Maravilla 1

Marlon Maravilla
Professor Diaz
ENC 1102
Cybersecurity
Humans interact with computers today way more often than we used to in the past. One

could say that our modern lifestyle is based on computers because we use them to communicate,

to storage and look up information, to work, and even to manage our earnings and finance. All

this interaction with technology leaves behind a big track of information about ourselves stored

in our computers and the internet. This information is quite sensitive since it can define us in

terms of where we have been and lived, who we talk to and even how much money we make.

Such information could even be perceived as a material possession because you will feel like

someone stole from you if your profile on Snapchat was deleted.

We rely in these innovative technologies. However, this is all based in a false assumption

of security because that’s all the end user can do, assume that his or her information is safe

stored inside a computer or online. Corporations and the Government keep promoting this image

of the cyberspace as a safe place. Nevertheless, corporation like Facebook have been found

selling their user’s information to third parties. This made me question even more what

corporations and the government tell us about our digital data’s safety, so I started my own

research.

During my research I came across the term cybersecurity. I was amazed when I realized

that my concept of what I thought was cybersecurity was wrong. That is how I found out that

there is a common lack of information about cybersecurity among the regular end-users of these

modern technologies. This lack of information make people an easier target for cybercrime. As a
Maravilla 2

result, I decided to write this research paper. I think that everyone who is concerned about the

security of their digital information should be aware of the role cybersecurity plays in society, to

know what to expect from the government and private corporations. Additionally, it is crucial to

know the different threats our information faces, in order to be able to know what steps we can

take to protect ourselves.

The history of the evolution of the Internet can be best described in three stages. Stage

one was defined by the appearance of TCP/IP, and it was self-governed, meaning that users

worked together to support the network. On stage two TCP/IP became what the internet is today.

The stake holder started showing great interest in playing role in the internet governance

suggesting the settlement of global governance structure, on the other hand international

organizations started questioning the political representation on internet. Stage three is basically

the outcome of the unfinished business plan of phase two and the efforts to formalize a global

system of internet governance (Shackelford 49). Although it is hard to confirm, one of the first

cybercrimes was “The Salami Technique Attack.” In this attack a computer programmer was

alleged to have stolen fractions of cents out of many bank accounts in 1967, cashing out

thousands of dollars, however there are no convictions in this case. What is certain is that the

first hacker conviction belongs to John Drapper, who used to break into payphones to make free

calls, he was convicted in 1972. Since then, cybercrime has evolved from simple phone

phreaking to a huge list of different crimes. (Branigan 226).

Cybersecurity is the measures one takes to protect a computer or system from

unauthorized access or attacks (The Merriam-Webster Dictionary). Since technology can be used

to direct attacks to individual, corporations and even countries, cybersecurity is currently a high

importance worldwide matter (Shackelford xiii). However, the world hasn’t gotten what the U.S
Maravilla 3

government promised when cyber security first showed up as a governmental issue more than a

decade ago (Shane and Hunker 3).

Cyberspace refers to the medium used by computer networks to communicate. There are

many characteristics of cyberspace and computer systems that make them vulnerable to attacks.

First, computer systems are highly connected, this provide attackers many access points. Second,

these systems are so complex that they have many access points unknown by their owners.

Third, computer systems are dynamic, and they are constantly changing (Davis et al. 1). Due to

the cyberspace complexity, no person or organization controls it totally. However, the internet’s

physical structures are owned by governments, individuals and corporations such as Internet

Service Providers (ISP). Nevertheless, the information that we find online can be conceptualized

as a type of commons accessible to any internet user, that is why getting constant government

regulations is crucial to protect cyberspace and to make sure ISPs do not discriminate among the

diverse types of content (Shackelford 52).

Hacking represents everything cybersecurity tries to fight against, according to The

Merriam-Webster Dictionary, hacking is getting unauthorized access to data using a computer.

While hacking involves making a difference (Positive or Negative) out of an already existing

situation. Cracking, is the way these hacking techniques are used to achieve a goal (Jordan 19)

The profit opportunities for hackers have been increasing over the years. This will keep

motivating hackers to keep hacking. The four elemental motivations for hacking are revenge,

profit, pride, and curiosity. These motivations are what really determine how much damage a

hacker is intent on causing (Branigan 215). “Hacker wars are now a regular part of every

regional, religious, and ethnic conflict” (Borchgrave ix).

Political representation and law enforcement agencies are key pieces to keep this issue

under control. Among the most important institutions for this matter we have the U.S Computer

Emergency Response Team (US-CERT) which was created by The Department of Homeland

Security (DHS) in 2009 to provide a main place for the federal and private sector to coordinate

their responses to cyber threats. As of today, the US-CERT is the main governmental

organization for information sharing and monitoring (Shane and Hunker 21). Another powerful

resource the government provide us is the Internet Crime Complaint Center (IC3) which is an

organization staffed with FBI agents, analysts and technology specialists. This organization

receives online complaints from the public on crimes committed on the internet. Then, the IC3

analyzes the information of each case to provide information on how to act towards what just

happened. In addition, the IC3 refers criminal complaints to the appropriate local, state or federal

agencies when needed (Holt et al. 25).

“Cyber attackers are taking advantage of the fact that no system is secure in the absolute

sense. It is possible to covertly raid and damage even the most protected computer network for

those with the will, resources, and patience to commit such acts” (Shackelford 5). The way these

attackers can harm a system differs a lot depending on who was this attack aimed to. Cybercrime

is the most common threat a regular user may face. It can be best described as the employment of

hacking techniques to attack with no social value. This practice can be breakdown into four

categories: cybertrespass, which is breaking into other people’s property; cybertheft, which is

stealing people’s propert; cyberpornography, which is breaking the laws on obscenity; and

cyberviolence, which is doing physical harm to someone (Jordan 92). The distribution of

crimeware can be categorized into four types: Using social engineering, exploit-based
Maravilla 5

distribution via server, exploit-based distribution via infected devices, and via human (Jakobson

and Zulfikar 19).

Cybercrime can take the form of a lot of things that we may find in the internet. One of

the most common of these threats is pishing. Pishing consist of is mixing e-mail spoofing, which

is pretending to be someone else through an email, and fake website to get personal data

(Branigan 243). Another of these common threats are worms, when a computer is infected by a

worm, its performance degrees greatly. Moreover, it will stop working at all if remedial steps are

not taken. This is all due to the constant replication of the worm clogging the computer’s

memory, however worms do not distort or delete the user’s data (Johnson and Nissenbaum 61).

Nevertheless, worms usually install a backdoor that guarantees the attacker or affiliated attackers

access to the infected device to install other crimeware (Jakobson and Zulfikar 21).

Another great cybercrime source are viruses. Viruses are the indirect method to attack a

computer or system, and they can do whatever you can do on your computer. Programmers just

set them up to do so. That’s why advanced viruses can modify themselves to avoid detention

(Branigan 276). Trojans and keyloggers are among the most famous viruses. Trojans mask

themselves as something else so the target downloads and installs them into his or her PC, then

the trojan wait for the target to visit a specific web page to pop up a fake login screen that will

steal the target’s credential as soon as they’re typed. These fake logins usually appear differently

than the original pages, so it is important to pay attention where we type in our credential.

Keyloggers are programs that install themselves into the targets PC, and record all the data input

into the machine, then they send this data back to the attacker, this allows the attacker to collect a

wide variety of credentials and sensitive information (Jakobson and Zulfikar 8).
Maravilla 6

Another one of the great threats for the regular user’s data’s security is that thing we use

the most throughout a day, a cellphone. Smartphones have pushed the definition of mobile

phones so much that today they are pretty much pocket personal computers. In today’s world

more than half of the phone users own a smartphone in at least fifteen countries. The problem

with these is that they’ve been turned into locative media, due to the amount of location-based

apps the regular user uses. However, people seems to be more concerned about social privacy,

meaning what people can see, rather than real security and explanation about what are the app

developer companies doing with that information (Frith 1).

Identity Theft is essentially what threats user the most in the cyberspace. This is where

most cybercrimes end. Identity theft is a crime where someone pretends to be someone else for a

profit, and the way they get this profit is by later committing other crimes such as credit card

fraud, utilities fraud, bank fraud, employment fraud, loan fraud, and government documents/

benefit frauds. It is the fastest growing crime in America. Additionally, no single agency has the

responsibility of dealing with this specific crime, however the U.S. Federal Trade Commission

(FTC) has taken the lead collecting data on it since 1998 (Branigan 126). The private sector or

private companies might be affected by everything previously mentioned, but the main threat for

the private sector are the Denial-of-Service Attacks or DDOS are attacks that seek to make a

computer network, in most case targeting a particular website, unavailable and unusable by

inundating the target with a massive amount of network traffic (Jakobson and Zulfikar 315).

The government also faces its owns threats. Cyberwarfare is basically any attack by one

country against the computer or network of another, in order to harm or disrupt (Shackelford

153), but if these actions are taken by a group not in charge of a state it becomes a cyberterrorism

case (Jordan 80). The perfect example for this could be when the world got to know the Stuxnet
Maravilla 7

worm in 2010, which is an advanced hacking tool that interrupted the nuclear fuel processing

program for a nuclear bomb in Iran. This was the first time that cyberattacks have that big of an

impact in the real world. (Shane and Hunker 4)

There are two main ideas that will help us to keep aware of the risk we are taking relying

on technology. First, when money is involved, the technical prowess of the cyber criminals

should not be underestimated. Lastly, as new technologies become more popular, it becomes a

greater target for exploitation by criminals. (Branigan 369) “Some problems must be managed

rather than solved, especially if the authorities and resources necessary to solve them are not

provided, or they are too ill-defined or complex for reasonable solution” (Shane and hunker 27).

This will make us directly responsible for our own data’s integrity. In a study made by AOL and

National Cyber Safety Alliance, they found that four out of five home PCs lacked at least one of

the three critical protections, which are, updated anti-virus software, spyware protection or a

working firewall that blocks certain communications (Shackelford 13).

If someone is a victim of Identity theft one day, the very first thing to do is to report it to

the police and the FTC through their website. Then, the affected person must cover the civil and

criminal issues that might be waiting for him or her, at this point the best thing one could do is to

get a lawyer. However, if that person wants to work it out on his or her own, the person should

find if he or she is wanted by going to the local police department and explaining the situation

and ask to check if his or her name is wanted in any state. Additionally, the person will want to

contact any of the three major credit bureaus and place a fraud alert, have a statement added to

his or her record requesting to contact him or her whenever new accounts are opened, and

request a copy of his or her credit report, so the person can find any fraudulent accounts opened

under his or her name. (Branigan 159)

One of the things that makes especially hard to police cybersecurity is that Americans

show great reject to any kind of regulation of the cyberspace. The obstacle to create a safe

internet comes from different sector of society that simply do not want the government to control

the internet. (Shane and Hunker 7) However the government regulations are key to maintain the

internet’s security. In order to make the cyberspace a safer place, the arising worldwide

cybersecurity governance must meet the necessities of three major forces: The private sector’s

interest in commercially regulation, the nation’s need to adopt proper responses to cyber conflict,

and the end user’s desire for freedom (Shane and Hunker 118).

There is a need to improve the ways that local law enforcement agencies document

cybercrime calls for service and provide this information to the general public, to improve the

public’s understanding over this issue. To do so, the government should integrate more

efficiently already existing resources, like the IC3, with the support from local law enforcement

agencies and promote its utility. The police should also provide information about cybercrime

awareness just like they disburse information about local crimes (Holt et al. 117).

Every single individual is responsible for his or her data’s security, this is what is called

cybersecurity. This is an arising issue in our society, that clearly depicts the internet as a

dangerous place to go without a clue with what happens with our data. Contrary to what the

government promised this issue is not and will never be “under control” since it is a very

complex and changing issue. However, the government has proven efficiency with the latest

policies passed and the organizations opened to manage this issue.

Furthermore, the threats might differ depending on the target and what’s motivating the

attacker. These attacks will never stop because there is no computer or system that is completely

free, this act like a motivation to hackers to keep innovating on crimeware technologies. Properly

identifying the different threats will allow users to have more control of a situation when you

finally face one of them online.

Although our cybersecurity is our responsibility, as end users, we depend on the

government’s and third parties’ regulations to keep the internet from falling apart, and there is

still a lot of weak points that the government should take care of. But at the end what guarantee

the good function of the internet is a good relation between the three forces that determine the

future of the internet (Users, private parties and the government).

Works Cited

Borchgrave, Arnaud, et al. Cyber Threats and Information Security: Meeting the 21st Century

Challenge. The CSIS Press. 2001.

Branigan, Steven. High-Tech Crimes Revealed Cyberwar Stories from the Digital Font. Pearson

Education, Inc. 2005.

Frith, Jordan. Smartphones as Locative Media. Polity Press. 2015.

Holt, Thomas, et al. Policing Cybercrime and Cyberterror. Carolina Academic Press. 2015.

Jakobson, Markus and Zulfikar Ramzan. Crimeware Understanding New Attacks and Defenses.

Symantec Press. 2008.

Johnson, Deborah, and Nissenbaum Helen. Computers, Ethics & Social Values. Pearson. 1995.

Jordan, Tim. Hacking Digital Media and Society Series. Polity Press. 2008.

Shackelford, Scott J. Managing Cyber Attacks in International Law Business, and Relations: In

Search of Cyber Peace. Cambridge University Press. 2014.

Shane, Peter and Hunker Jeffrey. Cybersecurity: Shared Risks, Shared Responsibilities. Carolina

Academic Press. 2013.

The Merriam-Webster dictionary. Merriam-Webster, Inc. 2016