Aerospace Dimensions - Cyber Security Module PDF

Draft - 26 Oct 21 - Pre-Copy Editing Aerospace Dimensions CYBER SECURITY 7 MODULE Civil Air Patrol Maxwell Air Force Base, Alabama Draft - 26 Oct 21 - Pre-Copy Editing Draft - 26 Oct 21 - Pre-Copy Editing Aerospace Dimensions CYBER SECURITY 7 MODULE W RITTEN BY LACY WICKS DESIGN BLAKE ATKINS ILLUSTRATIONS LACY WICKS BLAKE ATKINS EDITING JEFF CARVER, Ph.d. TRAVIS ATKINSON, Ph.d. NATIONAL ACADEMIC STANDARD ALIGNMENT SUE MERCER PUBLISHED BY NATIONAL HEADQUARTERS CIVIL AIR PATROL AEROSPACE EDUCATION DEPUTY DIRECTORATE MAXWELL AFB, ALABAMA 36112 FIRST EDITION AUGUST 2021 Draft - 26 Oct 21 - Pre-Copy Editing Introduction The Aerospace Dimensions module, Cyber Security, is the seventh of seven modules, which combined,make up Phases I and II of Civil Air Patrol’s Aerospace Education Program for ca- dets. Each module is meant to stand entirely on its own, so that each can be taught in any order. This enables new cadets coming into the program to study the same module, at the same time, with the other cadets. This builds a cohesiveness and cooperation among the cadets and encour- ages active group participation. This module is also appropriate for middle school students and can be used by teachers to supplement STEM-related subjects. Inquiry-based activities were included to enhance the text and provide concept applicabil- ity. The activities were designed as group activities, but can be done individually, if desired. The activities for this module are located at the end of each chapter. ii Draft - 26 Oct 21 - Pre-Copy Editing Contents Introduction.................................................................................................................................ii Contents......................................................................................................................................iii National Academic Standard Alignment..................................................................................iv Chapter 1. Introduction to Cyber Security...............................................................................1 Chapter 2. Common Cyberattacks: Beware of the Attack.....................................................17 Chapter 3. Improving your Personal Security.........................................................................39 Chapter 4. Protecting Your Digital Footprint..........................................................................50 Chapter 5. The Future of Cyber Security.................................................................................61 iii Draft - 26 Oct 21 - Pre-Copy Editing K12 Cybersecurity Learning Standards Cyber.org The Academic Initiative of the Cyber Innovation Center https://cyber.org/sites/default/files/2021-08/K-12%20Cybersecurity%20Learning%20Standards_2.pdf Computing Systems Communication and Networking 6-8.CS.COMM.1 Compare and contrast network topologies. Network Components 6-8.CS.COMP identify the role of connected network components. Software Updates 6-8.CS.SOFT identify examples of vulnerabilities that exist in software. Programming and Scripting 6-8.CS.PROG Explain the role of scripting in cyber attacks. Applications 6-8.CS.APPS Discuss the role that software plays in the protection of a secure system. Digital Citizenship Cyberbullying 6-8.DC.CYBL Develop strategies to raise awareness of the effects of, and methods to identify and prevent, cyberbullying. Digital Footprint 6-8.DC.FOOT.1 Recognize the many sources of data that make up a digital footprint. 6-8.DC.FOOT.2 Recognize the permanence of a digital footprint. Public and Private Information 6-8.DC.PPI.1 Discuss the risks and benefits of sharing PII. 6-8.DC.PPI.2 Examine techniques to detect, correct, and prevent disclosure of PII. Threat Actors 6-8.DC.THRT Describe various types of threat actors. Ethical Integrity 6-8.DC.ETH Distinguish between ethical and malicious hacking. Intellectual Property 6-8.DC.IP Explain how intellectual property and copyright relate to fair use. Security Threats and Vulnerabilities 6-8.SEC.INFO Analyze threats and vulnerabilities to information security for individuals and organizations. Securing Network Components 6-8.SEC.COMP Describe Defense in Depth strategies to protect simple networks. Threats and Vulnerabilities 6-8.SEC.NET Explain how malicious actions threaten network security. Draft - 26 Oct 21 - Pre-Copy Editing INTRODUCTION TO CYBER SECURITY Learning Outcomes - - Describe the composition of cyberspace. 1 Explain the role of cyber security in cyberspace. - Define networks. - Define cyber. - Describe cybercrime, cyberwarfare, and cyber ethics. Important Key Terms Client - a desktop computer or workstation that is capable of obtaining resources from a server. Cyber - describes characteristics of the culture of computers, information technology, and virtual reality. Cybercriminal - a person who conducts illegal activity using computers or other digital technology. Cybercrime - a crime that involves a computer and a network. Cyber ethics - is a set of moral, legal, and social principles that applies to computers relating to the user’s behavior Cyberspace - the environment that allows digital technology of many forms to communicate with one another via the Internet. Cyber security - the collection of security tools, policies, safeguard, and practices that protect the cyberspace environment and its occupants. Cyberwarfare- the use of technology to attack a nation via network communications and computer devices. Internet - a worldwide collection of different networks connecting millions of devices which allows communication between other devices on the network. Network - a channel that links computers, servers, network devices, peripherals, or other devices together to allow the sharing of data. Node - a connection point that relays information along a distributed network. Packet switching - a process of arranging data into small units that can be transmitted over a digital network. Server - a computer program or a device that provides sharable resources. 1 Draft - 26 Oct 21 - Pre-Copy Editing Imagine being the pilot for Flight 321 on your way to the airport. You notice that the Flight Management System (FMS) is not working properly. You glance at the screen and the Global Positioning System (GPS) and Inertial Navigation System (INS) are notifying you to alter the position of the aircraft to an abnormal altitude. The INS begins to cause an integration drift that incorrectly calculates the acceleration and velocity of the aircraft. You begin to call for help. Pilot to Ground Control: We are having a problem with the FMS. Ground to Pilot: There is a problem with the network. Please prepare for an alternate flight plan using radio navigation. Pilot to Ground Control: Will do. Copy! This chapter introduces the concepts of cyberspace, cyber security, and the functions of networking systems, like the FMS, which later chapters will explore in more detail. 2 Draft - 26 Oct 21 - Pre-Copy Editing CYBERSPACE What is cyberspace? The word "cyber" describes the digital environment in which computer networks communicate. The word "space", in the cyberspace context, describes an abstract idea of a virtual environment rather than a physical space. Cyberspace is the environment that allows digital technology in many forms to communicate with each other via the Internet. In cyberspace, users can interact with each other, exchange ideas, share information, provide entertainment, conduct business, and also engage in political discussions with a few strokes of their computer keys. Many government and military officials, security professionals, and industry leaders use this term to describe the global technology domain of the web. Cyberspace consists of two layers: physical and digital. The physical layer is composed of devices with Internet capabilities that can physically be touched, such as laptops, tablets, digital cameras, desktops, or even game consoles. These devices can connect to the Internet and become a part of cyberspace. The digital layer is the part of cyberspace that users cannot physically touch (i.e. the Internet) but can access through devices in the physical layer. NETWORKS A network links two or more devices. A node is a network device that provides a connec- tion through which it relays information to other network devices. To facilitate communication, each network device has a unique address. This address allows the devices to communicate with each other and work together to accomplish a task. These addresses are complex sequences of numbers. But, do not worry, humans do not need to remember these complex numerical address- es, only the network devices do. To make it easier for humans, often these device addresses are represented as human-readable names followed by ".com" or ".net". A real world analogy may help clarify this addressing concept. If you want to travel to your grandmother’s house, you will need to provide your GPS system with some information. While you could provide the GPS with the specific latitude and longitude of her house, you could also provide the street address (i.e. 123 Main Street). Even easier, if you have already programmed your GPS to know where your grandmother’s house is located, you can just tell it to take you to “grandmother’s house.” Similarly, a networked system is able to convert human readable ad- dresses into network locations. 3 Draft - 26 Oct 21 - Pre-Copy Editing PACKET SWITCHING Packet switching is the process networks use of splitting a large message into smaller units that can be more easily transmitted over a network. This process helps to prevent network overloading and maintain efficiency. If a communication pathway is unavailable, the network can reroute one or more packets allowing all packets to arrive safely. As packets travel through networks, they encounter switches and routers that forward the packets to the next point along the route. In route to the final destination, the network tracks each packet to ensure that it arrives on time. Once all of the packets reach the destination, the recipient can extract the information and reconstruct the original message. An analogy to this process would be when someone wants to send a large document to a friend. If the document is too large, the postal service may charge a fee for excess weight. To save that fee, the sender may divide the document into multiple packages. Because the packages may take different routes and arrive out of order, each package contains a portion of the original docu- ment, along with a sequence number to tell the recipient how to reconstruct the overall document. Figure 1 illustrates packet switching using the postal service analogy. Host 1 wants to send a message to Host 2. The message begins at Host 1 (the sender). The network splits the message into three packets that travel through the network to Host 2 (the destination). All of the packets then arrive at Host 2. Host 2 then reconstructs the message. This concept is common in cli- ent-server communication, discussed in the next section. STAGE 1 STAGE 2 STAGE 3 STAGE 4 4 Draft - 26 Oct 21 - Pre-Copy Editing CLIENT-SERVER NETWORK In a client-server network, there are two types of nodes: clients and servers. A client is a network device that requests access to some type of service to accomplish its task (e.g. requests for data or requests for printing). A server is a computer or device that manages access to the cen- tralized resources clients use to complete their tasks (e.g. hard drives, printers, and other sharable resources). Clients request services provided by servers to help the users complete their tasks. Figure 2 illustrates a computer lab in which all are on the same network and have access to a shared printer. Computers A, B, and C act as clients that help their users can access the shared printer (the server) through communicating over the client-server network. To print, the user chooses the desired printing options on the client. The client communicates this information to the server. The server then sends back a signal giving the client permission to print. This cli- ent-server network reduces the need for each computer to have its own printer. As seen in the previous example, a server may receive multiple requests from clients in a short period. A server can only perform a limited number of tasks at any moment and must prior- itize incoming requests from clients. Also, a server may limit the availability of a resource if the requested workload is too high. Clients and servers communicate via messages in a real-time request-response pattern. To properly communicate, the clients and the servers must work together so each knows what to expect. The Internet, discussed next, frequently makes use of client-server networks. 5 Draft - 26 Oct 21 - Pre-Copy Editing THE INTERNET The Internet is a worldwide collection of networks that connect millions of devices to al- low businesses, government agencies, institutions of higher learning, and individuals to commu- nicate with one another. The Internet, the backbone of cyberspace, started as a networking project of the Pentagon's Advanced Research Projects Agency (ARPA), an agency of the U.S. Department of Defense, with the primary goal to allow scientists to communicate about military and scientific projects. This first iteration of the Internet, called ARPANET, was developed in September 1969. ARPANET consisted of four computers located at each of the following sites: the University of California at Los Angeles, the University of California at Santa Barbara, the Stanford Research Institute, and the University of Utah to act as a host of the network. It served as a backup communication network for armed forces if other forms of communications were destroyed. The Internet has evolved to push society to a technological age. People exchange vast amounts of information through the internet every second. Frequent use of the internet increases the chances that a user's confidential information may be compromised by cyberattacks that can compromise the privacy and security of others. For this reason, everyone must take proper secu- rity precautions when using the Internet. Cyber security encompasses the various practices for protecting users and their systems. 6 Draft - 26 Oct 21 - Pre-Copy Editing CYBER SECURITY To ensure the safety of users in cyberspace, the importance of and the focus on cyber securi- ty has increased substantially over the last decade. Cyber security allows users to keep the virtual environment of cyberspace safe from potential threats. Cyber security refers to a collection of technologies, tools, approaches, guidelines, and practices designed to protect networks, devices, and data. Cyber security is a broad and complex field that faces a constant battle between users and malicious attackers. Cybersecurity consists of concepts including: Information security: protecting access to private information by unauthorized users. Network security: defending networks to prevent people from gaining access they should not have. Endpoint security: securing all devices and access points within a network. Website security: Preventing attacks that will negatively affect a website, causing it to fail or to go offline. Application security: Reduces the opportunities for people to exploit weaknesses in applications. When operating in cyberspace, individuals and businesses should take cyber security pre- cautions. Any user can encounter security problems such as clicking on links to malicious sites, fraud, downloading malware, or denial of service. In addition private and public organizations gather, process, and store large amounts of data on internet-connected devices that could be vul- nerable to various types of threats if the owners do not use proper cyber security practices. The increase in the use of social media has led to an increase in the prevalence of cyber security problems. Social media allows users to stay constantly connected with their family and friends across the world. However, this convenience comes with risks. Users’ private information can be compromised, old posts can come back to haunt users, or users can become the target of harassment from cyberbullying. It is essential to be careful about your online activities to reduce the chances of becoming a victim of a cybercrime. Chapter 3 discusses this topic in more detail. 7 Draft - 26 Oct 21 - Pre-Copy Editing CYBERCRIME Cybercrime is a crime that involves a computer and/or a network. Cybercriminals often target vulnerable computers to gain access to networks and commit crimes. Cybercrime can be a threat to individual people or even to national security. A cybercriminal is a person who commits crimes via the Internet either with a computer as a target or using a computer as a weapon. Some examples of each type of cybercrime include: Computer as a Target: Hacking Denial of Service Malware Botnets Computer as a Weapon: Identity Theft Cyberbullying Software Piracy Cyberstalking Cyberwarfare Chapter 2 discusses the different types of crimes and their effects. CYBER ETHICS Cyber ethics is a set of moral, legal, and social principles that apply to user behavior on computers. In other words, cyber ethics is a set of guidelines users should follow to engage in responsible behavior on the Internet. Just as people should act responsibly in everyday lives, people should act responsibly in cyberspace. Some people believe that by deleting or hiding their online behavior, they are able to ignore the effects of unethical behavior. However, because com- puters, websites, browsers and other internet services log deleted or hidden activity, that activity may lead to legal actions. Remember, unethical behavior in cyberspace may have real world ramifications. Here is a list of some basic guidelines for practicing good cyber ethics: 1. Do not use offensive language or hateful speech. 2. Do not cyberbully. 3. Do not plagiarize. 4. Do not use someone else's password without permission. 5. Do not attempt to infect someone else's computer. 6. Avoid infringing on someone's copyright when downloading material from the Internet, including software, games, movies, or music. Chapter 3 discusses cyberethics and other good practices for cyber ethics. 8 Draft - 26 Oct 21 - Pre-Copy Editing Summary: Users must become aware of the dangers of cyberspace and how to keep cyberspace safe. Sometimes when people think of security, they think of law enforcement, government offi- cials, and the military. On a smaller scale, one may think of their parents, teachers, or community leaders. Their primary job is to defend and protect us from any harm to our wellbeing. Converse- ly, everyone has some responsibility for making, and keeping, cyberspace safe. The first step to achieving this goal is being aware of the obligation to protect cyberspace. Cyber security affects everyone: Be a part of the solution and not the problem. Chapter 1 Review Questions 1.1. What is cyberspace? What is cyberspace made up of? 1.2. Can anyone be a victim of cybercrime? Why or why not? 1.3. What is cyber security? Why is it important? 1.4. Give an example of a cybercrime. Discussion Questions Purpose- Students will apply knowledge gained from Chapter 1. Discussion 1: How does cyber security affect schools, hospitals, and government? Discussion 2: How can you spread awareness within your community about cyber security? Discussion 3: What does it mean to be ethical in cyberspace? 9 Draft - 26 Oct 21 - Pre-Copy Editing ACTIVITY SECTION Activity One - Get Connected! 1 Purpose: Students will demonstrate how networks are connected. Materials: Yarn or string Scissors Tape Preparations: Cut the yarn into lengths of 8 ft. Group Member Roles: Each group member will represent a device on the network. One of the group members represents the server, who manages services and resources on a network. Note: This activity is similar to the old tin can and string game. Procedures: 1. Connecting to the Network Each group member, except for the member who will be acting as the server, will start with a piece of yarn and hold the yarn in their hand. This represents your device connecting to a network. Connecting with a Peer: Each person must now pick another person with whom to connect their yarn. You will connect by tying your yarn together. (This is called a peer-to-peer network). You can only send messages to the peer to which you are connected. In order to connect with other peers, repeat the step above with another partner. Illustration 1 is an example of the peer–to-peer connection. 10 Draft - 26 Oct 21 - Pre-Copy Editing 2. Connecting to Server Each pair will now attach their paired yarn to the member designated as the server. (This is an example of the client-server network). SERVER Illustration 2 is an example of the client-server network. 3. Disconnecting from a Peer-To-Peer Network In order to delete a device, the group members furthest from the server should release the yarn. You are now disconnected from the device. Note: If too many devices are on a string, this will make the string heavier, which in the computer world means that the data is transferring at a slower rate. You should try to avoid this action. 4. Disconnecting from a Client-Server Network: In order to disconnect from a client-server network, the remaining group members, excluding the server, will release the yarn. You are now disconnected from the server. Summary: Over the network, there are several ways to communicate and share resources. The goal of this activity is to demonstrate how the devices are connected to peers and servers on the network. 11 Draft - 26 Oct 21 - Pre-Copy Editing Activity Two - You've Got Mail. Purpose: Students will demonstrate how networks communicate. Materials: Envelopes (one per person) Yarn or string Scissors Hole puncher One sheet of paper per group Preparations: Cut the yarn into lengths of 8 ft. Use the hole puncher to create a hole in the top corner of each envelope. Create a message that you would like to send on the sheet of paper. Each group should have one message. Note: The person who will act Host 2 should not assist with preparing the message. Cut the message into pieces. Note: The number of pieces of paper should not exceed the number of members in your group. The pieces will represent the message being sent as packets across the network. Place one piece of paper inside each envelope (one piece per group member) Group Member Roles: 1 member: Host 1 - this person will be the starting point for all of the packets. (Sender) 1 member: Host 2 - this person will be the destination point for all of the packets. (Recipient) Up to 4 members: Healthy Routers/Switches- these individuals will help distribute the messages as packets. 1 member: Unhealthy Router/Switch - this person’s yarn will have more packets than the healthy switches thus overloading the network. 12 Draft - 26 Oct 21 - Pre-Copy Editing Procedures: In this activity, each student, except for Host 1 and Host 2, represents routers/switches sending messages on a network. The envelopes represent the packets that were created to send the mes- sage from Host 1 to Host 2. The yarn represents the flow of communication. 1. Building the Network Each person that is acting as a router/switch should have 8 ft. of yarn. Host 1 should have all of the packets that were made in the preparation stage of this activity. Each person, who is acting as a router/switch, will share one end of their yarn with Host 1 and the other with Host 2. Each person will find an area along the yarn between Host 1 and Host 2 to hold. Illustration 4 shows the connection between the hosts and the routers/switches. 13 Draft - 26 Oct 21 - Pre-Copy Editing 2. Send Message Host 1 will attach each envelope to the yarn. Ensure that the packets are equally distributed among the yarn near the healthy router/switch. The excess envelopes should be distributed on the yarn near the unhealthy router/switch. Remember: If you attach all of the envelopes to one yarn this would not be effective and would slow down the retrieval of the messages. Please avoid this action. The routers/switches will help the packet push along the yarn until they reach Host 2. Host 2 must receive all of the packets before reading the message. Once all the packets have been received by Host 2. Host will put the message together and read it aloud. This is how messages are sent using packet switching over the internet. Break: Did the message arrive at Host 2? What does the message say? Illustration 5 shows how the message is sent using packet switching. 14 Draft - 26 Oct 21 - Pre-Copy Editing Enhancement to Activity You will increase the number of routers/switches and repeat the steps above. In the new scenario, one of the original routers/switches is overloaded with work, which could delay the arrival of packets. The new healthy routers/switches will attach their yarn to the yarn of the unhealthy router/switch that is overloaded. The other end of the yarn will connect to Host 2. This action will allow the packet to travel a new route around the problem router/switch to arrive on time. The packet will now be pushed along the yarn by the new switch. Once all the packets have been received by Host 2. Host will put the message together and read it aloud. Break: Did the message arrive at Host 2? What does the message say? Illustration 6 below shows the enhanced activity. 15 Draft - 26 Oct 21 - Pre-Copy Editing 3. Disconnecting with the Network Disconnect from the network by removing your hand from the yarn. You are now leaving the network. Summary: The goal of the activity was to better understand how data is transmitted across the network using packet switching. Packet switching is done to allow communication to happen fast and efficiently. References:. Berners-Lee, T., & Fischetti, M. (2004). Weaving the web: the original design and ultimate destiny of the World Wide Web. New York, NY: Harper Business.. Stallings, W. (2019). Cryptography and network security: principles and practice. Hoboken, NJ: Pearson Education, Inc.. Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: what everyone needs to know. Oxford: Oxford University Press.. Kostopoulos, G. K. (2013). Cyberspace and Cybersecurity. Auerbach Publications.. Robert M. Metcalfe; David R. Boggs (July 1976). "Ethernet: Distributed Packet Switching for Local Computer Networks". Communications of the ACM. 19 (5): 395–404. doi:10.1145/360248.360253. Archived from the original on 2007-08-07.. Peterson, L.L.; Davie, B.S. (2011). Computer Networks: A Systems Approach (5th Ed.). Elsevier. p. 372. ISBN 978-0-1238-5060-7. 16 Draft - 26 Oct 21 - Pre-Copy Editing COMMON CYBERATTACKS: Beware of the Attack Learning Outcomes 2 - Describe the different types of hackers: black, grey, and white. - Describe ethical hacking. - Identify current security practices used to protect against cybercriminals. - Describe the potential gains for cybercriminals. - List different types of cyberattacks and their techniques. - Describe how hackers use malware to penetrate computer systems. - List the characteristics of phishing attacks. Important Key Terms Adware - software that automatically displays or downloads advertising material (often un- wanted) when a user is online. Computer virus - software application that disguises itself as an innocent program or file, pro- duces copies of itself and inserts into other software applications, and that when run performs a malicious action such as destroying data or damaging software. Computer worm - a standalone self-replicating software application that invades computers on a network and usually performs a destructive action. Cyberattacks - malicious attempts by hackers to damage, steal, or destroy a computer network or system. Black hat hackers - criminals who break into computer networks and systems with malicious intent. Denial of service attack (DoS) - a cyberattack in which the perpetrator seeks to make a ma- chine or network resource unavailable or to disrupt services connected to the Internet. Eavesdropping - occurs when an unauthorized user intercepts a private communication, such as a phone call, instant message, video conference, or email. Ethical hacking - an act of performing penetration tests on a system or network to find loop- holes and vulnerabilities that a malicious attacker might use to their advantage to cause loss or damages. 17 Draft - 26 Oct 21 - Pre-Copy Editing Grey hat hackers - an individual who may sometimes violate laws or ethical standards, but does not have the malicious intent typical of a black hat hacker. Hacking - the act of using a computer to gain unauthorized access to data in a system. Hacker - someone who uses a computer to gain unauthorized access to systems or networks. Keylogger - a tool that records or logs every keystroke on a computing device. Malware - malicious software variants that disrupt, damage, or gain unauthorized access to a computer system. Ransomware - a type of malicious software that attackers use to block access to a computer system until the user pays a certain amount of money. Phishing - the practice of sending fraudulent emails or text messages posing as a legitimate source in order to deceive individuals into revealing personal information, such as passwords and credit card numbers. Session hijacking - occurs when an unauthorized user takes over an active communication session without the user’s permission. Sniffing - the process of capturing all data packets passing through a given network. Social engineering - the practice of manipulating people into revealing confidential or personal information. Spyware - software that allows an attacker to obtain information about another’s computer activities. Trojan - malicious software that looks legitimate but can take control of the computer. Vulnerability scanner - software that detects weaknesses in computers, networks, and applica- tions. 18 Draft - 26 Oct 21 - Pre-Copy Editing THE MORRIS WORM On November 2, 1988, Robert Tappan Morris, a student at Cornell University, unleashed a malicious computer program onto the Internet. This program infected computer systems at a number of the prestigious colleges and public and private research centers that made up the first national electronic network. The Morris Worm, as it is known, infiltrated an estimated 6,000 of the approximately 60,000 computers on the network. It replicated at a remarkable speed and brought operations to halt in a 24-hour period. While the worm did not damage or destroy files, it still caused havoc on daily operations. As a result of the Morris Worm, vital military and university Robert Tappan Morris functions slowed to a crawl. E-mails were delayed for days. The network community labored to figure out how the worm worked and determine the appropriate steps to recover from the attack. Some in- stitutions wiped their systems; others disconnected computers from the network for as long as a week. The Morris Worm was an early and one of the most famous cyberattacks and showed potential hackers what was possible. This chapter introduces the concepts of malicious cyberat- tacks, like the Morris Worm, cybercriminals, hacking techniques, Illustration of a and defending systems against hacks. Floppy Disk CYBERATTACKS Cyberattacks are malicious attempts by hackers to damage, steal, or destroy a computer network or system. Cyberattacks happen when an unauthorized user takes advantage of a system by exploiting its vulnerabilities and runs their malicious code to alter the computer’s function. While historically these attacks targeted corporations and businesses, they now target individuals that use networked devices, applications, and systems. There are two categories of cyberattacks: attacks aimed at disabling the target computer and attacks aimed at gaining access to data. Within these categories, there are numerous specific types of attacks. As technology advances, so does the frequency of cyberattacks. The following subsections discuss malware, phishing, and other cyberattacks that could affect users who are not actively using safe security practices. 19 Draft - 26 Oct 21 - Pre-Copy Editing MALWARE Malware is software designed to disrupt, damage, or gain unauthorized access to a comput- er system. Different types of malware can infiltrate systems in a number of ways. The following list describes some of the most common types of malware: A computer virus is a software application that disguises itself as an innocent program or file, produces copies of itself and inserts into other software applications, and that when run performs a malicious action such as destroying data or damaging software. In order to attack the computer, the viruses attach or insert their malicious code into clean code or software. The virus waits for execution by a user or automated process to attack. Computer viruses sometimes are run as a part of other software. For example, when someone is sick with a virus, the virus begins in one part of their body and moves to the next to spread the infection. In addition to copying itself, a computer virus can also execute instructions that cause harm and affect the security of the computer. Computer viruses spread through emails, shared USB drives, and online downloads. For example, a user may insert a USB flash drive in their computer that contains an unexpected virus on it. The virus loads onto the computer and begins to infect files and programs. The software that built the virus halts normal oper- ations of the computer for the user. A computer worm is a standalone self-replicating software application that invades com- puters on a network and performs a destructive action. Computer worms get their name from the way that the programs infect computers by searching the network for devices with security vulnerabilities. By connecting to those devices the worm spreads quickly across the network. An example of a computer worm is the Morris Worm described earlier. Spyware is software that allows a user to obtain information about another's computer activities. Spyware hides in the background on a computer and collects information like passwords, credit card numbers, and other sensitive information without the user’s knowl- edge. For example, a spyware application may collect a list of all websites visited by a user and send that information to an external location. Marketers and malicious users can purchase information collected by spyware. Spyware could even alter the results of Internet searches to redirect users to a web site that may infect their computers with even more spy- ware. Ransomware is a type of malicious software that attackers use to block access to a com- puter system until a payment is made. Ransomware can infect computers through ma- licious links, files, or downloaded attachments. Once a system is infected, a user will be unable to access its files, data, or software. To regain access to the system, the user must pay the ransom to the cybercriminal, who can then unlock the system. A trojan is a type of malware that looks legitimate, but, in reality, has malicious in- tent. Ancient Greek literature tells a story of Greek soldiers who hid in a giant wooden horse given to the city of Troy as a ‘present’. Once inside the city walls, the soldiers were 20 Draft - 26 Oct 21 - Pre-Copy Editing able to launch an attack on the city. Malware trojans act in a similar way. The trojan presents itself as a harmless file or application to trick users into downloading it. Once the trojan is on a system, it can allow cybercriminals to steal information on the system, to install other malware, or to shut down the system itself. Adware is software that automatically displays or downloads advertising material when a user is online. Adware may appear in a variety of ways, including box display, pop up, video, and banner displays. The software analyzes the user’s location and websites frequently visited in order to present legitimate-looking advertisement services or goods near the user’s location. The adware will also find personal information about the victim (such as their age, race, and gender). For example, a user casually scrolls through his or her favorite social media site and encounters an ad about a shoe sale. The user clicks on the ad without paying attention to the obscure link. The software begins to collect information about the user in the background to sell. While each type of malware has a different dissemination method, most require some kind of user interaction. This user interaction is necessary because attackers frequently use links, ad- vertisements, or email attachments, which typically require the user to click on or download something. The next section discusses how malware disguises itself as a part of a phishing attack. PHISHING Phishing occurs when an attacker sends fraudulent emails or text messages to deceive someone into revealing personal information, such as passwords or credit card numbers. As with traditional fishing, the attacker uses ads, emails, or text messages that appear legitimate as a means to ‘bait’ the target individual. For example, suppose Jane receives an email message that appears to come from a social media website she frequently uses warning her she must update her password immediately. The email instructs her to click a URL embedded in the email. After clicking the URL, Jane enters her old password and her new password in what she thinks is a legitimate site. However, the link in the email has taken her to a fraudulent site owned by the attacker. Now the attacker has her password and can easily access her social media account, change her password, and assume her online identity. While Jane’s story is a made-up example, these situations occur frequently because attack- ers often do a very good job of disguising their phishing attacks to look very real. However, being able to identify characteristics of phishing attacks can prevent users from becoming victims. Some of those characteristics include: 1. The email sounds too good to be true. The email might promise a valuable reward (e.g. money or a trip) for clicking on a link. 21 Draft - 26 Oct 21 - Pre-Copy Editing 2. You do not recognize the sender. 3. The emails pressure you to react without thinking by including phrases like “Act Now” or “Immediate Action Required.” These types of emails suggest that if the recipient delays, they will face some type of negative consequence, like missing out on a good deal or losing access to an account. 4. The message contains unexpected attachments. 5. The message contains text or URLs that look suspicious, like misspelling a well-known web address, message text, or subject line. 6. The logo of the sending organization does not look exactly right, for example it has a different font or has misspellings. A phishing email. The subject line and the first line in the message in Figure 1 seems to have some misspelling. The second line says “Act Now” which seems a little scary and too eager. The link listed below also has some misspelling. Figure 1 depicts an example of a phishing email illustrating several of these characteristics. The subject line and the first line in the message have some misspelling. The second line says, “Act Now,” which puts pressure on the recipient to react without thinking. The URL also has some misspelling. If you receive this type of email, you should report it (if possible), delete the email, and instruct your spam filter to filter out similar emails in the future. 22 Draft - 26 Oct 21 - Pre-Copy Editing Other Types of Attacks There are many other types of cyber attacks that can also affect users. The following lists provides a few more examples: Social engineering is when an attacker uses trust or lack of knowledge to manipulate someone into revealing confidential or personal information. To successfully use a so- cial engineering attack, the attacker does not need to possess advanced knowledge of hard- ware or software. For example, imagine you are in a chatroom with your friends and a stranger enters the chatroom. The stranger engages you in conversation to gain your trust. Then this stranger may begin asking for personal information like where you live or attend school. Unless you are confident that you know someone online, you should not reveal any sensitive information. The stranger could use this information to stalk you at home or school. Denial of Service Attack (DoS) is a cyber-attack in which an attacker seeks to make a machine or network resource unavailable or to disrupt services connected to the Internet. Hackers accomplish a DoS attack by flooding targeted machines with requests that overload the system and prevent that system from performing its normal operations. For example, a device repeatedly makes requests to a time server. Because the time server is occupied with these requests, it is unable to fulfill any other legitimate requests. Another type of DoS attack is a Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attacker uses multi- ple devices, instead of only one, to flood the target machine(s) and prevent normal operation. Sniffing is a process of capturing all data packets passing through a given network. Sniffers can have both legitimate and malicious uses. Network or systems administrators can use sniffers to monitor and troubleshoot network traffic. Attackers can use sniffers to capture data packets containing sensitive information. Sniffers can be either hardware or software. CYBERCRIMINALS Chapter 1 identifies a cybercriminal as a person who conducts illegal activity using comput- ers or other digital technology. Cybercriminals use the tools mentioned above, along with several others (new attack mechanisms appear all the time) to attack computer systems and networks. Through these tools, cybercriminals commit various types of crimes, including hacking, identity theft, scams, fraud, malware dissemination, and many others. Cybercriminals use computers ei- ther as a tool to commit a crime or as a target of the crime. 23 Draft - 26 Oct 21 - Pre-Copy Editing Computer as the Target In this type of attack, the goal of cybercriminals is to cause harm to the computer, or the contents of the computer (e.g. software, files, or data). This type of crime requires the attacker to have some level of computer knowledge and technical skill. The Morris Worm is an example of this type of attack because the primary goal of the worm was to infect other computers. For this worm to work, Morris had to understand how to spread the worm from computer to computer and how to exploit vulnerabilities. Another example of this type of attack is a DoS attack. Computer as the Tool When a criminal’s target is a person or group of people, the criminal can use the computer as a tool to plan or commit the crime. Some examples of this type of crime include various types of scams, cyberbullying, and theft. These crimes generally exploit human weaknesses. Computers increase the number of victims to attack and the chances the perpetrator is caught. For example, a perpetrator accesses an online gaming account, enters the gaming chatroom and makes harsh remarks about the individuals in the online game. HACKERS A hacker is someone who uses a com- puter to gain access to systems or networks. Different types of hackers hack for different reasons. All hackers must have some level of technical skill and knowledge to be suc- cessful. Following are three general types of hackers with different goals. Black hat hackers are the "bad guys" who hack into computer networks and systems with malicious intent. They may use the types of malware described above or perform other ma- licious acts. Such hackers often have no particular care for the rule of law, or the chaos that they cause. Black hat hackers have cost companies, organizations, and individuals millions of dollars in damages and costs of recovery. White hat hackers are the “good guys” who use their computing skills for ethical and legal reasons, such as testing a system's vulnerabilities. White hat hackers practice ethical hacking, which is the act of performing penetration tests on a system or network to find loopholes and vul- nerabilities that a malicious attacker can use to their advantage to cause loss or significant dam- ages. The goal of ethical hacking is to improve the security of networks and systems through testing. Grey hat hackers are the “neutral guys” who employ their skills to exploit networks and computer systems like black hat hackers, but like white hat hackers they do not have malicious intent. Grey hat hackers hack systems to discover vulnerabilities for their own enjoyment. For example, a grey hat hacker might attempt to find security vulnerabilities in an email system. The 24 Draft - 26 Oct 21 - Pre-Copy Editing hacker may then exploit the vulnerabilities and notify the system owner of the hack. The grey hat hacker will then ask the system owner to pay a fee to fix the security problem. This type of hacking is illegal because the hacker is not authorized to access the system. COMMON HACKING TECHNIQUES Similar to cyberattacks, there are many techniques available to hackers. This section intro- duces some of the more common ones. Eavesdropping happens when an unauthorized user intercepts a private communication, such as a phone call, instant message, videoconference, or email. The attackers are usually after sensitive financial or business information to use for criminal purposes. An eavesdrop- ping attack can be challenging to detect because the network transmissions may appear to operate normally. An eavesdropping attack requires an unsecured connection between the parties that the attacker can exploit to reroute network traffic. The attacker installs network monitoring software, on a computer or a server to intercept data as it is transmitted. A keylogger is a tool that logs and saves every keystroke on a computing device. A keylogger can capture personal messages, banking information, phone numbers, and even passwords. Vulnerability Scanner is software that detects security weaknesses in computers, net- works, and applications. Vulnerability scanners help hackers identify vulnerabilities result- ing from flaws in firewalls, routers, and web servers. White hat hackers use vulnerability scanners to find vulnerabilities that need to be patched. Black hat hackers use vulnerability scanners to find targets to attack. Session hijacking occurs when an unauthorized user takes over an active communica- tion session. Attackers then can impersonate that user to enjoy their access to resources provided by the session. An individual becomes vulnerable to session hijacking when he or she accesses trusted sites over an unprotected or public Wi-Fi network. Although the username and password for a given site may be encrypted, the session data traveling back and forth may be in plain text. By mimicking a person’s session over the same network, a hacker can access sites and perform malicious actions posing as some else. A brute force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years. A brute force attack can use a dictionary of common words or common passwords as a source for potential usernames or passwords. Because of the complexity of these attacks, hackers often use tools to more quickly try large numbers of usernames and passwords in hopes of finding a successful combination. 25 Draft - 26 Oct 21 - Pre-Copy Editing DEFENDING AGAINST HACKERS Hackers must choose the most appropriate tools for their goals and their target. As technol- ogy continues to expand, there will be more tools available both to attack and to defend systems. Because hackers have so many tools at their disposal, by learning about the most common hack- ing techniques, users can better equip themselves to defend their systems and personal informa- tion. Summary: There are easy, practical steps that users can take to protect their devices and secure accounts from cybercriminals. Here are practical steps that users can follow to defend against hacks: Ensure all software, including operating systems and applications, is up-to-date by in- stalling updates as they become available. Install antivirus and antimalware software to help defend your system, detect attacks, and remove viruses and malware. Disable connections like Bluetooth and Wi-Fi when not in use to prevent hackers from using them for attacks. Create strong passwords that do not include any personal information or common dic- tionary words. Passwords should be a combination of numbers, letters, and characters. Only download and install applications from trusted locations. Limit use of public Wi-Fi (i.e. Wi-Fi networks you do not own). Delete suspicious emails and train spam filters to detect them in the future. Chapter 3 discusses other security practices that can help users protect themselves from risk as- sociated with cyber security and how to apply these tips to their own lives. 26 Draft - 26 Oct 21 - Pre-Copy Editing Chapter 2 Review Questions 2.1 Explain the difference between black hat, grey hat, and white hat hackers. 2.2. Define social engineering? 2.3 List three characteristics of a phishing attack. 2.4 What is a cyberattack? 2.5 How can computers be used as a target? How can computers be used as a tool? Discussion Questions Purpose- Students will apply knowledge gained from Chapter 2 to answer the following ques- tions as a group. Discussion 1: What cyberattacks concern you the most and why? Discussion 2: What can you do to protect yourself from cybercriminals? Discussion 3: Have you ever been a victim of a cyberattack? What happened? 27 2 Draft - 26 Oct 21 - Pre-Copy Editing ACTIVITY SECTION Activity Three - Let's Go Phishing! Purpose: Students will identify differences between a phishing email and a normal email. Procedures: 1. Divide students into groups of four or five. 2. Give students the following emails. As a group, students determine which emails are phishing attacks and which are not. 28 Draft - 26 Oct 21 - Pre-Copy Editing 29 Draft - 26 Oct 21 - Pre-Copy Editing 30 Draft - 26 Oct 21 - Pre-Copy Editing 31 Draft - 26 Oct 21 - Pre-Copy Editing 32 Draft - 26 Oct 21 - Pre-Copy Editing 3: Students discuss their decisions and the reasons behind them. The group should choose one member to take notes about the discussion and prepare a short report of the findings. 4: Each group’s reporter should read their group report aloud. Summary: Protecting yourself against phishing is never an easy task. Being able to identify the characteristics of phishing is the first step in defense against the attack. 33 Draft - 26 Oct 21 - Pre-Copy Editing Activity Four - Think like a Hacker! Purpose: Students examine their social media platforms and identify what personal information can be used by hackers to attack. Materials: Computing Devices (cell phones or computers) Procedures: 1. Pair students up. 2. Each student will have 5 minutes to use their own device to see how much of the following information they can find about their partner. Full Name: Related To: Close Friends’ Names: Phone Number: Email Address: Location: Education: Associated Groups: Place visited: Shared Locations: 34 Draft - 26 Oct 21 - Pre-Copy Editing 3: Have students swap results with their partner to see how much of the information is correct. Closing Discussion: Students will discuss why this information would be useful to hackers and what information should be removed after doing this activity. Summary: The Internet is a great place to learn, shop, play, and chat with family and friends. Unfortunately, there are also cybercriminals who may try to harm you by stealing your informa- tion. In order to be safe online, it's important to limit the amount of sensitive information about yourself online to keep the “bad guys” away. 35 Draft - 26 Oct 21 - Pre-Copy Editing Activity Five - The Guessing Game Purpose: Distinguish the characteristics of different cyberattacks and cybercriminals. Materials: Notepad to keep score Marker or other writing material Timer Notecards Preparations: Write the following terms on notecards (one term per card): Trojan Adware Black Hat Hacker Phishing Pyware Ransomware Computer Virus Malware Keylogger Hacker Computer Worm Grey Hat Hacker White Hat Hacker Eavesdropping Cyberattacks Denial of Service Student Roles: Time Keeper - ensure each team has two minutes per round. Score Keeper- ensure each team receives a point per correct guess. Note: These individuals will not be a part of a team. Procedure: 1: Divide the students into two teams. 2: Shuffle the notecards and split them between the teams. The notecards should be given out face down so no one is able to see the word on each card. 3: Team 1 chooses a member to go first. That person, who becomes the actor, looks at the word on the first notecard. Then, the actor uses the information in this module to describe the term, attempting to get his or her teammates to guess it within 2 minutes.. Students cannot use the book, online resources, or any other aid. This process repeats with Team 2. Teams alternate, choosing a different actor each time, until all terms have been revealed. 36 Draft - 26 Oct 21 - Pre-Copy Editing 4: Keep score. The team earns 1 point if they guess the term within 2 minutes. If the actor uses the term on the card, then the team loses 1 point. Closing Discussion: As a group, answer the following question: 1. What challenges did you face describing or recognizing the terms? Summary: By learning about cybersecurity basics, individuals can prepare themselves for the risks that they might face in the future. If the risks are encountered, we will know what to do and how to prevent them going forward. By having a strong foundation in preventative practic- es, individuals can enhance their cybersecurity knowledge and help keep everyone safe. References: 1. Us-cert.cisa.gov. 2020. Understanding Denial-Of-Service Attacks | CISA. [online] Available at:. 2. Definition of WORM. (2020). Retrieved 17 July 2020, from https://www.merriam-webster.com/dictionary/worm 3. Ethical Hacking. (2019). CEH v10 Certified Ethical Hacker Study Guide, 1–8. DOI: 10.1002/9781119533245.ch1ransom 4. Morris Worm. (2019, July 17). Retrieved from https://www.fbi.gov/history/famous-cases/morris-worm 5. Ransomware: Definition of Ransomware by Lexico. (n.d.). Retrieved from https://www.lexico.com/en/definition/ransomware 6. Definition of VIRUS. (2020). Retrieved 17 July 2020, from https://www.merriam-webster.com/dictionary/virus?utm_cam paign=sd&utm_medium=serp&utm_source=jsonld. 7. Grebennikov, N., Grebennikov, N., Racy, E., Cody, Cody, Angie, … Dia. (n.d.). Keyloggers: How they work and how to detect them (Part 1). 8. Y. Wang and J. Yang, "Ethical Hacking and Network Defense: Choose Your Best Network Vulnerability Scanning Tool," 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), Taipei, 2017, pp.110-113, DOI: 10.1109/ WAINA.2017.39. 9. Burgers, Willem; Roel Verdult; Marko van Eekelen (2013). "Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials". 10. "Types of attacks - Sniffer Attack". Omnisecu.com. OmniSecu. 37 Draft - 26 Oct 21 - Pre-Copy Editing 11. Phishing: Definition of Phishing by Oxford Dictionary on Lexico.com also the meaning of Phishing. (n.d.). Retrieved from https://www.lexico.com/en/definition/phishing 12. Black Hat Hacker. (n.d.). Retrieved from https://www.sciencedirect.com/topics/computer-science/black-hat-hacker 13. Spyware: Definition of Spyware by Oxford Dictionary on Lexico.com also the meaning of Spyware. (n.d.). Retrieved from https://www.lexico.com/en/definition/spyware 14. Trojan: Definition of Trojan by Oxford Dictionary on Lexico.com also the meaning of Trojan. (n.d.). Retrieved from https://www.lexico.com/en/definition/trojan 15. "Malware from A to Z". Lavasoft. Retrieved 4 December 2012. [Adware] delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. 16. What is Social Engineering? Examples and. (n.d.). Retrieved from https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering 38 Draft - 26 Oct 21 - Pre-Copy Editing IMPROVING YOUR PERSONAL SECURITY Learning Outcomes - Define privacy. - Define online privacy. 3 - Explain cookies and the different types of cookies on the web. - Explain the importance of online privacy. - Explain how to protect your online privacy. Important Key Terms Computer cookies - small text files created by a web browser that store information. End-to-end encryption - a communication method that prevents unauthorized access to data while it is in transit between systems. First-party cookies - computer cookies created by a website visited by a user. Incognito mode - web browser privacy feature that prevents browsing history from being stored on the user’s device. Session cookies - allow a website to store information across pages within the site so the user does not have to repeatedly enter the same information. Third-party cookies - computer cookies created by websites not directly visited by a user. Privacy - the right to be free from being observed or disturbed by other people. Virtual private network (VPN) - internet connection that encrypts traffic from a device to a private network. Weak password - a password that is easily guessed by a human or computer. Web browser - a software application used to access websites. 39 Draft - 26 Oct 21 - Pre-Copy Editing PRIVACY Imagine that Ashley is browsing online for a gaming system. After finding the right one, she buys it and continues with her day. Later, when Ashley returns to her computer to browse the internet, she begins seeing advertisements for the gaming systems she viewed earlier. Ashley wonders why she is seeing these advertisements on websites that are unrelated to gaming. When users like Ashley browse the internet, websites capture and share information with marketers. The easiest way for businesses to identify Ashley’s interests and habits is by watching her online behavior and internet searches. The developers of websites believe they can optimize a user’s experience if they better understand the user’s interests. However, websites that track, monitor, and share user information raise privacy concerns. Privacy is the right to be free from being observed or disturbed by other people. Privacy concerns often arise related to sensitive information. Whether you are worried about a security camera tracking your movements in a store or a computer sharing information about the websites you visit, privacy is a concern both in the physical world and in the digital world. Also, when you are present in cyberspace, there are new opportunities for criminals to gather your sensitive information. As the scope of activities we conduct online continues to increase, so do the related risks to our privacy. This chapter discusses the trade-off between the convenience of the internet and the loss of privacy that comes with it. This chapter also introduces the concepts of online privacy, cookies, strong passwords, and other precautions to aid in privacy protection. ONLINE PRIVACY Internet privacy is the ability of individuals to control what information is accessible to others online. Internet priva- cy is a part of the larger concept of data privacy, which ensures companies use customer information only for its intend- ed purpose. An essential aspect of data privacy is personally identifiable infor- mation (PII). PII can identify an individ- ual either alone or in combination with other personal information. PII includes information like phone number, address, social security number, email address, and photographs. As an example, while Bob is visiting a social media website, a survey appears. Bob decides to complete the sur- vey because it promises a chance to win a prize. The survey asks Bob to enter his 40 Draft - 26 Oct 21 - Pre-Copy Editing username and password along with other sensitive information like his address, social securi- ty number, and bank information in case he wins the prize. Not long after Bob completes the survey, he begins receiving calls from his bank about unusual activity on his account. It turns out the survey was a scam used by cybercriminals to perform a PII harvesting attack and obtain Bob’s sensitive information. The cybercriminals have stolen Bob’s information and sold it on the dark web. To understand how internet privacy works, users must consider privacy risks. Privacy risks occur when events allow attackers to compromise user privacy. The events include, but not limited to: Browsing -- A web browser is a software application used to access websites. In short, a browser retrieves information from the internet and displays it on a computing device. Browsers share various types of information with the sites the user visits, including the browser type, computer system type, display resolution, and battery level of the device. All browsers allow users to adjust their privacy settings. While these settings provide users with some level of control over whether their private information is stored or shared, the amount of privacy protection varies from browser to browser. Emailing -- Malicious users gain access to sensitive information by hijacking emails. Hijacking occurs when an intruder intercepts communications while in transit. For example, a user may send an email containing private information. As that email travels through the network, it can pass through untrustworthy nodes before reaching its destination. There is the potential that an unauthorized can intercept the communication and access confidential information. Unfortunately, there is no way to verify that an unauthorized party accessed the email; therefore, an invasion of users’ privacy occurs without the user’s knowledge. Online shopping -- To make an online purchase, a user typically has to enter their credit card number, expiration date, and security code. The user can choose to allow the website to store this information for later use. However, this convenience comes with a risk. If a cybercriminal can break into the database that houses this financial information, they will then be able to make unauthorized purchases or sell the information on the darknet. COMPUTER COOKIES Computer cookies are small text files created by a web browser that store information. The cookies pass information between the web browser and the web servers. The primary purpose of computer cookies is to track a user’s activity on a website. When a user visits a website, the browser saves a cookie file that stores information about the user’s identity and activities. Each time the user returns to the website, the browser can pass this information back to the server to facilitate the browsing session. Online stores use cookies to record information about a customer, including items the user browses. This information prevents the customer from having to perform the same search again. 41 Draft - 26 Oct 21 - Pre-Copy Editing For example, users may see advertisements for products that are similar to those from their previ- ous searches. These types of cookies help companies better target their marketing to a particular audience. There are different types of cookies: First-party cookies are created by the website the user visits. First-party cookies help the website provide a good user experience by remembering user preferences and session information. Companies share this information with advertising agencies to target their marketing to a particular audience. Each website has a separate first-party cookie. Third-party cookies are created by websites not directly visited by the user. Often an advertising site may place a cookie on a user’s device to track behavior so they can better target advertisements. In our earlier example of Ashley, as she browsed for gaming systems, a third-party cookie from an advertiser stored information about that search. This information then helps the advertiser know to show Ashley advertisements for gaming systems the next time she is online. Unlike a first-party cookie, the third-party cookie can track information from multiple sites. Session Cookies allow the website to temporarily store information throughout one session of visiting a website. A session may include visits to multiple pages. For example, a session cookie can store login information so the user does not have to enter it repeatedly on each page. Session cookies are temporary and are stored only for the session. Persistent Cookies exist for more than one session to provide websites with user preferences or settings on future visits. For example, users can personalize their settings for their school website to show the types of information of most interest to them first. Persistent cookies stay on the user’s browser for an extended time but may have an expiration date. Computer cookies store personal information. A common misconception is that by deleting cookies, users are protecting their internet privacy. While deleting cookies can preserve some level of privacy, protecting internet privacy involves more than deleting cookies. PROTECTING INTERNET PRIVACY With the increase in websites and services, users can store their information in more places, which increases their exposure to privacy threats. To ensure internet privacy, users must safe- guard information they share online. As discussed above, cookies monitor behavior to enhance the user’s experience. However, malicious entities can also monitor behavior to exploit users. To reduce the threats from malicious actors, users must implement security practices to pro- tect their personal information. Users must also take the time to understand how websites handle users’ personal information. If users are not responsible for protecting their personal information, they leave themselves open to cyberattacks. Users can protect their privacy by implementing the following security practices: 42 Draft - 26 Oct 21 - Pre-Copy Editing 1. Check the company’s privacy settings -- Many online services help users protect their information by providing privacy settings, including blocking who can see certain content, limiting access to photos and videos, and restricting account access. Users should enable these privacy features to reduce the chances of malicious users obtaining private information. 2. Take care when storing private information in a cloud storage location -- Sites that store and share information provide convenience for a user. For example, a user can use these services to easily share photos from a trip with their friends. However, users should avoid storing sensitive information, like potentially embarrassing photos, in a public cloud. If a cloud service is hacked, the risk of vacation photos falling into the wrong hands is much less severe than the risk of embarrassing photos being stolen. 3. Avoid online tracking on shared devices -- When a user browses the internet on a shared computer, they have the potential of revealing confidential information. For example, when Emily surfs the web on a public computer, the browser saves information in a cookie. Other users of the same device can potentially access those cookies. Emily can prevent the shared device from storing her information by using the incognito mode on the browser. Incognito mode is a web browser privacy feature that prevents browsing history from being stored on the user’s device. 4. Use a secondary email address to sign-up for websites -- By using a separate “junk” email address to interact with websites, users can reduce the amount of unwanted emails that arrive in their primary account. If the user does not expect to have ongoing communication with the site, using the “junk” email address will route all the communication, and associated spam from the email address being shared with other sites, to this separate account where it can be ignored. 5. Use messaging apps with end-to-end encryption -- End-to-end encryption is a communication method that prevents unauthorized access to data while it is in transit between systems. When sending confidential or sensitive information, individuals want to ensure that no one tampers with or accesses the communication. Messaging applications that use end-to-end encryption, encrypt (or make unreadable) the message on the sender’s device, transmit the message over the network in an unreadable format, and decode the message on the recipient’s device. Even if a malicious user intercepts the message, it is unreadable. 6. Use secure passwords -- A weak password is a short, commonly used word or phrase easily guessable by a human or computer (e.g., “123456” or “abcdef”). Use of a weak password makes it easier for malicious users to gain unauthorized access to a user’s accounts or information. The simpler the password, the easier it is to detect. Use of strong passwords reduce the chances of unauthorized access to accounts, information, or devices. In addition, using a unique password for each site will also reduce the chances of unauthorized access. Below are suggestions for creating and using strong passwords: 43 Draft - 26 Oct 21 - Pre-Copy Editing Do not share passwords across multiple sites Do not write your passwords down in a place where others can find them Use passwords of at least eight (8) characters Use combinations of uppercase letters, lowercase letters, numbers, and special characters Do not use someone’s name, birth date, or words found in the dictionary Substitute characters for letters or numbers. Instead of using “a” use “@.” Update passwords frequently Use a secure password manager to store complex passwords so you do not have to remember them. 7. Review permissions for mobile apps and websites -- Sometimes, excited mobile app users do not fully review terms and service agreements, which may give the app permissions to access more information than necessary. For example, an app used for audio recording might ask for permission to access a user’s contact list. The user must decide whether the permissions requested are really necessary. Sometimes apps need permission to access specific functions to operate correctly. However, other apps may use this access for less legitimate purposes. In many cases, the user will not be able to install an app without granting the requested permissions. The user should carefully consider whether the risk is worth it. In any case, the user should restrict permission to use device features to only the times the app is in use. 8. Use a VPN when accessing public Wi-Fi networks -- Use of public Wi-Fi, while convenient, may introduce unnecessary privacy risks. If the Wi-Fi is unencrypted (which is the typical case), a malicious user can spy on the network traffic. Therefore, users should avoid transmitting sensitive data over a public Wi-Fi. Users may also employ a virtual private network (VPN), which encrypts traffic from the device to a private network over the internet. For example, Michael may access the public Wi-Fi at a coffee shop and then use a VPN to connect to the private network at his school. Then, when Michael sends information between his device and his school’s network, that information is encrypted. Even if a malicious user intercepts the information in transmission, that information is unreadable. Summary: Protecting confidential and sensitive information when using the internet may seem like a daunting task. However, it is possible for a user to greatly reduce the chances of expos- ing this information. When a user goes online, advertisers, merchants, and even cybercriminals track every action. Therefore, users must be proactive to ensure their private information does not fall into the wrong hands. By putting into practice the recommendations in this chapter, a user can greatly reduce the likelihood of a privacy invasion. 44 Draft - 26 Oct 21 - Pre-Copy Editing Chapter 3 Review Questions 2.1 Define internet privacy. 2.2. List the different types of cookies and explain their purpose. 2.3 List three ways that your privacy can be invaded. 2.4 What is a VPN? How does it protect privacy? 2.5 What is end-to-end encryption? 2.6 List five ways that users can protect their privacy. Discussion Questions Purpose- Students will apply knowledge gained from Chapter 3 to answer the following ques- tions as a group. Discussion 1: Do you think people have the right to online privacy? Discussion 2: Is maintaining access to technology and online content more important than having privacy? Is there a way to have both? Discussion 3: Who or what is the greatest threat to online privacy? 45 Draft - 26 Oct 21 - Pre-Copy Editing ACTIVITY SECTION Activity Six - Passing Encrypted Notes 3 Purpose: To demonstrate the risks of sharing information over an unsecured network and how encrypting information can reduce those risks. Materials: Notecards Writing utensil Yarn or string Scissors Hole puncher Preparations: Cut the yarn into lengths of 8 ft. Use the hole puncher to create a hole in the top corner of each notecard. Procedures: 1: Divide cadets into groups of 3. Cadet A is the sender, Cadet B is the malicious user, and Cadet C is the recipient. Cadet A and Cadet C will stand an equal distance apart. Each cadet will have one end of the string. 2: Cadet A will write something on the notecard and send it to Cadet C by sliding it along the string. Cadet C will then write something on the notecard and pass the message back to Cadet A. Cadet B will intercept the note before it reaches Cadet A, he or she will read the note aloud. Note: This depicts the way unsecured networks work: malicious users (Cadet B) can intercept communications on unsecured networks and decipher two-way conversations, exposing Cadet A and Cadet C’s private information. 46 Draft - 26 Oct 21 - Pre-Copy Editing Figure 1: Activity Set-Up 3: Cadet A and Cadet C will develop an encryption code on a sheet of paper. To develop an encryption code, the cadets should assign a different letter or other symbols to each letter in the alphabet. Cadet B should not see the code Cadet A and Cadet C are developing. However, Cadet B may be allowed to eavesdrop and strategize about breaking the code. The eavesdropping represents a type of attack on end-to-end encryption. 4: Cadet A and Cadet C will return to their positions and repeat Step 1, this time with an encrypted note. Before passing along the note each time, Cadet B will copy it (either by taking a photograph with a smartphone or manually copy it down). Ask Cadet B if they can decipher what the encrypted message says. Note: This is an example of how to ensure information when communicating online by using encryption! Summary: End-to-end encryption can provide security in terms of integrity and privacy for users if implemented correctly. There are many online end-to-end encryption tools available to help users maintain their privacy and integrity. Activity Seven - Privacy Policies Purpose: To demonstrate how privacy policies work on social media websites or applications. Materials: Computer or mobile devices Pen Paper Procedures: Divide cadets into groups of three or four. Each group will pick a social media website or app used by a majority of the group. The cadets will look up the privacy policy for the selected site or app and answer the following questions: 1. What data is collected by the social media website or app? 47 Draft - 26 Oct 21 - Pre-Copy Editing 2. How can your data be used? 3. With whom will the social media company share your data? 4. Does the site disclose personal information to third parties? 5. How can third parties use your data? 6. Do you have to explicitly say you agree to the website's privacy policy before sharing your information? 7. Can the users change their privacy settings and preferences on their accounts? 8. Does the user have the option of deleting their account? 9. Who is responsible for liability in the event of a security breach? 10. Does the site notify users if and when it changes its privacy policy? Summary: Users should carefully read the privacy policies before using an app, site, or service to ensure that their privacy rights are not violated. Activity Eight - Where Did Your Data Go? Purpose: To demonstrate the problems with sharing information online. Materials: Paper, poster, or whiteboard Writing Utensil Roles: The sharer - will write some information about a fictional character on the board or a poster. The re-sharers (everyone else in the squadron) - will copy what the sharer writes on the board. Procedures: 1: The “sharer” writes information about herself or himself on the board. The information should not be sensitive and can even be made up. The “sharer” then leaves the room. 2: The “re-sharer(s)” have 30 seconds to copy the information written on the board to pieces of paper and hide those pieces of paper in the room. 48 Draft - 26 Oct 21 - Pre-Copy Editing 3: The “sharer” returns and has 3 minutes to find every copy of the information created by the “re-sharer(s). Note: It is unlikely that the sharer will find every slip of paper; this activity highlights how difficult it is to take back information once shared on a social media site or application. Even if the sharer successfully recovered every slip of paper, the “re-sharers” will still know what the note said. Summary: Once a user posts vital information online, there is no turning back. Your data can end up in the wrong hands. If it's too personal, then keep it to yourself. 49 Draft - 26 Oct 21 - Pre-Copy Editing PROTECTING YOUR DIGITAL FOOTPRINT Learning Outcomes - Define digital footprint. 4 - Discuss online usage and online reputation. - Describe the characteristics of a healthy digital footprint. - Identify cyberbullying and cyber predators and how to protect/report these attacks. Important Key Terms Active footprint - a trail of data intentionally left behind by a user who is deliberately sharing information about themselves on websites. Cyber bullying - a form of harassment using electronic communication, with the intent of in- timidating or threatening a person or group of people. Cyber predator - an individual who exploits people via the internet intending to cause psycho- logical, emotional, sexual, physical, or emotional harm. Cyber stalking - the use of electronic communications to harass or stalk someone. Cyber trolling - harassment targeted at an individual, relies on the engagement of other users to provide the potential victim. Digital footprint - a trail of data created by a user through online activity. Metadata - descriptive data that contains information about other data. Passive footprint - a trail of data unintentionally left behind by a user without that user’s knowledge Jake is applying for an internship with a local aviation company. Jake notices the application requires his social media information. Prior to completing the application, Jake goes to his social media accounts and deletes information he thinks might cost him his internship opportunity. Jake then completes the application and waits for the company to contact him. The potential employer receives Jake’s application and begins the review process. The com- pany uses Jake’s social media account information and his name to search online for information that can provide insight into his behavior. During the search, the potential employer finds old posts from Jake describing behavior the potential employer finds inappropriate. The potential employer then sends Jake a letter explaining that he is not the best fit for the company. 50 Draft - 26 Oct 21 - Pre-Copy Editing This chapter discusses how users, like Jake, can damage their digital footprint by practicing unethical behaviors online, the consequences of having an unhealthy digital footprint, and online safety practices. DIGITAL FOOTPRINT A digital footprint is a trail of data created by a user through online activity. Online ac- tivities include social media posts, online purchases, visiting websites, and communicating with others. There are two types of digital footprints. An active footprint is a trail of data intentionally left behind by a user who is deliberately sharing information about themselves on websites. For example, an active digital footprint results from a logged-in user making comments in an online forum or social media site. Because the user’s name or profile can be linked to these posts, it is surprisingly easy to find out a lot about a person from the trails they leave behind. A passive footprint is a trail of data unintentionally left behind by a user without that user’s knowledge. For example, a passive footprint occurs when a website collects and stores information about how many times a user visits. Whether someone leaves behind information intentionally or unintentionally, other people can access that data. Depending on the amount of data someone leaves behind, other people can find a large variety of data through a simple search engine. In the example above, Jake uninten- tionally left data online that the potential employer found. By searching Jake’s name, the employ- er was able to locate various information about his behavior. How is a digital footprint used? Digital footprints contain metadata and other sensitive information that can affect the secu- rity and privacy of users. Metadata is descriptive data that contains information about other data, for example, date, time, or location. Cybercriminals can use metadata to locate a user at a specific date and time. In addition to metadata, a digital footprint can contain sensitive information like demographics, religion, medical conditions, or interests. A cybercriminal can use this information to identify a target for burglary, fraud, or identity theft. For example, Mike lists his birthday on the public version of his social media account. Recently, Mike made a public social media post of a picture from a visit to his hometown. If a cybercriminal knows (or can guess) where Mike banks (for example based on ‘likes’ on Mike’s social media), the cybercriminal has the information he or she could potentially use to answer security challenge questions to gain unauthorized access to Mike’s bank account. This example is a reminder to be careful not to post sensitive information where it is publicly accessible. It is important for users to consider how they share information online and how that infor- mation is stored. Content shared on the internet can remain accessible even after the user thinks he or she has deleted it. Companies often maintain records of posted information for legal pur- poses, if needed in the future. For example, the victim of a crime may subpoena the records from a social media site or other online organizations to support his or her course case. Because of the uncertainty of how long data remains available online and the ownership of shared content, it is important to have a healthy digital footprint. If a user’s digital footprint 51 Draft - 26 Oct 21 - Pre-Copy Editing exhibits unhealthy, or even illegal, behavior, that footprint can be detrimental to the user’s future job prospects. There are two main factors that contribute to a digital footprint: online usage and online reputation. ONLINE USAGE Online usage is data flowing between a user’s computer and the internet. Data flows from the user’s computer to the internet (upload) and from the internet to the user’s computer (down- load). Whether it’s browsing the internet, chatting with friends, playing online games, or sharing photos online, any online activity users engage in generates information. Online usage can affect a user’s digital footprint depending upon the type of content they engage with or share. Terrorist or hate groups often use online platforms to post content and promote their ideas. If a user associ- ates himself or herself with one of these groups online, it could have a potentially negative impact on their digital footprint. User’s should be careful about their online affiliations as they can have either a negative or a positive effect on future social and professional opportunities. Users also need to take care about what information they share online. Doing something as seemingly simple and innocent as sharing a funny video or photo could unknowingly provide information a criminal needs to commit identity theft. For example, Adam Savage, one of the hosts of the “MythBusters” show, posted a picture of his vehicle in front of his house. The photo contained metadata that included the latitude and longitude of the photo’s location. People who saw the post were able to identify exactly where he lived. The picture also had a caption that read “Now it’s off to work.” These two pieces of information together told potential thieves the location of his residence and that its occupant was currently at work, making it a prime target for a crime. ONLINE REPUTATION An online reputation is a collection of data that describes an entity (that is, a company, person, product, or service). Once information about an entity is available online, it is available to the public and should no longer be considered private. If a user searches for the entity, they may find posts, articles, photos, videos, social media profiles, and public records data. As the user con- tinues their search, they might find additional information posted by other users that contributes to the online reputation of the entity. The way that the user interprets this information produces the entity’s online reputation. An individual’s online reputation can affect their potential jobs and social relationships. As in the example earlier in this module, many employers commonly use online background checks. Potential employers can use the information about an applicant’s online reputation to help decide whether they are a good candidate for the job. A person’s online reputation can provide a poten- tial employer with information to estimate how the applicant may interact with clients and other employees. Online reputations can also be impacted by false information. When someone posts or shares information about an entity that is not true, it can damage the online reputation of that enti- ty. Once this type of false information is available online, preventing its dissemination is difficult. A user can post false information either innocently (that is, they are unaware that it is false) or 52 Draft - 26 Oct 21 - Pre-Copy Editing maliciously (that is, knowingly posting false information with the intent to harm). Maliciously spreading false information about an entity with the goal of harming their online reputation can result in cyberbullying. CYBERBULLYING Cyberbullying is a form of online harassment that uses electronic communication to intim- idate or threaten a person or group of people. This bullying behavior includes actions like posting rumors, threats, sexual remarks, hate speech, or sensitive information about someone else. Cy- berbullying can occur through text, apps, email, social media, gaming platforms, and chatrooms. Cyberbullying can damage relationships because bullies can cause psychological or emotion- al harm to victims. As a result, cyberbullying victims may experience anxiety, depression, low self-esteem, and even suicidal thoughts. Unlike traditional bullying, victims of cyberbullying may not know the identity of their bully or why the bully is targeting them. Cyberbullying has wide-reaching effects because of the large number of users that can see, share, and spread the negative content once it is avail- able. Some cyberbullying activities are unlawful. Cyberbullying tactics include cyberstalking and trolling. CYBERSTALKING Cyberstalking is the use of electronic communications to harass or stalk another user. This cyberbullying tactic can threaten the victim's safety. Cyberstalkers repeatedly send threatening messages with the intent of causing harm. They can also encourage other people to participate in these activities. Cyberstalking is more than just the annoyance of receiving unsolicited email. Cyberstalking is considered an extension of physical stalking. Due to the large amount of online data, a cyberstalker can easily locate sensitive information about a potential victim. To prey on their victims, a cyberstalker may create a web page that con- tains fake or fictitious information about their victim. The cyberstalker could also assume their victim’s identity to discredit the victim’s reputation, post embarrassing details about the victim, or solicit unwanted attention from other users. Cyberstalking includes several actions over time that cause distress to the targeted victim. Due to the rapid advancement of technology, anyone can be a victim of cyberstalking. Victims of cyberstalking can experience a large range of physical, emotional, and psychological distress including trouble sleeping, increased stress, eating disor- ders, and the loss of personal safety. A cyber predator is someone who uses the internet to cause psychological, emotional, sexual, physical, or emotional harm to a victim. Cyber predators use cyber stalking to monitor or find their victims. Many cyber predators gain the trust of potential victims and lure them in by assuming a false identity or by lying about their details of their identity. Once a cyber predator has gained the trust of the potential victim, he or she usually begins communicating with the potential victim and monitoring their online behavior to identify ways to exploit the potential victim. These actions are illegal. Authorities can take legal action against cyber predators if they are caught and convicted. Here are some tips for fighting cyber predators and other criminals online: 53 Draft - 26 Oct 21 - Pre-Copy Editing 1. Avoid revealing sensitive information such as your full name, address, or other identifying information. 2. Do not communicate with strangers or suspicious users. 3. Never agree to meet someone you do not know in person. 4. Report inappropriate or odd behavior or actions that make you uncomfortable to the web site owners or other authorities. 5. Avoid using suggestive usernames or photos in your profile that could attract unwanted attention. CYBER TROLLING Cyber trolling, another form of cyber bullying, is harassment targeted toward an individual that relies on the engagement of other users to provoke the victim. Internet trolls provoke their victim to elicit a reaction. Trolls exist on several digital platforms, from group chats to social me- dia. Trolls have varying goals: some engage in cyberbullying while others are just up to mischief. It can be difficult for users to distinguish between a troll and a legitimate user who just wants to dialogue about a topic. Some characteristics of a troll include a condescending tone, unrelated images, a dismissive attitude, and off-topic offensive remarks. Cyberbullying, cyber trolling, and cyberstalking, can damage your online reputation and result in criminal action. States have varying ways of handling users who engage in these harmful activities, including fines, community service, and even jail time. In some cases, academic ins

Aerospace Dimensions - Cyber Security Module PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue