General

Data Compromise Techniques

Abiodun OLUWASIKU Written by Abiodun OLUWASIKU · 1 min read >

Data Compromise Techniques (1)

This is the first of a series of articles on cybercrime relating to data compromise and exploitation by e-marauders to gain an undue advantage over victims. Data is one of the most valuable resources of a business. Data is needed to process information, analyze business problems and opportunities, and make informed decisions.

Business organisations must remain eternally vigilant and protect their data from possible compromise and exploitation by hackers. Predators have literally shifted their operational base to cyberspace where they exploit network vulnerabilities to steal and compromise corporate information. The Internet represents a global theatre for cyberwarfare where e-crime could be perpetrated anywhere in the world without physical weapons and with anonymity. This makes investigation, arrest, prosecution hence conviction, and punishment petty difficult.

This article examines common techniques for privacy breaches, data compromise, and exploitation:

  1. Alteration Attack: Occurs when unauthorised modification included during a system development life cycle affects the integrity of the data or code. This includes changing information stored in data file, modifying the contents of messages in the network,
  2. Botnets: A collection of compromised computers (zombies) running software installed via worms, Trojan horses, ardware, spyware and spam. It may be used for denial-of-service attacks, access devices, and so on,
  3. Brute-force Attack: The use of many password-cracking tools available at little or no cost, on encrypted passwords to gain unauthorised access to a network or host-based system,
  4. E-mail Bombing: Occurs when the criminal repeatedly sends an identical e-mail message to a particular address,
  5. E-mail Spamming: This is a variant of bombing and refers to sending unsolicited bulk e-mail to hundreds or thousands of users (or lists that extends to other many users) for commercial purposes,
  6. E-mail Spoofing: An attack in which user receives an e-mail message that appears to have originated from one (trusted) source but actually was sent from another (fake/malicious) source. E-mail spoofing is an attempt to trick the user into making a damaging statement or releasing sensitive information. An example is an e-mail claiming to come from a bank requesting users to change their password or supply certain account details,
  7. Flooding: An attack that brings down a network or service by flooding (overwhelming) it with large amounts of traffic. The host’s memory buffer is filled by flooding it with connections that cannot be completed. The network becomes ridiculously slow or crashes altogether.
  8. Interrupt Attack: It occurs when a malicious action is performed by invoking the Operating System (OS) to execute a particular command. An attacker could use an interrupt simply by having the OS execute a particular system call that would perform a malicious action.

In the last decade, companies generally invest hugely in ICT without due consideration for the security of their data. However, with companies suffering huge financial loss, reputational damage, and legal liabilities, while others are actually forced out of business, it has become imperative to embark on massive investments to protect their data and the fiduciary information of their clients/customers.

Man’s Freedom

Chinyere Monye in General
  ·   1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: