- Mod 3: Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?
Visiting the site Researchers have a variety of data at their fingertips they can download or flow links to peruse. there is a convent legend for use to get to know the short-hand terms and anagrams they use when describing a kind of breach or business. There is also Plenty of links to articles on privacy and laws being passed or repealed in relation to one’s own privacy. There is also a story submission so if there is a story to be told with personal experience it can be added to the database and used to help highlight some issues.
Article 1 :
Journal of Cybersecurity and Privacy: A New Open Access Journal
Rawat DB. Journal of Cybersecurity and Privacy: A New Open Access Journal. Journal of Cybersecurity and Privacy. 2021; 1(1):195-198. https://doi.org/10.3390/jcp1010010
I found this brief but informational article interesting, it goes into the social problems of AI in future daily life. Affecting economic and sociology areas of social science. all of these sensors and smart devices run our lives now. Of course, that means that all this stuff needs to be connected to the internet. This increases our need for dependable cybersecurity.
The Journal looks into data collected and shown by machine learning and AI programs, these lines of code can learn and catalog and do just about anything. “we have seen several machine learning (ML) and artificial intelligence (AI) applications such as game, machine vision, image processing, natural language processing, self-driving car, robotics, and data analytics, where AI exhibits better machine cognition than the human cognition system.” – Danda B. Rawat. With all of this learning, there is a growing concern about using these machines and AI for threat attacks.
These kinds of advanced bot networks would affect everyone who has a bank account or a medical history, affecting young and old, all marginalized groups. This could affect smaller countries or even change wars as attackers can affect vital needs like water supply, or attack vital systems in a hospital. to counter this we need to develop Cybersecurity AI systems to monitor and stop threats as they happen or before they can fully occur. Monitoring networks for any sign of attack by a rouge AI or another kind of threat actor.
Article 2:
WannaCry, Cybersecurity and Health Information Technology: A Time to Act
Ehrenfeld, J. M. (2017). Wannacry, Cybersecurity and Health Information Technology: A Time to act. Journal of Medical Systems, 41(7). https://doi.org/10.1007/s10916-017-0752-1
I came across this article while talking to my family about the WannaCry virus. It is a short older article from back in 2017 but I think it still serves its purpose. It talks about the impact WannaCry had on the medical industry and how “This entire situation highlights a critical need to re-examine how we maintain our health information systems.” – Jesse M. Ehrenfeld.
Ransomware is a nasty piece of malware, it encrypts all the files in a computer and then demands money like some demented vending machine that dispenses your own data back to you. It also most of the time doesn’t work and all your files get deleted anyways. So for this kind of Malware to infect hospitals where the sick and the injured are is horrible and it should’ve never gotten to that point. According to the article it infected not only normal computers but MRI machines and operating room equipment were among the systems infected.
“ While daunting to recover from, the entire situation was entirely preventable. A “critical” patch had been released by Microsoft on March 14, 2017. Once applied, this patch removed any vulnerability to the virus.” – Jesse M. Ehrenfeld. This means that the whole incident could have been prevented if the users of the devices took time to stop and update their systems. Saving thousands of dollars in losses.
Groups that can’t afford long-term health care for those in the hospital during this time or can’t afford to pay the fines should their own systems got infected. Would be the most affected individuals and groups of people. As should ransomware as bad as WannaCry happen the lower and some of the middle classes would be hurt the most whether by accidental loss of life or financial ruin.
This is why maintaining code with bug bounties is so important in the cybersecurity world, not only do they keep black hat hackers from stealing data and pulling massive attacks like WannaCry but they also forge social connections with like-minded peers. Lading to lasting and effective security to keep us safe.
Career paper:
Career Paper: Ethical Hackers
Ethical Hacking is when cybersecurity professionals or former bad actors use their skills for the betterment of understanding security. There are well knows kinds of hackers, White Hats, Grey Hats, and Black hats. The colored hat system comes from old western movies like The Good, The Bad, and The Ugly. Where the color of the characters is a good indicator of how good they are supposed to be.
White Hats are Ethical hackers, paid to hack companies for a security audit or to show flaws in the security. They implement the kinds of strategies bad actors or Black Hats would use in order to perform penetration testing. By taking on the role of the bad guy they can show how a company can better defend itself. These White hats often work as private contractors or in the government such as the FBI, CIA, NSA, and homeland security. They could also be used in military situations in order to disrupt enemy propaganda or communications (Social-Engineer 2022).
Black Hats are the bad actors, these are hackers who hack for illegal reasons. Think of them as the arch enemy of White Hat hackers. They are the hackers that are out to steal credentials and credit cards. Interrupt financial transactions to get bank info and steal money to fund their own or others’ illegal activities(Social-Engineer 2022).
Grey Hats are between the two main kinds of hackers, these hackers kinda poke and prod at systems to see if there is a flaw without permission. If a flaw is found they might Illegally sell the info vulnerability to the highest bidder(Social-Engineer 2022).
Hackers of all kinds use a method of people hacking called social engineering. Social engineering is a very nice way of putting forward a strategy of lying and manipulation(Poston, H. 2021). Social engineering is a strategy using the thoughts and the ideals or the ethics of the target against themselves or a group of people(Poston, H. 2021). Social engineering is most useful when the target isn’t aware that they could be socially engineered into doing something. It is done with words and actions to manipulate the actions of another(Poston, H. 2021).
A good example of a social engineering victim is door etiquette. If you are walking out of a door and there is a person on the other side of the door. It would be rude to just let the door close in their face or to purposely close the door behind you to make them open it. Following polite socially accepted rules whether to hold the door or have it open long enough for them to keep it open. This allows them access to an otherwise locked or pass accessed door. Then a bad actor can walk in as if they belong in the area it’s playing on people’s good natures and social etiquette to manipulate the target.
Hacking Social Science is using the laws and the ideals of the rules against the same rules and ideals (Lindgren, S. 2019). As an ethical hacker using data gathered about certain groups and individuals can be beneficial in a successful attack. If the target for the security audit is part of a marginalized group. Using the need to improve that group might be ideal in a successful attack. So a phishing email would be sent out as a way to get credentials as the mixture of social engineering and the phish would be the ideal way to gain access to a system. Playing on their own marginalized cultural Identity becomes their own downfall.
Spreading awareness to all groups to be aware of how their own cultural identity might be used against them would be an ideal solution. Spreading awareness of Social engineering strategies would also help. Cybersecurity analysts and white hat hackers need to be able to raise awareness of all these security flaws for all groups. We will never have a lack of need for good data security.
Sources
Lindgren, S. (2019). Hacking Social Science for the Age of Datafication. Journal of Digital Social Research, 1(1), 1-9. https://doi.org/10.33621/jdsr.v1i1.6
Poston, H. (2021, December 3). Ethical hacking: Social Engineering Basics. Infosec Resources. Retrieved November 26, 2022, from https://resources.infosecinstitute.com/topic/ethical-hacking-social-engineering-basics/
Social-Engineer. (2022, January 26). Ethical hackers: Filling a vital role in society. Security Through Education. Retrieved November 26, 2022, from https://www.social-engineer.org/newsletter/ethical-hackers-filling-a-vital-role-in-society/