Eavesdropping

Last updated

Cardinals eavesdropping in the Vatican. A painting by Henri Adolphe Laissement [fr], 1895 Henri Adolphe Laissement Kardinale im Vorzimmer 1895.jpg
Cardinals eavesdropping in the Vatican. A painting by Henri Adolphe Laissement  [ fr ], 1895

Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.

Contents

Etymology

The verb eavesdrop is a back-formation from the noun eavesdropper ("a person who eavesdrops"), which was formed from the related noun eavesdrop ("the dripping of water from the eaves of a house; the ground on which such water falls"). [1]

An eavesdropper was someone who would hang from the eave of a building so as to hear what is said within. The PBS documentaries Inside the Court of Henry VIII (April 8, 2015) [2] and Secrets of Henry VIII’s Palace (June 30, 2013) include segments that display and discuss "eavedrops", carved wooden figures Henry VIII had built into the eaves (overhanging edges of the beams in the ceiling) of Hampton Court to discourage unwanted gossip or dissension from the King's wishes and rule, to foment paranoia and fear, [2] and demonstrate that everything said there was being overheard; literally, that the walls had ears. [3]

Techniques

Eavesdropping vectors include telephone lines, cellular networks, email, and other methods of private instant messaging. Devices that support VoIP and other communication software are also vulnerable to electronic eavesdropping by computer viruses categorized as trojan viruses or more broadly as spyware. [4]

Network attacks

Network eavesdropping is a network layer attack that focuses on capturing small packets from the network transmitted by other computers and reading the data content in search of any type of information. [5] This type of network attack is generally one of the most effective as a lack of encryption services are used and when the connection between the two endpoints are weak and not secure. [6] [7] It is also linked to the collection of metadata.

Security

There is a growing importance of security in communication systems, specifically in wireless technology. The need for security measures at different levels, including software encryption, hardware protection (e.g., trusted platform modules), and even the physical layer using wave-front engineering is as crucial than ever. [8]

Researchers have expressed the importance of addressing the privacy concerns from eavesdropping attacks because they impact the rights of users and the ability to have confidence in the devices as well as the entire Internet. Ensuring that users have trust and confidence in their Internet activities so users continue to engage actively in the system and share data. [9]

See also

Related Research Articles

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two user parties.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data. This can also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Cellphone surveillance</span> Interception of mobile phone activity

Cellphone surveillance may involve tracking, bugging, monitoring, eavesdropping, and recording conversations and text messages on mobile phones. It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.

The following outline is provided as an overview of and topical guide to computer security:

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

  1. "eavesdrop – Definition of eavesdrop in English by Oxford Dictionaries". Oxford Dictionaries – English. Archived from the original on August 11, 2017. Retrieved September 10, 2023.
  2. 1 2 Inside the Court of Henry VIII. Public Broadcasting Service. April 8, 2016.
  3. Stollznow, Karen (August 7, 2014). "Eavesdropping: etymology, meaning, and some creepy little statues". KarenStollznow.com. Archived from the original on July 28, 2018. Retrieved June 23, 2016.
  4. Garner, p. 550[ full citation needed ]
  5. "TeamMentor 3.5". vulnerabilities.teammentor.net. Archived from the original on September 27, 2019. Retrieved September 27, 2019.
  6. "What Are Eavesdropping Attacks?". Fortinet. Retrieved October 2, 2021.
  7. "What Are Eavesdropping Attacks & How To Prevent Them". Verizon Enterprise. Retrieved May 3, 2024.
  8. Ma, Jianjun; Shrestha, Rabi; Adelberg, Jacob; Yeh, Chia-Yi; Hossain, Zahed; Knightly, Edward; Jornet, Josep Miquel; Mittleman, Daniel M. (November 2018). "Security and eavesdropping in terahertz wireless links". Nature. 563 (7729): 89–93. Bibcode:2018Natur.563...89M. doi:10.1038/s41586-018-0609-x. ISSN   1476-4687. PMID   30323288. S2CID   53085137.
  9. Anajemba, Joseph Henry; Iwendi, Celestine; Razzak, Imran; Ansere, James Adu; Okpalaoguchi, Izuchukwu Michael (2022). "A Counter-Eavesdropping Technique for Optimized Privacy of Wireless Industrial IoT Communications". IEEE Transactions on Industrial Informatics. 18 (9): 6445–6454. doi:10.1109/TII.2021.3140109 . Retrieved February 9, 2024.