Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Instructions please write a 5 page paper answering the question con
1. Instructions
Please write a 5-page paper answering the question concerning
the below case. Please follow the following format:
· Title page for the group and list out the group members
· Provide each students contribution (Ex. Introduction (Smith))
· Font should be 12 point, Calibri.
· 1.5 Spacing and 1-inch margins
· Use the American Psychological Association (APA) style (6th
edition) for writing your assignment.
· 5 (minimum) References for the paper. Combine these into
one reference page separated by studentCase Study -
Cyberterrorism—A New Reality:
When hackers claiming to support the Syrian regime of Bashar
Al-Assad attacked and disabled the website of Al Jazeera, the
Qatar-based satellite news channel, in September 2012, the act
was another act of hacktivism, purporting to promote a specific
political agenda over another. Hacktivism has become a very
visible form of expressing dissent. Even though there have been
numerous incidents reported by the media, the first case of
hacktivism was documented in 1989 when a member of the Cult
of the Dead Cow hacker collective named Omega coined the
term in 1996. However, hacktivism is not the only form of cyber
protest and conflict that has everyone from ICT professionals to
governments scrambling for solutions. Individuals, enterprises,
and governments alike rely in many instances almost completely
on network computing technologies, including cloud computing.
The international and ever-evolving nature of the Internet along
with inadequate law enforcement and the anonymity the global
architecture offers creates opportunities for hackers to attack
vulnerable nodes for personal, financial, or political gain.
The Internet is also rapidly becoming the political and advocacy
platform of choice, bringing with it both positive and negative
consequences. Increasingly sophisticated off-the-shelf
technologies and easy access to the Internet are significantly
increasing incidents of cyberterrorism, netwars, and
2. cyberwarfare. The following are a few examples.
· According to The Israel Electric Company, Israel is attacked
1,000 times a minute by cyberterrorists targeting the country’s
infrastructure—water, electricity, communications, and other
services.
· The New York Times, quoting military officials, said there
was a seventeen-fold increase in cyberattacks targeting the US
critical infrastructure between 2009 and 2011.
· The 2010 Data Breach Investigations Report has data
recording more than 900 instances of computer hacking and
other data breaches in the past seven years, resulting in some
900 million compromised records. In 2012, the same study
listed 855 breaches, resulting in 174 million compromised
records in 2011 alone, up from 4 million in 2010.
· Another study of 49 breaches in 2011 reported that the average
organizational cost of a data breach (including detection,
internal response, notification, post notification cost) was $5.5
million. This number was down from $7.2 million in 2010.14
The Telegraph (London) reported that “India blamed a new
‘cyber-jihad’ by Pakistani militant groups for the exodus of
thousands of people from India’s north-eastern minorities from
its main southern cities in August after text messages warning
them to flee went viral.”
There have been recorded instances of nations allegedly
engaging in cyberwarfare. The Center for the Study of
Technology and Society has identified five methods by which
cyberwarfare can be used as a means of military action. These
include defacing or disrupting websites to spread propaganda, to
conduct espionage and gain access to critical information, to
disrupt enemy military operations, and to attack critical
infrastructure. In 1999, pro-Serbian hacker groups, including
the Black Hand, broke into NATO, US, and UK computers
during the Kosovo conflict. In 2000, both pro-Israeli and pro-
Palestinian groups created panic for government and financial
networks, and in 2001, the world saw hacking with a patriotic
flavor when Chinese and US hackers traded attacks on
3. computers in both countries.
One of the first widely documented cases was the cyberattack
on the Republic of Georgia in 2007. On April 26, a series of
distributed denial of service (DDoS) attacks targeted
government, media, and financial networks and Internet
infrastructure. Many other servers were hacked, and websites
changed to display pro-Russian messages. Many of the initial
attacks were said to have originated from Russia and, in some
cases, allegedly from Russian government computers. The first
wave of attacks against Estonian websites fizzled out after the
Estonian foreign minister publicly declared that many of the
attacks had originated from Russian government computers.
The Estonian Internet infrastructure was subjected to more
attacks. On April 30, 2007, attackers utilized so-called robot
networks (botnets) from numerous sources around the world.
About a week later, there were more DDoS attacks, including
one on Estonia’s Hansabank, which reported a loss of about $1
million because of the attacks. The attacks continued
intermittently for a few weeks before finally dying off in the
summer of 2007.
Another incident was the South Ossetia conflict between Russia
and Georgia in 2008. This Russian-Georgian conflict is
classified as the first cyberspace conflict that was synchronized
with traditional combat actions. Just as Russian troops were
crossing the border, websites for communications, finance,
government, and many international organizations in Georgia
became inaccessible. These actions included various DDoS
attacks that disrupted communications and information networks
in Georgia. The attackers also defaced Georgian websites,
adding pro-Russian images, supposedly for propaganda
purposes. One of the first networks attacked was a popular
hacker forum in Georgia. Consequently, pro-Georgian hackers
made successful attacks against Russian networks as well.
Although both the Estonian and Georgian attacks were widely
believed to be the work of state-sponsored Russian hackers, no
proof has ever been found conclusively linking Russian
4. authorities to the incidents.
The “First Cyberwarfare Weapon”: Stuxnet
In June 2010, an Iranian nuclear facility in Natanz was said to
have been attacked by a sophisticated, standalone malicious
malware that replicated itself to spread to other computers. The
malware, called Stuxnet, initially spread via Microsoft Windows
operating system and targeted industrial software and
equipment—in particular, certain specific industrial control
systems made by Siemens. In all, versions of Stuxnet targeted
five Iranian organizations, all allegedly linked to the Iranian
nuclear program, and may have caused significant damage to the
Iranian nuclear enrichment program facility located at Natanz.
Stuxnet is said to have been in use since 2009 and was first
identified in July 2010 by VirusBlokAda, an information-
technology security company in Belarus, after it was said to
have “accidently spread beyond” its intended target, Natanz, via
infected USB sticks. However, some experts have argued that
Stuxnet is not a “worm,” since it was propagated via removable
media—CDs, DVDs, thumbdrives—and did not distribute
through self-replication over the Internet.
In any event, the 2010 version of Stuxnet has been called the
“largest” and “most sophisticated attack software ever built,”
and one investigative article said that the event foreshadowed
the destructive new face of 21st century warfare, writing that
“Stuxnet is the Hiroshima of cyberwar.” According to a report
by Symantec, data from the early days of the Stuxnet attack
showed that Iran, Indonesia, and India accounted for the bulk of
the infected computers. The report also said that Stuxnet was
the first piece of malware to exploit the Microsoft Windows
shortcut “LNK/PIF” files’ automatic file execution
vulnerability36 to spread.
Overview of Stuxnet Symantec found that not only did versions
of Stuxnet exploit up to four “zero-day” vulnerabilities in the
Microsoft Windows operating system, at half a megabyte it was
unusually large in size and seemed to have been written in
5. several languages, including portions in C and C++. Another
sign of the sophistication was the use of stolen digital
certificates from Taiwanese companies, the first from Realtek
Semiconductor in January 2010 and the other from JMicron
Technology in July 2010. The size, sophistication, and the level
of effort has led experts to suggest that the production of the
malware was “state-sponsored,” and that it is “the first-ever
cyberwarfare weapon.” The effects of Stuxnet have been likened
to a “smart bomb” or “stealth drone,” since it sought out a
specific target (programmable-logic controllers made by
Siemens), masked its presence and effects until after it had done
the damage (the operation of the connected motors by changing
their rotational speed), and deleted itself from the USB flash
drive after the third infection. As programmed, Stuxnet stopped
operating on June 23, 2012, after infecting about 130,000
computers worldwide, with most of them said to be in Iran.
1. What does the threat do?
2. How did Stuxnet change the game?
3. Why haven’t we seen another Stuxnet? Will we?
4. How can cyberterrorism, as represented by the Stuxnet, be
successfully prevented?
References
1. Crane, A. 2005. In the company of spies: When competitive
intelligence gathering becomes industrial espionage. Business
Horizons 48(3): 233–240.
2. Haeni, R.E. 1997. Firewall penetration testing. Technical
report, The George Washington University Cyberspace Policy
Institute.
3. Herath, T., and H.R. Rao. 2009. Encouraging information
security behaviors in organizations: Role of penalties, pressures
and perceived effectiveness. Decision Support Systems 47(2):
154–165.
6. 4. Herath, T., and H.R. Rao. 2009. Protection motivation and
deterrence: a framework for security policy compliance in
organisations. European Journal of Information Systems 18(2):
106–125.
5. Libicki, M.C. 1995. What is information warfare? Fort
Belvoir, VA: Defense Technical Information Center.
6. Schiller, C., and J.R. Binkley. 2011. Botnets: The killer web
applications. Rockland, MA: Syngress.
7. Son, J.-Y. 2011. Out of fear or desire? Toward a better
understanding of employees’ motivation to follow IS security
policies. Information & Management 48(7): 296–302.
8. Talib, Y., and G. Dhillon. 2015. Employee ISP compliance
intentions: An empirical test of empowerment.