st23_the_hackers.md

---
title: The Hackers
---
[LD comment: We introduce ‘Worms’ and ‘Trojan’ when highlighting the first two hacking case studies. I think defining these terms could follow the video (taking the definitions from Week 8, Step 34 – Antivirus)]()
# Paras Jha, Josiah White, Dalton Norman - Mirai

One of the most publicly discussed security incidents of recent years
is Mirai.  This worm used vulnerabilities in devices like networked
cameras rather than traditional computer systems, and gave its
controllers the pwoer to send enormous amounts of traffic to target
sites. The amount of traffic was enough to take down web servers in
what is known as a "denial of service attack", or DOS.

Interestingly, the vulnerabilities were not too complex and mostly
involved knowing certain manufacturers used default passwords and
usernames for their devices.

The three creators initially wanted to use the worm to cause problems
for their opponents in minecraft, but ended up creating something that
took down websites, knocked hundreds of thousands of people off-line
and cost various people large sums of money with an estimated total of
around $100,000,000.

The creators were fined $127,000. This was considered by many to be a
very low fine, but takes into account the creators' willingness to
assist the FBI. Since their arrest, they have spend around 1,000 hours
of unpaid time assisting the FBI.

https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/

# Hamza Bendelladj, AKA Bx1 - SpyEye

Hamza is also thought to have cost the world public around
$100,000,000 through his exploits.  Known as Bx1, Hamza engaged in
stealing money electronically from bank accounts using the SpyEye
trojan he created. The same software was also used by may other
hackers, leading to estimates of up to $1bn in losses due to the tool.

It appears the money Hamza stole was donated to Palestinian and
African charities.

Hamza, an Algerian, was prosecuted in the USA and sentenced to 15
years imprisonment.

https://www.aljazeera.com/news/2016/04/hacker-hamza-bendelladj-sentenced-15-years-160422104149553.html


# Lewys Martin, AKA sl1nk

Lewys Martin, who referred to himself as "sl1nk" was given two years
in prison for causing disruption to local police force servers and web
servers at Oxford and Cambridge universities.  He caused around half
an hour of down-time for one server, slow running over a number of
days and used up around 35 days of police time.

The judge said that "the sentence passed must reflect society’s
distaste for this type of crime."

https://www.kentonline.co.uk/deal/news/computer-hacker-jailed-860/

# Activity
[LD comment: The activity is very text heavy and asking the students to do/consider several things. Can we simplify this/make it more concise?]()

Read the articles linked above and decide if you think the sentencing
in each case is equitable considering the crime committed.  You might
like to consider sentencing of other crimes and decide if you feel any
of the above were harsh or lenient in comparison.

In the case of Lewys Martin, the investigating officer went on record
to say that "cyber attacks are a nuisance and cause aggravation as
well as costs to countless private and public organisations up and
down the country. Most websites have systems in place to prevent them
being compromised, and none of those attacked in these instances
suffered any more than a temporary disruption. However, those who try
to carry out these attacks will be traced and brought before the
courts, like Martin, to face the consequence of their actions."

Now consider the numbers of convictions in the UK under the Computer
Misuse Act, which can be found here:
https://www.gov.uk/government/publications/foi-releases-for-april-2017

The condensed version is below, and shows that although 2013 saw a
total of 13 guilty verdicts, the average is less than 7 between 2010
and 2015.

| Region          | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 |
|-----------------|------|------|------|------|------|------|
| Guilty Verdicts | 9    | 5    | 3    | 13   | 4    | 5    |

Contrast this with estimates of yearly losses in the UK of £11bn
(https://www.financierworldwide.com/cyber-crime-in-the-uk-is-it-is-bad-as-they-say-or-worse). Do
you think the UK is adequately prepared for the current and future
levels of cyber crime?

<!--  LocalWords:  Lewys
 -->
	---
	title: The Hackers
	---
	[LD comment: We introduce ‘Worms’ and ‘Trojan’ when highlighting the first two hacking case studies. I think defining these terms could follow the video (taking the definitions from Week 8, Step 34 – Antivirus)]()
	# Paras Jha, Josiah White, Dalton Norman - Mirai

	One of the most publicly discussed security incidents of recent years
	is Mirai. This worm used vulnerabilities in devices like networked
	cameras rather than traditional computer systems, and gave its
	controllers the pwoer to send enormous amounts of traffic to target
	sites. The amount of traffic was enough to take down web servers in
	what is known as a "denial of service attack", or DOS.

	Interestingly, the vulnerabilities were not too complex and mostly
	involved knowing certain manufacturers used default passwords and
	usernames for their devices.

	The three creators initially wanted to use the worm to cause problems
	for their opponents in minecraft, but ended up creating something that
	took down websites, knocked hundreds of thousands of people off-line
	and cost various people large sums of money with an estimated total of
	around $100,000,000.

	The creators were fined $127,000. This was considered by many to be a
	very low fine, but takes into account the creators' willingness to
	assist the FBI. Since their arrest, they have spend around 1,000 hours
	of unpaid time assisting the FBI.

	https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/

	# Hamza Bendelladj, AKA Bx1 - SpyEye

	Hamza is also thought to have cost the world public around
	$100,000,000 through his exploits. Known as Bx1, Hamza engaged in
	stealing money electronically from bank accounts using the SpyEye
	trojan he created. The same software was also used by may other
	hackers, leading to estimates of up to $1bn in losses due to the tool.

	It appears the money Hamza stole was donated to Palestinian and
	African charities.

	Hamza, an Algerian, was prosecuted in the USA and sentenced to 15
	years imprisonment.

	https://www.aljazeera.com/news/2016/04/hacker-hamza-bendelladj-sentenced-15-years-160422104149553.html


	# Lewys Martin, AKA sl1nk

	Lewys Martin, who referred to himself as "sl1nk" was given two years
	in prison for causing disruption to local police force servers and web
	servers at Oxford and Cambridge universities. He caused around half
	an hour of down-time for one server, slow running over a number of
	days and used up around 35 days of police time.

	The judge said that "the sentence passed must reflect society’s
	distaste for this type of crime."

	https://www.kentonline.co.uk/deal/news/computer-hacker-jailed-860/

	# Activity
	[LD comment: The activity is very text heavy and asking the students to do/consider several things. Can we simplify this/make it more concise?]()

	Read the articles linked above and decide if you think the sentencing
	in each case is equitable considering the crime committed. You might
	like to consider sentencing of other crimes and decide if you feel any
	of the above were harsh or lenient in comparison.

	In the case of Lewys Martin, the investigating officer went on record
	to say that "cyber attacks are a nuisance and cause aggravation as
	well as costs to countless private and public organisations up and
	down the country. Most websites have systems in place to prevent them
	being compromised, and none of those attacked in these instances
	suffered any more than a temporary disruption. However, those who try
	to carry out these attacks will be traced and brought before the
	courts, like Martin, to face the consequence of their actions."

	Now consider the numbers of convictions in the UK under the Computer
	Misuse Act, which can be found here:
	https://www.gov.uk/government/publications/foi-releases-for-april-2017

	The condensed version is below, and shows that although 2013 saw a
	total of 13 guilty verdicts, the average is less than 7 between 2010
	and 2015.

	\| Region \| 2010 \| 2011 \| 2012 \| 2013 \| 2014 \| 2015 \|
	\|-----------------\|------\|------\|------\|------\|------\|------\|
	\| Guilty Verdicts \| 9 \| 5 \| 3 \| 13 \| 4 \| 5 \|

	Contrast this with estimates of yearly losses in the UK of £11bn
	(https://www.financierworldwide.com/cyber-crime-in-the-uk-is-it-is-bad-as-they-say-or-worse). Do
	you think the UK is adequately prepared for the current and future
	levels of cyber crime?

	<!-- LocalWords: Lewys
	-->