Chapter 19 Notes

Question 1

What happened with Equifax

Answer 1

• Summer 2017
• grabbed data on 143 million customers in the US, Canada, and UK (addresses, SSN, driver’s liecense numbers, credit card numbers, etc.)
• due to an exploit of a vulnerability in an open source component, Apache Struts product, that the firm had 2 months to fix
• CEO retired and the total cost revealed to be the most expensive in corporate history.

Question 2

What was the Target Hack

Answer 2

• hackers installed malware in Target’s security and payments system in 2013 designed to steal every credit card used in company US stores (40 million cards and personal info on 70 million customers exposed)
• target paid over a million for software from the security firm FireEye to detect breaches in real time and the software worked, Target just ignored the warnings
• the firm’s secuirty software has an option to automatically delete malware as its detected but the team turned the function off
• as a result was the firm’s largest ever decline in transactions, falling profits, lawsuits, and the CEO’s dismissal.
• code was snuck into the system using security creds of one of Target’s partners and disguised as BladeLogic, a data center management product

Question 3

What did the data breaches of Equifax and Target show?

Answer 3

security must be a top organizational priority, but also that the vast majority of security breaches are preventable. it is important to determine whether firm has technologies, training, policies, and procedures to assess risks, lessen the liklihood of damage, and respond in the event of a breacj

Question 4

Annual worldwide cybercrime costs:

Answer 4

$600B per year

Question 5

Motivations for hackers?

Answer 5

account theft and illegal funds transfer, stealing personal or financial data, compromising computing assets for use in othr crimes, extortion, intellectual property theft, espionage, cyberwarfare, terrorism, pranksters, protest hacking , revenge

Question 6

what are data harvesters?

Answer 6

cybercriminals who infiltrate systems and collect data for illegal resale, typically to cash-out faudsters

Question 7

what are cash-out fraudsters

Answer 7

criminals who might purchase assets from data harvesters to be used for illegal financial gain. they might buy goods using stolen credit cards or create false accounts

Question 8

what are botnets?

Answer 8

networks of infiltrated and compromised machines controlled by a central command; can be used for sending spam from thousands of accounts, launching fraud efforts or staging distributed denial of service (DDoS), which effectively shut down websites by overwhleming with a crushing load of seemingly legit requests sent by thousands of machines at the same time.

Question 9

Extorsionist might leverage botnets or hacked data to demand payment to avoid retribution. (T/F)

Answer 9

True, a US-based extortion plot againt VA threatened to reveal names, SSN and other info stolen from medical recorrds database.

Question 10

What is ransomware?

Answer 10

allows criminals to take data assets hostage, locking and encrypting infected computers, rendering them unusable and irrecoverable unless wants are met like payment

Question 11

Coorporate espionage is performed by:

Answer 11

insiders, rivals, or foreign government

for ex. a scientist was busted trying to sell R&D documents and secret data on proprietary products.

Question 12

How has cyberware become a legitimate threat?

Answer 12

technology disruptions by terrorits or a foreign power might be devastating

ex. cutting off power, communication, temperature controls (demonstrated by white hat hackers in a 60 minute news program; forcing oil refinery to overheat and cause an explosion, which would be expensive and difficult to replace).

Question 13

What is Stuxnet?

Answer 13

a worm that infiltrated Iranian nuclear facilities and reprogrammed the industrial control software operating hundreds of uranium-enriching centrifuges; caused devices to spin into damage. the sophisticated attack went undetected as it was happening.

showed that it’s now possible to destroy critical infrastructure without firing a shot.

Question 14

Malicious pranksters are also called

Answer 14

griefers or trolls; one group posted seizure-inducing images on websites frequently visited by people suffering with epilepsy.

Question 15

What are hacktivists?

Answer 15

target firms, websites, or even users as a protest measure; Twitter was once brought down, and Facebook was hobbled as hackers targeted the social networking and blog accounts of Georgian blogger Cyxymu. this attack silences millions of accounts as collateral damage in a DDoS attack meant to mute the single critic.

Question 16

Example of revenge-seeking motivation?

Answer 16

San Francisco city government lost control of a large portion of its own computer netwrok over ten-day period when an employee refused to share critical passwords

Question 17

What did former CIA employee, Edward Snowden do?

Answer 17

He leaked over 1.7 million documents from US, British, and Australian agencies that revelaed that the agencies had data-monitoring efforts far more pervasive than many realized (direct access to audio, video, photos, e-mails, documents, etc. at major US companies and unlimited access to phone records from Verizon US customers). Such surveillance efforts can put citizens and corporations at risk if poorly executed and inefftively managed.

Question 18

What is XKeyscore?

Answer 18

a tool that allows the collection of data on nearly everything a user does on the Internet

Question 19

Why are the good guys outmatched?

Answer 19

Law enforcement agencies dealing with computer crime are undersourced, outnumbered, outskilled, and underfunded. Staffed with weak personnel. Govt can rarely match the pay scale offered by private industry to deal with the growing hacker threat.

Question 20

What is a hacker? White hat? black hat?

Answer 20

someone who breaks into a computer or a paricularly clever programmer; white hat hackers are good guys sharing their knowwledge to uncover computer weaknesses without exploiting them in hopes security will be improved; black hat criminals, crackers, are computer criminals

Question 21

User and Admin threats

Answer 21

• bad apples: dishonest employees and insiders including cleaning or security staff
• social engineering: con games that trick employees into revealing info or performing tasks that compromise a firm (impersonating, befriending, harassment/guilt/intimidation, charm, setting off false alarms, surveys)
• phishing: leverages the reputation of a trusted firm or friend to trick the victim into performing an action or revealing info (downloading malware, attaching groups, attracting with personalized writing, using social media)
• passwords: insecure password systems
• careless/uninformed user (sharing settings, no encryption, software updates turned off, etc)

Question 22

zero-day exploits

Answer 22

Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.

Question 23

what is being done to build better passwords?

Answer 23

biometrics, single-use passwords, multi-factor authentication, transactions only on authorized devices

Question 24

Technology threats

Answer 24

• malware seeks to compromise a computing system without permision, targeting its OS, browsers, plugins, and scripting languages

Question 25

Methods of infection for technology threats:

Answer 25

• viruses: infect other software or files
• worms: programs that take advantage of security vulnerability to automatically spread (unlike viruses, worms do not require an executable)
• trojans: misleads users of its true intent by disguising itself as a standard program

Question 26

goals of the malware

Answer 26

• botnets or zombie networks: infected computers controlled remotely by a central command
• malicious adware - programs installed without user consent or knowledge to serve ads
• spyware - monitors user actions or netwrok traffic
• keylogger - records user keystrokes
• screen capture - records pixels on user’s screen
• card skimmer - captures data from a swipe card’s magnetic strip
• RAM scraping ot storage scanning software - scans computing memory for sensitive data and looking for sensitive info
• Rasomware - encrypts users files with demands that a user pay to regain contorl