Kostadinov goes on to note that most cyberterrorism actions are generally focused on website sabotage and email blasting. In order to prove that the network breach was a terrorist attack the company would need to provide electronic evidence of these types of information warfare. Information warfare is a term often used interchangeably with cyberterrorism but provides a deeper understanding in the shift of how data has become fundamental to society. As governments, companies and people shift to the use of digital information so have the methods used to attack (Gilmer, 2001). In order to combat this aspect of terrorism, the military have adopted computer forensics as part of their defenses (Vacca & Rudolph, 2011).
Malicious damage: Examples can be Viruses, Worms or Trojans a. Internal attacks come from within the organisation by disaffected staff. Individuals or a group have authorised access and privileges to the organisations network. They may use their knowledge on the organisations network to exploit or interrupt its functions. Internal attacks can be more difficult to find as attackers have the potential to remove any evidence of the attack more easily as they have more knowledge or access rights on the system as opposed to an outside attack.
Unit 3 Assignment 1: Analyzing the Critical Security Control Points The following is a listing of security control points that any company should look at as necessary areas for precaution and care. Information covered by each area will be what each area consists of, how it strengthens the company security and what could happen if these areas are not properly maintained. 1. Inventory of Authorized and Unauthorized Devices and Software – a listing of processes and tools used to track/control/prevent/correct network access by devices and software. Attackers are always looking for devices and software that are newly added to a system and not updated correctly with the security measures in place already.
Network safeguards should include the use of firewalls, encryption of data, the use of digital signatures or certificates as well as web security protocols. Intrusion detection systems use is a great way for the organization to identify attempts or actions to penetrate a system to gain unauthorized access (Sayles, 2013). The organization should also address the issue of ensuring the quality of data being collected, stored and used. Ensuring data quality is also essential to an effective security program and can be managed through monitoring and tracking systems. The organization should ensure they implement a business continuity plan as well as a disaster recovery plan to ensure that the organization can continue operating during an unexpected shutdown or disaster.
The Computer Fraud and Abuse Act explicitly states “when a trespass is made with an intent to defraud that results in both furthering the fraud and the attacker obtaining something of value” (Gallegos & Senft, 2009). This definitely applies in this case, the attacker(s) used an attack known as spear fishing to dupe our customers into unintentionally installing a keystroke logging virus on to their computers. Once the virus was in place the attacker(s) waited for our customers to log into their bank accounts and recorded all the information necessary to create new user accounts and transfer funds from our customers account to other various accounts eventually ending up in the attacker(s) accounts located overseas. This would meet the qualifications stated in the Computer Fraud and Abuse Act; the attacker trespassed on these computers with the intent to obtain something of value. Also by taking the data provided by the key logger they violated the Electronics Communications Privacy.
Two basic approaches are used in deliberate attacks on computer systems: data tampering and programming attack. Data tampering is a common means of attack that refers to an attack when someone enters false, fabricated or fraudulent data into a computer or changes or deletes existing data. This is the method often used by insiders and fraudsters and is extremely serious because it may not be detected. Programming attacks are popular with computer criminals that use programming techniques to modify other computer programs. For these types of crimes, programming skill and knowledge of the targeted systems are needed.
Unit 9 Assignment 1: List Phases of a Computer Attack In this assignment I am a hacker who needs to protect my organization from a computer attack. I will list general phases of a computer attack. We have an organization that we need to protect from outside attacks by foreign parties. I am an ethical hackers who needs to take preventative measures in order to adequately secure the network against these attacks. Many attackers follow a general set of steps in order to gain the permissions necessary to break into a system.
The risks that exist would come from a suspecting end-user, potentially some form of malware, that would be installed through an open port, thus causing the integrity of a machine on that network to be severely compromised (Lawrence, 2000). Ping sweeps and port scans are two direct unsuspecting threats that, like other cyber threats, are not to be ignored. The ease of gaining access by using these threat sources is something that a business should be aware of and be prepared to address when faced with being at the end of a cyber-attack. Implementing appropriate policy to counteract such a malicious and serendipitous attack on network vulnerabilities should be considered as an additional failsafe. Protection is the key and showing extra caution can at least reduce the
Criminals are turning to cyber-crime because of the speed and convenience. Cyber-crimes include attacks against computer data and systems, identity theft, Internet fraud, e-mail scams, and phishing. In addition the threat of terrorism forces authorities to address security vulnerabilities related to information technology infrastructure such as power plants, electric grids, information systems, and the computer systems of government and major companies. References Cantor, M. (2013). Pentagon on cyber security force: Quintuple it.
The trafficking, arrangement, transmission, and spreading of raunchy real including creation and uncomely exposure, constitutes one of the most valuable Cybercrimes familiar today. Cyber harassment is a definite cybercrime. Various kinds of harassment such as racial, religious, or other can be occurred through the use of cyberspace. Misconduct of privacy of online citizens is a Cybercrime of a heavy nature. No one likes any different being invading the valuable and extremely sensitive area of his or her own secrecy which the substance of net grants to the