Transcript chapter2

Chapter 2: Anatomy of the
Problem
•Recent terrorist attacks and the raise in
cyber attacks have raised concern about
the need to protect the nation’s cyber
infrastructure
•The big and most recent ones like:
Code Red
Code Red
Manila-based I Love You
Mafia Boy - DDoS
Melissa
Melissa
Daily alerts from the tech people
• Almost every day at work you are
reminded by the people in the tech support
office of a virus on the loose.
Will there ever be an end to these?
• Cyberspace infrastructure and
communication protocols are inherently
weak
• The average user in cyberspace has very
limited knowledge of the computer network
infrastructure, its weaknesses and gapping
loopholes.
• Society, as a whole, is increasingly
becoming irreversibly dependent on an
infrastructure and technology that it
least understands.
• There are no long-term, let alone immediate
plans and mechanism in place or planned to
educate the public.
• There is a high degree of compliancy in a
society that still accords a "Wiz Kid" status to
cyberspace vandals
• The only known remedy mechanisms and solutions
to the problem are patching loopholes after an attack
has occurred.
• The price of this escalating problem is yet to be
known.
• Reporting is voluntary, haphazard, and quite often
at will.
• The nation is yet to understand the seriousness
of cyber vandalism.
What are the causes?
• Vendetta/Revenge
• Demonstrations at World Trade Organization (WTO) in
Seattle, Washington, the World Bank and the
International Monetary Fund in Washington, D.C., Prague,
Hungry, and Geneo Italy – against globalization.
• Joke/Hoax/Prank
• The Hacker's Ethics
• All information should be free
•
•
•
•
•
•
Terrorism
Political and Military Espionage
Business ( Competition) Espionage
Hate (national origin, gender, and race)
Personal gain/Fame/Fun/Notoriety
Ignorance
Challenges in Tracking Cyber
Criminals
• Nearly in all countries there is no required
reporting mechanism in government
agencies, even the private sector, to detect
intrusions and report such intrusions
• In the private sector, there is very little
interest in reporting of any system related
intrusions. This is a result of the fear of
marketplace forces that would expose
management’s weaknesses to the
shareholder community and competitors.
• There is no adequate enforcement of
existing reporting mechanisms
• The insider effect, it is reported in some
studies that most e-attacks are generated
and started by inside employees. This
makes the job of detection and reporting
very murky. It is like having an arsonist
working in the fire department
• Many nations have no required and trained
security agencies to fight e-attacks.
Social and Ethical Consequences
• Psychological effects – these include hate
and joke especially on an individual.
– may lead to individual reclusion,
– increasing isolation, and such trends may lead to
dangerous and costly repercussions on the
individual, corporations and society as a whole.
• Moral decay – There is a moral imperative in all
our actions. When human actions, whether bad or
good, become so frequent, they create a level of
familiarity that leads to acceptance as “normal”. This
type of acceptance of actions formerly viewed as
immoral and bad by society lead to moral decay.
• Loss of privacy – After an attack, there is usually an
over reaction and a resurgence in the need for quick
solutions to the problem that seems to have hit
home. Many businesses are responding with patches,
filters, ID tools, and a whole list of “solutions”.
• profile scanners and straight email scanners like Echlon. Echlon
is a high-tech U.S. government spying software housed in
England. It is capable of scanning millions of emails given
specific keywords.
• Tracking technology to lead to virus writers.
• Trust – Along with privacy lost, is trust lost.
Individuals once attacked, lose trust in a person,
group, company or anything else believed to be the
source of the attack or believed to be unable to stop
the attack.