Computer Security for the Common Man
Computer security is a topic often in the news these days as more and more data disclosures and celebrity recreational activities are exposed. However, the concepts behind computer security are not much more than common sense would suggest if you actually gave it some thought. Large organisations will, of course, have a whole bundle of professionals dedicated to protecting organisational assets – and by inference the personal data that said organisations hold on us all – but small businesses simply don’t have that luxury and, without that luxury, common sense becomes the most useful tool in your security toolbox.
Let’s run through an example of using common sense in security. Remember that nowadays, hackers (and their employers) are more interested in getting your personal information (for the purposes of fraud) or controlling your computer (for the purposes of attacking other computers and then doing some fraud).
The scenario. I was walking along Sauchiehall Street and I spot a group of the dreaded charity collectors deploying themselves to entrap the unwary. The very thing that hackers do. Naturally, this particular detachment of Zany Guys and Pretty Girls are acting with the best of intentions so what has this to do with hacking and, in particular, identity theft? Read on.
Zany Guy approaches first. In computer security terms, he is the scanning attack on your firewall that precedes a more focussed attacked and he thus represents himself as a loyal charity employee in order to establish trust. Trust will get through many a door but, as this is just a story, Zany Guy approaches me with a degree of trepidation sensing he is about to encounter a barrier. That makes me the equivalent of a firewall. He even asks if I am hostile. I answer to the affirmative. He, like many hackers, has done this before and knows that further action will be at the very least futile and possibly dangerous. Firewalls therefore are good deterrents but they are not the be all and end all of computer security. For the purposes of this scenario, Zany Guy now retreats to count his fingers and consider a career change.
Pretty Girl is up next. She has an advantage in that most men, or at least those of a certain age or older, are conditioned to be polite to the female of the species at all times and, in order to be polite, the aforementioned firewall has to be lowered. She is now within touching distance of your cash filled wallet. Yet, she isn’t directly interested in your wallet. She is more interested in your bank details and that monthly direct debit that will earn her that all important quarterly bonus. Why rob someone once when you can rob them repeatedly. Social conditioning, or simple habit, is an oft used attack vector for the hacker.
As an aside, it turned out that Pretty Girl, like many of these “charity” workers actually work for a third party company that isn’t a charity. Just because it looks legitimate doesn’t make it so. Just like those cloned websites that look just like the one your bank has.
Back to the story. Pretty Girl wants my bank account details. I offer her a donation instead as I have an inherently charitable nature. She refuses. She can’t take money. She needs my bank account details for a direct debit so donkeys, dogs, hamsters etc. can be saved from starvation on an ongoing basis. She even confides that I can just cancel the direct debit later as she only needs to get the first payment to make target. I admire her mercenary approach to life but that’s not enough to let her gather my bank details. Let’s assume that I don’t want dogs, donkeys or hamsters to starve so what stopped me? My firewall is down after all.
She was using pen and paper. Not some encrypted iPad application like the nice people that sell television subscriptions outside supermarkets have but gloriously old fashioned pen and paper. Paper – and this paper would contain your bank account details and signature - doesn’t actually support encryption although it can, as a rather safer alternative, be used to make some rather nice origami horses. You can’t do that with an iPad. Paper sits in a bag somewhere just waiting to be stolen. Even if it isn’t stolen, it then sits on somebody’s desk somewhere (awaiting to be photocopied by the dodgy night janitor) until the information gets entered into a computer system (most likely a third party company’s computer system too) before your details are transferred (perhaps securely and perhaps not) to the charity who then use the information to set up the direct debit that will save something furry from starvation. That’s a lot of trust for you to put in people you have only just met on the street. Some might even find that the phrase “daylight robbery” is now floating through their mind.
Trust, incidentally, is a key concept in computer security. Those certificates used to encrypt your traffic when you visit Amazon or EBay are issued by a company that has verified that Amazon or EBay are who they say they are. You can trust EBay or Amazon because a third party company has checked that they are who they say they are. However, who verifies the third party company? That’s why they call it trust when faith would be a more accurate term.
Incidentally, that’s why, when those charity collectors stop you in the street, they always stress the brand. Sorry, I meant the charity of course. People, after all, tend to trust the brands/charities/multinational defoliators that they know. God bless consumerism and, If He has the time, He might even save you from hackers.