Chapter 6 & 7 Cyberspace Cybersecurity and Cybercrime Discussion Paper

User Generated

Snnngl

Computer Science

Description

Hello

I want you please solve the case study and Discussion Questions from the book (

Cyberspace, Cybersecurity, and Cybercrime

, )


Chapter 6 & 7

I attached the book

thanks

Unformatted Attachment Preview

Cyberspace, Cybersecurity, and Cybercrime 2 3 Cyberspace, Cybersecurity, and Cybercrime Janine Kremling California State University, San Bernardino Amanda M. Sharp Parker Campbell University 4 FOR INFORMATION: SAGE Publications, Inc. 2455 Teller Road Thousand Oaks, California 91320 E-mail: order@sagepub.com SAGE Publications Ltd. 1 Oliver’s Yard 55 City Road London EC1Y 1SP United Kingdom SAGE Publications India Pvt. Ltd. B 1/I 1 Mohan Cooperative Industrial Area Mathura Road, New Delhi 110 044 India SAGE Publications Asia-Pacific Pte. Ltd. 3 Church Street #10-04 Samsung Hub Singapore 049483 Copyright © 2018 by SAGE Publications, Inc. All rights reserved. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. Printed in the United States of America Library of Congress Cataloging-in-Publication Data Names: Kremling, Janine, 1977- author. | Parker, Amanda M. Sharp. Title: Cyberspace, cybersecurity, and cybercrime / Janine Kremling, California State University, San Bernardino, Amanda M. Sharp Parker, Campbell University. Description: First Edition. | Thousand Oaks : SAGE Publications, [2017] | Includes bibliographical references and index. Identifiers: LCCN 2017018240 | ISBN 9781506347257 (pbk. : alk. paper) Subjects: LCSH: Information society. | Information technology—Management. | Computer crimes. | Computer crimes—Prevention. Classification: LCC HM851 .K74 2017 | DDC 303.48/33—dc23 LC record available at https://lccn.loc.gov/2017018240 This book is printed on acid-free paper. Acquisitions Editor: Jessica Miller Editorial Assistant: Jennifer Rubio Content Development Editor: Laura Kirkhuff Production Editor: Tracy Buyan Copy Editor: Diane Wainwright Typesetter: C&M Digitals (P) Ltd. 5 Proofreader: Eleni-Maria Georgiou Indexer: Robie Grant Cover Designer: Michael Dubowe Marketing Manager: Jillian Oelsen 6 Brief Contents 1. Preface 2. Acknowledgments 3. Chapter 1 • Cyberspace, the Internet, and the World Wide Web 4. Chapter 2 • What Is Cybersecurity? 5. Chapter 3 • Threat Factors—Computers as Targets 6. Chapter 4 • Threats to Cybersecurity by Criminals and Organized Crime 7. Chapter 5 • Threats to Cybersecurity by Hacktivists and Nation-States 8. Chapter 6 • National Security: Cyberwarfare and Cyberespionage 9. Chapter 7 • Cyberterrorism 10. Chapter 8 • An Evolving Threat: The Deep Web 11. Chapter 9 • Cybersecurity Operations 12. Chapter 10 • Cybersecurity Policies and Legal Issues 13. Chapter 11 • What the Future Holds 14. Appendix: Cybersecurity-Related Organizations 15. Glossary 16. Notes 17. Index 18. About the Authors 7 Detailed Contents Preface Acknowledgments Chapter 1 • Cyberspace, the Internet, and the World Wide Web • Case Study 1.1: The Dark Side of the Internet The Beginning of the Internet and Cyberspace • Case Study 1.2: The First-Ever Web Server The Purpose of the Internet Operations and Management Aspect Social Aspect Commercialization Aspect • Legal Issue 1.1: Napster: The First File Sharing Program Vulnerabilities of the Internet What Is a Vulnerability? Time and Space Lack of Barriers to Entry Anonymity/Identity Asymmetries of Cyberspace 1s and 0s • Think About It 1.1 What Distinguishes Cyberspace, the Internet, and the World Wide Web? • Legal Issue 1.2: Is It a Crime to Link to Infringed/Illegal Content? • What Can You Do? Preparing for the Job of the Future: Careers in Cybercrime and Cybersecurity ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 2 • What Is Cybersecurity? • Think About It 2.1: What Is Cybersecurity and Why Is It Important? Origins and Nature of Cybersecurity • Think About It 2.2: War Games Definitions Definition of Cybersecurity • Case Study 2.1: The Original Hacker: Kevin Mitnick Cybersecurity Policies • Case Study 2.2: FusionX 8 Overview of Cyberspace Intrusions Network-Based Attacks • Case Study 2.3: Vitek Boden Wireless Attacks Man-in-the-Middle Attacks • Legal Issue 2.1: Hacking . . . With a Body Count? ➢ Securing Your Wi-Fi in a Wireless World ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading ➢ Appendix 2A Chapter 3 • Threat Factors—Computers as Targets • Case Study 3.1: The Top 10 Data Breaches The Evolution of Cybercrime Phases of Convergence Main Targets in Information Technology • Think About It 3.1: Russian Cyberspies and the 2016 Presidential Election Computers as a Target Threats to Mobile Devices • Case Study 3.2: Democratic Election Campaign—Hackers Steal Campaign Information Viruses, Worms, and Trojan Horses Viruses Risks Created by Viruses Risks to Mobile Devices • Case Study 3.3: The First Viruses Worms • Legal Issue 3.1: The Morris Worm Risks Created by Worms Trojan Horses Risks Created by Trojan Horses • Case Study 3.4: The U.S. Government Firewall Virus Preventing Malware Intrusions Antivirus Software Firewall Thoughtful User Behavior • Think About It 3.2: Pokémon Go, Cybercriminals, and Cybersecurity Encryption • What Can You Do? Encrypting Your Computer 9 Future Developments ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 4 • Threats to Cybersecurity by Criminals and Organized Crime Cybercrimes Norse Attack Map Why Do People Commit Cybercrimes? Fraud and Financial Crimes Consumer Crimes Identity Theft • What Can You Do? Counter Measures—Protecting Your Identity Phishing Scams • Case Study 4.1: Advance Fee Fraud—Nigerian Phishing Scam • What Can You Do? Countermeasures to Phishing Scams Spam Banks and Financial Corporations Botnets Logic Bombs Viruses Internet-Initiated Sexual Offending and Exploitation Internet-Initiated Sexual Offending Child Pornography • Legal Issue 4.1 Snuff Films Trafficking in Persons • Think About It 4.1: Countermeasures to Child Pornography—Operation Predator and Operation Globe Mail-Order Brides Cyberbullying Cyberharassment Cyberstalking Online Denigration Online Impersonation Online Exclusion Tools Used Social Media YouTube 10 Gaming • Case Study 4.2: Cyberbullying and Suicide ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 5 • Threats to Cybersecurity by Hacktivists and Nation-States • Think About It 5.1: Cyberattacks on the Power Grid Threats to Cybersecurity Local Threats Types of Insider Threats • Legal Issue 5.1: Corporate Espionage—Inside Security Breach at AMSC National Threats Displeasure With the Government Specific Causes • Case Study 5.1: Edward Snowden—Going Dark International Threats • Case Study 5.2: The Hacked Company Graveyard • Case Study 5.3: Inside the Office of Personnel Management Cyber Attack • Think About It 5.2: Setting Up a Cyberheist Hackers Evolution of the Term Hacker The Hacker Community “Black Hats,” “White Hats,” and “Gray Hats” The Internet and the Transparent Citizen • Legal Issue 5.2: Privacy Versus Security What Motivates Hackers? • Think About It 5.3: Why Do People Have a House Alarm? • Legal Issue 5.3: California’s Breach Notification Statute ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 6 • National Security: Cyberwarfare and Cyberespionage Cyberwarfare Nation-State Threats by Region Syrian Electronic Army Chinese 11 Russia and Eastern Europe • Case Study 6.1: North Korea and the Sony Hack Cyberespionage Economic Cyberespionage • Legal Issue 6.1: Misappropriation of Information or Espionage? Political Cyberespionage The Threat of Insiders • Case Study 6.2: GhostNet • Legal Issue 6.2: The Fourth Amendment Cyberintelligence Cybersabotage Denial-of-Service Attacks • Case Study 6.3: Rutgers State University—DDoS Attack ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 7 • Cyberterrorism • Think About It 7.1: The Future of Terrorist Attacks Cyberterrorism Defined The Role of the Media • Case Study 7.1: Defining Cyberterrorism Within the Academic Context • Legal Issue 7.1: The Role of Violence Evolution of the Threat Technology Use by Extremists Al-Qaeda Boko Haram The Islamic State (also known as ISIS/ISIL/Daesh) Targets of Cyberterrorism Probable Versus Possible • Case Study 7.2: The 2003 New York City Blackout Vulnerability of Critical Infrastructures Risk Management Risk = Threat × Asset × Vulnerability Asset Value Assessment Threat Assessment Vulnerability Assessment Damage Potential • Think About It 7.2: Critical Infrastructure Risk Assessment 12 ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 8 • An Evolving Threat: The Deep Web • Think About It 8.1: Surface Web and Deep Web The Surface Web The Deep Web and Darknets Accessibility The Onion Router Products Available • Think About It 8.2: Black Market Blood The Hidden Wiki The Silk Road • Think About It 8.3: Dread Pirate Roberts and the Silk Road Payment: Cryptocurrency Bitcoins (BTC or ) Dash Law Enforcement Response Operation Onymous Anonymous and “Vigilante Justice” • Think About It 8.4: Online Vigilante Justice Terrorist Presence on the Deep and Dark Web • Case Study 8.1: ISIS and the Threat of the Darknet Legal Issues • Legal Issue 8.1: Anonymity and the First Amendment ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Court Cases Chapter 9 • Cybersecurity Operations Theoretical Operations Routine Activity Theory Role of Guardianship Learning Theory Differential Association Theory Subculture Theory The Hacker Subculture 13 DEF CON Convention • Case Study 9.1: The Hacker’s Manifesto Law Enforcement Operations Federal Agencies National Security Agency (NSA) Department of Homeland Security Federal Bureau of Investigation Local Agencies Cyberterrorism Prevention Training Private-Sector Collaboration • Case Study 9.2: One Hat, Two Hat, White Hat, Red Hat . . . Interagency Operations Target Hardening Firewalls SCADA Systems Honeypots, Nets, and Tokens • Think About It 9.1: The Honeynet Project • Legal Issue 9.1: The Fourth Amendment ➢ Summary ➢ Key Terms ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 10 • Cybersecurity Policies and Legal Issues • Think About It 10.1: Mirai: A Shot Across the Bow—Distributed Denial-of-Service Attack • Case Study 10.1: A Holistic Approach to Cybersecurity National Cybersecurity Policies Comprehensive National Cybersecurity Initiative, 2008 Cybersecurity Workforce Act of 2014 • Case Study 10.2: Ransomware—California Hospital Pays $17,000 National Cybersecurity and Critical Infrastructure Protection Act of 2014 • Think About It 10.2: Ransomware International Cybersecurity Policies • Legal Issue 10.1: The Cyberwars in the Middle East Legal Issues Civil Rights Security Versus Privacy USA PATRIOT Act • Legal Issue 10.2: United States v. Warshak Jurisdictional Issues 14 Universal Jurisdiction Budapest Convention on Cybersecurity (2001) Network and Information Security Directive (2016) Issues With Enforcement/Jurisdiction • Legal Issue 10.3: Law of the Sea ➢ Summary ➢ Key Term ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Chapter 11 • What the Future Holds • Think About It 11.1: Pizzeria “Comet Ping Pong” Is a Child Pornography Ring Data Is the New Oil Data Mining Dataveillance Google Manipulation of Data: The Screen Is Always Right Censorship Spoofing E-Mail Spoofing Stock Market Spoofing • Case Study 11.1: High-Frequency Trading—“Flash Boys” Emerging Threats Internet of Things Real-Time Location Services Vulnerable Targets GPS Jammers and Spoofers Naval System Aircraft Army Bases Women’s Shelters • Think About It 11.2: Dangerous Criminal or Researcher Trying to Save Lives? • Legal Issue 11.1: Health Care Records Are Worth Millions Potential/Emerging Perpetrators Man in the Middle Swatting Crime Inc. The Organizational Structure of Crime Inc. ➢ Summary ➢ Key Terms 15 ➢ Discussion Questions ➢ Internet Resources ➢ Further Reading Appendix: Cybersecurity-Related Organizations Glossary Notes Index About the Authors 16 17 Preface Hey Android, where is my car? Hey Siri, where is my boyfriend? Android and iPhones know: They know where you are, they know where you have been, they know who you talk to and for how long, they know who you sleep with, and they know when and where you go for lunch and dinner. They may know more about you than your family. And they keep it to themselves—that is, until a hacker plants a malware on your phone and then has access to all of that information. Your iPhone will also willingly give up all of your stored contacts to the hacker so that the fraudster can now send phishing e-mails infected with malware to your family and friends. And your friends and family will click on the link because it’s coming from you—or so they thought. Your phone also knows your banking information through your mobile banking app, your Facebook and Twitter login, your airline login, your e-mail password, and the list goes on. All of that information is worth real money on the darknet—the criminal marketplace. The same is true for your computer. Imagine you are working on your term paper, trying to access a web link, when your computer sends you a reminder that you need to update Adobe Flash if you want to access the file. What do you do? You hit “download.” You immediately realize that your computer has just been hijacked by a malware because your computer locks up and you see a message on your screen saying, “Your data has been encrypted. You will not be able to access your data until you pay the ransom of $150.” Would you pay? Well, it depends on how badly you want your computer files back. What if the attack was against a hospital? Would they pay? Of course—because the consequences of shutting down the hospital would be much worse. Cybercriminals are well aware of the predicament the hospital faces. The same is true for banks and other institutions. Ransomware has become one of the main threats to hospitals because they are highly vulnerable. The emergence of computers and the Internet has changed our lives in ways that nobody could have imagined, and it will continue to change future lives. Many of these changes have greatly contributed to life conveniences, such as online shopping, banking, communicating, and working from our home office. It also includes going to your doctor’s office and having all of your records stored and shared electronically. You can start and heat or cool your connected car from your iPhone. You can use your phone to change the thermostat in your house and turn your house alarm on and off. GPS always finds the right way for you—and so do stalkers who have access to your location data provided to them by your GPS. By now, you already know that the Internet and digital world not only greatly increase the convenience of our lives, they have also greatly increased the vulnerabilities we are exposed to. The economy has also profited from the digital evolution. With the ability to collect data and monitor people’s behaviors and habits, companies can now market their products much more specifically to certain population groups, and scientists can conduct studies that enhance and sometimes save people’s lives. At the same time, criminals also quickly realized the advantages of the Internet for their purposes, and governments found great improvements in their ability to spy on people and other countries. The boundaries between what is public and what is private have become blurred, and some argue that true privacy has become a myth. For instance, Google Earth enables anyone to zoom into your house and backyard, the National Security Agency 18 is listening in on millions of people around the globe, companies monitor e-mail correspondence of employees, and websites track consumer behaviors by planting cookies on personal computers. Many tasks can now only be completed online, thereby removing the possibility to stay completely private or to protect your personal information. In this age where reliance on computers and the Internet has become inevitable, cybercriminals are developing fraudulent schemes at a rapid pace—attempting to avoid detection by law enforcement and cybersecurity companies. In the early 1990s, computer crimes began to rise due to the increase in the prevalence and use of electronics. Criminal organizations, especially drug traffickers, began to build their own communication network and quickly started to take advantage of the available technologies. They realized the potential benefits of computers and networks for their illegal activities much faster than the people who developed these technologies, and they were quick to use it for their purposes, outpacing law enforcement for the past decades. When security companies such as McAfee are putting out their updates for virus detection software, cybercriminals have long moved on to a new type of virus not detectable by the software. The criminals are always one step ahead. Similarly, when law enforcement shuts down a child pornography website, the criminals can easily move the content to other websites. It’s an elusive chase in which the criminals are the ones leading the way. Data and identity theft is rampant, and most people know very little about how to protect their private data, even if they are aware of the risks. In fact, data theft has become one of the most persistent threats because our data holds our lives—our mortgages, loans, retirement savings, health benefits, Social Security—and if that data gets into the criminals’ hands, lives can be ruined. Few people think about this threat as they access their online banking account or submit their credit card number on a website. The convenience of online transactions is more important to many people than the security of their lives. Criminals know this and exploit it. The U.S. government has made some strides toward increased cybersecurity. In March 2016, the Department of Homeland Security created an automated information-sharing system, thereby increasing the ability of agencies and organizations to share information in real time. This new system also includes private companies. The ability of the United States to defend cyberspace will depend on the successful cooperation between private and government organizations. In fact, it’s the private corporations, such as Dell, Microsoft, and McAfee, who are leading the cybersecurity efforts. Much of the success of cybersecurity efforts will also depend on the preparedness of companies and the government for major cyberattacks. It is impossible to secure all devices and networks 100% from attacks. We must accept that certain vulnerabilities will always remain. One such vulnerability is the human factor, whether it be by accident or on purpose. The better prepared companies and government agencies are, the faster the recovery will be from an attack. These are only a few examples of what this book discusses. This book is not only about the past and present of cybercrime and cybersecurity but also about the future, and how cybercrime and cybersecurity may impact people’s everyday lives, and how criminal justice professionals must be prepared to confront the changing nature of cybercrime. Everyone is vulnerable. The way computers have been used to connect people, companies, governments, and criminals is a great threat that most individuals are unaware of. More 19 frightening, many companies are unaware of the threat cybercriminals pose for critical infrastructures such as the electric grid. And even if the company is aware of the threat, they often do too little to safeguard infrastructures and products, whether it’s because of the economic costs associated with such safeguards, the inconveniences safeguards may cause, or because they don’t have effective safeguards. This book introduces criminal justice and other social science students to the world of cybercrime and cybersecurity. It provides a basic overview of cybercrime, cyberthreats, and vulnerabilities of individuals, businesses, and governments. The book discusses strategies to reduce vulnerabilities through cybersecurity measures, and ends by looking into the future to see what may be ahead and how it may change our lives. 20 Overview The book is designed to enhance student learning by providing case studies and examples, engaging students through exercises, and encouraging students to critically think about the various topics. The first part of the book provides a basic understanding of the Internet, vulnerabilities, and cybersecurity. Chapter 1 deals with how and why the Internet developed and the main vulnerabilities we currently face. Chapter 2 introduces students to the nature and origin of cybersecurity and cyberspace intrusions. The second part goes into much detail on cyberthreats to computers, individuals, businesses, and governments. In Chapter 3, students learn about the cyberthreats to computers, such as worms and viruses. Chapter 4 details threat factors in which computers are used as a tool. These threat factors include fraud and financial crimes, pornography and exploitation, and cyberbullying. Chapter 5 discusses cyberthreats to local, national, and international organizations. Students also learn about the different types of hackers. Chapter 6 follows with an overview of cyberwarfare, specifically cyberespionage and cybersabotage. The third part of this book provides insight into the threat of cyberterrorism and the dark web, which has become a much discussed topic in the media. Chapter 7 explains what cyberterrorism is, the technologies used by terrorists, the targets, and damage potential. Chapter 8 dives into the deep web and darknets, how criminals access and exploit it, and which products are available to “customers.” The final section discusses cybersecurity operations and policies in more detail. Chapter 9 focuses on cybersecurity operations and the role of law enforcement. Chapter 10 explains national and international cybersecurity policies and legal issues arising from the policies. The last chapter looks into the future of cybercrime and cybersecurity, focusing on evolving threats and perpetrators as well as evolving issues with regard to the collaboration and training between law enforcement and the private industry. 21 Digital Resources study.sagepub.com/kremling 22 Calling all instructors! It’s easy to log on to SAGE’s password-protected Instructor Teaching Site for complete and protected access to all text-specific Instructor Resources. Simply provide your institutional information for verification and within 72 hours you’ll be able to use your login information for any SAGE title! Password-protected Instructor Resources include the following: Test banks provide a diverse range of prewritten options as well as the opportunity to edit any question and/or insert personalized questions to effectively assess students’ progress and understanding. Editable, chapter-specific PowerPoint slides offer complete flexibility for creating a multimedia presentation for the course. Use the Student Study Site to get the most out of your course! Our Student Study Site is completely openaccess and offers a wide range of additional features. The open-access Student Study Site includes the following: Mobile-friendly eFlashcards strengthen understanding of key terms and concepts. Mobile-friendly practice quizzes allow for independent assessment by students of their mastery of course material. 23 Acknowledgments Janine Kremling First of all, I would like to thank Jerry Westby and Jessica Miller from SAGE Publishing for their consistent encouragement and help in getting this book finished within the established time frame. They have been amazing to work with, and I am very grateful for their efforts. I would like to give a huge thank you to my coauthor, Amanda M. Sharp Parker, for her dedication to the success of this book, and I would also like to thank the chair of my department, Dr. Larry Gaines, for his continued support and inspiration. I have learned much from him in the past 8 years. He is truly a role model, and I am very fortunate to have been able to work with him. Finally, I have to express my gratitude to my parents, who have always been there for me, believed in me, and supported me throughout my life. Without their unconditional love, I would not have been able to accomplish all my goals. They have also taught me that a positive attitude, enthusiasm, and hard work will pay off. I wrote much of this book while I was in Germany during the summer, and I was able to focus solely on this project. I’m deeply appreciative of their efforts to inspire me and challenge me to do my very best. Amanda M. Sharp Parker First and foremost, I have to thank my coauthor, Janine Kremling, who has attempted to rope me into this project for the past 4 years. Two years ago when I agreed to coauthor the text, I had no idea what a whirlwind it would be. So thank you, Janine, for your guidance, patience, and mentorship. Thank you to all at SAGE Publishing who helped us complete this project on time, especially Jerry Westby and Jessica Miller. To the criminology department at the University of South Florida and the HCP department at Campbell University: Thank you for all your support in my research endeavors, especially the development of my cyber classes and subsequent projects that coincide with it. Finally, to my kiddos, Tatiana and Jaxon, for their patience, love, and support. Thank you for putting up with mommy’s long hours, early mornings, and countless afternoons of doing homework in my office while I was writing. You two are my inspiration, and everything I do is for you. I love you to the moon and back. SAGE and the authors would like to thank the following reviewers, whose input helped shape this book: Mark H. Beaudry K. A. Beyoghlow, American University Terry Campbell, Kaplan University Online Craig P. Donovan, Kean University, College of Business & Public Management Mary Beth Finn, New Charter University Steven H. Klein 24 Eugene Matthews, Park University, Missouri Dennis W. McLean, E-campus, Homeland Security, Keiser University Brooke Miller, University of North Texas Marcos L. Misis, Northern Kentucky University Barbara L. Neuby, Kennesaw State University Matthew E. Parsons, Erie Community College, Buffalo, New York Irmak Renda-Tanali Pietro Savo, Daniel Webster College, and College of Health and Human Services, Trident University Holli Vah Seliskar, Kaplan University Jake Wilson, University of Cincinnati 25 1 Cyberspace, the Internet, and the World Wide Web 26 Learning Objectives 1. Explain how the Internet developed. 2. Explain the purpose of the Internet. 3. Describe what “vulnerabilities” are. 4. Discuss how criminals are benefiting from the Internet. 5. Discuss the difference between cyberspace, the Internet, and the World Wide Web. When Stanford University students Bill Hewlett and Dave Packard built one of the first computers weighing 40 pounds in 1968, they could not foresee that 1 year later a computer at Stanford University would receive the first message from another computer located some 350 miles away at the University of California, Los Angeles (UCLA). They certainly could not foresee that 50 years later the economic competitiveness of the United States would be closely tied to the digital economy created by the Internet, making trillions of dollars every year. Much of the critical infrastructures, including the financial industry, health industry, and power grid, are connected via the Internet. Hewlett and Packard could not foresee that the Internet would become a normal and essential part of everyday life for most Americans and people across the globe. According to the U.S. Census Bureau, more than 74% of all American households were using the Internet in 2013, and overall, more than 3 billion people are virtually connected.1 In 2017, there were 3 trillion Internet transactions every day processed by 220,000 servers across the globe. There are 80 million web application firewall (WAF) triggers per hour and 20 terabytes of attack data daily. About 30% of all login transactions, such as people logging into their e-mail account or Amazon, are abuse attacks. With the increasing use of cyberspace by computers and connected devices, the amount of data processed will continue to increase—and so will the amount of cyberattacks.2 Without the Internet, companies like Amazon, Facebook, and YouTube would not exist, and services we perceive as necessary and convenient would not be available. For instance, ordering goods and services online, downloading music, streaming audiobooks, reading textbooks on the computer, or “skyping” with friends overseas would not be possible. The Internet has created a great amount of job opportunities and has enhanced our lives in so many ways that it is hard to imagine what would happen if the Internet were to disappear.3 As much as we value the upside of our connected world, where everything seems to be available at our fingertips, the inventors of computers and the Internet also did not foresee that the users themselves would employ it to attack one another. One of the founders of the Internet, David H. Crocker, stated, “I believe that we don’t know how to solve these problems today, so the idea that we could have solved them 30, 40 years ago is silly.”4 The capabilities of the Internet have attracted criminals and criminal organizations who are taking advantage of the information and interaction infrastructure offered by the Internet and exploiting vulnerabilities inherent to the Internet. Organized criminal gangs such as drug traffickers, human traffickers, the Mafia, and many others very quickly discovered the opportunities a connected world offered. In addition to these traditional 27 organized crime groups, a whole new world of cybercriminals has developed where hackers rob companies by using ransomware and taking virtual money as pay, or by stealing personal data and manipulating devices. More than 100 million Americans have experienced breaches to their personal data. President Obama called cybercrime “one of the most serious economic national security challenges that we face as a nation” and stated that we are in a “cyber arms race.”5 Image 1.1 What Happens in One Internet Minute Internet Minute Infographic by Intel Free Press, https://www.flickr.com/photos/54450095@N05/6780720740. Licensed under CC BY 2.0, https://creativecommons.org/licenses/by/2.0/legalcode. Even though the development of cybersecurity measures has made great strides, it is still people who have to create, implement, and enforce cybersecurity policies. The best technology is worthless if it’s not used or it is used inappropriately. The criminals who attack these companies are very sophisticated and motivated. But it’s not only criminals who are accessing private data; the government also spies on individuals and companies. Revelations by Edward Snowden exposed what is likely the greatest eavesdropping in history by the National Security Agency (NSA). This book goes into great detail on the different types of cybercrime, the motivations and mind-set of the criminals, and available cybersecurity measures. This first chapter lays the groundwork by giving you an understanding of the history of the Internet, why cybercrime has been able to flourish, and why cybersecurity still has a long way to go to catch up. President Obama said the Internet is the Wild West and cybersecurity is the sheriff. There is much work to do for the sheriff.6 28 Case Study 1.1: The Dark Side of the Internet The 2016 Data Breach Investigations Report7 shows that more than 4.2 billion personal records were exposed in 2016. This constitutes an all-time high. The three biggest data breaches took place on Yahoo, MySpace, and FriendFinder networks with a total of 2.2 billion records exposed. With more than 1 billion compromised records, Yahoo currently holds the number-one spot in the history of data breaches. In September 2016, Yahoo announced that a “state-sponsored actor” stole the personal data of 500 million users in late 2014. Three months later, Yahoo announced another data breach of about 1 billion accounts dating back to August 2013. Yahoo has notified its users and urged them to create a new password and change security questions. The stolen data include names, account login credentials, email addresses, telephone numbers, birth dates, and other information users entered into their accounts.8 29 What Do You Think? 1. What could criminals do with the private information obtained from Yahoo? 2. Should companies like Yahoo, who store personal data, be held accountable if victims experience negative consequences such as identity theft? If so, how would you hold them accountable? 3. If you were the CEO of Yahoo, what negative consequences would you expect in the aftermath of the data breach? 4. Do some research on Yahoo after the announcement. What were actual negative effects on the company? 30 The Beginning of the Internet and Cyberspace The history of the Internet goes back to the first telegraph in 1836. The telegraph revolutionized the way people communicated by using a code (the Morse code, which consisted of dots and dashes), which is similar to the way computers communicate today using 0s and 1s. Between 1858 and 1866, the transatlantic cable was the first cable to allow instantaneous communication across the Atlantic Ocean. Today, cables connect people across the entire globe. Telephones were first used with computers in 1976 and later provided the basis for Internet connections via modems that have to be plugged into the computer, or more currently wireless connections. The Internet was born during the Cold War era, at a time when America was bracing for a nuclear war. Donald Davies, a Welsh scientist, and Paul Baran, an American engineer, were working on communication technologies from two different perspectives: war and peace. Baran focused on technologies that would minimize the consequences of a nuclear attack by the Soviet Union by building a communication system with redundant links that would allow people to communicate even after an attack. Davies focused on technologies that would enable people to share data on computers continuously.9 In 1958, the Advanced Research Projects Agency (ARPA) was created by President Dwight D. Eisenhower with the intent to outpace the Soviet Union in the technology sector after the Soviet Union surprised the United States with two technological events. The Soviet Union had launched the first intercontinental ballistic missile and the first satellite (Sputnik 1), which provided the ability for global communication via satellites. The United States feared that the Soviet Union was technologically superior and could threaten America’s national security. ARPA was created with the goal to turn the United States into a technology superpower. In 1972, ARPA was renamed to the Defense Advanced Research Projects Agency (DARPA).10 In 1962, J. C. R. Licklider of Massachusetts Institute of Technology (MIT) published a document describing the possibility of social interactions through networking—what he called the Galactic Network.11 One year earlier, Leonard Kleinrock of MIT had published a paper on the feasibility of communication between computers via packet switching (as opposed to the then-used circuit switching).12 Packet switching was imperative for social interaction via networking because it enabled data to be stored and moved as packets using a data path that many users could access. Packet switching set the stage for services such as Facebook and Twitter. In contrast, circuit switching only allowed for communication between predetermined persons, similar to a telephone call. Another crucial technological development with regard to social interactions via networking was enabling computers to talk together.13 Jack Ruina from DARPA took an interest in Licklider’s paper and proposal. In October 1962, he asked Licklider to connect the computers from the U.S. Department of Defense at Cheyenne Mountain to the computers at the Pentagon and the Strategic Air Command. Licklider’s vision of the Galactic Network inspired other researchers, including Larry G. Roberts.14 In 1967, Larry G. Roberts released his plans for the Advanced Research Projects Agency Network 31 (ARPANET), which first connected computers across university campuses, starting with the first node in California at UCLA, and ultimately grew into the Internet. In 1972, Larry Roberts wrote the first e-mail utility program, and over the next decade, e-mail became the largest network application. In 1981, ARPANET was expanded with the help of the National Science Foundation (NSF) and the founding of the Computer Science Network. Through this collaboration between NSF and the inventors of the Internet, several technological developments took place that laid the groundwork for what we know today as the Internet with all of its services. One of the main developments was the introduction of the Internet protocol suite (IPS/IP) in 1982, which is still used today as the standard networking protocol. To further advance the Internet, it was necessary to build smaller computers with greater capabilities that could also be used by households. This happened quite rapidly and created issues in regard to operations and management of the Internet.15 32 Case Study 1.2: The First-Ever Web Server Image 1.2 First-Ever Web Server First Web Server by Coolcaesar at the English Language Wikipedia, https://commons.wikimedia.org/wiki/File:First_Web_Server.jpg. Licensed under CC BY-SA 3.0, https://creativecommons.org/licenses/by-sa/3.0/deed.en. Cyberspace, the Internet, and the World Wide Web are fairly recent inventions. Tim Berners-Lee, who was working for European Organization for Nuclear Research (CERN), invented the first web server, the first web browser (World Wide Web) in 1989, and the first web page in 1991.16 The intent was to create a service that would allow scientists to share information automatically rather than having to inquire about what other institutes were working on. The World Wide Web was supposed to enable scientists around the globe to access scientific knowledge instantaneously and freely, and contribute to the scientific knowledge by adding information. Hence, the first web browser was called World Wide Web because Berners-Lee used a global hypertext system that would allow anything on the web to link to anything else. It also allowed users to edit information, which served the goal of having as many people contribute to the knowledge sharing as possible. The first website ever—http://info.cern.ch/hypertext/WWW/TheProject.html—was created in August 1991 for the sole purpose of explaining Berners-Lee’s website project. In 1993, CERN issued an official statement making the World Wide Web available to the general public. In its statement, CERN asserted, “CERN relinquishes all intellectual property rights to this code, both source and binary and permission is given to anyone to use, duplicate, modify and distribute it.” This sentence effectively made the Internet an open-source environment where everyone could post anything they wanted to, develop apps, and programs. This, of course, also created the vulnerabilities to cyberattacks as it opened the door for cybercriminals. Tim Berners-Lee left CERN in 1994 and founded the World Wide Web Consortium (W3C) at MIT. Image 1.3 First-Ever Website European Organization for Nuclear Research 33 34 The Purpose of the Internet “The Internet is at once a world-wide broadcasting capability, a mechanism for information dissemination, and a medium for collaboration and interaction between individuals and their computers without regard for geographic location.”17 The Internet developed around three distinct aspects: (1) operations and management, (2) social, and (3) commercialization. 35 Operations and Management Aspect With the spread of personal computers (PCs) and workstations to more people, and the growing number of people who utilized the Internet, researchers had to make it easier for people to use. Until then, host names were numeric addresses that users had to know and remember. This was not feasible for household users, so Paul Mockapetris of the University of Southern California developed the Domain Name System, which resolved hierarchical host names (e.g., www.fbi.gov) into an actual Internet address people could visit. Other major issues were increasing the capabilities of routers, operating systems, and software. Finally, as more households began using the Internet, it became necessary to separate the military network (MILNET) from the research network (ARPANET). MILNET became its own network and ARPANET became the Internet.18 36 Social Aspect Several organizations, companies, and universities worked together to grow the Internet to become a major part of our everyday life. In 1988, the National Research Council (NRC) in collaboration with the NSF published the report “Toward a National Research Network.” This report was the basis for the development of high-speed networks.19 Five years later, NRC published the report “Realizing the Information Future: The Internet and Beyond,” which laid the groundwork for the information superhighway.20 The document also included anticipated issues that would need to be addressed, including copyright, ethics, pricing, education, and regulation of the Internet. The Internet was built to be a free and open-access tool, but the founders realized that without some type of regulations it would not be feasible. We return to the fact that the Internet was built as a free and open source in the next section when we discuss security vulnerabilities. The social aspect of the Internet has become one of the most important purposes of the Internet. People go shopping online, meet in online cafes, share pictures and opinions, search for partners, download music, get a university degree, find a job, and participate in life-streaming events. The list of social events available to people through the Internet is endless. Facebook, Twitter, Instagram, and millions of apps enable people to engage with others in the virtual world. There is no need to meet someone in person because we can simply use FaceTime or any other app that allows us to telephone with a live picture. Letters have been replaced by email, instant messages, and tweets. Real life has gone virtual in many ways. These technologies have brought great conveniences for people, connected people around the globe, and provided economic opportunities that were unthinkable when ARPANET was created. But because the Internet and these technologies were not developed with security in mind, the evolution of the Internet has also created substantial dangers for people’s lives. For instance, bullying has always been a concern for school children, parents, and administrators, but cyberbullying has taken these concerns to a much higher level, even making it one of the top priorities of policy makers. Another example is child pornography. Before the invention of the Internet, criminals had to mail or exchange pictures. When police seized the pictures, they became inaccessible. Now there are millions of child pornography pictures available on the Internet, and even if law enforcement shuts down a pornography website, the pictures have already been shared with millions of people, and they remain on the Internet forever. 37 Commercialization Aspect As the Internet began to grow, other groups and companies began to see the potential the Internet had with regard to commerce. The opportunity to create new businesses and markets was one of the strongest incentives to advance the technology quickly. Private companies developed private network services, which created competition and a push for working relationships between the inventors of the Internet and vendors who were interested in developing services for Internet users. In 1988, the first Interop trade show was held with 50 companies and 5,000 engineers. Today, there are seven Interop trade shows per year across the world with more than 250,000 attendees. In sum, commercialization has had a great impact on the development of the Internet since the 1980s and led to an increasing use of the Internet by people on a day-to-day basis.21 Businesses and private citizens started online shopping, online banking, online education, etc. Legal Issue 1.1: Napster: The First File Sharing Program The Internet provided a free and open access tool for information, data, and research, and also to music, films, and other copyrighted products. This has become a major issue for the music and film industry. Until 1999, CDs and DVDs were the main product used by the music and film industry to serve the customer market. As people around the globe started to realize the potential for sharing files via the Internet, the way in which music was shared also started to change. The first file sharing program was Napster, a program that provided free music as MP3 files to users.22 In 1999, college student Shawn Fanning began his online music sharing program as a small project that quickly grew bigger and raised considerable concern in the music industry. As a response to the free file sharing, the music industry filed a lawsuit for copyright infringement, and in 2001 Napster was shut down. This was not the end of the file sharing business, however. To the contrary, it was the beginning. Since Napster, many other companies have started to offer music and films for free on the Internet, which is a persistent challenge to the music and film industry and their desire to protect their products and profit. But possibly even more important, companies such as Apple realized the business potential of these MP3 and similar files and began to build their products to facilitate file sharing, including iPods, iPhones, iPads, and so forth. Customers can now legally download music from iTunes with the ability to only buy the songs they really want or pay a low monthly fee to companies such as Pandora to listen to music all day. Consumers can download films for a few dollars or subscribe to Netflix, Hulu, Amazon Prime, and other subscription services. 38 What Do You Think? The music and film industry believe that they cannot survive if people only buy music and films online because subscriptions and download fees don’t generate as much money as CDs and DVDs. Customers argue that for too many years they paid too much money for a CD with only one song they liked, or bought DVDs with movies for too much money to then find out that the movie wasn’t really that great. What do you think could be done to solve the problem of protecting musicians and film makers but also give consumers a fair deal? 39 Vulnerabilities of the Internet The Internet was built to be a free and open source, with only a minimum of oversight. The original purpose was to freely exchange data and messages among a limited number of researchers. The inventors gave little thought to the possibility of criminals abusing the Internet. With the increased access and the evolution of the Internet from a research tool to a more consumerist and social tool, the door has also opened for criminals. The freedom and openness of the Internet provides many advantages for the users, such as ease of use, fast access, and low-cost software, but it also has its drawbacks—that is, it is vulnerable to a wide variety of cyberattacks that can create great damage for private users, companies, and governments. The next section of the chapter explains what vulnerabilities are and provides an overview of the five main vulnerabilities. 40 What Is a Vulnerability? “A security vulnerability is a weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of that product.”23 For instance, computer administrators have the ability to change the permission on any file on the computer, install software, delete files, etc. If an unprivileged user were able to access the computer remotely and change permission on files, install software, delete files, etc., that would constitute a security vulnerability. Thus, in most companies, only the computer administrators have the ability to do so. There are five distinct gateways that create vulnerabilities for anyone who uses the Internet. These five gateways to vulnerability are (1) time and space, (2) lack of barriers to entry, (3) anonymity/identity, (4) asymmetries of cyberspace, and (5) 1s and 0s. The Washington Post series “The Net of Insecurity” discusses why the Internet is inherently vulnerable and why these vulnerabilities are inevitable. Reference Article: Net of Insecurity http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/ Time and Space In the past, personal interaction and criminal activity typically required physical proximity. For instance, thieves had to get close to the victim to steal a purse with the money and credit card information. Today, a thief can be on another continent and use the Internet to steal money or credit card information from someone. Wars used to be fought with swords, and later with bows and arrows, siege canons, and artillery. As technologies developed, airplanes now drop different types of bombs over countries. Furthermore, we can, and do, use drones in war zones rather than soldiers. This development, moving away from social interaction at close proximity to interaction from a far distance, is important for the understanding of cybercrime and cybersecurity. When users have instantaneous access at a distance to the Internet, it is then also easy for criminals to gain access to information users have on their computers or in a cloud. There are many opportunities for criminals to access computers and sensitive information. Why is that? The main purpose of the Internet is to move information quickly and reliably, and thus it was designed to be open and frictionless. Users want instantaneous access to services from around the globe without any hassles that could be caused by security measures. We also have to remember that the founders of the Internet were mainly concerned with the technical challenges of making the Internet available to as many people as possible; security simply was not their main concern. Since criminals have the same global access to the Internet as noncriminal users, they don’t need to be anywhere near the victim to perpetrate their crime. Also, criminals may be able to commit a greater number of crimes because they don’t have to physically go anywhere.24 Lack of Barriers to Entry 41 Whereas countries have physical borders that serve to keep criminals out of the country, the Internet has no such borders. For instance, when e-mails are sent from one country to another or even from one continent to another, there are no checkpoints to see if the e-mail contains a malware or if the e-mail was sent by a terrorist group who is planning a terrorist attack. This borderless Internet traffic threatens nation-states’ ability to control their territory and the flow of information and goods. Different countries have developed different strategies to deal with this problem. Some countries, such as the United States and Germany, have almost no restrictions on connectivity to the global network. This, of course, makes it near impossible to control the Internet traffic or limit what users say and send. Other countries, including New Zealand and Australia, try to maintain some control over the traffic by limiting Internet connectivity to the global network. This allows them to control some of the traffic to and from their residents. China has probably the most restrictive Internet strategy. Because China only has three undersea Internet cable arrival points, its government is able to control what type of traffic can be received and sent. This, of course, greatly limits what the Chinese citizens can do on the Internet and allows the government to suppress information sharing when it is against their interest. For instance, when opponents of the Chinese government try to share information about human rights violations, their posts never get sent and the senders are at high risk of being arrested. Restricting the connectivity reduces vulnerabilities but greatly diminishes the ability of people to use it freely. Anonymity/Identity Another problem is that users can remain completely anonymous if they choose to do so. The problem this creates is that users don’t know with whom they are doing business, with whom they are talking, or whom they can trust. For instance, in online chat rooms, young girls may believe that they are chatting with a similarly aged boy, when in reality they may be chatting with a criminal who is trying to take advantage of them. You can never be quite certain to whom you are talking because all of the identifying information could be false, including pictures, names, age, profession, etc. Since the initial purpose of the Internet was to transmit information quickly and without hurdles, requiring identification was not a concern of the developers. Also, as discussed earlier, at the beginning there were only a few users and they knew each other. Identification was not necessary. The game has changed, however. Specifically, in 1969 there were only four nodes or devices (i.e., computers), whereas today there are more than 2 billion nodes (devices including computers, cell phones, notepads, etc.), which is about one third of the population, and growing. The substantial growth of the Internet occurred very quickly, and the problems associated with the lack of identification did not become apparent until later, when more and more users were victimized by criminals who were quick to take advantage of the opportunities the free and open Internet provides. The lack of identification also makes it easy for criminals, criminal organizations, and terrorist groups to hide —making it very difficult for law enforcement to figure out who the criminals are, what they are planning to do, and how to arrest them. This problem is compounded by the fact that the criminals often operate from outside the jurisdiction where the crime occurred, raising issues of who has the authority to pursue the 42 criminals. For example, the United States has no jurisdiction in other countries if the criminal is operating from outside the United States. So even if the police can identify the criminal and his or her location, they would need the cooperation of the police in that country. Unfortunately, most of the time the police cannot determine who the criminal is and where he or she is because criminals use aliases, hide identifying information, use untraceable devices, or use the identities of innocent people. Whereas criminals are very good at hiding their identifying information, many users are unaware of the risks of leaving identifying and secret information while surfing the Internet. Every time we access the Internet we leave traces of who we are, what we like, what we search for—and Internet websites use that information to send targeted advertisements. They collect the user’s information for their purposes. This information, of course, is also out there waiting to get snatched by criminals. Most users do not take enough precautions, such as using encryption software, using programs to remove identifying information, using secure networks, and using secure passwords. This leaves many users vulnerable to cybercriminals who are looking for the information. Asymmetries of Cyberspace A small number of criminals can cause a great amount of damage because cybercrimes do not require a sophisticated industrial base or significant financial resources. Criminals also know that their efforts will likely lead to success because there are so many potential victims and so few barriers or oversight. For instance, you probably have received occasional e-mails from a person from Nigeria or some other country offering millions of dollars for help with a transaction using your bank account and the payment of a small transaction fee. Most people realize that these e-mails are fraudulent and simply delete them. That doesn’t deter the senders from continuing their mass e-mails though. Why is that? The senders believe (and rightfully so) that if they send enough e-mails, some people will respond and send the transaction fee. Since the costs for sending the emails are so low, the sender will make a profit even if only very few respond every time he or she sends the mass e-mail. If the sender had to mail traditional letters (snail mail) they would likely lose money, but via the Internet it is free to send e-mails, multiple e-mails can be sent at one time, and it takes very little time as compared to traditional letters. The asymmetries of cyberspace are disconcerting not only for individual Internet users but also for governments. It doesn’t take an army to take down a country. For instance, a small group of terrorists who successfully block the electronic grid of the United States and therefore impair our daily life, which depends on electricity, could create an incredible amount of damage. Or worse, a terrorist group invades the computers of a nuclear power plant and blows up the power plant. Not much life would be left around the plant. To this day, the nuclear catastrophe of Chernobyl in the Ukraine and Fukushima in Japan shows the damage that could occur. The strength of a nation-state depends on its intellectual capabilities rather than its military capabilities. Thus, any country could potentially challenge the United States and Europe if the country has the intellectual capabilities—including North Korea, China, Russia, or Iran. This is also true for terrorists and organized crime groups who have such intellectual capabilities. 43 1s and 0s The logical layer (or the computer code) of the Internet consists of 1s and 0s. From the code of 1s and 0s, it is not possible to determine what that specific code will do—that is, whether that code will execute the program we meant to download or whether it will plant malicious software on our computer. It is also possible that the downloaded program will do both—install the program we wanted and plant malicious software. Even though the malware does have a specific signature, users cannot typically distinguish the malware from the innocent Internet traffic. Rather, users find out after the incident that they have been attacked, their identity was stolen, or that their computer was used to commit a crime. At that point, it is very difficult for the innocent user to reverse the damage of the attack. It is also very difficult to prevent malicious software from invading a computer because a user would have to treat all Internet traffic as malicious, which would greatly interfere with the daily use of the Internet. 44 Think About It 1.1 Imagine you are the computer administrator at a large company. Several employees come to you complaining that they want to be able to install software on their work computers and change permission to files. They are upset because every time they need to install an update or new software for work purposes, they have to call you and wait for you to do the things they could do quickly by themselves. 45 What Would You Do? 1. How would you respond? 2. Would you give them administrator rights to their computers so they can make any changes they want? Why or why not? 46 What Distinguishes Cyberspace, the Internet, and the World Wide Web? In order to understand cybercrime and cybersecurity, it is important to have a good grasp on the basic terminology that will be used throughout the book. These definitions are important insofar as they ensure that we have a common understanding when we discuss cybercrime and cybersecurity. Cyberspace is defined by the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 as “the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.”25 In other words, cyberspace refers to the virtual environment in which people communicate and interact with others. Cyberspace consists of four different layers: (1) physical layer, (2) logic layer, (3) information layer, and (4) personal layer.26 The physical layer consists of the physical devices, such as PCs, networks, wires, grids, and routers. These physical devices are located within jurisdictions, which is important for law enforcement when they search for physical devices used to run criminal enterprises and other cybercrimes, which is discussed in detail in coming chapters. The logic layer is where the platform nature of the Internet is defined and created. Stated differently, cyberspace depends on the design of the Internet. It is built out of components that provide services for users, such as social media, content, shopping, etc. The information layer includes the creation and distribution of information and interaction between users. Users can create information by building a website, linking to other websites, and posting information on social media websites such as Twitter, Facebook, or Yelp. Users can also access information, including music, books, videos, and pictures. The top layer consists of people—people who create websites, tweet, blog, and buy goods online. Attacks on cyberspace can occur at each of the four levels. Communication and interaction can be identified (known) or anonymous. The anonymity of cyberspace creates opportunities for cybercrime that would otherwise not exist and which are different and unique compared to other forms of crime. For instance, hackers would not be able to break into a computer and steal information without cyberspace. The term cyberspace is used because other terms used by the government, such as cybercrime, cyberattack, cyberthreat, or cybersecurity, are derived from the term cyberspace. As you can tell from the definition above, the Internet is a part of cyberspace: The Internet is a global system of interconnected computer networks that are set up to exchange various types of data. This ‘network of networks’ connects millions of computers, including those in academic, business, and government networks, transcending geographic and national boundaries.27 Without this global data communication system, people would not be able to interact and exchange information. The term Internet is often used interchangeably with the term web or World Wide Web. The Internet and the web are distinctly different, however. Whereas the Internet refers to hardware and software infrastructure that connects computers around the 47 globe, the World Wide Web refers to a service that can be accessed via the Internet.28 This service consists of interconnected documents and a variety of resources. The documents and resources are connected and accessible via hyperlinks and uniform resource locators (URLs). Several web browsers (i.e., Safari, Firefox, Explorer) allow users to access the information available on the web. A hyperlink is a reference or navigation element in a hypertext document that offers direct access to another section of the same document or to another hypertext document that is on or part of a (different) domain.29 For instance, the hyperlink https://www.fbi.gov/about-us/investigate/cyber takes you to the FBI’s cybercrime website. A hyperlink could also be embedded in words, such as FBI cybercrime website, which is called hypertext. Users can simply click on the word(s) or the link and are directed to the FBI cybercrime website. These hyperlinks provide easy access to information relevant to the content the reader is interested in. Hyperlinks are unidirectional—that is, a user can link from their content to another website’s content without asking for approval from the owner of the destination page or any action by the owner of the destination page. This unidirectional system allows anybody who has a website to link to other users’ websites. A hyperlink is one way to get to more content, but users also have other options. For instance, if you are searching for information on the web, you may often use URLs, which provide a reference to a resource on the Internet.30 URLs have two main components: the protocol identifier and the resource name. For example, for the website https://www.fbi.gov, the protocol identifier is “https” and the resource name is “fbi.gov.” In this sense, the URL is comparable to the address you would put on a letter to tell the postal service to whom to deliver your letter. Legal Issue 1.2: Is it a crime to link to infringed/illegal content? Under the Digital Millennium Copyright Act (DCMA), Universal City Studios, Inc. brought a lawsuit against three hackers who had provided software that could decrypt digitally encrypted movies on DVDs. The hackers also provided hyperlinks to other websites with decryption software. At the time, motion picture companies were using encrypted DVDs as the main method of distributing movies to consumers. The hackers argued that providing decryption information on their website was protected under the First Amendment, which guarantees the freedoms of speech and press, thus the hyperlinks to websites with infringed/illegal content is also protected by the First Amendment. The U.S. District Court disagreed and stated that by providing decryption software and hyperlinks to websites with decryption software, the hackers had violated copyright laws, specifically the DCMA.31 Imagine you are the judge on the U.S. District Court and you have to decide a case where the defendant is accused of violating the DCMA by providing hyperlinks from his legal website to a website that sells stolen goods. How would you rule in this case? What would be the mitigating or aggravating factors you would consider? 48 What Can You Do?: Preparing for the Job of the Future: Careers in Cybercrime and Cybersecurity 1. FBI Cyber Division A job in the cyber division includes safeguarding classified information; examining forensic information related to computers, technology devices, and data storage media; and disrupting the actions of data thieves and saboteurs. The FBI also employs a Cyber Action Team (CAT) that is deployed to any place in the world where criminals attempt to compromise government security. The CAT team includes highly trained tactical personnel who monitor, pursue, and apprehend criminals. A BA or MA in criminology or criminal justice may be expected.32 2. Cyber Police Officer Cyber police officers create, maintain, and protect law enforcement databases. They also protect the computer network and connected devices. Applicants may have a degree in forensics or information networking and telecommunications with a minor in justice studies.33 3. Computer Crime Investigator The computer crime investigator is responsible for recovering file systems that have been hacked, gathering evidence and computer system information, testifying in court, and training law enforcement on computer-related issues. Corporations typically hire applicants with degrees in computer forensics and computer sciences.34 4. Department of Homeland Security (DHS) Cybersecurity Cybersecurity professionals work on cyber incident response, cyber risk and strategic analysis, vulnerability assessment and detection, intelligence and investigation, and digital forensics and forensic analysis. The DHS also has a cyber student volunteer initiative where students work alongside cyber leaders in the DHS. The Department also offers scholarships for service to students who are interested in becoming cybersecurity experts and want to work for DHS.35 5. Department of Justice Officers working for the Department of Justice work on threats to national security, economic prosperity, and public safety. The key priorities are currently cyberstalking, computer hacking, and intellectual property theft.36 6. The U.S. Secret Service The Secret Service investigates and prevents counterfeiting, as well as securing critical infrastructures. The Secret Service also employs an Electronic Crime Task Force and a Financial Crime Task Force.37 7. Threat Intelligence Analyst The Threat Intelligence Analyst collects, analyzes, identifies, and escalates security incidents for all business units, including employees and customers. Summary The purpose of this chapter is twofold: First, the chapter provides a basic overview of the origin and development of the Internet, cyberspace, and the World Wide Web. The authors discuss how the Internet has changed in the past 20 years and provide some examples of the dangers of the Internet. The chapter also explains the key terms students need to understand and be able to distinguish. Second, the chapter aims to provide students with an overview of the five security vulnerabilities and the key causes of these vulnerabilities. Students should be able to explain what vulnerability means and how these five gateways create security vulnerabilities for anybody who accesses the Internet. 49 50 Key Terms Cyberspace 1 Digital Millennium Copyright Act 14 Domain Name System 6 Hyperlink 13 Hypertext 13 Internet 1 Internet Protocol Suite 5 Malware 10 Personal Computer 6 Uniform Resource Locator 13 Vulnerability 9 World Wide Web 1 51 Discussion Questions 1. How does the Internet differ from cyberspace? 2. Describe the four different layers of cyberspace. How does each layer contribute to the function of the Internet? 3. Discuss how the Internet developed. What was its original purpose? How has that purpose changed in the past 20 years? How do you see the future of the Internet, or stated differently, what do you think will change in the next 20 years? 4. What are the main security vulnerabilities? Which of the vulnerabilities do you think is the most difficult to address for security experts? Explain your answer. 5. Imagine you are the manager of a nuclear power plant near New York. You have to do computer updates in your plant just like on your private computer. What are the risks/vulnerabilities you are facing with every computer update? What would be some possible consequences if your computer was infected with a malware? What precautions would you take to keep your computers safe? Internet Resources European Organization for Nuclear Research http://home.cern/about/topics/birth-web/where-web-was-born Massachusetts Institute for Technology, Computer Science and Artificial Intelligence Laboratory https://www.csail.mit.edu/ Washington Post, Net of Insecurity: A Flaw in the Design. http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/ Defense Advanced Research Projects Agency http://www.darpa.mil/about-us/about-darpa Further Reading Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., . . . Wolff, S. (2017). Brief history of the Internet. Retrieved from http://www.internetsociety.org/internet/what-internet/history-internet/brief-history-internet Witt, S. (2015, April 27). The man who broke the music business. The dawn of online piracy. New Yorker. Retrieved from http://www.newyorker.com/magazine/2015/04/27/the-man-who-broke-the-music-business Digital Resources Want a better grade? Get the tools you need to sharpen your study skills. Access practice quizzes and eFlashcards, at study.sagepub.com/kremling. 52 2 What Is Cybersecurity? Ignorance is not bliss when it comes to cybersecurity. —Singer and Friedman1 53 Learning Objectives 1. Understand the evolving nature of the term cybersecurity and the challenges presented with it. 2. Analyze the origin of cyberspace legislation and the direction it is headed in the future. 3. Differentiate between private and public-sector cybersecurity, and the pros and cons of each. 4. Discuss the role that wireless networks (Wi-Fi) have played in making the issue of cybersecurity even more complex. Companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information. —Kevin Mitnick2 54 Think About It 2.1: What Is Cybersecurity and Why Is It Important? Imagine a hacked planet. Our modes of communication are taken hostage. Nobody knows for sure where they are going when they get into their self-driving car or onto the self-driving bus or train because they have no control. Rather, it’s hackers who control people’s movements. There can be no trust in infrastructure. Without trust, there is no banking, trading, or economy. Nothing is predictable because reality is constantly changed by hackers who blend true with fake news. In such a hacked society, democracy fails and our medical system fails because doctors don’t know whether medical records are correct or even accessible. The critical infrastructures are constantly under attack such that they fail. When the power grids fail, traffic lights don’t work, alarm systems go out, store cash registers stop working, banks can’t open, and people live in a world of chaos. When the water systems fail, people cannot drink the water that comes out of their faucet, or maybe no water will come out of the faucet anymore. When the power goes out, debit and credit cards are worthless, ATM and banking systems shut down, and individuals without cash are in big trouble. In such a dystopian society, no one can be trusted, not our government, not our transportation system, not our power system—nothing in our “smart” world will work as we would expect. This is the world without cybersecurity. We need cybersecurity so that we can have trust that our connected cars drive where we want them to drive, to keep our water safe, to ensure that we have power and medical services, and so people can buy goods with their credit cards and withdraw money from the bank. The cybersecurity of the future will be highly integrated with business technology, and some professionals are already referring to it as business security. There are many definitions of cybersecurity, but what is it exactly? When you think of cybersecurity, think of a fire extinguisher. Even though most businesses have never had a fire, they still have fire extinguishers in case there is one. Schools and universities have fire extinguishers and perform fire drills to practice what to do in case of a fire. And because everyone is aware of the dangers of fire, many private citizens also have fire extinguishers in their homes. Most people share a common knowledge about fire. First, it is an opportunistic threat. If you leave a candle burning on the Christmas tree (which is likely very dry) and forget to blow it out, the tree may well catch on fire and the fire will spread very quickly. Second, a fire does not care what you did yesterday. Even if you blew out the candle on the tree yesterday, today is a new opportunity for the candle to set the tree on fire. Third, fire exploits the smallest vulnerabilities. If the candle is touching any few needles of the tree, the fire will catch onto those few needles and then spread to the entire tree. Finally, fire does not stop until it owns everything—that is, until the entire tree is on fire. The fire extinguisher is a security measure. If the house does not have a fire extinguisher, then it may not be possible to stop the fire from spreading from the tree to other parts of the house, and the house will likely be on fire long before the firefighters arrive. Had there been an immediate response to the fire using a fire extinguisher, the damage would have been much less. Cyberattacks are very similar to a fire.3 55 What Would You Do? 1. So how do you prevent such an attack? 2. What exactly is cybersecurity? 3. How does it affect our everyday lives? 4. What are the biggest threats associated with cybersecurity? 56 Origins and Nature of Cybersecurity The origin of cybersecurity dates back to the 1970s. In 1977, the federal government recognized that open access to computer systems could create security breaches; however, the proposed Federal Computer Systems Protection Act did not pass congressional scrutiny. In the 1980s, specifically 1983, there was a rise in hacking attempts, which some credit to the release of the movie WarGames (see Think About It 2.2). The deputy assistant FBI director pushed for antihacking legislation, but it was not until 1987 when the Computer Security Act was signed into law that security measures for online systems were strengthened. Specifically, the Computer Security Act was one of the first legislations to establish minimum security practices in federal computer systems and advance protection of these systems.4 The following year, the U.S. Computer Emergency Readiness Team (CERT) Communication Center was founded by the Defense Advanced Research Projects Agency (DARPA). CERT, which now boasts the goal of striving “for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world,”5 was created to ensure readiness in the case of a major cyberattack. However, in the late 1980s this was not a top priority within national security. In February 1991, the White House asserted that data theft “is a serious strategic threat to national security,”6 but it was not until 1996 when President Bill Clinton established the first commission on critical infrastructure that identified infrastructures vulnerable to both physical attacks and cyberattacks—specifically, infrastructures that use computer systems, making them especially vulnerable to hackers. The late 1990s gave rise to concern about the millennial change from the year 1999 to 2000 and how the change would affect electronic devices. The issue, referred to as Y2K, resulted in the president signing the Year 2000 Readiness and Responsibility Act, and spending billions of dollars in preparation for the change.7 However, in the end, there were very few major problems associated with Y2K. Using the information gathered during the Y2K preparedness phase, the government was able to examine cybersecurity issues prior to the clocks changing from 1999 to 2000 and address potential problems before they occurred. In the aftermath of September 11, 2001, President Bush charged a committee with creating a strategy for cybersecurity and named Richard Clarke as the National Cybersecurity Advisor to examine the vulnerabilities in cyberspace and the interest of terrorist groups in recruiting individuals with advanced cyber capabilities. Following the attacks of 9/11, Osama bin Laden told an Arab newspaper “hundreds of Muslim scientists were with him” that would use their technological skills against “the infidels.”9 Furthermore, Omar Bakri Muhammad, a supporter of the now-deceased Osama bin Laden, claimed that al-Qaeda had the technology to launch a cyberattack and should use those skills to defend and fight in the name of Islam. Muhammad went on to list the New York, London, and Tokyo stock markets as optimal targets and said: “I would not be surprised if tomorrow I hear of a big economic collapse because of somebody attacking the main technical systems in big companies.”10 Since 9/11, terrorists have continued to increase their knowledge and skills in cyberspace. 57 58 Think About It 2.2: War Games The 1983 movie War Games tells the story of a young computer hacker (David Lightman, played by Matthew Broderick) who, on a quest to play a video game that had not yet been released, accidently accesses the North American Aerospace Defense Command’s (NORAD) computer system. His hacker curiosity kicks in, and as he explores the computer system, he accesses the game mainframe and chooses to play a game, Global Thermonuclear War, between the United States and the Soviet Union. Lightman does not realize that the computer has been specially programmed and does not understand the difference between reality and fantasy (the computer believes that global war is about to begin and overrides all of NORAD’s codes in order to launch nuclear missiles on the Soviets). Lightman’s exploits into the NORAD system result in mass chaos, and he is hunted and apprehended by the FBI. However, his unique knowledge of the computer system allows him to assist NORAD directors (and the program’s creator) in trying to stop the computer from playing the game and releasing missiles on the Soviet Union. The seemingly innocent curiosity of Lightman’s actions comes close to resulting in the actual release of nuclear missiles and the potential beginning of World War III.8 Although not intending to be malicious, the hacking incident could have had severe physical repercussions. 59 What Would You Do? 1. What would you do if your curiosity about something led to a national security threat? How do you think this would play out in a post-9/11 world? 2. Watch War Games and discuss what can be learned from the movie. What vulnerabilities (as mentioned in Chapter 1) are still prevalent today? How can we prevent activities such as the ones in the movie from occurring? 60 Definitions Cybersecurity is a term that is often used broadly. The conceptualization of this broad, and at times vague, term is cause for discussion. Like many aspects of the criminal justice system, how cybersecurity is defined often depends on the individual or entity doing the defining. Definitions vary across government organizations, nation-states, academics, and the private sector, leading to confusion about what actually constitutes cybersecurity. The conceptualization is a continuous and evolving issue. Some definitions concentrate more on defining cyberspace, while others have more of a security focus. The term cybersecurity is frequently used in policy titles and directives, but the use of the word has lagged behind in terms of accurately defining what it means. In other words, the term is being utilized without a clear meaning of what constitutes cybersecurity. We explore a variety of definitions below. The conceptualization issue can be addressed in multiple ways; however, Agresti suggests that as the meaning of security is somewhat established, it is the term cyber that must be defined.11 From a criminal justice standpoint, this could encompass tactics of the perpetrator(s) and protection techniques as well as the jurisdiction (cyberspace) in which the criminals are operating. 61 Definition of Cybersecurity One of the first legislations to include specific cybersecurity provisions was created in direct response to the terrorist attacks on September 11, 2001, and the subsequent anthrax attacks that fall (Anthrax, a bacterial disease, weaponized in powder form and able to cause severe respiratory distress, was sent via U.S. mail to multiple television studios and congressional offices on Capitol Hill. The attack resulted in five deaths and a renewed fear of biological attacks). In an amendment to this document, Subtitle E of the Homeland Security Act of 2002 (Cybersecurity Programs) was added. SEC 242 includes definitions of cybersecurity services and cybersecurity threat (See Table 2.1) but not cybersecurity by itself.12 Table 2.1 Defining Cybersecurity Document/Agency Term Definition Products, goods, or services used to detect or prevent activity intended to result in unauthorized access to, manipulation of, or Homeland Cybersecurity impairment to the integrity, confidentiality, or availability of an Security Act 2002 Services information system or information stored on or transiting an information system, or unauthorized exfiltration of information stored on or transiting an information system Any action that may result in unauthorized access to, Homeland Cybersecurity Security Act 2002 Threat manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system, or unauthorized exfiltration of information stored on or transiting an information system Executive Order 13636 Cybersecurity Information Sharing Timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity. The instructions shall address the need to protect intelligence and law enforcement sources, methods, operations, and investigations Prioritized, flexible, repeatable, performance-based, and costeffective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk, focus on identifying Executive Order Cybersecurity cross-sector security standards and guidelines applicable to 13636 Framework critical infrastructure, provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed 62 to address cyber risks On an ongoing basis, facilitate and support the development of a Cybersecurity Enhancement Act voluntary, consensus-based, industry-led set of standards, Cybersecurity guidelines, best practices, methodologies, procedures, and of 2014 processes to cost-effectively reduce cyber risks to critical infrastructure The organization and collection of resources, processes and Craigen, DiakunThibault, and Cybersecurity Purse (2014) structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights Cyberthreats are the top priority of multiple federal agencies. The National Security Agency (NSA) is charged with providing security to the United States via interception of signals intelligence and decrypting threats both physical and cyber. The FBI has 60 cyber squads that work together with other federal, state, local, and private-sector agencies to increase cybersecurity. Their ability to improve cybersecurity depends on a better understanding of cyberthreats and vulnerabilities in the United States. The former director of the CIA, General Michael Hayden, asserted that there is a cybersecurity knowledge gap between the youthful generation that has grown up with technological advances and the older generations who do not have the knowledge or understanding of the Internet or technological capabilities. This gap results in a vulnerable population, ripe to be targeted by cybercriminals. In 2013, President Barack Obama approved Executive Order 13636: Improving Critical Infrastructure Cybersecurity. EO 13636 also details elements of cybersecurity information sharing and cybersecurity framework (Table 2.1), but again, cybersecurity is not specifically defined. In this document, the biggest cyberthreat discussed is that to critical infrastructures, including the electric grid system, banking/finance, and transportation. A year later, the Cybersecurity Enhancement Act of 2014, which did define cybersecurity (as shown in Table 2.1), was passed with the goal of providing for an ongoing, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness, and for other purposes. Furthermore, in regard to cybersecurity, this document amended the National Institute of Standards and Technology Act (NIST; 15 U.S.C. 271) to extend the role of the Secretary of Commerce so that he or she may continuously develop new methods of cybersecurity (see Appendix 2A). Specifically, the secretary of commerce should continuously develop new methods of cybersecurity that follow industry-led standards, 63 guidelines, best practices, methodologies, procedures, and processes. The goal is to reduce the risk cyberthreats pose to critical infrastructures, such as power grids or water supplies. This is important because if cybercriminals were to attack our power grid, for example, they could cause major damage throughout the country. Anything that uses electric power (street lights, banking systems, transportation) would be affected. Government policy doctrines are not the only writings that do not clearly define cybersecurity. Academic writings are full of varying and, at times, contradicting definitions. This contentious issue, as discussed by Craigen, Diakun-Thibault, and Purse, may lead to confusion and is often “subjective, and at times, uninformative.”13 In their research, Craigen and his team reviewed multiple definitions of cybersecurity in order to find recurring themes in the conceptualization in order to produce a “new, more inclusive, and unifying definition of cybersecurity” that would be applicable across “academia, industry, and government and non-government organizations.”14 Definitions reviewed by this research team ranged from extremely general, as found in the Committee on National Security Systems’ 2010 conceptualization, “The ability to protect and defend the use of cyberspace from cyber-attacks,” to very detailed, as defined by the Department of Homeland Security (DHS). The DHS definition reads: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.15 After reviewing the literature, nine current definitions were chosen to help construct a new definition of cybersecurity. Upon review, the research team was able to identify five dominant themes within the cybersecurity conceptualization literature: 1. Technological solutions 2. Events 3. Strategies, procedures, and methods 4. Human engagement 5. Referent objects (of security) Using a focus group of academics and cybersecurity experts, the research team proposed and had critiqued multiple newly proposed definitions of cybersecurity. Based on this information, Craigen and his team produced a comprehensive definition of cybersecurity: Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyber-space enabled systems from occurrences that misalign de jure from de facto property rights.16 64 65 Case Study 2.1: The Original Hacker: Kevin Mitnick Kevin Mitnick is famous in the hacker subculture. Growing up in Los Angeles in the 1970s, Mitnick’s curiosity and extensive memorization ability paved the way for his interest in cyberspace. While in high school, Mitnick learned how to phone phreak. Phone phreaking allows an individual to exploit the telephone system, making calls for free. He quickly switched to the more complex world of hacking, gaining access to classified/protected information, with relative ease. Mitnick went on to study computers in college. He quickly was able to identify the vulnerabilities in the school’s computer system and gained complete administrative privileges. While today that would be cause for expulsion, Mitnick was given the opportunity to stay in school and complete a project in order to avoid punishment. This specialized project was to examine the vulnerabilities of the system that Mitnick had already illegally accessed and then update the security of the school’s system. In one of the first examples of “white-hat hacking,” Mitnick assisted the school and graduated cum laude with honors.17 Mitnick continued to hack into systems, knowing that it was wrong but enjoying the challenge. As he detailed before a congressional hearing years after he had retired from hacking, Mitnick asserted, I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and non-technical means to obtain the source code to various operating systems and telecommunication devices to study their vulnerabilities and their inner workings.18 In the mid-1990s, Mitnick went from a seemingly unknown hacker to “cyberspace’s most wanted” and landed on the front page of the New York Times. Charged with 14 counts of wire fraud, eight counts of possession of unauthorized access devices, as well as interception of wire or electronic communications, unauthorized access to a federal computer, and causing damage to a computer, Mitnick pleaded guilty to all charges.19 He was sentenced to 3 years, 10 months in prison. While incarcerated, he was viewed as such a threat (it was believed that he could whistle into a phone and set off a nuclear missile) that he was placed in solitary confinement. Upon his release, Mitnick was placed on probation for 3 years, one of the conditions being he could have no access to computers. After successfully completing his probationary period, Mitnick went on to use his skills to positively enhance security. He now runs Mitnick Security, a security service specializing in penetration testing. For further reading on Kevin Mitnick’s story, see The Art of Intrusion and The Art of Deception. 66 Cybersecurity Policies As previously mentioned, President Obama signed into effect Executive Order 13636: Improving Critical Infrastructure Cybersecurity with the goal of increasing the cybersecurity measures to each of the 16 sectors identified by Presidential Policy Directive-21. Order 13636 states the framework will “identify areas for improvement that should be addressed through future collaboration with particular sectors and standardsdeveloping organizations.”20 President Obama had identified cyberattacks as the number-one threat facing the United States. As cybersecurity measures continue to sophisticate, so do the methods of penetration. The National Cybersecurity and Communications Integration Center is charged with 24/7 information sharing of cyberthreats with both the public and private security sector agencies in order to reduce both probability of and the damage caused by cyberattacks.21 Cybersecurity information sharing with the private sector is extremely imperative, as critical infrastructures are extremely vulnerable to cyberattacks and 80% of U.S. critical infrastructure is owned by the private sector. These infrastructures include dams, hospitals, railways, airlines, and power plants, all of which are susceptible to cyberattacks. As the cyberthreat increases, collaboration between public and private sectors can strengthen the role that cybersecurity plays in detection and mitigation. Private security corporations have much to offer to the understanding of cybersecurity. These firms are often equipped with individuals (red teams) comprised of white-hat hackers (nonmalicious hackers for hire) who possess the skills necessary to expose vulnerabilities in the system and to provide cybersecurity solutions because they understand how cyberattacks are perpetrated. 67 Case Study 2.2: FusionX FusionX, a private cybersecurity firm, offers their services to companies and government organizations in an effort to reduce the vulnerability of their systems. FusionX identifies threats to their clients by hacking into their system and attempting to “model and replicate sophisticated adversary attacks.”22 Also known as a red team, or ethical hackers, the goal of FusionX is enhanced security. Using a team of professionals skilled in the art of hacking, FusionX is hired to identify vulnerabilities in computer security and to offer solutions to these problems. Using private-sector resources such as FusionX may help to increase cybersecurity to critical infrastructures. Along with their skilled team of computer experts, FusionX offers the following services: Annual enterprise vulnerability assessments Tactical penetration texting activities On-demand application (including mobile) security assessments Recurring external vulnerability assessment scans Spearphishing and other employee awareness exercises On-demand incident response and threat analysis support Infrastructure security design support Annual risk management program reviews On-demand access to subject matter experts Annual security awareness training programs 68 What Do You Think? 1. What are the benefits associated with hiring someone from the private sector to perform security assessments on computers? Are there risks associated with it? 2. If you were the CEO of a major corporation, what would you do to ensure that your vulnerable information was not passed to individuals with malicious intent? 69 Overview of Cyberspace Intrusions There are many ways that computer systems can be infiltrated and infected. Since the 1980s, when computer viruses became increasingly prevalent, companies have spent millions of dollars to protect their systems from malicious intrusions. One of the most famous first intrusions, Moonlight Maze gained notoriety due to the complexity involved in the attack. In 1998, a computer technician at ATI Corporation noticed a strange connection at 3 a.m. A computer at the company was connecting to Wright-Patterson Air Force Base; however, the computer account’s owner was not using the system. Upon investigation by the Air Force CERT, the attack was traced to Russia and was found to be one of multiple attacks using business and university computer systems as proxies to obtain information. These coordinated attacks were given the name Moonlight Maze. The Moonlight Maze attacks resulted in the theft of thousands of documents containing information on military technologies. The attacks infiltrated “military, governmental, educational, and other computer systems in the United States, United Kingdom, Canada, Brazil, and Germany.”23 These attacks were significant, as they were some of the first to illustrate how vulnerable our technology is to malicious infiltration. Today, malicious software (malware) is readily available for purchase and/or download. This software is often designed with a specific purpose, and often the host computers are unaware that they have been hit with an attack. Some of the more common forms of cyberspace intrusions are detailed next. 70 Network-Based Attacks A network intrusion occurs when a computer system is accessed without permission. Such intrusions may go unnoticed depending on the level of firewalls and security associated with the system. Network-based attacks are attractive because (1) they may often go undetected and (2) the perpetrator(s) are often difficult to trace. Two main forms of network-based attacks are untargeted attacks and targeted attacks.24 Untargeted attacks are of concern for the public, as the attack indiscriminately chooses who the attack victims are. ...
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here is the final answer. I answered all discussion question in chapter 6 and 7. Please let me know if you need any more clarifications. I thank you for always selecting me to work on your assignments. I promise to continue giving you the best.

Running head: CASE STUDY AND DISCUSSION QUESTIONS

Case Study and Discussion Question
Student’s Name
Institutional Affiliation

1

CASE STUDY AND DISCUSSION QUESTIONS

2

Case Study and Discussion Questions
Chapter 6: Discussion Questions
1. Discuss the greatest threats posed by DoS attacks. Think about potential targets and the
damage an attack on those targets could cause.
DoS (Denial of Service) attacks are serious issues for network security as they have the
potential to halt down all the operations of an organization. DOS attacks occur in one of two
forms of flood attacks or crashing the system (Kremling & Parker, 2018). In this way, DoS
attacks make systems or networks unavailable to users. Such attacks seek to obstruct services or
lower performance using overwhelming it with wrong messages. DoS attacks make it had for the
system to make new connections as the memory is inundated with connection requests. Also, the
system’s intrusion detection gets distracted so that it is unable to recognize future attacks.
2. Discuss the motives behind cyber espionage programs.
Cyber espionage programs are either politically or economically motivated (Kremling &
Parker, 2018). In the past, we have had incidents of government computers in both South Korea
and the United States being targeted by espionage groups affiliated North Korea. Since North
Korea lacks a sophisticated network needed to initiate such attacks, it has had to rely on the
Chinese network for such operations. Both South Korea and North Korea do not see eye to eye,
with South Korea associating herself with the progressive philosophy of capitalism. On the other
hand, North Korea associated herself with communism. ...


Anonymous
Awesome! Perfect study aid.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags