note: journal entries 5-7 and cannot be found
journal entry 8
Most of the time the media changes certain things when portraying professions. I think often time the media gets hacking and cybersecurity wrong. However, in the video it shows a scene from Mr. Robot, where Elliot is at a DEF CON event where the objective was to capture the flag inside of the game, which was a real challenge at DEF CON in 2012. Another scene that the video went over was from Skyfall. This scene was when Q was in the computer trying to find a password, and the screen had big 3d animations playing on it and when trying to get the password it showed a hexadecimal code where that was wrong because of the letters and numbers in it.
journal entry 9
I got a 2/9 on the test, I think the questions are very reasonable. I think most internet users in world will score different due to childhood upbringing, social norms, and countries laws.
journal entry 10
In the article it mostly focuses on russian propaganda through social media. I think that social
media companies should try to identify bot accounts and eliminate them. However, free
speeches are important, so censorship should be avoided. People should educate themselves
on how to spot fake news.
journal entry 11
The social themes that arise in the presentation are: get experience, continue to enhance your technical
skills, recognize that cybersecurity is interdisciplinary, and make sure you have a hard work ethic. One of
the major things discussed by the speaker is how to get experience. She suggests creating your own
projects or approaching the IT department where you work. For college students, she recommends
internships or even approaching the dean’s office to work in the university’s technical department.
Another idea that she shares is volunteering in the technical department od a non-profit or a large
church. When it comes to enhancing technical skills, the presenter refers to obtaining certifications,
such as CompTia CySA+. Another thing that she discusses is how there are various roles in cybersecurity
(i.e. cybersecurity is interdisciplinary ). She recommends STEM degrees, specifically Computer Science
and IT for their broad application. Finally, a hard work ethic is one of the first things that comes up
because she talks about if you’re willing to work a graveyard shift, you can learn a lot and the pay is
generally higher.
journal entry 12
One economic theory that relates to the sample breach letter is rational choice. According to the letter,
after the incident the platform provider has worked with an outside firm to remove the malware from
its systems and is now actively monitoring the platform. This may indicate that they have learned their
lesson and have made the rational choice to invest in cybersecurity.
Part of Marxian economic theory is that poor individuals may be more vulnerable to cybersecurity
threats. The letter recommends that customers review their own banking and card statements for
suspicious activity. But this notice is coming more than a year after the breach began. Wealthy
customers may have paid someone to monitor their records all along, but poor individuals may not
know if there was suspicious activity a year ago.
General deterrence theory relates to the behavior of the hacker(s) that placed the malware. In our text
book, Anol Bhattacherjee writes that, “swiftness, severity, and certainty of punishments” affect criminal
behavior. In this case, it took nearly a year for anyone to notice that a crime had even been committed
and it sounds like the investigation is still going on since the platform provider offered to cooperate with
law enforcement. There doesn’t seem too much of a deterrent to the hacker(s).
The elaboration likelihood model also relates to the sample breach letter. Customers don’t have the
expertise to evaluate cybersecurity procedures of software. So, the letter does not go into detail about
this. Instead it says things like, “a leading cybersecurity firm” and “actively monitoring” as peripheral
cues that experts are handling the situation.
journal entry 13
I think it is interesting that the study found that There were fewer valid reports per month for financial,
retail, and medical companies. The researchers theorized that vulnerabilities are not being reported on
HackerOne for the finance industry because the hackers can maliciously monetize them and because
healthcare data records contain personally intimate details they are more monetarily valuable and,
rather than collect a bug bounty, hackers sell them on the black market. We normally think of hackers as
either good guys (white hat hackers) or bad guys (black hat hackers). However, these findings imply that
an individual could be either depending on the situation. The same person might be a white hat hacker
when there’s no real incentive for them to be malicious, and a black hat hacker when they see it as an
opportunity.
journal entry 14
Andriy Slynchuk identifies 11 illegal things. I think that extracting audio from YouTube and, using
copyrighted images, torrent services, or unofficial streaming services are all more or less the same thing:
stealing someone’s creation. I choose to focus on using copyrighted images because it is something I
have probably done without knowing it while adding a photo to a report or presentation for one of my
classes in high school. It’s wrong to steal a photographer’s work without permission. I think bullying and
trolling is another of the more serious illegal things. Slynchuk states that bullying is usually treated as a
civil offence, but because many young people have needed therapy or even committed suicide because
of cyberbullying I think it is very serious. Recording a VoIP call without consent is something else I think
is very serious. Everyone should have a right to privacy and taking that from them is serious. Also, the
reasons for recording someone without them knowing could be for blackmail, bullying, or some other
illegal reason. Slynchuk points out that collecting information about children younger than 13 is a
violation of the Children’s Online Protection Act. Websites and browsers collect all kinds of information
about us. When they collect information about young children they could be putting them in danger.
Even if the child isn’t in actual danger, a child might not know what they are doing and it is wrong to
target them with online advertisements where they could make purchase by clicking a link. Finally, I
think illegal searches are very serious. I’m a little confused because Slynchuk says that your activity after
some searches can be monitored by authorities, but he also said that Google doesn’t report illegal
searches. Maybe if you are already a suspect the authorities can get a warrant for your searches. I think
some searches, like for child pornography, are so serious that they should be reported.