ITI Exam 3

CIA Triad

CIA Triad

Confidentiality, Integrity, Availability

- Model that forms the basis of information privacy

- Used for finding vulnerabilities and methods for creating solutions

Confidentiality

Preserve restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information

Availability

Ensure timely / reliable access to and use of information

Integrity

Guard against improper information modification or destruction and ensure information non-repudiation / authenticity

Data Integrity

Property that data has not been altered without authorization

- Accounts for data in storage, during processing, and in transit

System Integrity

Quality that a system has when it performs its intended function without being altered

Privacy in Public assignment

Asking us to stalk others (listen to their conversation at a train station, gather information without being noticed, and try to find them online)

- Shows how someone using information observed in a public place is uncomfortable / can be used to find you online

- This is what big tech does

Griswold v. Connecticut

Established that there is an implied right to privacy in the U.S. Constitution

- Right to privacy exists "in the penumbras" of the Bill of Rights

Is there a right to privacy?

No.

- Not mentioned in the Constitution or Bill of Rights

Is the right to privacy implied?

Yes.

- Implied in Bill of Rights

- 4th amendment: citizens have a right to protect themselves, their homes, effects, etc. from "unreasonable searches and seizures" by the government

Umbra

Shadow effect / darkest area

- Bill of Rights context: Directly stated in the Bill of Rights

Penumbras

Not as dark, affected by shadow and light

- Bill of Rights context: Not directly stated but implied

FERPA (Family Educational Rights and Privacy Act)

Law that states students have the right to access their own education record, seek to have records amended, and control of disclosure of personally identifiable information

- Part of CIA triad: Confidentiality

Information Security

- Protects organizations from bad people

- Protects individuals from bad organizations

Hacker

Advanced computer technology enthusiast

- Often a member of a computing / programming subculture (ex: "Hacker culture")

Hacking

Manipulating something to do something it was not originally made to do

- Furniture ___: Changing a bookshelf to be a desk

- Computer _____: Changing a computer to executer commands it isn't supposed to do

Social Engineering

Any intentional act that influences a person to take an action that may or may not be in their best interests

- Ex: TV commercials (evoke emotions to get you to do something)

Types of social engineering attacks

- Pretexting

- Phishing / Whaling

- Vishing

- Scareware

- Tailgating / Piggybacking

- Urgency

- Authority

Pretexting

Form of social engineering where an attacker makes up a believable story

Urgency

Form of social engineering that pressures people to make timely decisions

Authority

Form of social engineering that uses intimidation

Five phases of a typical social engineering attack

SE Pyramid (top -> down)

1. OSINT / Intel

2. Pretext Development

3. Attack Plan

4. Attack Launch

5. Reporting

Phase 1: OSINT

Open-source information / intelligence gathering

- Sources: Internet, social media, government records

- Skills needed: Research, analysis, writing

- Most time consuming

- Documentation: How will you document, save, and catalog all information you find?

Phase 2: Pretext Development

What kind of scenario can we put people in that will increase the likelihood of success when we try to attack the weakest link?

- Decide what changes / additions need to made to ensure success

- Decide what props / tools are needed

Phase 3: Attack Plan

What are the specific steps we will take to compromise the weakest link?

- Contingency plans. back up plans, etc...

- Skills needed: Creativity, great collaboration skills

- Three W's: What, when, who

Three W's

What, When, Who

- What: What's the plan? What are we trying to achieve? What does the client want?

- When: When is the best time to launch the attack?

- Who: Who needs to be available at a moment's notice for support / assistance?

Phase 4: Attack Launch

Execute the plan

- Use an outline

- Be prepared, don't be so scripted that you can't be dynamic during the attack

Phase 5: Reporting

When you are doing this for a client, they want to know how successful you were in attacking them

- Most important phase

- Skills needed: Professional writing and interpersonal skills

Social Engineering in Action: Professor's experience

- Hired as a contractor security engineer

- Sometimes tested whole system, including human part of system

- Tasked with trying to steal information about the organization's business from the new team of lawyers working there

- Reason: If we can do it, so can actual criminals

Is hacking a crime?

No.

- You can be paid to do it (as a professional)

- Crime is separate from the hacking itself

DNS (Domain Name System)

Converts domain names / host names into IP addresses

- Allows users to remember a "friendly name" instead of numbers (easier to remember www.cisco.com than 198.133.219.25)

Domain

Any text / string you enter to reach a webpage

- Ex: abc.com

IP Address

Number sequence

- If you type this into a browser, it will take you to that website

DNS resolver

"Phone book" of the full system

- When a user searches for a website name, this matches it to the IP address

Route Server

Top level of DNS hierarchy

- Found in different locations across the world

- Managed by 12 organizations

Cache Memory

A type of memory used to temporarily store frequently used data or programs (in this case websites) for quick access

TLD (Top Level Domain)

Has all information on top level domains

- Ex: .com, .net, .org

Auth Name Server (Domain Name Server)

Sends back the IP address of a particular website the user requested

- IP address is sent back to DNS resolver, which stores it in its cache

- After storing the IP address, it is then sent back to the web browser that originally requested it

SOPA (Stop Online Piracy Act) / PIPA (Protect IP Act)

Proposed bills that are aimed to combat online piracy / copyright infringement

- Raised concerns about potential censorship / threats to internet freedom

SOPA / PIPA methods to combat online piracy

- Cut off money (Force a financial service provider to not give money to people associated with a disliked site)

- Block access (DNS, when a user searches a site send them somewhere else / prevent access)

Problems with SOPA / PIPA

- Threaten free speech (if websites have users who break infringement rights, the Supreme Court can go after the website itself)

- Stifle innovation / new startups (Innovative companies will get in trouble if the idea could harm existing ones (ex: Movie industry tried to stop VCR by suing them, music industry thought MP3 players were a threat))

- Grant a lot of power to big media corporations

Censor Search

Search engines would be asked to not show any results for blacklisted web pages

DNS' role in SOPA and PIPA

Allowed websites to redirect users to other sites

- Ex: Looking up reddit, the IP address you got was a different one given to your computer

Hacktivism

Use of computer technology to achieve a political agenda through legally ambiguous means

- Goal: Bring issues to light / cause social change

Aaron Swartz

Hacktivist

- Arrested by MIT after connecting a computer to MIT network to download academic journals from JSTOR

- Found dead by suicide

Encryption

Process of encoding messages to keep them secret, so only "authorized" parties who know the cipher can read it

Algorithm

Series of steps

Plain text

Text that is not encrypted

Cipher text

Scrambled form of the message / data

Specific substitution ciphers to remember

Caesar, ROT13, Vigenere

Cipher

Process of turning plain text into cipher text

Caesar Cipher

Technique for encryption that shifts the alphabet by some number of characters

ROT13

Rotate letters by 13 (or whatever number given)

Process of encryption

- Plain text is enciphered to become cipher text

- Cipher text is deciphered through a key

Key (encryption)

Code that unlocks encryption

- Receiver needs to know the steps of the key in order to decipher plain text

Substitution cipher

Substituting letters for other ones to encrypt a message

Information System

Discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information

System

Reflect the broader applicability of information resources of any size / complexity organized for the collection, processing, use, etc. of data / information

Information

Facts, ideas, or knowledge that could be represented as various forms of data and communicated between systems

Implementation of information security is vital to protecting an organization's:

- Information assets

- Reputation

- Legal position

- Personnel

Threats to an organization's mission:

- Malicious code

- System breaches

- Insider threats

- Publicized security issues

Malicious code

Software created for the purpose of attacking a platform

- Virus

- Trojan horse

- Worm

- Logic bomb

- Ransomware

Virus

Code segment that replicated by attaching copies of itself to existing executable files / programs

- Executes when a user executes the new host program

- May include an additional "payload" that triggers when specific conditions are met

Trojan Horse

Program that performs a desired task, but also includes unexpected / undesirable functions

- Ex: Editing program that could be modified to randomly delete a user's files when they perform a useful function

Worm

Self-replicating program that is self-contained and does not require a host program / user intervention

- Commonly uses network services to propagate (spread) to other host systems

Logic Bomb

Set of instructions secretly / intentionally inserted in a program / software system to carry out a malicious function at a preset time / date when a specific condition is met

Ransomeware

Malicious code that blocks / limits access to a system by locking it down

- Uses encryptors or lockers

Encryptors (ransomware)

Blocks system files and demands payment to unlock / decrypt files

- Most common / worrisome

Lockers (ransomeware)

Designed to lock users out of operating systems

- User still has access to device / other files

- In order to unlock infected device, user is asked to pay ransom

- Even if user pays, no guarantee that the attacker will actually unlock the system

NSA (National Security Agency)

Largest, most covert, potentially most intrusive intelligence agency

Utah Data Center

Centerpiece of NSA's cloud-based data strategy

- Purpose: Interpret, decipher, analyze, and store vast amounts of the world's communications

History of NSA

Original purpose: Prevent another surprise assault

- Originally came from Pearl Harbor attack

- Failed initially (World Trade Center bombing, US embassy in Africa being blown up, 9/11)

- In response to failures, this has become more successful by being invasive and stopping two bombers in 2009 and 2010

Utah Data Center Sections

- Visitor Control Center (ensures only cleared people have access)

- Administration (technical support / administrative personnel)

- Data halls (Four 25,000 sq ft facilities that house rows of servers)

- Backup generators and fuel tanks (Can power the center for at least 3 days)

- Water storage and pumping (Able to pump 1.7 million gallons of liquid per day)

- Chiller Plant (60,000 tons of cooling equipment to keep servers from overheating)

- Power Substation (electrical substation to meet the center's estimated 65-megawatt demand)

- Security (Video surveillance, intrusion detection, and other protection)

Yottabyte

10^24 bytes (highest quantity of storage rn)

- Believed to be necessary due to increase in internet traffic

Invisible Web

Data that cannot be reached by the public

- AKA Deep Web / Deepnet

- EX: Password-protected data, US / foreign government communications

- Utah Data Center gives NSA ability to store / sort through all of this (results in new concern: How does agency define who is / isn't trustworthy)

Utah Data Center as the NSA's "cloud"

- Fed data collected by eavesdropping satellites, overseas listening posts, and secret monitoring rooms in telecom facilities throughout the US

- All data is then accessible to NSA code breakers, data miners, etc

Parts of the NSA network

- Geostationary Satellites

- Aerospace Data Facility, Buckley Air Force Base, Colorado

- NSA Georgia, Fort Gordon, Augusta, Georgia

- NSA Texas, Lackland Air Force Base, San Antonio

- NSA Hawaii, Ohau

- Domestic Listening Posts

- Overseas Listening Posts

- Utah Data Center, Bluffdale, Utah

- Multiprogram Research Facility, Oak Ridge, Tennessee

- NSA Headquarters, Fort Meade, Maryland

Geostationary Satellites

Four satellites positioned around the globe to monitor frequencies

- Covers everything from cell phones to radar systems

- Software on the satellites acts as the first filter in the collection process (targets only key regions, countries, cities, phone numbers, or emails)

Aerospace Data Facility, Buckley Air Force Base, Colorado

Intelligence collected from satellites (as well as other spacecraft / overseas listening posts) are relayed to this facility

- Employees track satellites, transmit target information, and download the intelligence haul

NSA Georgia, Fort Gordon, Augusta, Georgia

Focuses on intercepts from Europe, Middle East, and North Africa

- Codename: Sweet Tea

NSA Texas, Lackland Air Force Base, San Antonio

Focuses on intercepts from Latin America

- Serves as a backup storage facility for Utah Data Center

- After 9/11: Also focused on Middle East and Europe

NSA Hawaii, Oahu

Focuses on intercepts from Asia

Domestic Listening Posts

- NSA has been free to eavesdrop on international satellite communications

- After 9/11: Installed taps in US telecom "switches" to gain access to domestic traffic

Overseas Listening Posts

- NSA has installed taps on at least a dozen major overseas communications links

- Each is capable of eavesdropping on passing information at a high data rate

Utah Data Center, Bluffdale, Utah

- Centerpiece of NSA's cloud-based data strategy

- Essential for plan of decrypting previously uncrackable documents

Multiprogram Research Facility, Oak Ridge, Tennessee

- 300 scientists and computer engineers with top security clearance

- Working to build world's fastest supercomputers, cryptanalytic applications, and other secret projects

NSA Headquarters, Fort Meade, Maryland

Access material stored at Bluffdale to prepare reports / recommendations that are then sent to policymakers

- Also building a supercomputer center

Stellar Wind

Codename for NSA program

- Allowed for access to international and most domestic communications

Data-Mining

Process of analyzing data to extract information not offered by raw data alone

- Allows NSA to create a more detailed understanding of a person's life

AES (Advanced Encryption Standard)

- Hardest shell (encryption)

- Available as 128, 192, or 256 bits

- Used in most email programs / web browsers

- Considered so strong that NSA has approved it for government communications

- Due to how strong it is, it was one of the reasons the Utah Data Center was more (since NSA can't break it, they want to be able to store it)

- The more messages a target sends, the more likely it is the system will recognize patterns

Factors of Cryptanalysis

- Massive number of messages for computers to analyze (where Utah Data Center came into play)

- Super fast computers to conduct brute-force attacks on encrypted messages (2004: High Productivity Computing Systems Program)

2004: High Productivity Computing Systems Program

Goal: Create a machine that could execute a quadrillion operations per second

- Location: Tennessee

- Multiple agencies worked on this project

- Two "tracks" (one public, one private)

- Supercomputer has been created

PRISM

Code name for program where NSA collects communications from US internet companies

- Collects stored internet communications based on court-ordered demands

- Main source of intelligence used for NSA reports

- 91% of all NSA internet traffic is from this

NSA can use PRISM requests to:

- Target encrypted communications

- Focus on stored data that telecommunication filtering systems discarded earlier

- Get data that is easier to handle

Leak about PRISM's existence

Leaker (Edward Snowden) warned in 2013 that the extent of mass data collection was greater than the public knew

- Included "dangerous / criminal" activities

US Government view of PRISM

Supports PRISM

- Claims it cannot be used on domestic targets without a warrant (this comes down to honesty / integrity), helps prevent terrorist attacks, and is overseen by different branches of government

- Obama claimed NSA allowed for more protection of US people

Media Disclosure of PRISM

Leaked documents contained:

- 41 PowerPoint slides

- Tech companies that were involved (Microsoft, Yahoo!, Google, Facebook, AOL, Skype, and Apple -- 98% of information PRISM was collecting)

- Stated that since most of the world's communications pass through the US, this gives US intelligence analysts opportunities to intercept communications of foreign targets

PRISM was able to be used due to passing of:

- Protect America Act of 2007

- FISA Amendments Act of 2008

FISA Amendment Act of 2008

Protects companies from legal actions if they cooperate with US government agencies in intelligence collection

- Allows NSA to monitor phone, email, and other communications of US citizens for up to a week without a warrant

DITU (Data Intercept Technology) of the FBI

NSA sends selectors to US internet service providers

- Providers are legally required to give ____ all communications

- Sends communications to NSA, where they are stored