From Hackers to The Interview: A glimpse into Network Security

In the film Hackers (Softley, 1995) the characters used A denial of service (DoS) attack to distract the IT specialist during the final virtual battle scene. The characters had hackers all over the world unite to send ping requests and overload the system. The servers were overloaded. The Hackers used these pings as a distraction to upload viruses. They used a distributed DoS botnet to access the website at the same time from multiple computers (Vahid & Lysecky, 2017). This was one type of attack that can be executed using ping commands. 

This post will discuss DOS attacks, phishing, and social engineering. A DOS attack is accomplished by sending a bunch of access requests at the same time to one website. This causes the website to be overloaded, and then valid requests are denied. This type of attack can be used to harm or annoy a company or government, and most countries have law prohibiting this type of attack. This is one reason that it is so important to enable information and system securities (Vahid & Lysecky, 2017).  Computer systems are vulnerable to this type of threat because it does not require getting into the system, only to send pings to overload it. When hackers use more than one computer, it increases the damage. This also makes it harder to find the true source of the hackers responsible.  One potential solution, although not  guaranteed to eliminate the entire threat is  to enroll in DOS safeguard services that find strange traffic flows and send them away from the network. Another potential solution is to create a Disaster Recovery plan to mitigate damage and provide a quick recovery (Security Tip (ST04-015), 2019).

Phishing is a scam used online that attracts a computer user to reveal confidential data such as a credit card number, social security number, or a password. One frequently used phishing method emails people pretending to be a legitimate organization such as PayPal, Amazon, Bank of America, UPS, the government, or a person's own employer. Sometimes the Scammers change one letter of the email address. For example, they might send the email from deposit@BanofAmerica, leaving out the letter “k” in bank. One example of a phishing scam includes emailing to ask for money to borrow and the promise of sending more money later. This is knowns as a 419 scam or a Nigerian scam. If the phishing scammer gets a person’s password, they gain access to bank accounts, email accounts, and other accounts. “The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.” (How to Recognize and Avoid Phishing Scams, 2019). It is more the users and companies that are vulnerable to this type of threat than computer systems. One solution is to use email services such as Gmail that automatically filter out suspicious emails and automatically move them to spam. Another solution is to inform users of the threat. One company that I used to work at tested the employees by sending a phishing scam to see how many people would give their password. They sent the email from the IT department, and it looked legitimate. Many people fell for the phishing scam. They were lucky that it was only a test. Once people know about the scam of phishing, they are less likely to fall for it.

Social engineering often goes hand in hand with password cracking and malware. It is convincing people to tell private information that may be exploited for illegal purposes. Some hackers know that people are the weakest link, not the computer system itself. One of the most famous social engineering attacks shows how social engineering works. In 2014, Sony Pictures was hacked.  North Korean hackers aimed a phishing attack. They did not want the movie The Interview (Rogen & Goldberg, 2014)to be shown in theaters. The hackers used phony Apple ID emails sent to the IT administrators at Sony Pictures Entertainment to get passwords and login usernames. This is how they stole data and posted it online (Top 5 Social Engineering Attacks of All Time, 2017).They wanted to affect social change and used hacking techniques to manipulate Sony. Social engineering usually refers to a person trying to gain access to a computer system in person or on the phone by talking. Hackers sometimes show up on site at a location and attempt to gain entry to the building and then the computer. They can do this by pretending to be a new employee, a repair person, or a delivery driver. This can be prevented by making workers aware of the threat of hackers. Informing workers that they should never give out passwords, even to the IT department can help. My current job requires everyone to watch an interactive training video to show people how to avoid this type of scam. The video goes over ways to avoid being scammed such as being suspicious of phone calls asking for passwords, phishing emails, and malware attachments. It advises to look at email senders and not click on attachments if not completely necessary. It gives alternatives showing how to share files. These are all good ways to help avoid social engineering. (Security Tip (ST04-014) Avoiding Social Engineering and Phishing Attacks, 2020).

Many of the network security solutions are the same. Making workers aware of the threat and how to avoid falling for a scam are the main solutions. It is also helpful to have a software that helps people to avoid potential risks or divert strange internet traffic. This post went over DOS attacks, phishing, and social engineering. 

 

References

How to Recognize and Avoid Phishing Scams. (2019, May). Retrieved from Federal Trade Commission Consumer Information: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Rogen, S., & Goldberg, E. (Directors). (2014). The Interview [Motion Picture].

Security Tip (ST04-014) Avoiding Social Engineering and Phishing Attacks. (2020, August 25). Retrieved from CYBER SECURITY & INFRASTRUCTURE SECURITY AGENGY: https://us-cert.cisa.gov/ncas/tips/ST04-014

Security Tip (ST04-015). (2019, November 20). Retrieved from CYBERSECURITY & iNFRASTRUCTURE SECURITY AGENCY: https://us-cert.cisa.gov/ncas/tips/ST04-015

Softley, I. (Director). (1995). Hackers [Motion Picture].

Top 5 Social Engineering Attacks of All Time. (2017, November 2). Retrieved from Cyber Security Educationguides: https://www.cybersecurityeducationguides.org/2017/11/top-5-social-engineering-attacks-of-all-time/

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from zybooks.zyante.com/