Social Engineering Task #1

Switching Seats

My task was to “get a fellow player to switch seats with you”.

 

Since “Switch Seats” task was told in the class few times already, everybody knew what was coming. With very uneasiness, I approached Dr. Purple for that task and as I expected he ignored my request. Then after a while we had to log onto computer for MyNetLab assignment, so I tried to convince Mister Deer to use computer at my desk to log on (since he didn’t have computer on his center table). Because of the obvious reason and known nature of task, my offer was also ignored by Mister Deer.

I won’t say my strategy was very effective because of the “not so secret” task.

To begin with, my moral stakes was like… ughh… when I picked and read the task. Then slowly after discussion in the class, I was okay and said to myself, “task is task, either you fail or pass, there is no harm in trying”.

Even though I failed, I learned something good. It’s not easy to deceive or cheat on well informed people, if everybody in an organization are alert about possible intrusion and method. That intrusion will be almost impossible to occur.

I guess this task was an open secret and awkward one to start conversation with your new classmates because everybody knew what’s coming and I was lucky (??) to select that task. The moment I picked that chit and read the task, I knew almost certainly that I’m going to fail because that was the first example given in the class about the social engineering. My mantra was “there is no shame in failing but failing without trying may be”. Even with some hesitation, I tried that anyway. I am not ashamed for failing, at least I tried.

Ethics Assignment # 1

Anonymous and Tunisia

On January 2, 2011, when Tunisian government blocked Wikileaks in Tunisia, Anonymous firstly got involved to stop censorship.  At that time, Tunisia was going under an intensive campaign of civil resistance, including a series of street demonstrations. The events began on 18 December 2010, the day after the self-immolation of Mohammed Bouazizi in Sidi Bouzid, and led to the ousting of longtime president Zine El Abidine Ben Ali in January 2011. Anonymous collectively launched its 'Operation Tunisia' retaliatory strike in early January, With OpTunisia. Anonymous launched a series of DDoS attacks against government websites. Additionally, Anonymous provided protesters with documents required to take down the incumbent government as well as distributing a care package, among other things, including Tor, and a grease monkey script to avoid proxy interception by the government. They also aided in passing information about the protests in and out of the country. The regime eventually regained control over its various Web platforms, but its online dominion was short-lived. On January 14th, Ben Ali dissolved his government and fled the country.

In this case I think Anonymous did the right thing to support the Tunisian people against its own oppressive government. Too often, popular struggles have been suppressed by authoritarian and democratic regimes alike. Anonymous has, however, been able to assist popular movements in disabling tools of suppression and in opening channels of communication closed by ruling governments. Ben Ali’s government was suppressing its own people and they needed some external help to get their voice heard in the international media. That’s exactly what anonymous did, provide them with resources and tools to protect themselves from Tunisian cyber police. I don’t think Ben Ali’s government fled because of anything Anonymous did, but because of what the Tunisian people did. Whenever it comes down to making a choice between an oppressive government and majority of people; people will be always my choice.  That’s what I think of Anonymous involvement in Tunisia.

Ethics Assignment # 1

On January 14, 2008, a video produced by the Church of Scientology featuring an interview with Tom Cruise, was leaked to the Internet and uploaded to YouTube. The Church of Scientology issued a copyright violation claim against YouTube requesting the removal of the video. Shortly thereafter, the Hacktivist group Anonymous voiced its criticism of Scientology and began attacking the Church. Calling the action by the Church of Scientology a form of Internet censorship. Members of Anonymous coordinated “Project Chanology”, which consisted of a series of denial of service attacks against Scientology websites, prank calls to the Dianetics hotline, and black faxes to Scientology centers. On January 21, 2008, Anonymous announced its intentions via a video posted to YouTube entitled "Message to Scientology", declaring "war" against the Church of Scientology. The purpose of the protest was to protect the freedom of speech and freedom of the internet.

On January 28, 2008, an Anonymous video appeared on YouTube calling for protests outside Church of Scientology centers on February 10, 2008. It is estimated that 10,000 people protested in more than 90 cities worldwide. Many protesters wore masks based on the character V from V for Vendetta, who was influenced by Guy Fawkes, or used other disguises to protect themselves from retaliation from the Church of Scientology.

After much research I agree with the actions of Anonymous. Their protest made people throughout the world take a closer look at Scientology and their tactics toward those that dare speak out against them. Scientology is known as the most litigious organization in the world. They have infiltrated the FBI, IRS and over one hundred other government agencies.

The “We are Legion Video” highlights the case of a twenty year old young man named Brian Metternbrink that learned about Anonymous’ war against Scientology on 4chan.org. Brian is not a bad person. He appears to come from a good family. Brian states that he would never do anything that would hurt anyone. Brian downloaded a program called “Low Orbit Ion Cannon” and used it to launch a denial of service attack on the Scientology web site. The attack only lasted a few hours. Brian was sentenced to one year in jail and one year of supervised release in which he was not allowed to touch a computer. Try being productive in today’s world without a computer. Brian could have gone to jail for five years and fined hundreds of thousands of dollars. There are rapists, pedophiles, murderers, people that drive drunk and kill people that get a lighter sentence. Brian’s sentence is an example of the reach and power of Scientology. 

Social Engineering Assignment # 1

My mission was to get a fellow player to provide me with their home address. I was able to accomplish my mission on one condition, I do not reveal the identity of the player that provided me with their address. My strategy was simple, I explained what my mission was and asked the follow player to help me out with the understanding that I would not reveal their code name or address to anyone else.

I didn’t have any problem doing this. Since I have been going to BHCC I have gotten to know many students but not to the point where I know their exact street address. It would have been quite obvious to any player that I was carrying out a social engineering assignment if I attempted to obtain their address. The only way to accomplish my mission was to make a deal.

There was not any moral issues as far as I can see. In life if you want something from someone you have to be willing to make compromises and be willing to do them a favor. When I call on an elected official why do you think they help me out? Because I can help them out with my vote along with several family members votes.

The only thing I could do with the information I gathered is to send the fellow player a Christmas card next December. I don’t feel as though I gained any skills from this exercise that I didn’t already possess.

Social Engineering Assignment #1

1. My task was to get someone to tell me their pets name

2. In class you guys used mine as the example so it pretty much nulled my whole task so I truly did not even attempt it because it was fresh on everyone's minds.

Ethics Assignment #1

I am one of a pragmatic philosophy; I tend to see the effects in the real world and what’s viable and has results. After watching the Anonymous video, specifically the DDos attacks on Visa/MC for the lack of processing of Wiki-Leak payments, my pragmatic nature is once again strengthened by the addition of another pragmatic support beam. That being said, was what Anonymous did with right or wrong? It depends from which prism you wish to view their actions; either from an ethical or legal point of view.

From a legal point of view is is wrong as a DDos attacked can’t be performed from a single attack point; so the attackers have to either use a bunch of leased servers (which are expensive) or create an botnet, which in itself is a legal mess.

From an ethical point of view, one of the first questions that arises is: Are DDos attacks a form of  protest? One side of the issue says that its as ethical as a peaceful demonstration in a city square which can at times bring traffic to a halt. The major difference being that you can get a municipal permit for a physical protest.

It’s not easy to stake a claim if these actions were right or wrong. In the US, a DDos attack falls under federal statutes known as the Computer Fraud and Abuse Act (CFAA). What is wrong—thanks to my pragmatic philosophy— is the disproportionate nature of the sentence for the crime. Although through a nuanced lens, most attackers rely on computers they've infected to carry out their attacks, hence the harshness of the sentence. It makes me wonder how tough or lenient the sentence would be for an attacker that actually owns the servers used to perform a DDos attack.

Ethics Assignment #1

                Operation Payback was an attack by Anonymous which covered a wide range of different industries. Attacks on the film/music industries to credit card and banking companies to even foreign governments. Operation Avenge Assange was one of the numerous operations within Operation Payback. The attacks were carried out in support of Wikileaks when major financial corporations (Paypal, Amazon, MasterCard, Visa, etc.) cut their services to the site. Donations to the site were either stopped or frozen. As Wikileaks was a site which leaked classified information to the public, it was long a target of the government. Under political pressure, the financial corporations removed their services, cutting off a source of income for the site. Anonymous, which believes in a more transparent government, went into action. Operation Avenge Assange was carried out in retaliation against those financial corporations. The targeted sites were hit by sustained DDoS (Distributed Denial of Service) attacks, either taking them down completely or slowing their services.

                I will not judge the actions by Anonymous as right or wrong. It seems more like a way of expressing opinion, similar to a protest, although a bit more disruptive than a peaceful protest. The government does many shady things, many of which they would not like us to know. This in turn brings about an uneasiness and distrust in the citizens. You can’t really trust the government if they are constantly lying to you. Wikileaks publishes classified documents on what the government has been up to openly to the public, understandably making themselves a government target. I respect people’s beliefs for a more transparent government and would like that to become a reality myself, but I don’t think Wikileaks is the way to do it. The documents exposed by Wikileaks can potentially have information on government/military personal, making them potential targets of our enemies. These documents can also give potential enemy states or terrorist organizations a glimpse into our government, military, infrastructure, economy, etc. Information in these various sectors of our country can potentially undermine our nation’s security.

                While I do agree when it comes to a more transparent government. I don’t really approve of Wikileaks operations. Some actions by our government are shady and therefore classified to hide them from the public, but some are classified in order to protect our nation. Even if names and personal information were to be blacked out, there are still many clues within these documents that our enemies can leverage for their cause.

Ethical Hacking Social Engineering Assignment # 1

1.  What was your task?
My task was to find out someone's middle name

2.  What did you do? 
I did not complete this task, because I believe that a middle name is very personal, and I myself would not disclose this information to someone because it is a security question on most personal accounts such as bank accounts, Facebook login, and so forth. Giving full name opens up a door for identity thieves because they now have access to "exact name that appears on a card" such as a debit or credit card, which is a security check for credit card purchases made online. I believe that this task was undoable because most people would not give their middle name since it is the full name that distinguishes them from people with the same first and last name.

Ethical Hacking Assignment # 1

Anonymous has the capability to expose any person, persons, organizations, or government around the world, and so far they have not tried to harm innocent civilians, but targeted corruption and taken down several child pornography sites. Anonymous is fighting for the freedom of free speech in a country that has it written in the First Amendment that the Congress will allow the freedom of religion, speech, press, right of people to assemble peacefully, and petition the Government for a redress of grievances. Anonymous gathered a rally for Michael Brown who was a victim of police brutality. They fought against Internet Censorship by exposing the video of Tom Cruise talking positively about the Church of Scientology. There was a struggle to keep taking down the video, and it kept getting posted because Anonymous believed that they had the freedom of speech and this was an "abuse of copyright law." Anonymous is global. Anonymous used hacking for the good of the LBGT community of Uganda in 2012, where they expressed their contempt for the treatment of the LBGT people on the Ugandan prime minister's site when the anti-homosexuality law was placed. They encouraged the North Korean citizens to rebel against the corrupt government. They also made a joke out of ISIS by posting Viagra commercial on their site and took it down. They have power, and they have the capability to successfully make the government their victim, as well as the ISIS, imagine what they could do to vulnerable civilians on the Internet? Their job is to help people realize their rights and rebel against corruption and oppression. George Orwell's book 1984 has predicted today. Big Brother is watching us with wiretapping, keeping call databases, and data mining by the National Security Agency. The poor people are kept poor with constant pointless wars that are just expanding into several countries in the Middle East. People are kept under control as long as they are given distractions such as food, water, pornography, alcohol, and this media that brainwashes us. Anonymous is using technology as power in order to fight against all of this. The Church of Scientology believes that there were aliens and there is a long Star Wars like-story which was formulated by Hubbard. Tom Cruise made a statement in a video that Church of Scientology was helping addicts get off drugs, as well as expressing his love for the Church. This video was posted by Anonymous, and they played several pranks on the Church, such as sending disliked pizza and service of denial attacks. This cult that claimed to be a "Church" was the one that was responsible for deaths, mental disorder, brainwashing, and the rise of crimes. The members of the Church were tortured, humiliated, and many of them committed suicides from depression. In my opinion, Anonymous did not harm or threaten anyone's life, they were trying to make their voice heard and expose the crimes of the people in the Church.

Ethics Assignment #1

    The Sony PlayStation incident started by Hotz posted a copy of the root keys of the PlayStation 3 on his website on January 2, 2011. After the root keys of the console were published, Sony initiated litigation against George Hotz and predecessor PlayStation 3 hacking group known as fail0verflow. Sony in turn has demanded social media sites, including YouTube, to hand over IP addresses of people who visited Geohot's social pages and videos; the latter being the case only for those who "watched the video and 'documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video. PayPal has granted Sony access to Geohot's PayPal account, and the judge of the case granted Sony permission to view the IP addresses of everyone who visited geohot.com. Because Sony was granted it successfully, the hacker group, Anonymous, was angry by this behavior. Also Hotz had settled the lawsuit out of court in April 2011, on the condition that Hotz would never again resume any hacking work on Sony products. Therefore, Anonymous announced fight with Sony. They said knowledge is Free, and they wanted to fight for Internet freedom of speech. At the end of April 2011, an anonymous hacker broke into the PlayStation Network and stole personal information of some 77 million users. After their action, PSN service completely stop a month. SCE President /SONY vice president publicly apologized.

     I agree with Anonymous fought with Sony using hacking skills. This action fight for that knowledge was free. We spent a lot of money to buy their devices, so we should have right to do anything on these devices. Sony Company was a Japanese company, and they may do not know America hacking culture well. Your device was crack, so it meant your company still did not really well. Sometime, cracking also raise our security knowledge. Sony should not check the IP address that who had geohot.com. They had a vulnerability, they had to solve this problem. Why they blamed other people first? However, anonymous stole personal information of some 77 million users. I think this action was wrong. If they could hack other stuff, it would be better. Anonymous was a big hacking group. This group could include any kind of people. If you was one of that 77 million users, you would feel so nervous. You had no idea who was going to use your information to do something bad. Anonymous’ target should be Sony Company not PSN users whose were not relate to this case. In my opinion, it was not fighting for network freedom, and it just gave criminals a good opportunity to make crime directly. After this attacked, I hope Sony can improve their service security. If they could not do well in that, why users should pay a lot of money to support them. 

Ethics Assignment #1

Anonymous got it's roots from 4chan which is an image board website, but anonymous as we know it today is a collective of like minded people standing up for their beliefs. Anonymous is able to disrupt their targets by Ddos, Hacking, and protest. They have had many famous operations over the years but the operation that caught my eye the most in the documentary was Operation Payback. Julian Assange, a hacker, programmer and Journalist started Wikileaks. Wikileaks was created to expose secret and classified information. Paypal, Visa, MasterCard, and Amazon removed their services from Wikileaks so that it would not receive donations from supporters, Even the Swiss bank froze certain funds and this infuriated Anonymous to its core. Anonymous found out that Visa, MasterCard, and Paypal all still allowed their services to the KKK and other hate groups, and that just fueled the fire even more. Anonymous swiftly moved into action and started Ddos (Distributed Denial of Service) attacks on Visa, PayPal, MasterCard. and Swiss Bank Post finance. Soon there after Tunisia blocked Wikileaks and Anonymous ddosed Tunisian sites. As a result of the massive attacks 13 participants of Operation Payback were raided and arrested. In the words of many anons "information wants to be free". The government isn't very transparent with its citizens so it can make people uneasy and uncomfortable; Wikileaks is a repercussion of that isolation. when government atrocities or wrong doing's are brought to light people tend to either get angry or want change and anonymous beliefs lean towards change. At first I was definitely conflicted with the good and bad of this operation. I sat and thought about it for a while and I feel like the anons beliefs and intentions were in the right place. The government needs to more explicit, Wikileaks in my opinion is merely a necessity in modern day society. people have a right to know whats going on. and when anonymous saw that threatened they took action. I believe this operation was for the better good.

Social Engineering Task #1

My mission was to slip my assignment card into someone's book bag or pocket.

I slipped the assignment card into Dr. Blu Ninja's left jacket pocket. I didn't get a chance to see a book bag, so I did what was closest to me: the jacket.

It was fairly easy to execute. I performed it as soon as the social engineering assignment was given to me. I took advantage of the fact that Dr. Blu Ninja was looking at his/her own assignment. I even took the card in and out of his their pocket a total of 3 times.

It could be considered an invasion of someone's private space as I was inserting something into their personal property. In a worst case scenario one can frame someone by inserting stolen goods or illegal drugs.

By learning to take advantage of someone's lack of alertness or focus, one can retrieve documents or electronics containing information.

It was a pretty straight-forward task that involved dropping a card into someone's jacket pocket. I thought *afterwards* about how I had no apprehension in executing the task as I seem to compartmentalize the mission and the ethics of it. It makes we wonder if that compartmentalization applies to people doing illegal things.

Structure for Social Engineering Report

Here is a structure for your social engineering posts:

1.  What was your task?
2.  What did you do? 
3.  How effective was your strategy?
4.  What are the moral stakes?
5.  Now that you have done this, what could you do with the information or skills you obtained?
6.  Reflect on how you felt when you were doing this.

Please don't forget to use hacker identities only within blog posts(including your own identity from which you are posting).