CC 201-001 Final Exam Study Guide

How a cell phone call works?

How a cell phone call works: 

• Cell phone radios nearest cell tower

• Wire/fiberoptic line carries call over to wireless access point

• Call gets routed to a backhaul

• Incoming call/data comes back from backhaul, travels up through access point to antenna  and reaches another phone

Triangulation 

• Tracking a phone based on the three towers it connects to simultaneously  

Man in the middle 

• Ex. chess games with 2 grandmasters

o Guarantee beating at least one of them by playing each of their moves against the  other If you want to learn more check out What are the three theories on dual-task performance bottlenecks?

• Many computer attacks operate on same principal

Thomas ridd- 4 components

• DNS Spoofing is an example of a man in the middle attack 

o DNS Spoofing- attack on the computers that translate website names into IP  addresses  

▪ Attacker can pretend to be a DNS and redirect a user’s request for Google  to any IP address they choose If you want to learn more check out Where is melodrama usually observed?

• Usually means a fake site designed to look like the site the user is  

attempting to reach

IMSI-Catcher 

• Cellphones have to connect to cell towers to make calls

• phones can be tricked into connecting to fake towers (IMSI catcher)

• International Mobile Subscriber Identity

o Unique code given to every cell phone

What is cyber terrorism?

• Phone broadcasts its IMSI when searching for a cell tower

o Makes it possible for law enforcement to target a single phone  

• IMSI catchers have to connect to non-target phones to work

o If you are in the vicinity of a criminal, you may also be connected to the IMSI  catcher

▪ EFF doesn’t like IMSI catchers because of the privacy implications

Stingray:

• Most popular IMSI 

• Can be mounted to ground vehicles, planes, helicopters, drones, etc.

• “KingFish” hand-carried version

Secrecy:

• these types of devices and their use have been kept mostly secret

• 2014

• FL police admit to using a stingray at least 200 times since 2010 without disclosing it to  the courts or obtaining a warrant Don't forget about the age old question of What do bacteria do with lactose?

• ACLU sued to gain access to get records

• Marshalls service seizes records before ACLU can obtain them  

• Fed gov’t argues that stingrays are little more than a modern pen register

Smith v. Maryland

• Stingrays reveal location not just the phone numbers dialed

• Kerron Andrews

o Convicted of 2014 shooting

o Defense attorney wanted to know how the police found Andrews – the  prosecutors withheld the information saying that they didn’t know  

o Prosecutors state 5 months later that a stingray was used

o Andrews was convicted but appealed arguing that without a warrant the stingray  evidence was inadmissible

▪ Won appeal

• Reject argument that he wasn’t voluntarily sharing location with  If you want to learn more check out The statistical problem "bias" is defined as what?

police

• 73-page opinion harshly rebuked Baltimore police for use of  

stingray  

• “cellphone users have an objectively reasonable expectation that  

their cellphones will not be used as real-time tracking devices,  

through the direct and active interference of law enforcement”  

o because of case, Justice department announced new policy requiring FBI and  other federal agents to obtain a search warrant before using stingrays

o new policy forces prosecutors to obtain warrant and disclose to judges the specific  technology they are using

o Policy not law

▪ Could end up being heard by Supreme Court and forced to decide on  

constitutionality  

Stingray’s can also…:

• Can block phone calls and record phone calls

• Most pressing issue is that people can make them  

o Retail Stingrays priced around $50,000

o Hackers can make them themselves using off the shelf parts for around  $1,500 We also discuss several other topics like What are the 4 main types of grand strategy?

▪ Being used in public

▪ Large hacker conference called “DefCon”

• Before conference- 8 cell towers

• After conference- 38 cell towers

Conclusion:

• IMSI catchers have been used to great effect but the capabilities they have and the ease of  replication make malicious use possible

• Constitutionality will be debated in courts over next few years If you want to learn more check out What country has the most technologically advanced country in 1500?

Cyberterrorism

Thomas Ridd- 4 components 

o Crime

o Espionage

o Subversion

o Cyber sabotage  

Cyber Terrorism  

• Essentially cyber sabotage- attacking critical infrastructure  

• Why haven’t we seen one yet? 

o Those with capabilities don’t have intention 

o Those with intention don’t have capabilities  

Cyber terrorism

• Act of internet terrorism 

o Acts of deliberate large-scale disruption of computer networks

• Controversial term

Defining terrorism

• No universal agreement of the definition

• Governments have been hesitant to make an agreed upon legally binding definition • Most common definition of the word: 

o Use or threat of use of violence to make political, religious, or ideological change o Can only be committed by non-state actors/undercover personnel

o Reaches more than immediate target victims- also targets larger spectrum of  society

o Both mala prohibita (crime is made illegal by legislation- gambling, prostitution,  drug use) and mala in se (inherently immoral or wrong – murder, rape, etc.) • It is NOT

o Wartime acts of violence where one nation attacks another nation

o Reasonable acts of self-defense

o Legitimate targets in war

o Collateral damage – death of innocent civilians when trying to take out legitimate  targets

So what is cyber terrorism?

• Kaspersky – “cyberterrorism” is more accurate than “cyberwar” 

• “with today’s attacks you are clueless about who did it or when they will strike again. It’s  not cyber-war, but cyberterrorism”

• large scale cyber weapons like Flame Virus and NetTraveler Virus can be equally  destructive

• Assuming we use a strict definition, there have been no or almost no identifiable  incidents of cyberterrorism 

• Death or loss of property are the side products of terrorism- main purpose is to create  terror in people’s minds

The definition we typically use:

• “ the use of information technology by terrorist groups and individuals to further their  agenda. This can include use of information technology to organize and execute attacks  against networks, computer systems and telecommunications infrastructures, or for  exchanging information or making threats electronically …”

Levels of cyber terror capability:

• 1999- Center for the Study of Terrorism and Irregular Warfare

o publish report “Cyberterror: Prospects and Implications”

▪ want to articulate demand side of terrorism

▪ argue 3 classifications

• Simple-Unstructured 

o Group that can conduct basic hacks against individual  

systems using tools created by someone else. Organization  

possesses little target analysis, command and control, or  

learning capability

• Advanced-Structured 

o Ability to conduct attacks on multiple systems or to  

modify or create basic hacking tools. Possesses elementary  

target analysis, command and control, and learning  

capability

• Complex-Coordinated 

o Ability to conduct a coordinated attack capable of causing  

mass disruption. Are capable of creating sophisticated  

hacking tools; very capable in terms of target analysis,  

command and control, and organization learning capability

2007 Cyber attacks in Estonia

• Bronze statue of WWII-era soviet soldier in Tallinn- the capital

• Estonia is a sovereign nation now and they dislike the policies of current-day Russia o Announce that they will be moving statue in 2007 

• Immediately attacked with a massive DDoS that took out the internet for 3 weeks • Affected online banking, mobile phone networks, etc.

• Russia was suspected for the attack

• As of 2008 Russian authorities had been denying any investigation cooperation o Eliminates the chances of perpetrators that fall within Russian jurisdiction being  brought to trial  

Stuxnet (2010) (the God Hack)

• Malicious computer worm believed to be a jointly built American-Israeli cyber weapon,  although no organization or state has officially admitted responsibility

• However anonymous US officials spoke to The Washington Post claiming that it had  been developed during the Bush Administration to sabotage Iran’s nuclear program • Specifically targets programmable logic controllers (PLCs)

o Allow automation of electromechanical processes like those to use to control  machinery on factory assembly lines, amusement rides, or centrifuges for  separating nuclear material

o Relied on exploiting four zero-day flaws – sought out Siemens Step7  ▪ Part of your software that can be attacked and no one knows about- so  people can be attacked in ways that they don’t expect 

▪ Called zero-day because it’s been public for zero days

▪ One zero-day can be bought for $100,000

o Stuxnet compromised Iranian PLCs collecting information and causing the fast spinning centrifuges to tear themselves apart

o Infection occurred through an infected USB drive

o Worm propagates across network, scanning for Siemens Step7 software on  computers controlling a PLC

▪ If either of the criteria needed are not present, then Stuxnet becomes  

dormant

▪ If both criteria are met, then Stuxnet introduces the infected rootkit onto  the PLC and Step7 software, modifying the codes and giving unexpected  commands to the PLC while returning a loop of normal operations system  values feedback to the users

• Government built complex in Ohio to test the worm

o Cost $5 million

• Copies of Stuxnet have been found on the International Space Station

What does it all mean?

• most advanced computer worm ever seen

• estimate it took about 100 different people coding this- finding zero-day flaws is  extremely time consuming and expensive

• virus designed to infect air-gapped computers (computers not connected to internet)  • Virus would only attack Siemens PLCs attached to nuclear centrifuges • Could go both ways- also recorded data and updated hackers

• would feed false information to people using centrifuges  

• Would delete itself after it had delivered its “payload”

o Virus was discovered by accident. One of the infected computers lost power  during the self-deletion step which meant that parts of the virus remained. o Had this not happened we may have still not known about Stuxnet today

Encryption:

• Process of encoding messages or information in such a way that only authorized parties  can read it 

• Does not itself prevent interception, but does deny the message content to interceptor • Plaintext is encrypted and created ciphertext that can only be read if decrypted 

HTTPS (web traffic):

• To be able to conduct sensitive activities online (online banking, etc.) browser must be  able to protect information

• Does this through HTTPS protocol (Hypertext Transfer Protocol Secure)

Client-Server

• Web browsing in both HTTP and HTTPS uses a model known as Client-Server o On-the-fly encryption requires the client-server model to use the “handshake” ▪ Multi-step process allows a comp. and server that have never  

communicated before to establish a cypher that protects all subsequent  

communication from both hackers and the govt. 

The TLS Handshake

• 4 different phases

o 1. negotiation phase

▪ client sends ClientHello message specifying highest TLS protocol version  it supports, a random number, a list of suggested cipher suits, and  

suggested compression methods

▪ server responds with ServerHello message with chosen protocol version,  random number, CipherSuit and compression method from choices  

offered by client

o 2. client ChangeCipherSpec phase

▪ Client sends ChangeCipherSpec record

• Basically tells server “everything I tell you from now on will be  

authenticated (and encrypted if those parameters were present)”

o 3. Server ChangeCipherSpec phase

▪ server sends ChangeCipherSpec telling client “everything I tell you from  now on will be authenticated (and encrypted if that was negotiated)”

• server sends authenticated and encrypted finished message

• client decrypts and verifies

o 4. Application phase

▪ security has been established, so communication can continue securely ▪ if either client or server have been previously compromised, traffic’s  

encryption can be broken

• evidence that this is one way US govt. conducts some espionage

▪ HTTPS is vulnerable to man-in-the-middle attacks

TOR (“The Onion Router”- web traffic):

• Free software for anonymous communicating

• directs internet traffic through a free, worldwide, volunteer network consisting of more  than 7,000 relays to conceal a user’s location and usage from surveillance • Tor makes it more difficult to trace internet activity back to users

o Includes visits to websites, online posts, instant messages, etc.

• Intended to protect personal privacy of others by keeping internet activities from being  monitored

Onion Routing: 

o Onion network messages are encapsulated in layers of encryption (like layers of an  onion)

o Encrypted data is transmitted through series of network nodes (called onion routers), each  node “peels” away a single layer to uncover the data’s next destination

o Final layer is decrypted at destination

o Sender remains anonymous because each intermediary knows only location of  immediately preceding and following nodes

The “Dark Web”

• Can visit regular websites but can also access TOR-only websites (Hidden services) • Hidden services are known as “Dark Web” because they are not accessible with a  regular browser + do not show up when searched for on Google, etc.

• Hidden service websites cover legal and illegal content

o Gambling, guns, illegal pornography, hacking, counterfeiting, whistleblowing,  Bitcoins, and drugs

PGP (email):

• Pretty Good Privacy

o Encryption program that provides cryptographic privacy and authentication for  data communication

o Often used for signing, encrypting, and decrypting texts, emails, files, directories,  and whole disk partitions 

o Created by Phil Zimmerman in 1991

o Still used today- Edward Snowden and Glenn Greenwald

o Makes use of public keys to encrypt messages

o Public keys can be listed online in order to establish identities

Edward Snowden:

• Worked for Booz Allen Hamilton  

• Subcontractor for NSA

• Realized tasks he was being asked to do were not exactly legal so he began taking data • Contacts Glenn Greenwald

• Glenn originally ignores Snowden for 3 months

• Snowden contacts Laura Poitress who convinces Greenwald to talk with Snowden • Eventually Snowden begins to leak information he obtained from the NSA through  Greenwald

Reasons:

• “State power against people’s meaningful ability to oppose state power” • privacy is important and Snowden saw that being taken away

• intellectual freedom

Glenn Greenwald:

• Publishes stuff critical of government

• Helps Snowden leak government documents taken from the NSA through his reporting

Cryptocat

• Open source desktop application  

o Intended to allow encrypted online chatting 

o Developed by Nadim Kobeissi 

o First launched 2011

• Allows users to set up end-to-end encryption 

o Means messages are always encrypted

o Users can exchange messages, files, photos, and recordings

o Users link devices to their Cryptocat account and can identify each other’s  devices 

▪ Prevents man-in-the-middle attacks

End-to-end encryption: 

• Alice starts the app and both a public and private key are created

o The private key never leaves Alice’s phone  

• The public key gets stored on a server where it is available to anyone who sends her a  message

• When Bob sends Alice a message, her public key is retrieved from the server and used to  encrypt his message in a way that only her private key can decrypt it

• The encrypted file is then sent through the server to Alice

• Alice gets the file and her private key is used to decrypt the message

• Messages between the two are always encrypted

Nadim Kobeissi: 

• Computer programmer born in 1990

• Based in Montreal

• Known for speaking publically against internet censorship and internet surveillance • When he flies through the US he generally gets the “SSSS” code on his boarding pass  which will ensure that he is stopped and searched

o Kobeissi says that the majority of interrogations he undergoes focus on his  development of the chat client

Hard Disk Encryption: 

• Disk encryption= technology which protects information by converting it into unreadable  code that cannot be deciphered easily by unauthorized people

• Uses disk encryption software or hardware to encrypt every bit of data  • Typically used by governments, corporations, people committing illegal acts- child  pornographers  

Transparent Encryption: 

• Most popular

• Also known as Real-time encryption and on-the-fly encryption (OTFE) • Transparent because data is automatically encrypted or decrypted as it is loaded or saved • OTFE default on all Apple iPhones and higher-end Android phones

• Files are accessible immediately after the key is provided- this makes the files just as  accessible as any unencrypted ones  

• No data stored on an encrypted volume can be decrypted without using the correct  password

o Entire file system within volume in encrypted (file names, folder names, file  contents, other meta-data)

Bitlocker:

• Available to anyone who has a machine running specific Windows operating systems

• Uses 3 different ways of unlocking your computer

o Transparent operation mode 

▪ User types in their login/password

▪ More secure than the first  

o User authentication mode 

▪ User must provide a PIN/password BEFORE the computer loads and  

boots into Windows

o USB Key Mode 

▪ User must insert a USB device that contains a startup key into the  

computer to be able to boot, similar to starting a car with your keys

FileVault:

• Similar to Bitlocker

• Only offers one form of unlocking: transparent mode- similar to how OTFE (on-the-fly  encryption) works on smartphones 

Encryption benefits: 

• Swap space (temporary files in your RAM) and temporary files are encrypted o It’s important to encrypt these files because they can reveal important confidential  data

o Full disk encryption prevents the user from having to choose which files are  encrypted and which aren’t

o Allows for immediate data destruction

▪ Simply destroying the cryptographic keys renders the contained data  

useless

Downsides:

• Performance penalty

o Takes more time/power than not encrypting it

▪ No longer an issue with modern systems

o Key management

▪ Need to keep secret key or keyfile somewhere

• If you forget the key you lose everything

o Limited application

▪ Helps only in the scenario where your physical disk gets stolen, it does not  protect against viruses or malware

Encryption Debate:

• Debate between Apple and FBI hasn’t gone away

• Government is pushing legislation that could force companies to put encryption keys in  escrow, which would make data available to authorities armed with a court order 

Overview of discussion

• Investigation of crimes vs. broad data collection 

o Important distinction between what law enforcement does in the investigation  of specific crimes and what intelligence services might do as a matter of bulk  data collection

• Factors leading to a world of pervasive encryption 

o Massive scandal, such as broad legislation by governments increasing  surveillance or a CEO or political figure being victim of an attack due to weak  encryption could lead more people to encrypt their devices  

o Most experts agree that we are heading to an “all encrypted world’ (going dark)  within the next 5-10 years

• Alternative means for law enforcement 

o Full access to unencrypted data would make job easier for law enforcement but there  are alternative means that can be used

o Targeting other parties that are involved in related crimes

o Using metadata to track patterns and relationships

o Use of malware/spyware in exceptional cases

o Academics- we shouldn’t fundamentally alter the principles that were valid for law  enforcement pre-internet just because there’s new methods of intercepting  communications 

• Backdoors 

o Most encryption standards do not have backdoors 

o But law enforcement constantly ask for them to be created and used

▪ Might work in short term but backdoors would allow access from more  than just law enforcement  

• Hackers could gain access too

• Most determined criminals will simply shift to encryption schemes  

that don’t have backdoors to avoid law enforcement  

Electronic voting (e-voting):

• Voting using electronic means to either aid or take care of the chores of casting/counting  votes 

• Can encompass range of internet services from basic data transmission to full-function  online voting

2 types: 

• E-voting that is physically supervised (electronic machines at polling stations) • Remote e-voting- using phone, tablet, or personal computer to vote at home

Paper based electronic voting system

• “document ballot voting system”

• Originated as system where votes are cast and counted by hand 

• Electronic tabulation – systems where paper cards/sheets could be marked by hand but  counted electronically 

o Punch card voting, marksense, digital pen

The “hanging chad” 

• Chad refers to fragments sometimes created when holes are made in a paper, card, or  similar synthetic materials, such as computer punched tape or punched cards • 2000 Pres election – many FL votes used votomatic-style punch card ballots where  incompletely punched holes resulted in partially punched chads

o “hanging chads” – where one or more corners were still attached

o “fat chad” – all corners were still attached but an indentation appears to have been  made

Direct-recording electronic (DRE) voting system:

• voting machine that records votes by means of a ballot display provided with mechanical  or electro-optical components that can be activated by the voter (buttons or touchscreen) • DRE processes voter data and records data in memory components

• After election it produces a tabulation of voting data which is stored in a removable  memory device + has printed copy

• DRE can provide means for transmitting individual ballots or vote totals to a central  location

• These systems use precinct count method

• Count as votes are cast and print results after close of polling 

Public network DRE voting system:

• The internet 

• Vote data may be transmitted as individual ballots as they are cast, periodically as  batches of ballots throughout the election day, or as one batch at the close of voting

Benefits:

• More people will vote if they are able to vote 

o User friendly, more languages, saves time, etc.

• Accessibility: blinded and partially sighted voters 

• Handling votes at long distances can be done much more quickly reliably; can vote from  anywhere in the world

Downsides:

• Hacking

• Cost

• Usability

Guarantee of integrity with verifiability:

• Voters needs to be sure that their vote when to the person they intended • Stories where system thanked voter for voting for a candidate that they didn’t believe  they had voted for

• Security and usability are always issues 

Secrecy:

• Online transactions typically involve some form of receipt so that user can see if  something has gone wrong

• This means that some form of audit trail will be formed

o Can tie your vote to you personally

o Negates a “secret ballot”

o Secrecy is hardest aspect to guarantee in electronic voting system 

Audit trails and auditing:

• fundamental challenge: were votes recorded as cast and tabulated as recorded o non-document ballot voting systems can have a greater burden of proof • often solved with independently auditable system

• system can include ability for voters to verify how their votes were cast/ verify how their  votes were tabulated 

Two ways to audit:

• Voter verified paper audit trail (WPAT)

o Prints a paper ballot that can be visually verified 

o WPAT is form of independent verification most commonly found in US elections • End-to-end auditable voting

o Gives voter a receipt to take home 

o Receipt does not allow voters to prove to others how they voted but does allow  them to verify that their vote was included in the tally, that the vote was valid, and  that it was tabulated correctly

Physical tampering: 

• Inadequately secured hardware can be subject to physical tampering

• Foreign hardware could be inserted into the machine (man in the middle attack)

E-voting around the world:

• Brazil:

o significant portion of country was disenfranchised due to 15% of population being  unable to read/write (1996)

o DRE machine is known as Urna

o Machine displays a list of candidates along with their pictures and numbers  associated with them

o Voters type the number associated with the candidate they want to vote for o Voters receive a printed stub once they have voted

o DRE device has two flash cards that keep a digital record of vote count o Cards are removed at end of election and vote totals are sent electronically; tallied  within several hours

o In order to be secure, 6 months prior to any election people accredited by the  Brazilian superior electoral court were allowed to come in-person and examine  the source code under nondisclosure agreement

o Researchers are only given five hours in which to examine millions of lines of  code  

• Australia:

o To solve problem of malicious code, Australia has made election software open  source

o Software runs on regular PCs running Linux

o Each voter gets barcode that is read by scanner attached to computer

o Once code is scanned, it resets the software to be ready to receive vote o Once ballot is complete, card is swiped a second time to cast that ballot o Barcodes are not connected to personal identity, but allows only one vote per  voter

o Votes are counted electronically, digitally signed, and sent to sever on local  network

o There is also a software keylogger which makes sure that what is typed  actually matches votes recorded – helps prevent fraud

o Faculty at Australian National University on Canberra uses source code  frequently as security auditing exercise for students  

• Estonia 

o Nationwide digital ID card 

o Similar to driver’s license, but has a chip on the card that can be read by a  handheld device

o Communicates with open-sources software and public private key encryption  software

▪ Can be used to sign documents, in financial transactions, public  

transportation tickets, student university admission records

o Estonia government began testing internet-based voting in local elections in 2005 o 2009- began using it for national elections

o downsides:  

▪ have to put faith in the system that its working properly 

▪ after 2011 elections, there were accusations of vote rigging 

Point of sale system

• Cash register

• Majority include a debit/credit card reader

• Signature capture device/customer pin pad device  

Home Depot Hack 

Intro:

• 2014 Home Depot- payment card systems were breached 

• Were still trying to discover the scope/impact of breach

• Offered free credit services to affected customers and apologized for breach

Making money from stolen cards:

• Payment information sold to cyber-criminals

• Sell it online on TOR

• First step in process is selling payment information to brokers

• Information is bought in bulk and sell information to “carders”

“Carders”

• Buy credit card data in bulk→purchase pre-paid credit card with stolen info→use pre-paid  card to buy gift cards→gift cards used to buy actual items→items then sold on  Ebay/Craigslist, etc.

Why does it happen?

• Magnetic credit card data is easy to steal 

o Credit cards use magnetic strips (magstrips)

o Magstrips contain 3 tracks 

▪ Name of owner, card type, expiration date, and card number

o None of the data is encrypted 

Magstrips are being replaced

• “chip-and-pin” cards 

o contain security chip and traditional magstrip

o the chip ensures that card cannot be duplicated as it masks the payment data  uniquely each transaction 

▪ each encryption is unique  

o more secure BUT

▪ cost more to make

▪ payment transactions are slower

Why are they slower? 

• Magstrip transaction just reads the “naked” (unencrypted) credit card info and sends it to  a payment processor

• Information transferred back and forth 1x 

• Chip is fed power and doing the math to encrypt your information

• All the information transferred is transferred back and forth 2x

More Home Depot:

• Hackers could attack a Home Depot vendor and then “tunneled in” from the outside using  their credentials 

• Hackers were able to install memory scraping malware (Once card is swiped and data is  captured its sent to the attacker’s servers) on over 7,500 self-checkout POS terminals • Obtained 56 million credit card/debit cards (bought by carders)/ Obtained 53 million  email addresses (used for phishing)

What do we do?

• Utilize more secure payment methods, such as chip-and-pin cards 

• Practice “network segregation” 

o Businesses are highly networked

o Servers in back of retail stores control

▪ HVAC

▪ Physical security

▪ Inventory

▪ Employee time clocks and payroll

▪ POS

• Ideally business should separate nonessential things from essential  

things (local area networks) 

• Not often used because it costs more

• Manage third party vendor credentials 

o Poor management of third-party vendor credentials was a common fault in the  Home Depot and Target data breaches

o Attackers were able to gain access to a vendor-specific environment and were  able to “pivot” to the corporate networks 

o Third-party vendors should be allowed minimal access needed to perform their  tasks and denied access to internal resources unless required

ATM Skimmers:

• A device placed in or over an ATM to steal card data as the card is being inserted into the  machine 

• Used to be noticeable to trained eye  

• New videos show a new kind of skimmer that’s impossible to detect

o Something is physically inserted into the machine  

The current and ongoing “BART” hack 

• Bay Area Rapid Transit system

• Public transportation system serving San Francisco Bay Area 

• Muni station computer system was hacked leading officials to open fare gates, shut down  ticket kiosks, and give free rides

• Trains were unaffected and payments resumed the next morning

• Ransomeware held the city hostage until it paid the equivalent of $73,000 in Bitcoin • Screen terminals said “you hacked, all data encrypted” and gave Russian email address to  arrange payments

• Attack compromised database servers, email, training, and even payroll systems • Only ¼ of SFMTA’s computers fell victim

o Enough to prompt emergency shutdown

Self-Check

Multiple Choice:

_____1. Triangulation

_____2. Stingray

_____3. Cyberterrorism

_____4. Terrorism

_____5. Smith v. Maryland _____6. Stuxnet

_____7. Simple-unstructured _____8. Advanced-structured _____9. Complex-coordinated _____10. Zero-day flaw

_____11. Encryption

_____12. Client-server

_____13. TOR

_____14. Cryptocat

_____15. Transparent encryption _____16. FileVault

_____17. Dark Web

A. Acts of deliberate large-scale disruption  of computer networks

B. Kerron Andrews wins appeal in case  where Stingray evidence was used to gain a  conviction  

C. Part of your software that can be attacked  and no one knows about

D. Process of encoding messages or  information in such a way that only  authorized parties can read it

E. Group that can conduct basic hacks  against individual systems using tools  created by someone else. Organization  

possesses little target analysis, command  and control, or learning capability

F. Most popular IMSI; these types of  devices and their use have been kept mostly  secret

G. Free software for anonymous  

communicating; directs internet traffic  through a free, worldwide, volunteer  network consisting of more

H. Hidden services that are not accessible  with a regular browser

I. voting machine that records votes by  means of a ballot display provided with  mechanical or electro-optical components  that can be activated by the voter (buttons or  touchscreen)

J. Malicious computer worm believed to be  a jointly built American-Israeli cyber  weapon

_____18.E-Voting _____19. Hanging Chad _____20. DRE voting _____21. Estonia

_____22. Brazil

_____23. Australia _____24. Carders

_____25. BART

K.Immediately attacked with a massive  DDoS that took out the internet for 3 weeks after announcing that they would be moving  a statue

L. Public transportation system that was  hacked and caused officials to open fare  gates, shut down ticket kiosks, and give free  rides

M. Tracking a phone based on the three  towers it connects to simultaneously N. Ability to conduct attacks on multiple  systems or to modify or create basic hacking  tools. Possesses elementary target analysis,  command and control, and learning  capability

O. Open source desktop application intended to allow encrypted online chatting P. Similar to Bitlocker but only offers one form of unlocking: transparent mode Q. Use or threat of use of violence to make  political, religious, or ideological change R. has made election software open source S. Multi-step process allows a comp. and  server that have never communicated before  to establish a cypher that protects all  subsequent communication from both  hackers and the govt.

T. Person that makes money off of stolen  credit card data after numerous steps are  taken

U. Where one or more corners of a punch  ballot card were still attached

V. Data is automatically encrypted or  decrypted as it is loaded or saved

W. Ability to conduct a coordinated attack  capable of causing mass disruption. Can  create sophisticated hacking tools; very  capable in terms of target analysis,  command and control, and organization  learning capability

X. DRE machine is known as Urna Y. Voting using electronic means to either  aid or take care of the chores of  

casting/counting votes

Multiple Choice:

_____1. Which of the following is not one of the four components Thomas Ridd attributed to  cyberterrorism?

A. Crime

B. Infrastructure  

C. Cyber sabotage

D. Espionage

_____2. There are four phases to the TLS Handshake. Which of the following is not one of those  phases?

A. Negotiation phase

B. Server ChangeCipherSpec phase

C. Application phase

D. Synchronization phase  

_____3. Which of the following is not true of PGP?

A. Created by Edward Snowden

B. Makes use of public keys to encrypt messages

C. Often used for signing, encrypting, and decrypting texts, emails, files, directories, and  whole disk partitions 

D. created in 1991

_____4. There are three different ways to unlock your computer using Bitlocker. Which of the  following is one of these ways?

A. Transparent operation mode

B. USB key mode

C. A and B

D. Biometric scan mode

_____5. Which of the following is not a downside to encryption?

A. Takes more time/power

B. Key management

C. Limited application

D. Swap space and temporary files are encrypted

_____6. Which of the following is a benefit of DRE voting?

A. Cost

B. Accessibility

C. Hacking

D. Secrecy

1. B, 2. D, 3. A, 4. C, 5. D, 6. B Multiple Choice:3. R, 24. T, 25. L 16. P, 17. H, 18. Y, 19. U, 20. I, 21. K, 22. X, 2 1. M, 2. F, 3. A, 4. Q, 5. B, 6. J, 7. E, 8. N, 9. W, 10. C, 11. D, 12. S, 13. G, 14. O, 15. V, Matching:

Answers: