Table of Contents Page I. Introduction and Background 1 II. Legal Issues in Cognitive Hacking 5 III. Examples of Cognitive Hacking 7 IV. Possible Countermeasures 14 V. Bibliography 20
I. Introduction and Background
Computer and network security present great challenges to our evolving information society and economy. The variety and complexity of cybersecurity attacks that have been developed parallel the variety and complexity of the information technologies that have been deployed, with no end in sight for either. In this paper, we delineate between two classes of information systems attacks: autonomous attacks and cognitive attacks.
Autonomous attacks operate totally within the fabric of the computing and networking infrastructures. For example, the well-know unicode attack against older, unpatched versions of Microsoft 's Internet Information Server (IIS) can lead to root/administrator access. Once such access is obtained, any number of undesired activities by the attacker is possible. For example, files containing private information such as credit card numbers can be downloaded and used by an attacker. Such an attack does not require any intervention by users of the attacked system, hence we call it an "autonomous" attack.
By contrast, a cognitive