Search


Tagged with Damage x Digitalna higijena x ���������������� ������������������ x

Malware

Malware (malicious software) is a general term for software used to interfere with a computer, gather sensitive information, or gain access to a protected information system. This type of software is created and used by cybercriminals and other malicious actors, even governments, to intentionally harm an information system. 

The most recognizable types of malware are computer viruses , but there are other types such as ransomware , trojans , adware, spyware and worms . Each type of malware has its own way of functioning, so the damage caused by each of them is of different degree. 

Despite the fact that there are certain definitions and divisions of malware, the categories cannot be definitively distinguished, so it often happens that one malware performs activities that are characteristic of other types of malware. 

Malware is distributed in a variety of ways. Most users download malware themselves, but as installed programs and devices communicate on the internet in different ways due to their activity, they sometimes have different vulnerabilities that attackers can take advantage of. In most cases, these vulnerabilities are addressed by software and hardware vendors, so it is important to regularly install software and device updates. 

Malware can perform a variety of operations, ranging from redirecting users to fake websites to destabilising the entire system. A special type of malware are keyloggers, which record keyboard strokes and send the records to third parties. Also, there is a type of malware that has the ability to send several thousand emails from an infected computer. Here are some other common types of malware:

  • A virus is a type of malware that replicates itself in existing files, programs, and even the operating system  itself. It usually modifies the contents of files or deletes them, which can cause the system to crash if a virus deletes a system file;
  • A trojan is a type of malware that, when installed, performs operations that are defined by the attacker, most often deleting or modifying data, but it can often damage the entire system. They usually look like regular and useful installation files, so that is how they got their name;
  • Adware (advertising software) is a type of malware that automatically displays advertisements when searching the internet when it infects the system, which brings revenue to the person who created it;
  • Spyware (spying software) is a type of malware that collects data from an infected system and passes it on to a third party, usually the one which created it. With this malware, unauthorised persons can gain access to passwords  , personal data, correspondence, etc;
  • A worm is a type of malware that replicates itself. This means that if one computer within the system is infected, it is very likely that all computers connected to it will be infected after a certain time. It most often damages the network and the system by slowing down the flow of data in the network. Worms are independent malware, i.e. unlike viruses, they do not have to be linked to an existing program to be transmitted.

Organisations nowadays face one of the biggest security problems and forms of cybercrime, a form of malicious software called ransomware. This form of malware encrypts  files on anything from a single computer all the way up to an entire network, including servers , so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Some ransomware infections start with clicking on what looks like an innocent attachment that, when opened, downloads the malicious files and begins the encryption process. Larger ransomware campaigns use software exploits and flaws, cracked passwords and other vulnerabilities to gain access to organisational systems using weak points such as internet-facing servers or remote-desktop logins to gain access. The attackers will secretly hunt through the network until they control as much as possible – before encrypting all they can.

Victims of ransomware attack can often be left with few choices; they can either regain access to their encrypted files by paying a ransom to the criminals behind the ransomware, restore files from backups or hope that there is a decryption method freely available.

Small and medium-sized businesses are commonly targeted by ransomware because they tend to have poorer security standards and practices compared to larger corporations.

It is not always easy to recognise malware, as it often happens that users are initially unaware that their device/system is infected. Sometimes malware activity can be noticed due to spontaneous deterioration of system performance. The average user certainly cannot completely remove malware on their own without the use of specific anti-malware software. These programs monitor the system, scan the files downloaded from the internet and email, and if they find any malware, they quarantine it or delete it, depending on the settings. 

However, it is not enough to just install a specific application  that will scan and remove malware - it is also important that users do not install untrusted applications, click on suspicious links, open suspicious emails or visit unreliable websites.

Data backup Digital hygiene Malware Damage Cybercrime Device reset System restore

Incident notice

For the purposes of this toolkit, we will define “incident” as any event that has a negative impact on the security of network and information systems. This can range from complex and sophisticated technical attacks to system malfunctioning caused by human error.

However, when it comes to ICT systems of special importance  , such as those which are part of a country’s critical infrastructure (power supply, telecommunications, etc.) or used for banking services, they have an obligation to report incidents in their systems to competent state bodies and authorities. For example, if the incident occured in the banking sector, the operator of the ICT system needs to notify the country’s central bank.

When there are more serious incidents and attacks, which can strongly affect national defence or national security, relevant intelligence and security services and agencies (military or civilian) should be notified as well. In addition, when an incident involves and affects personal data, the national data protection authority (Commissioner, Agency, Commission, etc.) is also to be notified.

Sometimes it is very difficult to distinguish between types of incidents, as they can occur simultaneously. Below is a list of some of the types of incidents which usually require sending an incident notice to the competent state authorities:

  • Breaking into the ICT system: an attack on a computer network and server infrastructure which, by violating protection measures, enabled access to the ICT system and unauthorised influence on its operation; 
  • Data leakage: availability of protected data outside the circle of persons authorised to access data; 
  • Unauthorised modification of data
  • Data loss
  • Interruption in the functioning of the system or part of the system; 
  • Denial of service attacks [DDoS] ; 
  • Installation of malware  within the ICT system; 
  • Unauthorised data collection through unauthorised surveillance of communications or social engineering; 
  • Constant attack on certain resources; 
  • Abuse of authority to access ICT system resources; 
  • Other incidents
DDos Damage Data leaks CERT Cybercrime

AI VIDEO MANIPULATION (DEEP FAKES)

Hyper-realistic software-manipulated video or audio content, falsely depicting the target’s behavior or speech with the goal of damaging the target’s reputation, degradation of dignity.

Development of Artificial Intelligence (AI) has enabled manipulation that can perfectly mimic reality. This has serious and terrifying implications for the future of fake news and disinformation, as fake content will be more and more difficult to identify.
 

Among other consequences, the spread of fake news has undermined public trust in professional journalism, and it remains to be seen how the media and broader society will cope with  hyper-realistic disinformation. 

https://www.forbes.com/sites/chenxiwang/2019/11/01/deepfakes-revenge-porn-and-the-impact-on-women/?sh=45ed6ff1f53f

Digital hygiene Damage Reputation Tactic

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences.

There are different forms of identity manipulation and fraud utilising unlawful collection of data, including data leaking, and database hacks, and information dumps, for example. 

The most common reasons for identity manipulation include theft, misrepresentation and cover-up of criminal activity.

Digital evidence Digital hygiene Damage Reputation Identity

GOOGLE BOMBING

Intentional optimization of inaccurate and malicious information on internet search engines (i.e. Google), with the objective of causing damage to the target’s dignity and reputation.

 

Search result indexing can be manipulated using large-scale, coordinated search requests containing inaccurate or malicious information. These search requests and results are up-ranked so that they are the first visible option when the target is searched.  
 

The wife of a former German President filed charges against Google in 2012, claiming the company’s search algorithm resulted in the broad dissemination of  information about her past as a sex worker.

 

Digital hygiene Browser Damage Reputation

Check for available decryption tools

One of the biggest security problems and forms of cybercrime  today is ransomware .This form of malware encrypts files so that they cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

In case you are a target of ransomware, general advice is not to pay, as there is no guarantee you will indeed receive the correct decryption key. Payments also encourage further cybercrime attempts. You can try to find a decryption tool based on the type of ransomware. For example, No More Ransom is an initiative which provides citizens with free decryption tools for many forms of ransomware.

Encryption Malware Damage Access recovery

AI VIDEO MANIPULATION (DEEP FAKES)

Hyper-realistic software-manipulated video or audio content, falsely depicting the target’s behavior or speech with the goal of damaging the target’s reputation and/or degradation of dignity.
 

You can claim damages via civil legal procedures if a manipulated video or photo:

causes you harm, has been made for defamatory purposes, or has resulted in financial loss (if your biometric data or voice is manipulated for the purposes of fraud, for example). 

If you have suffered a financial loss because of deep fake or video manipulation, you can utilize civil legal procedures to recover losses. In the case of causing great offense or other form of non-pecuniary damage (to reputation, or psychological harm, for example), you can file a civil law procedure to win compensation. In both cases, you, the filing party, are responsible for providing the identity of the perpetrator.

This type of content is so insidious in that it is difficult to identify (the Director of Facebook is one such example). Some of the clear signs of deep fakes are mechanical/unnatural movements, static eye position (no blinking), and inconsistent movement of the lips while talking. Your risk of being targeted with this type of content decreases the more aware you are of your digital footprint, and by limiting circulation of your biometric data, including photos, video and audio recordings. 


 

Damage Report to platform Reputation

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences. Whether the target is a person whose personal data has been misused, or someone else, the damage can be incalculable.

Due to the complexity and different manifestations of this category of assault, it is difficult to determine the legal basis offering the most suitable protection. In the case of fraud committed using the computer belonging to another person, and resulting in material or financial gain for the perpetrator, a criminal complaint may be filed under art. 301 (Computer Fraud).  Another criminal offense, the unauthorized collection of personal data (art. 146), must be initiated via private lawsuit, and therefore the identity of the perpetrator must be known.  

If a case of identity manipulation leads to psychological harm, or damage to reputation or dignity, then compensation may be claimed using civil legal procedures. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

 

Identity manipulation is often tied to financial fraud and online theft. There are different ways you can protect yourself from these crimes: limit the amount of money that can be transferred to another account, or taken out via ATM at one time, use at least a two-factor authentication system for your finance-related logins, and destroy old bank and other identity cards with sensitive data. 

If you are a victim of identity manipulation, inform the police as soon as possible, notify the financial institutions or websites where you have accounts and temporarily block compromised bank accounts and/or cards. 

Timely risk assessment and digital hygiene are important means of  prevention and protection.

Digital evidence Password Authentication Recovery account Phone/Tablet Damage Reputation Identity Cybercrime User account Computer/Laptop Access recovery System restore Criminal charges

FALSE ACCUSATIONS

As the result of structural power inequality, false accusations, even if proven untrue, have the potential to inflict serious and lasting reputational damage on the accused. 
 

This type of attack can also be considered a form of pressure on freedom of expression, and it is difficult to ensure protection in this case. 

In the case that a false accusation results in the endangerment of safety, protection under art. 138 of the Criminal Code is available. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

For harm suffered in the form of damage to reputation and dignity, compensation may be claimed through civil legal proceedings initiated via a lawsuit. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

Document how false accusations have caused you harm. If accusations have been published online, request that the website or platform remove this information. 

If the amount of content posted becomes too much to collect, ask your friends, and family to help you document false accusations and report them to the websites or platforms. 

Publicly commenting on or calling out  accusations is another way to address the attack, but do a preliminary risk assessment to evaluate the potential for negative reactions and amplification of the false accusations. 

 

Damage Report to platform Reputation Tactic Support Media Criminal charges

GOOGLE BOMBING

Intentional optimization of inaccurate and malicious information on internet search engines (i.e. Google), with the objective of causing damage to the target’s dignity and reputation.

The criminal justice system does not explicitly prohibit this or identify it as a criminal act. From a technical viewpoint, Google bombing does not imply the misuse or manipulation of personal data. Rather it is seen as a misuse of the (Google) search engine. In certain cases, this type of assault can be prosecuted via Unauthorised Access to Computer, Computer Network or Electronic Data Processing (art.302 of the Criminal Code ). In this case, criminal charges, together with collected evidence  (screenshot  of the search results, analysis of the search optimization,etc), should be filed with the police.

For harm suffered in the form of damage to reputation and dignity, compensation may be claimed through civil legal proceedings initiated via a lawsuit. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

Because tools to modify search engine algorithms are widely available, almost anyone can alter search results. For this reason it is quite difficult to prevent or protect yourself from Google bombing.

Google has developed an extension for their search engine - Google Meet Bomb Guard that allows users to block all uninvited participants and generic gmail accounts from organized Google Meet groups.

Take a look at other available search engine extensions  that can help prevent this type of assault. 

Digital evidence Digital hygiene Browser Damage Report to platform Reputation

FALSE REPORTING

The misuse of reporting or flagging mechanisms, or false claims of copyright infringement or other violations of Terms of Service or Community rules and regulations on social media platforms, for the purpose of blocking, suspending or preventing more extensive digital participation.

Similar to trolling, it is difficult to qualify false reporting as a criminal offense. Rather, it is seen as a misuse of social media platforms’  internal reporting mechanisms. Unfortunately, it is very difficult to find a remedy, as the mechanisms for reporting usually employ automated systems that often fail to offer adequate help. 

It is difficult to combat false reporting. Both Facebook and Twitter offer assistance for reactivating accounts that have been shut down due to false reporting. Unfortunately, these platforms are slow to respond to this particular issue, and creating a new account is generally a quicker solution. 
 

Digital evidence Password Authentication Recovery account Damage Tactic User account