Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st23_the_hackers.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
96 lines (73 sloc)
4.3 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
title: The Hackers | |
--- | |
[LD comment: We introduce ‘Worms’ and ‘Trojan’ when highlighting the first two hacking case studies. I think defining these terms could follow the video (taking the definitions from Week 8, Step 34 – Antivirus)]() | |
# Paras Jha, Josiah White, Dalton Norman - Mirai | |
One of the most publicly discussed security incidents of recent years | |
is Mirai. This worm used vulnerabilities in devices like networked | |
cameras rather than traditional computer systems, and gave its | |
controllers the pwoer to send enormous amounts of traffic to target | |
sites. The amount of traffic was enough to take down web servers in | |
what is known as a "denial of service attack", or DOS. | |
Interestingly, the vulnerabilities were not too complex and mostly | |
involved knowing certain manufacturers used default passwords and | |
usernames for their devices. | |
The three creators initially wanted to use the worm to cause problems | |
for their opponents in minecraft, but ended up creating something that | |
took down websites, knocked hundreds of thousands of people off-line | |
and cost various people large sums of money with an estimated total of | |
around $100,000,000. | |
The creators were fined $127,000. This was considered by many to be a | |
very low fine, but takes into account the creators' willingness to | |
assist the FBI. Since their arrest, they have spend around 1,000 hours | |
of unpaid time assisting the FBI. | |
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/ | |
# Hamza Bendelladj, AKA Bx1 - SpyEye | |
Hamza is also thought to have cost the world public around | |
$100,000,000 through his exploits. Known as Bx1, Hamza engaged in | |
stealing money electronically from bank accounts using the SpyEye | |
trojan he created. The same software was also used by may other | |
hackers, leading to estimates of up to $1bn in losses due to the tool. | |
It appears the money Hamza stole was donated to Palestinian and | |
African charities. | |
Hamza, an Algerian, was prosecuted in the USA and sentenced to 15 | |
years imprisonment. | |
https://www.aljazeera.com/news/2016/04/hacker-hamza-bendelladj-sentenced-15-years-160422104149553.html | |
# Lewys Martin, AKA sl1nk | |
Lewys Martin, who referred to himself as "sl1nk" was given two years | |
in prison for causing disruption to local police force servers and web | |
servers at Oxford and Cambridge universities. He caused around half | |
an hour of down-time for one server, slow running over a number of | |
days and used up around 35 days of police time. | |
The judge said that "the sentence passed must reflect society’s | |
distaste for this type of crime." | |
https://www.kentonline.co.uk/deal/news/computer-hacker-jailed-860/ | |
# Activity | |
[LD comment: The activity is very text heavy and asking the students to do/consider several things. Can we simplify this/make it more concise?]() | |
Read the articles linked above and decide if you think the sentencing | |
in each case is equitable considering the crime committed. You might | |
like to consider sentencing of other crimes and decide if you feel any | |
of the above were harsh or lenient in comparison. | |
In the case of Lewys Martin, the investigating officer went on record | |
to say that "cyber attacks are a nuisance and cause aggravation as | |
well as costs to countless private and public organisations up and | |
down the country. Most websites have systems in place to prevent them | |
being compromised, and none of those attacked in these instances | |
suffered any more than a temporary disruption. However, those who try | |
to carry out these attacks will be traced and brought before the | |
courts, like Martin, to face the consequence of their actions." | |
Now consider the numbers of convictions in the UK under the Computer | |
Misuse Act, which can be found here: | |
https://www.gov.uk/government/publications/foi-releases-for-april-2017 | |
The condensed version is below, and shows that although 2013 saw a | |
total of 13 guilty verdicts, the average is less than 7 between 2010 | |
and 2015. | |
| Region | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | | |
|-----------------|------|------|------|------|------|------| | |
| Guilty Verdicts | 9 | 5 | 3 | 13 | 4 | 5 | | |
Contrast this with estimates of yearly losses in the UK of £11bn | |
(https://www.financierworldwide.com/cyber-crime-in-the-uk-is-it-is-bad-as-they-say-or-worse). Do | |
you think the UK is adequately prepared for the current and future | |
levels of cyber crime? | |
<!-- LocalWords: Lewys | |
--> |