Unit 2

The E-Marketing Environment

Prepared by
Dr.Lakshmi.H

Prepared by Dr.Lakshmi.H
 2

Overview of Global E Marketing Issues

• Internet language users:
• English- 872.9 million
• China-704.5 million
• Increasing number of non us
internet users will have 2 effects:
web’s content and language-
more diversified- caters to more
local content
• Google- more than 100 countries-
130 languages
 3

Global markets
• Globalization- changed the way-
marketers conduct business-
physical distance reduced-
advancements in
telecommunication and computer
technologies- lot of opportunities
for e marketing
• E marketers assess the country’s
market opportunity and market
conditions before selection of
specific targets for entry
 4

Country & Market Opportunity Analysis

• E-marketing plan guides marketer through process of
identifying & analysing potential markets
• Market differences are ways in which 2 markets exhibit
dissimilar characteristics in language, cultural behaviors,
buying behaviors
• Market similarity refers to way 2 markets exhibit
similar characteristics
• Based on this concept- emerging economy- wants to
market to its home (domestic) target market- marketers
must identify market differences. Eg: India- India
• Similarly when a firm from developed economy wants to
do business in emerging economy- understand the
market differences. Eg: US to India
 5

• Conversely marketers in emerging economy must find

market similarities to sell its products in developed
economies. Eg: India to US
• Market similarity:
• Marketers often choose foreign markets that have
characteristics similar to their home market for initial
market entry
• Eg: Amazon adopted this strategy of targeting Canada,
Japan, Australia than other countries because
▫ Share common language
▫ High literacy rates, high internet usage,
▫ Willing to shop books
▫ Credit cards for wide purchase
▫ Trusted online mechanisms and efficient logistics
 6

• 2004 amazon entered china- through acquisition of

popular online bookstore joyo.com
• 2007 it cobranded wit joyo
• Globalization- migration of people from home country to
foreign land- form “diaspora community”
• This community often maintains relationship with their
homeland
• E business with emerging economy (India) target these
communities for living abroad (Dubai, UK,US)

• Market Similarity can be seen in phenomenon called as

‘Market Convergence’- process by which markets
becomes increasingly similar over time
 7

• Eg: E commerce in India- especially banking- transactions

happen online- most preferred- convenient, time saving,
hassle free

• E commerce payment and trust issues:

• E commerce in emerging markets- often hampered by
limited use of credit cards- lack of trust in safely
conducting online transactions.
• Eg: Nepal- early stage of credit card adoption- cash based
economy- credit cards are for rich and elite. India also-
concept of COD (cash on delivery)
 8

Technological Readiness Influences Marketing

• Apart from safety and credit card issues other hurdles
which e commerce companies faces are
1. Limited access to and limited use of computers and
telephones
2. High internet connection cost
3. Slow internet connection speeds
4. Power supplies

Computers and Telephone
• Developed countries-
internet service providers
(ISP) or broad bands
• Owning a computer is very
general
• Emerging economies-
growing computer
ownership- few places still
less ownership
• Telecenters/ internet cafes
• Prime hurdle to e-marketers
in emerging markets- use of
computers
9
Internet connection costs
• Use of smart phones- increase
in internet to great extent
• Eg: Egypt innovative strategies
increases internet access
• Encouraged private sector
competition within domestic
telecommunication markets
• Egyptians could surf for
unlimited amount of time for
the cost of only one call
• 2nd initiative “A PC for every
home”- enable household to
but PC in installment- showing
telephone credit
 10

Electricity problems
• Nepal- less developed countries- rich in natural resources
• Through UN & other international aids- Nepal built series of
hydroelectric dams- 0nly 15% of households have dams
• NEA (Nepal Electrical Authority)- could not generate
electricity- 6-12 hours of blackout
• Similar condition with china Zimbawe and other countries,
India
 11

Connection speeds: Broadband

influence
1. Users Problem
A largely computer illiterate population
Only 73 percent of Indians are literate, and only a small fraction
are computer-literate.

Solution
Through a countrywide digital literacy campaign N Ravi Shanker,
CMD of Bharat Broadband Network (BBNL), the government
entity charged with deploying a Rs 20,000-crore National Fibre
Optic Network, says, “We need pan-India digital literacy
campaigns and missions that are aligned to existing literacy and
education programmes like the National Literacy Mission and the
Sarva Shiksha Abhiyan. We should aim to make at least one
person in each household computer-literate.”
 12

2. Devices Problem: Not enough affordable computing

devices
• Less percent of the population have access to a PC; decent
smartphones, tablets are too expensive for most.
• But experts estimate consumer adoption will shoot up once prices fall
to around Rs 3,000 for a smartphone and Rs 5,000 for a tablet.

3. Last Mile Connectivity Problem

• Excessively expensive and the biggest hurdle towards greater
penetration of wired broadband
• India has just 15 million connections.
• Out of the 94 million cable TV homes—homes that are already wired
with cable that can be upgraded to carry internet data—the bulk
remain TV consumers only..
 13

Wireless Internet Access

• Explosive growth of smart phones- changes in e commerce
• General statistics- mobile phone-20 years to reach 1 billion-
but only 40 months to reach next billion
• BRIC countries- largest use of smart phones
• E marketers- has to modify the content- to fit into small
screen- develop content, secure payment methods
• Evolution of internet telephony and messaging services
 14

The Digital Divide

• E marketers must consider the social environment- business
operate
• UN had developed a system to rank economic development
countries- Least Developed Countries- countries with
poorest economies- economically under developed
• Share common characteristics:
• Illiteracy, poor sanitation, majority rural population
• Formal education for school children but illiteracy remains for
young & old
• Infant mortality rates etc
• LDC often has population where wealth is concentrated in
country’s largest capital
• Capital cities- airports, world class hotels, banks, stores and
other facilities
 15

• This disparity is mainly concerns the ability of technology to

raise both individual and whole country’s standard of living is
called as “Digital divide”
• In other words digital divide refers to wide division between
countries, different groups of people within countries- those
who have access to information & communication technology
& are using it effectively
• Rapid diffusion of mobile phones- develop small scale,
affordable, income generating projects for low income
consumers
 16

Ethical and legal

issues
 17

Overview of Ethics and Legal Issues

• Ethics- concerns with values • Law- created for broader
and practices of purpose- goal of addressing
professionals- values of national or international
society as a whole populations
• Ethics makes important
contributions to legal
developments, influencing
lobbyists, legislators &
judges

Ethics and Ethical Codes
• Ethics basically deals with right
or wrong, how we judge the
differences,
• Tasks involves necessarily
involve examination of rights
and responsibilities
• Ethical codes: American
Marketing Association (AMA)-
code of ethics reflects
recognition of commitment to
practice honesty, integrity,
fairness in all professional
transactions
18
• Ethical codes developed by the
trade associations,
organizations dictate
appropriate behavior of
participants
• Benefits:
• Pressures to maximise profits
through exploitation can be
controlled
 19

Privacy
• Privacy- can be defined as “right to be left alone”
• Lawsuits for invasion of privacy: 4 categories
1. Unreasonable intrusion seclusion of another
2. Unreasonable publicity of another private life
3. Appropriation of another’s name or likeness
4. Publication of another’s personal information in a false light
• Later theories evolved:
1. Seclusion theory:
• This model encourages law and ethical standards that are
oriented towards maintaining personal and punishing those
who cross the limits set by the individual
 20

2. Access control:
• Emphasis on laws and standards that enables person to
reasonably regulate the information that they are giving up
• Empower individuals to protect personal material form
unauthorized release
• Eg: Details on FB

3. Autonomy model:
• Empowering individuals to decide whether to give information
are not
• Eg: credit cards, frequent flyer programs, security precautions
in airport etc
 21

Privacy Within Digital Context

• 2000- Double click- online advertising firm- effort to collect
large database of personal consumer information
• Double click- success by establishing system of more than
11,000 websites with advertising when clicked- enables users
to visit product sites
• System records the response known as “clickstreams” within
own database
• Click stream info- was then available to form user profile-
allowing target advertising
• Users not given consent- 1,00,000 online profiles
• Controversy erupted when double click acquired abacus
direct- specialised in acquisition of offline consumer data
• Acquisition mainly to provide premium subscription
• Coalition of civil rights, privacy and consumer groups- filed a
case
 22

• DoubleClick is a subsidiary
of Google which develops and provides
Internet ad serving services.
• Its clients include agencies, and
publishers who serve customers
like Microsoft, General Motors, Coca-
Cola,Motorola, L'Oréal, Apple
Inc., Visa USA, Nike etc among others.
• DoubleClick's headquarters is in New
York City, United States.
• Internet advertiser DoubleClick and
market researcher Abacus Direct have
won shareholder approval to merge in
a deal estimated to be worth $1.7
billion, bringing together droves of
consumer marketing information.
 23

• Cookies- general means to obtain data- packets created in

user’s hard drive- response to web page instructions
• Once stored they perform various purposes- like speeding up
the process like purchasing, recall stored sales information
• Cookies collect personal data like address, email id, name,
phone number, demographic details, log in time etc
• Cookies can be transferred & sold in open market
• Children Online Protection Policy Act (COPP)- 2000
• This acts wants websites- knowingly collect information form
children under age of 12 years
• Provide notice to parents
• Verifiable parental consent- disclosure of information
• Allow parents to view correct information
• Enable parents to prevent further data collection
• Establish confidentiality, privacy
• Limit personal information in child participating in prize, offer
etc
 24

International Privacy Issues

• FTC – minimum requirements in ethical use of consumer
information
1. Notice: Users should be aware of site’s information policy
before data collection
2. Consent: users should be allowed to choose participation
or exclusion from collection
3. Access: users should have ability to access their data and
correct them if wrong
4. Security: policies to ensure integrity of data and prevention
of misuse
5. Enforcement: users should have effective means to hold
data collection to their policies
 25

Digital Property
• Primary function of law is ownership- challenging coz of
widespread use of internet
• So law protects protect intangible or intellectual property
through 3 basic mechanisms

1. Patent: centered upon inventions and ability to reproduce or

manufacture an inventor’s product
2. Copyright: addresses the expressions- right to publish or
duplicate expressions of ideas
3. Trademark: concerned with words and images used to
identify products in the market
 26

Patents
• Mainly for invention but not for computer software- codes
algorithms and formulas are generic in nature- so cannot be
owned by anyone
• Current focus- business patents- marketing activities and
approaches, methods for conducting commerce online
 27

Copyright
• Copyright is a bundle of rights given by the law to the
creators of literary, dramatic, musical and artistic
works and the producers of cinematograph films and
sound recordings.

• The rights provided under Copyright law include the

rights of reproduction of the work, communication of
the work to the public, adaptation of the work and
translation of the work.

• The scope and duration of protection provided under

copyright law varies with the nature of the protected
work.

• Lifetime of the author +60 years

 28

• 1997- President Bill Clinton- No Electronic Theft (NET) Act

• Confers about copyright protection for computer contents and
imposes sanctions- infringement committed for commercial or
private financial gains- by reproduction or distribution
• Punishment- criminal prosecution

• Related act in 1998- Digital Millennium Copyright (DMCA)

Act
• For software protection, development or distribution of
products
 29

Trademarks
• Concerned with ownership of intellectual property that
identifies goods or services
• Lanham Act:
• Trademarks may be registered with the government,
registered or not, may still be protect under this act
• Claimants must prove that trademark is protectable- more
distinctive
• This act also prohibits dilution- use of famous trademarks in
association with different goods or services in manner-
lessening its uniqueness
 30

• Trademark law- applied to internet naming system- domain

names
• Eg: Domain names of websites
• When enough dissimilarity of goods or service exist repetition
may be allowed
• Cybersquatting:
• Activity involves registration of domain names that resembles or
duplicate the existing domain names or corporation names
• Domain name is then auctioned for higher sale price than the
original price
• Person is liable to suit, if he or she registers, traffics, sell a
domain name which is identical or confusingly similar to
registered trademark or which dilute the trademark
 31

Metatags
• Are HTML statements that describes website contents
• They allow search engines to identify relevant sites to topics
of their inquiries
• Variation of metatag problem is found in practice of assigning
keywords- within search engines
• Eg: cosmetic manufacturer Estee Lauder sued Excite- alleging
entry of trademark to unlicensed dealer
• Framing:
• A process in which web browser is instructed to divide itself
into 2 or more partitions and load within a section obtained
form another website through execution of automatic link
 32

Licenses
• Popular method of Intellectual property protection- involves
use of license
• Consist of contractual agreements made between consumers
and software vendors- allow the buyer to use the product but
restrict duplication or distribution
• Types of software validity are:
1. Shrink-wrap or break the seal licenses: appears outside the
software
2. Click-wrap licenses: user is required to click the button
online or within a program to acknowledge acceptance of
terms
• Shrink-wrap- vendors error, whereas click wrap legally
enforceable

UCITA
• Uniform Computer
Information
Transactions Act
(UCITA) :
• Governs all legal
agreements pertaining to
software transactions
including sales, license
provisions, restricting
copying and release of
material, liability for
detective software
• UCITA applicable to
electronic books, materials
in computer readable form
33
Trade secrets
• Trade secrets include, but
not restricted to formulas,
market data, algorithms,
codes and models
• May be stored online or
intangible formats
• Computer based disclosures
such as emails, downloads,
web publications- within the
scope of act
 34

Data Ownership
• Website usage is much easy and access is often shared by
site owners, marketing professionals, advertisers and
consumers
• Click data- new technology- collect data who access the ad
information
• Spidering:
• This process involves use of software applications called
‘robots’- to enter targeted websites and obtain data for the
use of its owner
 35

Online Expression
• Mass distribution of unsolicited email is a major concern
• Spam, by definition, unrequested and users complain of
unwanted intrusion into their affairs
• Many users are disturbed that to find information given to
individuals or entities for one purpose is collected and sold
for mass distribution
• AMA code of ethics addresses spam problem as “the
expressed wishes of others should be respected with regard
to the receipt of unsolicited email messages”
• Opt out list to those who seek to avoid mass email messages
• Currently illicit spam consisting of deceptive, misleading
statements, false representation of email content as displayed
on the subject line
 36

• Spam requires email headings to reveal their commercial

nature- recipients must provide clear instructions on how to
terminate further contact- further terminate spidering
• Computer Decency Act (CDA):
• Concerns with a criminal act to send an “obscene or indecent”
communication to recipient who was known to sender to be
under 18 years of age
• Any material that depicts or describes offensive content to the
minors
• Platform for Internet content Selection Rules (PICS):
• This website allows the filtering of sites that are deemed
inappropriate to minors- gives controls to parents and schools
 37

• Cybercrime.mp4
 38

Cyber Crime
• Cyber crimes can involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief, all of
which are subject to the Indian Penal Code.
• The abuse of computers has also given birth to a gamut of new age
crimes that are addressed by the Information Technology Act, 2000.

• Categorize Cyber crimes in two ways

1. The Computer as a Target :-using a computer to attack other
computers.
• e.g. Hacking, Virus/Worm attacks, DOS attack etc.
2. The computer as a weapon :-using a computer to commit real
world crimes.
• e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds,
offensive material etc.

• Cyber Crime regulated by Cyber Laws or Internet Laws.

 39
• Technical Aspects
1. Unauthorized access & Hacking:-
• Access means gaining entry into, instructing or communicating with
the logical, arithmetical, or memory function resources of a
computer, computer system or computer network.

• Unauthorized access would therefore mean any kind of access

without the permission of either the rightful owner or the person in
charge of a computer, computer system or computer network.

• Every act committed towards breaking into a computer and/or

network is hacking. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to
destruct and they get the kick out of such destruction. Some
hackers hack for personal monetary gains, such as to stealing the
credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money.

• By hacking web server taking control on another persons website

called as web hijacking

2. Trojan Attack:-
• The program that act like
something useful but do the
things that are quiet
damping. The programs of
this kind are called as
Trojans.
• The name Trojan Horse is
popular.
• Trojans come in two parts, a
Client part and a Server part.
When the victim
(unknowingly) runs the
server on its machine, the
attacker will then use the
Client to connect to the
Server and start using the
trojan.
40
3. Virus and Worm attack:-
• A program that has capability to
infect other programs and make
copies of itself and spread into other
programs is called virus.
• Programs that multiply like viruses
but spread from computer to
computer are called as worms.
4. E-mail & IRC (Internet relay chat)
related crimes:-
1. Email spoofing
• Email spoofing refers to email that
appears to have been originated
from one source when it was
actually sent from another source.
2. Email Spamming
• Email "spamming" refers to sending
email to thousands and thousands of
users - similar to a chain letter.

3. Sending malicious
codes through email
• E-mails are used to send
viruses, Trojans etc through
emails as an attachment or
by sending a link of website
which on visiting downloads
malicious code.
4. Email bombing
• E-mail "bombing" is
characterized by abusers
repeatedly sending an
identical email message to
a particular address.
• Sending threatening emails
• Defamatory emails
• Email frauds
41
5. Denial of Service attacks:-
• Flooding a computer resource
with more requests than it can
handle. This causes the resource
to crash thereby denying access
of service to authorized users.
• Examples include
• attempts to "flood" a network,
thereby preventing legitimate
network traffic
• attempts to disrupt connections
between two machines, thereby
preventing access to a service
• attempts to prevent a particular
individual from accessing a
service
• attempts to disrupt service to a
specific system or person.

6. Distributed DOS
• A distributed denial of service
(DoS) attack is accomplished
by using the Internet to break
into computers and using them
to attack a network.
• Hundreds or thousands of
computer systems across the
Internet can be turned into
“zombies” and used to attack
another system or website.
42
7. Forgery:-
• Counterfeit currency notes,
postage and revenue
stamps, mark sheets etc
can be forged using
sophisticated computers,
printers and scanners.
• Also impersonate another
person is considered
forgery.
 43

8. IPR Violations:-
• These include software piracy, copyright
infringement, trademarks violations, theft of
computer source code, patent violations.
etc.
Is a nonprofit
organization that is
• Cyber Squatting- Domain names are also responsible for
trademarks and protected by ICANN’s coordinating the
(The Internet Corporation for Assigned maintenance and
Names and Numbers) domain dispute methodologies of
several databases, with
resolution policy and also under trademark unique identifiers,
laws. related to the
namespaces of
the Internet - and
• Cyber Squatters registers domain name
thereby, ensuring the
identical to popular service provider’s network's stable and
domain so as to attract their users and get secure operation
benefit from it.

9. Cyber Terrorism:-
• Targeted attacks on military
installations, power plants,
air traffic control, banks, trail
traffic control,
telecommunication networks
are the most likely targets.
• Others like police, medical,
fire and rescue systems etc.
• Cyber terrorism is an
attractive option for modern
terrorists for several
reasons.
44
1.It is cheaper than traditional
terrorist methods.
2.Cyber terrorism is more
anonymous than traditional
terrorist methods.
3.The variety and number of
targets are enormous.
4.Cyber terrorism can be
conducted remotely, a feature
that is especially appealing to
terrorists.
5.Cyber terrorism has the
potential to affect directly a
larger number of people.

10. Banking/Credit card
Related crimes:-
• In the corporate world, Internet
hackers are continually looking
for opportunities to compromise
a company’s security in order to
gain access to confidential
banking and financial
information.
• Use of stolen card information or
fake credit/debit cards are
common.
• Bank employee can grab money
using programs to deduce small
amount of money from all
customer accounts and adding it
to own account also called as
salami.
45
11. E-commerce/ Investment
Frauds:-
• Sales and Investment frauds. An
offering that uses false or fraudulent
claims to solicit investments or
loans, or that provides for the
purchase, use, or trade of forged or
counterfeit securities.
• Merchandise or services that were
purchased or contracted by
individuals online are never
delivered.
• The fraud attributable to the
misrepresentation of a product
advertised for sale through an
Internet auction site or the non-
delivery of products purchased
through an Internet auction site.

• Investors are enticed to invest
in this fraudulent scheme by the
promises of abnormally high
profits.
12. Sale of illegal articles:-
• This would include trade of
narcotics, weapons and wildlife
etc., by posting information on
websites, auction websites, and
bulletin boards or simply by
using email communication.
• Research shows that number of
people employed in this criminal
area. Daily peoples receiving so
many emails with offer of
banned or illegal products for
sale.
46
13. Online gambling:
• There are millions of websites
hosted on servers abroad, that
offer online gambling. In fact, it
is believed that many of these
websites are actually fronts for
money laundering.
14. Defamation:
• Defamation can be understood as
the intentional infringement of
another person's right to his
good name.
• Cyber Defamation occurs when
defamation takes place with the
help of computers and / or the
Internet.

• E.g. someone publishes
defamatory matter about
someone on a website or
sends e-mails containing
defamatory information to all
of that person's friends.
Information posted to a
bulletin board can be accessed
by anyone. This means that
anyone can place
• Cyber defamation is also called
as Cyber smearing.
47
15. Cyber Stalking:-
• Cyber stalking involves following
a persons movements across the
Internet by posting messages
(sometimes threatening) on the
bulletin boards frequented by the
victim, entering the chat-rooms
frequented by the victim,
constantly bombarding the victim
with emails etc.
• In general, the harasser intends
to cause emotional distress and
has no legitimate purpose to his
communications.

16. Identity Theft :
• Identity theft is the fastest
growing crime in countries like
America.
• Identity theft occurs when
someone appropriates
another's personal information
without their knowledge to
commit theft or fraud.
• Identity theft is a vehicle for
perpetrating other types of
fraud schemes.
48
17. Data diddling:
• Data diddling involves changing
data prior or during input into a
computer.
• In other words, information is
changed from the way it should
be entered by a person typing in
the data, a virus that changes
data, the programmer of the
database or application, or
anyone else involved in the
process of having information
stored in a computer file.
• It also include automatic
changing the financial
information for some time before
processing and then restoring
original information.

18.Theft of computer
system (Hardware):-
• This type of offence
involves the theft of a
computer, some part(s) of a
computer or a peripheral
attached to the computer.
19.Physically damaging a
computer system:-
• Physically damaging a
computer or its peripherals
either by shock, fire or
excess electric supply etc.
49
20.Breach of Privacy and
Confidentiality
• Privacy
• Privacy refers to the right of
an individual/s to determine
when, how and to what
extent his or her personal
data will be shared with
others.
• Breach of privacy means
unauthorized use or
distribution or disclosure of
personal information like
medical records, financial
status etc.

• Confidentiality
• It means non disclosure of
information to unauthorized
or unwanted persons.
• In addition to Personal
information some other type
of information which useful
for business and leakage of
such information to other
persons may cause damage
to business or person, such
information should be
protected.
50
• Generally for protecting secrecy
of such information, parties
while sharing information forms
an agreement about the
procedure of handling of
information and to not to
disclose such information to
third parties or use it in such a
way that it will be disclosed to
third parties.
• Many times party or their
employees leak such valuable
information for monitory gains
and causes breach of contract
of confidentiality.
 51

• Cyber Security Facts.mp4

 52

Cyber Security
• Computer security, also known
as cyber security or IT security, is
the protection of information
systems from theft or damage to
the hardware, the software, and to
the information on them, as well as
from disruption or misdirection of the
services they provide.

• It includes controlling physical access to

the hardware, as well as protecting
against harm that may come via network
access, data and code injection, and due
to malpractice by operators,
whether intentional, accidental, or due to
them being tricked into deviating from
secure procedures.
 53

• The field is of growing importance due to the increasing

reliance on computer systems in most societies.

• Computer systems now include a very wide variety of "smart"

devices, including smartphones, televisions and tiny devices as
part of the Internet of Things – and networks include not only
the Internet and private data networks, but
also Bluetooth, Wi-Fi and other wireless networks
 54

Backdoors
• A backdoor in a computer system, a cryptosystem or an
algorithm, is any secret method of bypassing normal
authentication or security controls.

• They may exist for a number of reasons, including by

original design or from poor configuration.

• They may also have been added later by an authorized

party to allow some legitimate access, or by an attacker
for malicious reasons; but regardless of the motives for
their existence, they create a vulnerability
 55

Denial-of-service attack
• Denial of service attacks are designed to make a machine or
network resource unavailable to its intended users.
• Attackers can deny service to individual victims, such as by
deliberately entering a wrong password enough consecutive
times to cause the victim account to be locked, or they may
overload the capabilities of a machine or network and block all
users at once.
• System will be attacked with more applications which it cannot
handle
• Such attacks can originate from the zombie computers of
a botnet, where innocent systems are fooled into sending traffic
to the victim.
 56

Direct- Access Attacks

• An unauthorized user gaining physical access to a computer is
most likely able to directly download data from it.

• They may also compromise security by making operating

system modifications, installing software worms, keyloggers
(record every keystroke), covert listening devices or using
wireless mic.

• Even when the system is protected by standard security

measures, these may be able to be by passed by booting
another operating system or tool from a CD-ROM or other
bootable media.

• Disk encryption and Trusted Platform Module are designed to

prevent these attacks.

Eavesdropping
• Eavesdropping is the act of
surreptitiously listening to a
private conversation, typically
between hosts on a network.
• For instance, programs such
as Carnivore and NarusInsight
have been used by
the FBI and NSA to eavesdrop
on the systems of internet
service providers.
• Even machines that operate as
a closed system (i.e., with no
contact to the outside world)
can be eavesdropped upon via
monitoring the faint electro-
magnetic transmissions
generated by the hardware
57
Spoofing
• Spoofing of user identity
describes a situation in which
one person or program
successfully masks as another
by falsifying data.
• Tampering
• Tampering describes a
malicious modification of
products.
• So-called "Evil Maid"
attacks and security services
planting of surveillance
capability into routers[ are
examples.

Phishing
• Phishing is the attempt to
acquire sensitive information
such as usernames, passwords,
and credit card details directly
from users.
• Phishing is typically carried
out by email spoofing or
instant messaging, and it often
directs users to enter details at
a fake website whose look and
feel are almost identical to the
legitimate one.
58
Privilege escalation
• Privilege escalation describes a
situation where an attacker
with some level of restricted
access is able to, without
authorization, elevate their
privileges or access level.
• So for example a standard
computer user may be able to
fool the system into giving
them access to restricted data;
or even to "become root" and
have full unrestricted access to
a system.
 59

Clickjacking
• Clickjacking, also known as "UI redress attack or User Interface
redress attack", is a malicious technique in which an attacker
tricks a user into clicking on a button or link on another
webpage while the user intended to click on the top level page.
• The attacker is basically "hijacking" the clicks meant for the top
level page and routing them to some other irrelevant page,
most likely owned by someone else. A similar technique can be
used to hijack keystrokes.
• Carefully drafting a combination of stylesheets, frames, buttons
and text boxes, a user can be led into believing that they are
typing the password or other information on some authentic
webpage while it is being channeled into an invisible frame
controlled by the attacker.
 60

Systems at risk
1. Financial systems: credit card numbers and bank
account, ATMS

2. Utilities and industrial equipment: Computers control

functions at many utilities, including coordination
of telecommunications, the power grid, nuclear power
plants, and valve opening and closing in water and gas
networks. Nuclear devices

3. Aviation: A simple power outage at one airport can cause

repercussions worldwide, much of the system relies on radio
transmissions which could be disrupted, air traffic
control outages, which in turn can lead to airport closures,
loss of aircraft, loss of passenger life, damages on the
ground and to transportation infrastructure
 61

4. Consumer devices: Smart phones, tablet

computers, smart watches, activity trackers have also
become targets and many of these have sensors such as
cameras, microphones, GPS receivers, compasses

5. Government: Government and military computer systems

are commonly attacked by activists and foreign powers