Articles Data Breaches and Identity Theft | Page 11

74 M. Abomhara and G. M. Køien
through remote access mechanisms. The most common attacks on user
privacy are:
• Data mining: enables attackers to discover information that is not
anticipated in certain databases.
• Cyber espionage: using cracking techniques and malicious software
to spy or obtain secret information of individuals, organizations or
the government.
• Eavesdropping: listening to a conversation between two par-
ties [43].
• Tracking: a users movements can be tracked by the devices unique
identification number (UID). Tracking a users location facilitates
identifying them in situations in which they wish to remain
anonymous.
• Password-based attacks: attempts are made by intruders to duplicate
a valid user password. This attempt can be made in two different
ways: 1) dictionary attack – trying possible combinations of letters
and numbers to guess user passwords; 2) brute force attacks – using
cracking tools to try all possible combinations of passwords to
uncover valid passwords.
(f) Cyber-crimes: The Internet and smart objects are used to exploit users
and data for materialistic gain, such as intellectual property theft, identity
theft, brand theft, and fraud [6, 7, 44].
(g) Destructive attacks: Space is used to create large-scale disruption and
destruction of life and property. Examples of destructive attacks are
terrorism and revenge attacks.
(h) Supervisory Control and Data Acquisition (SCADA) Attacks: As any
other TCP/IP systems, the SCADA [45] system is vulnerable to many
cyber attacks [46, 47]. The system can be attacked in any of the following
ways:
i. Using denial-of-service to shut down the system.
ii. Using Trojans or viruses to take control of the system. For instance,
in 2008 an attack launched on an Iranian nuclear facility in Natanz
using a virus named Stuxnet [48].
2.3 Primary Security and Privacy Goals
To succeed with the implementation of efficient IoT security, we must be
aware of the primary security goals as follows: