Member of Alpha Beta Kappa Honor Society, USA
*Corresponding author: Christos Beretas, Information Technology Specialist, Member of Alpha Beta Kappa Honor Society, Alpha of Ohio, USA
Submission: June 01, 2018; Published: June 14, 2018
This article has as a purpose to deal with security and privacy of the data handled daily worldwide. It describes and analyzes the ways of violating private communications that make in various ways such as (Internet activities, smart phones, viruses, hacking, social media, cloud computing, bots, mobile applications, internet of things, metadata, and tracking/surveillance). It analyzes the above mentioned and also trying to find countermeasures to protect the confidentiality and integrity of data. The collection and analysis of information nowadays is becoming more easily in different ways and from different sources to join all of them the information to create a virtual human profile becoming very easy. The freedoms of individuals have been reduced significantly in this contributed automated system in most cases without the consent of the users that record, store and process personal data including files unknowingly. This article aims to highlight the major problem of violation of the electronic data and privacy, to present countermeasures enriching knowledge from simple user until the advanced professional for the going on around and how it can defend itself.
Keywords: Internet activities; Smart phones; Viruses; Hacking; Social media; Cloud computing; Bots; Mobile applications; Internet of things; Metadata; Tracking; Surveillance; Privacy; Cyber security
The security and privacy in any form of electronic communication is a matter of concern to humans from the early days of the internet existence. The loss, modification, alteration and non-consent intelligence is the most crucial risk in our days, the ways many, large interests, governments that want to control their citizens (see IRS in the U.S), government agencies in the name of security want to control the global digital data (see NSA and the PRISM program), government agencies monitor the digital data of their citizens (see Carnivore of FBI) Other nongovernmental organizations or either participate in various privacy breaches programs whether acting individually for the purpose of advertising or other actions. According to what we know, the present article is deemed resigned and crucial for the internet users because it needs to know to be able to defend itself, do not forget that knowledge is power . In the article will be presented in detail the ways of violation of information security and human privacy considering the following technologies: “Internet activities, smart phones, viruses, hacking, social media, cloud computing, bots, mobile applications, internet of things, metadata, and tracking / surveillance”.
Rationale of analysis
Using smart phones, Cloud computing, Internet of things, viruses, hacking, etc, but also the humans has created a new digital world with new data on the user service and the security and protection of personal data. Various devices and systems work in harmony with each other or independently offering to the user’s smart choices, such as “smart homes”, which allow people to interact via the command remotely or locally using the internet and the mobile phone. All these smart environments require transmission and processing of personal data, of course, there are issues regarding data protection, the risk of transmission of personal data grow if we consider that we live in one world where people and computers have continuous connection with the web. This research is necessary not only because it comes to bring up security and privacy problems that exist but do not appear on the surface for various reasons, but it comes to proposing new solutions that truly improve people security and privacy. This research will sensitize users and organizations to realize the need to protect their data and protect their privacy. This in turn will create new jobs, existing staff training, purchase of software, etc. This research is to enhance the global demand for integrity of the information at the same time moving to ensure as much as possible less exposure of personal data which must be strengthened and improved globally in all areas managed mainly sensitive information such as financial and governmental organizations, telecommunication companies, military, and emergency services . Security and privacy is a multidimensional issue with many aspects. The main objective of the research is that people can have knowledge of data security and privacy, to learn to recognize the dangers and defend the creation of original knowledge that will lead later to subsequent further research. The modern web technologies allow the collection, storage and processing of personal data without informing the requisite consent of the user. The data are revealing, as the Internet grows and expands as the likelihood that the personal data. Through electronic transactions is collected and saved a significant amount of data, the processing and analysis of the data shows a clear picture of the preferences and habits of each user and can be used for various purposes such as taxation, government, commercial or other purposes that cannot be described. Each online visit means disclosure of information but which is not capable by them to identify the users and his/her habits but is an online identity that follows the user and leaves traces of any online activity, of course, referring to the IP address and the MAC address. At first sight these public data are not able to reveal the true identity of the user, but when in those involved governments and security services related to the government then it is very easy to uncover the real person after they are recorded and remain permanently stored in the internet provider, as well as all digital footprints. Web services are either governmental or commercial use techniques that can easily discover the true identity of use, employ techniques such as:
Then the information is stored in data warehouses analyzed by automated tools, are sorted and then data mining tools become their extraction either to third people or on behalf of some people. The internet is known as a global network of connected computers and devices undertake to store and distribute personal data through every kind of services and various countries . On the side of the user become impossible to monitor the integrity of information and unknown the security infrastructure of each country, or the opposite the information systems, infrastructure, and surveillance systems. The increasingly growing trend in the security of data in conjunction with the revision for the security and privacy levels in existing systems is a challenge and cannot be sure of that systems and security technologies that work today but developed in past years to support data and security are able to meet the new and growing challenges. Social media can be characterized as an open source of mining personal data for two reasons:
The data that stored on social media are:
Other various activities of other various applications that collect data.
In conjunction with the publications and the activity of social media such as:
All the above lead to the creation of a full human profile that everybody that is involved is able to know for each user the following:
It is worth noting that at times appeared various social media which to encourage users to register by offer financial compensation, these social media have not mentioned on their websites their headquarters or address, just had a contact form , as naturally quickly they became too many users because of their financial gain but to reach the desired results raised the social media website to pay was very difficult, for example, made friends over a certain number, the specific social media networks they just wanted to collect the users’ personal data where then does not know who managing that data, may be a government agency or to be sold for advertising in third people.
The personal information published by a user on the internet including the personal data of the profile as well as publications and other activities in social networking platform in conjunction with the data collected from various services (see NSA below) combine the perfect source for creating a fully electronic human profile. As mentioned above, personal data can be used by anyone since personal data located on third hand (the social networking platform). These data can be used in various ways such as:
Social media are a very typical example of violation of privacy, a classic example may be the person impersonate with the consequences for the real user that unknowingly other people’s forge personal data fraudulently mainly purpose. Personal data published on the Internet as well as any kind of posts remain stored and always, even if the user accedes to the permanent deletion. Each social media networking platform as mentioned above can be used as a storage platform and promotional information where several ways mentioned in this article to collect personal information using methods that may even cause damage to the security of the system to visit these social media networking can be simple visitors rather users.
Automated attacks systems used (Bots) for violating services that have played an important role in privacy violation, such systems are used to access and infect with Malware viruses other remote systems that people behind these attacks to cover their tracks and to collect personal user data such as bank accounts, phone numbers, addresses. Many security systems nowadays to trace the Bots and to neutralize either using DDOS attacks back to the source of origin or blocking specific IP addresses, either based on the User Agent which is often “Spoofed”, all have failed. I believe all operating systems have a back door that is used by the security services, as the door “compulsory installation” which means that the mobile phone or the computer placed under the control of third parties. This code is embedded in the operating system kernel and is structured so that it cannot be understood by analyzing the code. Also, applications distributed by specific companies participating in the “user tracking program” embedded a code that enables the remote management of the device.
A simple SMS is enough to activate the back door service or by using the GPS, the feeling of violation of privacy enhanced if we think when lost a smart mobile device enables the user to lock, block and locate the device on an electronic map which confirming the existence of the back door. Notably study by “Snoop Wall, 2014” revealed that there are several popular mobile phone applications that collect and send personal data of the users on servers located in Russia, India and China.
These applications spy on their users and use their personal data for the government or advertising purposes . A virus is not necessarily be malware also a trojan horse virus can be installed on systems and perform in “Stealth” mode for years without being able to ever detected. During that period of a Malware or Trojan Horse virus remains installed on a system is stealing personal data, save Screen Shots, infect other systems on the Internet, opens cameras and then record all this data and sends it back to hackers exposing not only the security of information systems but also affecting the users because it sent personal data to third people’s hands. A typical example of the ease to do this is the virus Carberp.
The cloud computing has been previously target of personal data collection and of course is a major threat for users who use it, below mentioning the physical threats for the following reasons:
In Cloud systems many metadata and information transferred to synchronize between server and user. The user in most cases cannot enhance the security level of a connection to the remote server because the way and the security level set by the remote Cloud service provider. The internet service providers collect and analyze metadata, metadata is data that describes other data and for example an image can have accompanying information expressing the display some information associated with the image. Metadata are considered to describe a situation, therefore considered safe. Processing of metadata can lead to the creation of an electronic profiling revealing user behavior so leads to a complete picture of the user. Search engines are a good metadata example as they track and store forever about what the user seeking, when, and how, In the above include the fact that the security services have many more options than ordinary analysts, the quality and quantity of information that can be gained from the metadata is huge that we can say that metadata is much riskier than the data itself. For example, metadata can reveal information such as:
The Bots are responsible for the greatest attacks worldwide leading not only to steal personal data but also to financial loss. They are responsible for sending bulk e-mail that impersonates a legitimate service like bank to lure the user to enter personal information and the credit card information to “Smart Flux” websites.
Today’s security and privacy measures show very weak to cope with the vast internet cyberspace. The web browsers show unable to face Zero Day attacks as well as the users are unable to cope with deliberately tweaked browsers (see clone of Chrome) these browsers target to collect personal data of its users (and not only) on behalf of people that we do not know.
Java is a programming language that is widely known throughout the world because it runs on multiple platforms and operating systems, the software has been written to it can be considered safe and this because the security manager oversees the security sector with regard to system calls. If a Java program violates the security policy of the applet, the security manager terminates the applet. Floating the byte code verifier examines a Java program whether it is trusted. That all sounds well and good, but in practice is? There are many attacks that used as the basis of Java or breach computer systems or infect virus to users or to turn into a zombie computers.
The Internet of Things that are in vogue and we all love, few know that it’s a backdoor entry by third parties to personal information or opposite an exit door. Specifically mention the following:
Suspicion created and is to be considered a violation of privacy:
The biggest threat regarding data security and privacy in the digital world is that the majority of data transferred on the Internet is not encrypted, the existing security infrastructure in an environment of unencrypted information must be considered totally inadequate. Unencrypted communication means anyone with access to the internet to intercept any information. Government agencies and organizations knowing the SSL weaknesses, information intercepted by users from offensive websites, the nonencrypted information, anonymous proxy servers that offer keep alive anonymity that is essentially Honey Pot systems with recent example the NSA regularly collect information from this servers.
US security agencies have access in data of any internet user in the world. This practice on American ground is legal and is based on the FISA amendments act treaty and the patriot act that was applied after 11.09.2001 it is worth noting that the agreement was renewed in 2012. This treaty gives the freedom to federal agencies to store and to process huge amounts of data without exception if these people are criminalized or not. In accordance with the documents published by Snowden, the PRISM project became quite popular and reinforced worries of the world on the violation of privacy and data. The Project PRISM named after the word outlet means mirror - reflection and this is because the data pass through an internet node continue their route but the items are copied (reflection) from the PRISM project without harming their quality neither have been some form of alteration to worry the user that something is wrong. As shown in the Figure 1 below, to make a data breach between nodes the data must be copied without the user’s knowledge. Usually this makes it coherent with telecoms operators and other services that there are active users (Figure 1).
figure 1: simple example of project PRISM.
All of the above would be useless if there was not the necessary data mining tool and statistical tests, called XKEYSCORE by pressing a few keys are able to know everything related to a human, such as telephones, e-mails, habits, searches has done in search engines, behaviors, internet of Things activities (IOT) and of course building electronic profile “e-profile”. According to an article in “Der Spiegel”, the security services have advanced already on potential networking devices controls and firewalls of known companies manufacturing such devices. According to slides published by snowmen the xkeyscore, used in conjunction with another program called turbulence, the turbulence are two subsystems the Turmoil and Turbine. Briefly mention that Turmoil is an information collection system of satellite and cable communications, while Turbine unleashes attacks on serial systems. From the above could not be missing collection of information from social media, Cookies, Internet services, Internet of Things, etc. Once the target is locked: the next step is the quantum theory attacks and quantum nation which will give full control of the remote device, even is a mobile phone, Internet of Things, computer, or anything else. All the above are important existent data security problems and privacy that must be analyzed, to be detailed in-depth research and to present suggestions and ideas on how all these breaches of data privacy and security may improve the quality and integrity of information handled within the global internet.
Indicating the program “US-984XN (Prism)” which has access to servers worldwide, in collaboration with other programs have the ability to clone security certificates and copies data during transfer. Intermediary fake servers are installed around the world to meet the demands of users to copy their requests then forward the request to the actual Server then returned the request with the content to the fake server and then forward the content to the user without the user understand anything. Looks how the US-984XN system (PRISM) (Figure 1).
The internet service providers collect and analyze data on the activities of their users. Interception of data involved by private firms financed by government agencies or third party organizations to collect personal data from different data sources that can be through cookies, scripting. Internet of things, mobile phone applications that have back doors, metadata from call centers which allow remote installation and data processing, fake security protocols, fooled by SSL. Automated bot trying to make access to the telephone centers or to attack specific facilities to gain access based on viruses (Figure 2).
figure 2: How is working the intermediary-fake-Server.
figure 3: The data are not transferred in direct way but from the cheapest way.
Cloud Providers they have in their hands important personal data and user files, the mobile phones can reveal the identity of the user very easily from the location until the interlocutors and personal data. All of the above are based on the theory that the data are not transferred in direct way but from the cheapest way, as shown in Figure 3.
From the first day of users connecting to the internet, the internet service providers wanted to know who doing what and where, later led to the identification of malicious attacks but later became abused to collect and store information. Organizations and governments want to know the routine of their users to have a society in an organized scheme know the character of each person. The data collection and processing is performed by each device connected to the Internet, the Internet of things collect personal data transferred to Servers of their manufacturers, telecommunications providers know all about digital life and human conversations, applications for mobile phones collect personal data and data about user behavior. Imagine a smart TV which will send personal data to the manufacturer or other organizations and then those organizations to have remote access to smart TV and opened the camera and watched the place around. Many automated bot trying to break different kinds of access codes to gain access. In the social media or which is require the entry of personal data from the human is clear that the human responsible for their record and this can be restricted. As stated above, the present research will focus on the creation of a secure protocol that will protect the transferred sensitive data and it will stepped up on the existing data transfer protocols for the purpose of non-copy data/content third party people, so will greatly reduce the interception of data as shown in Figure 4 & 5.
Many problems are based on the data security and privacy over the years has been multiplied and this attributed to rapid technological developments and new ways of privacy violations are discovered daily. The research is based on the following entities: “Internet activities, smart phones, viruses, hacking, social media, cloud computing, bots, mobile applications, internet of things, metadata, and tracking/ surveillance”. Analyze the countermeasures currently available against data breach and privacy for each of the above entities. All privacy protection techniques applied up today have as a basic feature, the users to restrict the use of their personal data either such personal data provided by users themselves with their own cohesion, whether the data collected by third-party bodies stored in digital files, but often are not collected by the user agreement. Below analyzed existing protection techniques applied up to date as well as the disadvantages and advantages:
Also security experts forget that an SMS can stay up to a week in mobile Server provider to be destroyed if not received by the recipient.
The Antispyware, Antivirus, Sandboxes, Web Filtering, protect only certain types of attacks and they are not in any way comprehensive solution to issues of violation of privacy and data.
The above are not sufficient to protect the privacy of data as the Internet of things operate in different environments and situations, for example an automatic parking system in a car that collects information about the car and the driver and is synchronized with a satellite for positioning of the vehicle to park, the four abovementioned solutions are not applicable.
The violation of privacy through the collection and processing of data without the approval is a reality. Private enterprises and government agencies cooperate for the continuous and unrestricted data collection. When there is electricity for data transmission there is the possibility of data interception. The development speed of internet services in conjunction with automated devices using the Internet to automate human life dramatically increase the interception of personal data and made new outbreak way of electronic spying. In today’s lifestyle, the human is practically impossible to defend for the privacy, sacrificing privacy and their personal freedoms to enjoy a new lifestyle where information from various sources accumulate to create a virtual platform for the life and human behaviour. Governments rejoice because they know the profile of all citizens and businesses speculate because it is very big source of ready information used for marketing. As the problem leave the fate, it will swell so quickly come to saturation which means that soon the human will threatened from its own data but by the hands of third people. Require new research and proposals that will protect and improve the levels of people’s privacy.
© 2018 Christos Beretas. This is an open access article distributed under the terms of the Creative Commons Attribution License , which permits unrestricted use, distribution, and build upon your work non-commercially.