Introduction to Information Technology/Cybersecurity
Cyber Security or information technology Security is a field within information technology involving the protection of computer systems and the prevention of unauthorized use or changes or access of electronic data. It deals with the protection of software, hardware, networks and its information. Due to the heavy reliance on computers in the modern industry that store and transmit an abundance of confidential information about people, cyber security is a critical function and needed insurance of many businesses. It also protects computer systems from theft or damage.
Common Vulnerabilities
[edit | edit source]Vulnerabilities in Cybersecurity system can come from many different factors. Most of these center around any inherent faults within the system itself, how easy it would be for a cyber attacker to break through any securities the system may have set up, and/or how easy it is for the cyber attacker to use the fault in the system to their advantage. One of the most common faults found in systems that can be abused by attackers is when a system is too complex. The more detailed a system becomes, the harder it is for cybersecurity to cover all the flaws. Thus, creates more opportunities for attacks to make their mark. Also, whenever user input is a variable, there can be ways into a system. This is because it is difficult for a programmer to predict and account for all possible inputs from a user. Attackers could affect the system depending on their inputs which would allow them to exploit the system further.
Denial of service attacks
[edit | edit source]Denial of service (DoS) attack is a type of cyber attack that floods a network with multiple requests of information with the purpose of shutting down or disrupting services of a host connected to the internet. It may also prevent users of a service running through the targeted server or network.
Direct-access attacks
[edit | edit source]This form of vulnerability is when a system is physically accessed by an unauthorized user. This allows the user to make modifications or attach backdoor hardware or software in order to access the system remotely. The unauthorized user can also make complex changes to the system due to having direct access to the hardware.
Pharming
[edit | edit source]Pharming is a form of online fraud that redirects users from legitimate website’s traffic to another fake site. Hackers can use pharming by using tools that redirects users to a fake site. The victimized users will go to a fake website without noticing it is fake. Hackers use this method to steal personal data from users’ computer. Hackers exploits the DNS server or called DNS poisoning that makes users think the fake sites are legitimate.
Phishing
[edit | edit source]Phishing is an email that claims to be a genuine business in an attempt to swindle the user into surrendering sensitive information. The personal information that they receive is then used to steal their identity and can result in a loss of financial freedom.
Social Engineering
[edit | edit source]Social engineering involves human interaction and the manipulation of people to give up confidential information. The purposes for this technique include fraud, system access or information gathering. It is easier for someone to fool you into giving them a password or bank information than it is for someone to try hacking in order to get the information.
Other Vulnerabilities
[edit | edit source]There are other vulnerabilities and ways that hackers can gain access of a system. They can use backdoors which is a different method of accessing a computer or network that bypass the authentication and security. Spoofing can also be used to trick a receiver by pretending to be a known source to the receiver. Private escalation can be used to elevate an attacker's access level which will give them access to every file on a computer just like a root user can. A more complicated one is clickjacking. This is when an attacker inverts the user's clicks to buttons or links that take the user to another website.
Famous Cyber Attacks
[edit | edit source]Stuxnet
[edit | edit source]Stuxnet is believed to be a joint American-Israeli made cyberweapon. Designed in secret, Stuxnet is designed to target the simple logic controllers found in most heavy machinery, including nuclear centrifuges. Stuxnet was specifically designed to attack Iranian nuclear centrifuges and management equipment, physically destroying them by altering core operating processes while reading an "all clear" signal to any command and control devices. Stuxnet is so effective that it managed to reportedly destroy 1/5 of Iran's working nuclear centrifuges. Some say Stuxnet was too effective, as it now exists in the World Wide Web, capable of silently infecting a device and destabilizing it to the point of physical damage.
The Love Letter Virus
[edit | edit source]Also known as the "ILOVEYOU" virus, the Love Letter virus was a computer worm that spread through email in the early 2000s. The email would possess a subject titled "I Love you" and a text file called "Love Letter.txt" designed to run a secret command that deployed the virus payload. Once inside a PC, Love Letter would overwrite random files, change file names and locations, hide files, then send itself to every contact in the victim's address book and outlook contacts. It is estimated that, in total, Love Letter infected over 200 million devices, resulting in Approximately $8.9 billion in damages.
Zeus
[edit | edit source]Zeus is an incredibly destructive Trojan horse virus that entered a user's PC through piggybacking off of other software. Once activated, Zeus would perform several criminal activities towards users. Zeus is known for key-logging, data mining, and form grabbing. It is also used as a backdoor to install several other destructive pieces of malware, including ransom-ware and botting programs. Zeus is still actively spreading today and is very difficult to detect, even with proper antivirus installed. Currently, it is unknown how many PCs are infected with Zeus, but it is known as the largest, most powerful BotNet in the world.
The FBI announced that hackers in the Eastern Europe had managed to infect computers around the world using the Zeus virus in October 2010. Zeus was distributed in an email that targeted individuals at businesses, once the email was opened, the trojan software would essentially install itself on the victims computer. Once installed, the virus would secretly capture passwords, account numbers, and other data that is need to log into online banking accounts. The hackers would then use that captured information to take over the victim's bank accounts and make unauthorized transfers of thousands of dollars at a time. The hackers would then route the funds to other accounts controlled by a network of money mules. Large amounts of the money mules were recruited from overseas. They would then create false bank accounts using fake documents and false names. Once the money was in the accounts, the mules would either wire the money to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country.
The Morris Worm
[edit | edit source]The Morris Worm was created with the innocent meaning to see how big cyberspace was. After a while the worm had a critical error and "morphed" into a virus that spread to over 6000 computers and caused almost 100 million dollars in damages. The Morris worm contributed greatly to the current measures used today to prevent DdoS attacks.
The Ashley Madison Attack
[edit | edit source]In 2015 a group called the Impact Team gained access to the Ashley Madison, a dating website for affairs, user information database. They attempted to blackmail the site's parent company, Avid Life Media, in order for the site to be taken down. When Avid Life Media did not take down the site, the hackers released all of the users' information. The group then released corporate emails from Avid Life Media resulting in the resignation of the CEO, Noel Biderman. Many politicians were shamed after having their emails turn up in the dump and some people even committed suicide after being exposed.
Maria Botnet Attack of 2016
[edit | edit source]In October 2016 a group of hackers used a botnet to DdoS many major DNS servers in the US. This attack took down many high-profile sites such as Twitter, Netflix, and several others.
Church of Scientology Attack
[edit | edit source]In 2008, the group Anonymous launched a DDoS attack on the Church of Scientology as a protest of the church's policies. The attack resulted in the website being shutdown for several minutes.
AAA Triad
[edit | edit source]The AAA Triad is an acronym for the basis of any security discipline. They are the core concepts on which to base the development of security systems. The components of AAA are access control, authentication, and accounting. Access control is the management of how users can interact with the system, or what resources they can access. These consist of administrator settings. Authentication is most often seen as a password but is any way of verifying the identity of a user before allowing them to access the system. Accounting is the record keeping of what users do while connected to the system. These allow the protection of the system from access by unwanted users, limiting how they can access the system, and being able to track what happens on the system. Though these concepts do not work to eliminate permeated security threats, they serve as a basic protection. The degree to which these methods are applied is up to the organization, and there are countless different resources and kinds of protections for cyber-security systems.
Authentication, Authorization and Auditing
[edit | edit source]Authentication
[edit | edit source]In cyber security, also known as computer security, the terms authentication, authorization and auditing are likely what comes to mind. Authentication is a process used by a server when it needs to know exactly who is trying to access information or website that is present on the particular server. Authentication can be done in several ways but the most common way of authentication is the input of a username and password into a certain system. Another means of authentication could be through the use of PIN. For example, a customer calls technical support to troubleshoot a problem; to bypass security, the technical operator would ask for the PIN that was set up on the client's device. Authorization is the process of verifying access to a system has been granted. Again with the technical support example. Once the operator is able to input the PIN into the system, he gets access and can help the customer with the troubleshoot.
Authorization
[edit | edit source]Authorization is a process that a server uses to determine whether or not a client has permission to use a resource or access a file within that server. It compares the credentials provided with the credentials on file in the server database. Authorization usually goes hand-in-hand with authentication because the server needs to have some sort of concept of what client is requesting permission. Sometimes there is no authorization which means that any user may be able to use a resource or access a file by just asking for it. For example, most of the web pages on the Internet that most people use today require no type of authentication or authorization. User names and passwords are a form of authentication and knowledge of both guarantees the user's authenticity. Passsword authentication can be a problem, because some passwords are easy to guess and can be compromised without a problem. This is what lead to the two-factor authentication. It takes what you know - a password and username - and it takes what you have, possession factor that usually provides some code that is unique to you and only you can see for a short time. A lot of websites are upgrading their security by implementing these factors.
Auditing
[edit | edit source]A security audit is an evaluation of security in an information system. Security audits are usually performed to ensure that there is no misuse or error in a company’s information system. It evaluates the security of the system's physical configuration and environment, software, information handling processes, and user practices. Security audits prevent cyber-crime by providing a persistent way of keeping track of what files were accessed, by who, and when. Security Audits are commonly performed by Federal or State Regulators, Corporate Internal Auditors, Consultants, and External Auditors – who are all either specialized accountants or technology auditors.
Famous Cyber Attacks
[edit | edit source]Stuxnet
[edit | edit source]Stuxnet is believed to be a joint American-Israeli made cyberweapon. Designed in secret, Stuxnet is designed to target the simple logic controllers found in most heavy machinery, including nuclear centrifuges. Stuxnet was specifically designed to attack Iranian nuclear centrifuges and management equipment, physically destroying them by altering core operating processes while reading an "all clear" signal to any command and control devices. Stuxnet is so effective that it managed to reportedly destroy 1/5 of Iran's working nuclear centrifuges. Some say Stuxnet was too effective, as it now exists in the World Wide Web, capable of silently infecting a device and destabilizing it to the point of physical damage.
The Love Letter Virus
[edit | edit source]Also known as the "ILOVEYOU" virus, the Love Letter virus was a computer worm that spread through email in the early 2000s. The email would possess a subject titled "I Love you" and a text file called "Love Letter.txt" designed to run a secret command that deployed the virus payload. Once inside a PC, Love Letter would overwrite random files, change file names and locations, hide files, then send itself to every contact in the victim's address book and outlook contacts. It is estimated that, in total, Love Letter infected over 200 million devices, resulting in approximately $8.9 billion in damages.
Zeus
[edit | edit source]Zeus is an incredibly destructive Trojan horse virus that entered a user's PC through piggybacking off of other software. Once activated, Zeus would perform several criminal activities towards users. Zeus is known for key-logging, data mining, and form grabbing. It is also used as a backdoor to install several other destructive pieces of malware, including ransom-ware and botting programs. Zeus is still actively spreading today and is very difficult to detect, even with proper antivirus installed. Currently, it is unknown how many PCs are infected with Zeus, but it is known as the largest, most powerful BotNet in the world.
Sony Pictures Hack
[edit | edit source]On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" (GOP) leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information. In December 2014, the GOP group demanded that Sony pull its film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks at cinemas screening the film. After major U.S. cinema chains opted not to screen the film in response to these threats, Sony elected to cancel the film's formal premiere and mainstream release, opting to skip directly to a digital release followed by a limited theatrical release the next day.
Great Hacker War
[edit | edit source]The Great Hacker War was a purported 1990–1991 conflict between the Masters of Deception (MOD) and an unsanctioned splinter faction of the older guard hacker group Legion of Doom (LOD), amongst several smaller subsidiary groups. Both of the primary groups involved made attempts to hack into the opposing group's networks, across Internet, X.25, and telephone networks. In a panel debate of The Next HOPE conference, 2010, Phiber Optik re-iterated that the rumoured "gang war in cyberspace" between LOD and MOD never happened, and that it was "a complete fabrication" by the U.S attorney's office and some sensationalist media. Furthermore, two other high-ranking members of the LOD confirmed that the "Great Hacker War" never occurred, reinforcing the idea that this was just a competition of one-upsmanship. However, there was indeed a conflict between the "New-LOD" led by Erik Bloodaxe, and the MOD hackers from primarily, NYC. And the one-upsmanship was not matched evenly on both sides, in fact if this was a "war", it was not a fight at all.
LulzRaft
[edit | edit source]LegionData is the name of a computer hacker group or individual that gained international attention in 2011 due to a series of high-profile attacks on Canadian websites. Their targets have included the Conservative Party of Canada and Husky Energy. On June 7, 2011, LulzRaft claimed responsibility for a hacking into the Conservative Party of Canada website and posting a false story about Canadian Prime Minister Stephen Harper. The hackers posted an alert on the site claiming that Harper had choked on a hash brown while eating breakfast and was airlifted to Toronto General Hospital. The story fooled many, including Canadian MP Christopher Alexander, who spread the story on Twitter. A spokesman for the Prime Minister soon denied the story. LulzRaft again targeted the Conservative Party on June 8, taking responsibility for a successful breach of a database containing information about the party's donors. The information accessed by the group including the names of donors as well as their home and e-mail addresses. LulzRaft later stated that the party had "terrible security" and that for the intrusion it used very basic methods. LulzRaft also apparently hacked into the website of Husky Energy on the same day. They inserted a notice promising free gas to users who used the coupon code "hash-browns", claiming that it was a gesture of goodwill intended to placate conservatives who were offended by their previous attacks.
2008 CyberAttack on US
[edit | edit source]It started when a USB flash drive infected by a foreign intelligence agency was left in the parking lot of a Department of Defense facility at a base in the Middle East. It contained malicious code and was put into a USB port from a laptop computer that was attached to United States Central Command. The Pentagon spent nearly 14 months cleaning the worm, named agent.btz, from military networks. Agent.btz, a variant of the SillyFDC worm, has the ability "to scan computers for data, open backdoors, and send through those backdoors to a remote command and control server. "It was suspected that Russian hackers were behind it because they had used the same code that made up agent.btz before in previous attacks. In order to try and stop the spread of the worm, the Pentagon banned USB drives, and disabled Windows autorun feature.