Are people who use the Internet to destroy or damage a computer for political reasons?

Nonmalicious Motives

Not every hacker has malicious intent when hacking into a system. Some hackers are driven by the intellectual challenge of bypassing the security of a system and curiosity of knowing how a device works. To these hackers, the security and operation of the system is a puzzle to be cracked. Smart grid components, such as smart meters and smart devices, will extend into consumers homes and may connect to their home network. Easy physical access to these devices will further entice people to hack components of the smart grid. Other motives, such as self-expression and peer recognition, will drive hackers to use smart grids as a means for obtaining personal gratification or for egotistical purposes. Although these hackers may not have malicious intentions, their actions can inadvertently cause negative impacts against consumers.

11.2.3.2 Cloning

Attackers can clone original PCBs with malicious intents. Visual inspection of the PCB boards can reveal critical information about the design and facilitate the PCB cloning process. Illustrative examples of such scenarios are depicted in Fig. 11.6. The description of each type of vulnerability is as follows:

Distinct properties of special signals: An adversary can guess the functionalities of different signals by their distinct properties. For instance, the thickness of the trace and the group of traces of a data bus provide clues about the functionality. Similarly, pins tied with identical pull-up/down resistors indicate that they belong to a bus.

Remnant signatures from test or debug: When the test and debug pins are accessed through ports, the remnant of soldering provides intuitive clues about the functionality of these pins. An empty socket on the PCB can also be exploited by an adversary for mounting an attack.

Miscellaneous hints: Apart from the attack surfaces provided by component-level hooks, a PCB design itself reveals lots of information to an adversary in fabrication house that can facilitate powerful Trojan attacks. Figure 11.6 depicts how traditional design features and miscellaneous hints can be exploited by attackers to comprehend design functionality.

Malware

Malware is software that has a malicious intent to cause damage to computer systems. Sometimes the malware is an unintentional backdoor because of flaws, errors, or bad code. Sometimes the malware takes advantage of an intentional backdoor that was in place for maintenance and upgrades. Malware can be found on Web sites, mobile devices, and applications. It is interesting to note the existence of extensive malware headquarter organizations that “act like any other large business…they provide customer support, post regular newsletters, report downtime or new features, and even run regular contests to keep their affiliates engaged and motivated.”56

Trojan Horses—harmful code contained inside apparently harmless programing or data in such a way that it can get control and do its chosen form of damage.57 They are risky because they steal data without a victim’s knowledge.

Ransomware—software that holds the user’s data and/or system unstable until a payoff is made. Most of the time the system and/or data are not returned even after the ransom is delivered. Usually these are browser based, such as hidden iFrames or malicious Java code.

Spyware—software that serves in a monitoring function for surveillance and intelligence gathering. This is an area where the personal and professional overlap; a new type of spyware targeted to spouses or significant others who want to know what their mate is doing or where he/she is doing it. Many of them are available for download for the Android from the Google Play store, such as “Boyfriend Tracker” and “SMS, Whatsapp & Locate Spy.”58 This should be addressed in employee training.

What is a Threat?

Threats to information systems come in many flavors, some with malicious intent, others with supernatural powers or unexpected surprises. Threats can be deliberate acts of espionage, information extortion, or sabotage, as in many targeted attacks between foreign nations; however, more often than not it happens that the biggest threats can be forces of nature (hurricane, flood) or acts of human error or failure. It is easy to become consumed in attempting to anticipate and mitigate every threat, but this is simply not possible. Threat agents are threats only when they are provided the opportunity to take advantage of a vulnerability, and ultimately there is no guarantee that the vulnerability will be exploited. Therefore, determining which threats are important can only be done in the context of your organization. The process by which a threat can actually cause damage to your information assets is as follows: A threat agent gives rise to a threat that exploits a vulnerability and can lead to a security risk that can damage your assets and cause an exposure. This can be counter-measured by a safeguard that directly affects the threat agent. Figure 1.4 shows the building blocks of the threat process.

Variance causes

From an operational perspective, it is crucial that management is aware whenever variance is due to malicious intent or self-interest, regardless of the asset that’s involved. Only then can they respond effectively in terms of managing the personnel or organization issues that set the stage for those choices. It also can be important to recognize broken policies, processes, or execution shortcomings that can affect key assets. Other than these, the causes of variance tend to be more a strategic metric.

An example of these metrics from a strategic perspective would include changes in the percentage of variances that are due to a lack of awareness, incorrect prioritization, lack of skills, etc. This information allows the organization to make the necessary systemic adjustments and stay out of groundhog day.

Malicious Software

A Trojan (derived from the Trojan horse of mythology) is a file that has hidden content with malicious intent. Trojans are typically encapsulated as something enticing, such as a game, video, or picture, appearing harmless, but once you execute (run) this file, the worm or virus is released onto the system.

Viruses are computer programs that have the sole purpose of destroying data on computers. The virus may destroy what appear to be unimportant files until you attempt to use one of the programs or another feature of Windows, or it may erase all of your document files or corrupt the master boot record or complete registry file.

Viruses are spread through executable files (.exe) downloaded off the Internet or installed through a Flash drive. A virus can be disguised under the cloak of a Trojan, which is the carrier of the virus.

Worms replicate themselves, reaching over networks to multiple computers that are unprotected by firewalls. Worms come through email, through Trojans, and even via scripting code from users visiting unsavory Websites.

Joy Rider

This type of attacker is often represented by those with potentially significant skills in discovering vulnerabilities and writing exploits but who rarely have real malicious intent when they access systems for which they are not authorized. In a sense they are “exploring” for the pleasure of it. However, although their intentions are not directly malicious, their actions can represent a major source of distraction and cost to system administrators who must respond to the intrusion especially if the compromised system contained sensitive data such as PII for which a public disclosure may be required.

Evolution of Cyber Threats

Since we first started using computers they have been under threat. Those threats come from various sources whether they are from those with malicious intent, from well-intentioned people making mistakes, man-made failures such as power outages, or indeed natural disasters. As our use of computers and the Internet has grown over time so too has the number and the sophistication of the threats facing those systems.

In the early years of computing, the main source of threats against computer systems were mainly from internal threats such as disgruntled or unhappy employees, or from the well-meaning user who makes a mistake. The other threats faced by these systems were from natural sources or man-made sources such as hardware failures or software bugs. This low level of threats was due to many such computer systems being isolated from other systems outside their own organization’s offices and buildings. As a result, the threats against these systems were mostly limited to those with physical access to those systems or from disasters in the locale.

Over time, access to these systems became more and more frequent with companies employing modems and wide area networks to allow remote offices and users to connect to them. While enabling remote users to gain from the benefits of these systems, it also opened up these systems to threats from external parties.

At this stage in the evolution of computing, the external threats posed to organizations’ systems were restricted to mainly individuals who broke in and explored these systems out of curiosity to determine how computers, networks, and systems worked. In the main, there was no malicious intent in this type of activity with the primary motive being curiosity.

In the 1980s, we witnessed the introduction of personal computers and their subsequent growth not just in home use but also within corporate environments. Over time, and as a result of these developments, companies and organizations saw their staff becoming more and more productive as they moved from a centralized computing model to a distributed one. The growth in use of personal computers saw data being moved from being stored and managed on a central location onto individual computers located throughout organizations.

In parallel to this growth in the use of Personal Computers, there was also the growth in the use of the Internet. With the growth of the Internet, many organizations took advantage of its openness and global spread to enable them to promote their services, products, and their brands to existing and potential customers. Other Internet-based technologies also enabled workers to share information with others and to be more productive and effective.

All these new technologies brought many advantages to organizations and indeed to society and the economy in general. However, legitimate businesses and organizations were not the only ones taking advantage of these new technologies. Those with malicious intent also saw the opportunities in this brave new world.

In the early stages, the number of attackers looking for financial gain from stealing information from systems also started to increase. While the majority of online attacks still came from those with curiosity as their main motive, many others saw the Internet as a way to promote their political cause or other activism by attacking and disrupting systems to raise awareness of their cause, or by defacing an organization’s Web site and posting their messages online.2

The threat posed by those with looking to gain financially also increased as they looked to extort money from organizations by defacing their Web sites and extorting payment from them to stop their Web site from being defaced again, or by stealing information from their systems.

With the dawn of the twenty-first century, we saw an explosion in organizations rushing to store and transmit more and more data on their computer systems, we also saw a surge in the use of the Internet by organizations to promote and sell their products and services. As companies rushed to benefit from computers and the Internet so too did those with malicious intent. As the value of information grew and the ability to steal that information through insecure systems equally grew, we witnessed a change in the online criminals. No longer a niche arena for individuals, or small numbers of like-minded people, cybercrime now attracted traditional organized criminal gangs as they saw many new opportunities to make vast sums of money by exploiting weak computer security with relative low risk of being prosecuted.

This evolution in online threats was also mirrored by the growth in sophistication of computer viruses of the same timeline. The early computer viruses were not very sophisticated3 and were primarily designed to disrupt the operation of the systems they infected, often in amusing ways, such as the cascade4 and ping-pong5 viruses. As these viruses were easily detected due to their disruptive nature, they could be eliminated with the appropriate security tools or by rebuilding the system. Today, however, most viruses are specifically designed to go undetected as their raison d’être is no longer to cause disruption. Instead, criminals create these viruses to go undetected on infected systems so they can be used to steal valuable data such as sensitive financial data, logon credentials to financial systems, or valuable information such as an organizations’ intellectual property.

The modern computer virus is also designed not to just steal information but also to enable online criminals use infected computers in other criminal enterprises such as spending spam e-mails, infecting other computers, and extorting money from companies by using the infected computers under their control to take part in a distributed denial of service (DDoS).

Computer viruses are also being developed as advanced weapons to silently attack targets. The Stuxnet6 virus is a prime example of how a computer virus can be used to silently disrupt the operations of critical target. We will no doubt see further advances in the complexity and capabilities of computer viruses in the future.

As our use of computer systems has evolved so too have the threats facing those systems; moving to the cloud is just one more evolution in our use of computers, networks, and applications and while the traditional threats facing those systems still remain, there will be other threats that will evolve specifically against cloud computing.

Knowing and understanding what these threats are will make it easier to develop strategies, solutions, and systems to counter and manage those threats.

Black hats and white hats

Black hat hackers are malicious hackers, sometimes called crackers. Black hats lack ethics, sometimes violate laws, and break into computer systems with malicious intent, and they may violate the confidentiality, integrity, or availability of an organization's systems and data.

White hat hackers are the good guys, who include professional penetration testers who break into systems with permission, malware researchers who study malicious code to provide better understanding and to disclose vulnerabilities to vendors, etc. White hat hackers are also known as ethical hackers; they follow a code of ethics and obey laws.

Finally, gray hat hackers (sometimes spelled with the British “grey,” even outside of the United Kingdom) fall somewhere between black and white hats. According to searchsecurity.com, “Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts without malicious intent. The goal of a gray hat is to improve system and network security. However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the white hat who alerts system owners and vendors of a vulnerability without actually exploiting it in public.” [26]