risk
ADWARE
Software that delivers advertising content
Unexpected and unwanted by the user
Can be a privacy risk
Tracking function
POPUP
Small Web browser window appears over the Web site that is being
viewed
DR M Y Siyal

Computer/Information Security

P1-112

INTERNET ATTACKS
ATTACKS WHILE SURFING
Attacks on users can occur while pointing the browser to a site or just
viewing a site
REDIRECTING WEB TRAFFIC
Mistake when typing Web address
Attackers can exploit a misaddressed Web name by registering the
names of similar-sounding Web sites
DRIVE-BY DOWNLOADS
Can be initiated by simply visiting a Web site
Spreading at an alarming pace
Attackers identify well-known Web site
Inject malicious content
Zero-pixel IFrame
Virtually invisible to the naked eye
DR M Y Siyal

Computer/Information Security

P1-113

SPYWARE
Software that violates a users personal security
Tracking software that is deployed without adequate notice, consent, or
user control
Spyware creators are motivated by profit
Very widespread
Average computer has over 24 pieces of spyware
KEYLOGGER
Small hardware device or a program
Monitors each keystroke a user types on the computers keyboard
Transmits keystrokes to remote location
Attacker searches for useful information in
captured text

DR M Y Siyal

Computer/Information Security

P1-114

EFFECTS OF SPYWARE

DR M Y Siyal

Computer/Information Security

P1-115

PHISHING
Phishing is a way of attempting to acquire sensitive information such as
usernames, passwords and credit card details by deceiving users.
Phishing is typically carried out by e-mail spoofing and it often directs users
to enter details at a fake website whose look and feel are almost identical to
the legitimate one.
Number of users that respond to phishing attacks is considered to be
extremely high and social networking sites are prime target.
Experiments show a success rate of over 70% for phishing attacks on social
networks.
DAMAGED CAUSED BY PHISHING
It is estimated that between May 2004 and May 2005, approximately 1.2
million computer users in the United States suffered losses caused by
phishing, totaling approximately US$929 million.
In 2007, 3.6 million adults lost US$3.2 billion in the phishing attacks.
In 2009 45K unique phishing sites were detected monthly.
DR M Y Siyal

Computer/Information Security

P1-116

PHISHING
MOST TARGETED SITES
Financial services (e.g., Citibank)
Payment services (e.g., PayPal)
Auctions (e.g., eBay)
Social networks (e.g., Facebook)

DR M Y Siyal

Computer/Information Security

P1-117

PHISHING EXAMPLE

DR M Y Siyal

Computer/Information Security

P1-118

PHISHING EXAMPLE

DR M Y Siyal

Computer/Information Security

P1-119

CYBER BULLYING
CYBER BULLYING is being cruel to others by sending or posting harmful
material using technological means.

DR M Y Siyal

Computer/Information Security

P1-120

CYBER BULLYING STATISTICS

25% of teenagers have experienced repeated bullying.

52% young people report being cyber bullied.
55% teens who use social media have witnessed outright bullying.
95% teens who witnessed bullying on social media and have ignored it.
The most common types of cyber bullying tactics are mean, hurtful
comments as well as the spreading of rumors.
Cyber bullying affects all races and victims are more likely to suffer from low
self-esteem and to consider suicide as a result.
SINGAPORE
1 in 3 had been bullied online, while 1 in 4 surveyed admitted to having
bullied their peers.
A 2012 study by Microsoft showed that Singapore had the second
highest rate of cyberbullying globally.
Online bullying in Singapore was also more prominent than bullying in the
real world.
The highest rates of cyber bullying are reported in China and Singapore
58% with India closely following on 53%.
DR M Y Siyal

Computer/Information Security

P1-121

CYBER BULLYING
Cyber bullying is a crime in Singapore and the punishment is fine of up to
S$5,000 or a jail term not exceeding 12 months.
Tips to Help Stop Cyberbullying
Dont respond or retaliate: Sometimes a reaction is exactly what
aggressors are looking for because they think it gives them power over
you, and you dont want to empower a bully.
Save the evidence. Bullying online or on phones can usually be
captured, saved, and shown to someone who can help.
Tell the person to stop.
Reach out for help
Use available tech tools: Most social media apps and services allow
you to block the person. You can also report the problem to the service.
Protect your accounts. Dont share your passwords with anyone even
your closest friends, who may not be close forever and passwordprotect your phone so no one can use it to impersonate you.
DR M Y Siyal

Computer/Information Security

P1-122