Social Engineering

A man that went by the name of Carlos Héctor Flomenbaum, had a stolen Argentinian passport and used his new identity to pose himself as a successful businessman. He gained the confidence and trust of the employees that worked at the ABM AMRO bank for about a year. He continued to do that by giving them chocolate boxes and staying friendly and building conversations. One day in 2007, they gave him access to security boxes that contained gems valued at 120,000 carats. That became one of the biggest robberies committed by a single person. 

Social engineers like Flomenbaum used his charm and kindness to get close to the user. But is also used his intuition to obtain data by just paying attention to the loose details that most wouldn’t look at. That way he can obtain all the information he needs without applying any pressure or forcing any information out of anybody. But by building a relationship with them he was able to get to a point where they felt comfortable enough to let their guard down,  He was able to steal at least 28 million dollars worth of diamonds without any weapons, violence or electronic devices. In this situation, it’s hard to prevent a breach when a human factor is involved because it is difficult to tell when or how they are going to attack, which leaves the system vulnerable. New training techniques should be put in place for employees so that they can be more aware of the loose information that is hanging around.

What do you think would be the biggest cybersecurity challenge in 2040?

In 2040, the world as you know it won’t be the same. As we grow as a country the government will have new laws in place and we will be living with new technology. As time evolves, hackers will become more efficient with hacking different software and systems which will make us more vulnerable. Politically, nations will become stronger with there offensive and defensive cyber power which will definitely do damage to cyber systems. Breaches are hard to prevent and it won’t be known about until its too late. Data can be moved around them without there control and it can cause a lot of damages to the government and to their lives as well. 

Artificial Intelligent (AI), is beginning to become more and more advanced as we evolve in a new era of technology. Eventually, jobs will start to see the efficiency of AI and will begin to upgrade there system and introduce new technology to get the job done with “accuracy”. The more the technology that is introduced to the market the more jobs will want to infuse AI into there system which will cause a decrease in jobs in the future. That can also lead to jobs becoming acceptable to cyber attacks. Since everything will be within a system it leaves the business very vulnerable. Tampering of votes can become way easier to access and classified information can be at risk and open for other nations to get a hold of.

Cyber War

Cyber War is the conduct of military operations by virtual warfare. Psychologically, propaganda is a form of information warfare. In this case study, the Russians utilized social media ads to influence the direction of the 2016 presidential election. That particular election was very controversial because it was very difficult too chose a likely candidate. It was between an internet troll and a so-called “liar”. So of course when the candidates went head-to-head there was a lot to be said about each other.

What wasn’t expected was an outside country participating in the slandering on another candidate. I believe that this is a form of cyberwar because Russia was able to command and control certain ads on popular social media websites, Facebook and Twitter,  to discredit the democratic party and its candidate. In other ways, this could just be a form of free speech which means that everybody is entitled to there own opinion. Ethically, it is wrong for Russia to refer to Hillary as the devil and Trump as a Jesus. 

Politically it is unfair for Russia to purchase social media ads and discredit the democratic party in a religious way. Business-wise it was clever to put ads like that out there in terms of the election there can only be one winner so everything is at stake.

Cybersecurity Cases

1. “IT Specialist Arrested for Allegedly Hacking into Servers of North Suburban Company Where He Formerly Worked as Contractor”

https://www.justice.gov/usao-ndil/pr/it-specialist-arrested-allegedly-hacking-servers-north-suburban-company-where-he

• Edward Soybel
• Male
• 34 y/o
• Chicago, Illinois

2. “Oilpro.Com Founder Sentenced To Prison For Hacking Into Competitor’s Computer System”

https://www.justice.gov/usao-sdny/pr/oilprocom-founder-sentenced-prison-hacking-competitor-s-computer-system

• David W. Kent
• Male
• 41 y/o
• Spring, Texas

3. “Middlesex County, New Jersey, Man Charged in Hacking and Illegal Wiretapping Scheme”

https://www.justice.gov/usao-nj/pr/middlesex-county-new-jersey-man-charged-hacking-and-illegal-wiretapping-scheme

• Jian Yang Zhang, a/k/a “Kevin Zhang,”
• Male
• 37 y/o
• Edison, New Jersey

4. “Two Iranian Nationals Charged in Credit Card Fraud and Computer Hacking Conspiracy”

https://www.justice.gov/opa/pr/two-iranian-nationals-charged-credit-card-fraud-and-computer-hacking-conspiracy

• Arash Amiri Abedian & Danial Jeloudar
• Male
• 31 & 27 y/o
• The Islamic Republic of Iran

5.“Nigerian Man Sentenced for Prison Hacking and Fraud Scheme”

https://www.justice.gov/usao-ndny/pr/nigerian-man-sentenced-prison-hacking-and-fraud-scheme

• Obinna Obioha
• Male
• 31 y/o
• Nigeria

6.“Former Lutonix Executive Pleads Guilty To Stealing Trade Secrets”

https://www.justice.gov/usao-mn/pr/former-lutonix-executive-pleads-guilty-stealing-trade-secrets

• Christopher Barry
• Male
• 46 y/o
• Medina, Minnesota

7.“Russian Cyber-Criminal Sentenced to 27 Years in Prison for Hacking and Credit Card Fraud Scheme”

https://www.justice.gov/opa/pr/russian-cyber-criminal-sentenced-27-years-prison-hacking-and-credit-card-fraud-scheme

• Roman Valeryevich Seleznev “Track2”
• Male
• 32 y/o
• Vladivostok, Russia

8.“Florida Man Sentenced for Hacking, Spamming Scheme that Used Stolen Email Accounts”

https://www.justice.gov/opa/pr/florida-man-sentenced-hacking-spamming-scheme-used-stolen-email-accounts

• Timothy Livingston
• Male
• 31
• Boca Raton, Florida

9.“New Hampshire Man Sentenced to Prison for Computer Hacking and ‘Sextortion’ Scheme Involving Multiple Female Victims”

https://www.justice.gov/opa/pr/new-hampshire-man-sentenced-prison-computer-hacking-and-sextortion-scheme-involving-multiple

• Ryan J. Vallee
• Male
• 23
• Laconia, New Hampshire

  10.“North Carolina Man Pleads Guilty to Hacking Conspiracy that Targeted Senior US Government Officials”

https://www.justice.gov/usao-edva/pr/north-carolina-man-pleads-guilty-hacking-conspiracy-targeted-senior-us-government

• Justin G. Liverman
• Male
• 24
• Morehead City, North Carolina

Summary:

The patterns that I saw in all 10 cases were that they consisted of male hackers in between the ages of 20 and 50 years old. Looking through a year’s worth of cases there were hardly any cases that had female offenders. Males tend to have higher knowledge in the hacking field than women and it is shown through the male to female ratio in these cases.

Advantages and Disadvantages with Virtual Private Networks (VPNs)

Benefits:

1. Enhances Security – increasing online safety when using the internet. When using a VPN your IP address will be secured while disguising your actual location and your computer data will be encrypted against potential hackers. 
2. Anonymity – a VPN connection service allows you to access any website or application anonymously 
3. Remote Access- information can be accessed from any location which can increase employee productivity because they can work from anywhere.
4. Safe Downloads- a legitimate business can save the integrity of their confidential data by using a secure VPN connection.
5. Can Bypass geo-blocks- VPNs are designed to hide your real IP address so when bypassing geo-blocks the platform will believe that you are from the correct geographical region.

Downsides:

1. Decrease Connection Speed- Accessing a website through a VPN provider allows you to hide your IP address and encrypt your data. Data has to travel more and added more complexity which evidently ends up slowing the connection down.
2. Connections can be Dropped 
3. Can be Spotted on Some platforms- some platforms have anti-VPN software which stops users from using their personal network and switch to an alternate server
4. VPN ‘Click-Bait’- pop-up ads that offer free VPN connections can potentially be fake VPN servers that can be personal data at risk.
5. Costly- free VPNs are not secure and put your data at risk so purchasing a good VPN is ideal.

Virtual Personal Networks when used correctly offer more advantages than disadvantages.

Do you think that people treasure their physical property more than their personal data in the online space? 

I believe that users aim to achieve a high level of security and privacy to make sure that their personal data and physical property are protected. Even though threats and breaches can be costly and damaging, there can also be a positive outlook on it. Breaches can bring public awareness to emphasize the importance of protecting their information and it also makes individuals more resilient to attack. Companies can see the focus and public dialogue on security issues which forces them to create a stronger IT infrastructure.

It is hard to protect physical property for many reasons, it is way easier to damage something visual than it being virtual. Also, there is a higher chance for it to be stolen and accessed easily than being protected by security systems and passwords. Why would you treasure physical things when you can protect your data with a plethora of online security software, malware, and antiviruses.

There are a couple of different strategies to make users more aware of their cyber privacy. Prompting the users to create a stronger password and implement verification questions or codes so that the information is under one user and it is harder to hack. Making sure all users have the correct malware and antiviruses downloaded to their devices to make sure their data is protected.

Sanctions and Rewards

Sanctions and Rewards are designed to strengthen the performance of employees and also recognize hard work. Those can range from financial rewards or penalties, reputable awards and ranking, and promotions. Promoting personal responsibility is important in the workplace because it builds chemistry along with creating a strong system that is a strong factor when working in the cybersecurity field. Competition is always healthy in the workplace. It can increase user satisfaction which will also increase equity as well. 

Financially, bonuses can be put in place to reward employees that are performing well. When those are granted it helps employees work harder so they can receive more. Efficiency will increase in the workplace meaning that employees will demonstrate textbook work in order to remain trustworthy. Posting certificates or ‘Employee of the Month’ can also motivate employees to work towards a goal and gain recognition for their hard work. Promotions are also a very firm way of recognizing a star employee. Awards can include interim management or a permanent position.

Sanction mechanisms that will be put in place financially could include restricting any type of extra pay or you could minimize hours which means smaller paychecks. If the poor performance continues then their termination would be introduced to the employee and would serve as a warning for all employees to see the consequence of mediocre work. Poor performance would include carelessness in the workplace, unsatisfactory work content, inappropriate behavior (poor attitude), etc. Public scoring and rankings although it recognizes great work it can also highlight poor performance, which creates a healthy competition so that performance levels increase as well. 

Business Plan

Implementing Penetration Testing for major corporations to assess their security before an attacker does. Our goals would be to simulate real-life attack scenarios to exploit security gaps that could lead to harmful business outcomes such as stolen records, compromised credentials, and individuals’ personal information. By discovering their vulnerabilities, penetration testing will help determine how to protect your vital business data from future cyber attacks. The median annual salary starts at $84,000/year and the average cost for testing ranges between $4,000 to $100,000 depending on the size of the company. To sustain the company we would make sure to target major corporations and a lot of small businesses.

ISO Interview Questions

1. Tell me how you organize, plan, and prioritize your work.
   1. This can be an icebreaker in an interview just to see how candidates live in their workspace 
   2. Keeping an organized day play so that it is easier to prioritize and manage the workload received.
2. Tell me about the last time you monitored or reviewed the information and detected a problem. How did you respond?
   1. This is a good problem-solving question to get a feel for how the candidate takes on certain situations.
   2. I would triple-check the information to make sure it is incorrect then see what I could do and how I could fix it. Then I would check with a co-worker to get their input and see if they have any suggestions. Then I would take it to a higher position to ask how they would fix the data.
3. Share an example of a time you had to gather information from multiple sources. How did you determine which information was relevant?
   1. This is another problem-solving question that can get more information out of the candidate on how they can react in somewhat different situations.
   2. While giving their example I would want to hear the candidate say:  I organized the information by the sources and categorized them so I can see the differences between them and analyze them to see which information is more important than the others.
4. Share an experience you had in dealing with a difficult person and how you handled the situation.
   1. This is a good teamwork question to see how they deal with other co-workers even in difficult situations and a good customer service question to see how they deal with difficult customers.
   2. While they are sharing their story I would like to hear along the lines of instead of arguing with them, I would reason with them to figure out a solution that benefits both parties.
5. Provide a time when you dealt calmly and effectively with a high-stress situation.
   1. This is a good character question just to see how they work in difficult circumstances and it gives us a clear view of what kind of person they are. 
   2. While explaining their story I would like to hear them talk about how they felt physically and mentally in the situation and hear that they didn’t let their emotions get the best of them. 

Cyber Attacks

In 1988,  Robert Tappan Morris developed The Morris Worm, a program to assess the size of the internet. This program would invade the web, insert itself on other computers, and then record the number of copies made. The worm would eventually damage approximately 6,000 computers. The cost to repair ranged between $100,000 and $1 million or between $201,000 and $2.9 million. Morris was then charged with computer abuse and was sentenced with fines, 3 years probation, and community service. 

In this case, the first Distributed Denial of Service (DDoS) attack was an accident. Morris struggled to create a perfect program and instead created a worm that crashes computers. It could have been prevented if it was tested more before publishing it to the web. More tests would give a better idea that The program is running smoothly without any glitches or slow links.

Another attack that occurred called The JP Morgan Chase, compromised 76 million households and 7 million small businesses in the summer of 2014. The hacker gained access to names, addresses, phone numbers, and emails of the account holders. The privacy of all of the households was invaded and the families that were involved were problem terrified of being so exposed. A stronger malware can be created to help prevent these attacks from happening. 

Even though stronger malware is a slight improvement but its hard to tell when households have weak points that make them easier targets such as having antique computers, a user using the same passwords for multiple accounts, or maybe all traffic was used in one port. All making it easier for a hacker to attack a system.