1. Consider that an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker breaks into a network, copies a few files, defaces a Web page, and steals credit card numbers, how many different threat categories does the attack fall into?
This attack falls into four major threat categories: deliberate acts of trespass, compromises to intellectual property, technical failures, and managerial failure. This attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures.
2. Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught?
Michael Demon was a high school student from Quebec, who launched several DDos attacks in February 2000 against large commercial websites including Yahoo!, Fifa.com, Amazon, Dell, eBay, and CNN. He overloaded the servers with different types of communications until the server shut down. He was arrested by the Canadian law enforcements officials.
3. Search the Web for “The Official Phreaker’s Manual.” What information in this manual might help a security administrator to protect a communications system?
A security administrator could use this manual to gain knowledge about the in’s and outs of the process of communications. However, Chapter 10 includes the concepts related with tracing and security in which the security administrator should focus the most.
4. The chapter discussed many threats and vulnerabilities to information security. Using the Web, find at least two other sources of information about threats and vulnerabilities. Begin with www.securityfocus.com and use a keyword search on “threats.”
This site includes the breaking news and information on the latest potential threats and technical vulnerabilities that affect the IT environment. The site is written for security and IT professionals.
Our security research centers around the world provide unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam.
5. Using the categories of threats mentioned in this chapter and the various attacks described, review several current media sources and identify examples of each threat.
Acts of human error or failure
§ A minor slip-up in a new website design by Facebook back in 2008 led to the dates of birth of 80 million users being publicly accessible.
Compromises to intellectual property
§ According to US authorities Megaupload, one of the world’s largest websites at the time, cost rights holders $500m.
§ Swartz was indicted in 2011 after allegedly connecting to an MIT network and downloading 2.7 million academic papers that were freely available to any campus visitor through the JSTOR service. JSTOR didn’t pursue a complaint, but the Justice Department prosecuted anyway, saying Swartz violated the terms of service by downloading the documents with an intent to distribute them off-campus.
Deliberate acts of espionage or trespass
§ Chinese economic cyber-espionage plummets in U.S.: The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete
Deliberate acts of information extortion
§ The hacking group Rex Mundi went on a public blitz, claiming it had managed to steal customer records for 650,000 European Domino's Pizza customers. The group said it stole the records from the pizza chain's website, which had used only an MD5 hash to encrypt the data. Rex Mundi threatened to release those records if the company didn't pay it a ransom of €30,000 ($40,800) by Monday of last week.
Technical Hardware/Software failure or error
§ Equifax blames open-source software for its record-breaking security breach. The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records.