Essential Knowledge:

**IOC-2.A.5** Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions. **IOC-2.A.6** Search engines can use search history to suggest websites or for targeted marketing. **IOC-2.A.7** Disparate personal data, such as geolocation, cookies, and browsing history, can be aggregated to create knowledge about an individual. **IOC-2.B** Explain how computing resources can be protected and can be misused. **IOC-2.C** Explain how unauthorized access to computing resources is gained.

Safe Computing

**IOC-2.A.5** Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions. **IOC-2.A.6** Search engines can use search history to suggest websites or for targeted marketing. **IOC-2.A.7** Disparate personal data, such as geolocation, cookies, and browsing history, can be aggregated to create knowledge about an individual.

Personal Identifiable Information (PII)

Personal Identifiable Information (PII): Information about someone that can be used to identify them.

  • Name

  • Race

  • Age

  • Phone number

  • DOB

  • Email

  • Address

  • Credit Card

  • Medical Information

  • Biometric Data

Credit card, medical, and biometric information can not be shared without your consent.

Others can use it to steal your identity, money, or other personal information.

Search engines collect information without you knowing. They collect information about a user’s devices, networks, and websites visited and often use it to suggest things for you. The information we put out there is often there permanently.

Good and bad things about PII

Good:

  • It can be used to enhance user experience by suggesting things that you like

  • The user can access websites and other info by looking at their history

Bad:

  • Others can exploit it to access a user’s personal information

  • Ex: If you book a trip to another country, this is what happens

    • The search engine knows all the details of your trip, such as dates, places, hotels, etc.

    • The second you search something up, it knows your IP address and email (from your user info)

    • Your internet service provider provides your name and address

    • The federal government has access to where you are traveling

    • Dozens of sites are tracking your information via your use of cookies

    • And even when you don’t have a device, cameras might be tracking you

Risk to Privacy

  • Information you put online is very difficult to delete

  • Information that you put online, knowingly or unknowingly can be used to know very personal information that you might not intend to share.

Popcorn Hack 1:

List at least three apps or websites that might use PII:

  • 1: Spotify
  • 2: Snapchat
  • 3: Hospital websites

Authentication

**IOC-2.B** Explain how computing resources can be protected and can be misused.

Authentication measures protect devices and information from unauthorized access

Authentication measures:

  • Strong passwords

  • Multi-factor authentication

Strong Passwords:

  • 10 or more characters

  • Must contain a symbol

  • Must contain a number

  • Must contain lowercase and uppercase letters

Multi-Factor Authentication

  • Types of Authentication:

    • What You Know (IE: Your Password)

    • What You Have (IE: Personal Information)

    • What You Are (IE: Fingerprint)

  • Why Use?
    • Multi-Factor Authentication ensures that there’s two steps before gaining access to personal or important information instead of strictly using a password. Examples of this are connecting phone numbers to accounts or connecting emails to accounts.
  • Viruses and Malware:

    • Viruses: Malicious programs that can copy themselves and gain access to systems that they are not supposed to be allowed in

    • Malware: Often intended to damage a computing system or take partial control over its operation

      • It can infiltrate a system by posing as legitimate programs or by attaching itself to legitimate programs, like an email attachment
    • Virus scans can help to prevent malicious code from getting into and affecting your system

Encryption and Decryption:

  • Once legitimate access to a system is gained, it is important to ensure data sent to and from the system remains uncompromised

  • Encryption: The process of encoding data to prevent unauthorized access

  • Decryption: The process of decoding data

    • Two Types

      • Symmetric Encryption: one key used to both encrypt and decrypt data (IE: Caesar Cipher)

      • Asymmetric encryption

        • Public Key Encryption: uses two keys

          • A public key for encrypting

          • A private key for decrypting

        • A sender does not need the receiver’s private key to encrypt a message

        • The receiver’s private key IS required to decrypt the message

Digital certificates:

A certificate authorities issue digital certificates that validate the ownership of encryption keys used in secure communication and are based on a trust model. It makes sure that the decryption key that people recieve are issued by users or owners that own a true trusted key.

Popcorn Hack 2:

Create an encrypted code using symmetric encryption, and provide the code, and the actual message:

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64

# Generate a random key for AES
key = get_random_bytes(16) # AES key must be either 16, 24, or 32 bytes

# Initialize AES cipher in Electronic Codebook (ECB) mode
cipher = AES.new(key, AES.MODE_ECB)

# The message to encrypt
message = "Secret Message"

# Padding message to make its length a multiple of the block size (16 bytes for AES)
def pad(s):
    return s + (16 - len(s) % 16) * chr(16 - len(s) % 16)

# Encrypt the message
encrypted_message = cipher.encrypt(pad(message).encode())

# Encoding the encrypted message and key to base64 to make them readable
encoded_encrypted_message = base64.b64encode(encrypted_message).decode()
encoded_key = base64.b64encode(key).decode()

encoded_encrypted_message, encoded_key

Risk Factors

**IOC-2.C** Explain how computing resources can be protected and can be misused.
  • Phishing: Tricking a user into giving personal information such as usernames, passwords, account numbers, or social security numbers.

    • Phishing emails: These emails look like companies you know and trust. These fake emails will trick you into clicking a link or an attachment

      • These links will either put a virus on your computer, send you to a website that looks like the real thing, or a keylogger.
  • Keylogger: records keys typed on the keyboard to gain access to a username, password, or any other personal information.

    • How do keyloggers get onto your computer?

      • One way is by plugging in a physical device to your computer.

      • Phishing emails through links

      • Clicking on a bad website

  • Rogue access point: wireless network giving unauthorized access to secure networks

    • People intercept data traveled as it travels through networks.

      • Ex: A router installed in a secure network within an organization. A person could easily access the network and install any software, intercept communication, or steal network information.
    • Normal people trying to access their computers more easily leads to a lack of security. This makes it easy for other people to access the network.

Popcorn Hack 3:

Go to a website that checks your password and make a strong password.

IL0VeCoMpUterSciEnCE1221$$

Homework

Please answer these questions and send them to Daniel Lee on Slack. Graded on accuracy.

1. What is Personal Identifiable Information (PII)?

Personal Identifiable Information (PII) is any data that can be used to identify a specific individual. Examples include a person’s name, social security number, and date of birth.

2. List three examples of PII:

Social Security Number Driver’s License Number Email Address

3. What is a possible risk or con to using PII?

The misuse or theft of PII can lead to identity theft, financial fraud, and unauthorized tracking of an individual’s activities.

4. What are traits of a strong password?

A strong password typically includes a mix of upper and lower case letters, numbers, and special characters. It should be unique and not easily guessable, like common phrases or personal information.

5. What does having a strong password prevent?

A strong password helps prevent unauthorized access to accounts, protecting against hacking, identity theft, and data breaches.

6. What are the two types of decryption and what is the difference between the two?

The two types of decryption are symmetric and asymmetric. Symmetric decryption uses the same key for encryption and decryption, whereas asymmetric decryption uses a public key for encryption and a private key for decryption.

7. What is phishing?

Phishing is a cyber attack that uses deceptive emails or websites to trick individuals into revealing personal information, such as passwords and credit card numbers.

8. What is a way a keylogger can get into your computer?

A keylogger can enter a computer through malicious software (malware) embedded in email attachments, downloaded files, or compromised websites.

9. What is a rogue access point and how is it used?

A rogue access point is an unauthorized Wi-Fi access point set up to intercept or hijack wireless communications. It is often used in cyber attacks to capture sensitive data transmitted over a network.