Security+ Journey – Prying Eyes

The internet allows us to have the proverbial ‘world at our fingertips’. We have almost immediate access to countless amounts of information at practically any given time. While this is great, it can definitely be seen as a double-edged sword. Being on the internet often means disclosing information about ourselves in order to get access to information or having the ability to purchase goods and services. For instance, if you want access to that bright shiny new social media app of the week, you are going to need to create a profile and give information to the company that owns the application to be able to do so. This information could include your name, email address, age, date of birth, and phone number. There should be some documentation that shows how your data will be used. As the consumer, you will need to decide if you agree to the terms of how your personal data will be used by the company collecting it. Is is purely for use within the application, or is there potential for your data to be sold to other organizations for the purpose of use cases such as targeted advertisments? Other than for business purposes and monteary gain, our personal data could also be used for malicious purposes. An example of this would be attackers gaining unauthorized access to and using personal data for spear phishing campaigns. There are various ways in which our data and activities on the internet can be tracked:

Tracking cookies
Tracking cookies are text files that store information about an individual when they visit a website. Information about the user visiting the site can be tied to what specifically the user views or clicks on while on the site. If you have ever been on a website shopping for something specific, then start scrolling through your favorite social media feed, only to see an advertisement about the item you were just shopping for; the cause could likely be a tracking cookie.

I think of Adware as being similar to a tracking cookie, but rather than being a file, adware is a software that can not only track user data and activities, but also do the actual displaying of targeted ads itself. The advertisements themselves may be unwanted, but the adware is most likely installed with user acknowledgement.

Out of the examples given so far, while the first two could, depending on the circumstances be questionable in their use, spyware is outright malicious. Spyware is software that records and tracks data about systems and users, to be seen/used by another entity, primarily without consent of the user. Spyware is a direct invasion of privacy and could potentially be dangerous.

Like spyware, keyloggers are outright malicious. Keyloggers can come in hardware or software forms and aim to record actual typing keystrokes of a user. One use case of a keylogger for threat actors is to acquire usernames and passwords of targets for credential harvesting purposes.

While the internet can be an amazing tool to be leveraged for awesome use cases, it can also be a very scary place for our data. Increasing more with time, we need to be conscious of our presence online and the risks we might be taking by entering our private information into different sites on the internet. As much, if not more so than in the physical world, there are prying eyes all over the internet.

Published by Tim Bertino

Systems Architect passionate about solutions and design.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: