#it109

What is my position on software piracy?

Scenario: I am a representative of the Business Software Alliance.

Piracy is the enemy of every innovator. Software makers spend grueling hours and a multitude of resources into developing their technology. Thus, every software creator should be given the exclusive right to their creations in the said amount of time provided by the law.

Arguments

 ·         Individuals can set their business apart from competitors.

·         Can be essential part of a business marketing strategy or branding.

·         Essential for the perseverance of research and advancement.

Case 1

An online company who accepts credit card details wants to secure its customers’ details, and safeguard against damage.

Vulnerabilities: Theft (information and money), Unauthorized access, Identity theft

Threats can come from both external and internal factors. For example, the credit card owner maybe a victim of thievery, assuming that the thieve has the victims credit card and its pin code then it would be easier for the thieve to access the contents stolen credit cards. A company is not also safe from their own employees. Assuming that the online company has an employee, who had ill intent from the beginning, he can easily access the credit card’s information from the company’s database presuming that the employee has access to the company’s database and other sensitive materials.

Security Measure: Access control software, firewall, intrusion detection systems(IDS), intrusion prevention system(IPS), credit limit, Security Information Management, cipher codes.

Among the listed security measures, the best ones for this case are encryption and Intrusion detection systems. What intrusion detection does is basically establishing a barrier between a trusted internal network and untrusted external network, its functions are like of that a firewall but much stricter and organized. Encrypting customer details would also help the company prevent further loses, a thief might be able to acquire monetary content from the victim’s credit card but at least the details of the victim is protected against identity theft.

Case 2

A communications company employing a lot of young, technically able people, wants to ensure its online facilities are not being abused.

Vulnerabilities: Theft of Information, Theft of time, Identity theft, Hacking

Threats can still come from both internal and external factors. Employing technically able people can be a double edge sword. You would not have to worry about getting hacked or have your company’s sensitive information be compromised if a company hire the right and able people. On the other hand, these types of people can also access the company’s communication line and compromise both the company and the company’s clients. Young people are also vulnerable into committing theft of time, this is because a lot of young people spend most of their time using social media networks and playing games.

Security Measure: Clustered firewall, Intrusion prevention systems(IPS), behavior monitoring algorithms, Access List, Establishing call routes, Virtual private networks.

Behavior monitoring systems can help the company monitor any abnormalities, suspicious activities, and irregularities of activities that their facilities or systems may be subjected into.

Case 3

A high-security establishment needs to ensure that only authorized users can access certain parts of the system.

Vulnerabilities: Theft of information, Unauthorized access

In this case the establishment is more vulnerable to internal threats rather than external threats. Since the company has establish a high-security profile, external breaches to their systems would be very difficult. This means that the company would only need to worry about internal threats and factors.

Security Measure: Access control list, Log management software, encryption, biometrics, cipher.

Access control list added with biometric scanning are the best security measure for this problem. Access control list enforces privilege separation between authorized and unauthorized employees. Access are granted only to those who are registered in the computer file system. Including an additional biometric access requirement would add another layer of security to the system.

Case 4

A private consultant has a contract with a research organization working on highly sensitive issues. He needs to be sure his communications are secure, and some of the documents he sends might be used as legal proof of his recommendations.

Vulnerabilities: Theft of information, computer espionage

The consultant is most vulnerable to external threats since the consultant is sending classified documents on a communication line that may not be safe. Hackers can easily tap into communication lines especially when those communication lines are not highly secured.

Security Measure: Encryption, Intrusion prevention systems(IPS), Virtual private network(VPN)

Security Technology is a tool that enables enterprises, individuals, and groups to achieve their most important goals without the complication of having their valuable data’s and information being lost, leaked, and or stolen. 

Security technology might not be as perfect as people would expect. Biometrics, Encryption’s, Access control software, and firewalls are good security tools to protect valuable data’s and information from both internal and external threats. But these technologies are near perfect, these technologies still has their share of problems and Issues.

BIOMETRICS

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. The technology is mainly used for identification and access control, or for identifying individuals who are under surveillance (Margaret Rouse, 2017).

Vulnerabilities

High quality cameras and sensors are the main components of biometrics. This also enables hackers to capture biometric data’s from individuals without even them knowing and without their consent.

In 2017 Jan Krissler a biometrics technology reasearcher defeated the scanner authentication scheme of Samsung that was used on their S8 phones. Krissler stole biometric data by simply extracting it from a high resolution photo.

source: https://searchsecurity.techtarget.com/definition/biometrics

ENCRYPTION

Encryption is the method or process of encoding data, encrypted data is usually paired with an encryption key. When a data is encrypted, the data is essentially scrambled, making it unreadable. Undoing the encryption would turn the data back to its readable state.

Vulnerabilities

Cipher modes and algorithms are methods by which hackers create algorithm to unlock or decode an encrypted file. Cipher modes and algorithms simply studies the how an encryption scrambles the data and tries to reconstruct the data from the encryption algorithm.

In 2013 and 2014 Yahoo! was a victim of a huge data breach. The attack compromised the real names, emails, telephone numbers, and addresses of 500 million yahoo users. Yahoo! explained that the huge breached was caused by hashing the passwords using robust bcrypt algorithm.

source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html

FIREWALLS

Firewalls are software that enforces rules on how data packets may come and go in a network or computing device. Firewalls work through imposing packet-filtering and inspection 

Vulnerabilities

There are 5 major vulnerabilities surrounding Firewall technology. The following are 

Insider Attacks - When a firewall is attacked internally.

Missed Security Patches - When discovered security problems are not fixed.

Configuration  Mistakes - Certain firewall setting create conflicts and which directly affects firewall performance.

Lack of deep packet inspection - Some firewalls do not do rigorous packet inspection.

DDoS attacks - Denial of service attacks overloads the protocol. This causes a breach on the firewall.

source: https://www.compuquip.com/blog/5-firewall-threats-and-vulnerabilities-to-look-out-for

ACCESS CONTROL SOFTWARES

Access Control Software works by regulating who or what can view the resources in a computing environment (Margaret Rouse, 2018). Access control software may come in Logical and Physical accesses.

Vulnerabilities

1. Decreased resistance to forced and covert entry.

2. Electromagnets can be bypassed with packing tape.

3.Electric strikes can disable anti-loiding features.

Access control software suffers the same vulnerabilities of firewalls, biometrics, and encryption tecnhnologies.

1.) What was this case about?

The Legion of Doom (LOD) was a hacker group active from the 1980s to the late 1990s and early 2000. Their name appears to be a reference to the antagonists of Challenge of the Super Friends. LOD was founded by the hacker Lex Luthor (Vincent Louis Gelormine), after a rift with his previous group the Knights of Shadow.

2.) Who were the protagonist and parties involved?

At different points in the group’s history, LOD was split into LOD and LOD/LOH (Legion of Doom/Legion of Hackers) for the members that were more skilled at hacking than pure phreaking. The overall beliefs of LOD and MOD were different, but it can be difficult to untangle the actions of the members since there was a cross-overs between the two groups.

As of 2009 what has happened to each individual member of the Legion of Doom is unknown. A small handful of the higher-profile LOD members who are accounted for includes:Chris Goggans or “Erik Bloodaxe”, Dave Buchwald or  “Bill From RNOC”, Patrick K. Kroupa “Lord Digital”, Loyd Blankenshipor  “The Mentor”, Bruce Fancher or the “Dead Lord” and Mark Abene or the “Phiber Optik”, who was a member of both LOD and Masters of Deception(MOD) and lots of known hackers including the former member of the group LOD.

3.) Did any prosecutions result?

The Secret Service made some major breakthroughs in Hacking circles in 1989 as three members of the Legion of Doom were arrested (Franklin darden, Adam grant and Robert Riggs). They were charged with hacking into Bell South’s Telephone Networks in 1988.

4.) If so, what were their outcomes?

Franklin darden, Adam grant and Robert Riggs who were charged with hacking into Bell SOuth’s Telephone Network in 1988 would be sentanced to time in Federal prison.

while Secret Service also find out who “Fry Guy” is – the employee who hacked McDonalds mainframe for raises who also member of the Legion of Doom. It was part of the “Hacker Crackdown”.

5.) What ethical issues raised by this case?

The MafiaBoy case was a series of cyberattack which targeted e-commerce and commercial websites back in the year 2000. Michael Calce known as the MafiaBoy conducted a series of Denial of Service Attacks (DOS) on commercial businesses and websites like CNN, eBay, Amazon.com, Yahoo!, Dell, and Fifa.com and caused an estimated $1.3 Billion worth of damaged to the said businesses.

Prosecution during the time was complicated since Michael Calce was still 17 years old and Laws regarding such incident was still not as firm as the present day. Prosecution sentenced Michael Calce to juvenile detention and a number of prohibitions like being not able to possess any software that’s not commercially available, providing the name of his internet service provider, and talking with other hackers on the internet.