Cyber conflict and transnational cyber crime: Midterm Exam

All answers to questions should be in your own words. Do not copy the entire text of questions into you answer sheet. This is an essay exam meant to be completed over a period of approximately 5 hours. DO NOT COPY VERBATIM INFORMATION FROM BOOKS OR OTHER ONLINE SOURCES. Your entire exam as typed out by you will be submitted to the safe assign system. Significant plagiarism will result in a deduction of points equivalent to the percentage of plagiarism detected. USE YOUR OWN WORDS! This is a graduate level examination and analysis and thinking skills are highly regarded. That being said you must have the right answer. Cite your sources. Use good grammar and spelling.  You should define and describe any terms in your own words that are important. You must analyze and determine the facts of a particular situation. Then you must compare and contrast the information based on your understanding of the area of knowledge. Finally you must summarize and synthesize your conclusions as to the answers of the questions.
Introduction: Good morning. You are now an analyst working for a major defense contractor in Washington D.C. Remember all Purdue graduates are the best at whatever job they do upon graduation. Having completely demoralized your favorite professor Dr. Liles by taking a position working in the defense industry. You have now the low pay and wages of government service, the promise of never buying Dr. Liles his endowed chair, and the tears of your hungry children at night to assuage your constant service to country. Congratulations.

 

Scenario: Your boss was blindsided this morning in a meeting of principles. This is a meeting where all of the bosses discuss problems and issues. It appears that an incredibly large cyber crime ring could be operating against soft targets in the real world. Your job is to analyze this real world problem and write a report on the topic. You must answer the following questions:

1)    Is there human agency at work against the target?

2)    Is there coordination in the attacks against targets?

3)    Is there any groups who might benefit from using cyber to attack the targets?

4)    Is there an obvious strategic, operational, tactical pattern to the current attacks?

5)    Is there reason to be concerned?

6)    Given the questions what other evidence to support or refute the hypothesis exists?

7)    You must take a position as to whether it likely, unlikely and you must support through analysis that position.

8)    Is there a technological component to the attacks?

9)    How is transmission, processing and storage of information involved in the attacks?

10) Is the attack based on a purely cyber, purely not cyber, or a hybrid?

11) How can you describe effects on confidentiality, integrity, and availability?

12) The primary question is whether this is an ongoing conflict that may escalate or something where it is coincidental that each event has nothing to do with the pattern.

 

Some analysis strategies you should consider is creating a list of actors as victims and aggressors, a timeline of the attacks, locate the attacks based on corporate, geographic, and or relationships. You should find as many incidents as possible.

 

Activity: Are cyber adversaries attacking the critical infrastructure of transportation and shipping?

 

The shipping and transportation industry may be under attack. A variety of real world cyber related incidents have been detected over time. Is there at all anything to be worried about and is this critical infrastructure possibly being targeted?

It is hard for some people to disambiguate shipping from maritime to parcel service. As an example drug traffickers in Europe exploited package delivery systems to facilitate drug trafficking in 2013. Whereas, in 2012 there were significant concerns over GPS jamming creating extreme risk to maritime shipping. The risk to maritime networks is not just civilian vessels. There are reports from 2013 of risk to naval craft too. Like other forms of transportation the maritime system has significant technologies that might be at risk. The very design of modern passenger ships could be one of the issues of interest to an adversary.

In 2008 a Polish Teen derailed a tram after hacking into the train network. The 14 year old used a modified TV remote control to change tracks. In 2009 a Washington DC metro train slammed into the back of another train killing what later would reported as 9 people.  he NTSB would later say that the cause was a failed circuit. In early 2011 a professor explained the issues of possible denial of service in the train dispatch system.  A disputed attack was reported by the Transportation Security Administration. In the industry disputed report hackers executed an attack on the Northwest Rail Company’s computers in December 2011 that disrupted railway signals. In 2013 a teen admitted to attacking the Swedish rail system. The distributed denial of service apparently stopped the rail.

The say it can’t happen but is it possible to attack a Boeing 787? The attack by an Android device of an airplane got extensive news coverage in 2013. In 2010 the FAA told Boeing to hack proof the 747-8. Thee were concerns then over the digital systems found in the Boeing. In 2011 there were several stories about hacking into the engine control systems of a 747. There have been discussion about the architecture of the Garmin 1000 glass cockpit solution too.

There is numerous and extensive discussion of the automotive industry. You may or may not add to your evidence using this area too.

1 comment for “Cyber conflict and transnational cyber crime: Midterm Exam

  1. ussjoin
    October 8, 2013 at 10:26 pm

    Just thought I’d add my brain-poison thoughts.

    1) Is there human agency at work against the target?

    Always. Unless Stross’ ATHENA system has gone live, in which case we’re hosed.

    2) Is there coordination in the attacks against targets?

    Maybe.

    3) Is there any groups who might benefit from using cyber to attack the targets?

    Yes. Always. See #1. (Of course, a more conspiracy-minded person might point out that there are lots of groups that benefit from *anyone* using “cyber” to attack almost anything.)

    4) Is there an obvious strategic, operational, tactical pattern to the current attacks?

    I don’t think so—but if there was, that would reflect badly on those responsible.

    5) Is there reason to be concerned?

    Yes. Always. See #1.

    6) Given the questions what other evidence to support or refute the hypothesis exists?

    This is a question that presumes its own answer in both directions. If you think there’s a vast conspiracy^H^H^H criminal enterprise, then *every* attack on any system is related. If not, then such things are random.

    7) You must take a position as to whether it likely, unlikely and you must support through analysis that position.

    Heh. Well, the problem with vast, world-spanning conspiracies is that they’re very hard to operate in a leak-proof manner (see also Grugq, DPR, NSA). So I’m gonna go with not real likely.

    8) Is there a technological component to the attacks?

    Yes. There is a technological component to everything, post-fire.

    9) How is transmission, processing and storage of information involved in the attacks?

    …wait, seriously?

    10) Is the attack based on a purely cyber, purely not cyber, or a hybrid?

    Hybrid.

    11) How can you describe effects on confidentiality, integrity, and availability?

    Heh. I love security courses. CIA is a fun triad, of course, but here’s the killer: even if there was no significant damage to any of the three, the *perception* of such damage—in a fully fact-free way—can be used to great effect. See also Chomsky.

    12) The primary question is whether this is an ongoing conflict that may escalate or something where it is coincidental that each event has nothing to do with the pattern.

    See #7.

Leave a Reply