Computer Crime and Notable Cyber Attacks

Questions and Answers

What are the two main categories of computer crime?

• Internal misuse and external attacks
• Crimes facilitated by a computer and crimes where the computer is the target (correct)
• Cyberbullying and identity theft
• Crimes involving hacking and crimes involving theft

What is the primary focus of physical security in computer safety?

• Backing up data on external drives
• Using antivirus software to protect files
• Setting strong passwords for user accounts
• Locking the computer behind doors and monitoring access (correct)

What consequences may arise from internal misuse of a computer?

• Unauthorized external attacks
• Increased data storage costs
• Hardware failure
• Permanent deletion of files and system crashes (correct)

What is a script kiddie in the context of computer crime?

An inexperienced user who utilizes existing tools for attacks (C)

How did the Morris Worm affect the Internet in 1988?

It infected approximately 10 percent of Internet-connected machines (C)

What did Vladimir Levin accomplish during his break-ins at Citibank?

He initiated unauthorized fund transfers to other banks (A)

What distinguishes elite hackers from script kiddies?

Elite hackers develop their own scripts and find new vulnerabilities (D)

What security incident occurred in February 1998 involving U.S. military installations?

A series of computer intrusions known as Solar Sunrise (A)

What defines a patent?

A grant of property rights that excludes the public from an invention (D)

Which is NOT a method used in internet filtering?

User feedback filtering (C)

What is the primary role of ergonomics in technological design?

Focusing on human needs and capabilities (D)

What are the elements required to prove libel?

Malice, publication, identification, and discreditable act (C)

What is the greatest threat that hackers pose to a company’s trade secrets?

Stealing secrets for profit (B)

Which of the following best describes open source code?

Source code that is freely available for use and modification (C)

What does layered security involve in a technological environment?

Having multiple types of security measures in place (D)

What is plagiarism primarily concerned with?

The unauthorized use of another's ideas or words (D)

What was the average number of hops that attackers made between different systems before reaching their target?

Eight (B)

What is the primary purpose of the Freedom of Information Act of 1970?

To ensure access to personal data and government activities (D)

What does RA 10173 primarily protect?

The confidentiality of customer data (C)

Under the Cybercrime Prevention Act of 2012, which of the following actions can result in arrest and imprisonment?

Posting false information intended to harm someone's reputation (A)

Which of the following best describes cyber-squatting?

Acquiring domain names for resale at a profit (A)

What term refers to accessing a computer system without authorization?

Illegal access (A)

What characterizes attacks by criminal organizations in the structured threat category?

Greater planning and financial backing (D)

Which provision ensures the inviolability of communication and correspondence?

Section 3 of Article III (A)

What constitutes personal information?

Any information that can identify an individual, either directly or when combined with other information (B)

Under which conditions can libel be committed according to Article 355 of the Revised Penal Code?

By means of various forms, including writing and cinematography (C)

What is the penalty for acts committed against critical infrastructure as stated in Section 4(a) of Article III?

Reclusion temporal or fines starting from PhP500,000.00 up to a maximum amount (B)

What defines computer-related forgery?

The unauthorized deletion or alteration of data leading to inauthentic information (B)

What does illegal interception refer to?

The unauthorized interception of non-public computer data transmissions (B)

How is the right to privacy characterized within the Constitution?

As a constitutional right recognized independently of liberty (B)

What typically classifies content as obscene?

Highly offensive material, particularly in a sexual context (A)

What is the function of the Internet Content Rating Association (ICRA)?

To provide filtering systems for digital content (C)

What does the Integrity principle of security require?

Information should not be modified except by authorized individuals. (B)

Which act regulates government access to certain records held by financial institutions?

Rights to Financial Privacy Act of 1978 (B)

What is a macro virus?

A virus that uses the application's macro programming language to spread. (C)

How are viruses different from worms?

Viruses spread by inserting copies of themselves into other code. (D)

What does non-repudiation ensure in a communication context?

The sender can be verified and the message confirmed as sent and received. (C)

What is the primary goal of network security?

To protect networks and services from unauthorized access or modifications. (A)

Which term describes the use of keywords to block access to certain websites?

Keyword Filtering (B)

What is the primary reason some users want to ban web anonymity?

It increases risks of defamation, fraud, and exploitation. (C)

Study Notes

Computer Crime

• Two main categories: Crimes facilitated by a computer, and Crimes where the computer is the target.
• Physical Security: Treat computer security like home security, keep computers attended, watched, or locked.
• Internal Misuse: Intentional or unintentional deletion of files can lead to data loss and system crashes.

Notable Cyber Attacks

• Shamoon (2012): A virus that attacks Microsoft Windows systems, capable of wiping files and rendering networks unusable.
• The Morris Worm (1988): The first large-scale internet attack, infected 10% of internet-connected machines and caused $100 million in damages.
• Citibank and Vladimir Levin (1994): Levin gained access to Citibank's cash management system, allowing him to initiate unauthorized fund transfers.
• Solar Sunrise (1998): A series of intrusions targeting US military installations, compromising over 500 domain name servers and utilizing multiple systems to obscure the origin.

Hacker Types

• Script Kiddie: Inexperienced hackers who use pre-made scripts to compromise systems.
• Elite Hacker: Skilled hackers capable of discovering and exploiting new vulnerabilities.
• Criminal Hacker (Cracker): Hackers motivated by fun, excitement, or illegal gain.

Cybercrime Laws

• Freedom of Information Act of 1970 (USA): Ensures individuals' access to personal data collected by federal agencies.
• RA 10173 (Philippines): Protects customer data confidentiality, setting rules for companies to regulate data collection, handling, and disposal.
• Cybercrime Prevention Act of 2012 (Philippines): Upholds the constitutionality of punishing online libel.
• Article III, Section 3.(1) of the Philippine Constitution: Guarantees the privacy of communication and correspondence except under lawful order or for public safety.

Additional Cybercrime Topics

• Cybersex: Engaging in sexually explicit activities online for consideration.
• Cyber-squatting: Registering domain names in bad faith to profit or harm others.
• Illegal access: Accessing computer systems without authorization.
• Criminal Organizations: Structured cyberattacks with extensive planning, resources, and potential collusion with insiders.

Cyber Security Measures

• Anonymous Remailers: Services that strip originating addresses from emails, enabling anonymous communication.
• Internet Filters: Software used to block access to websites containing inappropriate content.
• Mandatory Access Control: Restricts access to objects based on pre-defined security attributes.
• Layered Security: Employing multiple security methods like routers, firewalls, encryption, and authentication to fortify systems.

Cyber Security Threats

• Hackers: Pose the greatest threat to trade secrets, potentially disclosing or stealing information for profit.
• Plagiarism: Stealing and passing off someone's ideas or words as one's own.
• Open Source Code: While beneficial, open source code increases the risk of vulnerabilities being discovered and exploited.
• Bugs and Misconfiguration: Errors allowing unauthorized remote users to steal data, execute commands, gain information, or launch denial of service attacks.

Cyber Security Principles

• Ergonomics: Designing tech systems with human needs and capabilities in mind.
• Integrity: Ensuring information is not modified without authorization.
• Confidentiality: Preventing unauthorized disclosure of information.
• Authentication: Verifying individuals' identities.
• Non-repudiation: Providing proof of message sender and receipt.

Additional Cyber Security Concepts

• Viruses: Self-replicating programs that spread by inserting copies into other files.
• Worms: Self-replicating malware similar to viruses.
• Macro Virus: A virus that utilizes an application's macro language for distribution.
• Keyword Filtering: Blocking websites based on specific keywords or phrases.
• Network Security: Protecting networks and services from unauthorized access, modification, or disruption.

Controversial Topics

• Web Anonymity: Some advocate for banning web anonymity due to concerns about its use in defamation, fraud, libel, and child exploitation.
• Information Warfare: Using information and information technology as a weapon against adversaries.

Legal Considerations

• Libel: False statements intended to harm someone's reputation.
• Personal Information: Any information that identifies an individual.
• Article 355 of the Revised Penal Code (Philippines): Defines libel and outlines its methods of commission.
• Section 4(a) of Article III of the Cybercrime Prevention Act (Philippines): Imposes penalties for crimes against critical infrastructure.
• Section 4(c)(1) of Article III of the Cybercrime Prevention Act (Philippines): Punishes acts related to illegal interception of computer data.
• Rights to Financial Privacy Act of 1978 (USA): Regulates government access to financial records.
• Computer Abuse Amendments Act of 1994 (USA): Prohibits the transmission of harmful computer programs, including viruses.

Privacy and Security

• Right to privacy: A constitutional right recognized independently of liberty.
• Obscenity: Highly offensive content, often with sexual or prurient themes.
• Internet Content Rating Association (ICRA): A nonprofit organization that provides internet content filtering systems.
• Data Protection: Companies must protect customer information from collection to disposal, preventing unauthorized access.

Description

This quiz covers the fundamentals of computer crime, including its two main categories and the critical aspect of physical security. Additionally, it examines some of the most notable cyber attacks in history, detailing their impact and methodologies. Test your knowledge on these vital topics in cybersecurity.