CSIT123 - Computing and Cybersecurity Fundamentals

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/274

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

275 Terms

1
New cards

Ransomware

A form of malware that is used to extort money from its victims. If the ransom is paid, cryptocurrency is usually used as it is difficult to trace.

2
New cards

Locker Ransomware

Cybercriminals locking a victim from their computer

3
New cards

Crypto Ransomware

Cybercriminals encrypting valuable files

4
New cards

Cryptoviral Extortion

Cybercriminals encrypting valuable files and the victim can get the decryption key if they pay the ransom.

5
New cards

WannaCry Ransomware

It was a cyber attack performed by the Shadow Brokers in 2017. This group of hackers took advantage of a weakness in the Microsoft Windows OS and using the hack called EternalBlue that they stole from the NSA, they exploited this weakness on computers that had not updated their OS with the patch for this weakness and used it to spread WannaCry. It affected more than 200,000 computers, affecting huge corporations and institutions like NHS and FedEx

6
New cards

Early AI

It was symbolic AI that used a knowledge-based system (or expert system) that contained a set of explicit facts and rules that were used to logically deduce or reason information. The disadvantage was its rigidness and inflexibility to produce different outcomes.

7
New cards

Botnets

A network of malware-infected computers (bots/zombies) controlled by the bot herder who communicates with them using the command-and-control (C&C) server that allows anonymity and remote programming.

8
New cards

3 Stages of Botnet (and Botnet types)

They start by hackers (1) finding and exploiting a vulnerability, then they (2) infect the device and then after infecting thousands or millions of bots they (3) activate it by controlling them to carry out further attacks i.e. DDOS, phishing and cryptojacking.

9
New cards

Why is it difficult to stop a Botnet?

It is difficult to stop a botnet because there are many bots and it is easy to create and expand the botnet.

10
New cards

Passive Infection

No human input i.e. exploited software vulnerability

11
New cards

Active infection

Due to human actions i.e. downloading an attachment or clicking a link

12
New cards

Malware

It is any malicious software including viruses and worms. It can retrieve sensitive information, steal computer resources and damage or disrupt computers and computer systems. It is composed of a payload which is the malicious code and the dropper which is the method used to transmit the payload.

13
New cards

Domain Generation Algorithm (DGA)

This generates many new domain names and cybercriminals use this to change the domains they use to launch the attacks which make it difficult to locate them.

14
New cards

Phishing

It uses social engineering to create unsuspecting emails and text messages that are fake but look legitimate that have a link or an attachment. This link can be used to download further malware, force the user to visit an infected site and make the user share their important login credential for cybercriminals to steal their money or data.

15
New cards

Spear phishing

Spear phishing is when the cybercriminal collects information on the individual or group (usually a group) and use that to make highly personalised phishing campaigns e.g. spam emails.

16
New cards

AI in (phishing)

This has made it easier for cybercriminals to make phishing campaigns more sophisticated and targeted e.g. correcting spelling mistakes and personalises messages.

17
New cards

Social Engineering

The term for doing malicious activity to manipulate users into allowing malware to infect their device that allows the cybercriminals to access many things i.e. sensitive information.

18
New cards

Ethical (white hat) hackers

Works under a code of ethics and for the benefit of the public

19
New cards

Grey Hat Hackers

Caught between the good and bad side and could be potentially hackers who have been rehabilitated

20
New cards

Black Hat Hackers

Operate on the wrong side of the law and usually make malware or phishing campaigns to gain financial benefits from their hacking activity

21
New cards

Cyberterrorists

These hackers have a specific target and definitely want to destroy targets and cause harm

22
New cards

Hacker

It is a person who uses computers to gain unauthorised access to data. There are different kinds of these people like the white hats, grey hats, black hats and cyberterrorist.

23
New cards

Ransomware-as-a-Service (RaaS)

Its a cybercrime business where ransomware developers sell ransomware to other hackers who are often amaterus and cannot decrypt the victim's files even if the victim is willing to pay.

24
New cards

Privacy

The ability of an individual or group (usually an individual) to hide themselves or information about themselves, revealing it selectively. What information do you want to reveal or hide?

25
New cards

Security

Having protection from or resilience against potential harm

26
New cards

Security vs. Privacy

There's an overlap between the two as to have privacy with your information, your information should be secure, protected and not stolen.

27
New cards

Social Media Attack: Fake Profiles

Cybercriminals impersonate legitimate users in order to collect information by fraudelent means. These are then used to manipulate stock prices, spread fake narratives and deceive users into giving out personal information or clicking on malicious links.

28
New cards

Social Media Attack: Compromised Accounts

When a cybercriminal gains access to a legitimate acount they can post malicious content, spread malware or impersonate the owner to defraud others. Large brands and their executives are usually targeted which make the impacts very severe.

29
New cards

Machine Learning (ML)

A branch of AI that mimics the way humans learn without explicit programming. It allows machines to learn from data and past experiences and the more it is exposed to data, its performance and accuracy in identifying patterns and making predictions and decisions are improved as it learns, develops and adapts. There are two types of machine learning: supervised and unsupervised machine learning.

30
New cards

Supervised Machine Learning

The machine is trained using a labelled dataset where the input and corresponding output are shown and so then after learning from many examples of them, the machine can make predictions (an output) when given a new input. It is used to predict outcomes.

31
New cards

Unsupervised Machine Learning

The machine is given an unlabelled dataset where it organises the data’s patterns, similarities and differences into groups. It is used to analyse and discover hidden patterns and similarities and differences.

32
New cards

Social Media Attack: Malicious Links and Content

Cybercriminals using social media to this and they are usually disguised as harmless posts or messages for unuspecting users. These can include phishing sites to steal login credentials or malware being downloaded onto the victim’s device.

33
New cards

Social Media Attack: Reconnaissance

Cybercriminals gathering information about a target through their social media before launching a cyber attack on them. This information can be easy-to-access and general information or personal details that can be used to craft targeted attacks i.e. spear phishing or identity theft.

34
New cards

Social Media Attack: Narrative Attacks

This attack is designed to manipulate the public perception of a usually big company in order to disrupt business operations and remove trust among customers to cause reputational and financial harm.

35
New cards

13 Australian Privacy Principles

  1. Open and transparent management of personal info

  2. Anonymity

  3. Collection of solicited personal info

  4. Dealing with unsolicited personal info

  5. Notification of the collection of personal info

  6. Use or discolosure of personal info

  7. Direct marketing

  8. Cross-border disclosure of personal info

  9. Adoption, use or disclosure of government related identifiers

  10. Quality of personal info

  11. Security of personal info

  12. Access of personal info

  13. Correction of personal info

36
New cards

Cryptocurrency (+ Decentralised Transaction)

Digital currency that uses blockchain technology. Its transactions are decentralised, which means that it is controlled by all the memebers available on a peer-to-peer network rather than one authority like the bank. It’s transactions are faster, more secure, allow for anonymity and irreversible.

37
New cards

Blockchain Technology (+ Hashes)

Blocks that contain information stored chronologically in a chain as an freely open distributed digital ledger. Each block contains data, the block’s hash and the previous block’s hash. The hash is unique for each block and when a block is changed, that block’s hash changes so then all following blocks are invalid. The blockchain is distributed on a P2P network and everyone gets a copy of it. When someone creates a new block and participants on the network (usually miners) verify the transaction (proof-of-work) and it gets broadcasted to be added to the blockchain.

38
New cards

Miners (+ Proof-Of-Work)

They have two tasks (1) verify transactions through the proof-of-work (donce in Bitcoin) which is used to confirm and calculate block’s hashes which prevents tampering as it slows down new blocks being created and (2) mining/generating new Bitcoins. For their efforts, they are rewarded with Bitcoins.

39
New cards

What prevents blockchains from being tampered?

Hash, Proof-of-Work and Peer To Peer Network

40
New cards

GameOverZeus

This incident had 2 malwares: GameOverZeus and Crypto Locker. GameOverZeus is silent until you try to access your financial account and it sends your financial information to the criminals in Ukraine and Russia and they empty your account. Crypto locker locks all the files on your computer and they can only be unlocked when you pay the ransom before 72 hours, or you will lose that data. This botnet was distributed in a peer-to-peer fashion via an email with an attachment from your supposed friend. To protect yourself, update your Windows OS, buy Mcafee’s anti-virus and don’t open suspicious emails and attachments.

41
New cards

Mirai

This botnet in 2016 exploited IoT devices that still used the default factory username and passwords that were easy to target by scanning the internet for them. Once they were infected, they reported back to a C&C server. It used a DDOS attack that had 1.2TB of internet traffic that disrupted services i.e. Twitter, Reddit and Netflix. After this incident, manufacturers were encouraged to used unique default passwords and have automatic security updates while users were encouraged to change default passwords, keep firmware updated and have IoT devices on separate networks.

42
New cards

Mass Surveillance

The process of the federal and local governments and big tech companies using technologies and systems to unconsensually collect monitor and analyse information on individuals within a society. This is to maintain security, prevent threats and to have data for everyone so that they have data on people who may do wrongdoing in the future. They usually wiretap, track, directly mass intercept communications and more.

43
New cards

Why does user’s being aware of mass surveillance important?

This is important because it enables the potential for the abuse of power and control over individuals and violates the user’s privacy.

44
New cards

XKeyScore

A mass surveillance technology used by the NSA revealed by Edward Snowden. The NSA can search with no authorisation through a vast database of millions of individuals. It works by filling in an online form that is sent to the sensor networks around the world until it reaches the local database of metadata and content of the user (who can be anyone) they are trying to search for. The NSA could access emails, chats, browsing history, IP address and more. It was very successful as it helped capture over 300 terrorists.

45
New cards

What are fingerprints? (XKeyScore)

They enable NSA to track a user’s internet activity, regardless if they try to be anonymous i.e. where they have been on the web and who they’ve been talking to etc.

46
New cards

Tempora

A mass surveillance technology run by GCHQ. They placed data interceptors on transatlantic fibre-optic cables that carry out internet data in and out of UK, including internet traffic between the US and Europe. This allowed direct access to large amounts of global internet data, and they usually collected 21PB a day of data. GCHQ and NSA analysts looked through that content and meta content, which could be stored for up to 30 days.

47
New cards

Hacktivism

Using hacking techniques for political and/or social causes i.e. leveraging their skills to disrupt operations, spread information and/or provoke change. Criminals usually target governments using specific techniques i.e. website defacement, DDoS, data breaches, doxing and online shaming.

48
New cards

Website Defacement (Hacktivism)

Infiltrating a website to change its appearance, replacing it with their political message; like a digital graffiti

49
New cards

DDoS (Hacktivism)

Interupts operations, making them inaccessible and its a show of force

50
New cards

Data Breaches (Hacktivism)

Leaked information can cause brand damage

51
New cards

General Data Protection (GDPR)

A European Union Law announced in 2018 that is designed to harmonise data privacy laws. Its purpose is to regulate how organisations handle personal data and information. Non-compliance results in large fines and reputational damage. It is considered a progressive approach to data protection.

52
New cards

General Data Protection Regulation (GDPR) Scope

This regulatory law protects personal data which is any identifiable information i.e. the individual’s full name, location, IP address and cookies and also protects sensitive personal data i.e. race, political opinion, biometric data and health info.

53
New cards

Key Principle of GDPR: Purpose Limitation

The data processing purpose must be clear, open and aligned with individual’s expectations. So organisations must specify their purpose from the start, document purpose, inform individuals transparently and make any additional use is fair, lawful and clear.

54
New cards

Key Principle of GDPR: Data Minimisation

Organisations should only collect the data they actually need. They should identify the minimum necessary personal data to fulfill their purpose, which prevents over-collection. An example of this is an online store sign-up doesn’t need their political opinions.

55
New cards

Key Principle of GDPR: Storage Limitation

Personal data must not be kept for no longer than as needed especially if its in a form where you can identify the individual. Extended storage is allowed for public, research, or statistics but even then the individual’s rights must be protected. Also if user hasn’t used a website in a while, their data should be deleted

56
New cards

Key Principle of GDPR: Integrity and Confidentiality (Security)

Personal Data must be protected from unauthorised access, loss or damage so organisations must use security measures to prevent breaches. The regulatory law doesn’t define exact security protections but it requires proper access controls to the data e.g. encryption.

57
New cards

Lockbit 3.0

The most and recent advanced version of a ransomware that employs the RaaS model which means criminals can independently execute attacks globally. It encrypts sensitive files and demands ransom payments in exchange for the decryption key. The criminals can also threatento leak the stolen data and exploit the media to force them to pay the ransom. Further it excludes targets within Commonwealth to reduce penalty enforcements. Initially it can access the system via stolen log-in information (phishing or brute-force attack) or exploiting a software vulnerability and then the attacker can gain further access to the system laterally. To mitigate the ransomware, users are encourage to update their software, back up their data and use MFA.

58
New cards

Desktop Computing

It is the largest market for computers in terms of making money. It focuses on getting the best possible performance (optimisation) for the lowest price. It is important to customers and computer designers. It features high-performance and cost-reduced microprocessors.

59
New cards

Personal Mobile Devices (PMD)

It is a wireless device with a multimedia interface e.g. phone, tablets etc. The cost is a main concern so it is designed to be cost-effective. Application software are optimised for the web and media uses. It uses flash memory for energy and size efficiency while prioritising responsiveness, predictability and low power consumption.

60
New cards

Internet of Things (IoT) Devices / Embdedded Computers

It is embedded computers that are usually connected to the internet wirelessly. They use sensors and actuators that communicate and interact with the environment for smart applications i.e. smartwatches and thermostats. They come in the widest range of processing power and cost with price as a key factor in design.

61
New cards

Servers

They are the backbone of systems used by organisations. They are a computer or program that provides resources, data or services to other computers (clients) over a network. They act as a central hub, managing requests and enabling access to shared files, websites and applications. Important characteristics of them include: availability, scalability, efficiency and cost-effectiveness.

62
New cards

Cloud Service Level Agreement (SLA)

It is a legal contract between a cloud tenant (customer) and the service provider that specifies the provided services and the performance standard. It helps protect both parties to ensure transparent expectations and accountability by the service provider. It ensures that the provider meets the agreed service level and if services are not met the provider may face penalties (i.e. voided contract) or the contract renegotiated.

63
New cards
64
New cards

Ethical Issues in Cloud Computing: Data Confidentiality

The cloud service provider may access the user’s sensitive data so privacy is very important. However, your sensitive file is very unlikely to be compromised but law enforcement can still require the service provider to give the cloud tenant’s data to them.

65
New cards

Ethical Issues in Cloud Computing: Data Theft

The user’s data can be stolen which normally doesn’t happen with good service providers. However, if it does occur, the service provider may not report the incident to the cloud tenant.

66
New cards

Ethical Issues in Cloud Computing: Geographical Data Storage Issues

Law enforcement of the country where your cloud server is can demand the service provider to hand in your data.

67
New cards

Ethical Issues in Cloud Computing: Multi-tenancy Security Issues

Many cloud tenants can share storage and computational resources so a user may accidentally access someone else’s data. The service provider may not pay attention to the security of your data but they usually do encrypt your file when you upload it. This concept is used to maximised profits.

68
New cards

Ethical Issues in Cloud Computing: Transparency

The willingless of a cloud service provider to reveal the details of their security preparedness

69
New cards

Ethical Issues in Cloud Computing: Managerial Issues

Some cloud service providers may not have good, control, security and privacy management

70
New cards

Ethical Issues in AI: Transparency

AI algorithms are not often this because of copyright and trade secrets, making it hard to detect bias.

71
New cards

Ethical Issues in AI: Respect for Human Values

AI algorithms must uphold human values and promote individual well-being. This ensures sensitive to diverse cultures and beliefs while maintaining ethical integrity when having a positive societal impact.

72
New cards

Ethical Issues in AI: Bias

Since AI is always based on the dataset chosen by the research, it makes it impossible to create a truely neutral system.

73
New cards

Ethical Issues in AI: Privacy

Protecting the user’s privacy should be the highest priority so user permission must be gathered before collecting or using their data. This ensures the security and ethical handling of personal information.

74
New cards

Ethical Issues in AI: Accountability

AI decision-making must be trackable and reviewable (auditable) to ensure transparency especially when handling private and sensitive data i.e. biometrics and health records. This ensures responsibility and proprer monitoring in AI-driven processes.

75
New cards

Ethical Issues in Cloud Computing

Data Confidentiality and Theft, Geographical Data Storage, Multi-tenancy Security, Tranparency and Managerial issues

76
New cards

Ethics in Artificial Intelligence

Transparency, Bias, Respect for Human Values, Privacy and Accountability

77
New cards

Modern Computer (Von Neumann) Architecture and its 4 major subsystems

Memory, Input/output, the arithmetic/logic unit (ALU) and the control unit

78
New cards

Australia’s AI Ethics Framework

There are 8 AI Ethics Principles that ensure safe, secure and reliable AI. They aim to achieve safer, fairer and more reliable AI outcomes. They also reduce the risks and negative impacts of AI while helping businesses and organisations follow high ethical standards in AI design and use.

79
New cards

Benefits of Australia’s AI Ethics Principles

They include building public trust in AI products and organisations, increase consumer loyalty in AI-driven services and promotes positive outcomes from AI applications.

80
New cards

Tendencies Towards Privacy: Time

Users are usually worried about the current and/or future data than past data since its relevance has so-called expired.

81
New cards

Tendencies Towards Privacy: Requesting method

User is willing to manually give their information to their friends but not have these alerts to be sent automatically and frequently. Also the user should understand that, once their give their information away, it’s not just theirs.

82
New cards

Tendencies Towards Privacy: Extent

User may want to have their information reported ambigiously rather than very specific.

83
New cards

Integrity (GDPR)

Your data shouldn’t be altered

84
New cards

Confidentiality (GDPR)

Your information should be a secret

85
New cards

Cryptonomicon

It is a 1999 historical fiction novel by Neal Stephenson set during WW2 and the ‘90s.

86
New cards

Da Vinci Code

It is a 2003 novel by Dan Brown with a cryptographer female protagonist, Sophie Neveu.

87
New cards

Sneakers

It is a 1992 American thriller film directed by Phil Robinson. It is about Martin and his group of security specialists doing a job that proves to be nefarious with harsh consequences.

88
New cards

Snowden

It is a 2016 biographical film directed by Oliver Stone that is based on books. It deals with Snowden’s whistleblowing story about the mass surveillance conducted by the NSA

89
New cards

Mr. Robot

It is an American Drama Thriller TV series created by Sam Esmail. It stars Rami Malek as a cybersecurity engineer with many pyshcological disorders.

90
New cards

Deep Learning

A type of machine learning that attempts to copy the human brain. It uses an artificial deep neural network with artificial neurons that are software modules called nodes that use mathematical calculations that process data such as pictures, text and sounds to produce accurate output, insights and predictions. There are hundreds or thousands of neuron layers that work together to make decisions.

91
New cards

Generative AI

Works by identifying and encoding the patterns within huge existing data and then uses that information to understand the user’s language request to generate new and original content i.e. text, images, videos and audio etc as a response to a user prompt. There are different types of this e.g. Generative Adversarial Network (GANs) and Large Language Model (LLM).

92
New cards

Generative Adversarial Network (GANs)

Learns patterns in the input data to generate a new example based on the original data set. It uses two neural networks: a generator, which produces new content that resembles the original and realistic data, and the discriminator, which evaluates whether the data it receives is real or fake and this can improve through training.

93
New cards

Large Language Model (LLM)

A category of a foundation model that is capable of understanding and generating content in the human language. It requires a large amount of training data to process so that it can generate meaningful responses that are general and adaptable. It is used for tasks such as translation, question-answering and text completion tasks. An example of one is ChatGPT.

94
New cards

Operation Chanology

A hacktivist protest against the Church of Scientology. It was led by Anonymous and was launched in 2008, aiming to punish the Church for internet censorship as it censored an interview with Tom Crusie. Their methods include a DDoS attack and protests that attempted to expel the church from the internet and expose its practices.

95
New cards

Major Threats to Online Privacy: Hacking

Hackers break into computers to steal personal or financial data. FIles that are not encrypted are easy targets for hackers to have access to sensitve data. Stolen data can be exploited for further attacks e.g. phishing emails for new contacts. Online banking and business increase the risk of this, making cybersecurity important.

96
New cards

Major Threats to Online Privacy - Data Trading

User’s data such as their identity, interest and location can be traded as public property. This can be as a result of social media post being shared beyond the intended audiences. Third parties can buy and use this data, often without the user being aware as consent may be given through the terms and services agreements. So once you upload something on the internet, it is no longer fully yours as the data may remain online indefinitely.

97
New cards

Major Leak from WikiLeaks

In 2012, this organisation released classified communications between the U.S. State Department and foreign representatives. This included a video that showed a U.S. helicopter attack in Baghdad that killed journalists and civilians. This video raised ethical concerns about modern aerial warfare and military conduct. So the U.S. government condemened this service and forced payment services i.e. Amazon, PayPal, Visa and Mastercard to cut off donations to this service. Anonymous retaliated with DDoS attacks, temporarily shutting down those payment services.

98
New cards

Major Threats to Online Privacy: Tracking

Online tracking techniques i.e. cookies and pixel tracking can track and monitor browsing history, search history and the user’s time spent on sites etc. Social media and map apps also request location data. Most of this tracking is for ads, but sometimes tracking can be done by cybercriminals to carry out illegal activities. Mass surveillance is also large-scale tracking conducted by the government. Hence, tracking can compromise privacy, leading to potential misuse of this personal data or it can even end up in the wrong hands.

99
New cards

Cookies

They are small blocks of data that allow websites to track users visits and activities. They are embdedded in ads, web banners and videos and once a user consents to them, they are placed on their device and it monitors the user’s activity across websites which can last for less than a day to over a month. Third-party ones are generated by a separate domain from the one a user is currently visiting, which stores the information to present the user with targeted ads, depending on their activity.

100
New cards

Clusters and Warehouse-Scale Computers (WSCs)

It is a group of desktops or servers acting connected by local area networks (LANs) to act as a single system. The largest ones are called this and they consist of tens of thousands of severs that can act as one. They are designed for high availability, price-performance efficiency, and power optimisation. It is used in large-scale data centers for cloud computing and massive processing tasks.