DOCSLIB.ORG

Cyber Weapons Are Not Created Equal

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Weapons Are Not Created Equal Calhoun: The NPS Institutional Archive Faculty and Researcher Publications Selected Student Papers and Publications, not including Theses and Dissertations 2016-06 Cyber Weapons are not Created Equal Bartos, Christopher A. Bartos, Christopher A.. "Cyber Weapons are not Created Equal". U.S. Naval Institue Proceedings 142/6/1 (2016): 30-33. http://hdl.handle.net/10945/49618 U.S. NAVAL INSTITUTE Since 1873 WWW.USNI.ORG /' PROCEEDINGS The Independent Forum of the Se. Servk:e. June 2016 Vol. 1421611 ,360 The U. S. Naval Institute is a private, self-supporting, not-for-profit professional society that publishes Proceedings as part of the open forum it maintains for the Sea Services. The Naval Institute is not an agency of the U.S. government; the opinions expressed In these pages are the personal views of the authors. FEATURES 18 The Fourth Battle of the Atlantic By Vice Admiral James Foggo. USN. and Alarik Fritz The Russian bear is stirring anew, and NavylNATO vigilance is all the more crucial in European waters. 24 'launch the Flyswatter!' By Lieutenant Jeff Vandenengel, USN Submitted for your consideration: a subsurface-to-air missile for U.S. submarines. 34 The lives of a Chinese Gunboat By Ryan D. Martinson Cyber Weapons Are Not Created Equal 30 With in-your-face swagger, YZ-3JO made a name for herself By Captain Christopher A. Bartos. USMC throughout the maritime-dispute hot zone. "Cyber attack" is the buzz-phrase, but the real meat of the matter is "cyber defense." 42 Bronco 12, Cleared Hot By Captain Andy Walton, USN The irregular-air warfare lessons of Combat Dragon IT: adaptability, flexibility, innovation. 48 Containing the Nuclear Threat By Captain Geoff P. Gagnier. USCG, and Captain Larry LeGree, USN Domestic port security does not begin at home, but before a. nuke-filled cargo container ever reaches U.S. shores. ENL:STED ESSAY CONTEST WINNER CAPSTONE ESSAY CONTEST WINNERS 40 Share Who We Are 54 Submarines Reign Supreme By Hospital Corpsman Second Class Crystal Tao, USNR By Ensign Gavin Fuller. USN It is up to veterans and active-duty personnel to make the Now more than ever, U.S. nuclear-powered submarines public aware of the military's important role- a receptive "have an overwhelming fighting advantage in the maritime audience awaits. domain." 58 Embrace the Digital-Native Marines By Second Lieutenant Robert Vachon, USMC In an increasingly data-centric battlespace, data-centric THIS MONTH'S COVER millennial are the answer to a prayer. The Los Angeles-class submarine Pivot to the Pacific-at Hypersonic Speed USS Toledo (SSN-769), assigned to 62 Commander, Task Force (CTF) 54, transits By Ensign Shane Kravetz, USN through the Persian Gulf early this year. "Scrarnjet" and other advances will be key to preserving U.S. NAVY (TORREY w. LEE) freedom of the seas in the Indo-Asia-Pacific. 66 SEAL Training Is a Choice By Ensign Joseph Dinkel. USN Few roads are more arduous, few honors so great. www.usni.org PROCEEDINGS • 1 CYBER W APONS ARE NOT CREATED EQUAL By Captain Christopher A. Bartos, U.S. Marine Corps Despite public phobia to the oday's prevailing wisdom, both inside and out­ side the Department of Defense, is that offense contrary, cyber attacks are no dominates in the cyber domain. I Determining the balance between offense and defense arises with simple thing; great sophistication the emergence of every new military technology. Driv­ ing the current belief in cyber's offensive dominance is is required to bridge the 'Iogical­ the idea that digital weapons-which rely primarily on manpower- are cheap to create, while society's overall physical divide,' where defense has dependence on the Internet creates a plethora of vulnera­ bilities for intrusion, exploitation, and attack. 2 The primary a distinct advantage over offense. benefit to the offense in the cyber domain is the lack of 30 • June 2016 www.usni.org Military students man the computers in Pyongyang, North Korea, where in the system, and finally exploit that foothold to obtain Supreme Leader Kim Jong-Un has hailed cyber warfare as a "magic the objective. Smart defenders can, and often do, spoil weapon ." The North Koreans did succeed in engineering the Infamous 2014 Sony Pictures hack- but ultimately such a stunt Is "nothing more attacks on networks by interrupting this process at any of than a cyber prank." the four steps.6 This process will become even more dif­ fICUlt as cyber defenses are strengthened. Material losses from hacks have brought visibility from top-level corpo­ physicality. Cyber, unlike the other domains, is a hybrid rate executives, prompting cyber defenders to strengthen of the logical and the physical, which means that intru­ their shielding structures even more and build network sions, attacks, and defense occur at the "speed of light."3 architectures with redundancy in mind- a principle every Yet cyber's greatest offensive advantage is the same factor good communications officer in the military has imple­ that limits its overall effectiveness as a weapon, namely, mented for years. the logical-physical divide. Bridging this steep divide is Offensive cyber weapons also face the dual problems required if digital operations are to significantly impact of "perishability" and obsolescence. Perishability is when the physical world. a cyber weapon is no longer effective after it has been used. Obsolescence refers to a cyber weapon becoming Cyber Misperceptions ineffective because of time. The vulnerability in a system When compared to traditional arms manufacturing, the that is exploited when an attacker uses a cyber weapon im­ creation of mo t cyber weapons is not only cheap, but also mediately becomes well known to system administrators easy to hide. Computers, Internet access, and manpower and those who developed the original code. Patches are with the right education and skills are all one needs to written and, when installed, close the gap that the attack begin hacking computers. This is likely the reason why originally used. A cyber weapon is perishable because it even Kim Jong-Un, the leader of reclusive North Korea, is impossible to reuse as long as the system is updated. calls cyber warfare a "magic weapon."4 Cyber attacks will Obsolescence occurs by the same process except that only increase as more computers connect to the Internet the vulnerability is discovered and fixed before an attacker and more people gain the skills to hack them. uses the cyber weapon. Unlike weaponry in the physical Misperceptions about cyber warfare are fueled by a cog­ world, the development of cyber weapons and countermea­ nitive bias with regard to cyber intrusions and attacks. On sures happens at an incredibly rapid pace, meaning that any given day there are millions of attempted malicious attackers in cyberspace must constantly update their arse­ operations within the cyber domain; any approximation nals to have any hope of conducting a successful attack. for all attacks will likely be under­ estimated, considering the billions of people connected to the Internet and the automated way the simplest of malware searches for and attacks targets. Many of these attempts are blocked before they even can gain access to a system. Even if on a per­ centage basis the number of effec­ tive attacks is small, news reports of these attacks gamer media attention, increasing the perception that suc­ cessful cyber attacks are easy. Cyber attacks are hard for the same reason any attack is diffi­ cult-there are many steps involved in skirting the defenses of the ad­ versary. For military operations in ~ urban terrain, the Marine Corps ~ uses a template for successful at- i tacks: reconnoiter the objective, iso- ~ late the objective, gain a foothold, ~i and secure the objective.5 Success­ ful cyber· attacks require the same t process. Hackers must first conduct ~ reconnaissance on a tar et isolate Cyber enlisted students at the Naval Postgraduate School are training for the contingencies of the . g , new high-tech balliespace. ''To take full advantage of our nalion's substantial defensive and offensive that target from potential cyber de- cyber capabilities, planners must account for the proper strategic balance between the two." fensive support, gain the foothold www.usni.org PROCEEDINGS • 31 Since it is difficult for an attacker to know if a developed Attacks on confidentiality, commonly referred to com­ weapon has become obsolete, it is extraordinarily difficult puter network exploitation (CNE) in the Department of to plan a truly effective cyber attack. Though these same Defense, are effectively a form of espionage. Breaches of factors affect the defender, who must constantly update confidentiality are actually intrusions rather than attacks, systems and fix gaps in the defense, the burden of action because they do not cause any damage per se. CNE is rests on the shoulders of attackers. typically used to gather intelligence on computer systems Minimal vulnerability also makes cyber weapons more as well as for any of the other myriad p«rposes crimi­ defensive in nature. Missiles in hardened silos and ships nals and nation-states want information. Intrusions into a in harbors are relatively well defended, reducing the incen­ system can serve a dual purpose in that they not only en­ tive to strike first because able information extraction, each side can reasonably but they can also provide a expect to use its weapons way to plant malicious code and defend itself success­ within a system or corrupt fully. Cyber criminals and its data without the owner nation-states can effectively knowing. According to some hide and protect their cyber cyber experts, this highlights arsenals from other actors the offensive nature of all because of the complex na­ malicious cyber actions.9 ture of cyber geography and Just because intrusions are good encryption.
Load more

Recommended publications
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • Cyberattack Attribution
    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
    [Show full text]
  • The 2014 Sony Hack and the Role of International Law
    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
    [Show full text]
  • Attack on Sony 2014 Sammy Lui
    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • State Cyberspace Operations Proposing a Cyber Response Framework
    Royal United Services Institute for Defence and Security Studies Occasional Paper State Cyberspace Operations Proposing a Cyber Response Framework Gary D Brown State Cyberspace Operations Proposing a Cyber Response Framework Gary D Brown RUSI Occasional Paper, September 2020 Royal United Services Institute for Defence and Security Studies ii State Cyberspace Operations 189 years of independent thinking on defence and security The Royal United Services Institute (RUSI) is the world’s oldest and the UK’s leading defence and security think tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is a research-led institute, producing independent, practical and innovative analysis to address today’s complex challenges. Since its foundation in 1831, RUSI has relied on its members to support its activities. Together with revenue from research, publications and conferences, RUSI has sustained its political independence for 189 years. The views expressed in this publication are those of the author, and do not reflect the views of RUSI or any other institution. They are not an official policy or position of the National Defense University, the Department of Defense or the US government. Published in 2020 by the Royal United Services Institute for Defence and Security Studies. This work is licensed under a Creative Commons Attribution – Non-Commercial – No-Derivatives 4.0 International Licence. For more information, see <http://creativecommons.org/licenses/by-nc-nd/4.0/>. RUSI Occasional Paper, September 2020. ISSN 2397-0286 (Online). Royal United Services Institute for Defence and Security Studies Whitehall London SW1A 2ET United Kingdom +44 (0)20 7747 2600 www.rusi.org RUSI is a registered charity (No.
    [Show full text]
  • Episode 230: Click Here to Kill Everybody
    Episode 230: Click Here to Kill Everybody Stewart Baker: [00:00:03] Welcome to Episode 230 of The Cyberlaw Podcast brought to you by Steptoe & Johnson. We are back and full of energy. Thank you for joining us. We're lawyers talking about technology, security, privacy, and government. And if you want me to talk about hiking through the rain forest of Costa Rica and just how tough my six-year-old granddaughter is, I'm glad to do that too. But today I'm joined by our guest interviewee Bruce Schneier, an internationally renowned technologist, privacy and security guru, and the author of the new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. We'll be talking to him shortly. For the News Roundup, we have Jamil Jaffer, who's the founder of the estimable and ever-growing National Security Institute. He's also an adjunct professor at George Mason University. Welcome, Jamil. Jamil Jaffer: [00:00:57] Thanks, Stewart. Good to be here. Stewart Baker: [00:00:58] And David Kris, formerly the assistant attorney general in charge of the Justice Department's National Security Division. David, welcome. David Kris: [00:01:07] Thank, you. Good to be here. Stewart Baker: [00:01:08] And he is with his partner in their latest venture, Nate Jones, veteran of the Justice Department, the National Security Council, and Microsoft where he was an assistant general counsel. Nate, welcome. Nate Jones: [00:01:23] Thank you. Stewart Baker: [00:01:25] I'm Stewart Baker, formerly with the NSA and DHS and the host of today's program.
    [Show full text]
  • NAVIGATING the CYBERSECURITY STORM
    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • The Solarwinds Cyberthreat Guide Seven Types of Internet Threats and How to Help Prevent Them WHITE PAPER | the SOLARWINDS CYBERTHREAT GUIDE
    WHITE PAPER The SolarWinds Cyberthreat Guide Seven types of internet threats and how to help prevent them WHITE PAPER | THE SOLARWINDS CYBERTHREAT GUIDE INTRODUCTION Staying safe from cybercriminals is no easy task. Despite advances in If you’ve spent cybersecurity technology, cybercriminals successfully pull off headline-worthy time reading about attacks all too often. In fact, it might even seem like cybercriminals are gaining cybersecurity, then you the upper hand over many organizations. But why? are likely familiar with First off, the number and types of cyberthreats have changed. For example, the concept of the ransomware has become a major threat in many ways over the past few years. These “defense-in-depth” attacks can be devastating and can even affect crucial services, like the damage to strategy, sometimes also the United Kingdom’s National Health Service due to the WannaCry attack1. called layered security. Second, the people perpetrating these attacks have grown more coordinated and organized. While organizations must still worry about individual hackers or malicious insiders, they must now also contend with organized crime and even nation state actors. According to the 2018 Verizon Data Breach Investigation report, 50% of data breaches were carried out by organized criminal groups2. In short, the cybersecurity game has grown more complex—and the stakes have never been higher. DEFENSE-IN-DEPTH If you’ve spent time reading about cybersecurity, then you are likely familiar with the concept of the “defense-in-depth” strategy, sometimes also called layered security. It refers to the idea that cybersecurity requires multiple lines or layers of defenses to protect against threats.
    [Show full text]
  • Constructing Norms for Global Cybersecurity
    Temple University Beasley School of Law LEGAL STUDIES RESEARCH PAPER NO. 2016-52 Constructing Norms for Global Cybersecurity Martha Finnemore George Washington University Duncan B. Hollis Temple University Beasley School of Law November 4, 2016 Cite: 110 American Journal of International Law __ (Forthcoming, 2016) This paper can be downloaded without charge from the Social Science Research Network Electronic paper Collection: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2843913 CONSTRUCTING NORMS FOR GLOBAL CYBERSECURITY By Martha Finnemore and Duncan B. Hollis* On February 16, 2016, a U.S. court ordered Apple to circumvent the security features of an iPhone 5C used by one of the terrorists who committed the San Bernardino shootings.1 Apple refused. It argued that breaking encryption for one phone could not be done without under- mining the security of encryption more generally.2 It made a public appeal for “everyone to step back and consider the implications” of having a “back door” key to unlock any phone—which governments (and others) could deploy to track users or access their data.3 The U.S. govern- ment eventually withdrew its suit after the F.B.I. hired an outside party to access the phone.4 But the incident sparked a wide-ranging debate over the appropriate standards of behavior for companies like Apple and for their customers in constructing and using information and com- munication technologies (ICTs).5 That debate, in turn, is part of a much larger conversation. Essential as the Internet is, “rules of the road” for cyberspace are often unclear and have become the focus of serious conflicts.
    [Show full text]