Chapter 2 Exercises & Case Exercises
Chapter 2 Assignment
Ryan M. Kethcart
INFOST-491 SEC-OL
Exercises
1. Consider the statement: an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack fall into?
a. Overall, I believe this attack falls into four major threat categories: deliberate acts of trespass, compromises to intellectual property, technical failures, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the web page, and theft of credit card numbers); due to their method of entry – hacking into a network – it leaves me to believe there were some technical failures, such as software vulnerabilities or a trap door. However, that is just one possibility as to what could have occurred. This could have also been a managerial failure; say the unknown hacker used social engineering to obtain the information to gain access to the network – proper planning and procedure execution could have potentially thwarted this hacker’s attack. 2. Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught? c. Michael Demon Calce, also known as Mafiaboy, was a high school student from West Island, Quebec, who launched a series of highly publicized DDoS (denial-of-service) attacks in February 2000 against large commercial websites including: Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*Trade, eBay, and CNN. Calce also attempted to launch a series of simultaneous attacks against nine of the thirteen root name servers. d. On February 7th, 2000, Calce targeted Yahoo! With a project he named “Rivolta” – meaning riot in
Ryan M. Kethcart
INFOST-491 SEC-OL
Exercises
1. Consider the statement: an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack fall into?
a. Overall, I believe this attack falls into four major threat categories: deliberate acts of trespass, compromises to intellectual property, technical failures, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the web page, and theft of credit card numbers); due to their method of entry – hacking into a network – it leaves me to believe there were some technical failures, such as software vulnerabilities or a trap door. However, that is just one possibility as to what could have occurred. This could have also been a managerial failure; say the unknown hacker used social engineering to obtain the information to gain access to the network – proper planning and procedure execution could have potentially thwarted this hacker’s attack. 2. Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught? c. Michael Demon Calce, also known as Mafiaboy, was a high school student from West Island, Quebec, who launched a series of highly publicized DDoS (denial-of-service) attacks in February 2000 against large commercial websites including: Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*Trade, eBay, and CNN. Calce also attempted to launch a series of simultaneous attacks against nine of the thirteen root name servers. d. On February 7th, 2000, Calce targeted Yahoo! With a project he named “Rivolta” – meaning riot in