Cybersecurity and Identity Theft Quiz

Questions and Answers

What small business was affected by the Target Security Breach in Fall 2013?

Eastside Mechanical

Fazio Mechanical (correct)

Western Cooling Solutions

Smith Refrigeration

Which demographic is most commonly victimized by identity theft?

18-29 year-olds (correct)

30-45 year-olds

50-65 year-olds

Children under 18

What is phishing?

Malware that disables a user's computer

Requests for personal information disguised as legitimate communication (correct)

A technique to physically steal credit cards

Voice phishing over the phone

Which of the following actions can lead to security breaches?

Poorly written software

What is the potential consequence for small businesses after a security breach?

They often go out of business

What is pharming in the context of identity theft?

Creating false websites to gather information

What is a significant risk factor for identity theft related to E-commerce?

Increased anonymity in online transactions

Which method is used to deceive individuals via text messages to obtain personal information?

Smishing

What does the Computer Fraud and Abuse Act (CFAA) primarily address?

Unauthorized access to computers

How did the USA PATRIOT Act modify the consequences of hacking?

It expanded the definition of loss to include response costs.

Which method do security professionals NOT use to catch hackers?

Inviting hackers to prison

What is one common outcome for young hackers who are caught?

They often receive fines and probation.

What was a significant change in the treatment of young hackers by the year 2000?

A young hacker received time in juvenile detention for the first time.

How do investigators often trace hacking attacks?

Using ISP records and router logs.

What difficulty arises in sentencing young hackers?

There is temptation to over or under punish them.

What is the primary purpose of white hat hackers?

To demonstrate system vulnerabilities and enhance security

What element is NOT part of the CFAA's expanded coverage?

Social networks

What stance has the Pentagon taken regarding certain cyber attacks?

They may respond with military force to some cyber attacks

What type of system did Stuxnet specifically target?

Control systems in uranium enrichment

Which factor does NOT contribute to security weaknesses?

The effectiveness of security tools

What is a common use of firewalls in security?

To monitor and block suspicious communications

Who is responsible for maintaining system security?

Developers, businesses, and home users

What did historical attitudes toward security initially fail to account for?

The risks associated with open access to the Internet

What is the main issue with the security measures implemented in response to hacking?

Security often reacts to vulnerabilities after they are discovered

What definition best describes hacking in its original context during the early 1960s to 1970s?

Creative programming characterized by clever coding.

Which phase marks the transition of hacking from a positive to a negative connotation?

1970s to mid 1990s.

Which of the following is an example of hacktivism?

A group of hackers promoting political causes through cyber attacks.

What significant risk is associated with 'harmless hacking'?

It may accidentally cause significant damage.

What is a common consequence of the growth of the Web on hacking practices?

Rapid propagation of viruses and worms.

Which activity is specifically associated with 'phone phreaking'?

Unauthorized access to phone networks.

What is a serious concern regarding large-scale theft of information as seen in recent hacking incidents?

It can lead to personal and financial ruin for individuals.

What differentiates hacktivism from vandalism?

Intent and purpose behind the hacking action.

What is one method used to authenticate customers and prevent the use of stolen numbers?

Not displaying full card numbers on receipts

What is the purpose of a fraud alert in the context of identity theft?

To flag the credit report in case of stolen information

What technology is used to securely store data so that it becomes useless if stolen?

Encryption

Which of the following is a characteristic of biometric systems?

They are based on biological characteristics unique to an individual

What can happen to corporations that operate in multiple countries regarding legal compliance?

They must comply with the laws of all involved countries

What was the legal issue faced by Yahoo regarding the sale of Nazi memorabilia?

Whether French law should apply to Yahoo's servers in the U.S.

What is a service designed to protect the user's credit card information during online transactions?

PayPal acting as a third party

What is one disadvantage of authenticating customers more stringently when preventing the use of stolen numbers?

It might trade convenience for security

What is one principle that suggests publishers must block access to illegal material in certain countries?

Responsibility-to-prevent-access

Which of the following describes a limitation of the WTO agreement regarding cross-border services?

It does not address legality differences in services.

What ethical dilemma arises when a majority supports prohibitions on certain content?

The balance between majority rule and minority rights.

What action can the government of Country A take regarding illegal material?

Block illegal material at its borders.

What is meant by 'respecting cultural differences' in the context of law and ethics?

Considering cultural values while navigating legal frameworks.

What can be inferred about the dissemination and sale of copyrighted educational work?

It undermines the integrity of the original work.

How does the international community often resolve discrepancies in laws regarding online content?

By creating international agreements.

What is one potential consequence of a country blocking access to legal content from another country?

Limitations on access to diverse ideas and information.

Study Notes

Chapter 5: Crime and Security

• The chapter covers hacking, identity theft, and laws governing the web.

What We Will Cover

• Hacking
• Identity theft and credit card fraud
• Whose laws rule the web

Hacking (1 of 17)

• Intentional unauthorized access to computer systems.
• The term "hacking" has evolved over time.
• Phase 1 (1960s-1970s): "Hacking" was a positive term, referring to creative programmers and clever code.
• Phase 2 (1970s-mid 1990s): "Hacking" took on negative connotations associated with unauthorized access and spreading computer viruses/worms.
• Phase 3 (mid 1990s to present): The growth of the web and mobile devices led to new hacking techniques. Increased spread of viruses/worms, political hacking (hacktivism), denial-of-service (DOS) attacks, and large-scale theft of financial/personal information became prominent.

Hacking (4 of 17)

• Is "harmless hacking" harmless?
• Responding to nonmalicious hacking still uses resources.
• Hacking can cause accidental, significant damage.
• Most hacking is a form of trespass.

Hacking (5 of 17)

• Hacktivism (political hacking): Use of hacking to promote a political cause.
• Debates exist about whether it is a form of civil disobedience.
• Some actors hide criminal activities under a mask of hacktivism.
• Determining the difference between hacktivism and vandalism remains a challenge.

Hacking (6 of 17)

• Hackers as security researchers ("White Hat Hackers"): Use their skills to demonstrate system vulnerabilities.
• Aim is to improve system security.

Hacking (7 of 17)

• Hacking as foreign policy.
• The increase in government hacking.
• Potential for cyber attacks to be viewed as acts of war, prompting potential military responses.
• Need for making critical systems more secure.

Hacking (8 of 17)

• Stuxnet: An extremely sophisticated worm targeting specific control systems.
• Damaged equipment in a uranium enrichment plant in Iran (2008).

Hacking (9 of 17)

• Security: Hacking is a problem, as is also poor security.
• Factors contributing to security weaknesses:
  • History of the internet and the web
  • Complexity of computer systems
  • Speed of new application development
  • Economic and business factors
  • Human nature

Hacking (10 of 17)

• Internet's openness as a means of information sharing.
• Attitudes toward security were slow to catch the risk of these systems.
• Use of firewalls to monitor/filter communication from untrusted sources.
• Cybersecurity is reactive to vulnerabilities as they are discovered and exploited..

Hacking (11 of 17)

• Responsibility for security:
  • Developers: Develop systems with security as a goal.
  • Businesses: Use security tools and monitor their systems.
  • Home users: Educate themselves and use security tools.

Hacking (12 of 17)

• Discussion questions:
  • Is hacking that has no direct damage a victimless crime?
  • Is hiring former hackers to improve security a good or bad idea and why?

Hacking (13 of 17)

• The Law: Catching and punishing hackers.
• 1984: The Computer Fraud and Abuse Act (CFAA).
  • Covers computers of government, finance, and medicine that connect to the internet.
  • Includes accessing a computer without authorization under the CFAA is illegal.
  • The USA Patriot Act expanded the definition of loss to include the cost of responding to an attack and assessing damage and restoring systems.

Hacking (14 of 17)

• Catching Hackers.
• Law enforcement use of hacker newsletters and undercover techniques.
• Identifying hackers by tracking online handles (newsgroup/archives).
• Use of "honey pots" (web sites) to attract hackers for study and record.
• Computer forensics for retrieving evidence from computers.
• Tracking hacking attacks using ISP records and router logs.

Hacking (15 of 17):

• Penalties for young hackers:
  • Many young hackers mature and become productive and responsible.
  • Sentencing varies on intent and damage done.
  • Probation, community service, and/or fines are typical penalties.
  • Juvenile detention is rare for young hackers.

Hacking (16 of 17)

• Criminalizing virus writing and hacker tools: Is this a good idea and why?

Hacking (17 of 17)

• Expansion of the Computer Fraud and Abuse Act (CFAA) to encompass newer/sophisticated ways to access and gather information.
• Use of CFAA to prosecute companies/individuals with unauthorized information gathering, and data collection.
• Is violating terms of agreement a form of hacking?

Small Business Insecurity (1 of 2)

• Fazio Mechanical: Specialized in supermarket refrigeration systems, an example of small business insecurity.
• Target Security Breach (2013) exposed issues with large scale data breaches from small businesses being gateways to larger systems.
• Consequences of breach could lead to the closure of affected small businesses.

Small Business Insecurity (2 of 2)

• Small businesses often lack resources for security staff.
• They are often gateways to larger systems.
• Often go out of business after a breach.

Security

• Security breaches are often due to poorly written software and poorly configured networks/applications.
• Security researchers/Cybersecurity professionals deal with whistle-blowing versus responsible disclosure.

Identity Theft and Credit Card Fraud (1 of 5)

• Identity theft: Criminals use an unknowing individual's identity.
• Common victims are young adults (18-29).
• e-commerce makes stealing/using card numbers easier without a physical card.

Identity Theft and Credit Card Fraud (2 of 5)

• Techniques used to steal information include:
  • Phishing (email)
  • Smishing (text messaging)
  • Vishing (voice phishing)
  • Pharming (false websites).

Identity Theft and Credit Card Fraud (3 of 5)

• Responses to identity theft include:
  • Authentication of email and websites.
  • Encryption to secure data.
  • Authenticating customers to prevent stolen numbers.
  • Fraud alerts to flag credit reports.

Identity Theft and Credit Card Fraud (4 of 5)

• Responses to identity theft (continued):
  • Activation for new credit cards.
  • Retailers not printing full card numbers/expiration dates.
  • Software that detects unusual spending.
  • Services like PayPal prevent direct credit card information exchange.

Identity Theft and Credit Card Fraud (5 of 5)

• Biometrics: Unique physiological characteristics.
• No external items are stolen; useful for highly secured areas (ex. airport).
• Systems are becoming more sophisticated to prevent being fooled.

Whose Laws Rule the Web (1 of 8)

• Laws vary between countries.
• Corporations doing business in multiple countries must comply with the laws in each country involved.
• Actions legal in one country could be illegal in another.

Whose Laws Rule the Web (2 of 8)

• Yahoo and French censorship.
• Yahoo company was sued for French citizens accessing Nazi memorabilia on their websites, while the actual website was in the US not France.
• French law was questioned.

Whose Laws Rule the Web (3 of 8)

• Applying US copyright law to foreign companies.
• Russian company circumvented controls embedded in electronic books.
• The program, even if legal in Russia, was illegal in the US.
• Author, Dmitry Sklyarov, was arrested, then after protests he was able to return to Russia.

Whose Laws Rule the Web (4 of 8)

• Arresting executives of online gambling and payment companies.
• British executive arrested in Dallas while transferring planes.
• The executive's action did not directly break US law since the sports betting in Britain is considered acceptable under British Law.

Whose Laws Rule the Web (5 of 8)

• Libel, speech, and commercial law.
• Exact laws and associated penalties vary between countries.
• The burden of proof differs in libel cases.

Whose Laws Rule the Web (6 of 8)

• Libel tourism practices.
• Traveling to a country with stricter libel laws in order to pursue a legal action.
• The speech act of 2010 makes foreign libel judgements unenforceable in the US, and does not violate the 1st Amendment.
• Foreign governments retain ability to seize assets.
• The costs of travel could be associated in cases that take time in court, and may require numerous trips.
• Freedom of speech is restricted when companies adhere to laws from the most restrictive countries.

Whose Laws Rule the Web (7 of 8)

• Some countries have strict regulations on commercial speech and advertising.

Whose Laws Rule the Web (8 of 8)

• Discussion questions:
  • Suggest solutions for resolving issues that arise from differing laws in various countries.
  • Suggest what is likely to work, and what is likely to fail.

Culture, Law, and Ethics

• Respecting cultural differences is not equivalent to respecting laws.
• If a majority of people support restrictions on content in a given country, does it make sense to then violate the basic human rights of minorities around the world?

Potential Solutions (1 of 2)

• International agreements between countries, particularly those related to the World Trade Organization (WTO) might help.
• The WTO does not help when a specific product, service, or information are legal in one country and not another.

Potential Solutions (2 of 2)

• Alternative principles.
  • Responsibility-to-Prevent-Access: Publishers must restrict access to material/services.
  • Authority-to-Prevent-Entry: Country A can act within its borders, but may not be able to enforce its laws on Country B, even when the action is illegal in country A.

Description

Test your knowledge on the impacts of cybersecurity, particularly focusing on identity theft and security breaches. This quiz covers essential concepts such as phishing, pharming, and the legal frameworks that address hacking. Learn about the risks facing small businesses and the demographic trends in identity theft.