Restoring Operations, User Privacy Violation, And Business Continuity Essay.

Steps necessary to restore operations in different scenarios

Students are required to analyse and write a report about the following topics:

1.Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous

2.Using a Web browser, go to www.eff.org. Choose one of the current top concerns of this organization and justify:

1. Why this topic was chosen?
2. How does it relate to information security subject contents?

3.Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.

1. A hacker breaks into the company network and deletes files from a server.
2. A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged, but the fire is contained.
3. A tornado hits a local power station, and the company will be without power for three to five days.
4. Employees go on strike, and the company could be without critical workers for weeks.
5. A disgruntled employee takes a critical server home, sneaking it out after hours.

For each of the scenarios (a–e), describe the steps necessary to restore operations. Indicate whether law enforcement would be involved.

With your team members, please go through each Case and answer the relevant discussion questions

One day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to re-install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day.

1. Do you think this event was caused by an insider or outsider? Explain your answer.
2. Other than installing virus and worm control software, what can SLS do to prepare for the next incident?
3. Do you think this attack was the result of a virus or a worm? Explain your answer.

Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter. “Hi, Peter,” Charlie said into the receiver. “Want me to start the file cracker on your spreadsheet?” “No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase.

But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for kinds of information, but I’m worried about forgetting a passphrase again, or evenworse, that someone else forgets a passphrase or leaves the company. How would we gettheir files back?” “We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.” “OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”

1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase? Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter’s encryption key. Suppose that Charlie had this done without policy authority and without anyone’s knowledge, including Peter’s.
3. Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal? Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy.
4. Is such a “little white lie” an ethical action on Charlie’s part?

Charlie looked across his desk at Kelvin, who was absorbed in the sheaf of handwritten notes from the meeting. Charlie had asked Kelvin to come to his office and discuss the change control meeting from earlier that day. “So what do you think?” Charlie asked. “I think I was blindsided by a bus!” Kelvin replied. “I thought I had considered all the possible effects of the change in my project plan. I tried to explain this, but everyone acted as if I had threatened their lives.” “In a way you did, or rather you threatened their jobs,” Charlie stated. “Some people believe that change is the enemy.”

“But these changes are important.” “I agree,” Charlie said. “But successful change usually occurs in small steps. What’s your top priority?” “All the items on this list are top priorities,” Kelvin said. “I haven’t even gotten to the second tier.” “So what should you do to accomplish these top priorities?” Charlie asked. “I guess I should reprioritize within my top tier, but what then?” “The next step is to build support before the meeting, not during it,” Charlie said, smiling. “Never go into a meeting where you haven’t done your homework, especially when other people in the meeting can reduce your chance of success.”

1. What project management tasks should Kelvin perform before his next meeting?
2. What change management tasks should Kelvin perform before his next meeting, and how do these tasks fit within the project management process?
3. Had you been in Kelvin’s place, what would you have done differently to prepare for this meeting?

Has Kelvin committed an ethical lapse?

Steps necessary to restore operations in different scenarios

Kevin Mitnick is an American security (computer) expert and consultant, as well as an author and a hacker. Kevin is famous for his 1995 arrest and subsequent controversial imprisonment for five years for various communications and computer related charges. As a teenager, Mitnick employed the skills of dumpster diving and social engineering to bypass the Los Angeles bus system card punching system by using non utilized transfer slips he got from a dumpster adjacent to the bus park. Having succeeded at this, he used social engineering later in life as his preferred method for obtaining information, including for modem hone numbers and passwords and user names. At age 16, he gained unauthorized access to a network when he got a phone number form a friend for the DEC (Digital Equipment Corporation). Mitnick broke into DEC computer networks and managed to copy the company's software, a crime for which he was arrested and subsequently charged and convicted for in 1988 by imprisonment for 12 months. He was further sentenced to three years of supervised release but managed to hack the voice mail computers of Pacific Bell (Shimomura & Markoff 1996). He fled after an arrest warrant was issued against him, becoming a fugitive for almost three years. Records show that he managed to gain unauthorized access to several computer networks while he was a fugitive; he could used cloned mobile phones to conceal his whereabouts while engaging in digital mischief, including copying valuable proprietary software from the largest computer and telephone corporations in America.

He stole, after managing to intercept, computer passwords and was able to break into private mails (e-mail) and also alter computer networks. After a high profile pursuit by the FBI, he was arrested in 1995 15^th February in North Carolina for charges including wire and computer fraud and was arrested with cloned codes and mobile phones and several pieces of fake identification documents. He was indicted on 14 charges of wire fraud, intercepting electronic/ wire communications, 8 counts of possessing unauthorized devices, accessing a Federal/ Government Computer without authorization, and damaging computers. He pleaded guilty as charged to four counts of electronic fraud, one count of intercepting a wire communication illegally, and two computer fraud counts; these were part of his plea agreement and was sentenced cumulatively to 68 months in prison. In all, Mitnick served a five year jail term and was held in solitary internment apparently after authorities convinced the judge that Mitnick had the capability to instigate a nuclear war just by accessing a mobile phone and whistling into it (Greenberg, 2014). He is thus infamous for serious hacking activity, in the age before the internet and modern communications devices

User privacy violation through cookie tracking

a. The chosen topic is Apple does right by users and advertisers are displeased

This topic has been chosen because advertisers have for many years abused the freedom of the internet by developing their ‘economic’ model in which the privacy of users is violated by having their browsing activity tracked and monitored for the purposes of sending adverts, without the consent or agreement of the Internet users. Many internet sites include stealthy scripts that track, collect, and share your browsing data with third parties. The domains set cookies on web sites a user visits and this enables these sites to recognize the user from previous web visits, although without tracking other site visits (Jegatheesan 2013). However, other third party domains apart from those a user visits also sets cookies and circumvent the original purpose and design of cookies. The third party domains then track all the sites a user visits, without their knowledge even where its trackers are not loaded. Websites then use these third party cookies for tracking and undertake analysis and data brokerage, aggregating individual profiles that are then fed into real time auction processes. Companies then bid to have the right to send the user, based on their aggregated browsing information, advertisements whenever they visit a site.

This is an important privacy issue; a topic on information security issue because it violates the privacy of internet users when the internet is supposed to be free. Cookies are like a surveillance tool; tracking user information and activity while browsing and collecting and aggregating their online behavior and selling these off, through auctions, to advertisers. The user does not benefit in any way; yet their activity is tracked without their consent and used for commercial purposes. Hackers can get their hands on this information and use them for malicious attacks, social engineering attacks, or theft of information and data, and hence should be considered as a serious security issue. It breaches user privacy and exposes them to further risks, without even giving the user the chance to decide whether they can allow their activity to be tracked and how this information abut them is used and by whom (Barker, 2014).

a  A hacker breaking into the network of a company and deleting data is a serious disaster as crucial information is lost; in this case, the company should have in place a business process continuity contingency, such as having virtual real time cloud back ups of their data.

Mitnick's hacking activity and computer ethics

b When there is a fire breakout and fire sprinklers automatically come on with some computers being damaged and the fire is contained, this is an incident. Business process continuity plans should still come into play; such as by having RAID architectures on the computers so that even if one or a few are physically damaged, the data contained in them is mirrored to other computers/ virtual computers and ensures business process continuity (Radvanovsky & Brodsky 2016)

c A tornado hitting the local power station is an incident and business continuity can be attained by having virtual backups running or using emergency power supplies, such as UPS or standby generators for business processes to continue

d When employees are on strike, this is an incident and even if they are without critical workers for weeks, some activities can be automated or outsourced to other firms, such as call centers as the issue with employees is tackled

A disgruntled employee sneaking out a critical server after hours is a disaster because not only is data lost, but crucial information could be leaked. Continuity can be ensured if the company’s ICT security staff had envisaged such issues and had backups for all servers, through virtual and cloud backups and RAID architectures for servers do there is a mirror copy of the server to enable business continuity (Radvanovsky & Brodsky 2016)

1. While the attack could have come from outside the company’s network, such as through malware (virus, worm, Trojan), the real cause is most likely to have come from the inside. Insider threats are the biggest threats to IT security; through human actions or omission and/ or commission either through deliberate or accidental acts. The biggest cyber threats come from within the company; fr instance, a malware may have been sent embedded into mail, or a link in the mail that a user inadvertently clicked and enabled the malware to self replicate, wiping out data from SLS computers. Or an employee used an external device that was infected, thereby infecting the entire company’s systems with an anti virus and causing the loss of data (Jouini, Rabai & Aissa 2014)
2. Anti virus and worm control software should be part of an integrated security system; SLS should have its networks compartmentalized and isolated such that crucial crucial resources remain isolated and encrypted. SLS should start by implementing a strong firewall (physical and software) that is regularly updated. Importantly, the company should engage in a company wide sensitization program  and educate employees on what kinds of files never to open (McCoogan 2017). This should be augmented using strong internal security policies, including strong authentication and passwords and restricting access to certain resources by unauthorized employees. Further, SLS should implementing an off-site cloud backup of its systems with virtual backups so that files can be restored in the event a serious attack incident occurs (Kharraz, Robertson, Balzarotti, Bilge & Kirda 2015)
3. The attack was likely the result of a worms; this is because worms exploit network security holes and spread rapidly through the network, installing themselves on computers and causing havoc, including deleting files, rendering computers unusable,  or encrypting files such that they cannot be accessed. Because SLS lost its data and re-installation was being done on the computers, It means the attack spread too fast within the network and caused damage; the difference is in how they spread; worms spread through network s very rapidly but cause similar damages as viruses can, including file deletion (Wong & Zhu 2016).

1. Charlie was lying about the time it would require to recover an encryption key using brute force attacks because depending on the encryption; a 256 bit AES encryption will require 2 ¹²⁸times attempts to crack the key since the 256 bit AES encryption has 2 ²⁵⁶different combinations; even to crack it would require very powerful GPU’s and not even CPU’s
2. Apart from PKI’s the best way to ensure the keys are managed properly in the first place; for instance, the data can be restored and recovered at a point in time before it was encrypted. However, in the event the recovery keys are lost, a data recovery agent can be used because when files are encrypted, the recovery keys for the data agent are also added to the files that have been encrypted, as an automated process. The recovery agent becomes the local administrator account if the computer is not on a domain. Using operating systems such as Windows 2000 and above that contains the Cipher.exe tool’; the tool can be used to decrypt, encrypt, and extract encrypted files information (Posey, 2017).
3. Given that they are in an organization and have various access limitations; undertaking this without informing Peter or getting policy authority, then this would be illegal and a violation; this should only be done as part of company policy as with those key logs, the access codes can be stoled; using spy ware, for instance, and have the data stolen or its access blocked by a malicious attacker, again rendering the files fully inaccessible.
4. The little white lie is not unethical; this is because insider threats are the biggest hindrance to cyber security; if Peter knows that his activities are being tracked using a key logger, then he might become more cautious and use other stealthy methods to perpetrate malicious attacks. However, without this knowledge, Peter would not know he is being tracked and this would enable the company prevent, or track user activity in the event of an insider breach.

1. kelvin should create a list of stakeholders and a stakeholder sheet, detailing all the stakeholders, their positions, level of interest, and how they can influence the project as well as the communication plan for interacting with them.
2. Change management tasks should entail preparing the people the change will affect, including getting their opinions before hand and asking for the best way forward. Kelvin should also explain what the change is, what benefits it will bring, and how it will affect the employees and prepare them psychologically for any adverse effects
3. I would have know who the stakeholders are and known how they would impact the project, and contacted them before hand (before the meeting) giving them prior information on the coming changes and calling them to the meeting; this way, resistance would reduce as the people would already have an expectation
4. yes, kelvin has an ethical lapse by creating the wrong impression and expectations for the losses and costs of implementing the controls.
5. In this case as well, Kelvin has an ethical lapse because he is trying to influence the outcome for the supplier using psychological conditioning such that his friend’s company gets a mathematically higher chance for supplying the software, rather  than having the best company supply it. He is canvassing for the friend using insider knowledge (Stamatellos, 2008)

References

Barker, D. (2014). Is the Cookie Law Being Enforced in the UK? - Dan Barker. [online] Dan Barker. Available at: https://barker.co.uk/cookielaw [Accessed 22 Sep. 2017].

Greenberg, A. (2017). Kevin Mitnick, Once the World’s Most Wanted Hacker, Is Now Selling Zero-Day Exploits. [online] WIRED. Available at: https://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits/ [Accessed 22 Sep. 2017].

Jegatheesan, M. (2013). Cookies – Invading Our Privacy for Marketing, Advertising and Security Issues. Security, Privacy, and Usability. https://arxiv.org/pdf/1305.2306.pdf

Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of Security Threats in Information Systems. Procedia Computer Science. 32, 489-496.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks.

McGoogan, C. (2017). How to protect yourself from ransomware. [online] The Telegraph. Available at: https://www.telegraph.co.uk/technology/0/protect-ransomware/ [Accessed 22 Sep. 2017].

Posey, B. (2017). Techniques for performing EFS recovery. [online] Tech Target. Available at: https://searchdatabackup.techtarget.com/tip/Techniques-for-performing-EFS-recovery [Accessed 22 Sep. 2017].

Radvanovsky, R., & Brodsky, J. (2016). Handbook of SCADA/control systems security. Boca Raton, CRC Press, Taylor & Francis Group.

Shimomura, T., & Markoff, J. (1996). Take-down: The pursuit and capture of Kevin Mitnick, America's most wanted computer outlaw--by the man who did it. New York: Hyperion.

Stamatellos, G. (2008). Computer ethics: a global perspective. Sudbury, Mass, Jones and Bartlett.

Wong, W. Eric, & Zhu, Tingshao. (2016). Computer Engineering and Networking Proceedings of the 2013 International Conference on Computer Engineering and Network. Springer Verlag