Information Technology Abuse -- Privacy Issues (Part 2 of 2)

Abstract

This article is a continuation of last week's issue of the Infopackets Gazette. This article presents an overview of current privacy issues, discusses potential methods in which an individual's privacy may be jeopardized, and examines specific countermeasures that can be used to protect private information.

Information Technology Abuse -- Privacy Issues (Part 1 of 2)

--

Third Layer: Firewalls, Web Filters, and Tracking Detection

Firewalls: Any computer system that accesses the Internet should be equipped with a firewall to enable the user to detect and prevent unauthorized access to the computer through the Internet connection. This writer uses the Norton Internet Security Suite as his primary firewall. This application provides an integrated system for intrusion attempt detection, blocking advertisements on the Internet, anti-virus scanning, and privacy filtering to prevent private information like credit card numbers from being sent out to the Internet. An alternative free firewall application called "Zone Alarm" can be obtained from zonelabs.com.

Web Filters: Internet browser applications keep a record of which site was just visited (in case the user hits the "back" button). This information can be obtained and recorded by websites. Therefore, if a person visits a website where anarchy, AIDS, or atheism are discussed and then proceeds to online shopping sites where they complete order forms, or otherwise divulge their identity, this tracking could lead to an undesired disclosure of information about their interests. An online demonstration of this disclosure can be viewed at privacy.net. To control the information a browser discloses a tool called "The Proxomitron" is available from thewebfairy.com. For users who prefer not to have web filtering software installed on their computer, a similar result can be achieved by utilizing online web filtering tools such as Anonymizer at anonymizer.com or Rewebber at rewebber.de.

Tracking Detection: Because website tracking occurs invisibly it is difficult to detect which websites may be keeping an ongoing record of a user's activities. One free product that makes this information available to a user is the "Privacy Companion" from idcide.com. Home computer tracking programs, such as the previously mentioned "Spector", can be detected and deactivated by performing a scan using a product called "Who's Watching Me" that is available from trapware.com.

Forth Layer: Trojan, Key Logger, and Spyware Detection

If the first three layers of defense fail and unauthorized access to the computer does occur, it is important to be aware of the intrusion so that it can be dealt with as quickly as possible. Specialized detection software is needed for this purpose because trojan, key logging, and spyware programs can be designed to run "invisibly" and will appear neither in the Windows system tray, nor in the task manager window that appears when CTRL-ALT-DEL is pressed once. Two free programs that assist in the detection of intruders are "Regmon" which provides a real-time display of all changes to the Windows registry, and "FileMonitor" which displays all file opening and closing activity as it is occurring. These two programs are available from sysinternals.com.

Trojan Detection: One extremely useful program for trojan detection is called "Trojan Monitor" and is a component of a program called "The Cleaner" from moosoft.com Trojan monitor constantly watches all of the critical system files and registry settings and will immediately sound an audible alarm and generate a flashing warning signal if any program attempts to modify these settings. Trojan monitor will then identify the specific setting that is causing the alarm and give a user the option of whether or not to allow the change to proceed. A high quality freeware alternative for trojan scanning and removal is a product called "Trojan First Aid Kit" (TFAK) available from wilders.org.

Spyware Detection: The leader in spyware detection is a program called "Ad-Aware". It is freely available from lavasoftUSA.com, and the program offers a live update feature to keep its list of spyware programs current. In a matter of minutes, Ad-Aware can scan the contents of an entire computer, identify any spyware programs, and offer to delete them. As a secondary means of confirming a suspected file's status, an online spyware database is available for searching at spychecker.com.

Key Logger Detection: An old, but free, program called "Hook Protect" from softsecurity.com scans a computer for any signs of monitoring software. A similar, but more recent, Key Logging detection program is called "Anti-Key logger" from anti-keyloggers.com.

Fifth Layer: Minimize Exposed Information

In the event that all of the foregoing methods fail and an intrusion of the computer does occur, it would be wise to limit the information to which the intruder can have access. This "fall-back" position would include techniques to securely delete unneeded sensitive information and encrypt sensitive information that must be retained on the system.

Secure Deletion: The Windows operating system does not delete files. Even the action of "emptying" the recycle bin does not cause the files to be destroyed. Emptying the recycle bin merely marks the memory space storing a document as "available" for recording future data. It is not until the data is overwritten many times that it actually becomes unrecoverable.

Several programs exist to allow users to accomplish actual deletion of files containing sensitive information. A few of these are listed below:

"BC Wipe" is a multi-function secure deletion tool available from jetico.com. It clears and overwrites the Windows swap file (WIN386.SWP), file slack space, and the unused space on a hard drive. All of these areas can potentially contain private information (File Slack Defined, 2000; Windows Swap File defined, 2000). The BC-Wipe program offers various options for data deletion ranging from a fast single overwrite up to capabilities that meet U.S. Department of Defense data destruction requirements for classified information.

"Clean System Directory" from theabsolute.net is a free application that allows users to remove dynamic linked library files (.dll) that were left behind when their corresponding applications were uninstalled. From a privacy standpoint, the removal of these files prevents someone from examining the Windows system folder and determining what programs were previously installed.

"Clean Up!" is a free program from "The Strangely Green Chicken Company" at free.prohosting.com. With only a single mouse click, it searches for and deletes files containing private information about Internet activity. This program's deleted files include the "Index.dat" files that contain a cumulative list of every website visited. A user attempting to simply delete the Index.dat files without such a program will discover that Windows blocks user access to these files.

"Empty Temp Folders" from danish-shareware.dk is a free multi-function application which allows users to selectively delete cookies, Internet history items, and temporary files, in addition to clearing the Windows "clipboard", and finding broken links to files that have been deleted. Finding and deleting broken links to deleted files, is one of the "loose ends" that can disclose a user's activities on a computer.

"Properties Plus" from ne.jp is a free program that allows a user to alter the Time/Date "stamp" that Windows places on every file. This Time/Date information can be used not only to see when a user created, modified, or last accessed a particular file, but by analyzing the Time/Date stamps of files in conjunction, a detailed usage pattern can be deduced. A manual method to achieve "Time/Date" stamp modifications is to copy a file from one hard drive to another, and then copy the file back again. However, the manual method only resets the dates and times to when the file was re-copied.

"RegCleaner" (not to be confused with Microsoft's unsupported product RegClean) is a free program available from jv16.org. Many programs leave behind telltale registry entries when they are uninstalled. Although not specifically designed as a "privacy tool" per se, this product enables a user to search out and eliminate all references to previously installed programs, thus, denying this information to anyone later examining the computer. An unintended consequence of this cleaning is that it allows many shareware programs to be repeatedly reinstalled after their expiration dates, since these programs use these hidden "registry- leftovers" to identify which computers have previously installed the shareware.

Encryption: The leading encryption product for home use is "Pretty Good Privacy" (PGP) from pgpi.org. However, use of this product is somewhat complicated and can cause it to go unused - resulting in no privacy protection whatsoever. After examining various encryption products, it is this writer's view that "Silver Key" from bestcrypto.com is vastly easier to use and sufficiently secure. It costs only $19.95 and allows drag and drop encryption of complete folders using the state-of-the-art AES encryption algorithm. A freeware version called "Iron Key" is also available. It is similarly quick and easy to use, but can only encrypt one file at a time and uses the DES encryption algorithm that was cracked in 22 hours and 15 minutes at a 1999 contest sponsored by RSA Security (Crume, 2000).

One disadvantage of encryption is that an encrypted file, folder, or hard drive can be tantamount to a "red flag" identifying information as sensitive. An alternative to encryption that does not have this problem is steganography. Steganography is concealment of private information within an image or sound file (Andrews, n.d.). A program using this technology called "EyeMage" is free from proporta.com. EyeMage's graphical interface makes the encoding/decoding process so very simple that a small child could easily use it.

Sixth Layer: Scorched Earth Policy

In certain rare circumstances, the cost of disclosure for private information might outweigh the cost of the computer on which the data is stored. Diagrams of not-yet patented inventions, soon-to- be published research results, and confidential client files of doctors or attorneys are just a few types of materials for which unauthorized disclosure could be catastrophic. In these situations, extreme failsafe protection might be needed. Methods for this could range from the use of harmless tricks to put the computer's software in limbo, to more extreme methods that prevent data disclosure by permanent destruction of the computer's hardware. In any instance where data is critical enough to warrant this degree of protection, it is assumed that a user will have properly backed up the data in an alternate secure location.

Pre-Windows Loop: By a simple modification of the Autoexec.bat file, a user can place a computer into an endless loop that prevents Windows from loading. An instructional CD by "Canadian Tom" (Yeoman, 2001) lists the following as a method to accomplish this.

In the autoexec.bat file insert each the following on a separate line:

echo off cls :loop echo "Unauthorized Access Attempt Detected ! System Halted." pause goto loop

Restarting the computer (which is the well-known bypass method for Windows screensaver passwords) will not bypass this loop. Pressing the specific key combination disclosed on the CD will discontinue the loop cycle and allow Windows to load. A significant benefit of a pre-Windows loop is that it's password is a combination of keys which is difficult to guess and which cannot be ascertained by keystroke logging programs which start only after Windows is loaded.

Windows Self Shut-off: This method is employed by the creation of a desktop shortcut that forces Windows to shut off and placing the shortcut within the Windows startup sequence. If an unauthorized user attempts to start the computer, Windows will shut itself off during the startup sequence and access to the system will be delayed or denied completely depending upon the intruder's level of expertise with Windows. This shortcut can be created and removed as follows: Right click on an unoccupied space of the Windows desktop. Select New|shortcut. Enter the command line data: "c:\windows\rundll.exe user.exe,exitwindows" (without the quotes), and then drag and drop the new shortcut into the Start Menu's Programs|Startup folder. To deactivate this shutdown sequence, press F-5 during the startup to initiate a "safe mode" startup, then delete the shortcut from its location in the startup folder.

Booby Traps: One method of preventing an unauthorized person from having free reign to perform a methodical search of a computer system is to make use of "live" virii to create a land- mine effect. As a quick search of the Internet demonstrates, virii can be freely downloaded from Internet sources such as hackerscenter.com. These virii can be interspersed among the files and folders containing critical information, and will present no danger to the computer system as long as they are not clicked or executed. However, an anti-virus program with real-time file protection might detect the virii and quarantine them, which would negate their purpose. For this reason, this method would require that anti-virus software be deactivated when the computer is unattended.

In addition to virii, programs can also be easily located on the Internet that will temporarily protect data by deleting a computer's hard drive partitions (DEBUG script, 2001), file allocation table, or CMOS settings (Woolham, n.d.). Programs such as this can be exceedingly small.

Use of Hardware Self-destruct Mechanisms: Computer storage media consists primarily of magnetically charged particles located on disks within a hard drive. For this reason, any strong magnetic field can rapidly destroy large amounts of stored data. Devices known as "degaussers" are routinely used for this purpose. For less than $100 a degausser can be purchased from datadev.com. This device is small enough to be hidden inside a computer's casing adjacent to the hard drive and can be wired to operate from a computer's power supply with only minor modifications.

Conclusion

As technology continues to advance, so do the methods in which an individual's private information may be procured and misused. The solution to avoiding the dystopian future portrayed in the novel "1984" (Orwell, 1949) lies not in a Unabomber-like attitude of seclusion from all technology, but rather in assuming the responsibility for educating ourselves about protection of privacy, and taking prudent privacy protection measures. This exemplifies the saying that "Freedom is not free". It may be that in an age where terrorism is so prevalent, some degree of surveillance is a necessary evil, but forsaking our freedoms cannot protect freedom.

A watched people are not free; especially where they must pay the salaries of their watchers.

In the course of researching and writing this paper, this writer has grown even more aware of how complicated privacy protection methods can prove to be. The task of attempting to write a cogent explanation of Windows processes that are normally hidden from view, has provided this writer with an appreciation of how difficult this subject can be for new users. To keep abreast of new privacy threats spawned from advances in technology seems an almost insurmountable task, but it is one that is necessary if freedom is to survive the information age. "