Читать книгу THE LIFEBOAT STRATEGY - Mark Nestmann - Страница 34

Your personal computer and the software you run on it create huge quantities of data about your PC activities, both on – and off – the Internet. If someone could secretly stand behind you and monitor everything you’ve done on your PC, what would they discover about you that you would prefer to keep private?

• The swap or page file Windows creates writes data in memory to disk. Data you entered months or years ago can in many cases be retrieved long after you think it’s gone.

• When you hit “delete,” file(s) aren’t actually removed. The index to that data is merely changed to indicate that the space it occupies on your hard disk is available for future use.

• Formatting a disk doesn’t remove the data that was stored on it. Using the right software, the data on a formatted a disk can be recovered.

All versions of the Windows operating system are vulnerable to this type of surveillance. Other operating systems using a graphical interface (e.g., Macintosh OS) are also vulnerable. Windows and other operating systems that support multitasking also create huge temporary files in their normal operation. These temporary files are often anything but “temporary” and represent a significant threat to privacy and security.109

No version of Windows is designed to securely delete data by default. Most PC users value speed and reliability over security. By default, modern operating systems preserve data rather than discard it. This makes finding and securely deleting sensitive data a significant technical challenge. All commercial software sold to securely delete telltale data from your PC has significant shortcomings.110

When you connect to the Internet, the problem multiplies. Each log in can be traced via the “Internet Protocol Address” (IP Address) your Internet Service Provider (ISP) assigns your PC. If you use an “always on” Internet connection, your IP address usually stays the same. That makes you an even more attractive target. Anyone who can retrieve your IP Address can probably figure out who you are, unless you’ve taken advance precautions. 111

Many laptop PCs and cell phones come with wireless networking capability. This makes it possible to log into the Internet at “hot spots” in airports and other locations. However, hot spots are magnets for identity thieves and hackers, because the connections often aren’t encrypted, giving other users the ability to monitor the wireless signals coming and going from your laptop. Similar threats face home or office users of wireless networks.112

Other threats lurk in your e-mail and on the World Wide Web. Many types of “malicious mobile code” are spread via e-mail or booby-trapped Web pages. Vulnerabilities in Windows, for instance, allow viruses and other “malware” to spread to computers over the Internet.113

Two other rapidly growing threats are “botnet” and “phishing” attacks. Hackers can secretly make your PC part of a botnet through an infected Web page or e-mail attachment. The botnet silently takes control of your PC. Once your PC is compromised in this manner, organized crime syndicates use it for illicit purposes, while insulating those responsible from being detected.114 In a phishing attack, you receive an e-mail purported to come from a financial institution or other trusted source. The message tries to trick you into logging onto a phony Web site impersonating a legitimate Web site and disclosing personal data such as your name, address, and SSN. The Web site operators then use this information to steal your identity.115

But the biggest threat to Internet privacy and security is the explosion in technology facilitating interaction. Chat rooms, Web cams, blogs, “social networking” Web sites, and the like expose information permanently archived at Web sites such as http://www.archive.org for future retrieval. Disclosure of this information has already led to loss of employment opportunities, lawsuits, and even criminal investigations.116

Police and government agencies have many tools available to monitor your Internet activities without a warrant. For instance, they can monitor any information you post without restrictions (e.g., failing to designate a social networking profile “private”). As you’ll learn in Chapter 2, the contract you have with your ISP may give it the right to record your Web browsing activity and disclose to any third party it chooses, including the government.

In 2007, rules came into effect stipulating that U.S. Internet Service Providers make their networks “wiretap friendly.” Essentially, this requires that networks be designed so that law enforcement authorities can monitor your online activity without intervention by the network. The requirements apply to universities, public libraries, Internet cafés, and other institutions that operate networks connected to the Internet.117

To police the Internet, investigative agencies post fake links to snare individuals interested in child pornography or other illegal activities. Courts have upheld criminal convictions and imprisonment of individuals guilty of nothing more than clicking on a link. 118