Social Engineering # 9

The task: To have an emotional breakdown in class to social engineer fellow players.

Did I accomplish it? No, but I tried.

Narrative/method: My first approach was to think about a good moment to do it, the main issue I had with this task was that I hate being the center of attention and to execute this you kind of have to, there is no other way to execute it, so it was a really hard task to plan. Also another problem is that I am a terrible at acting.

After thinking about it a lot I decided to do it while we were in the hallway and  to pretend I was embarrassed so that I could avoid making it a big deal and then becoming the center of attention of everybody around. I decided to go hang out with a few class fellows I always chat with while we were waiting outside to go into the classroom. By the time I tried to start pretending I was having an emotional breakdown, I was so humored by it that it did not come out right and the people that I was talking to thought I was just being silly by exaggerating and hence just kidding, I was giggling too which did not help give this act the seriousness it needed in order to make seem real.

Application: Anybody who would pretend to have an emotional breakdown in a real life situation could have different goals like for example distracting people in an office or place of work while somebody else hacks into their system or steals important data in a USB or some other type of storage. They could also get access to some room that is in a secured perimeter.

There could be many more different scenarios about somebody pretending to have an emotional breakdown in order to catch the attention of the people or simply to manipulate somebody or a group of people emotionally, in order for them to feel sorry for her/him.  

Ethical reflection: Somebody could do this in order to accomplish something morally good, like for example to help somebody who is committing an act of civil disobedience. Somebody could also do this in order to raise awareness about mental illness and the issues we have in our society addressing such while accepting the people who suffer them.

Somebody could also perform this act to achieve goals which are morally wrong like for example they could do that in some public place  in order to distract people while their belonging are being stolen.

ETHICS ASSIGNMNENT FINAL

Description: I chose a news article that reported on an ongoing war between the hacktivist group known as Anonymous and the Islamic Terrorist group known as ISIS. the Article stated that Anonymous has been hacking and bringing down ISIS websites dedicated to recruiting and propaganda. Anonymous also recently hijacked ISIS related twitter accounts in an attempt to troll the terrorist group.

  https://motherboard.vice.com/en_us/article/inside-anonymous-civil-war-over-its-fight-with-isis

  http://www.cbsnews.com/news/anonymous-vs-isis-social-media-war/

https://www.theguardian.com/technology/2016/jun/17/islamic-state-twitter-accounts-rainbow-makeover-anonymous-hackers

Reasoning: i agree with these acts of hacktivism. While i agree that Anonymous is still an anti government group that should be brought to answer for previous crimes, i also believe that they are doing some good for the world because of these acts against the Islamic State. ISIS also uses cyber warfare in their quest for an Islamic Caliphate in the areas surrounding Iraq and Syria but they also follow a violent anti western anti social agenda which includes the murder or enslavement of religious minorities, throwing homosexuals from rooftops, sexually enslaving women of religious minorities, the slaughter of children and men who do not follow their perverted version of Islam. These crimes against humanity must be stopped and if a group like Anonymous is willing to fight these blood thirsty barbarians i say more power to them.

Philosopher: to quote Murray Bookchin “Humanity has passed through a long history of one-sidedness and of a social condition that has always contained the potential of destruction, despite its creative achievements in technology. The great project of our time must be to open the other eye: to see all-sidedly and wholly, to heal and transcend the cleavage between humanity and nature that came with early wisdom.” ― Murray Bookchin


Murray Bookchin is saying that he has seen through our long history humanity's worst traits and the destruction we bring upon ourselves. He may been an anarchist and against what he believed were the powerful few who ruled over the majority but even he would never have advocated for violence against the world governments like ISIS is doing today. Groups like Anonymous seem to follow more closely with Bookchin's philosophy than ISIS.

ASSIGNMENT: Ethics final project

Description : I chose the case of Edward Snowden, the whistle blower who revealed very sensitive and information which we would never have known had he not decided to reveal it. 

https://www.nytimes.com/2014/01/02/opinion/edward-snowden-whistle-blower.html?_r=0

https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

I believe that mister Snowden has made a life mistake to reveal that the U.S government spies on its citizens, although i think that the fact that he revealed this information to the public is very wrong, it has well served many other terrorist groups that would now change their way of recruiting their ways of people. Ethically, his decision was right, from a point of view of National Security analysts, it was wrong and i believe that he made the wrong decision because having the U.S government collecting information or listen to our conversations is no of my interests since their argument is to track terrorists wherever they might go. Also if one is certain that they are not planning to commit attacks or terrorist attacks, i do support this cause.  

Moral Reasoning: Edward Snowden's revelation has made me change my stance constantly as every time i read, watch or listen to different philosophers, i seem to come with a new conclusion to it, this will be open for discussion for generations to come, in order for one to make as hard as this judgment call, one has to be equipped with  lots of knowledge about how the U.S government works as well as the laws that apply on the whistle-blowers, given the fact that there is no law in the U.S constitution that protects whistle-blowers such as Snowden's case, it is believed that Edward Snowden would not have had a fair trial had he decided to take the sensitive documents to Congress,many philosophers have come in support of Mister Snowden's revelation as they think that he made the right decision to let this secret out; however, my stance to this matter is that Snowden was a champion of this revelation because although he was aware of the outcomes of this, he still proceeded with his morals and exposed the U.S government on its illegal activity spying on innocent people like you and me. 

Contextualize: Among the most famous philosophers who stood up for mister Snowden revelation is John Perry who voiced out his curiosity strongly and agreed with mister Snowden when he decided to reach out to a journalist from the Guardian and asked him to reveal what the U.S government against the will of innocent and law-abiding citizens being spied on without their knowledge, professor John Perry said something that is actually very intriguing, he said that if the U.S government is really frustrated with mister Snowden's decision because he made the country vulnerable to terrorists, then count how many terrorist attacks have taken place after Snowden's revelation with how many terrorist attacks have taken and still taking place all over the world, it is very surprising that the number grows dramatically which suggests that the U.S government along with mister Snowden previous co-workers who believe that the country became more vulnerable and easy targeted by other terrorist organizations are statistically wrong. He also suggested that there should be more people if there is any to expose and confront the U.S government to stop its illegal activities and actually do our part as law-abiding citizens to actually dis-empower the government that occasionally puts GPS tracking devices under random people's cars and track their daily activities.He added that the government contributes to other companies and actually helps other organizations get people's emails as well as their personal information to send advertisements as well as sending credit cards under their names to convince them to become their customers. It is very astonishing to me that one of the if not THE greatest country on earth sells or gives away our personal information to companies in exchange of some sort of pay back to that company.  

  

Final Project

                                                            MALWARE

Malware is a software that is made  to damage or disable computers and computer systems.

There are a lots of typees of Malwares- 

Adware:- An adware software that automatically displays or downloads advertising material (often unwanted) when a user is online

Browser Hijacker:-Browser hijacking  refers to a piece of software that is installed on your computer and that takes over  your web browser. It does this without your permission and it is very difficult to remove.

Spyware:- Spyware is a  software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

Ransomeware:- It is a type of malicious software designed to block access to a computer system until a sum of money is paid. 

Rogueware/Scarware:- Scareware, also known as  fake antivirus products that trick users into paying for license fees by bombarding them with false security alerts.

Trojan worms:- In computing, Trojan worms  is any malicious computer program which is used to hack into a computer by misleading users of its true intent

SWIFT, the global financial messaging network that banks use to move billions of dollars every day from different accounts was warned on Thursday of a second malware attack similar to the one that led to February's $81 million cyber attacks at the Bangladesh central bank.

The second case was targeted a commercial bank, SWIFT spokeswoman Natasha de Teran said, without naming it. It was not immediately clear how much money  was stolen in the second attack.

While SWIFT had previously warned that the Bangladesh heist was not an isolated incident, and said its core messaging system remained intact, confirmation of a second attack on a bank will likely increase awareness on the security of a network that is a important of the global financial system

http://www.reuters.com/article/us-swift-heist-case-idUSKCN0Y332D

http://www.malwaretruth.com/the-list-of-malware-types/

Final Project

The case i am choosing for my Final Project is about the Massive Debit card hacks to Indian Banks which affect the 3.2 million Debit Card holders. The hack was among the biggest financial data breaches in India with several victims reporting unauthorized transactions that have reportedly originated in China. SBI, HDFC Bank, YES Bank and Axis Bank were among the worst hit, according to the report. About 2.6 million affected cards on the visa and MasterCard platform. In an e-mailed statement to HUFF POST India SBI said  "Card network Companies NPCI, MasterCard and Visa had informed various banks in India about a potential risk to some cards in India owing to data breach. Accordingly, SBI has takenprecautionary measures  and have bloced cards of certain customers identified by the network.

www.huffingtonost.in/2016/10/20/massive-debit-card-hack-hits-indian-banks

www.zeenews.india .com/tags/hacking-case.html

Yet, despite the possible size and scale of the crisis, there are plenty of questions and no comprehensive

answer for how something like this could go undetected for months in Asia third largest economy. The incident has also underscored India urgent requirement to overhaul consumer protection and cyber security regulations especially at the time when Narendra Modi government is attemting to create a robust digital economy.

My thoughts is, this is not good for the consumers because they put lot of money and their risk in Banks. Hackers do their very best to make the people homeless by attacking their bank accounts and ATM machines. Initially malware which is malicious software that targets computer system detected in ATM machines system belonging to Yes bank India fifth largest private bank. This ATM is operated by Japanese firm Hitachi payment Services. The malware allowed hackers to extract money from bank accounts via debit cards but the exact number of accounts affected is unclear. 

The RBI rules on monetary losses caused by security breaches are clear. The bank shall ensure full security of debit cards. The security of debit cards shall be responsibility of the banks and losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank. But no banks has admitted to failure of its security system. If the data breach was Hitachi end as some are making it out to be then one isn't sure what exactly RBI can do as Hitachi is third party vendor. 

To address the third party security issue , RBI put out a draft proposal in February which would protect customers with limited liability in case of unauthorized e transactions . These proposals   would cover third party security breaches provided the customers report suspected fraudulent activity within three days.

For banking institutions, it is important to adopt solutions that proactively address adversaries and establish real time monitoring systems to detect, protect and prepare from cyber attacks Said Shrikant Shitole , Managing director at symantec a security software firm      

final project

Describe a case:

The topic that I choose is that a 15 year-old teenage hacker arrested over FBI computer hack. A teenager from Scotland got arrested by British Police for breaking into the FBI Systems on 16^th February. “A Police Scotland spokesman said: 'Following a search of a property in the Glasgow area on Tuesday, February 16, a 15-year old male was arrested in connection with alleged offences under the Computer Misuse Act 1990.”. He is a member of the hacktivist group named “Cracka with Attitude”.

http://www.dailymail.co.uk/news/article-3452774/FBI-arrest-15-year-old-Glasgow-schoolboy-suspicion-hacking-secret-computer-system.html

http://thehackernews.com/2016/02/fbi-hacker-arrest.html

Moral reasoning:

I think what he did is totally wrong, because he actually hacked into the FBI systems, which are extremely private. Under the Computer Misuse Act 1990  of the Parliament of the United Kingdom, he broke the law of “Unauthorised access to computer material” (section 35). In my opinion, FBI is an powerful agent of the United States, all of their information are sensitive. Breaking into the FBI computer system could be damage very important information, or at least leading the way for other hackers to the next attacks. As my knowledge, the FBI employees nearly 35000 people, what would happen if those people got leaks of their information, such as phone number, email address; and they would be in sensitive positions too. “If they can’t secure their digital doors, there’s no reason to think any branch of government can.”

The example of FBI information leaks is that hacker publishes contact info for 20,000 FBI employees.

http://www.nydailynews.com/news/national/hacker-dumps-info-thousands-homeland-security-workers-article-1.2524440

https://www.wired.com/2016/02/hack-brief-fbi-and-dhs-are-targets-in-employee-info-hack/

These information leaks have done by the “Cracka with Attitude” group – where the boy is a member of it. The information of about 9,000 DHS (Department of Homeland Security) employees and 20,000 FBI agents have leaked out. That information including: Names, Job titles, phone numbers, email addresses.

As I know, the FBI is an intelligence-driven and threat-focused national security organization, it investigates international terrorism, foreign counterintelligence, cyber crime. So it would hold a ton of information related to major concerns. When the hackers gain the access to the FBI computer systems, they would break into that information, how dangerous it is when that information is given to the bad guys’ hands.

While doing this research, I also concern that the FBI is one of the US intelligence agency. They probably have strong security, but they still got hacked, got leaked of information of their employees. How strong do other organizations need to protect their consumers? Whenever we sign up for something online, we are feeding the Big Data, and our privacy is threatened by hackers.

Philosopher:

I chose Anita L. Allen.

https://harvardlawreview.org/2016/12/protecting-ones-own-privacy-in-a-big-data-economy/

“While individuals have a moral responsibility to protect their own privacy, Big Data represents a challenge that points to the need for collective and political approaches to self-protection rather than solely individual, atomistic approaches. Fortunately, although business and government are “all in” with Big Data, privacy concerns are getting some of the attention they deserve from policymakers and researchers. As we push business and government to address the complex threat to privacy posed by Big Data, we can also look forward to ways Big Data may improve the experience of privacy and private life.”

Contextualize:

As Allen says, Big Data is a threat with our privacy. A lot of hackers out there, try to get our information anytime. The hacking act of the 15 year old boy is one of many examples of hacking into the US agency. As I’ve talked above, our information in the data of many organization is in the threat too.

Ethics Final Paper Last Post

Tuesday, April 4, 2017

ASSIGNMENT: Ethics final project Part I

For your final project, you will develop a blog post and presentation that do three main things:

·      Describe: Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by WikiLeaks.

The Hacker News cybersecurity online digest talks about how the CIA has been found responsible of 40 attacks to Americans and attacks to other countries’ systems using Hacking Tools Source: http://thehackernews.com/2017/04/cia-longhorn-hacking.html

·      Do moral reasoning: This is a case that leans towards a reasonable use of tools with the purpose to protect our security where to achieve such goal the CIA is breaking into our systems and other countries as well. The interesting point here is not how they used their tools to conduct cyber-attacks but how much power this institution has over our lives. One could only “get away” with these types of activities if when considering oneself above the law or with the certain ability to camouflage under the law, or manipulate the law per what would be favorable. Almost as if one was wearing the invisibility ring of “The Ring of Gyges” tale story.

·      Contextualize the case by analyzing it from the perspective of a philosopher of your choice (complete with references to specific texts by that philosopher supporting your analysis)

Source: http://philosophy.lander.edu/intro/articles/gyges-a.pdf

I chose Glaucon and Socrates because of the moral dilemma presented on “The Ring of Gyges.

First, I’d like to explain what this story is about.:

Glaucon is talking to Socrates about a magical ring that can be used two ways: inward to make the bearer of the ring disappear or outward to reappear. Glaucon explains that “if they were two rings, one to be worn by the just and one by the unjust man, no man can be imagined to be of such an iron nature that he would stand fast in justice. No man would keep his hands off what was not his own when he could safely take what he liked out of the market, or go into houses and lie with any one at his pleasure, or kill or release from prison whom he would, an in all respects be like a God among men.” -

In this context, the actions of the just and unjust people would be the same because they would not have a moral obligation to do things the right way or must follow the law because they would not be a way to prove they committed a crime because of the power of the ring. Ideally in a legal system like ours with a solid foundation of respect for the law and guidelines that dictate no one is above the law, The Ring of Gyges will only be a silly tale but it reality the perception of whom is under the law and is supposed to respect the authority is a line thinner than expected. We justify the use and abuse of the law, even the misuse of the law if the intended purpose of the same needs to be altered for the legal system to seek for justice. This is where I’d like to cite the article that lays the foundation of this paper: “Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by WikiLeaks”. In this article its explained how the CIA uses hacking tools to attack computer systems from other countries in other to breach information and how it uses it domestically to monitor Americans. Almost like a reminisce of the book’s 1884 “Big Brother” from George Orwell, always watching what we do.

The application of Ethos and thus WikiLeaks reputation has not been the most stabled we’ve seen but Symantec is indeed a renowned computer system security company and was the company who made the relation, validating the abuse of the law many Americans are victims of without knowing. We have given such a great power to our judicial system that breaking into our own privacy and stirring up conflict in another sovereign country is justify, in case one of us living in American or someone from overseas is trying to get hands on information that should not have access to. Also, in case someone maybe in some form of “abuse” of the law is trying to get away with committing a crime. And we do know that in other to search or seize our electronics devices contents, the authorities must provide with a warrant and a description of intention why we’re suspects but somehow, some authorities that are intended to serve and protect our communities and our country manage to switch back and forth on who’s wearing the ring of Gyges.

In some occasions, it is us wearing the ring, being visible and vulnerable to the law and the authorities that enforce the same. I other occasions is the authorities wearing the ring, being visible enforcing the law to then turn the ring inward and silently monitor our conducts online, searching for plausible reasons of intent and evidence of a crime, or even trying to hack into other countries to gather intel. All these as if the only organization that could do this is the CIA. Almost as if the law does not apply to them due to the nature of their activities to protect us. In my opinion, privacy has become a valuable that not all of us can afford anymore. I’m not referring to privacy in our social media interactions. This is about privacy and right to use or personal computers and smartphones without being hacked into by our own government, just in case we maybe, might be intending to commit a crime.

In this topic, there’s a point where is no longer clear who gave the CIA permission to violate the 1^st Amendment or who is responsible for evaluating where is the line to be drawn? Who decides when hacking into civilians’ computers and international governments is an excessive use and abuse of the law? Well, the same authorities or at least authorities’ homologues in degree of power in practice that are not the CIA, are the ones who dictate when is too much, when the hacking and surveillance is violating our rights and of course if it was worth doing. We are constantly bombarded with media publications and displays of this constant abuse of the law by the authorities that are supposed to enforce it and respect it, just as we are supposed to as civilians. We see how justifications are displayed applying moral reasoning on why breaking into someone’s computer was necessary to make sure that person was not committing a crime, even hacking into another civilian computer. Same apply to the CIA hacking into other countries government systems to gather intel. 

I’d like to end my assignment leaving a question to give it some time to simmer in our conscious to think who gave the authorities such power and who has the power to change the system?