CNIT 422 Exam 1

Wall’s typology of cybercrime (4)

cyber-trespass, cyber-deception/theft, cyber-porn/obscenity, cyber-violence

types of insider threat (6)

accidental, malicious, non-malicious, internet-based, service provider, system admin

categories of insiders (5)

current staff, departing staff, former staff, service providers, partners

service provider insider threat

external staff, high turnover rate leads to poor management of authorization

system admin insider threat

has access to privileged info

hacker subculture norms

technology, knowledge, secrecy

digital piracy history: 1980s

warez doodz shared pirated software through BBS

digital piracy history: 1990s

P2P software and IRC, file sharing directly between users

digital piracy history: 2000s

torrent sharing (concurrent uploads and downloads through multiple sources)

subculture of digital piracy

knowledge should be free, profiteering companies make enough money anyways, no security protection = item deserves to be cracked

hacker history: 1950s

term “hacking” first emerged from MIT to describe people that played around skillfully with electronics, hacking was knowledge and solving problems

hacker history: 1960s

perception of hacker as skilled programmer and tinkerer continued, as computer tech moved from universities into military applications, number of hackers grew, culture of programmers based on hacker ethic (info should be free, access to computers should be unlimited, etc.)

hacker history: 1970s

phreaking and homebrew computing, still about learning and knowledge, phreaking got national attention, emergence of hobbyist groups focused on development of computer hardware and software

hacker history: 1980s

PCs were more accessible, video games exposed tech to young people, modem tech became accessible, rise of BBSs culture where hackers across country shared info with one another, movie WarGames features teenage hacker that piqued curiosity in hacking, term became more malicious, The Hacker Manifesto

hacker history: 1990s

computer security emerges which created tension between ethical and unethical hackers, Kevin Mitnick prosecuted, WWW and PC altered nature of business and communications, phishing, DOS attacks, web defacement

social organization of hackers

noobs (made fun of) → leets (held in high regards)

** technicways

the process of behavior changes in response to technological innovation

example of technicways

people used to communicate via telephone or in-person; now, they text, email, DM, etc.

CMCs

computer-mediated communications

examples of computer-mediated communications

email, texting, etc.

** digital natives

people who have never lived without technology (born in 1980s and later)

** digital immigrants

born before technology was a large aspect of daily life, have to adapt to digital environment

** 3 ways computers are abused by offenders:

1. as a medium for communication and development of subcultures online

2. as mechanisms to target sensitive resources and engage in crime

3. as incidental devices to facilitate the offense and provide evidence of criminal activity online or offline

dark web

portion of Internet only accessed with specialized encryption software and browser protocols

How are The Onion Router and TOR Service used?

to hide user’s IP address and location details

subcultures

groups with their own values, norms, traditions, and rituals that set them apart (justifies actions of subculture members)

** web defacement

replacing existing HTML code with web page with the images/messages the attacker wants to create, often done by cyberpunks

What is (commonly) the motivation for acts of web defacement?

political

deviance

behavior that isn’t illegal but is outside of prevailing culture’s norms/beliefs

examples of deviance

texting during class or in the movie theater

** cyberdeviance

behavior that isn’t illegal but is outside of prevailing culture’s norms/beliefs with the use of technology

examples of cyberdeviance

pornographic images through webcams, cell phones, digital photography

** cybercrime

perpetrator uses special knowledge of cyberspace, involves Internet, always considered a computer crime too

** characteristics of cybercrime (2)

targets single individuals, economic motivations

** how cybercrimes differ from real-world crimes (6 points)

• no boundary in cyberspace (people’s privacy is protected online)

• hard to destroy online evidence

• no physical presence to commit crime

• easy to commit crime internationally

• lack of extensive tools to commit crime (less tools = less evidence)

• lack of legal consensus among countries

is a search for arsenic after a poisoning crime considered a computer crime?

no, the search is just evidence

** cyberterrorism

politically motivated use of computers as weapons/targets, intent on violence to influence an audience, causes widespread fear in society

** characteristics of cyberterrorism (3)

political motivations, designed to hurt/kill innocent people, strikes fear into larger population

reasons why cybercrime & cyberdeviance are attractive

easy access to technology (dropped prices of computers, small portable computers)

spam

unsolicited emails sent to addresses found online

proxy servers

hide location by being the intermediary between computers and servers on Internet

T/F: An attacker can be investigated in country without cyberlaws

False

T/F: True number of cyber offenses is unknown

What are the reasons for answer?

True (lack of reporting because illegal activity is not being recognized by victim, victim cannot identify clear risk patterns, protective software is not always working, victim is embarrassed for falling for scam)

incidental role

use of technology when committing crime

digital evidence

information transferred and stored in binary form

cyber-trespass

crossing boundaries of ownership in online environments

cyber-deception/theft

all the ways that individuals may illegally acquire information (hand in hand with cyber-trespassing)

methods of cyber-deception/cyber-theft

phishing, digital piracy

cyber-porn/obscenity

sexually expressive content online (defined differently by location)

cyber-violence

ability to send or access (emotionally or physically) harmful, dangerous materials online

distributed denial of service (DDoS)

attackers send multiple requests to servers that house online content to the point where servers are overloaded and unable to be accessed by true users

how the Internet impacted society

globalization, anonymity, lower inhibitions (more likely to do something online than in-person)

** differences in crime during the Industrial Revolution vs. Information Age

Industrial Revolution saw crimes face-to-face; Information Age sees anonymous online crime

The Great Divide

people who have access to technology vs. those who don’t

examples of informal social norms

parent's curfew, late to class, general rules

formal social norms

laws that say what you can and can’t do

** hack

the modification of technology to allow it to be used in new, innovative ways

T/F: Hacking is only for illegal purposes

False (hacking can happen for legal or illegal purposes)

examples of legal hack

jailbreaking programs that enable users to install third party programs to be used on a product originally not made to allow that

illegal hacks

modify programs, subvert security protocols

shoulder surfing

stealing passwords by looking over victim’s shoulder for keystrokes

shoulder surfing: legal or illegal hack?

illegal

social engineering

fool/convince people to give information to access resources, preys upon people’s willingness to help

social engineering: legal or illegal hack?

illegal

vulnerabilities

flaws in computer software or hardware (or people in the case of social engineering)

exploit

program that takes advantage of vulnerabilities to give the attacker deeper access to a system or network

non-nation state actors

no immediate affiliation to an organization

what non-nation state actors do

steal sensitive information that can be resold for profit

nation-state actors

engage in attacks in cooperation with a government entity

what nation-state actors do

target other government agencies, corporations, or universities to engage in espionage and theft of intellectual property

** hackers (definition + common characteristics)

no set definition

• under the age of 30

• younger people have more exposure to technology

• mix of formal education and knowledge acquired on their own

• male

• social relationships that influence willingness to engage in different forms of behavior over time

bulletin board systems (BBSs)

sites that allowed asynchronous communications between users (posts and replies)

how hackers use BBSs

to provide information, tools, techniques

warez

pirated material hosted to download on BBS

hacker spaces

way for people with knowledge of technology to share what they know with others

the first PC virus

Brain

phone phreaking motivations

to strike out against telephone companies and to make free calls

The Hacker Manifesto

written by The Mentor, says hackers aren’t criminals but just seeking knowledge, that hackers are misunderstood, and supported the criminal aspects of hacking

** phishing

tricking consumers into transmitting financial information into fraud websites where information is saved for later fraud, attacker knows something about consumer

denial of service (DOS)

keeps individuals from using communications services, making them useless

noob

no status

script kiddies

term meant to shame individuals by recognizing use of premade script, lack of skill, and concurrent harm they may cause

lamers/wannabees

older hackers with limited capacity and skill

another name for lamers

wannabees

another name for wannabees

lamers

leet

experienced hackers

white hats

ethical hackers who find errors to benefit general computer security

black hats

use ethical hacking techniques to gain access to information and harm systems

gray hats

fall somewhere between white and black hats, motives change based on situation (and money)

biggest motivator for gray hats

money

internal attacker

someone who’s authorized to use and has legit access to computers, networks, and certain data

InfraGard

FBI project, nonprofit public-private partnership designed for information sharing between academics, industry, and LE

** precursor to hacking

phone phreaking

** Homebrew Computer Club

fell apart due to companies forming and their company secrets that could not be shared with other hackers

** evolution of hacking

used to be about exploration and learning

examples of nontechnical hacks

social engineering, shoulder surfing

espionage

spying

traditional hackers

anti-establishment, old school (dedication to information sharing, learning, knowledge, and curiosity)

contemporary hackers

motivated by money, revenge, and notoriety

cracker

criminal hacker, violate security systems for illicit purposes