Hacking Attempts: How to Protect Against Hacking 1

Hacking Attempts: How to Protect Against Hacking

Jessica Grimm
University of North Carolina at Charlotte








Spring 2014
Hacking Attempts: How to Protect Against Hacking 2
Background I nformation
Hacking is increasing because of the amount of people in the world using the Internet. It
is easy to use someone elses information when shopping online because there is no face to face
contact meaning you can have someone elses credit card information and the company would
not even notice that it was not yours. Throughout this paper, we will explore the significant
increase of hacking attempts and modes of protection against hacking. Using a combination of
primary interviews and case studies involving hacking we will discuss ways of responsibilities
using technology to prevent farther highjack of personal information. My parents have both
been victims of hacking and I saw how it affected my parents. I feel that the government needs
to find a better way of protecting citizens from hacking because it is becoming easier to hack into
businesses and personal computers. Before we discuss the spaces for hacking, it is necessary to
establish a shared vocabulary. Listed below are some key terms that will assist with
understanding what is being talked about in the paper.
Terms
Cyber jihad: Kloet, J. (2002), is a group of Muslim hackers who hacked the Indonesian police
web site to force them to let the rebellious Muslim leader free.
Cyber war: is the use of computers to disrupt the activities of an enemy country.
Code Red Worm: Kloet, J. (2002), this was a virus that attacked computers running Microsofts
IIS web server in 2001.
Lion Worm: Kloet, J. (2002), this was a virus made by a Chinese cracker named Lion; he says
that he created the worm to show Chinese anger towards Japan.
Hacking Attempts: How to Protect Against Hacking 3
Ethical hackers: Smith, B., Yurcik, W., & Doss, D. (2001), according to this article an ethical
hackers is someone who hacks the computer network to test and evaluate its security, instead of
malicious or criminal intent.
Cyber-terrorism: Lewis, J. A. (2002), hacking computer networks to endure fear into society.
Terrorist: a person who causes harm to individuals or countries by terrorism.
Love Bug virus: Lewis, J. A. (2002), was a worm that attacked millions of Windows personal
computers in 2000. It also cost billions of dollars.
Firewall: is software or hardware based security system that controls the incoming and outgoing
network traffic.
RFID: Venkataramani, G., & Gopalan, S. (2007, April), radio frequency identification, it is a
technology that uses electronic tags to relay identification information to electronic readers by
using radio waves.
Generation Y: Freestone, O., & Mitchell, V. (2004), in this article Generation Y means the
youngest group of people in the population.
Outage: a period of time when a power supply is not available.
Anecdote
My parents have been victims of hackers. Although they thought they would never be
victims because they are so careful. From a simple click of the button when purchasing
something all our personal information is exposed to any number of people on the other side of
the internet connection.
Phone Line Hacked
A power company in Baltimore, Constellation Energy Group Inc., is tried to be hacked
into hundreds of times each day. The chief risk officer for the company, John Collins, says that
Hacking Attempts: How to Protect Against Hacking 4
they have no idea who is trying to hack their system, but they know someone is trying to hack it
(Blum & Friday, 2005). Even though, the hackers have not caused any destruction to the
nations power grid, the company is very concerned with their efforts. Power companies are
worried that one of the hackers could be a terrorist. If a terrorist were to hack into the company
they could cause a blackout or damage power plants, which could lead into an outage. Patrick H.
Wood III, chairman of Federal Energy Regulatory Commission, has told companies that they
need to focus more on security. They are taking the proper steps an ensuring that their systems
are protected. Although, there are many attacks on the cyber networks across the industries in
the U.S., the biggest fear for the government is the threat to the countrys power supply (Blum &
Friday, 2005). Some of the problems that company security has are viruses and worms. Films
such as The Fast and the Furious glamorize hacking attempts when in actuality repercussions
could take on any number of forms such as hacking into security systems, safes, and phone lines.
Tej is the man to count on. In Fast 5, Tej hacks into a safe that has millions of dollars. Also,
Santos and Leo help Tej hack into the police station by cutting the wires and installing a device
so they can see the live feed. In Fast 6, Tej saves Mias life by hacking into the phone line
before Shaw was able to call his team and tell them to kill her.
Companies Hacked
My interview with William and Lisa Grimm talked about the Target credit card scam
during Christmas time. They were none too happy about that because William was laid off at the
time and they were very low on money. William went to the bank to cancel their credit cards
and their banker told him if they did not get a call from Target within forty-eight hours of the
incident that they would be ninety-five percent in the clear. Lisa would check their bank account
every day to make sure there were no changes. Recently, when they checked their bank account
Hacking Attempts: How to Protect Against Hacking 5
was negative. Someone took Lisas credit card information and spent $190 on GoDaddy.com
and the very last time she used that card was at Target during Christmas. When they called
GoDaddy to tell them that they did not buy anything from them and the call rep said that they
knew it was a fraud. The money was refunded right away. They said they are having a hard
time coping because they are borrowing money from family members to keep stable until
William starts his new job (Grimm, 2014).
According to Schneier, computer security is failing regularly (2004). CEOs of businesses
want the security on their network to be upgraded. When you increase security it will also
increase the spending. Auditors want firewalls because without them they would fail an audit
and be accused of not following proper guidelines. In Schneiers paper he has a three step
program that will help motivate the business. The first step to his program is enforcing
liabilities. The second step is allowing parties to transfer liabilities. The third step is providing
mechanisms to reduce risk (Schneier, 2004). These steps will help CEOs with the decisions on
improving their security for their business.
State Government Hacked
When interviewing William Grimm about his Social Security Number getting hacked, he
told me exactly the reason why it happened. He worked in the state of South Carolina for a
couple months and because of that he had to file taxes for South Carolina. A few months later,
he was watching the local news and a news story shared that the department of South Carolinas
IRS had been hacked. Since that happened, he was able to get 12 months of free credit
monitoring. Knowing he had his social security number hacked is very scary. He will have to
watch his credit record very closely and most likely for the rest of his life. He told me that he is
worried someone will open credit cards and his credit score will decrease (Grimm, 2014).
Hacking Attempts: How to Protect Against Hacking 6
Lewiss paper Assessing the Risks of Cyber Terrorism, Cyber War and other Cyber
Threats (2002) talks about cyber terrorism and how it affects the computer network. Lewis
compares the theories of cyber-warfare and air power. Although, the costs of cyber-attacks are
cheaper than physical attacks, they are less effective (Lewis, 2002). He says that if the cyber-
attack does not cause harm then there is no need for immediate risk for national security. Lewis
cited a post from The Washington Post and it states that U.S. analysts believe that by disabling
or taking command of the floodgates in a dam, for example, or of substations handling 300,000
volts of electric power, an intruder could use virtual tools to destroy real-world lives and
property. Cyber-terrorist needed to attack numerous amounts of targets for a long period of
time for it to be considered an act of terror. He states that The Love Bug virus cost computer
users worldwide between $3 billion to $15 billion (Lewis, 2002).
I nternet Hacked
In the article, Ethical Hacking, C.C. Palmer talks about the two definitions for hacker
in the computer industry. When the media saw a numerous amount of damaged computers they
made it into news. They would use the word hacker rather than using the proper term computer
criminal. Network security is becoming a major concern for business and governments because
the Internet is increasing rapidly. An ethical hacker is someone who would act like a criminal
hacker, but would not damage anything on the computer (Palmer, 2001). To be an ethical
hacker you have to be trustworthy and responsible. When evaluating the security they ask
themselves three questions. The questions are What can an intruder see on the target system?
What can an intruder do with that information? Does anyone at the target notice the intruders
attempts or successes? (Palmer, 2001). After they answer the questions, they make an
agreement between their client and themselves and this protects them from any lawsuits.
Hacking Attempts: How to Protect Against Hacking 7
Anyone who is good with computers can be a hacker (Smith & Doss, 2001). The word
hacker has so many definitions. Smith and Doss explain in their article Ethical Hacking: The
Security Justification, what an ethical hacker is and why they are able to get away with a crime.
Ethical hackers use their knowledge to improve security. Just like in the article Ethical Hacking,
they ask themselves the same series of questions. They believe that people are being hypocrites
because they are paying the ethical hackers to do a crime, while they are putting the unethical
hackers in prison (Smith & Doss, 2001).
In this article, Generation Y Attitudes towards E-ethics and Internet-related
Misbehaviours (2004), Freestone and Mitchell talk about the cost of hacking and viruses on
computers. Annually, the cost is about $4 billion and the number of people affected is 700,000
in the U.S. alone. They did an experiment with 12 groups. Each group consisted of 6 students
ranging from ages 18 to 21 (Freestone & Mitchell, 2004). They asked the groups a couple of
questions. The questions were What behaviors have you heard about or seen on the Internet
that you think are wrong or ethically controversial? How do you think that the Internet makes it
easier to behave in a deviant way? (Freestone & Mitchell, 2004). The results should that five
dimensions emerged: illegal activities, questionable activities, hacking related activities, human
internet trade, and downloading material (Freestone & Mitchell, 2004). This study
acknowledged 24 unethical activities, despite the fact that these activities are costly to the
businesses and society, most of them are not seen as wrong.
China and I ndonesian
The article, Digitisation and its Asian discontents: the Internet, politics, and hacking in
China and Indonesia (2002), talks about how the Chinese and Indonesian governments feel
about the Internet. Hackers sometimes challenge the government. Wenas is one of the major
Hacking Attempts: How to Protect Against Hacking 8
hacker in Indonesia (Kloet, 2002). Hacking is nothing new to the Indonesians. In May 2001, a
group of Muslim hackers, Cyber jihad, hacked the police web site to force them to let a militant
Muslim leader free (2002). Chinese government has banned some of the U.S. websites.
Americans think that the Code Red Worm and Lion Worm were caused by the Chinese. All over
the Asian countries cyberwar is happening. A hacker from China was arrested for replacing the
content of the government web sites with pornography (2002). Indonesia was banned from e-
Bay because of a hacker manipulating sellers. Cyber jihads frame their activities strictly into the
account of the country.
Credit Card Hacked
In this article, Mobile phone based RFID architecture for secure electronic Payments
using RFID credit cards (2007), it starts off by saying if someone steals a credit card they can
use it to buy an online purchase and they would never know who the true owners of the credit
card are. In this article, Venkataramani and Gopalan both agree that RFID credit cards will be
used in the future. RFID (radio-frequency identification) is defenseless to security breaches.
Their major goal is to improve the security of electronic payments. They give real life scenarios.
For example, Jack forgot his credit card when he purchased something at a store. Someone
picked up his card and used it to purchase expensive items. Jack did not even know his credit
card was missing until he got a credit card statement (Venkataramani & Gopalan, 2007). The
use of online shopping has increased because of the rapid growth of the Internet. They use
different scenarios to motivate business/individuals.
Entering the Conversation
I believe computer security should be increased no matter what the cost is. Businesses are
worried that they will spend too much money and the security will not work. After researching
Hacking Attempts: How to Protect Against Hacking 9
different types of hacking attempts, I see how easy it is to hack into the security system because
the companies do not have proper software or hardware to protect against that. Venkataramani
and Gopalan have a very valid point when they talked about how online shopping is increasing.
They believe that RFID should be used on credit cards because it will help the companies
become aware of fraud. I agree with them because RFID would give identification information
when someone would try to use the credit card. Regardless of the cost, I believe it would be
beneficial to businesses and the government if they increase the network security. A main reason
why it would be beneficial is because businesses and the government have a lot of important
information from people and if they do not protect that information properly there can be serious
consequences. Another reason why it would be beneficial is because it would make it harder for
a terrorist to cause harm to the country or business. For example, my dad works for a nuclear
power plant and he told me that a nuclear power plant needs a very secure security system
because if a terrorist attacks the security system it could cause a widespread blackout or a nuclear
power plant can be damaged and lead into an outage. A way businesses and the government can
test this theory would be having an ethical hacker try to hack into the computer that is fully
protected and try to hack into another computer that is not fully protected. The ethical hacker
would not know which computer is fully protected and which one is not fully protected.
So What?
With the national security having tons of information, they need to research ways to
protect against hackers. Businesses hire people to make sure that their business is safe from
hackers. Improving the security on the national security system will help businesses and the
government from being hacked. It also protects individuals from credit card theft, social security
theft, and identity theft. Some people think it is a problem when we allow ethical hackers to
Hacking Attempts: How to Protect Against Hacking 10
hack into the computers because we consider it a crime when a normal human being hacks into a
computer because they are trying to steal from individuals. Hacking causes billions of dollars in
damages for a company or the government. To solve that problem companies and the
government need to stop worrying about the cost of security and worry about the billions of
dollars in damages that they have to pay for now. In the long run, the cost of security is cheaper
than the cost of the damages.

Hacking Attempts: How to Protect Against Hacking 11

Figure 1: Words related to hacking
















Figure 2: Hacking program
Hacking Attempts: How to Protect Against Hacking 12
References
Blum, J., & Friday, M. (2005). Hackers Target US Power Grid. Washington Post, 11, E01.
Freestone, O., & Mitchell, V. (2004). Generation Y attitudes towards e-ethics and internet-
related misbehaviours. Journal of Business Ethics, 54(2), 121-128.
Grimm, J. Fast and the Furious observation [Document]. Retrieved from
http://moodle2.uncc.edu/course/view.php?id=37598
Grimm, W., & Grimm, L. (2014, February 20). Interview by J Grimm []. Credit card information
hacked.
Grimm, W. (2014, February 20). Interview by J Grimm []. Social security number hacked.
Kloet, J. (2002). Digitisation and its Asian discontents: the Internet, politics and hacking in
China and Indonesia. First Monday, 7(9).
Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats.
Center for Strategic & International Studies
Palmer, C. C. (2001). Ethical hacking. IBM Systems Journal, 40(3), 769-780.
Schneier, B. (2004). Hacking the business climate for network security. Computer, 37(4), 87-89.
Smith, B., Yurcik, W., & Doss, D. (2001). Ethical hacking: the security justification.
Sky apps "hacked" by Syrian Electronic Army. (n.d.). IT PRO. Retrieved March 27, 2014, from
http://www.itpro.co.uk/hacking/19876/sky-apps-hacked-syrian-electronic-army
The Fictorians. (n.d.). The Fictorians RSS. Retrieved March 27, 2014, from
http://www.fictorians.com/2012/02/08/programmers-hackers-and-technology/
Venkataramani, G., & Gopalan, S. (2007, April). Mobile phone based RFID architecture for
secure electronic Payments using RFID credit cards. In Availability, Reliability and
Hacking Attempts: How to Protect Against Hacking 13
Security, 2007. ARES 2007. The Second International Conference on (pp. 610-620).
IEEE.