Рецензенты: кандидат филологических наук, заведующий кафедрой ЯПиМК«СГУГиТ» Жданов С.С.
Д.В. РОМАНОВ
ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ
Новосибирск
СГУГиТ
МИНИСТЕРСТВО ОБРАЗОВАНИЯ И НАУКИ РОССИЙСКОЙ ФЕДЕРАЦИИ
ФЕДЕРАЛЬНОЕ ГОСУДАРСТВЕННОЕ БЮДЖЕТНОЕ ОБРАЗОВАТЕЛЬНОЕ
УЧРЕЖДЕНИЕ ВЫСШЕГО ОБРАЗОВАНИЯ
СИБИРСКИЙ ГОСУДАРСТВЕННЫЙ УНИВЕРСИТЕТ ГЕОСИСТЕМ И ТЕХНОЛОГИЙ (ФГБОУ ВО СГУГиТ)
Д.В. Романов
ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ
Утверждено редакционно-издательским советом университета в качестве сборника текстов и упражнений по английскому языку для студентов- бакалавров по направлению 10.03.01 «Информационная безопасность»
Новосибирск
СГУГиТ
УДК
Авторский знак
Рецензенты: кандидат филологических наук, заведующий кафедрой ЯПиМК«СГУГиТ» Жданов С.С.
Кандидат филологических наук, заведующий кафедрой ИЯ ТФ ФГБОУ ВО «НГТУ» А.И. Бочкарев
Сборник предназначен для студентов 2 курса, обучающихся по направлению 10.03.01 «Информационная безопасность».
Сборник содержит учебные тексты на английском языке по защите информации, а также лексические упражнения, способствующие усвоению соответствующего материала, рекомендованного к изучению программой по дисциплине «Иностранный язык». Также сборник содержит тексты для дополнительного чтения, которые могут быть использованы для самостоятельной работы студентов. Сборник рекомендован к изданию Ученым советом Института геодезии и менеджмента СГУГиТ.
Ответственный редактор – кандидат филологических наук, доцент кафедры языковой подготовки и межкультурных коммуникаций СГУГиТ Е.В.Душинина
Печатается по решению редакционно-издательского совета СГУГиТ
© ФГБОУ ВО СГУГиТ 2016
Оглавление
ВВЕДЕНИЕ............................................................................................................................. 5
UNIT 1.......................................................................................................................... 6
UNIT 2........................................................................................................................... 11
UNIT 3........................................................................................................................... 16
UNIT 4........................................................................................................................... 22
UNIT 5........................................................................................................................... 28
UNIT 6........................................................................................................................ 35
Unit 7........................................................................................................................... 41
UNIT 8........................................................................................................................... 48
TEXTS FOR BACKGROUND READING........................................................................................................................... 53
Text 1........................................................................................................................... 53
Text 2........................................................................................................................... 54
Text 3........................................................................................................................... 54
Text 4........................................................................................................................... 58
Text 5........................................................................................................................... 60
СПИСОК ЛИТЕРАТУРЫ........................................................................................................................... 64
ВВЕДЕНИЕ
Данный сборник предназначен для студентов направления «Основы защиты информации», владеющих иностранным языком на уровне не ниже, чем Pre-intermediate, и содержит тексты по некоторым основным темам сферы информационной безопасности. В текстах содержится терминология, необходимая для специалистов в области защиты информации для профессиональной деятельности и общения с носителями языка. Также для каждого текста разработаны различные лексические упражнения, направленные на формирование, отработку и закрепления различных навыков и умений. Также в данной работе имеются задания для самостоятельной, проектной работы студентов, подготовки докладов для выступления на студенческих конференциях.
Основное внимание уделяется развитию навыков перевода текста, как с английского, так и с русского языка. Все тексты основаны на аутентичном материале (что особенно важно при изучении английского языка вне языковой среды), и являются современными и информативными.
UNIT 1
Ex. 1. Read and translate the text.
Information security
Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security industry standards, as mechanisms of protection and prevention1, at three levels: physical, personal and organizational. Essentially, procedures or policies are used to tell people (administrators, users and operators) how to use products to ensure information security within the organizations.
Information security means protecting information and information systems from unauthorized access2 use, disclosure3, disruption4, modification, recording or destruction.
The terms information security and computer security and information assurance are frequently incorrectly used interchangeably5. However, there are some subtle differences between them.
Information security is concerned with6 the confidentiality, integrity and availability of data regardless of7 the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, corporations, financial and social institutions amass8 a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should9 confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach10 of security could lead to lost business, law suits11 or even bankruptcy of the business.
The field of information security has grown and evolved12 significantly in recent years. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics13 science, etc.
Now let us consider the three components of the information security more closely. Information Security Components (or qualities) are Confidentiality, Integrity and Availability (CIA).
Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and further to a transaction processing network. The system attempts to enforce confidentiality by encrypting14 the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access15 to the places where it is stored. If an unauthorized party obtains the card number in any way, it will result in a breach of confidentiality.
Breaches of confidentiality take many forms. If someone looks over your shoulder at your computer screen while you have confidential data displayed on it, it is a breach of confidentiality. If a laptop computer containing sensitive16 information is stolen or sold, it is also a breach of confidentiality.
Integrity
In information security, integrity means that data cannot be modified undetectably17. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages18, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service19 attacks.
NOTES
1. prevention – предотвращение
2. unauthorized access – несанкционированный доступ
3. disclosure– раскрытие
4. disruption – повреждение
5. interchangeably – взаимозаменяемо
6. to be concerned with – касаться (чего-либо)
7. regardless of – несмотря на
8. amass – накапливать, собирать
9. Should … – зд. в случае если
10. breach – прорыв, нарушение, повреждение
11. law suits – судебные иски
12. evolve – эволюционировать, развивать
13. digital forensics – цифровая криминалистика
14. encrypt – зашифровывать
15. restrict access – ограничить (закрыть) доступ
16. sensitive – зд. важный, секретный
17. undetectably – незаметно
18. power outage – перебой в энергоснабжении
19. denial-of-service – отказ в обслуживании
Ex.7.Answer the questions.
1. What are the main components of Information Security?
2. How can you define the term “Information Security”?
3. What is the difference between Computer Security and Information Security?
4. What will happen if confidential information falls into the wrong hands? Give examples.
5. How many specializations in the field of Information Security can you mention?
6. What is a Breach of confidentiality? Give examples.
7. What is a Breach of Integrity? Give examples.
8. What is a Breach of Availability? Give examples.
UNIT 2
Risk management
Risk management is the process of identifying vulnerabilities1 and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.
There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing iterative2 process. It must be repeated indefinitely. The business environment is constantly changing and new threats and vulnerability emerge every day. Second, the choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.
Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). Vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man-made or act of nature) that has the potential to cause harm. The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property).
Risk assessment3is carried out by a team of people who have knowledge of specific areas of the business. Membership of the team may vary over time as different parts of the business are assessed. The assessment may use a subjective qualitative analysis based on informed opinion, or where reliable dollar figures and historical information is available, the analysis may use quantitative analysis. The research has shown that the most vulnerable point in most information systems is the human user and operator.
In broad terms, the risk management process consists of number of processes that include identification of assets and estimation of their value, conduction of a threat assessment4, vulnerability assessment and procedures required to control them. It’s necessary to evaluate the effectiveness of the control measures without discernible loss5 of productivity.
For any given risk, Executive Management can choose to accept the risk upon the relative low value of the asset, the relative low frequency of occurrence, and the relative low impact on the business. Or, leadership may choose to mitigate therisk6by selecting and implementing appropriate control measures to reduce the risk. In some cases, the risk can be transferred to another business by buying insurance or outsourcing7to another business.
When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls.
Administrative.
Administrative controls (also called procedural controls) consist of approved written policies, procedures, standards and guidelines. They inform people on how the business is to be run and how day to day operations are to be conducted. Laws and regulations created by government bodies are also a type of administrative control. The examples of administrative controls include the corporate security policy, password policy, hiring policies8 etc. Administrative controls form the basis for the selection and implementation of logical and physical controls. Administrative controls are of paramount importance.
Logical.
Logical controls (also called technical controls) use software and datato monitor and control access to information and computing systems. For example: passwords, network and host9based firewalls10, network intrusion detection systems, access control lists, and data encryption are logical controls. A frequently overlooked11 logical control is the principle of least privilege12. This principle requires that an individual, program or system process is not granted any more access privileges than are necessary to perform the task. An example of this principle failure can occur if an individual collects additional access privileges over time. This happens when employeeshave theirjob duties13 changed, or they are promoted, or they transfer to another department. The access privileges required by their new duties are frequently added onto their already existing access privileges which may no longer be necessary or appropriate.
Physical.
Physical controls monitor and control the environment of the workplace and computing facilities. They also monitor and control access to and from such facilities. For example: doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems14, cameras, barricades, fencing15, security guards, cable locks, etc. A frequently overlooked physical control is the separation of duties. Separation of duties ensures that an individual cannot complete a critical task by himself. For example: an employee who submits a request for reimbursement16 should not also be able to authorize payment or print the check.
NOTES
1. vulnerability (security vulnerability) – уязвимость, слабое место
2. iterative – итеративный, повторяющийся.
3. risk assessment – оценка рисков (определение возможных потерь из –за недостатка информации или её утраты при восстановлении системы).
4. threat assessment – оценка угроз
5. discernible loss – ощутимая потеря
6. to mitigate the risk – снижать риск
7. outsourcing – привлечение соисполнителей, аутсорсинг
8. hiring policies – политика найма
9. host – главный компьютер
10. firewall – межсетевой экран (МЭ), брандмауэр, защитная система, сетевой заслон
11. least privilege – минимум полномочий
12. employees' job duties – обязанности сотрудников
13. fire suppression system–система пожаротушения
14. fencing – ограждение, установка ограждений
15. overlook игнорировать, недооценивать, пренебрегать
16. reimbursement – возмещение, компенсация
Ex.7.Answer the questions.
1. How can you define the term “Risk management”?
2. What are the two things that risk management should include?
3. What things should be checked during the risk assessment process?
4. What things does the risk assessment process consist of?
5. What is administrative type of risk control?
6. What is logical type of risk control?
7. What is physical type of risk control?
UNIT 3
Computer viruses
A computer virus is a malware program1 that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive. Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, spamming the contacts etc. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating2 computer programs which install themselves without the user's consent.
The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies3 to evade antivirus software. Motives for creating viruses can include seeking profit, personal amusement, the demonstration of weaknesses4 in software, or simply because of wish to explore evolutionary algorithms.
Computer viruses currently cause billions of dollars worth of economic damage each year, due to causing systems failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free, open-source5 antivirus tools have been developed, and a multi-billion dollar industry of antivirus software vendors are now selling virus protection. There are a lot of various operating systems of which Android and Windows are among the most victimized6. Unfortunately, no currently existing antivirus software is able to catch all computer viruses (especially new ones). Computer security researchers are actively searching for new more effective tools to detect emerging viruses, before they have already become widely distributed.
Types of Infection
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
Viruses - A virus is a small piece of software that piggybacks7 on real programs. For example, a virus might attach itself to a program such as a spreadsheet program8. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.
Worms - A worm is a small piece of software that uses computer networks and security holes9to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
Why a "Virus"?
Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. The term “Virus” was first used by Gregory Benford in his science fiction story “The Scarred Man” in 1970. Then the term was used in academic environment10 by Frederic B. Cohen in early 80-th.
There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA11 inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. Then new virus particles come out of a cell spreading around and infecting the other cells.
A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running12, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things13 a bit, but there are enough similarities14 that the name sticks.
What's a "Worm"?
A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately15 nine hours on July 19, 2001.
A worm usually exploits16 some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem17 in January 2003) exploited a hole in Microsoft's SQL server.
Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent.
All viruses are dangerous and can do nothing good to computer systems and, therefore, their users. So we should not underestimate the danger and should undertake all measures needed to protect our life from them.
NOTES
1. malware program – вредоносная программа
2. self-replicating – само-копирующийся
3. anti-detection/stealth strategies – стратегии скрытности, (позволяющие избежать обнаружения антивирусной программой)
4. weakness – слабое место
5.open-source – в открытом доступе
6.the most victimized – наиболее частые жертвы (компьютерных атак)
7. to piggyback – встраиваться (досл. цепляться за спину)
8. spreadsheet program – программа табличного редактора (типа Excel)
9. security hole – Слабое место (досл. дыра) в системе безопасности
10. in academic environment – (зд.) в академических кругах
11. DNA (Desoxyribonucleic acid) – ДНК (Дезоксирибонуклеиновая кислота)
12. once it is running – как только он запускается
13. to stretch things - преувеличивать
14. similarity – совпадение, сходство
15. approximately – приблизительно
16. to exploit – использовать, применять
17. mayhem – хаос, разгром, неразбериха, беспорядок
E.g. to spam the contact
E-mail viruses usually spam the contacts from the address book of the infected computer.
Ex.7. Give explanation to the following expressions. Use dictionary, if necessary:
e.g. anti-detection strategy –this is a complex of actions which are executed by a malware program in order to avoid the detection by antivirus scanner.
1. Malware program –
2. Worm –
3. Trojan horse –
4.E-mail virus –
5. Self-replication –
6. Denial of service –
7. Open-source software–
8.Security hole –
9.Antivirus scanner–
10.A biological virus –
Types of computer viruses
Computer viruses infect a variety of different subsystems on their hosts. One manner of classifying viruses is to analyze whether they reside in binary executables (such as .EXE or .COM files), data files (such as Microsoft Word documents or PDF files), or in the boot sector of the host's hard drive (or some combination of all of these).
Resident vs. non-resident viruses
A memory-resident virus (or simply "resident virus") installs itself as part of the operating system, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite program code, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. In contrast, a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).
Macro viruses
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails.
Stealth strategies
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Read request intercepts
Some viruses trick antivirus software by intercepting its requests to the OS. A virus can hide itself by intercepting the request to read the infected file, handling the request itself, and return an uninfected version of the file to the antivirus software. The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be given permission to read the infected file, or, the read request will be served with the uninfected version of the same file.
The only reliable method to avoid stealth is to boot from a medium that is known to be clean.
Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures or (we would better say) search strings. If a virus scanner finds such a pattern in a file, it will perform other checks to make sure that it has found the virus, and not merely a coincidental sequence in an innocent file, before it notifies the user that the file is infected. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.
Encrypted viruses
One method of evading signature detection is to use simple encryption to encipher the body of the virus, leaving only the encryption module and a cryptographic key in clear text. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible.
Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses, however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body.
Metamorphic code
To avoid detection by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that utilize this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14,000 lines of assembly language code, 90% of which is part of the metamorphic engine.
UNIT 4
Part 1: the beginning
Although the roots of the computer virus date back1 as early as 1949, when the Hungarian scientist John von Neumann published the "Theory of self-reproducing automata", the first known computer virus appeared in 1971 and was dubbed2 the "Creeper virus". It was written by Bob Thomas. This virus infected Digital Equipment Corporation's (DEC) PDP-10 mainframe computers running the TENEX operating system and displayed a message “I’m the creeper, catch me if you can!”.
The Creeper virus was eventually deleted by a program created by Ray Tomlinson and known as "The Reaper". Some people consider "The Reaper" the first antivirus software ever written, but the Reaper was actually a virus itself specifically designed to remove the Creeper virus.
The Creeper virus was followed by several other viruses. The first known that appeared "in the wild"3 was "Elk Cloner" written by 15-year-old Richard Skrenta (Pennsylvania, USA), in 1981, which infected Apple II computers. It also displayed a short poem message by name “Elk Cloner. The program with personality.”
In 1983, the term "computer virus" was coined by Frederick Cohen in one of the first ever published academic papers on computer viruses. Cohen used the term "computer virus" to describe a program that: "affects other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself." (Note, that a more recent, and precise, definition of computer virus has been given by the Hungarian security researcher Péter Szőr: "a code that recursively replicates a possibly evolved copy of itself")
The first IBM PC compatible4 "in the wild" computer virus, and one of the first real widespread infections, was "Brain" created by the FarooqAlvi Brothers in Lahore, Pakistan in 1986. They were trying to deter unauthorized copying of the software they had written. From then, the number of viruses has grown exponentially. Most of the computer viruses written in the early and mid-1980s were limited to self-reproduction and had no specific damage routine built into the code. That changed when more and more programmers became acquainted with5 computer virus programming and created viruses that manipulated or even destroyed data.
Before internet connectivity was widespread, computer viruses were typically spread by infected floppy disks6. Antivirus software came into use, but was updated infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy disks and hard disks. However, as internet usage became common, viruses began to spread online.
The late 80-th of the 20-th century saw the world-wide growth of both computer viruses and antivirus software. In 1987, Fred Cohen wrote that “There is no algorithm that can perfectly detect all possible computer viruses.”But, nevertheless, in many European countries and also in the USA a lot of computer specialists started to create their antivirus products. Possibly, the first documented removal of an "in the wild" computer virus (i.e. the "Vienna virus") was performed by Bernd Fix in 1987. In 1987, Andreas Lüning and Kai Figge founded G Data Software and released their first antivirus product for the Atari ST platform. Then there was their Ultimate Virus Killer (UVK). In the United States, John McAfee founded the McAfee company and, at the end of that year, he released7 the first version of Virus Scan. In the meanwhile8, in Slovakia, Peter Paško and Miroslav Trnka created the first version of NOD32 antivirus. Finally, in the end of 1987, the first two heuristic antivirus utilities9 were released: FluShot Plus by Ross Greenberg and Anti4us by Erwin Lanting.
In 1988, the growth of antivirus companies continued in Europe: Germany (Tjark Auerbach’s Avira and the first version of AntiVir), Bulgaria (Dr. Vesselin Bontchev), Czech Republic (Pavel Baudiš and Eduard Kučera Avast). Finally, in the autumn 1988, in United Kingdom, Alan Solomon founded S&S International and created his Dr. Solomon's Anti-Virus Toolkit (although he launched it commercially10 only in 1991). In November 1988 a professor at the Panamerican University in Mexico City named Alejandro E. Carriles copyrighted the first antivirus software in Mexico under the name "Byte Matabichos" (Byte Bugkiller) to help solve the rampant11 virus infestation12 among students.
In 1988, a mailing list named VIRUS-L was started on the BITNET/EARN network where new viruses and the possibilities of detecting and eliminating13 viruses were discussed. Some members of this mailing list were: Alan Solomon, Eugene Kaspersky (Kaspersky Lab), Friðrik Skúlason (FRISK Software), John MacAfee and other well-known people.
In 1989, in United States, Symantec (founded by Gary Hendrix in 1982) launched its first Symantec antivirus for Macintosh (SAM). SAM 2.0, released March 1990, incorporated technology allowing users to easily update SAM to intercept14 and eliminate new viruses, including many that didn't exist at the time of the program's release.
So, the Era of antivirus industry began.
NOTES
1. to date back – датироваться
2. was dubbed – был назван (получил прозвище)
3. appeared in the wild – появился в дикой природе
(зд. распространился на компьютеры пользователей)
4. IBM PC compatible – совместимый с ПК IBM
5. to become acquainted with – познакомиться с
6. floppy disk – дискета
7. to release – выпускать (зд. продукцию в продажу)
8. In the meanwhile – в то же самое время
9. heuristic antivirus utilities – утилиты эвристического антивируса
10. to launch smth. commercially – запустить что-л. в массовую продажу (коммерчески)
11. rampant – безудержный, буйный, массово распространенный
12. virus infestation – заражение вирусом
15.to eliminate – уничтожить
16. to intercept – перехватить
UNIT 5
Ex.1. Read and translate the text:
Computer crimes
More and more the operations of our businesses, governments, and financial institutions are controlled by information that exists only inside computer memories. Anyone clever enough to modify this information for his own purposes can reap substantial1 rewards. Even worse, a number of people who have done this and been caught at it have managed to2 get away without punishment.
These facts have not been lost on criminals or would-be criminals3. A recent Stanford Research Institute study of computer abuse was based on 160 case histories, which probably are just the tip of the iceberg. After all, we only know about the unsuccessful crimes. How many successful ones have gone undetected is anybody's guess.
Here are a few areas in which computer criminals have found the pickings4 all too easy.
Banking. All but the smallest banks now keep their accounts on computer files. Someone who knows how to change the numbers in the files can transfer funds at will5. For instance, one programmer was caught having the computer transfer funds from other people's accounts to his wife's checking account. Often, traditionally trained auditors don't know enough about the workings of computers to catch what is taking place right under their noses.
Business. A company that uses computers extensively offers many opportunities6 to both dishonest employees and clever outsiders. For instance, a thief can have the computer ship the company's products to addresses of his own choosing. Or he can have it issue checks to him or his confederates for imaginary supplies or services. People have been caught doing both.
Credit Cards. There is a trend towards using cards similar to credit cards to gain access to funds through cash-dispensing terminals7. Yet, in the past, organized crime used stolen or counterfeit credit cards to finance its operations. Banks that offer after-hours or remote banking through cash-dispensing terminals may find themselves unwillingly subsidizing8 organized crime.
Theft of Information. Much personal information about individuals is now stored in computer files. An unauthorized person with access to this information could use it for blackmail9. Also, confidential information about a company's products or operations can be stolen and sold to unscrupulous10competitors. (One attempt at the latter came to light when the competitor turned out to be scrupulous and turned in the people who were trying to sell him stolen information.)
Software Theft. The software for a computer system is often more expensive than the hardware. Yet this expensive software is all too easy to copy. Crooked computer experts11 have devised a variety of tricks for getting these expensive programs: printed out, punched on cards, recorded on tape or otherwise delivered into their hands. This crime has even been perpetrated from remote terminals that access the computer over the telephone.
Theft of Time-Sharing Services12. When the public is given access to a system, some members of the public often discover how to use the system in unauthorized ways. For example, there are the "phone freakers" who avoid long distance telephone charges by sending over their phones control signals that are identical to those used by the telephone company.
Since time-sharing systems often are accessible to anyone who dials the right telephone number, they are subject to the same kinds of manipulation.
Of course, most systems use account numbers and passwords to restrict access to unauthorized users. But unauthorized persons have proved to be adept at obtaining this information and using it for their own benefit13. For instance, when a police computer system was demonstrated to a school class, a precautious student noted the access codes being used; later, all the student's teachers turned up14 on a list of wanted criminals.
Perfect Crimes. It's easy for computer crimes to go undetected if no one checks up on what the computer is doing. But even if the crime is detected, the criminal may walk away not only unpunished but with a glowing recommendation from his former employers.
Of course, we have no statistics on crimes that go undetected. But lots of them were detected just by accident, not by systematic audits or other security procedures. The computer criminals who have been caught may have been the victims of uncommonly15 bad luck. For example, a certain keypunch operator16 complained of having to stay overtime to punch extra cards. Investigation revealed that the extra cards she was being asked to punch were for fraudulent transactions. An undercover narcotics agent17 stumbled on another case. An employee was selling the company's merchandise on the side and using the computer to get it shipped to the buyers.
Unlike other embezzlers18, who must leave the country, commit suicide, or go to jail, computer criminals sometimes brazen it out19, demanding not only that they not be prosecuted but also that they be given good recommendations and perhaps other benefits, such as severance pay20. All too often, their demands have been met.
Why? Because company executives are afraid of the bad publicity that would result if the public found out that their computer has been misused. They cringe at21 the thought of a criminal boasting in open court of how he juggled the most confidential records right under the noses of the company's executives, accountants, and security staff. And so another computer criminal departs with just the recommendations he needs to continue his exploits elsewhere.
NOTES
1. substantial – существенный
2. They managed to do it – Им удалось сделать это.
3. would-be criminal – потенциальный преступник
4. find the pickings – найти возможность поживиться
5. at will – по желанию
6. opportunities – возможности
7. cash-dispensing terminal – терминал выдачи наличных (банкомат)
8. unwillingly subsidize – невольно способствовать
9. blackmail – шантаж
10. unscrupulous – недобросовестный, беспринципный, нечистоплотный
11. Crooked computer expert – нечестный эксперт по компьютерам
12. Time-Sharing Services – Службы с разделением времени
13. their own benefit – их собственная выгода
14. turn up - оказаться
15. uncommonly – необычно, необычайно
16. keypunch operator – оператор штамповщик (банковских карт)
17. undercover narcotics agent – агент нарко-контроля под прикрытием
18. embezzler – расхититель, казнокрад
19. brazen it out – выкручиваться, изворачиваться
20. severance pay – выходное пособие
21. cring eat – содрогаться при (мысли)
E.g. To go undetected
In early days of computer technics development most of computer crimes and frauds went undetected.
Ex.6. Give explanation to the following expressions. Use dictionary, if necessary:
e.g. Credit card – a rectangle plastic card with embedded electronic microchip, used to get cash from a cash dispenser
1. demand –
2. computer abuse –
3. security procedures –
4. hacker –
5. unscrupulous means –
6. severance pay –
7. undercover agent –
8. wanted criminal –
9. punishment –
10. crime investigation –
Ex.7.Answer the questions:
1. How do we learn about computer crimes?
2. What crimes do criminals commit in the sphere of banking?
3. What crimes do criminals commit in the sphere of business?
4. How do criminals steal money from credit cards?
5. Why do criminals steal information?
6. How do criminals find the pickings in stealing software?
7. Is the password a good way to restrict access to unauthorized user?
8. What are the examples of bad luck that helped reveal crimes?
9. Why do computer criminals often avoid punishment?
UNIT 6
Ex.1. Read and translate the text:
Cryptography
Cryptography or cryptology (from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia, "study", respectively) is the practice and study of techniques for secure communication in the presence of third party called adversary1. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication2, and non-repudiation3 are central to modern science of cryptography. It exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards4, computer passwords, and electronic commerce.
Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message (Alice) shared the decoding technique needed to recover the original information only with intended recipients (Bob), thereby precluding unwanted persons (Eve) from doing the same. The cryptography literature often uses Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become increasingly complex and its application more widespread.
Cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible5 to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power, but these schemes are more difficult to implement than the best theoretically breakable6 but computationally secure mechanisms.
The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Cryptography also plays a major role in digital rights management and copyright infringement7 of digital media.
Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible text8 (called cipher text). Decryption is the reverse, in other words, moving from the unintelligible cipher text back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret (ideally known only to the communicants), usually a short string of characters9, which is needed to decrypt the cipher text. Formally, a “cryptosystem” is the ordered list of elements of finite possible plaintexts, finite possible cipher texts, finite possible keys, and the encryption and decryption algorithms which correspond to10 each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive11) for most purposes. Historically, ciphers were often used directly for encryption or decryption without additional procedures such as authentication or integrity checks.
There are two kinds of cryptosystems: symmetric and asymmetric. In symmetric systems the same key (the secret key) is used to encrypt and decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths. Asymmetric systems use a public key to encrypt a message and a private key to decrypt it. Use of asymmetric systems enhances12 the security of communication. Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman13), and ECC (Elliptic Curve Cryptography14). Symmetric models include the commonly used AES (Advanced Encryption Standard15) which replaced the older DES (Data Encryption Standard16).
In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning. It means the replacement of a unit of plaintext (i.e. a meaningful word or phrase) with a code word (for example, "wallaby" replaces "attack at dawn").
Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations17.
Some use the terms cryptography and cryptology interchangeably in English, while others (including US military practice generally) use cryptography to refer specifically to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis. English is more flexible than several other languages in which cryptology (done by cryptologists) is always used in the second sense above. RFC 282818 advises that steganography19 is sometimes included in cryptology.
The study of characteristics of languages that have some application in cryptography or cryptology (e.g. frequency data, letter combinations, universal patterns, etc.) is called cryptolinguistics20.
NOTES
1. adversary – противник, оппонент, враг
2. authentication – аутентификация
3. non-repudiation – безотказность
4. ATM cards (Automatic Teller Machine card) – пластиковая банковская карта для банкомата
5. infeasible – невыполнимый, неосуществимый
6. theoretically breakable – теоретически подверженный взлому
7. copyright infringement – нарушение авторских прав
8. unintelligible text – непонятный (неразборчивый) текст
9. string of characters– строка символов
10. correspond to - соотноситься
11. counter-productive - контрпродуктивный
12.enhance – усиливать, повышать
13.RSA (Rivest-Shamir-Adleman) – фамилии ученых, создавших систему криптографии.
14.ECC (Elliptic Curve Cryptography) – криптография на эллиптических кривых
15. AES (Advanced Encryption Standard) – продвинутый стандарт шифрования
16. DES (Data Encryption Standard) – стандарт шифрования данных
17. implementation – осуществление, реализация, применение
18. RFC 2828 (Request For Comments) Глоссарий терминов интернет безопасности
19. steganography – стеганография
20. cryptolinguistics – криптолингвистика
RSA Cryptosystem
RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, had developed an equivalent system in 1973, but it was not declassified until 1997.
A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message. Breaking RSA encryption is known as the RSA problem; whether it is as hard as the factoring problem remains an open question.
RSA is a relatively slow algorithm, and because of this it is less commonly used to directly encrypt user data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in turn can perform bulk encryption-decryption operations at much higher speed.
The idea of an asymmetric public-private key cryptosystem is attributed to Whitfield Diffie and Martin Hellman, who published the concept in 1976. They also introduced digital signatures and attempted to apply number theory; their formulation used a shared secret key created from exponentiation of some number, modulo a prime number. However, they left open the problem of realizing a one-way function, possibly because the difficulty of factoring was not well studied at the time.
Ron Rivest, Adi Shamir, and Leonard Adleman at MIT made several attempts over the course of a year to create a one-way function that is hard to invert. They tried many approaches including "knapsack-based" and "permutation polynomials". For a time they thought it was impossible for what they wanted to achieve due to contradictory requirements. In April 1977, they spent Passover at the house of a student and drank a good deal of Manischewitz wine before returning to their home at around midnight. Rivest, unable to sleep, lay on the couch with a math textbook and started thinking about their one-way function. He spent the rest of the night formalizing his idea and had much of the paper ready by daybreak. The algorithm is now known as RSA – the initials of their surnames in same order as their paper.
Clifford Cocks, an English mathematician who worked for the UK intelligence agency GCHQ, described a