Understanding Cyber Security Threats: Hacktivists, Espionage And Cyberwar Essay.

Hacktivists

Cyber security is considered as the application of processes, Controls, And Technologies to protect networks, systems, data, devices, and programs from malicious or cyber-attacks. Thus, the following section is going to highlight the aspects of cyber security by considering three types of hacker threats such as hacktivists espionage and Cyberwar. Incidents for each of the considered hackers’ threats such as the case of Cambridge Analytica, Yahoo cyber attack, and Australia cyber attack will be considered to evaluate its consequences. Along with this, factors that can be effective for preventing the occurrence of cyber attacks will also be underlined in the following sections.

Growing dependency on technologies and technology-based devices leads to the creation of excessive rates of cyber attack, which generate urgency for the incorporation of cyber security. Hacktivists are the type of cyber criminal groups who unite for carrying out cyber-attacks in support of specific political causes. Case of Cambridge Analytica can be considered as a hacktivists threat as President Trump hired Cambridge Analytica, which is known for its political data organisation, during the election campaign in 2016 for illegal and unauthorised activities (Granville, 2018). Cambridge Analytic gained access unauthorisedly about 50 million users on Facebook in order to understand the American voter’s perspective and tried to manipulate their perspectives unethically.

The primary motivation behind the mentioned cyber attack is to transform Facebook data and surveys into messaging weapons for political purposes. Cambridge Analytica tried to manipulate the perspective of American Voters by gaining their personal information in order to make the election results in the favour of President Trump.

The technique for gaining access to confidential Facebook users' data was developed at the Psychometrics Centre at Cambridge University. Russian-American psychology professor, Dr. Aleksandr Kogan built a personalised application and in 2014, Dr, Kogan started to collect confidential data for Cambridge Analytica. Users were being asked to take a personality survey as well as download specific applications from where sensitive information from the users' profiles was scraped. The entire user's personal data were being accessed by utilising legitimate functions within Facebook Systems illegally (Haskell-Dowland, 2021).

Misuse of personal data leads to the short-term and long-term impact for the companies that utilise, store, and collect personal data of users. In the context of short-term impact, skepticism and awareness are heightened by both private users and government agencies for data aggregations and data collection (Clark, 2018). The long-term impact of the mentioned incident was being undertaken in three specific areas such as legislation, litigation, and regulation respectively.

Espionage

After analysing the incident, Facebook Removed the application of Dr. Kogan from its website along with this, Facebook received and demanded certification that all the information was destroyed. In addition to this, Facebook also hired a Digital Forensic company to analyse the accuracy of their claim that the data had been removed completely (Granville, 2018).

Cyber espionage is considered as a specific form of cyber attack that has been carried out against a government entity or competitive company. While the attacker's primary motives are political as well as financial, the cyber attack is being considered as economic espionage. In this regard, the case of the yahoo cyber attack can be considered as an espionage threat. The reason behind this statement is that Yahoo had made a deal of $4.83 billion to sell its core assets to Verizon Communications Inc VZ.N, even after knowing that their data asset could be utilised for political and illegal purposes (Volz, 2017).

It is believed that cyber attack was being carried out by Russia after its field and track athletes were banned from the entire Paralympics and Olympics and it was considered as a state-sponsored cyber attack (Stempel & Finkle, 2017). The primary motivation behind the mentioned incident is found to be associated with both political and financial gain.

Poor and improper security practices are found to be one of the key vulnerabilities that lead to the occurrence of cyber-attacks in Yahoo. Hackers obtained the accessibility to the network of Yahoo with the usage of a phishing scheme. One employee in the network clicked on a malicious link that makes it easier for the hackers to gain easy access to the users in Yahoo portal (Matthews, 2019). In addition to this, some confidential information was being stored in an unencrypted manner that also enhanced the chance for the espionage hackers to gain access to all the confidential information easily.

Improper handling of users' data has led to the occurrence of cyber attacks at the network of Yahoo. In the context of short-term impact, public awareness for data security has been increasing at a large pace. On the other hand, in the context of long-term impact, the incident had a negative impact on organisational brand reputation and future survivability (Perlroth, 2017). The company had violated the U.S federal and state legislation for data security and failed to provide information security for their target audiences that negatively affect upon their popularity.

Cyberwar

Unfortunately, Yahoo was required to pay a fine of $35 million due to failure in disclosing the identified incident. Yahoo failed to provide reassurance to the public that the organisation has appropriately recommended proper cyber security. Rather, the company had witnessed another data breach notice in 2016 and 2017 respectively (Matthews, 2019).

Cyberwar is found to involve activities undertaken by international or nation-state companies to attack and try to damage other nations' information or computer networks through sophisticated computer malware or denial-of-service attack (DDoS). In this regard, the case of the "Australia cyber attack" can be considered as an example of cyberwar as institutions and governments were being targeted by sophisticated state-based cyber attacks (BBC, 2020).

The primary motives of the mentioned incident were to target political organisation, government-industry, essential service, education, and others critical or crucial infrastructure.

Lack of cyber security measures can be considered as one of the key vulnerabilities behind the occurrence of state-based vulnerabilities in Australia (Roy, 2020).

Generation cyberwar or state-based cyber attack is found to enhance the chance of long-term and short-term consequences within the country that has experienced. In the context of the short-term, awareness has been raised among different business intuitions regarding string cyber security practices (Morrison, 2020). In the context of long-term impact, the prolonged persistence or occurrence of cyberwar can negatively affect upon business operations by restricting them to operate synchronously.

 In response to the mentioned cyber-attack incident, Mr. Morrison urged the businesses, specifically health services and infrastructure providers to improve and upgrade their technical defenses to prevent the system from such kind of attack.

Companies in this present era are found to become highly dependent on technology to execute and perform activities. As mentioned by Mawgoud et al., (2019), the growing usage of technology increases the rate of cyber-attacks and it is considered as one of the growing global concerns. In order to prevent the cyber security challenges, factors such as utilising budget version of software, installation of antivirus, incorporation of the data encryption process, and others can be considered. On the other hand, Kilinga (2022) mentioned that employees are required to be up-skilled in terms of transferring confidential information securely to prevent any kind of unauthorised access to organisational networks or assets.

Conclusion

In relation to the above discussion, it can be mentioned that cyber security aims to minimise the risk of security vulnerabilities or cyber-attacks and prevents unauthorised exploitation of technologies, networks, and systems. It is identified that Facebook has undertaken proactive measures after the occurrence of Cambridge Analytic cyber attack issues. Whereas, Yahoo fails to reassure their audiences about the commitment towards cyber security that leads to the occurrence of simultaneous cyber attacks from 2016 to 2017. On the other hand, the discussion has shown that improper cyber security measures are the key reason behind the occurrence of identified cyber security risks. In this regard, the identified factors can be considered to prevent cyber-security challenges efficiently.

References

BBC, (2020). Australia cyber attacks: PM Morrison warns of 'sophisticated' state hack. Retrieved from https://www.bbc.com/news/world-australia-46096768#:~:text=Australia's%20government%20and%20institutions%20are,as%20essential%20services%20and%20businesses.

Clark, M., (2018). Trouble Comes in Threes: Long-term Impacts of the Facebook/Cambridge Analytica Controversy. Retrieved from https://www.insideindianabusiness.com/articles/trouble-comes-in-threes-long-term-impacts-of-the-facebookcambridge-analytica-controversy

Granville, K., (2018). Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens. The New York Times. Retrieved from https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html#:~:text=Facebook%20and%20Cambridge%20Analytica%3A%20What%20You%20Need%20to%20Know%20as%20Fallout%20Widens,-By%20Kevin%20Granville&text=Our%20report%20that%20a%20political,media%20giant%20protects%20user%20information.

Haskell-Dowland, P., (2021). Facebook data breach: what happened and why it’s hard to know if your data was leaked. Retrieved from https://theconversation.com/facebook-data-breach-what-happened-and-why-its-hard-to-know-if-your-data-was-leaked-158417

Kilinga, P., (2022). 10 effective steps for preventing cyberattacks on your business. Retrieved from https://www.itproportal.com/features/10-effective-steps-for-preventing-cyberattacks-on-your-business/

Matthews, K., (2019). IOTW: Multiple Yahoo data breaches across four years result in a $117.5 million settlement. Retrieved from https://www.cshub.com/attacks/articles/incident-of-the-week-multiple-yahoo-data-breaches-across-4-years-result-in-a-1175-million-settlement

Mawgoud, A. A., Taha, M. H. N., Khalifa, N. E. M., & Loey, M. (2019, October). Cyber security risks in MENA region: threats, challenges, and countermeasures. In International Conference on Advanced Intelligent Systems and Informatics (pp. 912-921). Springer, Cham. Retrieved from https://www.researchgate.net/profile/Ahmed-A-Mawgoud/publication/336219647_Cyber_Security_Risks_in_MENA_Region_Threats_Challenges_and_Countermeasures/links/5fb379fe299bf10c3686141a/Cyber-Security-Risks-in-MENA-Region-Threats-Challenges-and-Countermeasures.pdf

Morrison, S., (2020). Australia cyber attacks: PM Scott Morrison warns of 'state-based' government hack. Retrieved from https://www.standard.co.uk/news/world/australia-government-cyber-attack-a4473571.html

Perlroth, N., (2017). All 3 Billion Yahoo Accounts Were Affected by 2013 Attack. The New York Times. Retrieved from https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html

Roy, K., (2020). Decoding Cyberattack on Australia. Retrieved from https://www.idsa.in/idsacomments/decoding-cyberattack-on-australia-kroy-140720

Stempel, J. & Finkle, J. (2017). Yahoo says all three billion accounts were hacked in 2013 data theft. Reuters. Retrieved from https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all[1]three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O

Volz, D., (2017). U.S. authorities charge Russian spies, hackers in huge Yahoo hack. Reuters. Retrieved from https://www.reuters.com/article/us-yahoo-hack-indictments-fsb-idUSKBN16N0CO