Regardless of Computer or Network Security - Assignment Example

? Hacker Culture and Cyber Security Issues Introduction Hacker culture is the composition of human manifestation and experiences that are related to the exploitation of software and hardware. It has existed for many years and has constant influence in various societies across the world. Following the advancing computer knowledge in the current world, hacker culture is increasingly making its way to people’s lives. There are three types of hackers which include the black hat hacker, white hat hacker and the grey hat hacker. The three types of hackers have different intentions and motivations in their activities across the internet. Black hat hackers are the most daring because they use their knowledge to obtain information and data for their own personal gains or with the intention of disrupting network systems. These are the hackers that have given hacker culture a bad reputation in America because they have been involved in activities of getting military secrets and accessing banks secret information. On the other hand, white hat hackers use their knowledge and skills to develop computer securities while grey hat hackers are mainly motivated by money. In this new era of digital, cyber crime is the most imperative type of crime that worries many people around the world. Government agencies, financial institutions, businesses and other entities that store their data and information in digitals should be aware of possible breaches of security in their data. This is because very sensitive data such as financial accounts and social security can be accessed and manipulated by other people with wrong intentions. These people commonly referred as hackers use their outstanding knowledge to find out weaknesses in computer networks. Multitude of reasons such as challenge, profit and protest is what motivates them to cracking into other people’s computer system to get information. This paper work explores on hacker culture and general incidences of cyber security issues. It also addresses methods of organizations to discourage cyber crime attacks. General incidents of cybercrime Since the world has developed one link to computer systems and World Wide Web, it has been highly exposed to greater threats from malicious hackers. In addition, the advancing technology has increased international treaty of crimes committed through computer networks and internets (Fideral Bereau of Investigation, 2010). Some of the crimes that take place in the internet are computer related fraud, violation of internet security, child pornography and information hacking. Although many people do not know much about hackers, they are aware of the cruel damage they can accomplish in computer networks. This is because they have the capability of circumventing security to get into the unauthorized systems. Today’s cyber world has been facilitated by different hacker cultures which are made of both good and bad hackers. Accessing information and data from network systems and selling in the black market has become a way of life for many hackers in the nation. They have reshaped their own place in the current technological societies by robotic lifestyle (Seltzer Law, 2012). Hacker culture, which was considered as part of underground activity, is now part of the modern societies that consist of very educated criminals. This is because nowadays due to growth of technology at an alarming rate, societies are getting accustomed to hackers’ threats. This has created security concerns for businesses, public institutions and individuals across the world. Although the government is making positive steps to deter cyber crimes, it is unable to keep the pace of groups and individual hackers (Federal Bureau of Investigation, 2011). The pledge of computer system hacking was first developed by students from Massachusetts Institute of Technology (MIT) in 1800s. They created a blueprint that facilitated their skills to break through telephone companies. These skills were then developed and allowed the students to break into the internet that was originally called Arpanet. Their innovation had the capability of haunting internet services and federal governments systems (Fideral Bereau of Investigation, 2011). The definition of hacking took root in the world when imaginative criminal offenders used their knowledge to break into internet systems with the intention of manipulating and stealing digital information for their own benefits. This started in 1970s when there was a rise in phone hacking where individuals were breaking through telephone systems in United States and United Kingdom so as to have free calls connections. This skill was first discovered by John Draper who manipulated telephone systems using 2600 hertz tones to connect to free services. Having a whistle out of a blue box, he was able to access long distance telephone services freely (Elias, 2012). Soon after telephone hacking era, hackers started targeting computer systems. This is because computers not only give hackers information and data that they need but allows delivery of the same information from one place to the other. Hackers can now access internet networks using different devices that are able to circumvent meager securities. This has resulted into a large amount of internet fraud costing millions of dollars across the world. Breaking through computer systems has been facilitated by Bulletin Board System (BBS) that has been designed to allow hackers to exchange information and communicate to each other in reference to penetrate various systems using nasty source codes (Seltzer Law, 2012). This has caused a serious problem to the sensitive information and data for the federal governments and billions of people around the world. Since Bulletin Board System (BBS) is related to social sites such as chat rooms and discussion for the boards in the universities, its appearance in the internet has breaded grounds for a group of hackers such as Legion of Doom. This is a group that emerged in 1980s and acted like a springboard of organizing groups and developing a power base that would motivate hackers in United States. This is one of the worst notorious groups of hackers in America because it is engaged in hacking cyber systems across the country for their own benefits. Hacking rates has gone high in various countries such as America and UK because the groups of hackers are able to access computer systems and exchange information with ease. It has, therefore, become a popular activity in the internet across the world. Hacking has become a serious issue in America and the congress has reacted by enacting computer fraud and abuse act which termed hacking as an illegal and illegitimate activity. The creation of this act to combat hacking threats has succeeded on addressing high profile cases of computer hacking in the nation (Seltzer Law, 2012). The law was used to convict Morris worm and Mitnick for involving themselves in cyber crimes. Kevin Mitnick is well known nationwide as a typical stereotype hacker. He has a strong background of hacking prior to various offences that made him attain national attention. Mitnick began his small hacking projects of circumventing the transit systems in Los Angeles so as use bases free. He enjoyed free rides by exploiting buses card systems. In addition, he was also convicted and changed for hacking into Digital Equipment Corporation’s computer network and stealing software illegally (Federal Bureau of Investigation, 2011). Although hacker culture has been highly dominated by male, after the shift of the industrial revolution, female operators emerged. They were introduced to the possibilities of hacking activities when computer systems sparked interest in America. One of the well known woman hacker in the nation is Susan Thunder. She was a dynamic hacker since she was well educated in social engineering. This gave her better skills and knowledge to access security systems in United States. In addition, she was also able to show flaws in the nation’s military security systems (Elias, 2012). Within hacker culture, there are two subcultures, which are basically individuals educated from institutions and those that are self educated. Academic hackers are professionals and students with vast technical skills about computer systems. Self educated hackers are individuals who have been intrigued by computer technology. In addition, there are also computer terrorists and criminals who pose a very high cyber risks across the globe. This is because their main role is to gather critical information from the technology infrastructure systems that motivate their ability to recruit their talents (Federal Bureau of Investigation, 2011). Computer terrorists are motivated by various factors such as alteration of unauthorized data, blackmail, financial gain, destruction of information and revenge. Their ability to access information from their targeted source is enhanced by hackers with great skills of breaking through network systems (Federal Bureau of Investigation, 2010). In case of successful cyber attacks from computer criminals, political statement of financial reward is offered by the affected organization. Criminals associated with cyber attacks are also involved in organizing crimes of siphoning electronic funds from financial transaction networks. To enhance their goals, terrorists and criminals mainly acknowledge their attack plans in order to allow information security personnel quicken their search for the vulnerability that has been exploited. This weakens their effectiveness ease their cyber criminals’ goals of acquiring the funds. Additionally, they are also able to identify organizations and individuals that should be targeted for law enforcement (Seltzer Law, 2012). Methods of preventing hackers Discover-and-scan tests The first step in preventing attacks is by performing discover-and-scan tests (Brown, 2011). These tests are used to identify the various entry points from the internet into the internal network. It is important for an organization to know all the entry points within their network instead of assuming where the points are. Large firms that have recently merged or taken over by other organization or firms that have in one way or another gained system outside their control, they cannot claim to be aware of all entry points within their network. Having a firewall in such cases is not enough as it functions merely as the network’s door. There are many entry points and holes that an organization might not be aware of. These unknown points are the main targets for hackers as they present the weakest security point in the network. It is not an easy task and requires skilled attack-and-penetration specialists to discover successfully the weak points (Brown, 2011). Attack-and-penetration tests The second step is to conduct attack-and-penetration tests (Brown, 2011). These tests are aimed at highlighting vulnerable aspects and points in the network accessible from an internal and external perspective. These tests are also used to assess the extent to which an organization is able to stop external sources attacks. Conducting this assessment enables the organization to correct and patch any holes that could enable hackers to gain access into the organization’s network. In addition, according to surveys, hacking is also possible from an insider’s perspective. Attack-and-penetration tests should hence be conducted from the inside as much as from the external if the organizations true vulnerability is to be detected (Brown, 2011). User awareness campaigns Users should be educated on the drawbacks of security breaches and ways in which they can minimize these risks through good security practices in their everyday operations. A quick way of determining user’s security awareness is through social engineering. Users are tricked to reveal security codes, information or asked to run certain software by hackers. Many attackers use social engineering as they rely on people’s eagerness to help (Beaver, 2010). Through this test, the organization can identify weak links among their employees due to lack of awareness with computer security. Results from the social engineering will be used to determine the kind of training and education to be offered to the users. Social awareness is a security element often ignored leading to an organization’s vulnerability. Regardless of all securities that an organization may apply, it cannot protect them from a user giving out security information or company secrets including passwords of important systems. Users need to be made aware of certain factors in connection with the network and protection (Jahankhani Revett & Palmer-Brown, 2008). Configure firewalls An organization should configure firewalls correctly and review them independently. Having an incorrectly configured firewall is a leeway for intruders. Only traffic considered important for the business should be let through the firewall. Any open port acts as an open door to a hacker. As a start, all ports should be closed while opening those ports more critical to the business than the risk presented. Organizations are different meaning they will use different kinds of firewalls. As a result, each firewall will require different rule-set configurations. However, there are general guidelines that can be applied regardless of the firewall used. All post should never be opened to any destination or source. The organization should also ensure that the stealth rule in correctly placed within the rule set (Cole, 2002). Firewalls are more than just a router; they have monitoring and logging capabilities that are more important than routing functions. Traffic from a valid port to a valid destination can be an attack, which can be detected by analyzing the nature and composition of the traffic. Penetration tests done on the firewall can be used to assess the vulnerability of the firewall and the rule set (Cole, 2002). Implementing strong passwords Many organizations rely on passwords and user names as part of their authentification mechanism, if not the only one. Analyses and surveys however have revealed that passwords as a form of authentification are weak. “Strong passwords” are easily forgotten or people end up writing them down hence making it easy for hackers to access. Easy passwords on the other hand though easy to remember, they are weak as they are easily guessable, a situation most organization find themselves in (Beaver, 2010). The solution to this is a two-factor authentification mechanism using something physical together with passwords. Storing biometric information for example, on a smartcard and using it with a password. However, two-factor authentification is expensive and takes time to install. In the meantime, an organization should aim to strike a balance between the strong and easy to remember passwords. Leading practice uses seven character passwords that are relatively easy to remember. In addition, these passwords should be revised every 60 days. This way they are not changed too frequently and in a predictable manner for example changing the last digit on the password. While deciding on a suitable password, it should comprise of numeric and alpha characters to increase possible password combinations (Brown, 2011). Remove all comments from the source code Comments made while writing the source code provide insight into the application’s design. They provide insight into database design, network, supporting systems and its shortcomings. Comments sometimes contain codenames, passwords or usernames. Removing the comments eliminates the thoughts on or details on the code thus safe from attackers. Codes that are seemingly inaccessible to attackers should also be removed. An attacker can use many techniques and exploits to view the source code hence the need to eliminate the comments (Cole, 2002). Remove all default Most example, test or default pages are associated with some kind of vulnerability and can completely compromise the web server and ultimately the entire network. The default, test or example pages allow an attacker to extract password files from the serve in clear text. This way, he or she is able to go around all the security measures already in place. Other exploits include creating buffer overflows enabling the attacker to give out commands to the server as a user with access, thus circumventing the security control measures. Even if the example, test or default pages have no real vulnerability attached to them, which is rarely the case, they give an idea into the system’s design hence giving insight into vulnerabilities in relation to the specific design (Beaver, 2010). Install antivirus software In addition to intrusion detection systems, antivirus software’s should be installed and updated regularly. Every day, hackers are discovering new vulnerabilities with different systems and in turn designing viruses and Trojans to invade these systems. It is therefore preferable that both the anti-virus software and intrusion detection systems are updated on a daily basis. Most computer analysts consider the detection systems only as good as when they were last updated. Up-to-date antivirus software helps to identify the latest virus thus protecting the organizations from hackers (Brown, 2011). Physical security Regardless of computer or network security measures taken by the organization, any hack is made possible if the attacker is inside the building. This is why physical security is important. The type of physical measures taken depends on the number of employees, size of building, number and location of building exit and entrance points and placements of confidential or data centers (Beaver, 2010). Possible security vulnerabilities exist and hackers are always on the lookout. They include lack of a receptionist within a building, no visitor sign-in or required escort to access the building, lack of door’s access controls, and doors propped open. Following the security vulnerabilities in existence, unauthorized people can access the building. Once inside the building, these intruders can log onto computers, wander through the hallways, go through the trash or steal hard-copy documents including flash, CD-ROMS o laptops and walk out of the office with them (Beaver, 2010). The first step is to identify any physical security vulnerabilities. Windows, walls and doors are critical and should be considered. The computer room should have strong doors, locks and windowless walls. The computer rooms should also have a single exit and entry point. It should also have an alarm system, continuously monitored with network-based cameras placed in all access points. Lighting for the office is also important particularly in the entry and exit points. Sally ports and mantraps allowing one person to pass at a time through the door should also be included in the building. Other measures to be taken include placing a receptionist at the entrance to monitor everyone that walks in and out of the building (Beaver, 2010). Conclusion Revenge, need for money, the need to exhibit their capabilities and criminal motives are some of the driving forces behind most hackers actions. The internet has further made it easy for hackers to go beyond borders with Chinese hackers gaining access to American government or security information. Organizations whether private or public have a lot to lose when confidential information is accessed by unauthorized personnel top on the list being raised insecurity. It is for this reasons that suitable measures should be taken to guard against hacking both internally and externally. References Beaver, K. (2010). Hacking for dummies. Hoboken, NJ: Wiley Pub. Brown, B. C. (2011). How to stop e-mail spam, spyware, malware, computer viruses, and hackers from ruining your computer or network: The complete guide for your home and work. Ocala, Fla: Atlantic Pub. Group. Cole, E. (2002). Hackers beware. Indianapolis, Ind: New Riders. Elias, P. ( 2012 , July 10). Anonymous Hackers Targeted By FBI, Homeland Security For Potential National Security Threat . Retrieved July 10, 2012, from http://www.huffingtonpost.com/2011/09/11/anonymous-hackers-fbi_n_957438.html Federal Bureau of Investigation . (2011, April 12). Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Retrieved July 10, 2012, from http://www.fbi.gov/news/testimony/cybersecurity-responding-to-the-threat-of-cyber-crime-and-terrorism/ Fideral Bereau of Investigation . (2011). What We Investigate on Cyber Crime . Retrieved July 10, 2012, from http://www.fbi.gov/about-us/investigate/cyber/cyber/ Jahankhani, H., Revett, K., & Palmer-Brown, D. (2008). Global e-security: 4th International Conference, ICGeS 2008, London, UK, June 23-25, 2008 proceedings. Berlin: Springer. Seltzer Law. ( 2012, July 4). Florida Cyber Crime News: Lessons from Utah’s Massive Data Breach. Retrieved July 10, 2012, from http://www.cybercrimelawyerblog.com/cyber_crime/ Read More