Looks like no one added any tags here yet for you.
CIA Triad
Confidentiality, Integrity, Availability
- Model that forms the basis of information privacy
- Used for finding vulnerabilities and methods for creating solutions
Confidentiality
Preserve restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
Availability
Ensure timely / reliable access to and use of information
Integrity
Guard against improper information modification or destruction and ensure information non-repudiation / authenticity
Data Integrity
Property that data has not been altered without authorization
- Accounts for data in storage, during processing, and in transit
System Integrity
Quality that a system has when it performs its intended function without being altered
Privacy in Public assignment
Asking us to stalk others (listen to their conversation at a train station, gather information without being noticed, and try to find them online)
- Shows how someone using information observed in a public place is uncomfortable / can be used to find you online
- This is what big tech does
Griswold v. Connecticut
Established that there is an implied right to privacy in the U.S. Constitution
- Right to privacy exists "in the penumbras" of the Bill of Rights
Is there a right to privacy?
No.
- Not mentioned in the Constitution or Bill of Rights
Is the right to privacy implied?
Yes.
- Implied in Bill of Rights
- 4th amendment: citizens have a right to protect themselves, their homes, effects, etc. from "unreasonable searches and seizures" by the government
Umbra
Shadow effect / darkest area
- Bill of Rights context: Directly stated in the Bill of Rights
Penumbras
Not as dark, affected by shadow and light
- Bill of Rights context: Not directly stated but implied
FERPA (Family Educational Rights and Privacy Act)
Law that states students have the right to access their own education record, seek to have records amended, and control of disclosure of personally identifiable information
- Part of CIA triad: Confidentiality
Information Security
- Protects organizations from bad people
- Protects individuals from bad organizations
Hacker
Advanced computer technology enthusiast
- Often a member of a computing / programming subculture (ex: "Hacker culture")
Hacking
Manipulating something to do something it was not originally made to do
- Furniture ___: Changing a bookshelf to be a desk
- Computer _____: Changing a computer to executer commands it isn't supposed to do
Social Engineering
Any intentional act that influences a person to take an action that may or may not be in their best interests
- Ex: TV commercials (evoke emotions to get you to do something)
Types of social engineering attacks
- Pretexting
- Phishing / Whaling
- Vishing
- Scareware
- Tailgating / Piggybacking
- Urgency
- Authority
Pretexting
Form of social engineering where an attacker makes up a believable story
Urgency
Form of social engineering that pressures people to make timely decisions
Authority
Form of social engineering that uses intimidation
Five phases of a typical social engineering attack
SE Pyramid (top -> down)
1. OSINT / Intel
2. Pretext Development
3. Attack Plan
4. Attack Launch
5. Reporting
Phase 1: OSINT
Open-source information / intelligence gathering
- Sources: Internet, social media, government records
- Skills needed: Research, analysis, writing
- Most time consuming
- Documentation: How will you document, save, and catalog all information you find?
Phase 2: Pretext Development
What kind of scenario can we put people in that will increase the likelihood of success when we try to attack the weakest link?
- Decide what changes / additions need to made to ensure success
- Decide what props / tools are needed
Phase 3: Attack Plan
What are the specific steps we will take to compromise the weakest link?
- Contingency plans. back up plans, etc...
- Skills needed: Creativity, great collaboration skills
- Three W's: What, when, who
Three W's
What, When, Who
- What: What's the plan? What are we trying to achieve? What does the client want?
- When: When is the best time to launch the attack?
- Who: Who needs to be available at a moment's notice for support / assistance?
Phase 4: Attack Launch
Execute the plan
- Use an outline
- Be prepared, don't be so scripted that you can't be dynamic during the attack
Phase 5: Reporting
When you are doing this for a client, they want to know how successful you were in attacking them
- Most important phase
- Skills needed: Professional writing and interpersonal skills
Social Engineering in Action: Professor's experience
- Hired as a contractor security engineer
- Sometimes tested whole system, including human part of system
- Tasked with trying to steal information about the organization's business from the new team of lawyers working there
- Reason: If we can do it, so can actual criminals
Is hacking a crime?
No.
- You can be paid to do it (as a professional)
- Crime is separate from the hacking itself
DNS (Domain Name System)
Converts domain names / host names into IP addresses
- Allows users to remember a "friendly name" instead of numbers (easier to remember www.cisco.com than 198.133.219.25)
Domain
Any text / string you enter to reach a webpage
- Ex: abc.com
IP Address
Number sequence
- If you type this into a browser, it will take you to that website
DNS resolver
"Phone book" of the full system
- When a user searches for a website name, this matches it to the IP address
Route Server
Top level of DNS hierarchy
- Found in different locations across the world
- Managed by 12 organizations
Cache Memory
A type of memory used to temporarily store frequently used data or programs (in this case websites) for quick access
TLD (Top Level Domain)
Has all information on top level domains
- Ex: .com, .net, .org
Auth Name Server (Domain Name Server)
Sends back the IP address of a particular website the user requested
- IP address is sent back to DNS resolver, which stores it in its cache
- After storing the IP address, it is then sent back to the web browser that originally requested it
SOPA (Stop Online Piracy Act) / PIPA (Protect IP Act)
Proposed bills that are aimed to combat online piracy / copyright infringement
- Raised concerns about potential censorship / threats to internet freedom
SOPA / PIPA methods to combat online piracy
- Cut off money (Force a financial service provider to not give money to people associated with a disliked site)
- Block access (DNS, when a user searches a site send them somewhere else / prevent access)
Problems with SOPA / PIPA
- Threaten free speech (if websites have users who break infringement rights, the Supreme Court can go after the website itself)
- Stifle innovation / new startups (Innovative companies will get in trouble if the idea could harm existing ones (ex: Movie industry tried to stop VCR by suing them, music industry thought MP3 players were a threat))
- Grant a lot of power to big media corporations
Censor Search
Search engines would be asked to not show any results for blacklisted web pages
DNS' role in SOPA and PIPA
Allowed websites to redirect users to other sites
- Ex: Looking up reddit, the IP address you got was a different one given to your computer
Hacktivism
Use of computer technology to achieve a political agenda through legally ambiguous means
- Goal: Bring issues to light / cause social change
Aaron Swartz
Hacktivist
- Arrested by MIT after connecting a computer to MIT network to download academic journals from JSTOR
- Found dead by suicide
Encryption
Process of encoding messages to keep them secret, so only "authorized" parties who know the cipher can read it
Algorithm
Series of steps
Plain text
Text that is not encrypted
Cipher text
Scrambled form of the message / data
Specific substitution ciphers to remember
Caesar, ROT13, Vigenere
Cipher
Process of turning plain text into cipher text
Caesar Cipher
Technique for encryption that shifts the alphabet by some number of characters
ROT13
Rotate letters by 13 (or whatever number given)
Process of encryption
- Plain text is enciphered to become cipher text
- Cipher text is deciphered through a key
Key (encryption)
Code that unlocks encryption
- Receiver needs to know the steps of the key in order to decipher plain text
Substitution cipher
Substituting letters for other ones to encrypt a message
Information System
Discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information
System
Reflect the broader applicability of information resources of any size / complexity organized for the collection, processing, use, etc. of data / information
Information
Facts, ideas, or knowledge that could be represented as various forms of data and communicated between systems
Implementation of information security is vital to protecting an organization's:
- Information assets
- Reputation
- Legal position
- Personnel
Threats to an organization's mission:
- Malicious code
- System breaches
- Insider threats
- Publicized security issues
Malicious code
Software created for the purpose of attacking a platform
- Virus
- Trojan horse
- Worm
- Logic bomb
- Ransomware
Virus
Code segment that replicated by attaching copies of itself to existing executable files / programs
- Executes when a user executes the new host program
- May include an additional "payload" that triggers when specific conditions are met
Trojan Horse
Program that performs a desired task, but also includes unexpected / undesirable functions
- Ex: Editing program that could be modified to randomly delete a user's files when they perform a useful function
Worm
Self-replicating program that is self-contained and does not require a host program / user intervention
- Commonly uses network services to propagate (spread) to other host systems
Logic Bomb
Set of instructions secretly / intentionally inserted in a program / software system to carry out a malicious function at a preset time / date when a specific condition is met
Ransomeware
Malicious code that blocks / limits access to a system by locking it down
- Uses encryptors or lockers
Encryptors (ransomware)
Blocks system files and demands payment to unlock / decrypt files
- Most common / worrisome
Lockers (ransomeware)
Designed to lock users out of operating systems
- User still has access to device / other files
- In order to unlock infected device, user is asked to pay ransom
- Even if user pays, no guarantee that the attacker will actually unlock the system
NSA (National Security Agency)
Largest, most covert, potentially most intrusive intelligence agency
Utah Data Center
Centerpiece of NSA's cloud-based data strategy
- Purpose: Interpret, decipher, analyze, and store vast amounts of the world's communications
History of NSA
Original purpose: Prevent another surprise assault
- Originally came from Pearl Harbor attack
- Failed initially (World Trade Center bombing, US embassy in Africa being blown up, 9/11)
- In response to failures, this has become more successful by being invasive and stopping two bombers in 2009 and 2010
Utah Data Center Sections
- Visitor Control Center (ensures only cleared people have access)
- Administration (technical support / administrative personnel)
- Data halls (Four 25,000 sq ft facilities that house rows of servers)
- Backup generators and fuel tanks (Can power the center for at least 3 days)
- Water storage and pumping (Able to pump 1.7 million gallons of liquid per day)
- Chiller Plant (60,000 tons of cooling equipment to keep servers from overheating)
- Power Substation (electrical substation to meet the center's estimated 65-megawatt demand)
- Security (Video surveillance, intrusion detection, and other protection)
Yottabyte
10^24 bytes (highest quantity of storage rn)
- Believed to be necessary due to increase in internet traffic
Invisible Web
Data that cannot be reached by the public
- AKA Deep Web / Deepnet
- EX: Password-protected data, US / foreign government communications
- Utah Data Center gives NSA ability to store / sort through all of this (results in new concern: How does agency define who is / isn't trustworthy)
Utah Data Center as the NSA's "cloud"
- Fed data collected by eavesdropping satellites, overseas listening posts, and secret monitoring rooms in telecom facilities throughout the US
- All data is then accessible to NSA code breakers, data miners, etc
Parts of the NSA network
- Geostationary Satellites
- Aerospace Data Facility, Buckley Air Force Base, Colorado
- NSA Georgia, Fort Gordon, Augusta, Georgia
- NSA Texas, Lackland Air Force Base, San Antonio
- NSA Hawaii, Ohau
- Domestic Listening Posts
- Overseas Listening Posts
- Utah Data Center, Bluffdale, Utah
- Multiprogram Research Facility, Oak Ridge, Tennessee
- NSA Headquarters, Fort Meade, Maryland
Geostationary Satellites
Four satellites positioned around the globe to monitor frequencies
- Covers everything from cell phones to radar systems
- Software on the satellites acts as the first filter in the collection process (targets only key regions, countries, cities, phone numbers, or emails)
Aerospace Data Facility, Buckley Air Force Base, Colorado
Intelligence collected from satellites (as well as other spacecraft / overseas listening posts) are relayed to this facility
- Employees track satellites, transmit target information, and download the intelligence haul
NSA Georgia, Fort Gordon, Augusta, Georgia
Focuses on intercepts from Europe, Middle East, and North Africa
- Codename: Sweet Tea
NSA Texas, Lackland Air Force Base, San Antonio
Focuses on intercepts from Latin America
- Serves as a backup storage facility for Utah Data Center
- After 9/11: Also focused on Middle East and Europe
NSA Hawaii, Oahu
Focuses on intercepts from Asia
Domestic Listening Posts
- NSA has been free to eavesdrop on international satellite communications
- After 9/11: Installed taps in US telecom "switches" to gain access to domestic traffic
Overseas Listening Posts
- NSA has installed taps on at least a dozen major overseas communications links
- Each is capable of eavesdropping on passing information at a high data rate
Utah Data Center, Bluffdale, Utah
- Centerpiece of NSA's cloud-based data strategy
- Essential for plan of decrypting previously uncrackable documents
Multiprogram Research Facility, Oak Ridge, Tennessee
- 300 scientists and computer engineers with top security clearance
- Working to build world's fastest supercomputers, cryptanalytic applications, and other secret projects
NSA Headquarters, Fort Meade, Maryland
Access material stored at Bluffdale to prepare reports / recommendations that are then sent to policymakers
- Also building a supercomputer center
Stellar Wind
Codename for NSA program
- Allowed for access to international and most domestic communications
Data-Mining
Process of analyzing data to extract information not offered by raw data alone
- Allows NSA to create a more detailed understanding of a person's life
AES (Advanced Encryption Standard)
- Hardest shell (encryption)
- Available as 128, 192, or 256 bits
- Used in most email programs / web browsers
- Considered so strong that NSA has approved it for government communications
- Due to how strong it is, it was one of the reasons the Utah Data Center was more (since NSA can't break it, they want to be able to store it)
- The more messages a target sends, the more likely it is the system will recognize patterns
Factors of Cryptanalysis
- Massive number of messages for computers to analyze (where Utah Data Center came into play)
- Super fast computers to conduct brute-force attacks on encrypted messages (2004: High Productivity Computing Systems Program)
2004: High Productivity Computing Systems Program
Goal: Create a machine that could execute a quadrillion operations per second
- Location: Tennessee
- Multiple agencies worked on this project
- Two "tracks" (one public, one private)
- Supercomputer has been created
PRISM
Code name for program where NSA collects communications from US internet companies
- Collects stored internet communications based on court-ordered demands
- Main source of intelligence used for NSA reports
- 91% of all NSA internet traffic is from this
NSA can use PRISM requests to:
- Target encrypted communications
- Focus on stored data that telecommunication filtering systems discarded earlier
- Get data that is easier to handle
Leak about PRISM's existence
Leaker (Edward Snowden) warned in 2013 that the extent of mass data collection was greater than the public knew
- Included "dangerous / criminal" activities
US Government view of PRISM
Supports PRISM
- Claims it cannot be used on domestic targets without a warrant (this comes down to honesty / integrity), helps prevent terrorist attacks, and is overseen by different branches of government
- Obama claimed NSA allowed for more protection of US people
Media Disclosure of PRISM
Leaked documents contained:
- 41 PowerPoint slides
- Tech companies that were involved (Microsoft, Yahoo!, Google, Facebook, AOL, Skype, and Apple -- 98% of information PRISM was collecting)
- Stated that since most of the world's communications pass through the US, this gives US intelligence analysts opportunities to intercept communications of foreign targets
PRISM was able to be used due to passing of:
- Protect America Act of 2007
- FISA Amendments Act of 2008
FISA Amendment Act of 2008
Protects companies from legal actions if they cooperate with US government agencies in intelligence collection
- Allows NSA to monitor phone, email, and other communications of US citizens for up to a week without a warrant
DITU (Data Intercept Technology) of the FBI
NSA sends selectors to US internet service providers
- Providers are legally required to give ____ all communications
- Sends communications to NSA, where they are stored