StudyGuide

Question 1

Name the three components to the collection of resources known as the World Wide Web distinguished by the way that the resources are accessed and indexed.

Answer 1

HTML, HTTP, URLs

Question 2

Define the visible web

Answer 2

Is a collection of resources accessible through HTTP and compatible protocols with index search engines.

Question 3

Define the deep web

Answer 3

Is a invisible result: its inaccessibility by search engines, and its a part internet that is not indexed by search engines. (Normally behind paywalls)

Question 4

Define the Dark Web

Answer 4

Designed to be conceal from search engines and casual web uses (only through anonymity) services such as Tor or I2P

Question 5

Name one dark web domain

Answer 5

.onion or .garlic

Question 6

Name 2 Dark Web services

Answer 6

TOR ( TORPROJECT.ORG)
I2P

Question 7

What was the motivation behind the dark web?

Answer 7

COMPLETE Anonymization of information exchange on internet (encryption: sender/servers)

Question 8

List two uses of the dark net that you find acceptable

Answer 8

Anonymity and untraceable location

Question 9

Name the two technologies were critical to the operation of Silk Road

Answer 9

Tor and bitcoin technology

Question 10

What is principle of dumb pipe?

Answer 10

Network providers provide equal access and pricing to all content providers and customers without regard to the nature of that content.

Question 11

What is “fait-based approach” to net neutraility”?

Answer 11

The ability of broadband providers to self-regulate and maintain an open and neutral internet without the need for extensive government regulations.
- No bandwidth throttling
- No preferential allocation of bandwidth
- No Traffic shaping

Question 12

What is evidence that there were cases of “broadband providers blocking customers from accessing the content, application or service of their choice?”

Answer 12

Many Cases:
T-Mobile Binge On (2015) - Throttling: reduce bandwidth resolution

Comcast and Bit Torrent (2007- US broadband p2p)

Verizon and Throttling fire Deportment (OIO)

AT&T and Facetime (unlimited data plans)

Question 13

What are the three prohibition listed in the 2010 FCC Open Internet Order

Answer 13

No blocking,
No unreasonable Discrimination,
Transparency

Question 14

What is the real reason behind broadband providers opposition to Net Neutrality as the FCC defines it.

Answer 14

Interferes with the ability of broadband providers to maximize corporate profits and for this reason faces strong opposition

Question 15

How did the FCC change the regulations of broadband providers in 2015?

Answer 15

Reclassification as Title II Service Providers:

Net Neutrality Rules: No blocking, no paid prioritization, Transparency

Question 16

What is regulatory capture?

Answer 16

Government regulatory agency, originally established to act in the public interest and regulate industries, ends up being heavily influenced or controlled by the industries or companies it is supposed to oversee.

Question 17

List 1 research focus that seem reasonable to you?

Answer 17

• Impact of Neoliberalism on Internet Policies
• Media and Public Perception of Net Neutrality
• Historical Analysis of Internet Regulation

Question 18

What was the government position on the merit of Project Truthy?

Answer 18

The NSF and government support weren’t in a position to detriment the “truth” of Project Truthy, though FCC chairman Ajit Pai and Fox News used deception and misinformation to fuel tribalism. (CHECK IT)

Question 19

____ target of the alleged recent Russian hack on our election infrastructure?

Answer 19

A developer - who was selling software about voting machine hardware

Question 20

Is the greater threat to the integrity of the US electron system foreign or domestic?

Answer 20

domestically is more potential as threat of election interference than foreign entities.

Question 21

According to political scientist Dov Levin which country has interfered with the most national elections over the past 50 years.

Answer 21

USA

Question 22

According to political scientist Dov Levin, the US and USSR/Russia interfered with what percentage of the 937 competitive national elections between 1946 and 2000?

Answer 22

117

Question 23

Where did the Russians find the greatest impact in the 2016 election?

Answer 23

Trolling, Fake news/(misinformation campaigns)

Question 24

What is the “Fake News phenomenon?

Answer 24

The widespread dissemination of false or misleading information presented as legitimate news

Question 25

Provide 2 of the 3 examples of governmental use of propaganda to control global and domestic public over the past century given in the articles

Answer 25

Radio Free Europe (RFE)
Radio Library (RL)
China 50 cent party

Question 26

According to the author, which country perfected the art of “misinformation campaigns.

Answer 26

USA

Question 27

How many ports are potentially accessible on a modern computer?

Answer 27

131,072

Question 28

What ports are associated with legacy NetBios API?

Answer 28

135, 137-139

Question 29

What are the terms that IANA uses to refer to the following port ranges? 1)_________________
0-1023

Answer 29

Well Known

Question 30

_________________1024-49151

Answer 30

Registered

Question 31

_________________49152-65535

Answer 31

Dynamic/ or Private

Question 32

(T / F) IANA approves ports based on the application and intended use

Answer 32

True

Question 33

(T / F) IANA does not endorse the use of a port or service even if the application is approved.

Answer 33

True

Question 34

(T / F) There is little or no control over the use of a registered port

Answer 34

True

Question 35

(T / F) Registered ports are controlled by IANA whereas unregistered ports aren’t

Answer 35

False

Question 36

(T / F) Port 445 is associated with Windows NetBios API

Answer 36

False

Question 37

(T / F) NetBios and SMB can be disabled in the Windows Registry

Answer 37

True

Question 38

(T / F) NetBios and SMB can be unbound from the network interface

Answer 38

True

Question 39

(T / F) NetBios and SMB can be blocked at a network firewall.

Answer 39

True

Question 40

(T / F) ports 135-139 are never used on Unix computers.

Answer 40

False

Question 41

(T/F) Telnet and FTP services are relatively harmless so their ports should be left open.

Answer 41

False

Question 42

What is the popular netizen refrain regarding trolling?

Answer 42

“Don’t feed the trolls”

Question 43

How does the article define “online trolling”?

Answer 43

Practice of anonymously interrupting normal and customary information exchange in order to lure the recipient not reacting to the message

Question 44

How is online trolling different from other interference technologies like signal jamming, network blocking, network filtering, etc.?

Answer 44

Attempts to either engage or inflame the receiver, usually through misinformation, lies, distortions, and so on

Question 45

What is one of the main goals of trolling?

Answer 45

provoke a reaction and manipulate opinions

Question 46

Trolling is a part of the Internet’s ________________ space.

Answer 46

negative

Question 47

List two examples of pedestrian online trolling

Answer 47

• Shit posting
• hit and run posting

Question 48

Define kakistocracy

Answer 48

Rules by the least competent, corrupt and mortally unfit individuals (worst or least qualified to govern)

Question 49

Define pathocracy

Answer 49

Rule of individuals with personality disorder, psychopaths’ and narcissists: (leading authoritarian or destructive governance.

Question 50

List five different types of trolling defined in the article:

Answer 50

1) Ad hominem Trolling:

2) Nuisance Trolling:

3) Provocation trolling

4) Snag trolling

5) Proxy Trolling:

Question 51

Why is online trolling so effective at manipulating public opinion?

Answer 51

Very Easy to escape undetected and can cause emotional manipulation.

Question 52

List and explain the 4 categories of trolling stimulus & response.

Answer 52

1) ~TROLL/~TROLL (ordinary exchange):

2) ~TROLL/TROLL (troll/trollop insertion):

3) TROLL/~TROLL (sucker/victim):

4) ROLL/TROLL (troll warfare):

Question 53

What is the definition of a phishing attack used in the article?

Answer 53

Attempt to get people to click on information/website by acting as a trust-worth agent

Question 54

What is the most common tactic used in phishing?

Answer 54

unauthorized (victim) bank, Emails- reveal won a prize

Question 55

According to the article, phishing is a subset of two larger problems. What are they?

Answer 55

Social engineering
Identify theft

Question 56

According to the article, phishing shares many characteristics with two similar techniques. Describe them?

Answer 56

• Pharming
• Abuse of alternate data streams.

Question 57

In what year did the first phishing attack take place?

Answer 57

January 1996

Question 58

What are the basic strategies (minimum requirements) of effective phishing according to the article?

Answer 58

bulk mailing tool,

standard email,

ghost (fake) website

database of email addresses

Question 59

Here are five telltale signs of a phishing attack in the HTML fragment below that were discussed in class. List and briefly explain three of them.

“<x-html></x-html>

<html><p><font><a><map><area></area></map><img></img></a></a></font></p>
<p><font>Barbie Harley Davidson in 1803 in 1951
AVI </x-html>”
</font></p></html>

Answer 59

1) “href=http://218.1.73.124/…/e3b/></map><img” implies and insecure connection theres also “dots of laziness.”

2) SRC=cid:part1.04050500.04030901@support_id_314202457@ebay.com email is part of a html code rather than being separate

3) “color = “#FFFFF3”” font is completely white to blend with the background

Question 60

The article discussed several URL obfuscation techniques. List 3.

Answer 60

• URL Shortening Service: bitly or TnyUrl
• Subdomain Spoofing: mimic legit domains
  Unicode/
• homograph attack: Change letter to different ex) “bаnk.com” with a Cyrillic “а” instead latin.

Question 61

List three examples of non-standard URL representations

Answer 61

(domain name)

(ip address)

(dotted octal)

Question 62

Give an example of a Unicode URL exploit

Answer 62

get a real url → changes what the pc sees → goes to the fake website

Enter url: www.trustsite.com
pc goes: fakesite.com/fakepage.html

Question 63

Give an example of how HTML can be used to conceal a URL:

Answer 63

Utilizing the anchor <a> tag’s attributes, specifically the “href” attribute:</a>

<a>Click here to claim your prize!</a>

Question 64

Give an example of how a numeric domain tail may be used to give the appearance of a legitimate URL or an actual IP address:

Answer 64

• name spoofing with unicode

A: https://www.paypal-192.168.1.1.com

Question 65

Give an example how bogus authentication may be used to obscure an actual URL

Answer 65

Bogus authentication is a technique used by malicious actors to trick users into revealing their credentials or personal information by creating fake login screens that appear legitimate.
*********
Subject: Urgent: Action Required - Account Verification

Dear [User],
We have noticed suspicious activity on your account. To secure your account, please click the following link and verify your identity.
[Verify Your Account]

https://www.bankingservices-secure.com/login
Thank you for choosing [Bank Name].

Sincerely,
[Bank Name] Support
———————————————————————-
When you hover your mouse over the link, you see that the URL displayed in the status bar is indeed www.yourbank.com/verify, reinforcing the appearance of authenticity.
However, in reality, the link doesn’t lead to your bank’s website. Instead, it directs you to a malicious website controlled by the attacker

Question 66

What data was leaked in the Equifax breach?

Answer 66

personal data

Question 67

What was the nature of the vulnerability in the Equifax hack?

Answer 67

vulnerability in the Apache Struts Server software

Question 68

What was the specific attack vector?

Answer 68

The parser had incorrect exception handling during file uploads

Question 69

According to Forbes Magazine, what penalties did the CEO of Equifax receive from the Board of Directors?

Answer 69

A “forced” retirement with a $90 million dollar payout

Question 70

To what extent was information about the Struts vulnerability known before the attack?

Answer 70

very well known, was announced earlier in March: By many major security-breach reporting sites.

Question 71

Was Equifax aware that a patch was available for the Struts vulnerability? If so how much time did they delay in applying the patch?

Answer 71

They were aware since March 8 2017, but didn’t apply it for THREE months

Question 72

What was the educational and training background of the Equifax CIO?

Answer 72

Degree in Russian History

Question 73

viii. What was the education and training background of the Equifax CISO?

Answer 73

Degree in Music Composition

Question 74

Describe the “too big to fail era”?

Answer 74

when a company is so large their failure would hurt the economy: So, they must be supported by the government when facing failure

Question 75

Are credit reporting companies held liable for data loss?

Answer 75

No

Question 76

What was the “payload” of the SCDOR hack?

Answer 76

Email phish bait containing a link to online malware

Question 77

Why was there no Computer Information Security Officer overlooking the Department of Revenue’s security practices.

Answer 77

They felt that the $100,000 salary was too expensive

Question 78

(T / F) The SCDOR hack used 33 unique pieces of malware and data management utilities

Answer 78

T

Question 79

(T / F) According to the FBI, the perpetrators of the SCDOR hack were the Chinese

Answer 79

F

Question 80

Was the Sony hack “one of the most vicious and malicious cyberattacks that we’ve known certainly in recent history”

Answer 80

no,
It doesn’t even qualify for second or third tiered echelons of cyber attacks.

Question 81

What did FBI Director James Comey offer in terms of justification of his accusation?

Answer 81

Regarding how he knew it was North Korea, he said “Trust me.”

Question 82

Has there been any confirmable evidence offered by the government that identifies the source of the hack?

Answer 82

No

Question 83

(Fill in the blank) “humans tend to be _________________________ in that they search for the simplest explanation of events consistent with their disposition, biases, and world view.”

Answer 83

Cognitive misers

Question 84

Name three sources that state sponsors may use to obtain cyber weaponry

Answer 84

State sponsored agencies,

Multimillion dollar greyware market

individual hackers

Question 85

When people try to attribute some crime/hack/attack/etc. to someone else, the first principle should be what?

Answer 85

Cui bono - (“what agendas are hidden?”)

Question 86

(T / F) In general claims of cyber attribution are testable and repeatable?

Answer 86

F

Question 87

(T / F) Evidence used for cyber attribution have to abide by the rules of evidence

Answer 87

F

Question 88

Which of the following would be considered totally reliable network forensic data:
{IP address, MAC address}

Answer 88

None , both can be spoofed

Question 89

Is it possible that a forensic investigator might have biometric evidence of a cybercrime
conducted by a skilled cyberwarrior? Is it likely?

Answer 89

It is possible, but not likely

Question 90

The Payeck GPS starter interrupt system is used for what purpose?

Answer 90

Financing and used car dealerships can immobilize the car if payments become delinquent

Question 91

The label that the author uses to describe the irrational belief in the security of a computing/network system that was not build around a robust security model.

Answer 91

Faith-based security

Question 92

What vehicle telematics component was exploited by the FBI in operation G-Sting?

Answer 92

OnStar

Question 93

Why did the Ninth Circuit Court rule that the Operation G-Sting convictions were illegal?

Answer 93

Tampering with OnStar violated the OnStar terms of service

Question 94

What type of computer appliances are “never optimal for security-sensitive applications?”

Answer 94

RF (Radio Frequency)

Question 95

What is the name of the tool developed by Samy Kamkar to run replay attacks against keyless entry systems?

Answer 95

OwnStar

Question 96

(T / F) The use of rolling code algorithms defeat replay attacks against keyless entry systems.

Answer 96

T

Question 97

What is Samy Kamkar’s program that offers replay attacks for RF based keyless entry systems
that use rolling codes?

Answer 97

RollJam

Question 98

What information is in principle accessible to Black Box OBD devices?

Answer 98

Accelerometer, Speed, GPS

Question 99

Which is more vulnerable to hacking, a modern mobile phone or an modern automobile’s computer system?

Answer 99

Automobile’s computer system

Question 100

What is the definition of 911 swatting given in the article?

Answer 100

“911 swatting,” is a malicious act that involves making fraudulent 911 calls to cause emergency response teams,

Question 101

The article gives 7 examples of 911 swatting. List 3 of them:

Answer 101

Celebrity’s swatting

Gamer swatting(targeting)

Hate swatting/ mean-spirted attacks

Question 102

What is the definition of “criminal doxing” given in the article?

Answer 102

the act of maliciously revealing or publishing private and sensitive information about individuals (doxing) with harmful intent, potentially leading to criminal charges.

Question 103

At the time of writing, how was 911 swatting typically prosecuted?

Answer 103

No federal statue, but state can range from misdemeanors to felonies based on incident.

Question 104

In terms of ambiguous federal statutes, 911 swatting is similar to what other crime?

Answer 104

Domestic terrorism: “Hoax bomb threats whether true or false”

Question 105

At what layer of the TCP/IP protocol does the “magic” of VoIP take place according to the article?

Answer 105

application layer of the TCP/IP protocol stack.

Question 106

The article discusses 3 differences between VoIP and most other packet-based applications within the TCP/IP protocol suite. List 2 of them.

Answer 106

1) VoIP is vulnerable to spoofing, involving the manipulation of inauthentic caller IDs.

2) VoIP can be used for toll fraud because it’s a revenue-based service.

Question 107

The author mentions some major deficiencies in the Truth in Caller ID Act of 2009. Name one.

Answer 107

it focuses on the intent of the source rather than the activity.

Question 108

What were the two rules introduced by the FCC to enable law enforcement agencies to identify the source of 911 calls that took effect in 2020?

Answer 108

Kari’s Law and RAY BAUM’S Act (CHECK- LOOKUP)

Question 109

What federal statutes relate to 911 swatting and doxing?

Answer 109

Kari’s Law and the Repack Airwaves Yielding Better Access (RAY BAUM’S)

Question 110

What is an air gap?

Answer 110

A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecure networks, such as the internet or an unsecured LAN.

Question 111

What was Operation Olympic Games/Stuxnet?

Answer 111

Cyberattack against Iranian uranium enrichment facility at Natanz

Question 112

What exactly did OOG/Stuxnet do?

Answer 112

Stuxnet caused damage to Iran’s nuclear program.

Question 113

How did the OOG/Stuxnet attackers cross the air gap?

Answer 113

By using a Flame platform Autorun exploit through infected USB drives, which were carried to the Natanz facility and inserted into network computers.

Question 114

Topic: Farewell to Air Gaps
What injection strategies were used?

Answer 114

The initial v0.5 injection was accomplished using a Flame platform Autorun exploit through infected USB drives

Question 115

What was the flaw in the Windows Icon Handler within the Windows shell?

Answer 115

Windows shell incorrectly parses of .LNK files.

Question 116

Have air gaps ever been an effective deterrent to protecting LAN-based computers?

Answer 116

No

Question 117

What implications does OOG/Stuxnet have for IoT? For critical infrastructures?

Answer 117

The exploit potential of the Stuxnet family of malware extends to virtually the entire global infrastructure.

Also, critical infrastructures were built around a weak security model; they were built around no security model.

Question 118

What is a zero-day exploit?

Answer 118

An exploitation of a software or hardware vulnerability before a developer has the opportunity to patch the vulnerability.

Question 119

Who is the big player in the gray market in cyber-weapons?

Answer 119

The NSA

Question 120

What is the US Government’s System Vulnerabilities Equities Policy and Process document?

Answer 120

It outlines what the government does when it discovers or purchases malware that could affect the privacy and security of its citizens.

Question 121

What is the approximate going rate for a zero-day exploit?

Answer 121

$50,000 to $100,000

Question 122

What is representative money?

Answer 122

A guarantee by the issuer that the money may be used as legal tender in its jurisdiction.

Question 123

What is fractional-reserve banking?

Answer 123

System in which only a fraction of the deposits in a bank is kept on hand, or in reserve; the remainder is lend.

Question 124

What is money laundering?

Answer 124

illegally obtained money, making it appear as if it comes from legitimate sources.

Question 125

Give two examples of a money service business

Answer 125

1. Western Union
2. Check Cashing Services

Question 126

List two types of traditional money exchange

Answer 126

1. Bank Account
2. Money Service Business

Question 127

List two types of non-traditional money exchange systems used in money laundering

Answer 127

1. Charities
2. Hawala Networks

Question 128

What did the so-called Holder Memorandum outline?

Answer 128

Collateral Consequences Doctrine; noncriminal settlements like deferred prosecution have become the default for banks that are “too big to jail”

Question 129

The article claims that correspondent accounts, bearer shares, tax havens are inherently criminogenic. What does this mean?

Answer 129

It means that these things can lead to crime; they are golden opportunities for future money launderers.

Question 130

Bitcoin, Litecoin, and Peercoin are examples of ____________________________

Answer 130

Cryptocurrencies

Question 131

__________ According to the IRS, the domestic US “tax gap” in 2013? Was:

(a) $100million, (b) $1 billion, (c) $450 billion, (d) $1 trillion ??

Answer 131

$450 Billion

Question 132

IP/TCP EXAMPLE

4500 0030 df3c 4005 8006 633f d544 d587
e4dd 47a4 0b64 0015 48f3 05b1 0000 0000
7002 2000 50b6 0000 0204 05b4 0101 0402

Answer 132

Fill out the following information:
What is the IP version number?

What is the IP packet header length?

What type-of-service flags are set?

What is the total length of the packet?

What is the ID number?

What IP flags are set?

What is the offset of this fragment?

What is the TTL value?

What is the embedded protocol?

What is the header checksum?

What is the SRC IPaddress?

What is the DST IP address?

What is the SRC port of the embedded header?

What is the DST port of the embedded header?

What is the sequence number?

What is the acknowledgement number?

What is the header length (offset)?

What flags are set?

What is the window size?

What is the checksum?

Is there a value for the urgent pointer?