Sunday, February 14, 2010


Advertisers, hackers, scammers, private investigators, and government agencies all have motivations to learn as much as they can about Internet users
in general and about specific Internet user activities and habits. Advertisers and their agencies must get their product or service information to potential customers. Hackers and scammers are interested in pushing their abilities to gain access, sometimes to wreak havoc, other times to take advantage Private investigators and government agencies have new surveillance challenges because of the Internet.
For each of these situations, two events need to occur: the intruder must learn how to identify the “target” computer, and the intruder must establish a communication with the “target” computer. The communication might be in the Unsolicited Web Intrusions: rm of sending an e-mail or pop-up window directly, or it might involve monitoring keystroke or mouse click activities, reading stored data, or modifying messages sent to the target browser by other computers.
For the purpose of identifying the target computer, a variety of techniques and technologies might be utilized. The two primary types of addresses are e-mail addresses and IP addresses (with or without the associated domain names). These addresses are available directly through a wide variety of listings and services, some of which users have willingly subscribed to, some of which users inadvertently or unwittingly participate in, and some of which are collected in clearly surreptitious ways that users must go to great pains and sometimes expense to avoid. In addition to listings that are available or created by third parties, intruders sometimes generate addresses and send probing messages, looking for an active target computer and a response. These addresses might be constructed randomly or use patterns composed of frequently used names, words, or other standard addressing combinations. Both IP addresses and e-mail addresses are used in this type of probe.
Internet users are often unaware of the intrusive capabilities of Internet technologies and the behaviors that permit the intrusions to occur. In addition
to Web surfing through a browser, many Internet users routinely participate in
chat sessions; play online games; register for prizes; respond to offers for free
software and services; and register preferences for news, sports scores, stock
quotes, music, entertainment, credit checks, and other seemingly innocuous elements. Furthermore, Internet users often search the Web for medical advice, financial advice, career advice, and the like — never suspecting that someone along the way might begin tracking the clicks for the purpose of targeting advertisements, profiling the user, or conducting surveillance activities. Any of these activities subject the target computer to intrusions such as pop-up window advertisements, click tracking, data retrieval, and browser hijacking .
Software and service providers are readily available to accommodate the needs of individuals and companies who wish to collect information from and about Internet users including their personal habits and data.
Many of these software and service providers are using the same technologies
that companies use to track the online activities of their employees. And even
in work-related use situations, Internet users are often trapped into giving personal information in exchange for the ability to access needed sites. Once
given, this information — without context, consent, or verification — is often
sold, used for other purposes, mined with other data to create profiles, or used
directly for targeting advertising pop-up windows or e-mails.
The result can be that unexpected, unsolicited, and unwanted messages can appear on an employee’s computer screen or in an employee’s e-mail, or the employee’s browsing can be interrupted because scumware has hijacked the browser and provided links to sites other than those that were intended and appropriate.

No comments:

Post a Comment