Cybersecurity and Computer Crimes

From Technologies and Politics of Control
Jump to navigation Jump to search

Syllabus


March 31

Last week we looked at hacking as a form of social protest. This week, we take a closer look at the more sinister side of hacking, and the various responses to it. Hacking at its heart involves modifying or intruding upon another’s system. But not all intrusion is socially harmful, and writing laws against hacking have a troubling (and at times, tragic) history of being misused. How big a threat is hacking, really? How should systems respond to hacking? What, if anything, should be the role of government? In what ways can we govern those who don’t consider code to be a governing influence?

Assignment 3

Assignment 3 is due before class today. You can upload that here.


Readings

Cybersecurity
Computer Crimes
Case studies

Optional Readings



Videos Watched in Class

Links

Class Discussion

Please remember to sign your postings by adding four tildes (~~~~) to the end of your contribution. This will automatically add your username and the date/time of your post, like so: Andy 10:28, 17 December 2013 (EST)

There are several types of hacking, including for example reputation hijacking, hacking account or financial credentials and bot activity. This is something that affects private citizens as well as large companies and governments. In the article ”Sony Playstation suffers massive data breach”, that deals with a hacker attack against Sony in 2011, Braker and Finkle write ”In the rush to get out innovative new products, security can sometimes take a back seat.”. The interesting question here is if it will continue the same way, or if consumers will put more pressure on companies to care about security.

The article ”Hackers promise ”Christmas present” Sony Pictures won´t like” deals with other hacker attacks on Sony and the quote ”The sooner SPE accept our demands, the better, of course…The farther time goes by, the worse state SPE will be put into and we will have Sony go bankrupt in the end.” shows what power the hackers can have in the computer based society of today. Hacking can be used to blackmail people, companies and governments.

Operation payback was a group of attacks on opponents of Internet privacy by the decentralized community ”Anonymous”. It all begun with the crisis on Wikileaks, when they were under pressure after publishing secret US. diplomatic cables. Anonymous was on the side of Wikileaks and there it begun. What made me really angry was when I read that Anonymous threatened to disrupt British government websites because the group opposed the possible act of handing over Julian Assange (who is often called the founder of Wikileaks) to Sweden. This is upsetting in at least three ways.

Firstly, it would have been an act that would´ve denied the British citizens information that they by law have the right to access.

Secondly, it is to indirect aggravate a lawsuit since the reason for why the Swedish court system wanted Assange to be extradited was that there had been a subpoena about rape directed towards Assange. To make it difficult for the court system to plead someone guilty or not guilty is a very serious thing to do.

Thirdly, it is illegal and there are other ways of changing laws and systems. The laws are made by the government and the government is chosen by the citizens. To believe that you are above the laws is also to believe that you are above other citizens. Laws are there for a reason and if you don´t like it, you can either vote differently or try to change the opinion in ways that don´t hurt others.

Anonymous acted this way because they believe that information should be free and open for everyone to see. It is therefore very weird and contradictory that they protest through doing exactly what they are protesting against, i.e. limiting and blocking information.

As a conclusion to my thoughts, I want to say that I believe that Internet terror is the future military threat against most countries. It might be on the Internet that our future wars will be held. Consequently, we can´t dismiss crimes on the Internet as ”something that is just on the Internet and not in the real world”, but instead look at the Internet as a natural part of our society. JosefinS (talk) 07:51, 25 March 2015 (EDT)


The first thing that comes to mind about cyber security and computer crimes are the financial errors in stock markets. As a stock trader, I get rather fearful when potential security issues happen. I’m not sure if they count as security issues, or… issues with their algorithms or partially hacking. Those would result in crashes. The second thing that comes to mind are those “reputation hijacking” (ref 1) on social networks. A family member of mine had this happened to her. She was using the application Line, and somehow pressed a bad link which asked for her logins. That wasn’t a smart move, but for a novice internet user, they would likely follow those instructions assuming it is legitimate. The end result was a long process of letting her friends know it was a hack, and to secure potential credit card information, etc. Therefore I really liked reference 1 which shows all the potential hacks others could do to a PC. I would suspect I had personally experienced a few of them.

Reference 2, 3, and 4 becomes very exciting to see the power of hackers obtaining information of normal citizens. Are we really safe by providing our information to corporations online? 77 million user accounts hacked, that is quite something. Not only is privacy an issue here, it also questions if authorities have what it takes to prevent these issues from happening. Sony not announcing it till Tuesday was, in my opinion, also a breach of it’s customers’ trust. It does raise a fair point of how the hackers will use the information that was illegally obtained. Will there be an outlet for the hackers to use it? Are these hacks individual, or are they political? It appears that hackers are yielding too much power. I still hold by my beliefs that “winners” take all. The winners get everything. Once a hacker cracks a code; that’s it, they can decrypt everything and obtain everything. Of course, as the US claims, it was hackers from Korea, most likely due to the release of The Interview. Personally I think it isn’t as bad as Team America that was released 10 years ago.

As I mentioned for last weeks readings, Anonymous has a lot of power. Not exactly sure if it is a good thing or a bad thing. But we should also consider if what they’re doing is just or not. Is it just to give “justice” to the ones they think deem it? Are they above the law? I’m not sure. As Operation Payback and Project Chanology has showed us. Were they really being just for doing what they did? Were they off base? I think the founder of Scientology website does have a point…

Heldal-Lund commented, "People should be able to have easy access to both sides and make up their own opinions. Freedom of speech means we need to allow all to speak - including those we strongly disagree with. I am of the opinion that the Church of Scientology is a criminal organisation and a cult which is designed by its delusional founder to abuse people. I am still committed to fight for their right to speak their opinion."

So it is therefore unconstitutional for what Anonymous did. This also led me to think about Edward Snowden. Was he really doing good for society, or was he doing it for fame, and his own ideals of justice? What constitutes as constitutional? This argument was shared by the United Kingdom Intellectual Property Office too, as they had said the below after Operation Payback.

“The United Kingdom Intellectual Property Office said that when its site was attacked, those responsible were depriving its citizens of access to information they have a democratic right to access. Other critics claimed the attacks restricted Gene Simmons' right to free speech.”

Anonymous is not pro-democracy. They want to dictate what is right or wrong in their own hands. If they did things that reflected what people really believed in, then I believe they have done things “just”-ly. But to deprive people of their basic right to speech and beliefs; I’m not so sure. Was it a troll taken too far?

There have been increasing amounts of threats that we face, such as “Destroy Obama Care”. Also forbes gives a whole list of the top 20 data breaches. They are increasing in numbers, and it seems like corporations don’t know what to do. Just as technology has enhanced their reach, they would also be required to invest in technological defense against these potential hackers. It also feels that law really lags behind technology a lot. Technology advances so quickly that law requires time to pass. The amendments to the CFAA, which occurred many times. I believe there needs to be a better way to enforce new laws at the same pace as technological advancement, otherwise law would always be a step behind.


References:

http://krebsonsecurity.com/wp-content/uploads/2012/10/HackedPC2012.png

http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426

http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/

http://arstechnica.com/security/2014/12/us-government-fingers-north-korea-as-the-sony-hackers/

https://en.wikipedia.org/wiki/Project_Chanology

https://en.wikipedia.org/wiki/Operation_Payback

http://www.csmonitor.com/Technology/2013/1113/Hacking-tool-threatens-Healthcare.gov-site

http://www.forbes.com/sites/moneybuilder/2015/01/13/the-big-data-breaches-of-2014/

http://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf

Caelum (talk) 17:32, 28 March 2015 (EDT)

A New Species of Crime – A New Species of Enforcement?


The 1986 Congress’ well meaning but clumsy efforts to address the world of computer crimes with the Computer Fraud and Abuse Act (CFAA)—and its eight subsequent amendments in a span of 10 years (pg 2. http://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf) is a dismal picture of what happens when Ignorance marries Power. Or perhaps it was simply inevitable that the speed of Internet technology and hacking techniques would outdash the pace of the lugubrious State – a race that does not look too bright for lawmakers going through the usual snail’s pace of lawmaking.

Laskow’s article about the Scripps reporters prosecuted for hacking crimes because they engaged in industry practice to download publicly available information serves a chilling anecdote for the innumerable “crimes” committed everyday by the Internet-accessing world. Once again, in this course, we encounter a crisis of definition; this one is perhaps, the most sinister crisis in terms of criminal prosecution (compared to debates about the definitions of civic engagement or privacy, and their entailing prosecutions, for instance).

The speed by which hackers are able to change their tactics, work around legal frameworks of the CFAA, or simply develop more invisible but potent means of stealing identities, systems, and intellectual property, in a federal system attempting to accommodate 50 individual state laws – or even worse, international hackers operating on a system of web that ignores geographic and political boundaries poses direly complex legal problems.

As somewhat of a self-described Libertarian, I am dismayed to feel that there might have to be a specialized and internationally centralized court, and body of governance – one that can move faster than the legislative movements of nations to address these highly technical and ever changing crimes. The most effective and true hackers are invisible through technical prowess, while the most innocent of them such as the Scripps reporters, are the blatant criminals under laws like CFAA.

The illegal hacking issue is an ever-complicated result of a global problem that is outrunning its bumbling, localized resolutions. There are no single answers to the problem, and I am but a layman before the world of hacking issues and virtual crimes, but it seems that the starting point to resolving this disastrous diaspora is to conglomerate the governing and enforcement bodies into a more centralized system, a more synchronized strategy of attack.

Universal criminals who know no boundaries are destined to win when we are so bound to our disparate governing territories.

The moderate libertarian in me is protesting at my own words. But such is the result of my lay-thoughts after this week’s readings…

Chanel

Chanel Rion (talk) 22:18, 30 March 2015 (EDT)

It seems like we hear about big data breaches all the time these days, but it was still startling to read Bill Hardekopf’s compiled list of “The Big Data Breaches of 2014” in Forbes. Seeing several instances combined was a bit of a wake up call (especially since I wasn’t even aware of many of these), and it prompted several questions for me. For example, are data breaches a new fact of life and an inevitability of using credit cards and putting our information online? Should we be focusing on beefing up security in order to minimize the likelihood of breaches like this, or should we focus on taking swift action once a breach inevitably occurs? Are there any patterns we can find in the victims of the hacks (the companies, not the credit card users), or in the hacking approaches themselves?

Reading about the various Sony hacks in Ars Technica also made me think about the wide range of motives that might be at work from the hacker’s perspective, and the various degrees of damage different acts of hacking can lead to. The Sony hacks from this year are a perfect example: presumably they were meant as an act of political intimidation, in order to scare Sony into shelving “The Interview” before its release, but the hacked data held a range of implications the hackers might not have anticipated. For example, racist emails between producer Scott Rudin and Sony executive Amy Pascal became a huge embarrassment for Sony and led to discussions about race in Hollywood. Similarly, breached data showing how much each actor made for the movie “American Hustle” showed that there is still a problematic gender pay gap in Hollywood as well, and led to discussions of income inequality between the sexes. It was interesting and strange to me that an act meant to bully a studio into self-inflicted censorship ended up spurring productive conversations about race and gender.

It was similarly interesting to see the fallout and reactions following the release of several private celebrity photos, showing them naked. The breach was an undisputed criminal act, and furthermore it was a gendered act of bullying and power dynamics, but it also led to widespread conversations that were not in the public light before (for example, questioning the previous shaming of the celebrities for having naked photos on their phones). Overall, it is helpful to examine cybersecurity and computer crimes right after our session about “Hacktivism,” because clearly sometimes (for example, with Anonymous), online crimes are used as a form of Hacktivism, but in many cases, online crime can have unintended consequences with bizarre and fascinating effects.

Beccalew (talk) 06:58, 31 March 2015 (EDT)

Retrieved from "http://cyber.harvard.edu/is2015/?title=Cybersecurity_and_Computer_Crimes&oldid=4110"