Hacking

What is a hacking?

• Hacking is a generic term used to describe the act of gaining unauthorised

access to computer systems or networks to gain control, steal
information, or cause damage
• A hacker is a criminal who exploits technical vulnerabilities to break into
computer systems and networks
• Hackers seek out opportunities that make this possible, these include:
o Unpatched software
o Out-of-date anti-malware
o Weak passwords

What are the effects of hacking?

• Hacking can cause a number of issues for an organisation or individual, these

include:
o Data breaches
o Installation of malware
o Data loss
o Identify theft
o Financial loss

How can hacking be prevented?

• Hacking can be prevented by a number of methods, some of these include:

o Using strong passwords
o Using two-factor authentication
o Installing anti-malware software
o Using firewalls

Phishing
What is a phishing?

• Phishing is a form of social engineering

• It involves sending fraudulent, legitimate-looking emails to a large number
of email addresses, claiming to be from a reputable company or trusted
source to try and gain access to your details
• Phishing often tries to coax the user to click on a login button to enter their
details

What are the effects of phishing?

 • The creator of the email can gain unauthorised access to personal data such
as login information, bank accounts and more
• Phishing can lead to identity theft or fraudulent activity on credit cards and
bank accounts

How can phishing be prevented?

• Phishing can be prevented by:

o Anti-spam filters to avoid fraudulent emails arriving in a user's inbox
o Training staff to recognise fraudulent emails and to avoid opening
attachments from unrecognised senders
o User access levels to prevent staff from being able to open files-types
such as executable (.exe) files and batch (.bat) files

Pharming

Cyber Security
Threats (Cambridge (CIE)
IGCSE Computer Science)
: Revision Note
Forms of cyber security threat

• Computers face a variety of forms of attack and they can cause a large
number of issues for a network and computers
• The main threats posed are:
o Brute-force attacks
o Data interception & theft
o DDos attack
o Hacking
o Malware
o Pharming
o Phishing
o Social engineering

Brute Force Attack

What is a brute-force attack?

• A brute force attack works by an attacker repeatedly trying multiple

combinations of a user's password to try and gain unauthorised access to
their accounts or devices
 • An example of this attack would be an attacker finding out the length of a PIN
code, for example, 4-digits
• They would then try each possible combination until the pin was cracked,
for example
o 0000
o 0001
o 0002
• A second form of this attack, commonly used for passwords is a dictionary
attack
• This method tries popular words or phrases for passwords to guess the
password as quickly as possible
• Popular words and phrases such as 'password', '1234' and 'qwerty' will be
checked extremely quickly.

Data interception
What is data interception & theft?

• Data interception and theft is when thieves or hackers

can compromise usernames and passwords as well as other sensitive data
• This is done by using devices such as a packet sniffer
• A packet sniffer will be able to collect the data that is being transferred on a
network
• A thief can use this data to gain unauthorised access to websites,
companies and more

DDoS Attack
What is a DDoS attack?

• A Distributed Denial of Service Attack (DDoS attack) is a large

scale, coordinated attack designed to slow down a server to the point of it
becoming unusable
• A server is continually flooded with requests from multiple distributed
devices preventing genuine users from accessing or using a service
• A DDoS attack uses computers as 'bots', the bots act as automated
tools under the attackers control, making it difficult to trace back to the
original source
• A DDoS attack can result in companies losing money and not being able to
carry out their daily duties
• A DDoS attack can cause damage to a company's reputation

Hacking
What is hacking?

• Hacking is the process of identifying and exploiting weaknesses in a

computer system or network to gain unauthorised access
 • Access can be for various malicious purposes, such as stealing data,
installing malware, or disrupting operations
• Hackers seek out opportunities that make this possible, this includes:
o Unpatched software
o Out-of-date anti-malware

Malware
What is malware?

• Malware (malicious software) is the term used for any software that has been
created with malicious intent to cause harm to a computer system
• Examples of issues caused by malware include
o Files being deleted, corrupted or encrypted
o Internet connection becoming slow or unusable
o Computer crashing or shutting down
• There are various types of malware and each has slightly different issues
which they cause

Malware What it Does

• Contains code that will replicate and cause unwanted and unexpected events to occur
• Examples of issues a user may experience are
o Corrupt files
Virus
o Delete data
o Prevent applications from running correctly

• Very similar to viruses, main difference being that they spread to other drives and computers on the
network
• Worms can infect other computers from
o Infected websites
Worms
o Instant message services
o Email
o Network connection

• Sometimes called a Trojan Horse

Trojan • Trojans disguise themselves as legitimate software but contain malicious code in the background

• Allow a person to spy on the users' activities on their devices

• Embedded into other software such as games or programs that have been downloaded
Spyware from illegitimate sources
• Can record your screen, log your keystrokes to gain access to passwords and more

• Displays adverts to the user

• Users have little or no control over the frequency or type of ads
Adware
• Can redirect clicks to unsafe sites that contain spyware

• Locks your computer or device and encrypts your documents and other important files
Ransomware
• A demand is made for money to receive the password that will allow the user to decrypt the files
 • No guarantee paying the ransom will result in the user getting their data back

Pharming
What is pharming?

• Pharming is typing a website address into a browser and it being redirected

to a 'fake' website in order to trick a user into typing in sensitive information
such as passwords
• An attacker attempts to alter DNS settings, the directory of websites and
their matching IP addresses that is used to access websites on the internet or
change a users browser settings
• A user clicks a link which downloads malware
• The user types in a web address which is then redirected to the fake
website

How can you protect against it?

• To protect against the threat of pharming:

o Keep anti-malware software up to date
o Check URLs regularly
o Make sure the padlock icon is visible

Phishing
What is phishing?

• Phishing is the process of sending fraudulent emails/SMS to a large number

of people, claiming to be from a reputable company or trusted source
• Phishing is an attempt to try and gain access to your details, often by coaxing
the user to click on a login button/link

Social Engineering
What is social engineering?

• Social engineering is exploiting weaknesses in a computer system

by targeting the people that use or have access to them
• There are many forms of social engineering, some examples include
o Fraudulent phone calls: pretending to be someone else to gain
access to their account or their details
o Pretexting: A scammer will send a fake text message, pretending to
be from the government or human resources of a company, this scam
is used to trick an individual into giving out confidential data
• People are seen as the weak point in a system because human errors can
lead to significant issues, some of which include:
o Not locking doors to computer/server rooms
o Not logging their device when they're not using it
o Sharing passwords
o Not encrypting data
o Not keeping operating systems or anti-malware software up to
date

Worked Example

A company is concerned about a distributed denial of service (DDoS) attack.

(i) Describe what is meant by a DDoS attack.

[4]

(ii) Suggest one security device that can be used to help prevent a DDoS attack.[1]

Answers

(i) Any four from:

• multiple computers are used as bots

• designed to deny people access to a website
• a large number / numerous requests are sent (to a server) …
• … all at the same time
• the server is unable to respond / struggles to respond to all the requests
• the server fails / times out as a result.

(ii)

• firewall OR proxy server

Access Levels
What are access levels?
 • Access levels ensure users of a network can access what they need to
access and do not have access to information/resources they shouldn't
• Users can have designated roles on a network
• Access levels can be set based on a user's role, responsibility, or
clearance level
o Full access - this allows the user to open, create, edit & delete files
o Read-only access - this only allows the user to open files without
editing or deleting
o No access - this hides the file from the user
• Some examples of different levels of access to a school network could
include:
o Administrators: Unrestricted - Can access all areas of the network
o Teaching Staff: Partially restricted - Can access all student data but
cannot access other staff members' data
o Students: Restricted - Can only access their own data and files
• Users and groups of users can be given specific file permissions

Anti-Malware
What is anti-malware software?

• Anti-malware software is a term used to describe a combination of different

software to prevent computers from being susceptible to viruses and
other malicious software
• The different software anti-malware includes are
o Anti-virus
o Anti-spam
o Anti-spyware

How does anti-malware work?

• Anti-malware scans through email attachments, websites and

downloaded files to search for issues
• Anti-malware software has a list of known malware signatures to
block immediately if they try to access your device in any way
• Anti-malware will also perform checks for updates to ensure the database of
known issues is up to date

Authentication
What is authentication?

• Authentication is the process of ensuring that a system is secure by asking

the user to complete tasks to prove they are an authorised user of the
system
• Authentication is done because bots can submit data in online forms
• Authentication can be done in several ways, these include
o Usernames and passwords
o Multi-factor authentication
 o CAPTCHA - see example below

Biometrics
 • Biometrics use biological data for authentication by identifying unique
physical characteristics of a human such as fingerprints, facial
recognition, or iris scans
• Biometric authentication is more secure than using passwords as:
o A biometric password cannot be guessed
o It is very difficult to fake a biometric password
o A biometric password cannot be recorded by spyware
o A perpetrator cannot shoulder surf to see a biometric password

Automating Software Updates

What are automatic software updates?

• Automatic software updates take away the need for a user to remember to
keep software updated and reduce the risk of software
flaws/vulnerabilities being targeted in out of date software
• Automatic updates ensure fast deployment of updates as they release

Communication
What is communication?

• One way of protecting data is by monitoring digital communication to

check for errors in the spelling and grammar or tone of the communication
• Phishing scams often involve communication with users, monitoring it can be
effective as:
o Rushed - emails and texts pretending to be from a reputable company
are focused on quantity rather than quality and often contain basic
spelling and grammar errors
o Urgency - emails using a tone that creates panic or makes a user feel
rushed is often a sign that something is suspicious
o Professionalism - emails from reputable companies should have
flawless spelling and grammar

URL
How to check a URL?

• Checking the URL attached to a link is another way to prevent phishing

attacks
• Hackers often use fake URLs to trick users into visiting fraudulent websites
o e.g. http://amaz.on.co.uk/ rather than http://amazon.co.uk/
• If you are unsure, always check the website URL before clicking any
links contained in an email

Firewalls
What is a firewall?

• A firewall monitors incoming and outgoing network traffic and uses a set
of rules to determine which traffic to allow
• A firewall prevents unwanted traffic from entering a network by filtering
requests to ensure they are legitimate
• It can be both hardware and software and they are often used together to
provide stronger security to a network
o Hardware firewalls will protect the whole network and prevent
unauthorised traffic
o Software firewalls will protect the individual devices on the network,
monitoring the data going to and from each computer

What form of attack would this prevent?

• Hackers
• Malware
• Unauthorised access to a network

Privacy Settings
What are privacy settings?

• Privacy settings are used to control the amount of personal

information that is shared online
• They are an important measure to prevent identity theft and other forms of
online fraud
• Users should regularly review their privacy settings and adjust them as
needed

Proxy Servers
What is a proxy server?

• A proxy-server is used to hide a user's IP address and location, making it

more difficult for hackers to track them
• They act as a firewall and can also be used to filter web traffic by setting
criteria for traffic
• Malicious content is blocked and a warning message can be sent to the user
• Proxy-servers are a useful security measure for protecting against external
security threats as it can direct traffic away from the server

SSL
What is SSL?

• Secure Socket Layer (SSL) is a security protocol which is used to encrypt

data transmitted over the internet
 • This helps to prevent eavesdropping and other forms of interception
• SSL is widely used to protect online transactions, such as those involving
credit card information or other sensitive data
• It works by sending a digital certificate to the user’s browser
• This contains the public key which can be used for authentication
• Once the certificate is authenticated, the transaction will begin

Worked Example

(i) ) Identify a security solution that could be used to protect a computer from a
computer virus, hacking and spyware.

Each security solution must be different

Threat Security solution

Computer virus
Hacking
Spyware
[3]

(ii) Describe how each security solution you identified in (i) will help protect the
computer.

[6]

Answers

(i)

Threat Security solution

Computer virus Anti-malware/virus (software) Firewall
Firewall

Passwords
Hacking
Biometrics

Two-step verification
Anti-malware/virus (software)

Spyware Two-step verification

Firewall
(ii) Two marks for each description

• Anti-malware/virus (software)
o Scans the computer system (for viruses)
o Has a record of known viruses
o Removes/quarantines any viruses that are found
 oChecks data before it is downloaded
o… and stops download if virus found/warns user may contain
virus
• Anti-malware/spyware (software)
o Scans the computer for spyware
o Removes/quarantines any spyware that is found
o Can prevent spyware being downloaded
• Firewall
o Monitors traffic coming into and out of the computer system
o Checks that the traffic meets any criteria/rules set
o Blocks any traffic that does not meet the criteria/rules set // set
blacklist/whitelist
• Passwords
o Making a password stronger // by example
o Changing it regularly
o Lock out after set number of attempts // stops brute force attacks
// makes it more difficult to guess
• Biometrics
o Data needed to enter is unique to individual
o … therefore it is very difficult to replicate
o Lock out after set number of attempts
• Two-step verification
o Extra data is sent to device, pre-set by user
o … making it more difficult for hacker to obtain it
o Data has to be entered into the same system
o … so if attempted from a remote location, it will not be accepted

Viruses & malware

Why is malware a threat?

• Malware (malicious software) is the term used for any software that has been
created with malicious intent to cause harm to a computer system
• Examples of issues caused by malware include
o Files being deleted, corrupted or encrypted
o Internet connection becoming slow or unusable
o Computer crashing or shutting down
• Malware can exist in many forms, each designed to perform its role in
different ways

Malware What it Does

• A program which can replicate itself on a user's computer. It contains
code that will cause unwanted and unexpected events to occur
• Examples of issues a user may experience are
Computer
o Corrupt files
virus
o Delete data
o Prevent applications from running correctly
 • Sometimes also called a Trojan Horse
• Trojans disguise themselves as legitimate software but contain
Trojan
malicious code in the background

• Software which will allow a person to spy on the users' activities on

their devices
• This form of software will be embedded into other software such as
games or programs that have been downloaded from illegitimate
Spyware
sources
• Spyware can record your screen, log your keystrokes to gain access
to passwords and more

How can malware be prevented?

• To protect against the threat of malware:

o Ensure code is written correctly
o Keep anti-malware software up to date
o Install a firewall
o Educate users

Card fraud
Why is card fraud a threat?

• Card fraud is a threat as fraudsters will try to gain illegal access to credit and
debit cards
• The main way this is achieved is through:
o Shoulder surfing (shouldering)
o Card cloning
o Keylogging

Shoulder Surfing

• Observing a person's private information over their shoulder e.g. cashpoint

machine PINs
• This can be prevented by users ensuring they have covered over their
PIN when entering it

Card cloning

• This is the copying of the data from a user's credit or debit card by
scanning the magnetic strip through a skimmer machine
• Card cloning can be prevented by ensuring a card with a chip is being used
and the chip can not be cloned, though the data on it can still be read

Keylogging

• This is software installed to detect and store keystrokes from the keyboard
and send the data back to the criminal
 • Data such as passwords and other secure data can be collected this way
• To prevent key logging, users should frequently scan their system using
anti-virus software and use cloud password software to prevent having to
enter their details manually

Protection of Data
How can data be kept securely?

• Data can be held securely by storing it in an encrypted format and

ensuring authentication is being used
• This goes a long way to ensuring that only trusted sources can access the
data
• There are a number of ways to store data securely, these include:
o Biometrics
o Digital certificate
o Secure socket layer (SSL)
o Encryption
o Firewall
o Two-factor authentication
o Usernames & passwords

Biometrics including the use of biometric data

Digital certificate including its purpose and contents
Secure socket layer (SSL) including encrypted links between the server and the client computer
Encryption including its purpose for the protection of data on hard discs, email, cloud, HTTPS websites
Firewall including its purpose
Two-factor authentication including its purpose and function
User id and password including how they are used to increase the security of data
Biometrics
What are biometrics?

• Biometrics are a way of authenticating a user by using their unique human

characteristics
• Some of the ways biometrics can be used are:
o Fingerprint scans
o Retina scans
o Facial recognition

What are the benefits of using biometrics?

• Biometric data is unique to the person and can not be copied, meaning that
the data is always with the person
• Passwords can be easily copied, forgotten, guessed or cracked
• It is difficult to copy or forge biometric data
• Biometrics eliminates the possibility of attacks such as shoulder surfing and
key-logging software
 • Biometrics of a high degree of accuracy as there is no known way to copy a
person's retina pattern for example

What are the drawbacks of using biometrics?

• Collecting biometric data can be intrusive, for example, scanning eyes

• Scans be not be recognised, an example of could be fingerprint scans with
dirty hands
• Retina and iris recognition is very expensive to install
• Low light can provide an issue for facial recognition as well as hats and
glasses
• people may be uncomfortable having their most unique characteristics being
stored in a database

Digital certificate
What is a digital certificate?

• A digital certificate is a digital file used to prove who stores the public key
• The public key works alongside a private key to encrypt and decrypt the data
so that all content is secure
• Digital certificates are given by trusted companies to ensure they are real and
safe

What is included in a digital certificate?

• Digital certificates contain a lot of information, some of this includes:

o Public key: The key associated with the holder
o Subject information: Details about the holder
o Issuer information: This identifies the certificate authority (CA)
o Validity period: The start and end date for the certificate to remain
valid
o Serial number: A unique number to identify the certificate
o Signature algorithm: The algorithm used by the CA to sign the
certificate
o Digital signature: The CA's signature to prove the certificate was
issued by them

Secure Socket Layer (SSL)

What is SSL?

• Secure Socket Layer (SSL) is a security protocol which is used to encrypt

data transmitted over the internet
• This helps to prevent eavesdropping and other forms of interception
• SSL is widely used to protect online transactions, such as those involving
credit card information or other sensitive data
• It works by sending a digital certificate to the user’s browser
 • This contains the public key which can be used for authentication
• Once the certificate is authenticated, the transaction will begin

Worked Example

(i) ) Identify a security solution that could be used to protect a computer from a
computer virus, hacking and spyware.

Each security solution must be different

Threat Security solution

Phishing
DDoS attack
Hacking
[3]

(ii) Describe how each security solution you identified in (i) will help protect the
computer.

[6]

Answers

(i)

Threat Security solution

Phishing Monitoring communication
Brute force attack Authentication
Hacking Firewall/Biometrics
(ii) Two marks for each description

• Monitoring communication
o Checking for spelling & grammar errors
o Reading tone, is the user being rushed? // is the user made to
panic?
• Authentication
o Checks the user is they say they are
o Captcha proves they are not a bot
o Passwords lockout after a set number of attempts
• Firewall
o Monitors traffic coming into and out of the computer system
o Checks that the traffic meets any criteria/rules set
o Blocks any traffic that does not meet the criteria/rules set // set
blacklist/whitelist
• Biometrics
o Data needed to enter is unique to individual
o … therefore it is very difficult to replicate
o Lock out after set number of attempts
Encryption
What is encryption?

• Encryption is a method of converting plain text into ciphered text to be stored

• Encryption uses complex mathematical algorithms to scramble the text
• Asymmetric encryption, also known as private key, public key encryption is
often used for web pages and other communication

What form of attack would this prevent?

• Encryption plays a role in all forms of attack on a network

• It is important to note that it does not prevent the attacks from occurring but
it does stop the attacker from gaining access to the information

Firewall
What is a firewall?

• A firewall is a barrier between a network and the internet

• A firewall prevents unwanted traffic from entering a network by filtering
requests to ensure they are legitimate
• It can be both hardware and software and they are often used together to
provide stronger security to a network
o Hardware firewalls will protect the whole network and prevent
unauthorised traffic
o software firewalls will protect the individual devices on the network,
monitoring the data going to and from each computer

What form of attack would this prevent?

• Hackers
• Malware
• Unauthorised Access to a Network
• DOS/DDOS attacks

Two-factor authentication
What is two-factor authentication (2FA)?

• 2FA is a security measure that requires users to provide two separate

forms of identification to verify their identity
• The purpose of 2FA is to add an extra layer of security beyond just a
username and password
• It usually involves a combination of something the user knows
(password), something the user has such as a smartphone using SMS or
an authenticator application
• The two stages of two-factor authentications are:
 1. the user enters a username and password / pin number
2. The user enters a 1 time unique pin number sent to their mobile device

Username & Password

What are passwords?

• Passwords are a digital lock to prevent unauthorised access to an account

• They are often stored as an encrypted/ciphered text entry in a database,
ensuring that even with unauthorised access to a database, a hacker would
not be able to gain access to the individual passwords of users
• Strong passwords and regular password changes are important to
maintain security
• To maintain a strong password, it is recommended to use a combination of
uppercase and lowercase letters, numbers, and special characters

What form of attack would this prevent?

• Data Interception and Theft

• Physical Security Issues
• SQL Injection

What are the advantages and disadvantages of using passwords?

Advantages Disadvantages
• Passwords that are too complex can be
harder to remember
• Strong passwords are difficult to crack
• Too many passwords are hard to
• Regularly changing passwords increases the
remember
security
• It is harder to choose unique
• Using a range of passwords over the system
passwords if a user is forced to
will prevent or slow unauthorised access to the
regularly update them
full system
• Hackers can break most passwords
using brute force attacks