CIE IGCSE COMPUTER SCIENCE
Theory of computer science
Chapter 8 – Security and ethics
8.1 Introduction
Keeping data safe is extremely important for a number of reasons. It may be personal data kept among family
or friends or commercial data, such as passwords and bank account details, which need to be kept safe to
protect money.
Data can be corrupted or deleted either through accidental damage or through a malicious act. There are many
ways to keep data safe.
8.2 Security and data integrity
Whether a user is working on an offline computer or on a computer connected to the internet, keeping data
safe is very important.
Data is threated by malicious software, hackers or accidental damage.
8.2.1 Hacking
Description of the risk:
The act of gaining illegal access to a computer system
Possible effects of the security risk:
This can lead to identity theft or gaining personal information
Data can be deleted, changed or corrupted.
Methods to remove security risk:
Firewalls
Use of strong passwords and user ids
User of anti-hacking software
Note: use of encryption will not stop hacking – it simply makes the data useless to the hacker but they
can still delete or corrupt the data
Note the difference between CRACKING and HACKING.
Hacking is breaking into a computer system to steal personal data without the owner’s consent or knowledge
(e.g. to steal a password file).
Cracking is where someone edits a program source code (i.e. looks for a ‘back door’ in the software so that the
code can be exploited or changed for a specific purpose). This is usually done for a malicious purpose (e.g.
legitimate software could be altered by a cracker to perform a different task e.g. send a user to a specific
website).
Essentially hacking is not necessarily harmful whilst cracking is ALWAYS totally illegal and is potentially very
damaging.
8.2.2 Viruses
Description of the risk:
Program or program code that can replicate/copy itself with the intention of deleting or corrupting files,
or cause the computer to malfunction
1
, Possible effects of the security risk:
Can cause the computer to crash, stop functioning normally or become unresponsive
Can delete files/data
Can corrupt files/data
Methods to remove security risk:
Install anti-virus software
Do not use software from unknown sources
Be careful when opening emails/attachments from unknown senders
Note: backing up files will not guard against viruses since the virus may have already attached itself to
the backed-up files; using the back-up may simply reinstall the virus
8.2.3 Phishing
Description of the risk:
The creator sends out a legitimate-looking email; as soon as the recipient clicks on a link in the
email/attachment, the user is sent to a fake/bogus website
Possible effects of the security risk:
The creator of the email can gain personal data such as bank account numbers from users when they
visit the fake website
This can lead to fraud or identity theft
Methods to remove security risk:
Many ISPs filter out phishing emails
The user should always be cautious when opening emails or attachments
Note: the legitimate-looking emails often use large companies, such as well-known banks, to try to
convince customers that the email is authentic
8.2.4 Pharming
Description of risk:
Malicious code installed on a user’s hard drive or on the web server, the code will redirect the user to a
fake/bogus website without their knowledge
Possible effects of the security risk:
The creator of the malicious code can again personal data such as bank account numbers from users
when they visit the fake website
This can lead to fraud or identity theft
Methods to remove security risk:
Some anti-spyware software can identify and remove the pharming code from the hard drive
The user should always be alert and look out for clues that they are being redirected to another website
Note: the user should look out for clues that show a secure website, such as https or the padlock sign
next to a website URL
8.2.5 Wardriving
Description of the risk:
The act of locating and using wireless internet connections illegally; it only requires a laptop (or other
portable device), a wireless network card and an antenna to pick up wireless signals
2
Theory of computer science
Chapter 8 – Security and ethics
8.1 Introduction
Keeping data safe is extremely important for a number of reasons. It may be personal data kept among family
or friends or commercial data, such as passwords and bank account details, which need to be kept safe to
protect money.
Data can be corrupted or deleted either through accidental damage or through a malicious act. There are many
ways to keep data safe.
8.2 Security and data integrity
Whether a user is working on an offline computer or on a computer connected to the internet, keeping data
safe is very important.
Data is threated by malicious software, hackers or accidental damage.
8.2.1 Hacking
Description of the risk:
The act of gaining illegal access to a computer system
Possible effects of the security risk:
This can lead to identity theft or gaining personal information
Data can be deleted, changed or corrupted.
Methods to remove security risk:
Firewalls
Use of strong passwords and user ids
User of anti-hacking software
Note: use of encryption will not stop hacking – it simply makes the data useless to the hacker but they
can still delete or corrupt the data
Note the difference between CRACKING and HACKING.
Hacking is breaking into a computer system to steal personal data without the owner’s consent or knowledge
(e.g. to steal a password file).
Cracking is where someone edits a program source code (i.e. looks for a ‘back door’ in the software so that the
code can be exploited or changed for a specific purpose). This is usually done for a malicious purpose (e.g.
legitimate software could be altered by a cracker to perform a different task e.g. send a user to a specific
website).
Essentially hacking is not necessarily harmful whilst cracking is ALWAYS totally illegal and is potentially very
damaging.
8.2.2 Viruses
Description of the risk:
Program or program code that can replicate/copy itself with the intention of deleting or corrupting files,
or cause the computer to malfunction
1
, Possible effects of the security risk:
Can cause the computer to crash, stop functioning normally or become unresponsive
Can delete files/data
Can corrupt files/data
Methods to remove security risk:
Install anti-virus software
Do not use software from unknown sources
Be careful when opening emails/attachments from unknown senders
Note: backing up files will not guard against viruses since the virus may have already attached itself to
the backed-up files; using the back-up may simply reinstall the virus
8.2.3 Phishing
Description of the risk:
The creator sends out a legitimate-looking email; as soon as the recipient clicks on a link in the
email/attachment, the user is sent to a fake/bogus website
Possible effects of the security risk:
The creator of the email can gain personal data such as bank account numbers from users when they
visit the fake website
This can lead to fraud or identity theft
Methods to remove security risk:
Many ISPs filter out phishing emails
The user should always be cautious when opening emails or attachments
Note: the legitimate-looking emails often use large companies, such as well-known banks, to try to
convince customers that the email is authentic
8.2.4 Pharming
Description of risk:
Malicious code installed on a user’s hard drive or on the web server, the code will redirect the user to a
fake/bogus website without their knowledge
Possible effects of the security risk:
The creator of the malicious code can again personal data such as bank account numbers from users
when they visit the fake website
This can lead to fraud or identity theft
Methods to remove security risk:
Some anti-spyware software can identify and remove the pharming code from the hard drive
The user should always be alert and look out for clues that they are being redirected to another website
Note: the user should look out for clues that show a secure website, such as https or the padlock sign
next to a website URL
8.2.5 Wardriving
Description of the risk:
The act of locating and using wireless internet connections illegally; it only requires a laptop (or other
portable device), a wireless network card and an antenna to pick up wireless signals
2
