The technology behind the Internet is far from perfect and its uses are not always peaceful and harmless. Many crimes, such as identity theft, are more prevalent on the Internet. Others, like hacking, are almost or entirely exclusive to the Internet. Because the design behind the Internet centered around openness and communication, security is often implemented in response to situations that arise rather than being the starting point. Many organizations have great interest in protecting their data and systems, and engage with hackers to test those systems and improve upon them before a real attack occurs.
While the Internet has no borders, the countries in which users live do have borders and differing legal systems. There are often tensions that arise between these countries over Internet activity. For instance, a user may commit an act, publicize information, or offer a service over the Internet which is illegal in one of the nations which the Internet reaches. When the nations do not cooperate with each other or when the act was not illegal in the user's country, it can cause difficulty for the other nation to prevent or punish such law-breaking. Sometimes even the severity with which an illegal act would be punished or the way in which the case would be made varies between countries. Sometimes nations end up in conflict in ways that span the Internet, as nations engage in cyber-warfare with each other. These acts of cyber-war can have impacts in the real world, for real humans, and could potentially lead to armed conflict if a government perceives it as a serious enough threat.
(Original text from Wikipedia, edited and expanded by Sofia Lemons.)
A hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the computer underground. There is a longstanding controversy about the term's true meaning. In this controversy, the term hacker was originally used by computer programmers to refer to someone with an advanced understanding of computers and computer networks, or someone who writes code very skillfully and solves difficult problems. Over time, the term came to refer to a person who breaks into computing systems. Traces of the original use remain in phrases like "I hacked together a solution."
Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with whom they do not agree.
A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client - or while working for a security company which makes security software. The term is generally synonymous with ethical hacker, and the EC-Council, among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.[16]
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".[20]
A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hat hackers sometimes find the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a "dictionary", or a text file with many passwords.
A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later. (The name refers to the horse from the Trojan War, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.)
In the second stage of the targeting process, hackers often use Social engineering tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film Hackers, when protagonist Dade "Zero Cool" Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company, Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company's computer system.
Hackers who use this technique must have cool personalities, and be familiar with their target's security practices, in order to trick the system administrator into giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a password to an unauthorized person.
Social engineering can be broken down into four sub-groups:
Intimidation As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents (so-called "dumpster diving").
Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes.
The Computer Fraud and Abuse Act (CFAA), prohibits unauthorized access or damage of "protected computers". "Protected computers" are defined as:
The maximum imprisonment or fine for violations of the Computer Fraud and Abuse Act depends on the severity of the violation and the offender's history of violations under the Act.
The CFAA also allows targets of hacking to sue the hacker for damages in court. Under the original uses of the act, these damages were limited to stolen or deleted data, loss of income, and other more traditional losses. However, the USA PATRIOT Act clarified and expanded the definition of loss to include the expenses a target incurs in responding to an attack. For instance, a company targeted by a hacker could claim losses based on the wages of any employees who had to respond to the attack, cost of damage assessment, restoration of programs or data, lost sales, and lost advertising revenue.
In Internet activism, hacktivism or hactivism (a portmanteau of hack and activism) is the subversive use of computers and computer networks to promote a political agenda. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information movements. "Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform.
Hacktivism can be divided into two main groups:
Cyberterrorism Activities involving website defacement or denial-of-service attacks; and,
Freedom of information Making information that is not public, or is public in non-machine-readable formats, accessible to the public.
Some people describing themselves as hacktivists have taken to defacing websites for political reasons, such as attacking and defacing government websites as well as web sites of groups who oppose their ideology. While some self-described hacktivists have engaged in denial of service (DoS) attacks, critics suggest that DoS attacks are an attack on free speech and that they have unintended consequences. DoS attacks waste resources and they can lead to a "DoS war" that nobody will win. In 2006, Blue Security attempted to automate a DoS attack against spammers; this led to a massive DoS attack against Blue Security which knocked them, their old ISP and their DNS provider off the Internet, destroying their business.
Other hacktivists work toward freedom of information through technological means. This is done at times by protecting the right of expression for individuals or groups whose ideas would be repressed. For instance, some hacktivist groups have worked to find solutions for journalists and activists in countries with restrictive censorship laws. This may also include hacking into systems which contain information which the hacktivist thinks should be available to the public, and then releasing that information. WikiLeaks provides a platform for hackers who want to reveal information obtained in such ways, though that is not the only kind of information that WikiLeaks accepts.
(Original text from Wikipedia, edited and expanded by Sofia Lemons.)
Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss. The person whose identity has been assumed may suffer adverse consequences if they are held responsible for the perpetrator's actions. Identity theft occurs when someone uses another's personally identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. Identity theft and fraud over the Internet began to emerge in the 1990s as e-commerce became more prevalent. Internet identity theft may include fraudulent use of another person's financial data or simply fraudulent use of their identity through online accounts such as social media. Often, the latter is done to embarass the person or to abuse the trust other people might put in that person in order to expand the theft beyond the single target.
Phishing is the act of masquerading as a trustworthy person or business to fraudulently acquire sensitive information, such as passwords and credit card details, that a victim might think reasonable to share with such an entity. Phishing usually involves seemingly official electronic notifications or messages, such as e-mails or instant messages. It is a form of social engineering.
The term phishing was coined in the mid-1990s by black-hat computer hackers attempting to gain access to AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password to "verify your account" or to "confirm billing information". Once the victim gave their password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Fraudsters have widely used e-mail spam messages posing as large banks like Citibank, Bank of America, or PayPal in phishing attacks. These fraudsters copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. These pages are so well done that most people cannot tell that they have navigated to a scam site.
Phishers will also add what appears to be a link to a legitimate site in an e-mail, but use specially crafted HTML source code that actually links to the scammer's fake site. Such links can be often revealed by using the "view source" feature in the e-mail application to look at the destination of the link, or by putting the mouse pointer over the link and looking at the URL then displayed in the status bar of the web browser.
The small percentage of people that fall for such phishing scams, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
By constructing a fake web site that looks like a legitimate site that might ask for the user's personal information, such as a copy of a bank's website, the fraudster can phish a victim's passwords, PIN or bank account number. Although many such sites use the Secure Sockets Layer (SSL) protocol to identify themselves cryptographically and prevent such fraud, SSL offers no protection if users ignore their web browsers' warnings about invalid SSL server certificates. Such warnings occur when a user connects to a server whose SSL certificate does not match the address of the server.
Previous to 1998, all cases of impersonation or what would now be deemed identity theft were covered under "false personation" laws. The Identity Theft and Assumption Deterrence Act of 1998 defined identity theft itself as a distinct crime against the target of the theft, regardless of any financial loss incurred. It also put reporting of these crimes under the jurisdiction of the Federal Trade Commission. It increased the penalties for identity theft to a maximum of 15 years in prison, along with large fines. Bills have been introduced to further increase penalties and to allow businesses and organizations, rather than just individuals, to be recognized as targets of identity theft. However, no such bill has passed as of 2016.
Many systems have been devised to prevent fraud and identity theft over the Internet. For instance, spam filters in email help to filter out many known phishing messages to prevent users from falling victim to them. Furthermore, many credit card companies employ fraud detection software that aim to predict when the spending habits of a card-holder change in ways that may mean their account is being used by an identity thief. There are some policies that Internet users can folow in order to reduce the chance of identity theft for themselves.
(Original text from Wikipedia and Cyberwarfare and Collateral Damages, edited and expanded by Sofia Lemons.)
Cyberwarfare is a complex phenomenon and raises many questions regarding definitions, differences with reference to other warfare. This complexity depends on the fact that attacks may differ depending on the final target, scope, hardware and software tools used. They all have in common the goal of exploiting computer systems and networks in order to achieve a military advantage. One definition is that cyber-warfare includes any actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. However, some actions of cyber-warfare may include non-state actors, such as terrorists, activist groups, or a nation's citizens, either as the attackers or the targets.
It can be very difficult to determine if an instance of hacking or disruption was an act of cyber-warfare, because nations do not typically claim responsibility for the actions. Likewise, the computers used for large-scale attacks are usually comrpomised machines (such as botnets) that are distributed across many locations, which can make it very difficult to trace the source of an attack. Typically, people investigating suspected acts of cyber-warfare examine the flow of data as close back to its original source as possible, and they consider what countries would most likely benefit from the act (such as enemies of the nations targetted.)
In 2010, a computer worm was found to be infecting hundreds of thousands of computers around the world, using previously unknown exploits in the Microsoft Windows operating system, and was given the nickname Stuxnet. It was eventually found to be targetting nuclear centrifuge devices in Iran, and damaged around a thousand such devices. It caused the devices to spin out of control until they became inoperable. It is said to be the most sophisticated computer worm in history, and proved that cyber-warfare can be used for offensive attacks on physical machinery. No nation has claimed responsibility for Stuxnet, but it is widely believed to be a product of the United States and/or Israeli government.
GhostNet is the name given to a large-scale cyber spying operation discovered in 2009. GhostNet is spread by emails sent to target organizations. These emails contain malicious attachments, that when opened, drop a Trojan horse on to the system. This Trojan connects back to a control server, usually located in China, to receive commands. The infected computer will then execute the command specified by the control server. Occasionally, the command specified by the control server will cause the infected computer to download and install a Trojan known as Gh0st Rat that allows attackers to gain complete, real-time control of computers running Microsoft Windows. Such a computer can be controlled or inspected by attackers, and the software even has the ability to turn on camera and audio-recording functions of infected computers, enabling monitors to perform surveillance.
Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan and the office of the Prime Minister of Laos. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted. No evidence was found that U.S. or UK government offices were infiltrated, although a NATO computer was monitored for half a day and the computers of the Indian embassy in Washington, D.C., were infiltrated. Since its discovery, GhostNet has attacked other government networks, for example Canadian official financial departments in early 2011, forcing them off-line.
Ammar 404 is the nickname Tunisian internet surfers use for the authority responsible for Internet censorship in Tunisia before the revolution of 2011. The Tunisian government used its systems to strictly censor internet content, but also to perform surveillance against its citizens who organized protests or spoke out against the government. In 2011, the hacktivist group Anonymous began what it called Operation Tunisia to combat the government's censorship and suppression of dissent. The group worked to help Tunisian citizens to circumvent censorship (by providing connections to Tor and other proxy services) and to avoid surveillance (by writing programs that citizens could use to block the government's surveillance methods.) Anonymous also disrupted goverment operations by performing distributed denial of service (DDoS) attacks against government websites. They also infiltrated government servers to retrieve documents that they then supplied to activists within the country, and helped to broadcast messages from Tunisian activists to the wider world.
Cyber warfare can present a multitude of threats towards a nation. At the most basic level, cyber attacks can be used to support traditional warfare. For example, tampering with the operation of air defences via cyber means in order to facilitate an air attack. Aside from these "hard" threats, cyber warfare can also contribute towards "soft" threats such as espionage and propaganda.
The federal government of the United States admits that the electric power grid is susceptible to cyberwarfare. The United States Department of Homeland Security works with industries to identify vulnerabilities and to help industries enhance the security of control system networks. The federal government is also working to ensure that security is built in as the next generation of "smart grid" networks are developed. In April 2009, reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national security officials. The North American Electric Reliability Corporation (NERC) has issued a public notice that warns that the electrical grid is not adequately protected from cyber attack. China denies intruding into the U.S. electrical grid.
On 23 December 2015, what is believed to be a first known successful cyber attack on a power grid took place in Ukraine leading to temporary blackouts. The cyber attack is attributed to the Russian advanced persistent threat group called "Sandworm" and it was performed during an ongoing military confrontation.
Cyber propaganda is an effort to control information in whatever form it takes, and influence public opinion. It is a form of psychological warfare, except it uses social media, fake news websites and other digital means. In 2018, Sir Nicholas Carter, Chief of the General Staff of the British Army stated that this kind of attack from actors such as Russia "is a form of system warfare that seeks to de-legitimise the political and social system on which our military strength is based".
Unlike traditional weapons and warfare, cyber-warfare is not explicitly covered under any of the policies or treaties behind the United Nations (UN) or North Atlantic Treaty Organization (NATO.) In 2013, NATO's Cooperative Cyber Defence Centre of Excellence invited a group of experts to draft the Tallin Manual, which decribes how international law could be applied to cyber-warfare. However, the Tallin Manual is not binding on any of the member nations of NATO. Similarly, there have been claims that parts of the UN Charter may apply to acts of cyber-warfare, but none of these have been formally confirmed as UN policy. Several major nations have worked together directly to adopt policies or procedures to avoid escalation of conflict due to cyber-warfare. For instance, China and Russia established the Shanghai Cooperation Organisation, which aims to prevent the use of cyber-warfare that are "harmful to the spiritual, moral and cultural spheres of other states." In 2013, Barack Obama and Vladimir Putin established procedures for communication and coordination in case of a need to manage any crisis arising from acts of suspected cyber-warfare. However, the lack of far-reaching regulation or clear treaties over the use of cyber-warfare means that each nation is left to detect and respond to acts of cyber-warfare by its own criteria. Some experts express concern that a perceived act of cyber-warfare could lead to retaliatory acts of either more harmful cyber attacks or use of traditional weapons and warfare.