!
Describe the implications of the Computer Misuse Act
Describe the purpose and pros and cons of cookies
Describe the use of encryption in electronic communication
The Computer Misuse Act (1990) deals with the misuse of computing technology to hack into confidential data and to send destructive viruses to other people’s computers.
Hacking has been around as long as the internet
This is the lowest level of offence and can come with a 6 month jail sentence/large fine
This relates to any steps someone takes to gain access to a computer system.
For example:
Trying to guess someone’s password to gain access to their computer to look at stored data
Using a trojan horse that allows remote access the search someone’s hard drive over a network
Using a keylogger to steal a password for a co-worker or manager to view data that you are not allowed to see
Logging on with someone else’s password to a computer system
Unauthorised access with intent to commit a further offence is even more serious. This builds on the previous offence. The key difference here is the addition of “intent to commit”
It therefore includes guessing or stealing a password and using that to access for example someone’s bank account and transferring money
This part of the act deals with actions that can cause changes or damage to the computer’s programs and data
Originally this was intended to deal with offences where people had deliberately destroyed data or deliberately spread a computer virus. Nowadays it includes “impairing” the operation of a computer to include ransomware and DOS attacks
Penalty of 5 years in jail and/or fine
Deliberately spreading a computer virus (writing a virus is not an offence but prosecutors would have to prove the intent to cause harm)
Gaining access to a computer system and deleting contents as part of a revenge attack
Deploying ransomware to encrypt data and ask for a sum of money to provide the key
Deliberately spreading a computer virus (writing a virus is not an offence but prosecutors would have to prove the intent to cause harm)
Gaining access to a computer system and deleting contents as part of a revenge attack
Deploying ransomware to encrypt data and ask for a sum of money to provide the key
A participant manages to access a file and change their own score.
State two different offences the participant has committed under the Computer Misuse Act 1990.
2 marks
SQP Q18 c)
Research a real life example of someone being charged under the Computer Misuse Act 1990. Discuss:
A cookie is a small data file that is created when you access a website
These can be used to store your personal preferences or login details so you don’t need to re-enter them
Cookies are stored on the client device rather than server as they are personal to you
Tracking cookies allow your data to be recorded and transmitted back to the cookie’s author
Tracking cookies are used to gather marketing information, which can help target personalised ads
They can also be obtained by a hacker or malicious piece of software, allowing them to log into a website as you very easily
Have you ever noticed the option that says something like Remember Me? when you sign in? This uses a cookie to remember your details.
Specifically, a cookie like this often stores a hash of your username and password as well as a unique code. Every time you visit the website, this cookie is transmitted and you are able to login. If another person gets hold of this cookie, they can simply login as you.
Other cookies such as tracking cookies are used to keep counts of how many unique visitors come to a website, but they also can be used to monitor your own unique browsing habits. Google Analytics is one such system that does this.
Look for the _ga cookie on your browser to see if the website uses Analytics.
Cookies can also hold personal information, though not much since cookies are limited to 4096KB of data.
Paul Hibbert, a smart home enthusiast on YouTube, was hacked in January 2023 as he opened a file which collected cookies from Google Chrome. The hacker then added the cookie to their own device and was able to log into his accounts straight away.
That's Paul by the way!
Tracking cookies can be created and used when browsing a website.
Describe a security risk associated with tracking cookies.
1 mark
2017 Q5
A Denial of Service (DoS) attack is when a network, server, or a resource is put under so much pressure that the network cannot provide its normal services to legitimate users.
DoS Attacks involve attackers bombarding the network with a high volume of data is a short period of time so that the network cannot cope.
For example, an attack was launched in 2022 by several computers across Russia to attempt to take down several servers across the world.
A Denial of Service (DoS) attack is when a network, server, or a resource is put under so much pressure that the network cannot provide its normal services to legitimate users.
DoS Attacks involve attackers bombarding the network with a high volume of data is a short period of time so that the network cannot cope.
For example, an attack was launched in 2022 by several computers across Russia to attempt to take down several servers across the world.
The symptoms of a DoS attack are that the performance of the website or system becomes slow or grinds to a halt and prevents the users from accessing data held on the website or system.
For example, when too many people are trying to access a service at the one time.
Denial of Service causes major disruption to users and businesses; users are unable to access the services they need and business lose money due to the inability of their users to access the systems.
The costs of DoS attacks are:
Loss of business during downtime
The cost of repair and response to the attack
Loss of confidence of users
There are three main types of DoS attack:
Bandwidth consumption - sending a large number of packets over a short period of time, effectively swamping a server (most servers can have 2 million open connections at once)
Resource starvation - this is when an attack consumes other resources in order to bring the server down or make it unresponsive. For example, with certain free online applications you can save to the cloud and this type of DoS attack aims to save as much as possible to the server so that it runs out of space.
DNS attacks flood the domain name server with several requests from a fake IP address. It is essentially a DNS attack on a DNS server.
Financial – Bringing down a commercial website will cost that company money
Malicious – Individuals think that it’s good fun to bring down an organisation’s network
Political – DoS attacks can be politically motivated such as an attack on a government network or to prevent access to the website of a political rival
Personal – Disgruntled employees who have a grudge might use a DoS attack as revenge
A theme park is aware that their website might be subjected to a DoS attack.
State the effect on customers of a DoS attack.
1 mark
2019 Q19 d)
Most data sent on a network is sent in the form of text files. This data can be easily intercepted and read.
Encryption is the process of turning plain text files into a form that only authorised people can read.
Unauthorised people will just see a meaningless string of letters and numerals (known as cipher text)
Hello
kgnnq
There are two types of encryption.
Symmetric Encryption
Asymmetric Encryption
Symmetric Encryption uses a single ‘key’ to both encrypt and decrypt a file. Once that ‘key’ is found all messages sent this way can be read or fake ones sent (as used by the Enigma machines in WWII)
Encryption ‘keys’ are based on extremely large prime numbers chosen at random.
With symmetric key encryption only one key needs to be created – this can eventually be ‘guessed’ by ‘brute force’ software
With asymmetric encryption, two keys (the ‘private’ key and the ‘public’ key) are created that are mathematically linked together.
With this it is also impossible (or infeasible), that, if someone knows one of the keys, they could work out the other
A public key is used to encrypt personal data and the private key is used to decrypt the data.
Everyone has access to the public key
Only you have access to the private key
Security of this encryption relies on the secrecy of the private key
Jamie is going to send Beth a message.
Jamie uses Beth’s Public Key to encrypt the message
The message is then sent to Beth
When Beth gets the message she takes her private key (that only she can see) and decrypt the message from Jamie
Public keys – everyone can see and are used to encrypt a message.
Private keys – only you can see and are used to decrypt a message.
Keys work as a pair. You can only use Private Key A to unlock a message encrypted with Public Key A.
When people make donations their payments must be kept secure.
Describe how encryption is used to ensure the secure transmission of data
2 marks
2019 Q13 (e)
A digital certificate is an electronic document that contains a digital signature, which confirms the name and identity of a person or organisation
Digital certificates authenticate a person, allowing them to exchange data over the internet using a public key
Digital certificates are issued by trusted entities called certificate authorities
A digital certificate is exceptionally hard to forge and can be trusted as it will have been issued by a trusted agency.
A digital certificate contains the name of the certificate holder, serial number, expiry dates, public key for encrypting messages and the digital signature of the certificate issuing authority
Google will rank websites without a certificate lower in search results
Tomek is planning to sell band merchandise through his website.
Explain why the presence of a digital certificate will improve customer confidence when buying from the website
2 marks
2016 Q19 (e)
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and ensure that the original content of the message or document has not been tampered with
Digital signatures are easily transportable, cannot be forged by someone else, and can be automatically time stamped.
Digital Signatures are supported by a wide variety of software packages used by business. This ensures that legally important messages arrive intact, are timestamped and can be trusted to be genuinely from the sender.
An online bank uses digital signatures when sending financial documents.
Describe the purpose of a digital signature when sending documents
2 marks
2021 Q5
One mark for each bullet or one bullet and second mark for describing the mechanism for how it is used
Try the following past paper questions:
SQP Q3, Q12
2016 Q11 (e)
2017 Q6
2018 Q2
2021 Q5
The following are key shortcuts for using DragonSlides and reveal.js.
| Key combination | Action |
|---|---|
| →, PAGE DOWN, SPACE | Next slide |
| ←, PAGE UP | Previous slide |
| SHIFT + → | Last Slide |
| SHIFT + ← | First slide |
| B | Whiteboard |
| W | Widget Board/White Screen |
| C | Toggle Notes Canvas |
| DEL | Clears Whiteboard/Notes Canvas |
| S | Show Presenter Mode |
| SHIFT + D | Toggle Dark Mode |
| H | Goes to the Home Slide |
| META + P | Show Print options window |
In order to use the 'Start Remote' feature, you'll need to download JB Slide Controls from the Apple App Store. Once you have this you'll be able to control the slides using the app from you Apple Watch.
DragonSlides and jamiebalfour.scot are copyright © Jamie B Balfour 2017 - 2024, 2010 - 2024. Content is copyright © Jamie B Balfour