Weekly Task VI: Big Brothers and Mobile Networks

Research In Motion (RIM) is a Canadian wireless device company. It is best known as the developer of the famous BlackBerry smartphones.

Why are the governments interested in this issue?

Of course because of the security issue. Governments tend to prevent terrorists attacks and other threats in order to keep a safe situation in the country. BlackBerry phones are famous for their encryption: it means, that it is much more difficult to trace the information sent/received by these phones. If a terrorist group decides to plan something, conspiracy will be needed, and BlackBerry mobile phones can provide them such feature.

Do you think that their demands are justified?

We think, that yes, the demand would be fully justified, because if not, BlackBerry would lose a large piece of marketplace. On the other hand it would make BlackBerry to be somehow against their own strategy/benefits/advantages. Moreover, it is difficult to make some business against the governments' politics, that is why even such giant companies as RIM have to follow the demands.

What does this mean for users?

Indian demands are giving a new headache to BlackBerry maker Research in Motion after New Delhi threatened a shutdown that could affect one million of the smartphone's 41 million users. 

So, let's see  to what threats this occurrence will lead and how it can affect RIM's Indian users. 

Of course, the hardest hit will cause problems and hamper the work of country's business and market. As we all know, business people rely on the email: today almost all documents are sent by an email.  If to start using mobile phones instead of email, companies will lose money on phone calls, because they costs money. Especially in India, where a huge number of companies are international with outsourcing in this country. How much money will the Indian people spend to call for example to the company in Britain to request what work to do. We guess that a lot.

Let see, what "bosses" are saying on this issue. "In the capital market, every second matters. Time lost is money lost. Had it been for couple of hours, that was okay. But it stretched much beyond that," said Jagannadham Thunuguntla, Strategist & Head of Research at SMC Global Securities Limited.

And what about ordinary users? After the repeated shutdowns of email and messaging services that left BlackBerry users with only voice calls and SMS text Indian customers became mad.

What does this mean to the RIM?

More than a million people use BlackBerry in India, the world's second-biggest mobile phone market. RIM has established a strong, but not dominant, the price-sensitive market that is living thanks mostly to its cheap models segment. 

We can say That RIM is between the pincers. On the one hand, if the company will give an access to the user's information, privacy policies might be violated. Users won't like if their private information will be used without getting their agreement. Company must work by the word of the law of confidentiality, if not, then the company will need to pay users, who had taken the matter to court on RIM. Company could become bankrupted in one day. On the other hand, if RIM won't give all user's information to the India's Home Ministry, they will block the company's services from the country's mobile phone network.

All in all, in two cases the company will lose position on the Indian market, but if the RIM will choose the second possibility it will lose users only in India (one million out of 41 isn't a big deal). If they do so, in this case the company won't lose the reputation in the other countries.

Should we pay any attention to this issue?

Our answer is Yes, it is needed to pay attention to it and we think that it very important. This issue is directly related to eBusiness security, because it can harm users' rights. There exist two views on this problem: as a user and as an owner of similar to the RIM.

In the first case, company saved the terms of the privacy policies and haven't given user's information to the third party. User saved his confidentiality. 

In the second case, as a CEO I and my company haven't violate user's rights. I am clear in front of my customers and I don't need to pay litigation costs to them, but lost 2,4% of users.

Weekly Task V: Search Engine Optimization and Ethics

What is the SEO?
SEO is a set of methods that will contribute to a higher ranking in search engines. To better fit the ranking algorithms of search engines in the existing site and web pages, some changes are made. For this purpose, additional domains and special pages (doorway pages) are created.

Methods of SEO: White hats
Optimizers accept certain methods and reject others. Accepted by them are called the "civilized" or white hats and not accepted are considered as "uncivilized" or black hats. For example, according to the civilized methods, only the original pages of the site must be optimized for search engines. Also, the constant addition of pages to the relevant theme of the site content, regular updates, adding incoming links, which is tied to the keyword anchor text links, and regular updating of the header tags, these methods will belong to this group. In addition to these standard procedures, there is also the addition of the components of blogs that reinforce the role of the site and enhance its status and attract attention to writing the text for the pages that host certain keywords. 

Methods of SEO: Black hats
Black hat SEO practices attempt to improve a web page’s search engine ranking through SEO methods that are prohibited by search engines or in violation of their Terms of Service.
Black Hat search engine optimization is customarily defined as techniques that are used to get higher search rankings in an unethical manner. These black hat SEO techniques usually include one or more of the following characteristics:

• breaks search engine rules and regulations
• creates a poor user experience directly because of the black hat SEO techniques utilized on the Web site
• unethically presents content in a different visual or non-visual way to search engine spiders and search engine users.

Typical Black Hats SEO methods:

• Keyword stuffing: Packing long lists of keywords and nothing else onto your site will get you penalized eventually by search engines.
• Invisible text: This is putting lists of keywords in white text on a white background in hopes of attracting more search engine spiders. Again, not a good way to attract searchers or search engine crawlers.
• Doorway Pages: A doorway page is basically a “fake” page that the user will never see. It is purely for search engine spiders, and attempts to trick them into indexing the site higher.
• Cloaking: Cloaking describes the technique of providing a different page to search engine spiders than what a human visitor is shown. This technique is abused by spammers for keyword stuffing. Cloaking is a violation of the Terms of Service of most search engines and results in banning of the website.
• Automated Link Software:  Automated SEO software that act as link machines are heavily looked down upon by Google and all other search engines. The entire reason why search engines rely on links to gauge site popularity is because links are supposed to be analogous to third-party votes. But when you use automated software to create these links, you’re basically hiring an army of robots to vote for you again and again.

Moreover, there is a large Black Hat SEO community forum, where practically anyone can easily find answers to his questions, useful tips and advices.



Ethics of the SEO
As a professional of search engine optimization is dealing with at least two clients, in fact there is more than one ethical rule. Firstly, there is ethics in relation to the client - owner of the website. Secondly, and this applies to the most part of the question, ethics has to deal with another client - search engines. Because the needs and demands of these two clients are often diametrically opposite to each other, search engine optimization is often a dilemma.
Search engine optimizer is responsible to the owner of the website and trying to achieve the best possible places in the results page in search engines. It is also necessary to follow the guidelines for webmasters that provide search engines, as these recommendations are a necessary condition of the optimization. It is a very important fact, where exactly a professional search engine optimizer draws the line between the website and search engines, as well as the manner in which the need for those limits is explained to the website owner.
It is also very important and serious discussion about the real goals of the owner of the website and on what level of risk wish to be the site owner to getting penalties from the search engines or complete ban of his site. Not every professional search engine optimizer will go as far, as the webmaster who wants to go out on the territory of the gray and black hats. Different experts have different interpretations of where the boundary between what is written in the recommendations of search engines and what wants to change the owner of the website.

Weekly Task IV: Privacy Policies of Web Site

A privacy policies of the web site state how you will respect the privacy of your website users. It says what information you will gather, how you will use it and how you will keep it secure.


Report the companies/services you selected as your examples

Our group decided to choose Facebook and Apple. Facebook is the most populated, one of the most popular web sites in the world, while the Apple is the most successful corporation in the world. Both companies are very interesting in the privacy policies case and they both have influenced the world a lot.

What kind of information privacy policies they typically have?
– Facebook
The user is allowed to decide which information about him he would like to be confidential and be hidden from others. Some applications may use additional information, like location, ip-address/web browser version, but they usually ask for user's permission in order to do this. Moreover, web sites with implemented facebook social plugin (comments, etc.) also collect the same information about users. The collected data may be used in various services, like suggestions, advertisements and offers. In order to protect children from some adults, restrictions are used. Also, name, various user's networks and profile picture are always publicity available.

– Apple
Each user has to create an account in order to use most of the Apple's services on the devices. This account is called 'Apple ID'. It is used to authorize your computers, gadgets like iPhone/iPod, allow changes on Macs, purchase applications in AppStores (both on OS X and in iTunes), iCloud and Find My iPhone service and for lots of other purposes.
To create an account each user has to input such personal information, as name, location, phone numbers, e-mail (which will become the Apple ID login), credit card/Pay Pal account information. This information is secured, however, lots of accidents with hacking Apple ID's have appeared recently and the most annoying thing for users about this is that, unfortunately, Apple pays no attention to this problem.
Some additional data may be collected from Apple's devices as well, like location and statistics of usage.

Do you find some differences between the policies of the two companies you selected?

– Facebook
   Once a platform for college peers to connect, has recently become a global enterprise selling user information to third parties. Facebook scans user profile information and shares it with third parties and advertisers to deliever a 'personalized' advertisements on the user's homepage. In order to use any facebook application, the user must agree to the terms of use, which include access to their personal information.

– Apple
   Apple, the once small, start-up tech company is a distant memory to the global conglomerate that Apple now is. Much like Facebook and Google, it is also all too willing to share private user data to the highest bidder. Apple has used the data it has collected from iPhone, iPad and iTunes users and sold it to "partners and licensees". Users must agree to this or they can not download from the iTunes store.

So, privacy policies of these companies are pretty much the same, but there exists one difference. These companies have in their privacy policies one division “Collection and Use of Personal Information” and here it is. Apple collects information using iPads, iPods and iPhones. As users of iPad and iPhone, we perfectly know that before first start of Apple devices we need to register in Apple Store and insert our info. Facebook has another way to collect user’s info – this is done just during the registration process.
The type of information is the same, but the methods to collect are different.

Do you think that the selected policies are clear to the users?

– Apple
   In our opinion, the Apple has very nice and clear Privacy Policies. For us and others, reading very long policies is very hard, because we are lazy and doesn't want to waste our time on it. Policies of this company's web site are also not very long, so, that is also the main thing.In additition, we would like to mention that Apple uses very interesting "trick". In additition, we would like to mention that Apple uses very interesting "trick". They are using words to made users to read their rules. We think it is important that user have become familar with privacy policies of company and will save money of Apple in this case.

– Facebook
   Facebook's privacy policies on the way of its growth as an Internet social networking site has met a lot of criticism from the users. This famous social network has also been sued several times. Facebook privacy policies has changed in recent years. Soon, it transformed into a network where the greater part of your information is public by default. Today, according to the latest changes in its privacy policies, facebook give no choice but to make certain information public, and this information may be shared by Facebook with its partner websites and used to target ads. So, our verdict is that Facebook has very long, hard to read privacy policies and it is done designedly in order that users not read them because they are not fair.

Weekly Task III: Digital Divide

The term digital divide has appeared to denote a dissidence in the family where the husband spent too much time behind a computer to the prejudice of everything else, and his wife could not live with it. Now this funny etymology has been forgotten long time ago, and now describes the fact that the world can be divided into people who do have and people who don't have access and the capability to use the Internet. For example, in Finland, more than 50% of the population have access to the Internet, while in India only 0.05%.  

According to generally accepted views on the information society, its specificity is that the free exchange of information contributes to overcoming poverty and inequality, but for those who disconnected from this exchange, the prospects are dramatically deteriorate. Hence the idea of ​​deliberate "policy of exclusion," which is led by one or another countries and communities - instead of the previous policy of repression.
After we have defined what is "digital divide", we can write our ideas concerning it, based on four governmental and persons points of view.

View 1: Jack Kemp, Freedom Works
Jack Kemp has stated, "The real issue is the lack of wealth-creating opportunities and access to capital in the inner cities and depressed rural areas – the access-to-capital divide." He thinks the government should let private enterprise solve the market problems and should stick to lowering interest rates and removing regulatory barriers. This problem, as two-sided coin – from the one hand, government should solve economical problems, and on the other hand, take actions regarding issue of digital divide. We all know that for access to the Internet, not only the connection is needed, but also a computer, an ADSL modem and and everything else costs money. We believe, that this problem will be solved, if only the government take care of increasing income and life level of the people of rural areas. To sum up, our group agrees with Mr. Kemp's idea that on the way of solving this issue, the first things to be solved are lack of job, education in that areas and a high crime level.

View 2: UK Government
According to the British government's plan, students would be offered free computers for their online studies at home. Though it may seem very sweet at first, in reality no one can prove in which purposes the leaned computers will be used (gaming, watching movies, social networks, etc). That is why this project may be just a loss of huge amounts of money. Speaking about the second project ("digital challenge prize") it seems not so profitable as well. Firstly, it is difficult to understand, how a local authority may influence citizens minds so much. Only a small amount of people would get interested by this, because mostly, people tend to be independent and to have their own mind about what they need. It depends on the citizens themselves, to trust or not. Moreover, lots of authorities in Great Britain are using the Internet in lots of ways already, then why does the government has to create such strange projects?

View 3: Howard J. Blitz
Mr. Howard J. Blitz points that the government budget consists of the taxes and are paid by the taxpayers. In the world exist some countries where citizens get low salaries that give an opportunity only to live, the percent of taxation is very high and no dramatic changes in quality of life. They pay taxes, because they are fear of violent actions that can be taken by the government to punish them. Moreover, people don’t know where money are going and what they are working for. In our opinion that is not right, government should not be the oppressor, nation is just an employer of the government. Of course, that would be nice if the government help to solve this problem of digital divide using our tax money and may be the situation will became better. To solve or not to solve the digital divide problem, that might be the question. The answer will give the audience – nation. Government must make a survey and decide who would like to have 100 Mbps Internet.

View 4: Commission May Declare Broadband 'A Universal Right'
As the  European Commission states, the Internet connection may be established as a universal right for every single person. Now the set connection speed is extremely low - only 28.8 kbits/second dial-up, and the EC wants to establish a broadband connection, which means much higher speeds. High speed Internet access is needed because of the progress and innovations, no one wants to lag behind. Moreover, the dial-up connection speed is totally uncomfortable, that is why the Internet may seem frustrating for beginners, people, who have just started using the Internet and want to try it for themselves without any payments to the telecom companies in order not to loose money, if they (beginners) would not like it.

Weekly Task II: Information Security Policies

What are information security policies?
Information security policies provide a framework for best practice that can be followed by all employees. Information security policy defines the organization’s attitude to information, and announces internally and externally that information is an asset, the property of the
organization, and is to be protected from unauthorized access, modification, disclosure, and destruction.

Why do we have them?
As we all know, that installing antivirus software or even a firewall is not enough for the full security. Not every attacker is external to the organisation. That doesn’t mean that to secure the company, CEO should be suspicious to every employee but don’t rule out the possibility. Employees can compromise colleagues’ computers using tools readily available from the Internet when there is poor network security. These hackers have tools to spy on others’ actions, view information outside of their job function, stalk and harass others, and plant inappropriate content on others’ machines. Sometimes exists situations when an employees, without knowing, by their actions create "holes" in the network protection system, this is called "Insider jobs" in the context of eBusiness Security.
 – So why to use security policies?
Implementation of the information security policies can prevent this and over threats. Making this rules or policies is not very hard for the IT specialists, but is very important. They help to ensure risk is minimized and that any security incidents are effectively responded to. Information security policies will also help turn staff into participants in the company’s efforts to secure its information assets, and the process of developing these policies will help to define a company’s information assets. All in all, it is important also to make not very long and clear list of this security rules. Sometimes employees are not read this rules or throw paper with them into the rubbish-bin =), because they are soo long.

What kind of things we should have in them?
We should have in information security policies such things, as:
1) Strong firewall protection - in order to protect from various harmful websites with unappropriate content or malware.
2) Personal authorisation (each employee isn't allowed to tell his password to anyone else.
3) Logging out and shutting down the computers after every use.
4) Keeping laptops in a secured place.
5) Updating anti-virus software.
6) Installing software is possible only for company's administrators which are responsible for this.
7) Checking for viruses all external hard drives and memory cards automatically by the anti-virus software.

How can we guarantee that things included in security policies are really used?
1) Web cameras behind the employees.
2) Special instructions and lectures for employees.
3) Strong administration's passwords.
4) Regular checking for viruses and problems.
5) Serious penalties for actions not according to the instructions/rules.

References:                                                                                                                                                                                    
Peltier, Thomas R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management.Auerbach publications

Weekly Task I: Hackers & Viruses

Viruse Case [Hacked By Chinese!]

Virus Infections on computers in the EU

 

Famous All Over The World Viruses

1. ILOVEYOU - (2000) One of the most widespread and rapidly spreading viruses ever, the ILOVEYOU virus spread via e-mail, posing as an executable attachment sent by a friend from the target's contact list. 

Attacked tens of millions of Windows personal computers and stated spreading on 5 May 2000 local time in the Philippines. Already ten days later 50 million infections had been reported.

How It Worked

The ILOVEYOU script was written in Microsoft Visual Basic Scripting (VBS) which ran in Microsoft Outlook and was enabled by default. 

The script added Windows Registry data for automatic startup on system boot.

The worm then searched connected drives and replaced files with extensions (JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, MP3) with copies of itself, whilst appending the additional file extension VBS.

Interesting fact

It took advantage of a Microsoft algorithm for hiding file extensions. Windows had begun hiding extensions by default; the algorithm parsed file names from right to left, stopping at the first 'period' ('dot'). The attachment (which had two file extensions) could thus display the inner file extension 'TXT' as the real extension; text files are considered to be innocuous as they are normally incapable of running executable code.

2. Code Red - (2001) IIS on Windows servers were the target of this virus. It also launched denial of service (DoS) attacks. When a server was infected, it automatically redirected clients to the http://www.worm.com.

Chronology

Days 1-19: Trying to spread itself by looking for more IIS servers on the Internet.

Days 20–27: Launch denial of service attacks on several fixed IP addresses. 

Days 28-end of month: Sleeps, no active attacks.

3. Nimda - (2001) Nimda used seemingly every possible method to spread, and was very effective at doing so. Nimda is notable for being one of the fastest spreading and most widespread viruses ever. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes. Nimda affected Windows operating systems of both generations.

Five different infection vectors:

1. via email;
2. via open network shares;
3. via browsing of compromised web sites;
4. exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities;
5. via back doors left behind by the "Code Red II" and "sadmind/IIS" worms.

Interesting fact

The worm's name origin comes from the reversed spelling of it, which is "admin".

Most Interesting Viruses

The creature (green one), called "Creeper", in the famous game Minecraft (2011). 

Creeper - (1971) possibly the first computer virus ever. It infected computers on ARPANET. 
Mostly harmless, the concept of Creeper has infected the minds of rogue programmers through today.Ssssss!

References:                                                                                                                                                                                     
The Top Ten Famous Computer Viruses
Wikipedia: ILOVEYOU
Wikipedia: Code Red
Wikipedia: Nimda

Famous Hackers: Vladimir Leonidovich Levin

Vladimir Leonidovich Levin was born on March 11, 1971. He was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology. Computers were for him as hobby, and had never got special education for mastering the computer .This mathematician led a Russian hacker group in the first international bank robbery over a network.
Vladimir worked in the software company “Saturn” in St. Petersburg. He had a friend, who was a former St.Petersburg’s bus driver, turned entrepreneur in San Francisco. One day, Levin told his friend he had found out how to transfer money from Citibank's computer system. He had already twice transferred funds into his own account in Finland. After it Levin's colleague became a partner in what will be later named as a multinational hacker ring.
A few weeks later, transfers were made to BankAmerica accounts held by the companies "Primorye" or "Shoreland" in English and “Shore”, owned by Levin's friend Jevgenij Korolkov, both in San Francisco. By this time, Citicorp officials had already begun to suspect foul play and started questioning Korolkov. Korolkov left the country but apparently was not deterred. Instead, the two pressed on and recruited new partners around the globe, authorities say. By October 1994, he broke into Citibank's computerized cash management system and attempted forty illegal transactions to California, Israel, Finland, Germany, Holland, and Switzerland.
Vladimir was using his office computer at AO Saturn, a computer firm in St. Petersburg,Russia, to break into Citibank computers and then obtained a list of customer codes and passwords. One day in New York's Electronic Money-transfer Center of Citibank paid attention to the movement of large sums of money on electronic networks from the accounts of subsidiaries of the bank - to bank account dummy persons related to it in Israel, Finland, Russia and other countries. According to federal prosecutors in Manhattan, altogether were transferred about $ 10 million. Since this hack, Citibank began using the Dynamic Encryption Card.
Until all accounts have been frozen, criminals were able to cash out only 400 thousand dollars. One of Levin's accomplices was arrested in San Francisco while trying to remove a large amount of fake bank accounts. When the bank reacted to the complaints of customers whose money have disappeared, the FBI joined in the cause. Part of the money transferred was obtained in the different countries in cash, and their subsequent fate is still unknown, but most of the couriers were arrested in different countries in their efforts to obtain money on their hands. With the assistance of the Russian Interior Ministry by the operational methods was established his identity. However, Levin's arrest in Russia was impossible because in the RF Criminal Code at that time was no articles about computer crime, and in terms of legislation he was completely innocent. As a result of subtle psychological game, conducted by the detectives of two countries (including telephone calls of the arrested accomplices, who had the threat of attitude, etc.), managed to achieve what Levin had panicked and went to the UK, presumably - to a childhood friend of his mother, Leonid Gluzman.

He was arrested, once he stepped onto the British soil, at the airport "Stansted" March 3, 1995. Later, when Levin was extradited to the U.S. in 1997, he was described in the newspapers as the mastermind behind the Internet's first-ever bank raid. Some security experts dispute that claim, however. Levin, they say, used telecommunications systems, not the Internet, to break into Citibank. He was able to intercept Citibank customers' phone calls and, as the customers authenticated their accounts by punching in their account numbers and PINs, obtain the information he needed to commit the fraudulent transactions.

References:                                                                                                                                                                                    
http://www.experiencefestival.com/a/Vladimir_Levin/id/1976247
http://www.cab.org.in/Lists/Knowledge%20Bank/Attachments/64/InternetFraud-VL.pdf