The Complexity of Human Behavior Understanding the Social Aspects of Cybersecurity, Crime Prevention, and Language Development
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Cyber Security Practices and Challenges at Selected Critical Infrastructures in Ethiopia: Towards Tailoring Cyber Security Framework
ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By TEWODROS GETANEH JUNE, 2018 ADDIS ABABA, ETHIOPIA ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK A Thesis Submitted to School of Graduate Studies of Addis Ababa University in Partial Fulfillment of the Requirements for the Degree of Master of Science in Information Science By: TEWODROS GETANEH Advisor: Tebebe Beshah (PhD) JUNE, 2018 Addis Ababa, Ethiopia ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCE SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By: Tewodros Getaneh Name and signature of Members of the Examining Board Tebebe Beshah (PhD) __________ _________ Advisor Signature Date Lemma Lenssa (PhD) ___________ __________ Examiner Signature Date Dereje Teferi (PhD) __________ _________ Examiner Signature Date Declaration This thesis has not previously been accepted for any degree and is not being concurrently submitted in candidature for any degree in any university. I declare that the thesis is a result of my own investigation, except where otherwise stated. I have undertaken the study independently with the guidance and support of my research advisor. Other sources are acknowledged by citations giving explicit references. A list of references is appended. Signature: ________________________ Tewodros Getaneh This thesis has been submitted for examination with my approval as university advisor. Advisor’s Signature: ________________________ Tebebe Beshah (PhD) i | P a g e Dedication This work is dedicated to my beloved sister Eleni Getaneh. -
UNITED STATES DISTRICT COURT NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION in Re
Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 1 of 7 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION MDL Docket No. 2800 In re: Equifax Inc. Customer No. 1:17-md-2800-TWT Data Security Breach Litigation CONSUMER ACTIONS Chief Judge Thomas W. Thrash, Jr. PLAINTIFFS’ MOTION TO DIRECT NOTICE OF PROPOSED SETTLEMENT TO THE CLASS Plaintiffs move for entry of an order directing notice of the proposed class action settlement the parties to this action have reached and scheduling a hearing to approve final approval of the settlement. Plaintiffs are simultaneously filing a supporting memorandum of law and its accompanying exhibits, which include the Settlement Agreement. For the reasons set forth in that memorandum, Plaintiffs respectfully request grant the Court enter the proposed order that is attached as an exhibit to this motion. The proposed order has been approved by both Plaintiffs and Defendants. For ease of reference, the capitalized terms in this motion and the accompanying memorandum have the meaning set forth in the Settlement Agreement. Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 2 of 7 Respectfully submitted this 22nd day of July, 2019. /s/ Kenneth S. Canfield Kenneth S. Canfield Ga Bar No. 107744 DOFFERMYRE SHIELDS CANFIELD & KNOWLES, LLC 1355 Peachtree Street, N.E. Suite 1725 Atlanta, Georgia 30309 Tel. 404.881.8900 [email protected] /s/ Amy E. Keller Amy E. Keller DICELLO LEVITT GUTZLER LLC Ten North Dearborn Street Eleventh Floor Chicago, Illinois 60602 Tel. 312.214.7900 [email protected] /s/ Norman E. -
A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi. -
Climate Change Adaptation in the Arab States Best Practices and Lessons Learned
Climate Change Adaptation in the Arab States Best practices and lessons learned United Nations Development Programme 2018 | 1 UNDP partners with people at all levels of society to help build nations that can withstand crisis, and drive and sustain the kind of growth that improves the quality of life for everyone. On the ground in nearly 170 countries and territories, we offer global perspective and local insight to help empower lives and build resilient nations. www.undp.org The Global Environment Facility (GEF) was established on the eve of the 1992 Rio Earth Summit to help tackle our planet’s most pressing environmental problems. Since then, the GEF has provided over $17 billion in grants and mobilized an additional $88 billion in financing for more than 4000 projects in 170 countries. Today, the GEF is an international partnership of 183 countries, international institutions, civil society organizations and the private sector that addresses global environmental issues. www.thegef.org United Nations Development Programme July 2018 Copyright © UNDP 2018 Manufactured in Bangkok Bangkok Regional Hub (BRH) United Nations Development Programme 3rd Floor United Nations Service Building Rajdamnern Nok Avenue, Bangkok, 10200, Thailand www.adaptation-undp.org Authors: The report preparation was led by Tom Twining-Ward in close collaboration with Kishan Khoday, with Cara Tobin as lead author and Fadhel Baccar, Janine Twyman Mills, Walid Ali and Zubair Murshed as contributing authors. The publication was professionally reviewed by fellow UNDP colleagues, Amal Aldababseh, Greg Benchwick, Hanan Mutwaki, Mohamed Bayoumi, and Walid Ali. Valuable external expert review, comments, and suggestions were provided by Hussein El-Atfy (Arab Water Council), Ibrahim Abdel Gelil (Arabian Gulf University), and William Dougherty (Climate Change Research Group). -
Significant Cyber Incidents Since 2006 This List Is a Work in Progress That We Update As New Incidents Come to Light. If You H
Significant Cyber Incidents Since 2006 This list is a work in progress that we update as new incidents come to light. If you have suggestions for additions, send them to [email protected]. Significance is in the eye of the beholder, but we focus on successful attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars. 1. May 2006. The Department of State’s networks were hacked, and unknown foreign intruders downloaded terabytes of information. If Chinese or Russian spies backed a truck up to the State Department, smashed the glass doors, tied up the guards and spend the night carting off file cabinets it would be an act of war, but when it happens in cyberspace we barely notice. 2. August 2006. A senior Air Force Officer stated publicly that, “China has downloaded 10 to 20 terabytes of data from the NIPRNet (the unclassified military network).” 3. November 2006. Hackers attempted to penetrate U.S. military War College networks, resulting in a two week shutdown at one institution while infected machines are restored. 4. December 2006. NASA was forced to block emails with attachments before shuttle launches out of fear they would be hacked. Business Week reported that the plans for the latest U.S. space launch vehicles were obtained by unknown foreign intruders. 5. 2006. Chinese hackers were thought to be responsible for shutting down the House of Commons computer system. 6. April 2007. The Department of Commerce had to take the Bureau of Industrial Security’s networks offline for several months because its networks were hacked by unknown foreign intruders. -
The Future of the Internet (For PDF)
TODAYS PREDICTIONS FOR TOMORROWS INTERNET JOSH PYORRE (SECURITY RESEARCHER) ▸ Cisco Umbrella ▸ NASA ▸ Mandiant THE WORLD IS A MAGICAL PLACE THE INTERNET IN THE 70’S THE INTERNET IN THE 70’S SMALL MAPPING OF ASN’S TO THEIR IPS TO GET A SENSE OF SCALE INTERNET SIZES TODAY INTERNET SIZES TODAY POODLE OCTOBER 14, 2014 BUG IN SSL VERSION 3.0 MITM 256 SSL 3.0 REQUESTS < 1 BYTE ENCRYPTED DATA HEARTBLEED APRIL 7, 2014 BUG IN OPENSSL BUFFER OVER-READ CLIENTS AND SERVERS POST DATA IN USER REQUESTS SESSION COOKIES/PASSWORDS PRIVATE KEYS YAHOO, IMGUR, STACK OVERFLOW, DUCKDUCKGO, PINTREST, REDDIT, AKAMAI, GITHUB, AMAZON WEB SERVICES, INTERNET ARCHIVE, SOUNDCLOUD, TUMBLR, STRIPE, ARS TECHNICA, SPARKFUN, PREZI, SOURCEFORGE, BITBUCKET, FREENODE, WIKIPEDIA, WUNDERLIST, LASTPASS AND A LOT MORE REVERSE HEARTBLEED AFFECTS MILLIONS OF APPS CAN READ CLIENT MEMORY HP SERVER APPS, FILEMAKER, LIBREOFFICE, LOGMEIN, MCAFEE, MSSQL, ORACLE PRODUCTS, PRIMAVERA, WINSCP, VMWARE PRODUCTS, DEBIAN, REDHAT, LINUX MINT, UBUNTU, CENTOS, ORACLE LINUX, AMAZON LINUX, ANDROID, AIRPORT BASE STATIONS, CISCO IOS, JUNIPER FIRMWARE, IPCOP, PFSENSE, DD-WRT ROUTER FIRMWARE, WESTERN DIGITAL DRIVE FIRMWARE… AND A LOT MORE SHELLSHOCK SEPT 14, 2014 BASH IS USED IN INTERNET-FACING SERVICES CGI WEB SERVERS OPENSSH SERVERS DHCP CLIENTS BASH IS USED IN INTERNET-FACING SERVICES PROCESSES REQUESTS ATTACKER CAN SEND EXTRA DATA SECURE HASHING ALGORITHM 3B260F397C573ED923919A968A59AC6B2E13B52D = I HOPE THIS PRESENTATION ISN'T BORING SHA-1 ▸ Dates back to 1995 ▸ Known to be vulnerable to theoretical -
Effective Crisis Response Communication and Data Breaches: a Comparative Analysis of Corporate Reputational Crises
Michael Schonheit s2135485 Master’s Thesis 02/10/2020 Effective Crisis Response Communication and Data Breaches: a comparative analysis of corporate reputational crises Master’s Thesis Crisis and Security Management Table of Contents 1 1 Introduction 2 Literature Review 2.1 Placing data breaches within the cybersecurity discourse 6 2.2 Paradigm Shift: From Prevention to Mitigation 10 2.3 Data breach by Hacking: A Taxonomy of Risk Categories 12 2.4 Economic and reputational Impact on organizations 15 2.5 Theoretical and empirical communication models for data breaches 16 3 Theoretical Framework 3.1 Organizational Crises: An introduction to framing and perceived responsibility 21 3.2 Attribution Theory and SCCT 23 3.3 Crisis Types and Communication Response Strategies 24 3.4 Intensifying Factors: Crisis Severity, Crisis History, Relationship Performance 25 3.5 Communication Response Strategies 27 3.6 SCCT Recommendations and Data Breaches 30 3.7 SCCT and PR Data Breaches by Hacking 32 4 Methodology 4.1 Operationalizing SCCT in the Context of Data Breaches 35 4.2 Stock Analysis and News Tracking: Assessing cases on varying degrees of reputation recovery 36 4.3 Refining the Case Selection Framework and the Analysis Process 40 4.4 Intra-periodic Analysis and Inter-periodic Analysis 43 5 Analysis 5.1 Narrowing the Scope: Building the Comparative Case Study 44 5.2 Statistical Recovery: Stock and Revenue Analysis 49 5.3 News Media Tracking and Reputation Index Scores 58 6 Discussion 6.1 Intra-periodic Analysis: Assessing Organizational Responses 72 6.2 Inter-periodic analysis: Verifying the Initial Propositions 74 7 Conclusions 77 8 Appendix 79 9 Bibliography 79 1. -
Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide -
E-Commerce Security and Fraud Issues and Protections 10
E-Commerce Security and Fraud Issues and Protections 10 C o n t e n t s Learning Objectives Opening Case: How State University of New York College at Old Westbury Upon completion of this chapter, you will be Controls Its Internet Use ...................................... 458 able to: 10.1 The Information Security Problem .......... 459 1. Understand the importance and scope of security of information systems for EC. 10.2 Basic E-Commerce Security Issues and Landscape ........................................... 465 2. Describe the major concepts and terminol- ogy of EC security. 10.3 Technical Malware Attack Methods: From Viruses to Denial of Service ............ 471 3. Understand about the major EC security threats, vulnerabilities, and technical attacks. 10.4 Nontechnical Methods: From Phishing to Spam and Fraud .................... 476 4. Understand Internet fraud, phishing, and spam. 10.5 The Information Assurance Model 5. Describe the information assurance security and Defense Strategy ................................. 484 principles. 10.6 The Defense I: Access Control, 6. Identify and assess major technologies Encryption, and PKI ................................. 488 and methods for securing EC access and 10.7 The Defense II: Securing communications. E-Commerce Networks ............................. 494 7. Describe the major technologies for protec- 10.8 The Defense III: General Controls, tion of EC networks. Spam, Pop Ups, Fraud, and Social 8. Describe various types of controls and special Engineering Controls................................. 497 defense mechanisms. 10.9 Implementing Enterprisewide 9. Describe consumer and seller protection from E-Commerce Security ............................... 500 fraud. Managerial Issues.................................................. 504 10. Discuss enterprisewide implementation issues Closing Case: How One Bank Stopped Scams, for EC security. Spams, and Cybercriminals ................................. 509 11. Understand why it is so diffi cult to stop computer crimes. -
CIS 381: Social & Ethical Issues of Computing
CIS 381: Social & Ethical Issues of Computing Security Dr. David Koop D. Koop, CIS 381, Spring 2019 Hackers, Past and Present • Original meaning of hacker: explorer, risk taker, system innovator (e.g. MIT’s Tech Model Railroad Club in 1950s) • Change in meaning from electronics to computers and networks • WarGames (1983): Hacking military supercomputer • Modern meaning of hacker: someone who gains unauthorized access to computers and computer networks [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !2 Password Advice • Do not use short passwords • Do not rely solely on words from the dictionary • Do not rely on substituting numbers for letters • Do not reuse passwords • Give ridiculous answers to security questions • Enable two-factor authentication if available • Have password recoveries sent to a secure email address [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !3 Case Study: Firesheep • October 2010: Eric Butler released Firesheep extension to Firefox browser • Firesheep made it possible for ordinary computer users to easily sidejack Web sessions • More than 500,000 downloads in first week • Attracted great deal of media attention • Early 2011: Facebook and Twitter announced options to use their sites securely • Evaluate: Was this a good action? [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !4 Viruses • Virus: Piece of self-replicating code embedded within another program (host) • Viruses associated with program files - Hard disks, floppy disks, CD- ROMS - Email attachments • How viruses spread - Diskettes or CDs - Email - Files downloaded from Internet [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !5 Worm • Worm: - Self-contained program 7.3 Malware 329 - Spreads via computer network - Exploits security holes W • Tappen's Internet Worm W W - Released worm onto Internet from W MIT computer - Spread to significant numbers of Unix computers W - Infected computers kept crashing or became unresponsive Figure 7.4 A worm spreads to other computers by exploiting security holes in computer networks. -
Software Bug Bounties and Legal Risks to Security Researchers Robin Hamper
Software bug bounties and legal risks to security researchers Robin Hamper (Student #: 3191917) A thesis in fulfilment of the requirements for the degree of Masters of Law by Research Page 2 of 178 Rob Hamper. Faculty of Law. Masters by Research Thesis. COPYRIGHT STATEMENT ‘I hereby grant the University of New South Wales or its agents a non-exclusive licence to archive and to make available (including to members of the public) my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known. I acknowledge that I retain all intellectual property rights which subsist in my thesis or dissertation, such as copyright and patent rights, subject to applicable law. I also retain the right to use all or part of my thesis or dissertation in future works (such as articles or books).’ ‘For any substantial portions of copyright material used in this thesis, written permission for use has been obtained, or the copyright material is removed from the final public version of the thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. AUTHENTICITY STATEMENT ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. Thesis/Dissertation Sheet Surname/Family Name : Hamper Given Name/s : Robin Abbreviation for degree as give in the University calendar : Masters of Laws by Research Faculty : Law School : Thesis Title : Software bug bounties and the legal risks to security researchers Abstract 350 words maximum: (PLEASE TYPE) This thesis examines some of the contractual legal risks to which security researchers are exposed in disclosing software vulnerabilities, under coordinated disclosure programs (“bug bounty programs”), to vendors and other bug bounty program operators. -
How to Improve Data Security and Reduce Potential Liability for Data Breaches
How to Improve Data Security and Reduce Potential Liability for Data Breaches Randy Gainer, Attorney, CISSP February 12, 2014 Topics . The risks of cyber attacks – Identifying threats – Conducting risk assessments . Choosing cost-effective security measures . Evaluating cyber insurance coverage 2 Identifying threats . If your business processes payment cards, card data thieves are targeting your customers’ card data: Trustwave 2013 Global Security Report, 8. 3 Identifying threats . Targeted malware – Deployed by phishing, poisoned websites, poisoned ads, watering hole attacks, and poorly protected third-party access tools. E.g., • Remote access accounts for service vendors that rely on weak passwords; and • Phished credentials for access to the cardholder data environment (“CDE”). 4 Identifying threats . Targeted malware – Programmed to find, copy, store, encrypt, and exfiltrate payment card data – Customized to avoid detection – Allows attacker to persistently communicate with, and exercise command and control of, the malware inside the target network – Permits an attacker to adapt to defenses (e.g., installs multiple backdoors to maintain attacker’s access). 5 Identifying threats . Targeted malware – Used to find assets on the network to steal: Insight Enterprise Intelligence tool. Used with permission. 6 Identifying threats 7 Identifying threats 8 Identifying threats 9 Identifying threats 10 Identifying threats 11 Identifying threats 12 Identifying threats . Issuers, merchants, and acquirers of credit, debit, and prepaid cards experienced gross fraud losses of $11.27 billion in 2012, up 14.6% over the prior year. Card issuers lost 63% and merchants and acquirers lost the other 37%. Business Wire, August 19, 2013, citing The Nilson Report. 13 Identifying threats . Global Payments, Inc.