Professional Documents
Culture Documents
Colegio de Montalban Institute of Computer Studies Department of Information Technology
Colegio de Montalban Institute of Computer Studies Department of Information Technology
Assignment # Activity #4
Submitted by Mark T. Murillo
Professor Mr. Michael R. Mades
COLEGIO DE MONTALBAN
Kasiglahan Village, San Jose, Rodriguez, Rizal
INSTITUTE OF COMPUTER STUDIES
1.Consider the statement: an individual threat agent, like a hacker, can be a factor in
more than one threat category. If a hacker hacks into a network, copies a few files,
defaces the Web page, and steals credit card numbers, how many different threat
categories does this attack fall into?
Hacking into the network- This is a case of illegal trespassing. This attack could also
Copies a few files- Hacker was copying few files from a network into his system without
Defacement of the web page results from malfunctioning source code. It compromises
the integrity of the information, also known as a software attack. This occurs when
Steals credit card numbers- Stealing credit card numbers due to vulnerabilities or
loopholes in the network, lack of sufficient planning to protect information this data
2. Using the Web, research Mafiaboy's exploits. When and how did he compromise
sites? How was he caught?
Mafiaboy is known as the "bratty-kid" who took down the internet.
Michael Calce (Mafiaboy) was born in 1986 in West Island, Quebec. He brought down
several commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc.,
E*TRADE, eBay, and CNN. At the time, Yahoo! was the most popular search engine. In
2000, he compromised these sites when he was only 15 years old by creating denial-of-
service attacks on these companies. He was eventually caught by the FBI, which was
doing surveillance on him. He was charged with 50+ crimes and sentenced to eight
months in a youth group home. Today, Calce is called a white hat hacker, which means
companies hire him to help them recognize their company's security flaws and design
better security features.
3. Search the Web for the "The Official Phreaker's Manual." What information
contained in this manual might help a security administrator to protect a
communications system?
Official Phreaker's Manual is a document published after a particular time, contain the entire
encyclopedia of phone hacking. It explains all the necessary information regarding phone
working and company's management. It includes information on Electronic Toll Fraud (ETF),
mentions all the available toll frauds, and explains how they are performed. This information
may help the security administrator to identify any fraud and take necessary steps. It explains the
working of a blue box, black box, cheese box and red box. To keep pace with upcoming
manuals and countercheck their telecom system against such threats discussed in the manual. All
http://www.phreak.ch/files/phreakmanual.txt
4. Using the Web, find at least two other sources of information on threats and
"threats." Foot Printing It is a technique of gathering information, i.e. the network's loopholes
or vulnerabilities where the hacker wants to intrude. First of all, the objective and location of
intrusion are known. After that, information is gathered through various social engineering
methods, conducting a whois query to check out for various associated networks, and enquiring
about the technologies being used by that network, such as hardware technology, IP addresses,
Packet Sniffing is a technique that has been used since the original release of Ethernet. Packet
sniffing allows user to capture data which is being transmitted over the network. Network
professionals use this technique to resolve network issues and use malicious users to capture
unencrypted data such as password and username in network traffic. Packet sniffing can be done
only in the particular subnet, i.e. we cannot sniff packets from a remote network. To protect data,
one is advised to work on encrypted protocols and encrypt all sensitive data. Packet
modification.-involves one system intercepting and modifying a packet destined for another
system. Packet information may not only be changed, but it could also be destroyed.
5. Using the categories of threats, as well as the various attacks described, review
several current media sources, and identify examples of each.
There are 12 categories of threats. An example of each threat is listed
below:
Compromise to intellectual property – Stealing credit card information (like
in #1)
Deviations in quality of service – Internet service provider, power, or WAN
service problems (Charter internet going down)
Espionage or trespass – Unauthorized access and/or data collection
(Equifax security breach)
Forces of nature – fire, floods, earthquakes, lightning, tornadoes,
hurricanes (not a person)
Human error – accidents (mistakes)
Information extortion – blackmail, information disclosure (information being
leaked)
Sabotage or vandalism – defacing a webpage, ruining a system software
Software attacks – viruses, worms, macros, denial of service
(Mafiaboy's attacks)
Technical hardware failure or errors – equipment failure
Technical software failure or errors – bugs, code problems, unknown
loopholes
Technological obsolescence – outdated technology
Theft – illegal confiscation of equipment or information (stealing personal
information such as credit card numbers, drivers licenses, social security
numbers, etc.)