Omisore, Lookman
CSIA 301
Research Paper
Mr. Pannah, Em
Operation Aurora
The cyber-attack that was dubbed “Operation Aurora” by Dmitri Alperovitch from McAfee was initiated in China by a senior member of China’s government at the “Politburo Standing Committee level.” (Fahmida). Operation Aurora proved that technology and the internet was entering into a new era of high risk where cybercrimes are no longer targeting the government but all corporations with valuable information. The attack was classified as an advanced persistent threat that was later defined as “a highly sophisticated group of people who target their attacks, with the capability and intent to carry out successful attacks.” (Gibson). Operation Aurora was a sequence of high-profiled and persistent hacks targeting technological, financial and defense corporations with valuable and confidential information. Some of the companies targeted were Adobe, Google, Juniper Network, Symantec, Morgan Stanley and Yahoo. The attackers were successful at the heist by manipulating computer codes to exploit windows internet explorer (IE) vulnerabilities, which were later discovered by Google in as earlier as September 2009.
In the operation Aurora case, the attack utilized a combination of attacks that comprised of stealth hacking, an unknown loophole in internet explorer (also known as the Zero- Day exploit), and the use of complicated encryptions. This led to companies like McAfee, Microsoft, and Symantec to resolve the breach with providing patches and updates to the browser as well as security software. As the investigation progressed, Microsoft quickly and quietly pushed out security advisories and security products. They also urged users to perform the IE patch updates. At the...
... middle of paper ...
...rora”. Retrieved April 8, 2014, from http://www.wired.com/images_blogs/threatlevel/2010/03/operationaurora_wp_0310_fnl.pdf
Zetter, K. (2010, January 13). Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | WIRED. Retrieved April 8, 2014, from http://www.wired.com/2010/01/google-hack-attack/
Gibson, D. (2012, January). SSCP systems security certified practitioner Exam Guide: all in one. (p. 146).New York: McGraw – Hill.
Zetter, K. (2010, January 14). Google Hack Attack Was Ultra Sophisticated, New Details Show | Threat Level | WIRED. Retrieved April 8, 2014, from http://www.wired.com/2010/01/operation-aurora/
Fahmida, R. (2011, March 1). Morgan Stanley Hit China’s Operation Aurora Hacking Campaign. Retrieved April 8, 2014, from http://www.eweek.com/c/a/Security/Morgan-Stanley-Hit-by-Chinas-Operation-Aurora-Hacking-Campaign-813092/?mchk=1
Mandiant is an information security company which deals with the advanced threat detections and response solutions. It has investigated various computer security breaches, the major security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). APT1 is one of the most prolific cyber espionage groups in China, it has stolen the large amount of confidential data from 141 organizations all over the world. This report was released on 18 February 2013, provided evidences of APT1 group identity, time line and details of attack infrastructure, economic espionage, commands, and its modus operandi.
Crackdown* January 1, 1994 -- Austin, Texas Hi, I'm Bruce Sterling, the author of this electronic book. Out in the traditional world of print, * The Hacker Crackdown* is ISBN 0-553-08058-X, and is formally catalogued by the Library of Congress as "1. Computer crimes -- United States. 2.
The Web. 16 Oct 2011. GlobalSecurity.org -. N.p., n.d. Web. The Web.
ZHENGCHUAN, XU, HU QING, and ZHANG CHENGHONG. "Why Computer Talents Become Computer Hackers." Communications Of The ACM 56.4 (2013): 64-74. Academic Search Premier. Web. 28 Apr. 2014.
The threats to security from the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent. The Defense Department made an admission of the first major cyber attack upon its systems in August 2010. It was revealed that the attack actually took place in 2008 and was accomplished by placing a malicious code into the flash drive of a U.S. military laptop. “The code spread undetected on both classified and unclassified systems, establishing what amounted to a digital breachhead.” (2) This quote, attributed to then Deputy Defense Secretary William J. Lynn III, is just part of the shocking revelations that were disclosed in his speech made on July 14, 2011.
people’s lives. Hackers are not only threatening people’s own cyber security and privacy but also the United States’ economy, security and all citizens’ lives. On mid-November 2011, Russian hackers failed to attack a water plant in Illinois (Nakashima).Therefore, the Cybersecurity Act of 2012 was made. The Cybersecurity Act of 2012 is “a bill to enhance the security and resiliency of the cyber and communications infrastructure of the United States” (“S.2015”)The Cybersecurity Act of 2012 was the battle between the national security and personal privacy.In this paper I will lay out three different position people take on the issue about The Cybersecurity Act of 2012 .
For the past ten years, without the knowledge of foreign adversaries, United States has embedded ‘beacons’ in their computer systems. Not only it contains surveillance software but these map networks contain destructive malware capabilities. The United States’ ability to execute such ways played an important part in collecting useful evidence on the hacking of Sony Pictures Entertainment (Sony
Poison Ivy is the name given to a family of malicious remote administration Trojans first developed in 2005 and still being utilized for cyber attacks today. As a type of remote administration software, once a computer becomes infected the attacker has complete control of the computer. The most recently documented large-scale utilization of the software was during the “Nitro” attacks from July 2011 through September 2011 that targeted both chemical and defense companies for the purpose of industrial espionage (Fisher). The information security firm McAfee stated that five multinational natural gas and oil companies were successfully targeted by the Poison Ivy malware, as well as 29 other companies identified by Symantec (Finkle). These organizations lost proprietary information to the attackers, including confidential bidding plans (for the energy companies) and details on manufacturing processes and formulas (for several chemical companies).
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Stohl, M. (2007). Cyber terrorism: A clear and present danger, the sum of all fears, breaking
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.
Crowther, G. Alexander, and Shaheen Ghori. "Detangling the web: a screenshot of U.S. government cyber activity." Joint Force Quarterly July 2015: 75+. War and Terrorism Collection. Web. 28 Oct. 2015.
Cyber Security as an International Security Threat National and International Security is a sum of the actions taken by countries and other organizations that can guarantee the safety and well being of their population. It is vital for a nation to pre-emptively discover what issues could affect their security, and take action to prevent any detrimental or harmful events from happening. With the development of technology and the transition into a more technologically savvy society, cyber security has become one of the most prevalent and important economic and national security issues that the United States will come to face. United States President Barack Obama has identified cyber security as a key issue the nation will face. President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cyber security (“Foreign Policy Cyber Security,” 2013).”
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
The Art of exploring various security breaches is termed as Hacking.Computer Hackers have been around for so many years. Since the Internet became widely used in the World, We have started to hear more and more about hacking. Only a few Hackers, such as Kevin Mitnick, are well known.In a world of Black and White, it’s easy to describe the typical Hacker. A general outline of a typical Hacker is an Antisocial, Pimple-faced Teenage boy. But the Digital world has many types of Hackers.Hackers are human like the rest of us and are, therefore, unique individuals, so an exact profile is hard to outline.The best broad description of Hackers is that all Hackers aren’t equal. Each Hacker has Motives, Methods and Skills. But some general characteristics can help you understand them. Not all Hackers are Antisocial, PimplefacedTeenagers. Regardless, Hackers are curious about Knowing new things, Brave to take steps and they areoften very Sharp Minded..