Introduction to ICT

• Computer Crime
• Data security
• Security threats
• Computer virus
• Worms (spreading copies of itself from one device to
another)
• Personal computer security
• Backup of data
• Antivirus
• Data Protection Legislation
• Data Protection in Pakistan
• Intellectual Property (computer code or program that is
protected by law against copying)
 Computer Crime
• A type of crime in which a computer is either
the target or the tool for an illegal activity is
called computer crime.
• A type of crime that refers to an illegal act
involving the internet is called cyber crime.
• It usually involves stealing (thieve), using or
selling someone else’s data.
 Computer Crime: Computer Criminals
• Computer criminals are the persons who commit computer crimes.
• Different type of computer criminals are
– Hacker
– Script Kiddie (dangerous, exploiters of internet security
weaknesses.)
– Corporate Spy (he theft of a company's valuable data and
information)
– Unethical Employee
– Cyber Extortionist(a crime involving an attack or threat of an
attack coupled with a demand for money or some other
response in return for stopping or remediating the attack.)
– Cyber Terrorist(Hacking of servers to disrupt communication
and steal sensitive information)
Methods Used by Computer Criminals
• Bomb: It is a program that triggers under certain
conditions. It is usually activated at a certain date.
• Denial of Service: It slows down a computer
system or network. It floods a computer or
network with requests for information or data.
The server under attack receives so many
requests that it can not respond to legitimate
user. Most common targets are internet service
providers (ISPs).
 Denial-of-Service (DoS)
• A Denial-of-Service (DoS) attack is an
attack meant to shut down a machine or
network, making it inaccessible to its
intended users. DoS attacks accomplish
this by flooding the target with traffic, or
sending it information that triggers a crash.
• Basically a Purpose of Server hacking aur
server crashed due to sudden
bombardment of requests on the same time
 What is man in the middle attack?
• A man in the middle (MITM) attack is a
general term for when a perpetrator
(hit-and-run) positions himself in a
conversation between a user and an
application—either to impersonate one of
the parties, making it appear as if a normal
exchange of information is underway.
• The process cached between two
conversation and hacked data
 What is man in the middle attack?
• DNS (through fake websites) and SSL
spoofing took place to redirect users to a
phony website or intercept data from the
site. 2.5 million customers were impacted
by the man-in-the-middle attacks, putting
the total at 145.5 million for the total
incident at Equifax.
Man in the Middle
 What is skimming
• Skimming occurs when devices illegally
installed on ATMs, point-of-sale (POS)
terminals, or fuel pumps capture data
or record cardholders' PINs. Criminals
use the data to create fake debit or credit
cards and then steal from victims'
accounts.
 Phishing Technique
• Phishing works by sending messages
that look like they are from a legitimate
company or website. Phishing messages
will usually contain a link that takes the
user to a fake website that looks like the
real thing. The user is then asked to enter
personal information, such as their credit
card number.
 Salami Attacks
• For example, a thief might modify a financial
application in order to round down the
amount of money being transferred from
one account to another. This would result in a
small amount of money being transferred from
the first account to the second, and the thief
would be able to steal the difference.
• Salami Technique: It is a process of getting a small
amount of money illegally from a large financial
system.
Methods Used by Computer Criminals
• Piggybacking: go to a website and add an
item to your shopping cart, then you navigate
to a different website and see an
advertisement for that item you added to your
cart – that's piggybacking. It's becoming more
popular in the age of digital advertisements. It is a
process of entering the system by riding on the back
of an authorized user. It occurs when an authorized
user does not log off the system properly. An illegal
user may continue where original user left.
 What is piggybacking
• Piggybacking is a method of attaching
acknowledgment to the outgoing data
packet . The concept of piggybacking is
explained as follows: Consider a two-way
transmission between host A and host B .
When host A sends a data frame to B,
then B does not send the acknowledgment
of the frame sent immediately
 Security
• Security is a system that is used to protect a
computer system and data.
• It protects from intentional or accidental
damage or access by unauthorized persons.
• With the help of a security system, a computer
can detect whether the user is authorized or
not.
 Data Security
• Protection of data is called data security.
• Data stored in computer can be lost
accidentally or someone can damage it can be
lost completely or partially.
• Data is more valuable and important than
computer itself, so it should be saved in such a
way that it may not be lost or damaged.
• It is very important to protect data from illegal
and unauthorized access.
 Security Threats
• Computer security threat can be a computer
program or a person that violates computer
security.
• It may cause stealing or loss of data.
• It may also affect working of computer
 Security Threats
• Hacker:
– A person who accesses a computer, network and its
resources illegally is known as hacker.
– Hackers are computer experts and user their
computer knowledge for negative purpose.
– Hackers may steal
• Information of clients or customers.
• Credit card details
• Passwords to access computers illegally
• Email passwords to use email account without user’s
knowledge
 Security Threats
• Hardware Theft and Vandalism:
– Hardware theft is a process of stealing (thieve)
the hardware equipment such as hard disk or
monitor.
– Hardware vandalism is the process of defacing the
hardware equipment, e.g. an employee in an
organization may damage the keyboard and cut
the wires etc.
 Security Threats
• Software Theft:
– Software theft means that a person can steal
software media, erase software program or copy it
without permission
• Information Theft:
– Information theft is a process of stealing personal
or confidential information.
– The stolen information can further be used for
illegal activities e.g. stealing credit card details and
use it for online shopping.
 Security Threats
• System failure:
– System failure is an important security threat and
it occurs when the system does not function
properly for longer time.
– System failure may further cause loss of data,
software and hardware.
– It occurs due to various reasons
• Obsolete hardware
• Natural disaster such as flood, fire or storm
• Fluctuation in power supply
 Computer Virus
• A computer virus is a program that may
disturb the normal working of a computer
system.
• Virus attaches itself to files stored in flash
drives, email attachments and hard disk.
• A file containing a virus is called an infected
file and when it is copied to a computer, virus
is also copied to the computer.
 Computer Virus
• Computer viruses can not damage hardware
but they can cause many damages to
computer system.
• A computer virus can
– Damage data or software
– Delete some or all of the files
– Destroy all data by formatting hard disk
– Display a false message every few times.
 Computer Virus: Causes
• A virus is spread on different computers due
to following reasons
– Infected flash drives or disks
– Email attachments
– Insecure websites
– Networks
– Pirated software
 Computer Virus: Protection
• A computer system can b protected from viruses by
following these precautions
– Install latest anti-virus
– Upgrade antivirus regularly
– Scan flash drive before use
– Do not open junk or unknown emails
– Do not install pirated software(The use and or distribution
of copyrighted computer software in violation of the
copyright laws or applicable license restrictions)
– Freeware and shareware software normally contain viruses,
so check the software before using it.
 Worms
• A worm is a program that copies itself repeatedly in
memory or disk until no space is left there and computer
may stop working in this situation.
• Worms spreads from one computer to another computer
through networks.
• Some examples of worms are SQL Slammer(a computer
virus that began in January 2003 and caused a denial of
service on some Internet hosts, significantly slowing
general Internet traffic.), The Blaster Worm(caused a
system to reboot every 60 seconds and in some
computers, the worm caused an empty welcome
screen.), One-Half and cascade.
 Personal Computer security
• Avoid extreme conditions: The computer
system should not be placed in extreme
conditions, it should be safe from direct sun,
rain and extreme temperature.
• Avoid virus: Antivirus software must be
installed on the computer and must be
updated regularly.
 Personal Computer security
• Firewall:
– A firewall is a set combination of hardware and
software that prevents unauthorized access to a
network.
– It works between an organization’s internal
network and the internet.
– It protects data, information and storage media
from unauthorized access.
– It can also be used to stop internal users from
accessing certain sites.
 Personal Computer security
• Passwords:
– Password is a secret word that is used to protect a
computer system or program.
– The user has to type the password to access the
computer system, therefore the system can be
accessed only by the person who knows the
password.
– So the computer and the data stored on it will be
safe and protected.
 Personal Computer security
• Encryption:
– Encryption is a process of encoding data so that only
authorized user may understand and use it.
– Some strong encryption should be used to protect
important files.
• Backup:
– An additional copy of data or information stored on
secondary storage media is called backup.
– It is very important to take backup of data regularly
and store it at a safe and protected place.
 Backup of Data
• An additional copy of data or information
stored on secondary storage media is called
the backup of data.
• The common media for backup are USB flash
drives, magnetic tape, CD and external hard
disk.
 Backup of Data: Purpose
• An important file can be deleted accidentally.
• The user may overwrite a part or whole of an
existing file.
• A mechanical failure in the computer may
result in loss of data.
• A virus may damage the data.
• The computer system may be damaged due to
fire or power failure.
 Backup of Data: Types
• Two ways to take the backup of data are
– Complete backup
– Incremental backup
• Complete backup is the backup of all data on
the hard disk.
• Advantage of this backup is that entire hard
disk is backed-up and whole data can be
restored.
• It takes more time and storage capacity.
 Backup of Data: Types
• Incremental backup creates a copy of only the
data that is newly created or modified since
the last backup.
• This process is performed automatically in
some software.
• In this type, entire disk is not copied so it takes
less time and space.
 Antivirus
• Antivirus software is used to detect and remove
viruses, worms and adware etc.
• It contains information about different known
viruses.
• It runs in the background all the time and alerts
the computer user when any virus is detected.
• Some examples are McAfee, AVG, Kaspersky
and NOD32.
 Antivirus: McAfee
• McAfee is an American organization that has
developed an antivirus program called McAfee
Virus Scan.
• McAfee
– Automatically detects and removes viruses
– Block adware before it installs on computer
– Remove existing adware
– Protects computer from hackers
– Can also check emails for viruses.
 Antivirus: AVG
• AVG stands for Antivirus Guard and is an
antivirus program developed by AVG
Technologies.
• It protects computer from latest viruses,
worms and other threats.
• The AVG Free Edition is also available that can
be downloaded, however it does not provide
full protection.
 Antivirus
• The antivirus software should be managed
properly to detect and remove viruses, worms
and adware from the computer system.
• Many new viruses are created and spread
continuously.
• The antivirus software must be updated
regularly in order to protect the computer
properly.
 Data Protection Legislation
• The data protection legislation defines the laws
that ensure data protection.
• Many countries have defined data protection
legislation which is based on same basic principles
– The purpose of keeping personal data must be clearly
defined by that organization that obtains the data.
– The individual about whom data is collected must be
informed about the identity of the organization or
individual that collects data.
 Data Protection Legislation
• Some important privacy acts are
• 1980 Privacy Act prohibits agents of federal
government from making unannounced
searches of press office.
• 1984 Cable Communication Policy Act
restricts cable companies in the collection and
sharing of information about their customers.
It was the first legislation to regulate the use
of information processed on computer.
 Data Protection Legislation
• Data Protection Act 1984 protects an individual
from unauthorized use and disclosure of personal
information stored on computer.
• It consists of following eight principles
– The data should be processed fairly and lawfully and may
not be processed unless the data controller can satisfy
one of the conditions for processing set out in the Act.
– Data should be obtained only for specified and lawful
purposes.
– Data should be adequate, relevant and not excessive.
 Data Protection Legislation
– Data should be accurate and, where necessary, kept up to date.
– Data should not be kept longer than is necessary for the purposes
for which it is processed.
– Data should be processed in accordance with the rights of the data
subject under the Act.
– Appropriate technical and organisational measures should be taken
against unauthorised or unlawful processing of personal data and
against accidental loss or destruction of, or damage to, personal
data.
– Data should not be transferred to a country or territory outside the
European Economic Area unless that country or territory ensures
an adequate level of protection for the rights and freedoms of data
subjects in relation to the processing of personal data.
 Data Protection in Pakistan

“PERSONAL DATA PROTECTION BILL

2018”
 PERSONAL DATA PROTECTION BILL 2018

• A new Personal Data Protection Bill 2018 Draft

(the “Bill”) has been proposed by the Ministry
of Information Technology and
Telecommunication (“MOITT”) of Pakistan.
• With this Bill, Pakistan will the wave of new
data protection laws that have been drafted or
passed since Europe’s General Data Protection
Regulation (GDPR).
 PERSONAL DATA PROTECTION BILL 2018

• A new enforcement body, the National Commission

for Personal Data Protection (NCPDP), will be
established under the Bill.
• NCPDP will receive and decide complaints from
individuals, as well as engage, support, guide,
facilitate, train and persuade data controllers, data
processors to ensure protection of personal data.
• The current draft of the Bill has 25 pages with
requirements and individual rights similar to the
GDPR.
 Intellectual Property
• Intellectual property is the unique and original
works such as ideas, inventions, writings and logos
etc.
• Intellectual property rights are such rights which
are given to persons who are the authors or
creators of the new and original literary and artistic
works such as books, articles , other
writings ,paintings , musical compositions,
sculpture , films and computer programs by
application of their creativity process and intellect.
 Intellectual Property
• Intellectual property rights are given to such
individuals to compensate for their efforts
during such creative process and their
investments.
• These rights are given for a certain period of
time and after which general public have the
right to freely benefit from them in their
benefit and use.
 Intellectual Property
• The term intellectual property, covers the following
aspects in the relevant categories namely:
– Copyright: literary, artistic and scientific works
covering books, journals, magazines, written
articles etc.
– Trademarks: trademarks, merchandise marks,
service marks, commercial names and
designations like logos.
 Intellectual Property
– Patents: inventions like a new form of airplane
engine, a floor cleaner, etc.
– Designs: it includes the shape of a bottle,
machine, model of luxury car or any other
product, etc.