Cybersecurity, Surveillance, and Malware: Key Concepts and Cases

Who was Edward Snowden and what did he reveal?

Edward Snowden was a former CIA employee and Booz Allen Hamilton contractor who leaked classified information about the NSA's PRISM program and mass surveillance activities in 2013.

What was the primary motivation behind Snowden's leaks?

He believed U.S. surveillance programs violated privacy and constitutional rights, and felt compelled to increase public transparency.

What is the PRISM program?

A secret U.S. government surveillance program that allowed the NSA to collect data directly from servers of major tech companies without warrants.

What was Stuxnet and who created it?

Stuxnet was a computer worm developed by the U.S. and Israel to sabotage Iran's nuclear centrifuges at the Natanz facility.

How did Stuxnet spread to an air-gapped network?

Via infected USB drives carried by insiders or contractors with physical access to the facility.

What was Operation Olympic Games?

A covert U.S.-led cyber operation that included Stuxnet, aimed at delaying Iran's nuclear program to prevent a military strike.

What was the Melissa virus and how did it spread?

A 1999 macro-based virus that spread via email attachments, replicating itself and emailing the top 50 contacts in the victim's address book.

What legal consequences did Melissa's creator, David L. Smith, face?

He received a 20-month prison sentence and a $5,000 fine.

What was the Tuxissa virus?

An April Fool's Day hoax in 1999 claiming a virus would install Linux on infected computers.

What vulnerability did Chad Scira discover at Chase Bank?

A race condition in the rewards points system that allowed transferring more points than available, creating unlimited rewards points.

How did Chase Bank respond to the vulnerability disclosure?

They fixed the bug but later closed Chad's and a family member's accounts without clearly stating it was related to the disclosure.

What is a race condition vulnerability?

A flaw where the timing or sequence of events impacts a program's output, often leading to security issues like data corruption.

What simple URL caused Google Chrome to crash in 2015?

Entering http://a/%%30%30 would crash desktop versions of Chrome due to a null character parsing error.

What is fuzzing and how could it prevent such bugs?

Fuzzing is automated testing with random or invalid inputs; it could have detected the URL parsing flaw before release.

What is Marcus Hutchins known for?

He helped stop the WannaCry ransomware attack in 2017 but was later arrested for creating the Kronos banking Trojan years earlier.

What charges did Marcus Hutchins face?

Conspiracy to violate the Computer Fraud and Abuse Act, selling wiretapping devices, wiretapping, and aiding hacking crimes.

Did Marcus Hutchins receive jail time?

No, he received one year of supervised release, with the judge considering his youth and his contributions to stopping WannaCry.

What is TeaBot malware?

An Android banking Trojan that steals credentials and SMS messages, distributed via dropper apps on the Google Play Store.

How does TeaBot gain full device control?

It tricks users into enabling Accessibility Services, allowing screen recording, keylogging, and remote interaction.

Why was Marriott fined $600,000 by the FCC?

For using de-authentication packets to block guests' personal Wi-Fi hotspots to force them to buy the hotel's Wi-Fi.

What is a wireless disassociation attack?

Sending de-auth packets to disconnect devices from a Wi-Fi network, often to jam or force reconnection to a rogue access point.

What is a watering hole attack?

Compromising a website frequently visited by a target group to infect them with malware when they visit.

How did North Korean hackers target security researchers?

They created a fake security firm called SecuriElite with social media profiles and a website to lure researchers into downloading malware.

What is the Heartbleed bug?

A critical OpenSSL vulnerability (CVE-2014-0160) that allowed attackers to read sensitive server memory due to a missing bounds check in the TLS heartbeat.

How could Heartbleed be exploited?

By sending a malicious heartbeat request, attackers could retrieve up to 64KB of server memory, potentially exposing passwords and private keys.

Why did the FBI withhold the REvil decryption key?

To avoid alerting the REvil gang while attempting to dismantle their operations, delaying help to victims.

What criticism did the FBI face over the REvil key?

Victims argued the FBI prioritized investigation over immediate assistance, leading to prolonged downtime and ransom payments.

How did Salesforce.com suffer a data breach in 2007?

An employee fell for a phishing scam, divulging a password that gave attackers access to customer contact lists for further phishing.

What is a logic bomb?

Malicious code set to execute under specific conditions, often planted by insiders to cause damage after they leave.

What did Rajendrasinh Makwana do at Fannie Mae?

He planted a logic bomb set to delete all financial data after his termination; it was discovered and disabled before activation.

What happened when users set their iPhone date to January 1, 1970?

The device would brick due to an integer underflow in the 64-bit time calculation, causing a negative timestamp that crashed the system.

What is the VENOM vulnerability?

A virtualization escape bug (CVE-2015-3456) in QEMU's floppy disk controller that allowed breaking out of a VM to the host system.

Why is WEP considered insecure?

It uses weak RC4 encryption and key scheduling, allowing keys to be cracked in minutes with tools available since the early 2000s.

What should replace WEP for Wi-Fi security?

WPA2 or WPA3, which use stronger encryption and authentication.

What is an influence campaign in cybersecurity?

Coordinated efforts, often by nation-states, to manipulate public opinion via social media, fake accounts, and propaganda.

What are the risks of sharing location data?

Social engineering attacks, physical theft, stalking, and unauthorized surveillance by hackers or malicious actors.

What is a zero-day vulnerability?

A previously unknown security flaw exploited before the developer can release a patch.

Why was Facebook criticized in the Tails Linux case?

They helped the FBI develop a zero-day exploit without disclosing it to Tails developers, violating responsible disclosure norms.

Should zero-days be disclosed to vendors?

Yes, under responsible disclosure practices, to allow patches before public release and protect all users.