Tag: CYSE JOURNALS

In the TED Talk, Davin Teo speaks about what digital forensics is, how he found his unique digital forensics, and the experiences that he went through while working in this field. In the speech, he covers some of the duties that digital forensic investigators do which include collecting data from devices, analyzing it, and reporting what they have found. From the beginning of his journey to becoming a digital forensic investigator, he first worked as an accountant at a small company. However, this opportunity changed his life when they needed an IT technician for their network. From there, he began to become interested in the field of information technology although he was still in the accounting profession. After the email receiving opportunities to work in the national digital forensics practice, he never turned back. From listening to his journey to digital forensics, it amazed me how one individual can start from one profession that wasn’t their current at the time and grow into the one that they’re in now due to opportunities or just jumping into a field that they did not know about. This part of his speech also inspired me to jump into or experience a field that I’ve heard about or done before. Or just wait in the process cause I’ll never what I might go for in the future. 

In the blog article, Andriy Slynchuk has described eleven things Internet users do that may be illegal. The 11 things are using unofficial streaming services, torrent services, copyrighted images, sharing passwords, addresses, or photos of others, bullying and trolling, recording a volP call without consent, faking your identity, other people’s networks, extracting audio from YouTube, and doing illegal searches. The five actions that are the most serious are sharing personal information such as passwords, addresses, and photos, faking your identity, using torrent services, bullying and trolling, and doing illegal searches. With sharing personal information without the individual’s consent can put them at risk for everything that they own and ruin their reputation to others. This can also lead to doxxing which is searching for information about the individual and publishing it online for malicious purposes. By faking an identity, if the individual decides to continuously portray another person, the person who they are portraying would have to suffer the consequences although it wasn’t them who committed these illegal acts. Also, this would expose a bunch of information. To minors, this would expose them to danger on social media. Using torrent services to download movies or songs is unfair to the creators and by this, it’s a loss of revenue for them. Bullying and trolling online can lead to threats, the individual to commit suicide or emotional trauma. Lastly, doing illegal searches online is self-explanatory. 

In this article, Sridhar and Ng conducted a study based on bug bounty programs and how they might develop an economic model for these programs by using HackerOne’s statistical data about vulnerabilities and vulnerability reports. The methodology they conducted was leveraging and using the identification strategy for further observation of HackerOne’s data. From these two methods, they were able to gather information and determine the number of vulnerabilities and vulnerability reports that happened within the timeframe they chose to study. Also, the advantages and disadvantages of the model. From the results of using another model, they were able to find six reasons which are hacker supply is price elastic, brands have an economically insignificant impact on companies, industry effects, the number of new programs has statistically insignificant effect on company reports,  programs receive fewer reports over time, and variation in program reports remain unexplained. Reading the study it made me realize that some vulnerabilities go unreported or some might be missed since companies have fewer reports. Also how hackers in companies either show less or more price sensitivity.

In some ways, economics helps cyber professionals understand cyber attacks from a monetary perspective. In economics, there are a couple of theories that explain how economies work. Also in some ways, social science helps cyber professionals understand cyber attacks from a behavioral perspective and the theories from this field further explain social and behavioral aspects in society.  However, with both of these combined in cybersecurity, these further explain how actions in the network can affect the company and the costs afterward.  In the sample data breach letter, the company, Glass Washer Parts, explains to the customer how their website has been hacked by a malware intrusion from one of their third-party providers’ systems. Two economic theories that relate to this breach are Rational Choice and Classic Economic theory. Also, two social science theories that relate to this are the Social Exchange and Conflict Theory.

The rational choice theory is when businesses make choices in their best interest. In the letter, it states that the company has chosen a third-party provider or company to operate their website. Third parties provide products and services to the customer which provides better marketing and reputation for the company. However, by their website being breached from the third-party system, the company could also choose to invest in more security software or cybersecurity products to protect and prevent these attacks from happening again. Since the customers provide their credentials to buy from this website, the supply and demand for this company is given for which the Classical economy theory suggests that these needs are met by the participants. The social exchange theory studies the relationship of two parties that implement a cost-benefit analysis to determine risks and benefits. Lastly, the conflict theory emphasizes how the elite exploits the poor. In this case, the poor(the hacker) exploit the elite(the company) for monetary gain. 

In the world today, there’s information warfare going on between numerous countries around the globe to promote propaganda, more division, and opposing views against countries that are peaceful. However, with the help of social cybersecurity, this would provide a better understanding of information and strategies to prevent further disinformation or misinformation in the media. Social cybersecurity is an emerging domain in national security and a field that combines both social science and cybersecurity. This subdomain uses computational social science techniques to identify, counter, and measure the impact of communication objectives. This also includes seven research areas such as social cyber forensics, information maneuvers, motive identification, diffusion, information campaigns, mitigation, and governance. All of these can help professionals understand what needs to be implemented. 

In the article, it states that Russia is currently about to wage an information blitzkrieg which is the biggest information warfare attack in history professionals have ever seen. In Russia, their methods in information warfare is using propaganda to spread disinformation among the media to change the perceptions of the public to manipulate them or stir fear into them. In other countries, this caused shock, and this movement of public perception was studied by multiple researchers. Later on in the article, researchers have came up with strategies to help combat future information warfare attacks by using social cybersecurity. 

The Social Media Disorder Scale is a nine-item scale that measures problematic social media use (SMU) among adolescents. After taking the survey, I’ve scored 1/9. Although I am addicted to social media, I don’t stay on it as much because there are other things to do to keep me occupied. All the items on the scale are a good way to determine if you’re truly addicted to social media and need help to combat this addiction. In some other countries, it’s based on gender differences. Most girls are addicted because of role models and are most likely at risk of cyber victimization compared to boys. 

When you report a suspicious email and it says congratulations you passed the phishing test from the IT team

Human Systems Integration (HSI) is a transdisciplinary sociotechnical and management approach to systems engineering used to ensure that a system’s technical, organizational, and human elements are appropriately addressed across the whole system lifecycle, service or enterprise system. There are seven domains: human factors engineering, manpower, personnel, training, personnel survivability and habitability, and environmental safety and occupational health. For this meme, in cybersecurity aspects, flagging or reporting phishing emails from the IT team is a part of training which is one of the domains of the HSI. 

References:

“Human Systems Integration.” INCOSE, www.incose.org/incose-member-resources/working-groups/analytic/human-systems-integration. Accessed 16 Oct. 2023.

Photo:

https://unsplash.com/photos/R6dSBkz32B8

Reading from every aspect of individual motives, a few of them are trending today. The motives that drive the hackers are Entertainment, Political, Revenge, Boredom, Recognition, Money, and Multiple Reasons. The ones I believe should earn the number one rank are Political, Money, and  Multiple Reasons. These make the most sense out of the other motives. With politics, you’ll see this often on the news with leaks of confidential documents or hidden videos of political candidates doing or saying inappropriate things towards other people. Or misinformation about topics that candidates cover to ruin their reputation and integrity towards the public. With money, there are numerous ways that hackers can gain money. They can do this by faking emails or text messages regarding an unknown transaction from a bank account or getting into one of the stocks and gaining off the individuals. Hackers use this to buy or sell items on the internet or dark web. Lastly, hackers are just bored and have nothing to do so they just hack for no reason at all. Although there may be multiple reasons why hackers choose to do these actions, all of this narrows down to boredom. 

As for the other motives, some might get a different rating because of today’s cybercrime. Starting with Entertainment, I rate this a 6. This almost correlates with Multiple Reasons due to the boredom of hackers. They do these things just for pleasure and fun but you usually don’t hear or see these types of attacks that often in the news as much as the main ones. Besides gaining money, Recognition may be the next step for hackers if they decide to head for popularity. However, their fame would only last temporarily which I rate a 6 as well. With Boredom, it’s mostly common but this topic isn’t covered so this will be a 7. Last but not least,  Revenge can come in many different forms, but the one that has the most impact is online revenge. This can go from ex-employees leaking information about the business or a girlfriend exposing pictures of their ex or even revenge pornography. Although this is a problem, this rarely happens. This motive is a 7. 

The Hierarchy of Needs is a concept or theory by Maslow that explains that our actions are motivated by certain physiological and psychological needs that progress from basic to complex. This involves five levels of needs which are self-actualization, esteem needs, belongingness and love needs, safety needs, and physiological needs. How this relates to my technology experience is that I use my devices for different purposes every day. With the first level, self-actualization, I use drawing programs to showcase my talent as an artist. As for esteem needs, I like to watch outfit videos just to inspire me and that’ll help with my way of styling my clothes. With the third level, belongingness, and love needs, I use social media to connect with family and long-time friends. For safety needs, it’s essential for me to update my passwords and keep my devices locked. Last but not least, for physiological needs, I watch YouTube to rest from schoolwork.

The Privacy Rights website provides a tool, called the Data Breach Chronology, with different numerical information through graphs and maps. This was designed to help advocates, policymakers, journalists, and researchers understand numerous data breaches within the U.S.  With this, researchers can explore different aspects of data breaches and how they impact corporations, businesses, or even individuals. On the tool, there are four categories which are: Key Insights Timeline, View by Category, View By State, and Search Breaches. With the timeline, researchers can go back to whatever year the breach they were researching happened. This feature also tells you what type of data breach it was and what type of organization it happened in. Not only the researcher can know about the year the attack happened, but they can also know where and what type it was. If researchers want to research something specifically about an attack, they can use View by Category and State and Search Breaches. These will provide information about the impacts of the different attacks that happened in the cities in the state. These categories can help researchers get a deeper and more detailed understanding of the data breaches that are happening in the U.S.