Introduction to Cybersecurity: Final Exam

What errors were made regarding Snowden's leak?

1) insufficient background checks, and outsourced to contractors 2) no enforced policy against giving out login credentials 3) insufficient compartmentalization of data (he had access to a lot of info) 4) data could be removed from "secure sites"

what is buffer overflow?

A technique for crashing by sending too much data to the buffer in a computer's memory, the program does not check to make sure that user input is too much since source code is available for most applications, an attacker can see if it is possible to overflow a buffer

What was the Chelsea Manning incident of 2010?

An army intelligence analyst named Chelsea Manning leaked classified material to Wikileaks (Iraqi and Afghan war logs), these reports revealed there tons of civilian deaths and accounts of abuse/rape that were not investigated by the US

what are the five 3-Letter agencies relevant to cybersecurity?

CIA (spies in foreign countries), FBI (us national police), DHS (overall homeland security), DOE (control nuclear arsenal), NSA

What is DNS cache poisoning?

False information being fed in to the cache of a system after a DNS query from a client, a maliciously corrupted response it takes you to a fake site (imposter site)

Describe how the 2016 election interference occurred?

John Pedestal gets phished, Clinton campaign emails were released

what is a logic bomb?

Malicious code that wait for triggers to go off before activating, it has a payload and a trigger not self-replicating, zero population growth, possibly parasitic

What US bills were passed to hinder piracy?

SOPA/ PIPA (2011)

What are SOPA and PIPA?

Stop Online Piracy Act (SOPA), Protect IP Act they were "postponed" to kill it SOPA would take a site down for hosting illegal content without giving them the chance to take it down themselves; it would remove a site from DNS servers (no need for proof, only based on accusation), users could be criminally liable and it would almost no effect on pirate websites it would not allow the use of DNSSEC the bill's wording was vague because they were unconnected from technology

What is Telnet?

Telecommunication Network (telnet) is a remote access protocol that allows "virtual terminal" connections to any host on the Internet possessing a telnet server. it is the old version of ssh

What is DNS?

The Domain Name Service (DNS) converts domain names or host names into IP addresses. Instead of having to remember a host's IP address, DNS allows you to use a friendly name to access the host. For example, it is easier to remember http://www.cisco.com than 198.133.219.25.

What caused the SOPA bill to be shut down?

The internet protest of Jan 2012, when many sites (google, reddit, wikipedia) blacked out their logos, headers, and content in protest of the bill

what is an exploit?

an attack that makes use of some vulnerability (a skeleton key that can open many types of locks)

What is the difference between thinking like an attacker and thinking like a defender?

an attacker looks for the weakest links, identifies the security's assumptions, and thinks outside the box defender: security policy, threat model, risk assessment, countermeasures

what is idiot code?

any sentence with 'day' and 'night' means 'attack' the location in the sentence

what is the difference between block-ciphers and stream ciphers?

block-ciphers: require a block of text (use private key on an entire 64-bit) stream cipher: encrypt data as it it provided, character-by-character (XOR with private key, goes bit by bit)

What are some code vulnerabilities?

buffer overflow, what comes after the buffer being overflowed determines what can be attacked (ex. return address can be changed to malicious code & output file names can be overwritten with a file name preferred by the attacker)

what is a virus?

code that modifies an executable program and inserts its own code into the program, often has a destructive payload, does not spread by network but infected files can be downloaded or emailed via network at some point during its execution control is transferred to the virus it is self-replicating, has positive population growth, it is parasitic

what is the difference between codes and ciphers?

codes: change the meaning of words, the eagle has left the building cipher: encrypts messages, wkh txlfn eurzq ira mxpsv ryhu ...

describe the roles, duties, and interests aspect of cybersecurity ethics.

consider conflicts of interest (hiring someone who is not ethical because you like them or want them to be better)

what are utilitarian ethics?

consider what the 'greatest good' is

what are one- and two-part codes?

contains one or two books that correlate coded words with their plaintext meanings

what is authorization?

controlling one's actions based on who they are (ex. different levels of access)

What is authentication?

determine the identity of a user (ex. net badge)

What are the two types of security costs?

direct costs: design, implementation, enforcement, false positives indirect costs: lost productivity, added complexity

in the risk assessment, what costs are considered?

direct costs: money, property, safety indirect costs: reputation, future business, well-being, ..

what is a worm?

does not modify existing files but it is a stand-alone program that spreads via a network by normally exploiting a security hole it is self-replicating, has positive population growth, not parasitic

what were the errors made that led to election interference?

election machine safety is regulated by states so US congress has no authority, the machines are vulnerable

what is deontological ethics?

ethics based on duty with no consideration of personal benefits gained from doing right (ex. 10 commandments)

what is the problem of the seven policy priorities or the four pillars?

funding is limited (lack of understanding and other political priorities)

what is adware?

gathers information about the user, similar to spyware but it is more marketing focused (pop up ads and redirects browser) not self-replicating, zero population growth, not parasitic

What are ethical dilemmas did we discussed in lectures?

google's power, trolley problem, stopping a murderer, FBI/Apple encryption dispute, government leaks,

what lessons did we learn when discussing various ethical dilemmas in lecture?

google: companies with a lot of power can do greater damage with unethical choices trolley: not all of these problems have correct answers stopping a murderer: all these questions have thresholds FBI/Apple: allowing a "crack" on encryption can have unintended consequences, companies may state they are doing the most ethical thing but really they are protecting their market share government leaks: reasonable people have different views on what is ethical

what are ethical issues in cybersecurity?

harm to privacy harm to property cybersecurity costs transparency and disclosure roles, duties, and interests

What was the Edward Snowden event of 2013?

he was a contractor w/ Booz Allen Hamilton and he released information about NSA's global surveillance, the NSA was doing sweeps of telephone, internet, and location records, he now has asylum in Russia

how do cybersecurity professional serve the public good?

help create crypto systems to secure data ensure safety of online systems protect privacy

what are examples of harm to privacy?

identity theft, social ostracisation, blackmail, extortion, theft of state secrets

describe the transparency and disclosure aspect of cybersecurity ethics.

if a vulnerability is found, when should people be notified? (immediately unless it is very minor)

What is the key to good security?

knowing your enemy

Is there ethics policy?

laws cannot follow the rapid change of tech so various organizations have their own ethics policies (ex. ACM Code of ethics & IEEE's technological ethics division) knowing tech in an age where everyone is becoming more dependent on tech is a big responsibility

What is the security mindset?

learning to think like the attacker and how they would attack the system, wondering about the security vulnerabilities

What is my legal responsibility in a computational context?

limited because laws do not keep up, just no outright negligence

what are examples of harm to property?

loss of funds from a financial account, loss of data, malware damage

Is any security fool-proof?

no, no security is 100% fool-proof

what are some user behavior vulnerabilities?

poor password selection, (too short, too predictable) - 1988 Morris worm used a list of 432 most common passwords and succeeded in cracking many user accounts all over the internet opening executable email attachments (even if they trust the "sender")

What is security?

security is freedom from, or resilience against, potential harm (or other unwanted coercive change) from external forces

what was the Reality Winner incident?

she was a contractor hired who released a confidential report about the Russian interference in the 2016 US election

what is malware?

software that is intended to damage or disable computers and computer systems

what is spyware?

software the collect personal information from a computer and transmits it to somebody else (like passwords and email address), virus and worms can do similar things but spyware does not self replicate not self-replicating, zero population growth, not parasitic

What are the countermeasures considered in the risk assessment?

technical countermeasures non-technical countermeasures (law/policies/procedures/training/incentives/etc.)

what is one example of lack of tech knowledge in congress?

the Burr-Feinstein Anti-Encryption Bill that would require tech companies to decrypt communication upon court order (proper encryption does not work this way)

What lessons were taught by the Morris worm?

the can be unforeseen consequences of a virus/worm severe damage can be done without destroying any data excessive resource usage can be found a criminal offensive since it can be destructive

what is a vector?

the means by which malware attacks its host (ex. virus, buffer overflow, worm, back door)

What is the ACM code of ethics?

the primary professional organization for computer scientists and their code of ethics they outline General ethical principles, professional responsibilities, professional leadership principles, and how people must comply with the code

Describe the pin tumbler lock and how to crack it.

the purple and red rods are the metal pins purple = driver pins red = key pins the "breaks" between the purple and red pins must all align with the top of the yellow plug this will allow it to rotate you can pick a lock by getting all the pins in the correct position and rotating the lock

who are the primary stockholders and how do they conflict?

the users and the entity paying for the system users want high security and the entity wants low cost

What is security ultimately determined by?

the weakest link

What was the 1988 Morris Worm?

the worm did not do any actual damage, but it copied itself from system to system over the internet however, it monopolized the system's resources until it had to be shutdown and the worm reached 10% of the internet he was charged with felonies and now teaches at MIT

describe the security of 1024 bit RSA

there are 1.88 * 10^302 possible primes that you would have to brute forces this would take a LONG time (longer than the universe has existed) but it is possible much more realistic that someone would just beat you with a wrench to get your password

how do you know you didn't get a maliciously corrupted response?

there is a DNSSEC: a hash-based signature confirming that the response received is from a trusted source

What impact do government shutdowns have on cybersecurity?

there is little to no staff so many government agencies could not perform basic cybersecurity procedures

What is the difference between the security mindset and crime?

thinking v. acting thinking about weakness is different than acting on those weaknesses

what are examples of cybersecurity costs?

too much security and the system becomes unstable but too little security and the system is insecure have to find a balance between cost and security

What are the "external forces" considered in security?

usually malware written by individuals but not always! (stealing a computer is a non-software approach)

what are the abuses of the four ethical frameworks?

virtue ethics: can be culturally relative consequentialist ethics: do the ends justify the means? utilitarian ethics: sacrifice one individual's rights for the good of the many deontological ethics: what if the laws are immoral?

What is the security policy that the defender must consider?

what are we trying to protect? are we trying to enforce confidentiality, integrity, availability, privacy, or authenticity?

what is the payload?

what damage or effects it causes (ex. file deletion, mailing spam, infection of other files)

what is virtue ethics?

what would a "morally excellent person" do? helps us determine if we have a moral/ethical obligation

what is the risk assessment considered by the defender?

what would a security breach cost us? and how likely are these costs? (probability of attacks and probability of their success)

What is a debated topic regarding the "weakness" of security?

whether or not they should be published are people entitled to know the weaknesses of their security or is it dangerous to release these securities?

what are some DNS failures?

you can't tell the difference between an imposter site and the real site (you wouldn't know if DNS cache poisoning was occurring)

What is the threat model?

WHO are the attackers? what are their motives? what are their capabilities? what is their degree of access?

What is consequentialist ethics?

When you decide what to do based on what the results of your actions are likely to be, do the ends justify the means?

what is a trigger?

a boolean condition that determines when a program executes

what is ethics?

a branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong conduct

what are zombies?

a computer that somebody else can (partially) control, a drop of another piece of malware (it is often windows machines and user is often unaware of the zombie) ? self-replicating, ? population growth, it is parasitic

does malware cost companies little or a lot of money?

a lot. estimated $6 trillion in 2021

what is a trojan horse?

a malicious program disguised as legitimate software not self-replicating, zero population growth, it is parasitic

what was the Shadow Brokers incident in 2016?

a mysterious group that released many NSA cyber weapons, these were then used in major malware and available to anybody

what is a botnet?

a number of zombie computers controlled by a single source n/a self-replicating, n/a population growth, it is parasitic

What errors were made regarding Manning's leak?

a person who was morally opposed to war was given classified access to war documents

what are hybrids?

a piece of malware that uses multiple techniques, most malware today are hybrids n/a self-replicating, n/a population growth, n/a parasitic

what is a one-time code?

a pre-arranged word or phrase intended to be used only once, and to convey a message

what is a back door?

a program or set of instructions in a program that allow users to bypass security controls, ex. if you are logging in from a specific IP address it will not ask for a password not self-replicating, zero population growth, possibly parasitic

what are droppers?

a program that deposits malware on a computer, many virus and worms contain a dropper for a larger piece of malware n/a self-replicating, n/a population growth, n/a parasitic

what is a rabbit?

a rapidly reproducing program that consumes all of the available computer resources, it leaves a lot of traces so they are easily traced back, ex. fork bomb it is self-replicating, zero population growth, not parasitic

what is deep-packet inspection?

a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly people would find ways to go around this lay masking IP addresses, using foreign redirector sites, etc.

what is ransomware?

a type of malicious software designed to block access to a computer system until a sum of money is paid. it is usually a payload of another attack

what is a vulnerability?

a weakness or bug in the security of a program (the easiest lock to pick)

What are some examples of malware attacks and their costs?

1. CIH (chernobyl) virus which overwrote the first megabytes of the hard drive with zeros, $250 million lost in Korea in a single a day 2. Anna Kournikova computer virus/worm which used Visual Basic script via email (did little damage) 3. Stuxnet worm which crippled Iran's nuclear enrichment (most advanced piece of malware in its time - 2011) 4. Ashley Madison data breach where hackers held the member's information hostages unless site was closed down, the site was for extra-marital affairs (2015) 5. 2016 US election hacks where the Russian government interfered to harm Hillary Clinton's campaign 6. NotPetya which attacked Ukrainian companies through a backdoor found in their Ukrainian version of TurboTax software 7. Colonial Pipeline shutdown which was caused by ransomware that infected the computers of the company (they paid bitcoin equal to $5 million)

what are the two definitions of a "hacker"?

1. a computer expert 2. someone who circumvents security and breaks into a network/file/computer/etc.

What are some of the best ethical practices?

1. cybersecurity is not compliance (legality) 2. consider the human lives/interests involved 3. consider downstream/lateral/upstream risks 4. don't discount non-technical people/interests/etc. 5. establish chains of ethical responsibility and accountability 6. practice disaster planning and crisis response 7. promote transparency, autonomy, and trustworthiness 8. consider disparate interests, resources, and impacts (ex. encryption can help criminals) 9. have diverse stakeholder input 10. design with security/privacy in mind 11. analyze your success/mistakes, reflection is key! 12. advocate for ethical cybersecurity practice

what are the seven policy priorities of US's international strategy for cyber space?

1. economy 2. protecting our networks 3. law enforcement 4. military 5. internet governance 6. international development 7. internet freedom

What are the challenges in US cybersecurity policy?

1. lack of congressional tech savvy 2. rapid change in the field 3. slow government response 4. well funded adversaries (countries have stepped up their cyberwar capabilities) 5. States' rights (the US government can't do anything, the states have the power) 6. US government working against secure computing (they want backdoors in encryption, etc.) 7. Who fixes these issues? (no one knows who should take responsibility for cybersecurity) 8. lobbying and money in politics (congress persuaded by. money) 9. retaining knowledgable people (they have to hire contractors which causes other issues) 10. contradictory government response (don't want US citizens to use encryption like they do) 11. repeated government shutdowns

What were problems with security at the 2017 unite the right rally?

1. police watched the violence happen 2. streets were not properly closed (some had an insufficient barrier to protect from cars) 3. insufficient group separation (a single police wall separating the two groups) 4. police did not have riot gear on/were not ready 5. the protestors/white superemacists were trusted to do as they were told 6. lack of planning/police leadership

What are the characteristics of malware?

1. self-replicating 2. population growth : how does the infected population increase? 3. parasitic: does it need another executable in order to exist?

What are the two definitions of "hack"?

1. to write a program in a clever/skillful way 2. to break into a computer/network/file/etc., usually malicious intent

Give a brief history of cybersecurity in the US

1970s: try to define computer crimes but no progress 1980s: first confiscating of computers, Morris worm, first Computer security Act passed 1990s: viruses increase in power (and thus awareness of them), DMCA passed to prevent piracy 2000s: malware raises awareness, DHS created, first cybersecurity strategy 2010s: SOPA and PIPA, interest in weaponizing cyberspace

What are the four pillars of US National security strategy?

1: protect the American people, the homeland, and the American way of life (keep us safe) 2: promote American prosperity (lead in tech) 3: preserve peace through strength (protect innovation & renew cyberspace capabilities) 4: achieve American influence

what is a fork bomb?

Attack that creates a large number of processes to use up the available processing power of a computer