WEEK 8 - Why look for Threats and Vulnerability? (Sony Pictures Attack)


          Even huge corporations are susceptible threats and vulnerabilities. The Sony Pictures attack was one of the most infamous hacker compromises in recent history. On November 24 2014, a hacker group tried to blackmail Sony Picture heads by threatening the release of company and employee sensitive data. This was the first time “Ransom-ware” was highlighted and now seems to be picking up in popularity across many news outlets. After the failure to act, and the exploit of an insurmountable amount of data, the event led to severe layoffs across the industry from the top down. It led to the firing of Sony Chairman Amy Pascal, whom once was hailed by Forbes as one of the most powerful women in the world. The company’s inept security protocols and disorganized structure gave them no chance to ward off such an attack. Eventually this in incident opened the eyes of all major corporations in the United States. Many companies realized how vulnerable they were and what was now needed to safeguard themselves.


          This Infamous attack from the “Guardians of Peace,” was quickly blamed on North Korea. After further research, there doesn’t seem to be much validity to that accusation. At the time, mid-level investigators had based their theories on the fact that the code was similar to another attack that had taken place by North Korea. What wasn’t known to everyday citizens at the time was that once hacker code is used, it is often quickly grabbed and reused by other hackers. The code is used as a shortcut to other variables of malware being programmed. This process dilutes any “fingerprints” of code and is not a feasible tool to identify assailants. To this day, no one has been identified or charged with this crime.

WEEK 7 – Infrastructure Cyber Attack Risk

           The future may hold a new war of cyber-attacks on the worlds infrastructure.  These are attacks used by computer code via directly or overtly and aimed at controlling or sabotaging industrialized countries machines in control of infrastructure. These vulnerable entities entail many well-known everyday items to include driving grid systems, industrial factories, various power plants, financial institutions, health care, and many other systems that a country cannot afford to lose for a sustained amount of time.

           In 2015, a cyber-attack on Ukraine’s power grid left 700,000 people without electricity for several hours. Alarmingly, the actors behind this attack were previously seen conducting attacks against the U.S. energy sector, prompting an alert by the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) in 2014. Though disruption never occurred in the U.S., this was believed to be reconnaissance for a potential future attack (Brasso, 2016).

           If the United states was targeted, the effects could be catastrophic in regards to how much our system depends on infrastructure. These scenarios involve code that manipulates machines that were never originally made with security in mind. Many of these devices were designed before the digital age explosion and never had net connections in mind upon construction. These vulnerable systems can be directed to shutoff or overrun to cause damage. Worst case scenario would contrast with Iran’s Stuxnet incident in where nuclear power plants were targeted. An environmental disaster in that scale due to a hack could rewrite how the world goes about cyber hacking all together.

WEEK 6 - Use of Credible Sources

In WEEK 2 I stated that credible sources may come down to personal preference and the ability to prove the reference.I then went on to discus how I've been using Vice News over the years and like there stance and point of views, specifically on their technology reporting. Unfortunately, this is more of a news outlet and not much help for system analysis research. I've been using the following sources for this weeks assignments; 

https://www.tutorialspoint.com/system_analysis_and_design/system_analysis_and_design_overview.htm

WEEK 5 - This Weeks Experiences

Oh, how I've come to know and love Harry and Mae's Inc. I have really gotten to know this companies insides and outs by using the same case scenario setup through the last couple of years. That being said, It's been great to be able to find newer and more detailed problems within this fictional company. Not that the work gets any easier, it just comfortable to know where I can start looking for problem's within this company's network system. Upon my graduation, oh, how I will miss you Harry and Mae's.

WEEK 4 - Most Wanted Hacker

Evgeniy Mikhailovitch Bogachev was listed as one of FBI "most wanted.” What makes him different from the other members of this esteemed list is that he is a hacker. Not a man of violent crimes or a mobster who organized and induced a criminal conspiracy ring. No, that of a guy who used his keyboard as a gun in a good old fashioned bank robbery. He also used his weapon of choice to hold up every day citizens like you and me and often ransomed valued data more money instead of outright just stealing it. This guy was so good at what he does, he even ransomed information to a Massachusetts police station. This was all done with his creations of various infamous malware.



By using malicious software that "enslaves" computers and steals user names and passwords, the 30-year-old and his gang allegedly hacked into hundreds of thousands of banks accounts, emptying up to $7 million at a time from unsuspecting firms across America. Most were unaware that the attacks, from a program called GameOver Zeus, or GOZ, had even happened. A second program, known as "ransomware", would freeze victims' computer files and threaten to destroy them unless an online ransom was paid. It targeted not just businesses but ordinary home computer users, freezing precious online family photo albums and even children's school projects (Freeman and Mirovalev, 2014).



To this day, Evgeniy Mikhailovitch remains free and is still a criminal at large. With him being hailed a hero at home, it is unlikely there will be much cooperation from the Russian authorities for his arrest or extradition. American banks fear him and there is a $3 million-dollar reward for assistance in his capture.

WEEK 3 - This Weeks Experiences

With the pursuit of my Threat Modeling invention, comes the reality of actually seeing it in use in real world environments. It's safe to say that it is kind of eye opening in seeing other organizations using there own variations of threat models. This allows you to see how some companies do it better than others. Sometimes there not even really done at all. Knowledge is power in the way of protection, not only for yourself, but everyone who has data on these said networks.

WEEK 2 - Credible Sources and Where to Find Them?

This may come down to personal preference and the ability to prove the reference. I've been using Vice News over the years and like there stance and point of views, specifically on their technology reporting. From research and reviews, I've come to trust this media outlet which is a big feat in these days. Finding credible sources is a hard thing to do with the current state of politically driven media outlets and the overly publicized "fake news." Vice News can be found through the following link: https://news.vice.com/en_us