Week 7 Notes

☺☻☺ Week 7 Notes ☻☺☻
Tuesday Notes
 * Internet Abuse
 * The use or misuse of the internet and other interconnected technologies to intentionally cause harm. Whether it be to the system or other users.


 * Cyber Bullying
 * Malware
 * Spam
 * Cybercrime
 * Dark Patterns
 * Internet Addiction

Malware

 * Malware
 * Malicious software designed to cause harm to the system and other users. Includes crime such as stealing one's credit card information, passwords, identities...


 * Before the internet, malware was transferred through physical media such as flop disks or other forms of removable storage
 * As the internet grew, there was a bigger proliferation for malware as computers continued communicating unless shut down. This created more malware attacks especially among new users who weren't aware of malwares.
 * Presently, browsers and operating systems are more secure now with better security such as malware detection
 * Social engineering can be used as a method to trick people with malware and exploit them such as phishing or phone scams.

Variations

 * Virus
 * Often attached to file supporting macros to execute code to spread onto device
 * Can cause significant operational issues and data loss
 * Worm
 * Usually in the form of a downloaded file or network connection
 * Can replicate rapidly and spread across devices sharing a common network
 * Spyware
 * Capturing video or audio from device
 * Adware
 * Highly infectious in browsers
 * Popup Ads
 * Botnet
 * Able to infect hundreds of browsers
 * Able to communicate and coordinate attacks
 * Backdoor
 * Allows third-party access to one's computer

Malware Detection
Most forms of malware leave a detectable trace that makes identification possible
 * Signature Detection
 * Incoming data can be analyzed to compare with known attack vectors
 * Works for known malware but not for unknown
 *  Anomaly Detection
 * Tools that can detect abnormal behavior within your computer
 * Is your system acting normally or is something different?
 * If your system is doing something that it normally does not do, that is an indication of an infection.
 * Heuristic Detection
 * Applies algorithmic analysis to identify characteristics of malicious behavior


 * There is a trend of accumulative effect where the number of malware attacks is exponentially increasing
 * There is a year to year increase of exploits over the internet
 * Figure indicates a doubling over the last 10 years for attacks, trend is predicted to continue and additional automatic is needed
 * In 2011, there were 7 billion devices that were connected to the internet
 * Not one-to-one
 * Thousands of users had multiple devices
 * Human error is a common factor that leads to successful malware attacks
 * People are usually too trusting in believing what a trustworthy website or application should look like
 * Attackers take advantage of the user's trust and familiarity to gain access to their computers and attack them
 * Attackers take advantage of the trust we put into these systems and target users
 * Phishing attacks annually stay the number one infection vector
 * Outdated systems are more vulnerable to infection
 * Malware detecting and protection programs help alleviate this

Why are Humans so Easily Manipulated into Online Attacks?

 * People tend to trust links sent by their peers, even if it doesn't seem 100% familiar to them
 * Many phishing attacks use links that are really similar to a well known website, such as Youtube
 * https://www.youtube.com/watch?v=dQw4w9WgXcQ
 * We are not always constantly on guard and watching out for these attacks
 * People tend to use the internet to relax and wind down
 * A lack of knowledge or lack of awareness people have regarding new and innovative hacking techniques
 * New techniques involve using QR codes to steal people's account information
 * Things on the internet are abstracted away and people tend to not have the same sense of danger as in real life
 * Social Engineering

Deceptive Design

 * Humans are constantly coerced, directed, or deceived into making unintended or harmful decisions.


 * Deceptive Design
 * A website or app designed with the intention to coerce and deceive people into making harmful and unintended decisions.

Continuously consuming media makes it harder for people to distinguish between regular media and those that are more fishy.

Examples of Deceptive Design
Different Types of Deceptive Design on the Internet
 * Trick Questions
 * Sneak into basket
 * Roach Motel
 * Privacy Zuckering
 * Price Comparison Prevention
 * Misdirection
 * Hidden costs
 * Bait and switch
 * Confirmshaming
 * Disguised ads
 * Forced continuity
 * Friend spam

Dark Patterns
A form of deceptive design that preys on a user's established behaviors and conventions to manipulate human interactions with online services


 * Endless Scrolling
 * Makes it hard to stop using the app
 * More "Here's what you missed" than, "Let's take a break from scrolling"
 * QR Code Scanning
 * We obliged to scan a QR code when we see one
 * USER ID & Password
 * We are inclined to put in our information to login to sites

Deceptive Techniques

 * Coercion
 * - Threatening compliance
 * - Making people do something they don't want to do against their will


 * Exploiting Errors
 * Mistyping leads to ads
 * - Accidently clicking leads to ads


 *  Manipulating Navigation
 * - Navigation elements that unknowingly guide users to desired sources
 * Infinite scroll
 * Hiding the free version of a product
 * Redirecting to other links based on selections


 * Trick
 * - Misleading user through fake or subversive design and layouts
 * Double negative checkbox label
 * Low contrast buttons

Common Biases of Internet Users

 * Anchoring Effect
 * - Over-reliance on "anchoring" (something we are familiar with) info
 * Bandwagon Effect
 * - Over-valuing something because others do too
 * Default Effect
 * - Repeat behaviors by default due to inertia
 * Framing Effect
 * - Act upon the same information differently depending on presentation
 * Scarcity Bias
 * - Over value things that are perceived to be scarce
 * Sunk Cost Fallacy
 * - Continue action due to previous investment, despite outcomes

Question
In a few words or sentences, describe what you think of when you hear the term "Internet Abuse".

Response

 * Cyberbullying
 * Dark Web
 * - buying hitman and drugs
 * Hacking
 * Toxicity
 * Doxxing
 * - Releasing private information publicly
 * Fishing

Professor's Answer
Internet Abuse is the use or misuse of the internet and other interconnected tech to intentionally cause harm

Question
Why are humans so easily manipulated into online attacks?

Response(s)

 * We place our trust on the website, social media, the system, and user interactions
 * We go onto the internet to relax
 * When on the internet, we do not pay enough attention towards internet security
 * The lack of knowledge in cyber security
 * Trust and awareness
 * We trust the systems that we use and the links that are shared with us by our peers, friends, and virtual community
 * A great analogy a student shared during discussion, when we get home we aren't always looking through the window and making sure the door is locked to make sure that we are safe all the time
 * Lack of Knowledge and Awareness
 * Attacks come in new, clever ways
 * A recent exploit on Discord involves being invited into a server, where the login page requires you to sign in through a QR code. After which your account is compromised and stolen.
 * NFT Scams work in a similar method