CS449 Study Guide
According to the IRS, the domestic US tax gap in 2013 was?
$450 billion
What is the approx. going rate for a zero-day exploit?
$50,000 - $100,000
There is one metadata element that is completely excluded from web metadata standards protocols such as the Dublic Core. What is it?
Authenticity and reliability standards
What was the "payload" of the SCDOR hack?
Email phish bait containing a link to online malware
(T / F) The Federal Government was responsible for the SCDOR hack.
F
(T / F) The perpetrators of the SCDOR hack were the Chinese.
F
(T/F) Evidence used for cyber attribution have to abide by the rules of evidence.
F
(T/F) In general, claims of cyber attribution are testable and repeatable.
F
The label that the author uses to describe the irrational belief in the security of a computing/network system that was not build around a robust security model.
Faith-based security
The Payeck GPS starter interrupt system is used for what purpose?
Financing and used car dealerships can immobilize the car if payments become delinquent
What injections strategies were used in Stuxnet?
Flame platform auto-run exploit through infected USB drives, using four command-and-control servers to update the code and used a .LNK injector
Define criminogenic.
Likely to cause criminal behavior
Name three sources that state sponsors may use to obtain cyber weaponry.
State sponsored agencies, Multimillion dollar greyware market, individual hackers
Have air gaps ever been an effective deterrent to protecting LAN-based computers?
Stuxnet proves that air gaps are ineffective
(T / F) The SCDOR hack used 33 unique pieces of malware and data management utilities.
T
(T / F) The use of rolling code algorithms defeat replay attacks against keyless entry systems.
T
(T/F) Edward Snowden's legacy is that he showed that the public was justified in being suspicious of the government.
T
Why did the Ninth Circuit Court rule that the Operation G-Sting convictions were illegal?
Tampering with OnStar violated the OnStar terms of service
What exactly did OOG/Stuxnet do?
Targeted the S7 software on Windows computers, which regulate S7 controllers used by uranium centrifuges
To what extent was information about the Struts vulnerability known before the attack?
They knew a patch needed to be applied to the Apache software and was supposed to be applied within 48 hours
Was Equifax aware that a patch was available? If so, how much time did they delay in applying the patch?
They knew of the vulnerability 3 months before they were compromised and applied the patch after they were compromised
Name 2 dark web services.
Tor and I2P
Which would be harder to implement, a trollbot or chatbot?
Unlike chatbox texts, trollbot output possesses weaker requirements for coherence and continuity from its context
The OOG/Stuxnet code base shared DNA with what three pieces of malware?
W32.Duqu, Flame, Tilded
Give two examples of a money service business.
Western Union and check cashing services
Name one dark web domain.
.onion
What penalties did the CEO of Equifax receive from the board of directors?
???
What is an air gap?
A computer security measure where the secure network is physically separated from unsecure networks
What was Operation Olympic Games/Stuxnet?
A covert campaign of cyber disruption directed at Iranian nuclear facilities by the US and Israel
What is representative money?
A guarantee by the issuer that the money can be used as legal tender
What was Silk Road?
A site to facilitate the sale of illegal substances and contraband, money laundering and murder-for-hire schemes
What was the nature of the Equifax vulnerability?
A vulnerability in the Apache Struts Server software
What information is in principle accessible to Black Box OBD devices?
Accelerometer, Speed, GPS
Define the visible web.
Accessible by http and indexed by search engines
Define the deep web.
Accessible by http but not indexed by search engines
List two uses of the dark web you find acceptable.
Anonymity and untraceable location
What is a trollbot?
Automated troll
Which is more vulnerable to hacking, a modern mobile phone or a modern automobile's computer system?
Automobile's computer system
List two types of traditional money exchange.
Bank accounts and letters of credit
Name 3 organizations responsible for producing the lion's share of data breaches.
Banks, healthcare organizations and colleges
How is suspicion different than belief?
Beliefs arise in a realm of human understanding where perception and reason are fairly reliable and predictable. With suspicion, there must be an additional assumption that perception is unreliable/incomplete and therefore unreasonable.
Describe the "too big to fail era".
Certain corporations are so large that their failure would be disastrous to the greater economic system, so they must be supported by the government when facing failure
Compare the cognitive load for detection and prevention of trolling vs. deploying trolling.
Cognitive load for detection and prevention is considerable. There's little cognitive load for tribalists.
"Humans tend to be _____ in that they search for the simplest explanation of events consistent with their disposition, biases, and world views."
Cognitive misers
What did the so-called Holder Memorandum outline?
Collateral consequences doctrine
What was the motivation behind the dark web?
Complete anonymity of information exchange
Why was there no Computer Information Security Officer overlooking the Department of Revenue's security practices?
They felt that the $100,000 salary was too expensive
List three uses of disinformation.
Confuse, de-legitimize, intimidate
What are 3 major causes or sources of identity theft and financial fraud?
Credit/debit card fraud, hacks, lost/stolen devices
Bitcoin, Litecoin, Peercoin are examples of?
Crypto currencies
List two types of non-traditional money exchange systems used in money laundering.
Crypto currencies and charities
When people try to attribute some crime/hack/attack to someone else, the first principle should be?
Cui bono - "what agendas are hidden?"
What problem will enable trolls to circumvent legislation against trolling?
Cyber-attribution
What was the educational background of the Equifax CISO?
Degree in Music Composition
What was the educational background of the Equifax CIO?
Degree in Russian History
Define the dark web.
Designed to be concealed from search engines and casual web users
What is the difference between the objectives of disinformation and misinformation?
Disinformation is the intentional planting of false information to conceal truth or deceive. Misinformation is more relaxed regarding intention, concealment and source.
What is the US Government's System of Vulnerabilities Equities Policy and Processes document?
Document that outlines what the government does when it discovers or purchases malware that could affect the privacy and security of its citizens
How did the OOG/Stuxnet attackers cross the air gap?
Earlier Stuxnet version was not internet enabled. It propagated through shared S7 folders on Windows through LAN, USB storage devices, etc.
What is Snowden's legacy? What did he do to incur the wrath of the government?
His leaks deprived the US of plausible deniability
What was the flaw in the Windows Icon Handler within the Windows shell?
IconHandler within the Windows Shell incorrectly parses .LNK files
Trolling is confirmation of a fundamental flaw in the notional roots of the modern Internet-enabled web. What is that flaw?
Ignores any measure of authenticity and reliability
What implications does OOG/Stuxnet have for IoT? For critical infrastructures?
Implications of Stuxnet/Operation Olympic Games on the vulnerability of industrial controllers (ICs) is serious and far reaching. ICs' general purpose applicability means that the exploit potential of the Stuxnet family of malware extends to virtually the entire global infrastructure: transportation, energy, water supply, emergency services, and so on.
What is a zero-day exploit?
It is an unknown vulnerability in software that leaves no opportunity for detection
Is it possible that a forensic investigator might have biometric evidence of a cybercrime conducted by a skilled cyberwarrior? Is it likely?
It is possible, but not likely
Who is the big player in the gray market in cyber-weapons?
NSA ($25 million for covert purchases of software vulnerabilities)
Are credit reporting companies held liable for PII data loss?
No
Has there been any confirmable evidence that identifies the source of the Sony hack?
No
Was the Sony hack "one of the most vicious and malicious cyberattacks that we've known certainly in recent history"?
No
Which of the following would be considered sensitive sources and methods: {file hashes, decompiled but redacted malware, string signatures of malware, file metadata}
None
Which of the following would be considered totally reliable network forensic data: {IP address, MAC address}
None
What vehicle telematics component was exploited by the FBI in operation G-Sting?
OnStar
What is fractional-reserve banking?
Only a fraction of bank deposits are backed by actual cash on hand
What is the name of the tool developed by Samy Kamkar to run replay attacks against keyless entry systems?
OwnStar
Trolling technology is particularly well suited for two models of government. Name them.
Pathocracy and Kakistocracy
What data was leaked in the Equifax breach?
Personal data of 145 million people
What type of computer appliances are "never optimal for security-sensitive applications"?
RF (Radio Frequency)
What did the FBI Director James Comey offer in terms of justification of his accusation?
Regarding how he knew it was North Korea, he said "Trust me."
What is Samy Kamkar's program that offers replay attacks for RF based keyless entry systems that use rolling codes?
RollJam
What is money laundering?
The concealment of illegally obtained money through foreign banks or legitimate businesses
Why are disinformation and trolling expedient ways to manipulate public opinion?
They exploit a human bias toward binary choices
What was the specific attack vector in the Equifax hack?
The parser had incorrect exception handling during file uploads