Question

In: Economics

Define crime. Perform an on-line research and share an example of a recent cyber crime. Please...

Define crime. Perform an on-line research and share an example of a recent cyber crime. Please read your colleagues examples before you choose yours. No duplications, please!

Solutions

Expert Solution

Crime

Crime is an unlawful act punishable by a state or other authority. The term crime does not, in modern criminal law, have any simple and universally accepted definition, though statutory definitions have been provided for certain purposes.

Capitol One breach

In July of 2019, online banking giant Capitol One realized that its data had been hacked. Hundreds of thousands of credit card applications, which included personally identifying information like birthdates and Social Security numbers, were exposed. No bank account numbers were stolen, but the sheer scale was extremely worrying. Things followed the usual script, with Capitol One making shamefaced amends and offering credit monitoring to those affected.

But then things took a turn for the unusual. The stolen data never appeared on the dark web, nor did the hack look like a Chinese espionage operation like the Equifax and Marriott breaches. In fact, the attack was perpetrated by an American named Paige Thompson, aka Erratic. Thompson had previously worked for Amazon, which gave her the background necessary to recognize that Capitol One's AWS server had been badly misconfigured in such a way to leave it quite vulnerable. It initially seemed that Thompson's theft of the data was in the tradition of freelance white-hat hacking and security research: she made little attempt to hide what she was doing, never tried to profit from the data, and in fact was caught because she posted a list of Capitol One's breached directories — but no actual data — on her GitHub page. But attempts to understand her motivation in the wake of her arrest were increasingly difficult, and it's possible that she was, true to her chosen nickname, erratic, if not undergoing a serious mental health crisis.

The Weather Channel ransomware

The Weather Channel may not seem like a crucial piece of infrastructure, but for many people it's a lifeline — and in April 2019, during a stretch of tornado strikes across the American south, many people were tuning in. But one Thursday morning the channel ceased live broadcasting for nearly 90 minutes, something almost unheard of in the world of broadcast television.

It turns out The Weather Channel had fallen victim to a ransomware attack, and while there's been no confirmation of the attack vector, rumors are that it was via phishing attack, one of the most common causes of ransomware infection. The attack demonstrated that the boundary between "television" and "the internet" has more or less been erased, as any TV operation like The Weather Channel would be entirely reliant on internet-based services to operate. It also demonstrated one way to beat ransomware. The Weather Channel didn't fork over any bitcoin; rather, they had good backups of the affected servers and were able to get back online in less than two hours.

U.S. Customs and Border Protection/Perceptics

The sequence was sadly not that unusual: a hacker breaches a company's servers, gets access to sensitive data, and then demands a ransom. When the executives fail to pay up, the material begins to find its way to the dark web for sale, where the scope of its importance become recognized.

The data turned out to be very important indeed: it was stolen from the U.S. Customs and Border Protection agency (CBP), and the irony that the agency dedicated to protecting the U.S. borders couldn't protect its own data wasn't lost on anyone. In fact, much of the blame lay on Perceptics, a contractor that provides all the license plate scanners for the border agency, as well as to a host of other U.S. and Canadian government departments. The stolen photos of cars and drivers had actually been copied from CBP's computers to Perceptics' own servers, in violation of government policy; Perceptics was then hacked, and the data publicized by the attacker "Boris Bullet-Dodger" when ransom negotiations with execs broke down. The case brought up questions about government-contractor relations and the wisdom of allowing the collection of biometric data. While Perceptics' relationship with CBP was suspended in the wake of the attack, the government eventually agreed to keep doing business with the company.

Citrix breach

When an organization being breached is itself in the cybersecurity business, that's enough to make everyone nervous — but it's also a cautionary tale about how even security vendors can have a hard time establishing a security mindset internally.

Take Citrix, for example. The company makes VPNs, which help secure millions of internet connections, and has extensive dealings with the U.S. government. But it still fell victim to a "password spraying" attack in March of 2019 — essentially, an attack where a hacker attempts to gain access to a system via brute force, by rapidly attempting to login with simple and frequently used passwords (think "password123" and the like). In all likelihood, the attack came from a group associated with the Iranian government. Fortunately, the attackers didn't get very far into Citrix's systems — but the company still promised a revamp of its internal security culture.

Texas ransomware attacks

In August of 2019, computer systems in 22 small Texas towns were rendered useless by ransomware, leaving their governments unable to provide basic services like issuing birth or death certificates. How did a single attacker, using the REvil/Sodinokibi ransomware, manage to hit so many different towns? There was a single point of weakness: an IT vendor who provided services to all of these municipalities, all of which were too small to support a full-time IT staff.

But if that sort of collective action opened a weakness, there was a power in collaboration as well. Rather than giving in and paying the $2.5 million ransom demanded, the towns teamed up with the Texas state government's Department of Information Resources. The agency led a remediation effort that had the cities back on their feet within weeks, in contrast with places like Baltimore, where systems were offline for months.

WannaCry

WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them. The malware took particular root in computers at facilities run by the United Kingdom's NHS.

Malware isn't anything new, though. What made WannaCry significant and scary was the means it used to propagate: it exploited a vulnerability in Microsoft Windows using code that had been secretly developed by the United States National Security Agency. Called EternalBlue, the exploit had been stolen and leaked by a hacking group called the Shadow Brokers. Microsoft had already patched the vulnerability a few weeks before, but many systems hadn't upgraded. Microsoft was furious that the U.S. government had built a weapon to exploit the vulnerability rather than share information about the hole with the infosec community.

Please rate my answer.


Related Solutions

For our discussion, please address the following: Define “groups” and “organizations.” Share an example of a...
For our discussion, please address the following: Define “groups” and “organizations.” Share an example of a group you have joined (sports team, study group, support group). What benefits do you see in group membership? What is the difference between a voluntary and an involuntary group?
explain the difference between quantitative and qualitative research strategies. Provide an example of a crime based...
explain the difference between quantitative and qualitative research strategies. Provide an example of a crime based research topic that can be analyzed quantitatively, as well as qualitatively. What differences might arise from these strategies?
1. Research a recent example of a large % move in the price of a specific...
1. Research a recent example of a large % move in the price of a specific stock (either up or down). Explain what you think caused the large change in valuation. Do you think the stock price move was justified, or was it an overreaction? Defend your opinion.
What are ODL and OQL? Provide a comprehensive example for each. Perform some research on the...
What are ODL and OQL? Provide a comprehensive example for each. Perform some research on the Internet on OODBMS products. Compare various OODBMSs currently on the market in terms of features, capacity, and scalability. How do they compare with RDBMS products?
Find a recent example of an ethics violation that occurred in a healthcare setting. Share a...
Find a recent example of an ethics violation that occurred in a healthcare setting. Share a short summary as well as an analysis of the ethical principles/theories involved. How would you prevent something similar as a future healthcare administrator?
In 3 paragraphs please define the three basic ways computer crime can be categorized. List the...
In 3 paragraphs please define the three basic ways computer crime can be categorized. List the steps taken in following a common protocol for processing a crime scene involving electronic evidence.
Please define, explain and give an example of the following : Leadership and Millennial - A...
Please define, explain and give an example of the following : Leadership and Millennial - A Disruptive Leadership? ( Plagiarism check, minimum 1000 word ). I will give you good rating. 1) Define Millennial leadership style 2) How does the effect of Millennial leadership 3) Brief explain Disruptive Leadership, are you agree Millennial leadership to be classified as Disruptive Leadership. If yes, what is the reason,
Please share an example of a business with which you are familiar. It could be producing...
Please share an example of a business with which you are familiar. It could be producing any good or service. For that business first describe the good or service produced and then give a specific example of: 1. Explicit fixed cost 2. Explicit variable cost 3. Implicit fixed cost 4. Implicit variable cost
Who are stakeholders? Define who they are and then please share what particular interest each of...
Who are stakeholders? Define who they are and then please share what particular interest each of these stakeholders have in the information shared on the income statement, retained earnings statement, balance sheet and statement of cash flows. How do we analyze if a company is healthy or not?
For the following different research types, write an exemplary research question. Please check the example given...
For the following different research types, write an exemplary research question. Please check the example given below carefully. Example: Quantitative – Mean score comparison – t-test Research Question: Is there difference between boys’ and girls’ test scores on mathematics? Homework: 1. Quantitative – Mean Score Comparison – t-test a. Research question 2. Quantitative – Association – Pearson Product Correlation Moment a. Research question 3. Quantitative – Descriptive – Descriptive Statistics (e.g. frequency, percentage) a. Research question 4. Qualitative – Narrative...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT