Main content
Internet safety
Course: Internet safety > Unit 1
Lesson 9: Going deeper with recognizing and avoiding online scamsCybersecurity and crime
Google Security Princess Parisa Tabriz and Jenny Martin from Symantec introduce the most common types of cybercrime, including viruses, malware, DDOS attacks and phishing scams.
Want to join the conversation?
If a virus is a program too then who created it, why and how? Can someone tell me?(22 votes)
In addition to the reasons jeppemh mentioned above, many viruses are developed:
- for the challenge of it (this was very typical in the days before the internet)
- for research and/or demonstration purposes (often by researchers in computer security)
Often, these viruses will only be released on controlled systems i.e. they will not be released "into the wild" (the internet).(31 votes)
Are there any cases where hacking is a good thing to do?(16 votes)
Any case where it is not a bad thing to do.
"Ethical hacker" is a widely used term, it usually describes people who are hired specifically to test the security of systems.
But it can be you, me, or anyone else who decides that they're going to 'see what happens if I do this?'. The difference between good and bad is what you do with it.
It is good if you report it to the website, contact the administrator, or someone that could fix it.
It is bad if you don't report it, and wait for the bad person to discover it. It would be even worse if you damaged parts of it, or you've just seen things you shouldn't have.
It often becomes a dilemma to know what to do, as even today, many institutions become hostile to the good hackers who report their vulnerabilities. A good rule is to always get permission before you attempt to do something.
*WARNING: Doing "testing" without permission is illegal in many countries. You should read up on the laws before doing anything that could be illegal. Many companies offer bug bounty programs where anyone can participate.*(44 votes)
- Is there a specific way to know if a link that you are about to click will direct you to a Phishing Site? Is there a way to decrypt those TinyUrls? to check if that's a legit site or not?(7 votes)
- You can preview a tinyURL of the form:
http://tinyurl.com/dyynf56
(this links to the TinyURL wikipedia article)
by going to:
http://preview.tinyurl.com/dyynf56
(Alternatively you can set preview enabled at the tinyURL website, so it always previews by default)
Similarly, you can preview links from Bitly like:
http://bit.ly/1sNZMwL
(link to wikipedia Bitly article)
by adding "+" on to the end of them:
http://bit.ly/1sNZMwL+
Once you are at the site, you can determine if it is legit by checking out its certificate (click on the lock on your browser bar to view it)(10 votes)
- When we make our own website we need to buy an SSL certificate - what kind of service are we really paying for when paying for SSL? Does the company just authenticate/ license whoever that pays? Thanks!(4 votes)
- Certificate authorities apply their digital signature to your certificate. In doing so, they are saying that your certificate is accurate i.e. they confirm that the public key for that website is what it says on the certificate. You pay for their reputation of only signing accurate certificates.
Before a certificate authority gives you a certificate for your website they need to confirm that you actually own that website. Different certificate authorities have different procedures for determining that. The more thorough the check, the more others will trust that certificate, and the more it is likely to cost. You can get free certificates, but the checks will likely be minimal, and others will likely not trust it.
So why do we need a certificate authority ? Imagine a hacker intercepts your request to connect to your bank's website. They send you a web page that looks like your bank's web page and give you a public key that they have chosen. You use that public key to encrypt your data, and think that everything is secure, but in reality the hacker can see everything because they have the private key corresponding to that public key. A certificate prevents that, because a hacker shouldn't be able to obtain a certificate (from a trusted certificate authority) for that website that contains their public key.
Hope this makes sense(5 votes)
At2:26the lady said that lots of viruses are disguised as security updates, but then at4:37one of the things on the list to avoid being hacked is to install security updates often. How do we know if it is a good update or a bad update?(3 votes)- Most fake security updates are displayed over the web with JavaScript alerts. To make sure you actually have the correct version, ignore such pop-ups and go to the company's website to check. Another way hackers try to trick you is with fake emails. Same thing here. The main thing to be aware of is that JavaScript is designed to be safe, and require your permission to run programs and download software, same thing applies for running Java applets. if you don't click to choose to download anything, you should be safe from downloading malware, and if you are told you need a security update, be suspicious, and visit the website through a search engine instead of clicking a link.(2 votes)
- A computer virus is a type of malicious software, or malware, that spreads between computers and causes damage to data and software. Computer viruses aim to disrupt systems, cause major operational issues, and result in data loss and leakage.(3 votes)
- I've heard Apple products get no viruses, is that true? And if it is, how is that possible?(2 votes)
Definitely not. All hardware and software have some bugs. If a certain product is broadcasted as "having no bugs", it's because the developers haven't found them yet. Sometimes that's what allows the hackers to compromise the software.(3 votes)
- How can hackers get your login credentials from you just opening an official looking document?(2 votes)
If the document contains malicious macros and you enable them, hackers can get into your system and insert spyware to get login credentials that you may type afterwards. Those types of hackers are called keyloggers. Another way a hacker can get your login credentials through an "official document" is through bogus login pages. Hackers can mimic a login page like gmail to steal your login credentials without you knowing. This can be easily prevented by looking closely at the pages you insert you credentials on. Hope this was helpful!(3 votes)
- where can i keep watching these types of videos if i would like to learn more.(1 vote)
There aren't any more of these types of videos about the internet. If you want to learn more by reading articles, check out this class here on Khan Academy.
https://www.khanacademy.org/computing/ap-computer-science-principles/the-internet
You could also watch these types of videos about computers instead of the internet.
https://www.khanacademy.org/computing/computer-science/how-computers-work2
Have a great day! (:(3 votes)
At2:29they said some viruses are desguised as security updates. Are there certain ways of telling that the update is fake?(2 votes)- Great question. Code signing is an effective technique: https://www.venafi.com/education-center/code-signing/what-is-code-signing
Hope this helps!(1 vote)
2:26Video transcript
- Hi. My name's Jenny Martin and I'm the Director of Cybersecurity Investigations at Symantec. Today cybercrime causes huge problems for society. Personally, financially, and even in matters of national security. Just in the last few years, hundreds of millions
of credit card numbers have been stolen. Tens of millions of
social security numbers and health care records were compromised. Even nuclear centrifuges have been hacked and unmanned aerial
drones have been hijacked. This is all done by
exploiting vulnerabilities in hardware and software. Or more often by taking advantage of unintentional decisions made by the people using the software. The people committing these cybercrimes don't fit a single profile or motivation. It could be anyone from an
international terrorist, to a teenager competing
for bragging rights. Today, the largest countries not only have a regular army, but also have a well-armed cyber army. In fact, the next world war may not be fought with traditional weapons but with computers, used to shut down national water supplies, energy grids, and transportation systems. - Hi. My name is Parisa and I'm Google's Security Princess. I've worked on a lot of
different Google products in a lot of different ways
to try and make our software as secure as possible. Now let's take a look at how cybercrime works under the hood. We'll learn about software viruses, denial-of-service attacks,
and phishing scams. In biology in life, a virus is an organism that is spread by coughing, sneezing, or physical contact. Viruses work by infecting cells, injecting their genetic material and using those cells to replicate. They can make people really sick and then spread to other people. A computer virus works a bit similarly. A virus is an executable program that gets installed,
usually unintentionally, and harms a user and their computer. It's also possible for
a virus to spread itself to other computers. Now how does a virus get on your computer in the first place? There are couple ways an attacker can infect someone's computer. They might lure a victim
into installing a program with deception about
the program's purpose. So for example, a lot
of viruses are disguised as security updates. It's also possible that the
software on your computer has a vulnerability. So an attacker can install itself without even needing explicit permission. Once a virus in on your computer it can steal or delete any of your files, control other programs,
or even allow someone else to remotely control your computer. Using computer viruses,
hackers can take over millions of computers worldwide. And then use them as a digital army, otherwise known as a botnet, to attack and take down websites. This kind of attack is called a distributed denial-of-service. A denial-of-service is when hackers overwhelm a website
with too many requests. We call it a distributed denial-of-service when the attack comes from many computers all at once. Most websites are ready to respond to millions of requests a day, but if you hit them with
billions or trillions of requests coming from different places, the computers are overloaded
and stop responding. - Another trick used by cybercriminals is to send large amounts of spam email in an attempt to trick people into sharing sensitive
personal information. This is called a phishing scam. A phishing scam is when you get what seems like a trustworthy email asking you to login to your account, but clicking the email
takes you to a fake website. If you login anyway, you've been tricked into giving your password away. Hackers can then use
your login credentials to access your real accounts to steal information, or maybe even to steal your money. Fortunately there are many companies, laws, and government organizations working to make the internet safer. But these efforts are not enough. You may think when a
computer system gets hacked, the problem was the security design, or the software. 90% of the time a system
gets hacked however, it's not because of a security bug, but because of a simple
mistake made by a human. - It turns out there are
steps we can all take to protect ourselves. Often, your actions not only impact the security of your
own data and computer, but the security of everyone at your school, workplace, and home. With billions or trillions
of dollars at stake, cybercriminals get smarter each year, and we all need to keep up.