Back to Questions
Cybersecurity Penetration Testing Subjective
May 20, 2013

Who Is Spying?

Detailed Explanation

The people who use spyware include
•online attackers
•marketing organizations
•organized crime
•trusted insiders

Online Attackers
Online attackers’ primary interest in spyware is using it to steal personal information for financial crimes such as carding (illicit trafficking in stolen credit card and credit card information) and identity theft, or to sell that information to someone else who then executes more traditional financial crimes.

Marketing Organizations
Marketing organizations are interested in personal information such as email addresses, online shopping and browsing habits, keywords in search queries, and other personal and trend-related information that can be used to execute marketing campaigns like spam, spim (unsolicited messages received via instant messaging systems), browser popups, home page hijacking (changing the default web address for a user’s browser), and more.

Spying by a Trusted Insider
Trusted insiders include those who have physical access to computer systems for legitimate purposes. Some examples are employees, contractors, temporary workers, and cleaning crews. A trusted insider might be, for example, an employee who uses spyware to collect corporate information that can be sold in the underground economy, used for blackmail, or used to gain access to more valuable information at some later time.

Another example of the trusted insider group includes family members or close relations such as spouses or significant others trying to catch inappropriate behavior or infidelity.

Data Gathered by Spyware
Spyware can monitor nearly any activity or data related to your computing environment. This is not limited to files on your hard drives but can also include temporary data such as screen shots,keystrokes, and data packets on connected networks.

When spyware is running on a computer system, there is almost no data outside the reach of a malicious programmer. Commonly targeted data includes
•internet activity
•email and contact information
•Windows Protected Store data (defined below)
•clipboard contents
•keystrokes
•screenshots
•network traffic

Discussion (0)

No comments yet. Be the first to share your thoughts!

Share Your Thoughts
Feedback