1. [very common] The lowest form of cracker; script kiddies do mischief with scripts and rootkits written by others, often without understanding the exploit they are using. Used of people with limited technical expertise using easy-to-operate, pre-configured, and/or automated tools to conduct disruptive activities against networked systems. Since most of these tools are fairly well-known by the security community, the adverse impact of such actions is usually minimal.
More info: http://www.tamingthebeast.net/articles/scriptkiddies.htm
How Hackers Hack
Get someone to give you their password
A six letter password (no caps)
> 300 million possibilities
Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary.
Getting code to run on other PCs
Load a Trojan or BackDoor
Snoop and Sniff
Denial of Service (DOS)
Crash or cripple a Computer from another computer
Distributed Denial of Service (DDOS)
Crash or cripple a Computer from multiple distributed computers
Maine’s Anti-Hacker laws
§432. Criminal invasion of computer privacy 1. A person is guilty of criminal invasion of computer privacy if the person intentionally accesses any computer resource knowing that the person is not authorized to do so. [1989, c. 620 (new).] 2. Criminal invasion of computer privacy is a Class D crime. [1989, c. 620 (new).]
§433. Aggravated criminal invasion of computer privacy
1. A person is guilty of aggravated criminal invasion of computer privacy if the person: A. Intentionally makes an unauthorized copy of any computer program, computer software or computer information, knowing that the person is not authorized to do so; [1989, c. 620 (new).] B. Intentionally or knowingly damages any computer resource of another person, having no reasonable ground to believe that the person has the right to do so; or [1989, c. 620 (new).] C. Intentionally or knowingly introduces or allows the introduction of a computer virus into any computer resource, having no reasonable ground to believe that the person has the right to do so. [1989, c. 620 (new).][1989, c. 620 (new).]
2. Aggravated criminal invasion of computer privacy is a Class C crime. [1989, c. 620 (new).]
The National Strategy to Secure Cyberspace
Create a cyberspace surety response system
Establish a threat and vulnerability reduction program
Improve security training and awareness
Secure the government’s own systems
Work internationally to solve security issues (U.S. Department of Homeland Security)
Tanzim Qa'idat al-Jihad fi Bilad al-Rafidayn (QJBR) (al-Qaida in Iraq) (formerly Jama'at al-Tawhid wa'al-Jihad, JTJ, al-Zarqawi Network)
United Self-Defense Forces of Colombia (AUC)
How Modern Terrorism Uses the Internet
National Strategy to Secure Cyberspace
The National Strategy to Secure Cyberspace articulates five national priorities including:
I. A National Cyberspace Security Response System;
II. A National Cyberspace Security Threat and Vulnerability Reduction Program;
III. A National Cyberspace Security Awareness and Training Program;
IV. Securing Governments’ Cyberspace;
V. National Security and International Cyberspace Security Cooperation.
USA Patriot Act
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
Enacted Oct, 2001 and was to last for 4 years
USA Patriot Act Improvement And Reauthorization Act Of 2005
Signed March 2006
Expands terrorism laws to include “domestic terrorism” which could subject political organizations to surveillance, wiretapping, harassment, and criminal action for political advocacy.
Expands the ability of law enforcement to conduct secret searches, gives them wide powers of phone and Internet surveillance, and access to highly personal medical, financial, mental health, and student records with minimal judicial oversight.
Allows FBI Agents to investigate American citizens for criminal matters without probable cause of crime if they say it is for “intelligence purposes.”
Permits non-citizens to be jailed based on mere suspicion and to be denied re-admission to the US for engaging in free speech. Suspects convicted of no crime may be detained indefinitely in six month increments without meaningful judicial review.
Implications for Management
The Internet is becoming an increasingly filtered channel of communication
Information security continues to be deemphasized or ignored by management at all levels of the organization
Changes in the identification of threats, the growing advancement of technologies, and the identification of new threats continue to shift the organizational security focus
Any serious profile should begin with a valid security policy, which is then translated into an effective security plan with a focus on prevention, detection, and correction of threats