The Issues Concerning Identity Theft Essay Example for Free

The Issues Concerning Identity larceny EssayAbstr stand forIdentity theft has been around since the intercommunicate became to a bulkyer extent(prenominal) than just the stuff of science fiction. The benefits of existence in the Network has been undisputed but it has its drawbacks curiously recently. The increasing sophistication of ward-heelering engineering science and the ever-widening use of web-based communication render do the danger of psycheity operator theft loom even larger in the horizon. Recent statistics illustrate just how skilful the situation is with cyber criminals increasingly foc use on small companies and individuals, who atomic return 18 considered soft targets. Countermeasures argon fighting a losing battle and experts state that individual vigilance is the save really effective way of stemming the flood.IntroductionThere was a movie in 1992 starring Robert Redford and Ben Kingsley, called Sneakers. They played the parts of college e lectronic computer geeks who managed to hack into a g everywherenment computer establishment as a sort of young prank and got caught. Later in the movie, the character of Ben Kingsley causes a high-powered high-tech executive determined to rule the land with the use of in turnation technology that could hack into any system in the world.At the time of the movie, such(prenominal) scenarios were the stuff of science fiction, but that is precisely the situation today. The dependence on cyber infrastructure has become so ingrained into everyday life that vulnerability to attacks curbs on new dimensions. The consequences of this vulnerability argon far-r for each oneing, as indeed information has become the new up-to-dateness in this fast-paced, Web-based world.But ensuring the gage measure measures of digital information is fraught with difficulty, as hackers and planmers argon coming up with smarter and more destructive ways to wreak carnage with both public and private net incomes. integrity type of malware that illustrates the increasing sophistication of malicious code uses a JavaScript tool called NeoSploit. It butt attack a system using seven distinct exploits that could be customized depending on the special(prenominal) weakness of the system it is currently attacking. It is double obfuscated so that it easily evades most automated detection. It is a smart bug and adaptable as sanitary. 33The concept of indistinguishability theft is non new. Anybody with a computer and access to the Internet have been warned never to notice personalized information to unverified sources and to keep avoid financial transactions online unless the site is vouched for a by a reliable validation site. But identicalness theft is so much more, and recently, in that location has been a disturbing rise in incidents of identity theft beginning in 2004. The panic to networks has become more complex, as illustrated by the distributed denial-of-service attacks in 2000 and the 2001 CodeRed worm. 30The cost to consumers and businesses of identity theft is probative. According to the Federal Trade Commission, it has been asserted at more than $50 billion in the US al wiz. 18 Such occurrences are not exactly occurring in the US, however. In S come forwardh Africa, Standard Bank local and foreign clients were choused place of thousands of rands by a Trojan installed in public internet cafs which captured bank information. In France, a 2005 promulgate described how terrorists routinely used stolen identities forged onto false identity documents. 26The effect of such security breakdowns on e-commerce is grumpyly horrendous. Such enterprises rely on the trust and confidence of their clients that their confidence will be secure during online transactions. It only takes one instance of invasion for clients to shy away from doing further business. This paper investigates the issues pertaining to the technology behind identity theft, the counterme asures being enacted to prevent it and the current unresolved problems. emergency AnalysisTo more fully appreciate the problem, a definition of identity theft may be in order.Identity theft was first coined as part of the Identity Theft and Assumption Deterrence Act of 1998, better known as ID Theft Act. It is defined as a criminal act to knowingly transfer or use, without lawful authority, a center of identification of another person with the intent to commit, or to aid or abet, any outlawed activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.1Because of the increasing sophistication of ID theft techniques, the US Federal Trade Commission felt it incumbent to provide more specific definitions of what constitutes an identity or identifying information, to wit(a) The term identity theft means a fraud committed or attempted using the identifying information of another person without lawful authority.(b) The term identifying information means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any(1) Name, Social security department number, date of birth, official state- or government-issued drivers license or identification number, alien registration number, government bye number, employer or taxpayer identification number.(2) Unique biometric entropy, such as fingerprint, voice print, retina or iris image, or other unique sensual representation.(3) Unique electronic identification number, address, or routing code.(4) telecommunicationmunication identifying information or access device.1Looking at what comprises identity, it seems highly possible that at one point any one using the Internet or a private network will disclose one or more of the data above on a perfunctory basis because it is almost impossible to go through a typical day without at least once using a network industry such as an ATM machi ne or logging on to an e- direct service. Going to a hospital or check and it is highly apt(predicate) an RFID is required in some form, whether as a school ID or a medical card.Schools are especially vulnerable to attack because security is not particularly high on the list of priorities for school districts working with a budget. The benefits that accrue from digital technology in the school setting is huge, but on that point has been no corresponding enthusiasm for establishing even the most basic of security measures.The item is, cases such as the schools in California and Florida in which students themselves hack into the unbolted database for a prank or for profit, or the Ohio student who accidentally deleted student records which had not been backed up, are not unusual. Some of the most iconic movies are about tech savvy students who pull a fast one on uptight school administrators or against terrorists. However, in real life, security breaches for academician and medi cal records of students are carry consequences just as serious as those for government and incorporated information. 43It is not surprising that with the rapid digitization of information databases in all sectors, there are more and more incidents report of some type of invasion. In 200 Techniques used in Identity Theft fleshly methodscomputer and backup theftdirect access to informationdumpster diving, or searching trashtheft of a purse or walletmail theft and interceptionshoulder surfingskimmingdishonest or mistreated employeestelemarketing and fake telephone callsInternet-based methodshacking and unauthorized accessphishing, or the use of netmail and mirror sitespharming, or interception between an IP address and the target server.redirectorsadvance-fee fraud or 419 fraudfake IRS form primallogging and pas brand stealingThere has been such emphasis on Internet-related security breaches that the fact escapes most people that identity theft can happen physically as well as over t he Ethernet. According to the Identity Theft Resource Center, there were more than ccc breaches in security in companies involving the loss of data storage tapes that contained the information of more than 20 million people in 2006. However, cyber- criminal offenses is much harder to prevent because it can be do off-site and insiduously. It is as well as harder to detect because often the theft is done in small batches.Source http//www.eset.eu/press_release_threats_marchMcAfee Avert Labs recently released a report called Identity Theft that identified keylogging, malware that keeps track of keystrokes to capture passwords and other sensitive information, as the tool being increasingly used to perpetrate identity theft. The report as well as tracked the occurrence of phishing attacks which increased 250% from January 2004 to May 2006. 26 In March 2007, ESET reported that the top malware threat was the Trojan keylogging malware called Win32/PSW.Agent.NCC, followed by Win32/Netsky.Q or simply Netsky P, which has the power to replicate and to spread itself as an attachment through email. In third institutionalise is Trojan Win32/TrojanDowloader.Agent.AWF which is used to download malware that creates botnets that in turn creates spam and disruption-of-service attacks. 4The use of Internet Relay Chat (IRC) bots, a string of codes or independent program that attaches to the IRC channel of a system and appears to be just another user, by hackers has been developed to be transmitted through IM, mass mailing and peer-to-peer communication. While recyclable for managing channels, maintaining access lists, and providing access to databases, it has become dangerous in the hands of malicious users, who activate the bots to infect and reside in systems with a view of passing on confidential and sensitive information. It is difficult to detect and to clean because the bot is configured to disable anti- virus software product product and firewalls. Moreover, bots can ed it registry entries to hide its presence. 44 Avenues used for Identity Theft Credit Card FraudIndividuals find themselves victims of credit card fraud when they transact with smaller merchants online merchants that utilize generic shop mastheadg cart software and helplessness to keep up with the latest software security patches. Web-based vulnerabilities, which provide cyber-criminals the soft patches in which to invade and infiltrate, is found in many different Web-based applications because of the failure to be vigilant.One example is that of Cellhut.com which uses third party Website security provider Hackersafe which is supposed to have passedthe FBI/SANS Internet Security Test. But experts are circumspect regarding the effectiveness of these tests as evidenced by the number of reports of fraud, which is actually only a part of the actual number of cases that actually occur. Small online companies are not required to report all incidents, making statistical data difficult to ga ther. 17 E-mail as a gatewayIn 2003, the number of spam or jank mail outstripped the number of legitimate email in corporate America, indicating an unrelenting onslaught on computer defenses. Malicious code such as SoBig, Mimail, and Yaha, which wreaked havoc on personal computers and servers alike, was disseminated through e-mail. As a reaction, companies allocated 8.2% of corporate budgets were earmarked for cyber-security but the economic lure for hackers have made them more inventive and devious as well.Phishing, the art of deceiving gullible users with cleverly disguised e-mail, has become the fastest-growing non-violent crimes against banks. One sneaky example was that of Swen, an e-mail virus that masquerades as a Microsoft security fix, complete to the last detail so that it looks au indeedtic. The unwary unleashes the virus in the system when the message is opened or previewed. It then breaks down firewalls and antivirus, leaving the system open to infiltration. Instant M essaging, Instant impactInstant Messaging or IM has as well become popular of late because it is, well, instant. Many companies believe they have increased productivity significantly with the use of chawbacon Messenger, Skype, MSN Messenger and AOL Messenger. However, these may bring more than messages into the picture.IM allows users not only to exchange messages but to transfer files as well, which may have malware or a virus riding on it. It also provides backdoor access to hackers because IM bypasses firewalls and gateway perimeter scans. The peer-to-peer network is especially open to exploitation because of this bypass, and the worms spread rapidly, testing at 10 to 20 seconds in some tests. Some antivirus software that work on the desktop direct have some success in catching these worms, but only in restricted cases. other way for hackers to open a portal is to hijack the connection using a man-in-the-middle attack and impersonate the hijacked user. The hacker is then in a authority of trust and may solicit information from the unsuspecting person on the other end. The use of a network sniffer could also steal information from an open portal during an instant messaging session, and a trojan is not even exacted. This is especially dangerous in a corporate network. 37 Voice-over-Internet Protocol (VoIP)The use of VoIP has the probable security risk as that of most data streams. While it may seem to be much like a telephone service, the architecture for VoIP is not the akin as the conventional telephone line, where security is more established and any interception will require a physical presence on the specific telephone wire or PBX. VoIP transmits the voice as a data stream, similar to that of any other web-based application, and is vulnerable to the same kind of invasion or interception. The defense against such invasion is through the same combination of firewalls, antivirus and encryption. 23 Because VoIP is comparatively new, it is still in it s early stages of development, and has not aroused the same attention for identity thieves as other forms of data exchange, although there are some spyware the specifically targets VoIP. CookiesCookies are normally written by a website into the computers harddisk to store personal data about the user relevant to the application which stores the text-only code. Flaws in the generation of the cookie identity has been identified by Security researcher Michal Zalewski as potentially vulnerable to hacker attack because the overwrite protection feature can easily be bypassed and allow malware to remotely plant user information on another persons computer that can be accessed remotely when the user visits specific websites. 35Malware is more than just malicious in that it is motivated by economic gain rather than any kind of grudge or misdirected sense of humor. A more appropriate term for these economic-driven malicous software is spyware. discernware is much more focused and quite destr uctive because it can reside in a system for weeks or even months before it is discovered.Aside from the fact that transmits confidential information to its creator, it also retards down computers if affluent of them reside in the system, even disbling some applications from working at all. There is loss of productivity as well as information. Sometimes it is simply annoying, popping up as adware or altering the home page to redirect the browser to specific websites. It sometimes masquerades as an end-user license agreement and most users just click on it as a matter of course, inadvertently allowing the spyware to be embedded in the system. Whichever form it takes, it cuts down on productivity, uses up RAM and CPU preferences. 27Many IT professionals consider spyware the top security threat as revealed by a WatchGuard Technologies survey in 2005. Consequently, anti-spyware software is also on the rise, making it the top security technology for 2005.Since people make money from i t, it is most likely that hackers would bring it up to the level of a serious enterprise. Particularly vulnerable are banks and financial institutions, such as PayPal, which was targeted by a variation of the Mimail worm. The pathogen redirected the user to a false PayPal verification window which then asked for sensitive financial information. PayPal had hitherto enjoyed a reputation for reliability, so the potential to victimize a large number of people makes the scheme particularly effective.The tendency to use a few core applications is another reason hackers are so effective they only pauperism to focus on circumventing the security of a few systems to ensure a good haul. 25One of these core applications is Microsofts Windows. The vulnerabilities of these products are more numerous than ever, mostly because its widespread use has made it the target of concentration for many hackers. And though improvements in the security features in the products have managed to deflect more than 100,000 variants of the malware circulating, it requires more vigilance on the part of the caretaker to maintain the system to the leading edge of the available updates and security patches. 36There has even been evidence that cyber-criminals have become loosely organized, expert hackers working together with spammers and fraudsters to range the sophistication and reach of the attacks on peer-to-peer networks. The focus is now on compromising integrity rather than the random destruction of files and networks. The treasure in this hunt is for information, and since there is no immediate, discernible damage, it is only when the credit card bills come in or the security system springs an alarm that the invasion becomes apparent.In the instances that a pathogen succeeds in infiltrating a good system, more damage is done than its predecessor, and true to the nature of its name, the virus appears never to completely die, but rather to go into stasis, just time lag for the next impr oved bug to re-activate it in an evolved state, such as the Phatbot in 2004 which exploit known and newly-discovered vulnerabilities in multi-frontal attacks. 36 Profile of a Cyber Criminal 26 Organized crime groupsThe involvement of organized crime groups has served to coalesce otherwise individual hackers. The motive for the involvement is not only profit but to establish a yield of readily available identities to be used in the course of their criminal activities. TerroristsIt has been established that terrorists use various identities to avoid detection by government agencies that are on the alert for their appearance in under their true identities. They acquire employment and obtain financing for their activities. One instance was reported in Spain where a terrorist cell made purchases with the use of stolen credit cards and used fake passports and travel documents to open legitimate bank accounts to finance their operations. Petty criminalsThese are the freelancers, out to ma ke easy money and with no other motive but money. 26Literature Survey of Solutions Research grantsIn 2002, $877 million in government grants were earmarked to neckcloth the Cyber Security Research and Development Act and H.R. 3400, the Networking and Information Technology Advancement Act that would beef up the network security of vital infrastructure.The ATT Foundation has also made contribution by providing grants in 2004 to the University of Texas at Dallas and Syracuse University to support cybersecurity research. Similarly, study ground of Standards and Technology gave a grant to George Mason University School of Laws National Center for Technology Law and James Madison University in Harrisonburg, Va. to collaborate on what is know as the Critical Infrastructure Protection Project. The project is aimed at providing outreach and education, serve as a pool of knowledge, and development of special programs for small businesses and information sharing. 41However, the grants are part of a reaction to 9/11, which seeks to crowd research in counterterrorirsm and national security. The problem of identity theft is much closer to home, or at least take on not be on the scale of national security. Generally, identity theft can occur to as small as the scale of a home computer.A report by Internet security solutions provider Preventon has shown that in the UK, approximately 67% of the surveyed consumers manage their own security software, mostly anti-virus, firewalls or anti-spyware software. However, only 22% considered phishing a serious threat to their security. New ProductsFor financial call centers, a product has been developed by EMCs Security Division called the RSAR Adaptive Authentication for Phone, which seeks to provide a reliable authentication protocol for telephone banking as required by the Federal pecuniary Institutions Examination Councils Authentication in the Internet Banking Environment guidance. It is an limb of the RSA Adaptive Authenti cation for Web in use by 35 of the largest financial institutions and banks in the world.The system makes use of the voice biometric solution based on Vocent technology and Nuances voiceprint engine. It is designed to conduct a risk-based assessment by analyzing voiceprint and user behavior based on predetermined parameters during retail and commercial banking transactions. Aside from the technology, users of the product will also have access to the database of the RSA eFraudNetwork community which has fraudster profiles. 10There has been some opinion that an overlap approach may be more effective, where a combination of firewalls, intruder protection and detection and vulnerability testing be used in concert instead of isolation. 25 A software that goes one step further is PCImmunity, which is designed to combine the security features of Norton, McAfee, SpyBot, SpySweeper, Ad-Aware, ZoneAlarm, Avast, and AVG while supplementing them with a restart feature in cases where one or more of the active applications is deactivated by a hacker or virus. One of its maintenance features is the automatic update of these software and the daily scans of anti-spyware software. 14Two projects that are geared towards anticipating industrial-grade security measures for VoIP has been initiated by the VoIP Security Alliance, or VOIPSA, which aims to establish a threat taxonomy and and a list of VoIP security requirements These protocols will be of particular use for session border controllers, or SBCs, which serves as an intermediary between the unique architecture of VoIP and web-based protocol that would otherwise be incompatible with VoIP.VoIP with SBCSource http//www.cisco.com/warp/public/cc/general/bulletin/software/general/3001_pp/3001_p24.jpgOther functions of the SBC is to enable network address translation, VoIP peering and compliance with the communications Assistance for Law Enforcement Act. Security-wise, SBCs as the man-in-the-middle, is theoretically in a good posi tion as the front-liner for any unauthorized access or interception. SBCs also serve to mask the presence of VoIP systems and softswitches and other devices. However, the integrity of its security features has yet to be strictly tested. 40The JavaScript malware that confounds most automated detection needs special treatment, using decoding tools such as NJS, SpiderMonkey or Rhino which separates the malware from the browser tool at the command-line level after cleaning up the HTML. It decodes in layers until the malware is completely stripped of its code. The tools are based on JavaScript and designed to be a re-entrant. It is not tackled, however, because such tools have limitations and it is only a matter of time before hackers find a way around it as well. 33another(prenominal) breakthrough that is a double-edged sword is a framework being developed by security expert Roelof Temmingh called Evolution. Though still in its infancy, the framework can be used as both a hackers tool as well as a security application. What it does is to use any identity information and draw off other hidden data. For example, it can transform a domain into e-mail addresses and telephone numbers with the use of the Whois domain name lookup service, so hackers need only one type of information to get a whole slew of information.It can also identify targets for client-side attacks and war-dialing ranges. In the interest of security, however, Evolution can be invaluable in various ways. It can be used as a footprinting to identify phishing sites and identify alliances with weak security postures. In the extensive run, however, Evolution can be used to illustrate the future capabilities of hackers and research to pro-actively counteract such developments would be of immense benefit. 33The important development from a security standpoint is that many companies are finally coming to terms with the magnitude of the battle before them. In a conference in Phoenix, the focus was on new products that were designed to renew the onslaught on incidents of phishing, adware and spyware spurred on by Web 2.0. Products such as NewsGator Hosted Solution allows companies to put an RSS aggregator in their websites, eliminating the need to get feed directly from the original content originator. For security compliance, LogLogic produced the appliance-based solution LogLogic 3 r2 that allows tracking of Microsoft Exchange log activity to identify security risks. 16One product with added features was announced recently by Barracuda Networks which helps identify spam messages even if it is being sent by an apparently innocuous e-mail address. The Spam Firewall e-mail security appliance is now able to analyze sender behavior, facilitating reputation synopsis. When a previously normal nehaving e-mail address suddenly stars unloading massive amounts of email, it is presumed that it has been infected by a botnet and turned into a spam server. 20 DIY Security ProtocolsWith the rise of DIY security came the development of self-help websites that provide security tips and information as well as recommended freeware for downloads. One such website is the Gibson Research Corp. website (www.grc.com) headed by Steve Gibson. He provides three suggestionsStealth or hide seldom-used ports, of which a typical system has 65,000 for an internet scanner to exploit.Disconnect services not in use, which Windows provides and connects by default but which only represents a vulnerability.Bind only the modem to the TCP/IP. Windows binds all network resources to the Internet by default as well, such as a shared printer, which is unnecessary and potentially dangerous.Among Gibsons offerings that have provided some security is Shields Up and LeakTest scans, and Gibsons DCOMbobulator, lead the Messenger, Socket-Lock, UnPlug n Pray and Xpdite make security a little tighter. Another website that may bear investigation is The Human Firewall (www.humanfirewall.org) which focuses more on companies. 36In IM, the best way to prevent identity and other information theft is to use an IM service that allow encryption. Unnecessary file tranfers via IM should also be restricted.Another suggestion is the use of Really Simple Syndication (RSS) as an alternative to joining an e-mailing list. The RSS feed is secure because here is no need for an e-mail address, it merely gets the sought after material from the feeds server. It makes the inbox and spam mail easier to manage as well as reducing the risk of spyware infiltration. 31To confound IRC bots, McAfee experts suggests the use of IRC servers in constructing and IRC honeypot and a network sniffer. The sniffer identifies the IRC channel used by the malicious bot and the IRC honeypot routes all IRC channels to pass through it and an outbound query is allowed. A scallywag bot will try to home into the attackers IRC server and the honeypot then issues commands to unistall the bot. 44 Enterpise Security GovernanceOn the exe cutive level, the Carnegie Mellon Software engine room Institute (SEI) reports in Governing for Enterprise Security that the need to address information security as an enterprise-level governance concern is paramount. It identified several characteristics that define a company that employes governance in enterprice securitySecurity is given the same importance as other aspects of businessSecurity is part of the organizations strategic planning cycleSecurity is considered an integral part of all enterprise functionsKey executives and network staff alike have an appreciation of the responsibilities and issues knotted in network security.Because of the prevalence of confidentiality breaches in the corporate world and the high costs involved in such breaches, an enterprise with a strong, healthy repute and care for the security of the information in their care but still with the ability to communicate efficiently and effectively with their clients will come across as a company that c an be relied on and trusted. 29 ATTs Research Labs president Hossein Eslambolchi agrees that security cannot be an afterthought, and states that the state of network security is so airheaded that hackers can bring down a whole network with very little effort. 13 Government InitiativesThe US government has come to realize the real threat of security and information breach, especially when it involves government agencies. Several intitiatives deal with ensuring vigilance in both public and private enterprises that deal with network security. E-Government Act 2002, a privacy assessment mandate that is designed to protect the personal information of citizens who volunteer their data on government sites, is touted as one of the most significant privacy guidelines. The aim of the mandate is to ease the government into e-government, overcome resistance to change and to emphasize the need for cyber-security and privacy as well as coordination concerns. 21 Another government mandate is the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which came into effect in April 2005 which regulates the use of e-mail and other Internet-based communications by health professionals in efforts to secure sensitive medical information.The guidelines are particularly focused on some key points that may arise in a clinician-patient communication. The rule of flip is that the e-mail is mos probably not secure, and ealth professionals should not solicit confidential patient information via email, nor should patients supply such information. If it is absolutely imperative, the guidelines require tat such e-mail be encoded and encrypted. In cases of sharing benchmarking information and statistical data, it would be advisable to take out pertinent patient information as much as possible. There are 18 HIPAA Patient Identifiers that should be taken out, a list available on the HIPAA website (www.hipaa.org). 3With regard to schools, some efforts at the district levels are being made to establish some security guidelines to protect the integrity of school records. The Consortium for School Networking, together with the Mass Networks Education Partnership in Allston, Mass., has produced the Cyber Security for a Digital District program (www. securedistrict.cosn.org) which provides administrators with an outline of what constitutes a secure database. 43 However, cost is still a major consideration for many school districts, one that has no immediate solution unless administrators and school boards alike are convinced of the importance of cyber-security in the schools.There have been some suggestions that law enforcement agencies take a more offensive take on cyber criminals and ISPs that host such activities, but this move is fraught with legal and ethical issues. Cyber crime is difficult to pin down because it is nealy amorphous in character. Unless it is proven without doubt that such a person or ISP is knowingly involved in the commission of cyber cr imes such as identity theft, any law enforcement actions against what may prove to be an innocent party who may in turn be victims themselves would be ineffective.A recent development has been an unprecedented move by the US District Court in Alexandria, Va. On behalf of Project love Pot of anti-spam company Unspam Technologies, a $1 billion lawsuit was filed against spammers as well as those who harvest e-mail addresses for spammers. The lawsuit is the first and largest of its kind made possible by the efforts of extremitys of Project Honey Pot who have been able to gather enough data to prosecute the alleged perpetrators with the use of the honey pot software, which identifies spam mail and IP addresses of the e-mail harvesters. The gathered data will enable prosecutors to subpoena ISP records for the involved IP addresses and its owners. The results of this litigation could well provide cyber criminals at least a pause in their activities. 28Outstanding IssuesOne of main problem s with countering unauthorized invasions is the lack of government spending on network security. Moreover, universities are churning out an inadequate supply of graduates with enough knowledge in network security to come up with practical and effective counters to what hackers can come up with. According to National Academy of Engineering (NAE) president William Wulf, there are perhaps about 200 serious computer security researchers in the US.Academic research is also notoriously slow in coming out with publications, much too slow to be of practical use in the rapid development of cyber-crime.Much of the brain fail is due to the demand of private enterprises, which pays a lot better than academic research, for talent to staff short-term projects that has nothing to do with security research. Purdue University Professor Eugene Spafford characterizes the spot to security issues as most people view insurance.Software Engineering Institutes Timothy J. Shimeall agrees as senior technic al staff member of its Networked Systems Survivability Program. Not enough attention and resources is being devoted to security issues until it becomes a problem. For those who are involved in academic research in security, most are theoretical, with little or no practical basis, according to Columbia University computer science professor Salvatore J. Stolfo. 30Another issue that has yet to be addressed is the steering of the distributed-computing environment, in which the traditional, centralized concept of a security perimeter, known as the Orange Book architecture of the US Department of Defenses trust figurer System Evaluation Criteria, is of little use. What is needed is long-term, systemic, non-theoretical view of the problem, rather than disaster management and short-term product cycle thinking.A survey, called the Risk of Sharing, of 300 companies in the US, UK and Australia revealed gaps in the business communications process due mainly to lack of process auditability, in advertent exposure of confidential data, review cycle inaccuracies and resource loss through dealing with spam, amendments and approvals. 5It has also been observed that many companies fail to make full use of the security softwar they already possess, and the reason for this appears to be data overload. When security software provides audit information for instances of attempts at invasion, it spews out a lot of information, much of it extraneous. Systems analysts must figure out which are the significant entries out of thousands of entries, and some companies resourt to outsourcing the work. 25ConclusionThe story of infected networks and compromised information has become all too familiar, a state of affairs that has begun to make itself felt with a vengeance. Of particular concern is the increasing number of incidents of identity theft. It is of concern to the individuals and corporations that are directly affected by it, but it is also a matter of national security, especially s ince the onslaught of terrorist attacks on the US. One side of the hackers economics is selling of legitimate identities to identified individuals who are persona non grata in the US. Identity theft is should thus be a priority for individuals, business entities and government agencies alike.Efforts by researchers to come up with defensive foils to stem the malware tide have met with mixed success as each step to successfully battling existing threats is countered by newer, more sophisticated and more dangerous threats. The economics behind the hacking industry has become huge as the world becomes more and more enmeshed in the cyber world, and the opportunities for profit is increasing as more and more industries are hooking up. However, the benefits of being connected still outweighs the drawbacks and the key to maintaining equilibrium is vigilance.On the far end of the security spectrum is government agencies that exact compliance for security regulations to deter cyber crime. Bus inesses follow suit as required because it is also to their benefit to do so, although many small companies have resistance because they have yet to feel the squeeze of an all-out hack attack. Big enterprises are more in the picture because they are bigger targets, although hackers are migrating more and more to softer targets whose resistance to regulations make them more vulnerable to attack.On the other end of the spectrum is the individual user, whether in the office or home setting. It is the responsibility of each user to be aware of the dangers, whether they are hooked up to local area network with the potential to infect from two to 50 other terminals because of a security suite that lacks maintenance, or the home user with an address book full of friends and family which has the potential of spreading malware with the ease of a click of a mouse.The tools to combat malicious cyber crime is available but users need to be educated about their responsibilities. Users need to be vigilant about their computer use, with their e-mails, with their IM sessions, even with their browsing behavior. As Uncle Ben said to Peter Parker, with great power comes great responsibility. Being interconnected has unleashed great power, and the responsibility to harness this power for the common good is very much in the hands of each user.AcknowledgmentReferencesBill authorizes $877 million for cyber security research. Communications Today. December 7, 2001. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0BMD/is_228_7/ai_80639935CinTel develops a network security solution that enables content filtering proxy. EDP Weekly IT Monitor. August 8, 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0GZQ/is_30_46/ai_n14939952Do your e-mails comply with new security regs? HIPAA regs cover security and confidentiality. HealthCare Benchmarks and Quality Improvement. May 2005. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_m0 NUZ/is_5_12/ai_n13759944Global threat trends in March 2007. com. April 3, 2007. Retrieved April 27, 2007 from http//www.eset.eu/press_release_threats_marchNew research uncovers security and audit risks. outside(a) Journal of Micrographics Optical Technology. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_qa4077/is_200501/ai_n1363351Organisations fear network security threats from Instant Messaging. Internet Business News. October 3, 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0BNG/is_2005_Oct_3/ai_n15658965Research by prevention reveals UK home PC user are turning to DIY security. Internet Business News. July 6, 2005. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_m0BNG/is_2005_July_6/ai_n14724817RSA survey reveals online security concerns. Internet Business News. August 22, 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0BNG/is_2005_August_22/ai_n14924483Security appliance protects c onsumer data with encryption. ThomasNet, Incorporated. February 27, 2007. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0PIL/is_2007_March_19/ai_n18727208Security system strengthens phone authentication processes. Product News Network. November 13, 2006. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0PIL/is_2006_Nov_13/ai_n16836088Security. Telecom Asia. August 2003. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_m0FGI/is_8_14/ai_108312261Security. Telecom Asia. December 2004. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0FGI/is_12_15/ai_n9481318Security. Telecom Asia. June 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0FGI/is_6_16/ai_n16879846Software automates and maintains PC security programs. Product News Network. September 28, 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0PIL/is_2005_Sept_28/ai_n15636236A paper that is focused on a cur rent security research issue of your own choosing.RSS network optimization, fraud prevention tools take demo stage. eWEEK.com. February 6, 2006. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1759,1920117,00.asp?kc=EWNKT0209KTX1K0100440ID thieves turn sights on smaller e-businesses for online shoppers, security seals no guarantee that hackerts arent watching. Washingtonpost.com. September 28, 2006. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0NTQ/is_2006_Sept_28/ai_n16753298Can ID theft be solved with more regulation? eWEEK.com. February 8, 2007. Retrieved April 26, 2007 from http//www.eweek.com/article2/0,1895,2092459,00.aspPrince. Report shows spike in online identity theft. eWEEK.com. January 16, 2007. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,2084453,00.asp20 C. Garretson. Barracuda Networks enhances reputation analysis technology with behavior data. Network World. April 17, 2007. Retrieved April 27, 2007 from http//w ww.networkworld.com/news/2007/041707-barracuda-e-mail-security-appliance-profiling.htmlWebb. Government IT Review. Washingtonpost.com. October 2, 2003. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0NTQ/is_2003_Oct_2/ai_108454056Chandler. Storage services for data security big business byte for enlightened operators. Telecommunications Americas. August 2005. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_m0NUH/is_9_39/ai_n15631277Khun, T. Walsh and S. Fries. Security considerations for Voice over IP systems. January 2005. National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.Sweeney. Focus turns to network security while many consider the telecoms infrastructure a vulnerable target for terrorists, the more immediate threats are attacks by individual hackers and authors of malicious code, which are presenting new security challenges for service providers. Telecom Asia. January 2005. Retrieved April 27, 2007 from http//fi ndarticles.com/p/articles/mi_m0FGI/is_1_16/ai_n9772934Shein. Spy vs. spy companies are spending billions on network security, but staying ahead of hackers may be a pipe dream. CFO Magazine for aged(a) Financial Executives. February 2004. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m3870/is_2_20/ai_113051525Paget. Identity theft. McAfee Avert Labs. December 15, 2006. Retrieved April 27, 2007 from www.mcafee.comMcPartlin. Somebodys watching you spyware has come in from the cold to become corporate Americas top security threat. CFO Magazine for Senior Financial Executives. Summer 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m3870/is_9_21/ai_n15787661Vijayan. E-mail harvesters hit with $1 billion antispam lawsuit. Computerworld. April 26, 2007. Retrieved April 27, 2007 from http//www.networkworld.com/news/2007/042607-e-mail-harvesters-hit-with-1b.htmlWhitley. Report stresses security governance. Internal Auditor. October 2005. Retrieve d April 27, 2007 from http//findarticles.com/p/articles/mi_m4153/is_5_62/ai_n1576350130 L. Paulson. Wanted More Network-Security Graduates and Research. Computer Science at the University of Virginia. February 1, 2002. Retrieved April 27, 2007 from http//www.cs.virginia.edu/csnews/show.php?artID=79Seltzer. Security watch Windows wireless threatnot. PC Magazine. January 2006. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_zdpcm/is_200601/ai_n16015170Seltzer. Security Watch Windows, Firefox, Winamp, all report flaws. PC Magazine. February 2006. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_zdpcm/is_200602/ai_n16043071Vaas. Tools will help personalize ID theft by 2010. eWEEK.com. April 19, 2007. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,2115879,00.aspVaas. JavaScript attacks get slicker. eWEEK.com. April 18, 2007. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,2115638,00.aspHines. Cookie holes expose br owsers. eWEEK.com. January 31, 2006. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,1917283,00.aspHogan. Not-so-good fellas keep the bad guys at bay with these steps to improve your companys computer security. Entrepreneur. June 2004. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0DTI/is_6_32/ai_n6055133Hindocha. Instant insecurity security issues of instant messaging. Security Focus. January 13, 2003. Retrieved April 27, 2007 from http//www.securityfocus.com/infocus/1657Roberts. FBI computer crime survey finds widespread attacks. eWEEK.com. January 20, 2006. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,1913633,00.aspRoberts. IBM predicts 2006 security threat trends. eWEEK.com. January 23, 2006. Retrieved April 27, 2007 from http//www.eweek.com/article2/0,1895,1913864,00.aspPoe. VoIP industry moves to bolster network security new group to define requirements. Americas Network. May 2005. Retrieved April 26, 2007 from http/ /findarticles.com/p/articles/mi_m0DUJ/is_5_109/ai_n15622587Roach. Cybersecurity research at two schools gets boost from ATT Foundation. Black Issues in higher(prenominal) Education. July 1, 2004. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0DXK/is_10_21/ai_n6145384Roach. Virginia universities team up on nations cyber security focus on public policy and law gives research effort unique focus. Black Issues in Higher Education. June 20, 2002. Retrieved April 26, 2007 from http//findarticles.com/p/articles/mi_m0DXK/is_9_19/ai_89077199Lafee. Cyber security at the distriCt level are you ready to prevent unlawful, unauthorized or simply misguided use of your technology? School Administrator. April 2005. Retrieved April 27, 2007 from http//findarticles.com/p/articles/mi_m0JSD/is_4_62/ai_n13667747Thomas and N. Jyoti. Defeating IRC bots on the internal network. McAfee Avert Labs. February 6, 2007. Retrieved April 27, 2007 from www.virusbtn.com