Essentials Lec 8 - 14

Question 1

In organisational cybersecurity what are External Security Threats?

Answer 1

• Professional cyber criminals and terrorist (hard to detect)
• Disgruntled employees - Competitors
• Hacktivists
• Script kiddies (advertise actions)

Question 2

What are common security behaviours in organisations?

Answer 2

• Insider Threat
• Shadow Security
• Compliance budget

Question 3

What is Shadow Security?

Answer 3

Shadow security (e.g. using own USBs, devices, transfer websites, etc.) - Getting the job done > secure behaviour (time you have and need) - Workarounds - Not always less secure

Question 4

What is Compliance Budget?

Answer 4

Compliance budget (e.g. crossing the red light in the middle
of the night) - Enough is enough - Employees can only take so much - Limited resources, so use it wisely - Passwords: change it every 70 days, don’t share it, etc.

Question 5

What is Phishing?

Answer 5

Fraudulent attempt to obtain key information (log in details,
bank details, social security numbers, etc.).

Question 6

What are the 3 types of phishing?

Answer 6

Roughly there are three types of phishing:
1. Phishing
2. Spear phishing: specific attack
3. Whaling: going after CEO’s (big fish)

Question 7

What are the suspectibility factors of phishing?

Answer 7

Message factors
- Social influence (e.g. authority, conformity, relational norms)
- Needs and wants (e.g. curiosity, reward, flattery)
- Loss
- Trust

Individual factors
- Prosperity to trust
- Goals and motivation
- Personality (Big 5), self control, impulsivity
- Knowledge, expertise, experience

Context factors
- Current state (e.g. Mood, cognitive load, current needs)
- WIder context (culture, organisational context, status)

Question 8

What are common phishing techniques?

Answer 8

1. Sense of urgency
2. Invoking emotions
3. Legitimacy Cues
4. Social Influence Processes
5. Decision Biases

Question 9

What is Social Engineering?

Answer 9

The acquisition of sensitive information or inappropriate access privileges by
an outsider, based upon the building of an inappropriate trust relationship
with insiders. The goal of social engineering is to trick someone into providing
valuable information or access to that information. Also considered a ‘human
vulnerability’. Increasingly likely in organisations that are:
1) authoritarian, 2) hierarchical and 3) low in trust.

Question 10

What are the types of social engineering?

Answer 10

Types of social engineering
- Phishing/ vishing
- Impersonation
- Tailgating
- Baiting

Question 11

What are the 6 weapons of influence (Cialdini)

Answer 11

Compliance inducing techniques:
1. Authority (tendency to comply with people in positions of authority)
2. Commitment and consistency (a psychological tendency to always ensure consistency between actions and promises and their
inner values and belief systems)
3. Liking
4. Reciprocity (if you do something for me I will do something for you)
5. Scarcity (the fear of missing out)
6. Social proof (what people around you are doing, you are more likely to do that as well)

Question 12

What are other social engineering techniques?

Answer 12

Other social engineering techniques: - Elicitation techniques (e.g. did I link my 35515 to this address?) - More reciprocation techniques - Mirroring/ mimicry (e.g. liking)

Question 13

What is Reciprocation

Answer 13

Reciprocation
“If you do something nice for me I’ll do something nice for you. I feel obligated to reciprocate.” It is a social norm of responding to a
positive action with another positive action, rewarding kind actions. As a social construct, reciprocity means that in response to friendly
actions, people are frequently much nicer and much more cooperative than predicted by the self-interest model; conversely, in
response to hostile actions they are frequently much more nasty and even brutal. Remember: charity giving you free money (disclosure
is reciprocated too)

• Opening doors (tailgating) - Influence techniques:
  1. Door in the face (rejection-then-retreat: making an outrageous request that someone will almost certainly turn down, and then
  make the smaller request that was the favour of interest all along).
  2. Foot in the door (getting a person to agree with a large request by first getting them to agree to a moderate request).

Question 14

What is Mirroring/Mimicry?

Answer 14

Mirroring is the behaviour in which one person unconsciously imitates the gesture, speech pattern, or attitude of another. Mirroring
often occurs in social situations, particularly in the company of close friends or family. The principle with mimicry is to repeatedly
perform the action and then reward any action that begins to be like what you are doing.

• Mirroring can occur using
  Non verbal body language
  Linguistic style
  Lexical matching
  Accent
• Waitress who repeat back your order get bigger tips
• Liking

Question 15

What are solutions in organizational security?

Answer 15

1. Make it usable - What (are) might be the unintended consequences be? - How do my protocols interfere with employees productivity/ core tasks?
2. Limit access to information - Mitnick & Motorola SW code
3. External security != Internal security - Both physical access and protective measures
4. Don’t just ban or monitor, but enable staff
5. Accept risk, have recovery plans
6. Link corporate security practices to personal security behaviour
7. Work with end-users to create workable processes - e.g. how to distribute information and share files
8. Create policy on how to act when job tasks and security practises do not align, - This in order to avoid individual shadow security practises.

Question 16

What are the elements of a security culture?

Answer 16

• Security culture: more than a set of behaviours - Requirements - Physical security - Cyber security - Board buy-in - Leading by example

Question 17

What is Misinformation and Disinformation difference?

Answer 17

Both cover falsehoods and both can be deceptive. - Misinformation = unintentional - Disinformation = intentional

Question 18

What are the 7 types of mis- and disinformation?

Answer 18

1. Satire or parody: no intention to cause harm but has potential to fool
   e.g. The Onion, De Speld, Private Eye
2. False connection: when headlines, visuals or captions do not support the content
   e.g. clickbait,
3. Misleading content: misleading use of information to frame an issue or individual
   e.g. white people & black people portrayed after hurricane Katrina
4. False context: when genuine content is shared with false contextual information
   e.g. “Muslim woman pays no mind to the terror attack”
5. Imposter content: when genuine sources are impersonated
   e.g. “Doubts raised over authenticity of Charlie Hebdo footage”
6. Manipulated content: when genuine information or imagery is manipulated to deceive
   e.g. “President Macron vows to flood Europe with millions of African migrants”
7. Fabricated content: new content that is 100% false, designed to deceive and do harm
   e.g. Quote by Trump: “If I were to run, I’d run as a Republican. They’re the dumbest group of voters…”

Question 19

Why is fake news a problem

Answer 19

Is fake news a problem? - Financially motivated vs. Politically motivated news
* Confusion about current events
* Suggestions of poor ability to recognise
* Reduces trust in civic institutions - Viewing fake news may foster feelings of alienation
* Perceived realism of fake news stronger with lower exposure to genuine news

Question 20

What is an Echo chamber?

Answer 20

Echo chamber: can be online or offline. When people with the same attitudes/ beliefs group together and block those with different
attitudes

Question 21

What is an Filter Bubble

Answer 21

when algorithms automatically recommend content the person is likely to agree with (based on previous behaviour).
What have you looked at, what have you enjoyed, why did you spend more time on a platform?

Question 22

What are the consequences of misinformation?

Answer 22

Consequences
- Similar to targeted advertising —> who knows?
- Undermining existing systems and structures
- Debunking is difficult
- Facts have limited reach

Question 23

What are Human Vulnerabilities concerning mis/disinformation

Answer 23

• Truth bias: we tend to think people are telling the truth
• Naive realism: our perceptions of reality are true, others are uninformed, biased
• Confirmation bias: we seek information that confirms existing beliefs
• Dunning-Kruger effect: we think we’re most competent than we are and our ability to be aware of this reduces as we become less
  able - Sleeper effect

Question 24

What is the mere exposure effect?

Answer 24

Repeating fake news makes it more real - Mere exposure effect: liking - Illusory truth effect — pre-exposure to a statement increases the likelihood it will be judged as accurate (processing fluency) - Demonstrated with fake news as well

Question 25

What is the Role of Social Media

Answer 25

• How does social media design support fake news?
• Do they want to stop it?
• Commercial and ethical considerations

Question 26

What are the downsides of technology in fake news?

Answer 26

• “Say you’re driving down the road and see a car crash. Of course you look. Everyone looks. The internet interprets behaviour like
  this to mean everyone is asking for car crashes, so it tries to supply them.”
• By this point, we’ve already seen enough to recognise that the core business model underlying the Big Tech platforms— harvesting
  attention with a massive surveillance infrastructure to allow for targeted, mostly automated advertising at very large scale—is far too
  compatible with authoritarianism, propaganda, misinformation, and polarisation. (Zeynep Tufecki, 2018)

Question 27

What are the technical aspects of social media in fake news?

Answer 27

• Ease of share
• Homogeneity and filter bubbles
• Facebook’s fake news problem
• Twitter’s bot problem

Question 28

What are the problems and solutions to mis/disinformation

Answer 28

Question 29

What are Deep Fakes

Answer 29

• Machine learning and AI to alter videos
• Revenge porn
• Altering the past? -

Solutions: Are there human solutions? Technical video inspection? Stamps of approval? Only trusted sources?

Question 30

Why can cybercrime be expected?

Answer 30

1. With the rise of cyber, there were new types of crime (e.g. hackings, ransomware, etc.)
2. Migration of traditional crime online (drug trade, terrorist communication, illegal online casino’s)
3. Space where any crime can leave a trace

Question 31

What is the definition of cybercrime in the context of investigation frameworks

Answer 31

1. Any crime leaving digital traces
2. Cyber-related crimes (computer as a tool for traditional offences)
3. Cyber-dependent crime (computer crime). A crime would not have been possible without manipulation of data. CIA crimes
   (confidentiality, integrity, availability)

Question 32

Is Cybercrime a legal term?

Answer 32

No, The definition of specific cybercrimes should be very precise in the national laws (nullum crimen singe lege) - Criminal procedural frameworks: the term cybercrime should be sufficiently broad
* Why? To apply procedural frameworks developed to fight cybercrime to other criminal investigations in cyberspace and to
guarantee protection human rights in digital investigations

Question 33

What are the opportunities for crime in cyberspace

Answer 33

Opportunities for crime in cyberspace = unique challenges for crime prevention, detection and investigation
—> Number of users and devices, international dimension, attribution, innovation, availability of tools and information

Question 34

What are the challenges of Cybercrime?

Answer 34

1. Number of users and devices:
   Each user and devices connected are a vulnerability and opportunity to create a crime. This challenge is about creating targets.
2. International dimension:
   Crimes can be in different continents, in different countries. Delays of investigation of crimes creates situation where cybercriminals
   can do everything in speedy ways and laws do not catch up with that speed.
3. Attribution:
   Connected to anonymity of the internet. We have less anonymity of the internet than we used to have. However, the new
   technologies there are much more opportunities to identify the source of an attack. How do we attribute a particular act to
   someone that is behind a computer?
4. (Possible) Low impact on one victim:
5. Automation:
   One does not have to rely on the force of numbers. You can automate the infection of computers, then you have this pool of data.
   The border between stealing a huge amount of money or stealing small amounts of money a lot of times is blurring because of this
   automation. Without automation it wouldn’t be possible on the scale we see today.
6. Innovation:
   Think about drugs being delivered by drones.
7. Availability of tools and information
   Programs used to install spy-software.

Question 35

What is the Dark web?

Answer 35

1. Underground economy of cybercrime - Profit-driven and sophisticated - Commodities: data/information and resources - Services: “outsourcing” crime - Automation of attacks and operations
2. Mimicking successful legitimate businesses - Subscriptions, “customer” support, trials, money back guarantee - C2C “criminal to criminal” (like legitimate B2B!)

Question 36

What are darknet markets?

Answer 36

Darknet Markets
Items on digital shelves - Crime-ware (cyber) and services - Drugs - Stolen identities - Forged documents - Weapons and other illegal goods

Question 37

What are the legal challenges of cybercrime?

Answer 37

• Substantive law: what is cybercrime? What types of crimes? What is cyber? How to agree to disagree? Technology neutral laws? -

Procedural law: instruments for investigation? - Mutual legal assistance: how? - Jurisdiction: where? - New laws? Updating old laws?

Question 38

What is the ILOVEYOU case study?

Answer 38

is a computer worm that infected Windows personal computers on and after 5 May 2000 in the Philippines (Onel de
Guzman) when it started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR
YOU.txt.vbs”. It affected 45 million users over 20+ countries. The damage is estimated around 2-10 billion US dollars. Important issue:
the Philippines had no law of hacking or distribution of viruses.

Question 39

What is the Budapest Convention?

Answer 39

Council of Europe Convention on Cybercrime -> Global Reach

1. Substance criminal law
   (1) Offences against confidentiality, integrity, availability of computer data and systems: illegal access, illegal interception, data and
   system interference, misuse of devices
   (2) Computer-related offences: forgery and fraud
   (3) Content crimes: child pornography
   (4) Offences related to infringements of copyright and related rights
2. Procedural law
   Investigative instruments (preservation and partial disclosure of data, search and seizure, production order, interception of content data
   and real-time collection of traffic data)
3. • International cooperation & 4. Jurisdiction
     ITU vs. UNODC: it’s my mandate!
     ITU: attempts
     Cybercrime guide for developing countries 2009-2015
     UNDOC: attempts
     Open-ended intergovernmental expert group 2011
     Toolkit for cybercrime legislation 2010-2012
     Comprehensive study on cybercrime 2013
     —> ITU/UNDOC memorandum of understanding in 2011

Question 40

What are the challenges of Digital Investigations

Answer 40

• Vulnerability of digital evidence
• Sovereignty and jurisdiction: how to obtain data quickly?
• Formal cooperation vs. Informal information sharing: admissibility issues
• Harmonisation of substantive criminal law can not guarantee MLAT in criminal procedure: differences in safeguards

Question 41

What are the Human Rights issues with investigation of cybercrime

Answer 41

• Digital investigations: seamless and very intrusive
• Some countries: little or no judicial oversight for the most intrusive measures
• Protecting fundamental rights in a cross-border environment?

Question 42

Is harmonsation of law possible?

Answer 42

Procedural law: is harmonisation even possible? - Substantive lab (what crime is): certain degree of harmonisation - Procedural law: harmonisation starts later - Budapest Convention: a set of investigatory instruments. Implementation? - Procedural frameworks: national laws, variety of application, various thresholds - MLAT to ensure 1) protection of fundamental rights and 2) sovereignty

Question 43

What regulations do Traditional Communication Provider have to abide to

Answer 43

• (Tele)communications legislation
• Special obligations in the law of criminal procedure

Obligations:
- Make networks interceptable
- Comply with law enforcement orders
- Provide data in readable format

Even then:
- Mutual legal assistance is required if the provider is abroad
- Carrier-grade NATs

Question 44

What are unregulated intermediaries?

Answer 44

e.g. (digital platforms, portals, search engines, applications) - Only general duty to cooperate

But what if:
- The intermediary is in the foreign jurisdiction?
- The intermediary does not retain data?
- The intermediary itself does not have access to encrypted information?
- The intermediary is not even a “communication” provider in a strict sense?

Question 45

What is the US Cloud act and EU E-evidence proposal

Answer 45

Question 46

What is the Social Learning Theory of Crime?

Answer 46

. Social Learning Theory of Crime: argues that some people learn to commit crimes
through the same process through which others learn to conform. Social learning
theory is a theory of learning process and social behaviour which proposes that new
behaviours can be acquired by observing and imitating others. Four elements:
1.Differential association: if your friends smoke, you are also more likely to smoke
2.Differential reinforcement: a sort of reaction of a community towards your behaviour
3.Definitions: statements that are made within a community
4.Imitation

Question 47

How does the social learning theory of crime apply to cybercrime

Answer 47

• Differential association: law punishes behaviours that contribute to deviancy of others - Definitions: law represents a statement that certain behaviours are unethical, immoral, illegal - Differential reinforcement: punishment against the individuals who committed the crime.
  Form of education for deterring possible future criminals

Question 48

What are the Rational Choice and Routine Activity Theory

Answer 48

II. Rational Choice and Routine Activity Theory: both hold that crime rates are a product of
criminal opportunity. It is thus thought that by increasing the number of guardians, decreasing
the suitability of targets or reducing the offender population, the crime rate should decline.
Also vice versa: remove guardian in cybersecurity department —> criminals target you to
commit crime.

Question 49

Describe the Routine Activity and the Lifestyle exposure theory

Answer 49

Question 50

What are the motivations of Cybercrime Seebruck

Answer 50

A circular order circumplex of hacker types (Seebruck, 2015, p. 42)

1. Prestige
2. Ideology
3. Profit
4. Revenge
5. Recreation

Question 51

What are the actors of cybercrime?

Answer 51

1. Terrorists
2. Hacktivists
3. Corporations
4. Individual hackers
5. Organised cyber criminals
6. Cyber mercenaries
7. Online predators
8. Organised crime
9. Script kiddies
10. State actors

—> Most important category (to a certain extent) is hackers. This is because they are the backbone of cybersecurity.

Question 52

What are the CaaS services?

Answer 52

Question 53

Organised cybercrime or cybercrime that is organised?

Answer 53

Organised crime is a category of transnational, national, or local groupings
of highly centralised enterprises run by criminals to engage in illegal activity, most commonly for profit. Some criminal organisations,
such as terrorist groups, are politically motivated. — Right now, we cannot say that we see typical organised crime online. What we see
is criminal activities that are organised and structured (they have a plan); however, it does not share exactly the same characteristics of
organised crime. Following the money is the best way for catching the criminals

Question 54

What is the Difference between an Online and Hybrid criminal network?

Answer 54

Question 55

What is Smominru?

Answer 55

Smominru is a botnet that dates back to 2017 and its variants have also been known under other names, including Hexmen and
Mykings. It is known for the large number of payloads that it delivers, including credential theft scripts, backdoors, Trojans and a
cryptocurrency miner. — in short: a botnet that was created for crypto-mining.

Question 56

What are the products sold on dark markets.

Answer 56

• Drug market: shift off/ on? safer? Yes. Reliable? Depends. - Firearms: under investigated. Costs are higher than on normal market. Specialised websites. USA. - Identity document: forums, closed websites, prices vary - Cybercrime: 1) Data leaks, 1) Email lists, 2) Malware, 3) Cybercrime as a service

Question 57

What are the cybercrime prevention tools?

Answer 57

1. Responsibility ISPs
2. Criminalisation
3. Procedural Powers
4. Digital Evidence
5. Jurisdiction
6. International Cooperation

Question 58

How is Cybersecurity in the EU organised?

Answer 58

Question 59

What are the keypoints of the Budapest Cybercrime convention 2001

Answer 59

• International convention among States
• Open signature November 2001 - Into force 1st of July 2004
• Committee of Ministers of the Council of Europe
• Additional Protocol on the criminalisation of acts of a racist and
  xenophobic nature committed through computer systems (into force
  1st Mar 2006)
• Main model for other countries
• ONLY binding convention on cybercrime
• Main criticisms: “Western Convention” – art. 32b * no definition of
  cybercrime

Question 60

What is the Ethical hacking: Dutch legal framework

Answer 60

Three principles:
1. Motive: public interest to improve cyber security
2. Subsidiarity: access limited to what is necessary to confirm
vulnerability
3. Proportionality: vulnerability must be disclosed to the company
first

Question 61

What are the elements of the budapest convention on cybercrime

Answer 61

Crimes against confidentiality integrity availability of computer data & systems
Art. 2 Illegal Access
Art. 3. Illegal Interception
Art. 4. Data Interference
Art. 5. System Interference
Art 6. Misuse of device

Computer related offences
Art. 7 Computer related forgery
Art. 8 Computer Related fraud

Content-related offences
Art. 9 Offences related to child pornographt

Offences related to infringements of copyright and related rights
Art. 10 Offences related to infringements of copyright and related rights

Question 62

What are the two definitions of hacktivism

Answer 62

• Hacktivism is the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends (Samuel, 2004).
• Hacktivism is a politically motivated single incident online action, or a campaign thereof, taken by non-state actors in retaliation to
  express disapproval or to call attention to an issue advocated by the activists (Vegh, 2003).

Question 63

What is the Hacking historical view:

Answer 63

1. Original hackers (50s-60s): MIT in Boston
2. Hardware hackers (70s): PC’s
3. Software hackers (70s): playing with software and hacking to make a profit.
4. Hackers/crackers (80s): division between hackers and crackers (destroying a system). —> law enforcement and media
5. Microserf (90s): people that started to hack on their own, including their own tools.
6. Open source (2000s): exponentially increased the hacking.

Question 64

What are the questions to decide something is hacktivism?

Answer 64

Hacktivism
1.Traditional activism: physical space vs. cyberspace
2.Hacking: apolitical vs. political
3.Terrorism: disruption vs. fear & physical violence
4.Cybercrime: illegal but possibly justifiable vs. illegal

Question 65

What is the Taxonomy of Hacktivism

Answer 65

• Political cracking is the most disruptive form of activism. People that
  are doing this are crackers that are using all the typical techniques
  to prove their point. This is deemed as illegal (Samuel, 2004).
• Performative hacktivism has its roots in arts. The idea that you try to
  link or visit a website together in order to block and take down the
  website. Transgressive and not completely legal. Another example
  is the creation of a web-parody (Samuel, 2004).
• Mass action hacktivism (Jordan & Taylor, 2003).
• Political coding the least transgressive form of coding. e.g. creating
  software to avoid censorship (VPN). Form to advance politics in the
  social context (Samuel, 2004).
• Digitally correct hacktivism (Jordan & Taylor, 2003).

Question 66

What is the difference between Hacktivism vs. Cyber terrorism

Answer 66

Hacktivism.
1. Lack of physical violence
2. Lack of fear
3. Preset labels

Cyber terrorism
1. Use of physical violence
2. Creations
3. Preset Labels

Question 66

Is state sponsored hacktivism still hacktivism?

Answer 66

Question 67

What are the motivations for hacktivism

Answer 67

• Hacking ideologies
• Civil rights and political rights
• Patriotism
• Vigilantism

Question 68

What are the phases of hacktivism

Answer 68

Question 69

What is SIMCA?

Answer 69

Social Identity Model of Collective Action (SIMCA) - Grievances theories:

Deprivation, Anger & Frustration
* Relative deprivation theory
* Frustration-aggression theory - Expectancy value theory: Opportunity to change - Social identity theory: Identification with others (group)