Online Threats

This page is part of the "legacy" version of HTCC online. It's here for continuity and reference. This website has been semi-retired since 2009, and is seldom updated. You'll find our new online presence at the HTCC Blog.

And the threat domain continues to evolve, as shown by this article at

Global cybercrime

Once upon a time, visiting the Internet was no more threatening than visiting the Wonderful World of Oz. Now there's more than a bumbling wizard and a few witches on the Wild Wooly Web. A wide range of cyber-bandits, extortionists, and con artists are on the Web, bent on separating the great unwary from their money, or even their identity.

Internet crime is now organized on a global basis. Technology that makes cybercrime easy is now available for purchase or even free on the Internet. Spammers, scammers and spyware writers band together to leverage each other's abilities. Cybercrime is concentrated in Eastern Europe, but operates world wide.

Hackers, viruses, worms, spyware, botnets, phishing, spear phishing... Only a stout defense can fend off a menagerie like that. A big part of that defense now depends on the vigilance of individual computer users. And you now need more safeguards if you want to keep younger children safe online.

Spam has morphed from crude promotion of dubious deals to a slick vehicle for scams, spyware, credential theft. Spam has also gone global. There's a world-wide market for email addresses and spam delivery services. Spam is the basis for s

Chinks in the armor

Cyber-attacks are naturally directed at weak spots in computing systems. A system consists of the computer, the network(s) it's connected to, and any humans in the loop. Online security efforts are focused on eliminating and plugging the soft spots of computer systems, but cyber-criminals keep looking for — and finding — new ones.

Soft spot #1: It's well known that the part most likely to cause an automobile accident is the nut behind the wheel. Sadly, the person at the keyboard is often the weakest link in computer security. ;-)

Cyber-criminals use deception -- often called "social engineering" -- to attack the human element. Phishing is a prime example of deception. Attacks often originate with an email message or a pop-up webpage. The perpetrator's attack succeeds if you to respond to his urgent, convincing message. He's then able to extract private information from you, install malware, or do anything else he wants.

Many attacks simply take advantage of weak spots in the operating system (i.e., Windows) or programs. There are many ways to deliver malicious content to computers that will directly or indirectly install all sorts of malware. Many kinds of programs have been found to be vulnerable -- browsers, Word, Excel, WinZip, Adobe Reader, Java, Flash, Windows Media Player, and many others.

The network (Internet for most users) is another vulnerable part of the system. Network worms, eavesdropping and hacking are methods used to attack the network. WiFi adds another easily compromised element to the network. Criminals also use legitimate websites by breaking in and substituting poisoned pages that attack anyone who visits them. This is a growing threat.

Even computer hardware can be attacked. For example, if someone can gain momentary access to your computer, it's simple to insert a simple bug, called a key logger, between your keyboard and computer. Then everything you type, including account numbers and passwords is sent to person who installed it.

The only practical way to protect yourself and your computer is to set up and maintaining a structured defense. Threats are now so widespread and varied that I have moved away from traditional online defense (reactive), and adopted a proactive approach, which is radical but I think more effective.