Cybersecurity, Privacy and Ethics

Unit Learning Outcomes

• By the end of this unit, students will be able to:

• Identify the types of cyber security threats and measures

• Discuss the issues of computer privacy and ethics

• Apply netiquettes in using computers and computing devices

Image source: Google Image

Adapted from Discovering Computers 2016
Cybersecurity
• Cybersecurity is the use of various technologies and
processes to protect computers, computing systems,
networks, programs and data from attacks, damages,
thefts, disruptions, misuses and unauthorized access.

• Deals with all the threats that could be caused in the

cyber world

Image source: Google Image

Cybersecurity
• The importance of cybersecurity:

• Prevent data and identity theft

• Protect important and sensitive data
• Support critical business’s or organization’s processes
• Avoid compromise or infection of computers and computing
systems
• Prevent data and monetary losses that result from attacks or
malware infection
• Prevent cyber attacks and cyber crimes

Image source: Google Image

Cybersecurity
• Effects of compromised cybersecurity:

• Record keystrokes and steal passwords

• Infect computing systems with malware
• Hide programs that are used to launch attacks on other computers
• Send spam and phishing emails
• Block or restrict access to the device or system
• Distribute illegal materials (unlicensed digital works, pornography etc.)
• Loss of trust from users, employees and/or public
• Stolen money and confidential data
• Loss of valuable business information
• Embarrassment and bad image
• Damage computers, computing systems, networks, data and other resources
• Identity theft

Image source: Google Image

Cybersecurity, Computer Security
and Information Security
• Cybersecurity and computer security are NOT the same, although
both are related

• concerns the security to computer parts like

computer hardware, software and also the
Computer information stored in the computer
security

• deals with protecting information from

unauthorized access, use, disruption, modification or
Information destruction
security • Can be for both electronic and physical information
Security threats
• Threats are a set of circumstances that has the potential
to cause harm or loss to assets
• Assets can be computers, computing systems, networks,
programs and data
• There are FOUR (4) general categories:

Interruption Interception Modification Fabrication

Image source: Google Image

Security threats
• FOUR (4) general categories

• an asset is destroyed or becomes

Interruption unavailable or unusable

• an unauthorized party
Interception (person/program/computer) gains
access to an asset

• an unauthorized party not only gains

Modification access to but tampers with an asset

• an unauthorized party inserts

Fabrication counterfeit objects into the asset
Security threats
• Common security threats include:

• Malware
• Cyber attacks
• Online scams and frauds
• Botnets
• Hacking and cracking
• Information, hardware and software theft
• Unauthorized access and use
• Cyberextortion
• Cyberterrorism and cyberwarfare
• Humans
• Social engineering

Image source: Google Image

Malware
• Software used for damaging, disrupting or disabling
computer and computer systems
• Abbreviation for “malicious software”
• Secretly access a user’s computer, acts without a user’s
knowledge and changes the operations for malicious
intents

Image source: Google Image

 Malware
• Types of malware:

WORM ROOTKIT
VIRUS Self-replicates without Hides itself in a computer
Attaches itself to files attaching itself and can to allow someone in a
and programs; not send itself to other remote location to access
capable of sending itself computers in a network the computer

KEYLOGGER/
TROJAN HORSE
RANSOMWARE PASSWORD STEALER
Hides within a program
Encrypts data or locks Records keystrokes,
that looks legitimate; not
computer until a ransom usually for passwords
capable of replicating
is paid and credit card
itself
information

SPYWARE HIJACKWARE BACKDOOR

Collects information Changes browser Opens a backdoor to a
about the user without settings to direct to computer system to
permission/knowledge; malicious sites or show allow connection for
can hide inside adware ads other malware or hackers
Malware

Image: Vermaat, Sebok & Freund (2014)

Malware
• Example: ransomware

Image source: Google Image

Cyber attacks
• Cyber attacks are deliberate assaults on computers and
computing systems for the purpose of destroying,
damaging, disrupting, disabling or maliciously
controlling the computers and computing systems

• Attacks can be active or passive:

• Active attack: alter system resources/affect operations

• Passive attack: does not affect system resources

• Attacks can be done from inside or outside the

organisation

Image source: Google Image

Cyber attacks
• Types of cyber attacks:

DENIAL OF SERVICE (DoS)

CROSS-SITE SCRIPTING
Flooding a network/server with useless
Injects malicious code into a website to
traffic to prevent legitimate users from
target the website’s user via the browser
using it/disrupt services

DISTRIBUTED DoS (DDoS) SQL INJECTION

Flooding a single network/server with Placing malicious code in SQL
useless traffic using multiple statements via webpage input to gain
compromised systems database contents

MAN-IN-THE-MIDDLE DRIVE-BY DOWNLOADS

Intercepts communication between two Download malware by visiting a
parties and impersonates each party to website, clicking on pop-up windows or
the other to collect information downloading email attachments
Cyber attacks
• Example: DDoS attack of Bursa Malaysia website

http://www.thestar.com.my/business/business-news/2012/02/14/bursa-website-target-of-ddos-attack/
Online scams and frauds
• Strategies used by cybercriminals to exploit people and
steal information

• Cybercriminals use Internet services or software with

Internet access to
• Obtain confidential and sensitive information
• Illegally obtain money from victims by deception (defraud)
• Take advantage of victims for malicious intent

Image source: Google Image

Online scams and frauds
• Types of online scams and frauds:

SPAM SPOOFING
Unsolicited emails or messages; may
The attacker impersonates a
contain links or attachment with
legitimate source to the user
malware

PHISHING PHREAKING
Hacking phone networks for free
Official-looking emails sent to try to
calls or have calls charged to another
obtain personal/financial information
account

PHARMING
Redirecting user to a fake website
that looks legitimate and designed
to obtain usernames and passwords
Online scams and frauds
• Examples of online scams and frauds

Image source: Google Image

Botnets
• A bot is also known as Web robot
• Bots spread across the Internet to search for vulnerable
and unprotected computers to infect
• A bot allows the attackers to take control over an
infected computer
• A botnet is group of compromised computers or mobile
devices connected to a network
• Victim machines are typically located all over the world
and known as “zombies”
• A botnet is also known as zombie army

Image source: Google Image

Hacking and cracking
• Hacking: breaches system or network to find flaws,
vulnerable spots or discrepancies and rectify them to
improve security
• The term hacker is originally a complimentary word for some
computer enthusiast, now has a derogatory meaning

• Cracking: breaches system or network for malicious

purposes such as destroying data, stealing information
etc.

• Both hackers and crackers have advanced computer and

network skills

Image source: Google Image

Hacking and cracking
• Example: Yahoo hack – breached 500m user accounts

https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached
Information, hardware & software
theft
• Information theft occurs when someone steals personal
or confidential information from individuals or
organisations

• Examples:
• Steal credit card numbers to make fraudulent purchases
• Steal personal details to create fake identities
• Steal a rival company’s confidential information

• Information theft is often linked to other cybercrimes

Image source: Google Image

Information, hardware & software theft
Hardware theft is the act of stealing digital
equipment
• Physically steal the hardware
• Hardware vandalism is the act of defacing or destroying digital
equipment

Software theft occurs when:

• Physically stealing software

• Intentionally erases programs/software
• Illegally registers and/or activates a program
• Illegally copies a program

Image source: Google Image

Unauthorized access and use
• Unauthorized access is the use of a computer or
network without permission

• Unauthorized use is the use of a computer or its data for

unapproved or possibly illegal activities

• Examples:
• An intruder gaining access to a bank’s computer and performing
unauthorized money transfer

Image source: Google Image

Cyberextortion
• Attackers carry out cyber attacks
• on an organisation’s technology infrastructure (computer systems
and networks)
• Encrypting data to make it unusable

• To stop the attacks, they demand a sum of money or

they will carry out threats
• Expose confidential or embarrassing information
• Exploit security flaws or vulnerabilities
• Launch further attacks

Image source: Google Image

Cyberextortion
• Example: Nokia cyber extortion case – attackers threatened to
reveal source code of its operating system

https://www.welivesecurity.com/2014/06/19/nokia-paid-millions-blackmailing-hackers/
Cyberterrorism & cyberwarfare

Cyberterrorism Cyberwarfare
using computer and Internet technology to
using computer and Internet technology for
destroy, damage or disrupt computer
attacking and targeting nations/governments
systems for political reasons, or causing
in war or conflict activities
widespread fear in society

• Examples:
• Disable a government’s computer systems
• Disrupt a nation’s infrastructure for power grid,
telecommunications, electricity generation, air
traffic control etc.

Image source: Google Image

Cyberterrorism & cyberwarfare
• Example: Attacks on Estonia 2007
• DDoS attacks and defacements on government, corporate and
bank websites

https://www.dailydot.com/layer8/web-war-cyberattack-russia-estonia/
 Humans
• People (users) can pose threats to
cybersecurity too:

Unethical
employees:
Corporate
financial gains Disgruntled
Mediocre or espionage:
through selling former
Human error/ bad corporate
confidential employees:
negligence cybersecurity spying to gain
information or may seek
practice competitive
exposing flaws revenge
advantage
in the company
to competitors

Image source: Google Image

Social engineering
• Perpetrators take advantage of the trusting nature and
naivety of victims
• Victims are tricked into revealing personal and
confidential information when they have trusted the
perpetrators

• Examples:
• Impersonating administrators/acquaintances
• Faking emergency situations
• Pretending to befriend or court the victim

Image source: Google Image

Cybersecurity measures
• Everyone who uses computers or computing devices
need to understand how to keep their devices and data
secure

• Security measures that can be taken include:

• Good security practices

• Security tools
• Access controls
• Encryption
• Digital signatures and certificates
• Back up
• Digital forensics
• Protection for hardware

Image source: Google Image

Good security practices
• Scan files and media for malware
• Download files with caution
• Keep antivirus and computer software updated
• Be careful of unsolicited emails and text messages
• Use malware protection software and firewall
• Use strong passwords
• Regularly back up your computer
• Be careful when clicking or tapping links or pop-up windows
• Verify the identify of any person or organisation that asks for
personal or confidential information
• Clear browser cache when using public computer
• Avoid using public computers and Wi-Fi to conduct banking or
sensitive transactions/communications
Image source: Google Image
Security tools
• Security tools that can be used include:

• Antivirus software: identify and remove virus and other malware

found in the memory, storage media or incoming files

• Firewall: detects and protects computer/network from

unauthorized intrusions
• Can be hardware/software

• Spyware remover/adware remover: detects and deletes

spyware/adware

Image source: Google Image

Security tools
• Security tools that can be used include:

• Internet filters: remove/block certain items from being

displayed
• Anti-spam programs, Web filters, phishing filters, pop-up and pop-under
blockers

• Intrusion detection/prevention software: analyze network

traffic, assess vulnerabilities, identify unauthorized intrusions
and notifies network administrators of suspicious activities

• Honeypot: a vulnerable computer set up to entice intruders to

break into it

Image source: Google Image

Security tools

Firewall Antivirus software

Image source: Discovering Computers 2016

Access controls
• An access control is a security measure that defines who can
access a computer, device or network, when they can access
it and what actions they can take while accessing it
• Access controls examples include:

• Usernames and passwords/passphrases

• Username: a combination of characters (letters and numbers) that identifies a
specific user
• Password: a private combination of characters associated with the username
• Passphrase: can be up to 100 characters in lengths and contain multiple words
• Two-Step Verification
• A computer/mobile device uses two separate methods, one after the next
• Must be done within a time limit
• PIN
• Personal Identification Number
• Numeric password, known also as passcode

Image source: Google Image

Access controls
• Access controls examples include:

• CAPTCHA
• Completely Automated Public Turing to Tell Humans and Computers Apart
• A program that displays image of a series of distorted characters for a user to
identify and enter in order to verify user input is from human not computer
generated

• Biometric devices
• Authenticates a person’s identity by translating a personal characteristic,
usually physical, into a digital code
• E.g. fingerprint reader, iris recognition system, hand geometry system, voice
recognition system, face recognition system, signature recognition system

Image source: Google Image & Discovering Computers 2016

Encryption
• Encryption is the process of converting data that is
readable by human into encoded characters
• The readable data is called plain text; the encoded characters are called
cipher text

• A cipher, or encryption algorithm, is a set of steps to

convert the plain text into cipher text
• To read the cipher text, it must be decrypted/decoded

• Example of simple encryption algorithms:

Image: Vermaat, Sebok & Freund (2014)

Encryption
• How encryption is done using public key encryption

Image source: Discovering Computers 2016

Digital signatures and certificates
• A digital signature is an encrypted code that a person,
website, or organization attaches to an electronic
message to verify the identity of the message sender
• Often used to ensure that an impostor is not
participating in an Internet transaction

Image source: Google Image

Digital signatures and certificates
• A digital certificate is a notice that guarantees a user or
a website is legitimate
• Issued by official, trusted agency (Certifying Agency)
and is forgery resistant
• Provides identifying information
• name of certificate holder, serial number, expiry date, copy of the
holder’s public key, and digital signature of the issuing agency

Image: Vermaat, Sebok & Freund (2014)

Digital signatures and certificates
• How to view digital certificate:

Image source: Discovering Computers 2016

Digital signatures and certificates
• A website that uses encryption techniques to secure its
data is known as a secure site
• Also known as secure HTTP - a secure site will have the
https://www

Image: Vermaat, Sebok & Freund (2014)

Back up
• A backup is a duplicate of a file, program, or media that
can be used if the original is lost, damaged, or destroyed
• To back up a file means to make a copy of it
• Off-site backups are stored in a location separate from
the computer or mobile device site

Image source: Google Image

Back up
• Back up types

Image source: Discovering Computers 2016

Digital forensics
• Digital forensics is the discovery, collection, and
analysis of evidence found on computers and networks
• Also known as cyberforensics

• Involves the examination of media, programs, data, and

log files on computers, devices, servers and networks
• Used by law enforcement, criminal prosecutors, military
intelligence, insurance agencies, and information
security departments

Image source: Google Image

Protection for hardware

Image source: Discovering Computers 2016

Privacy
• Individuals and companies have the rights to deny or
restrict the collection, use, and dissemination of
information about them
• Information about you can be stored in a database when
you:
• Fill out a printed or online form
• Create a social networking profile
• Register a product warranty

• Websites often collect data about you, so that they can

customize advertisements and send you personalized
email messages
• Some employers monitor your computer usage and
email messages
Image source: Google Image
Privacy

Image source: Discovering Computers 2016

Privacy
• The concern about privacy has led to the enactment of
laws regarding the storage and disclosure of personal
data
• In Malaysia, the Personal Data Protection Act 2010
came into force on Nov 15, 2013
• Source: http://www.thesundaily.my/news/890666

Image source: Dept. of Personal Data Protection, Malaysia

Privacy
• Personal Data Protection Act 2010, Malaysia
• An Act to regulate the processing of personal data in commercial
transactions and to provide for matters connected therewith and
incidental thereto
• Official website: http://www.pdp.gov.my/index.php/en/

Image source: Dept. of Personal Data Protection, Malaysia

Ethics
• Technology ethics are the moral guidelines that govern
the use of computers, mobile devices, information
systems, and related technologies
• The standards that determine whether an action is good or bad are
known as ethics

• Frequently discussed areas of computer ethics are:

• unauthorized use of computers, mobile devices, and networks

• software theft (piracy)
• information accuracy
• intellectual property rights
• codes of conduct
• green computing
• information privacy

Image source: Google Image

Ethics
• Intellectual property rights

Intellectual • unique and original works such as ideas,

inventions, art, writings, processes, company
property (IP) and product names, logos

Intellectual • rights to which creators are entitled for their

property rights work

• give creators the exclusive rights to

Copyright duplicate, publish and sell their materials;
protects the works

• people (other than the creators) who illegally

Piracy copy the works is a common infringement of
copyright
Image source: Google Image
Ethics
• Information accuracy
• Do not assume that all information on the Web is correct or
accurate
• Users should evaluate the value and contents

• Green computing
• Involves reducing electricity and environment waste while using
computers, mobile devices and related technologies
• Organisations can implement measures to use energy efficiently
and reduce electrical waste

Image source: Google Image

Ethics
• Code of conduct
• Written guideline to help determine if a behaviour is acceptable
or not
• IT Code of Conduct: standards for acceptable use of technology

Image source: Discovering Computers 2016

Netiquette
• Short for Internet Etiquette
• Netiquette is the code of acceptable behaviours that users
should follow while on the Internet
• Includes for the Web, social media, Internet messaging,
chats rooms, online discussions, and FTP
• Misuse of online communication can lead to online
bullying

Image source: Google Image

Netiquette

Image source: Discovering Computers 2016

Summary

Cybersecurity Cybersecurity
Privacy
threats measures

Ethics Netiquettes
References/Credits
• Vermaat, M.E., Sebok, S.L., Freund, S.M., Campbell, J.T., and
Frydenberg, M. (2016). Discovering Computers 2016: Tools, Apps,
Devices, and the Impact of Technology. Singapore: CENGAGE
Learning.
• Vermaat, M.E., Sebok, S.L., Freund, S.M., Campbell, J.T., and
Frydenberg, M. (2018). Discovering Computers 2018: Digital
Technology, Data, and Devices. Singapore: CENGAGE Learning.