ITS 370

                              Nan Hu



Chapter 2

1.     Consider the statement: an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack fall into? 

1.      Stealing credit card numbers

2.      Hacking the network

3.      Defacing the webpage

4.     Theft of credit card information and copies of files


2.     Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught?

       Michael Calce (born 1986, also known as MafiaBoy) was a high school student from West IslandQuebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!Fifa.comAmazon.comDell, Inc.E*TRADEeBay, and CNN. He also launched a series of failed simultaneous attacks against nine of the thirteen root name servers.

      When he was arrested at his home on Saturday, officers of the Royal Canadian Mounted Police seized his computers and computer-related material, which they are subjecting to analysis, Inspector Roussel said. He said Mafiaboy was caughtbecause he was unsophisticated and left traces of evidence.Apr 20, 2000


3.     Search the Web for “The Official Phreakers Manual”. What information in this manual help a security administrator to protect a communications system?

Phone phreaking is the act of using strange and illegal methods so that you don’t have to pay for any kind of communication service.

The manual provides many ways to find loop-holes and alternate ways around different communication system security.


4.     The chapter discussed many threats and vulnerabilities to information security. Using the Web, find at least 2 other sources of information about threats and vulnerabilities. Begin with and using a keyword search on “threats”.


5.     Using the categories of threats mentioned in this chapter and various attacks described, review several current media sources, and identify examples of each threat.


1.      Technical software failure or errors – bugs, code problems, unknown loopholes

2.     Espionage or trespass – Unauthorized access and/or data collection

3.     Forces of nature – fire, floods, earthquakes, lightning, tornadoes, hurricanes

4.     Software attacks – viruses, worms, macros, denial of service (Mafiaboy’s attacks)

5.     Human error – accidents

6.     Software attacks – viruses, worms, macros, denial of service (Mafiaboy’s attacks)

7.     Technical hardware failure or errors – equipment failure

8.  Compromise to intellectual property – Stealing credit card information

9.  Theft – illegal confiscation of equipment or information