second revised

Hacking Attempts: How to Protect Against Hacking 1

Hacking Attempts: How to Protect Against Hacking

Jessica Grimm

University of North Carolina at Charlotte

Spring 2014


Background Information

Hacking is increasing because of the amount of people in the world using the Internet. It

is easy to use someone else’s information when shopping online because there is no face to face

contact meaning you can have someone else’s credit card information and the company would

not even notice that it was not yours. Throughout this paper, we will explore the significant

increase of hacking attempts and modes of protection against hacking. Using a combination of

primary interviews and case studies involving hacking we will discuss ways of responsibilities

using technology to prevent farther highjack of personal information. My parents have both

been victims of hacking and I saw how it affected my parents. I feel that the government needs

to find a better way of protecting citizens from hacking because it is becoming easier to hack into

businesses and personal computers. Before we discuss the spaces for hacking, it is necessary to

establish a shared vocabulary. Listed below are some key terms that will assist with

understanding what is being talked about in the paper.

Terms

Cyber jihad: Kloet, J. (2002), is a group of Muslim hackers who hacked the Indonesian police

web site to force them to let the rebellious Muslim leader free.

Cyber war: is the use of computers to disrupt the activities of an enemy country.

Code Red Worm: Kloet, J. (2002), this was a virus that attacked computers running Microsoft’s

IIS web server in 2001.

Lion Worm: Kloet, J. (2002), this was a virus made by a Chinese cracker named “Lion”; he says

that he created the worm to show Chinese anger towards Japan.


Ethical hackers: Smith, B., Yurcik, W., & Doss, D. (2001), according to this article an ethical

hackers is someone who hacks the computer network to test and evaluate its security, instead of

malicious or criminal intent.

Cyber-terrorism: Lewis, J. A. (2002), hacking computer networks to endure fear into society.

Terrorist: a person who causes harm to individuals or countries by terrorism.

Love Bug virus: Lewis, J. A. (2002), was a worm that attacked millions of Windows personal

computers in 2000. It also cost billions of dollars.

Firewall: is software or hardware based security system that controls the incoming and outgoing

network traffic.

RFID: Venkataramani, G., & Gopalan, S. (2007, April), radio frequency identification, it is a

technology that uses electronic tags to relay identification information to electronic readers by

using radio waves.

Generation Y: Freestone, O., & Mitchell, V. (2004), in this article Generation Y means the

youngest group of people in the population.

Outage: a period of time when a power supply is not available.

Anecdote

My parents have been victims of hackers. Although they thought they would never be

victims because they are so careful. From a simple click of the button when purchasing

something all our personal information is exposed to any number of people on the other side of

the internet connection.

Phone Line Hacked

A power company in Baltimore, Constellation Energy Group Inc., is tried to be hacked

into hundreds of times each day. The chief risk officer for the company, John Collins, says that


they have no idea who is trying to hack their system, but they know someone is trying to hack it

(Blum & Friday, 2005). Even though, the hackers have not caused any destruction to the

nation’s power grid, the company is very concerned with their efforts. Power companies are

worried that one of the hackers could be a terrorist. If a terrorist were to hack into the company

they could cause a blackout or damage power plants, which could lead into an outage. Patrick H.

Wood III, chairman of Federal Energy Regulatory Commission, has told companies that they

need to focus more on security. They are taking the proper steps an ensuring that their systems

are protected. Although, there are many attacks on the cyber networks across the industries in

the U.S., the biggest fear for the government is the threat to the country’s power supply (Blum &

Friday, 2005). Some of the problems that company security has are viruses and worms. Films

such as The Fast and the Furious glamorize hacking attempts when in actuality repercussions

could take on any number of forms such as hacking into security systems, safes, and phone lines.

Tej is the man to count on. In Fast 5, Tej hacks into a safe that has millions of dollars. Also,

Santos and Leo help Tej hack into the police station by cutting the wires and installing a device

so they can see the live feed. In Fast 6, Tej saves Mia’s life by hacking into the phone line

before Shaw was able to call his team and tell them to kill her.

Companies Hacked

My interview with William and Lisa Grimm talked about the Target credit card scam

during Christmas time. They were none too happy about that because William was laid off at the

time and they were very low on money. William went to the bank to cancel their credit cards

and their banker told him if they did not get a call from Target within forty-eight hours of the

incident that they would be ninety-five percent in the clear. Lisa would check their bank account

every day to make sure there were no changes. Recently, when they checked their bank account


was negative. Someone took Lisa’s credit card information and spent $190 on GoDaddy.com

and the very last time she used that card was at Target during Christmas. When they called

GoDaddy to tell them that they did not buy anything from them and the call rep said that they

knew it was a fraud. The money was refunded right away. They said they are having a hard

time coping because they are borrowing money from family members to keep stable until

William starts his new job (Grimm, 2014).

According to Schneier, computer security is failing regularly (2004). CEOs of businesses

want the security on their network to be upgraded. When you increase security it will also

increase the spending. Auditors want firewalls because without them they would fail an audit

and be accused of not following proper guidelines. In Schneier’s paper he has a three step

program that will help motivate the business. The first step to his program is enforcing

liabilities. The second step is allowing parties to transfer liabilities. The third step is providing

mechanisms to reduce risk (Schneier, 2004). These steps will help CEOs with the decisions on

improving their security for their business.

State Government Hacked

When interviewing William Grimm about his Social Security Number getting hacked, he

told me exactly the reason why it happened. He worked in the state of South Carolina for a

couple months and because of that he had to file taxes for South Carolina. A few months later,

he was watching the local news and a news story shared that the department of South Carolina’s

IRS had been hacked. Since that happened, he was able to get 12 months of free credit

monitoring. Knowing he had his social security number hacked is very scary. He will have to

watch his credit record very closely and most likely for the rest of his life. He told me that he is

worried someone will open credit cards and his credit score will decrease (Grimm, 2014).


Lewis’s paper Assessing the Risks of Cyber Terrorism, Cyber War and other Cyber

Threats (2002) talks about cyber terrorism and how it affects the computer network. Lewis

compares the theories of cyber-warfare and air power. Although, the costs of cyber-attacks are

cheaper than physical attacks, they are less effective (Lewis, 2002). He says that if the cyber-

attack does not cause harm then there is no need for immediate risk for national security. Lewis

cited a post from The Washington Post and it states that U.S. analysts believe that “by disabling

or taking command of the floodgates in a dam, for example, or of substations handling 300,000

volts of electric power, an intruder could use virtual tools to destroy real-world lives and

property.” Cyber-terrorist needed to attack numerous amounts of targets for a long period of

time for it to be considered an act of terror. He states that The Love Bug virus cost computer

users worldwide between $3 billion to $15 billion (Lewis, 2002).

Internet Hacked

In the article, Ethical Hacking, C.C. Palmer talks about the two definitions for “hacker”

in the computer industry. When the media saw a numerous amount of damaged computers they

made it into news. They would use the word hacker rather than using the proper term computer

criminal. Network security is becoming a major concern for business and governments because

the Internet is increasing rapidly. An “ethical hacker” is someone who would act like a “criminal

hacker”, but would not damage anything on the computer (Palmer, 2001). To be an ethical

hacker you have to be trustworthy and responsible. When evaluating the security they ask

themselves three questions. The questions are “What can an intruder see on the target system?

What can an intruder do with that information? Does anyone at the target notice the intruder’s

attempts or successes?” (Palmer, 2001). After they answer the questions, they make an

agreement between their client and themselves and this protects them from any lawsuits.


Anyone who is good with computers can be a hacker (Smith & Doss, 2001). The word

hacker has so many definitions. Smith and Doss explain in their article Ethical Hacking: The

Security Justification, what an ethical hacker is and why they are able to get away with a crime.

Ethical hackers use their knowledge to improve security. Just like in the article Ethical Hacking,

they ask themselves the same series of questions. They believe that people are being hypocrites

because they are paying the ethical hackers to do a crime, while they are putting the unethical

hackers in prison (Smith & Doss, 2001).

In this article, Generation Y Attitudes towards E-ethics and Internet-related

Misbehaviours (2004), Freestone and Mitchell talk about the cost of hacking and viruses on

computers. Annually, the cost is about $4 billion and the number of people affected is 700,000

in the U.S. alone. They did an experiment with 12 groups. Each group consisted of 6 students

ranging from ages 18 to 21 (Freestone & Mitchell, 2004). They asked the groups a couple of

questions. The questions were “What behaviors have you heard about or seen on the Internet

that you think are wrong or ethically controversial? How do you think that the Internet makes it

easier to behave in a deviant way?” (Freestone & Mitchell, 2004). The results should that five

dimensions emerged: illegal activities, questionable activities, hacking related activities, human

internet trade, and downloading material (Freestone & Mitchell, 2004). This study

acknowledged 24 unethical activities, despite the fact that these activities are costly to the

businesses and society, most of them are not seen as wrong.

China and Indonesian

The article, Digitisation and its Asian discontents: the Internet, politics, and hacking in

China and Indonesia (2002), talks about how the Chinese and Indonesian governments feel

about the Internet. Hackers sometimes challenge the government. Wenas is one of the major


hacker in Indonesia (Kloet, 2002). Hacking is nothing new to the Indonesians. In May 2001, a

group of Muslim hackers, Cyber jihad, hacked the police web site to force them to let a militant

Muslim leader free (2002). Chinese government has banned some of the U.S. websites.

Americans think that the Code Red Worm and Lion Worm were caused by the Chinese. All over

the Asian countries cyberwar is happening. A hacker from China was arrested for replacing the

content of the government web sites with pornography (2002). Indonesia was banned from e-

Bay because of a hacker manipulating sellers. Cyber jihads frame their activities strictly into the

account of the country.

Credit Card Hacked

In this article, Mobile phone based RFID architecture for secure electronic Payments

using RFID credit cards (2007), it starts off by saying if someone steals a credit card they can

use it to buy an online purchase and they would never know who the true owners of the credit

card are. In this article, Venkataramani and Gopalan both agree that RFID credit cards will be

used in the future. RFID (radio-frequency identification) is defenseless to security breaches.

Their major goal is to improve the security of electronic payments. They give real life scenarios.

For example, Jack forgot his credit card when he purchased something at a store. Someone

picked up his card and used it to purchase expensive items. Jack did not even know his credit

card was missing until he got a credit card statement (Venkataramani & Gopalan, 2007). The

use of online shopping has increased because of the rapid growth of the Internet. They use

different scenarios to motivate business/individuals.

Entering the Conversation

I believe computer security should be increased no matter what the cost is. Businesses are

worried that they will spend too much money and the security will not work. After researching


different types of hacking attempts, I see how easy it is to hack into the security system because

the companies do not have proper software or hardware to protect against that. Venkataramani

and Gopalan have a very valid point when they talked about how online shopping is increasing.

They believe that RFID should be used on credit cards because it will help the companies

become aware of fraud. I agree with them because RFID would give identification information

when someone would try to use the credit card. Regardless of the cost, I believe it would be

beneficial to businesses and the government if they increase the network security. A main reason

why it would be beneficial is because businesses and the government have a lot of important

information from people and if they do not protect that information properly there can be serious

consequences. Another reason why it would be beneficial is because it would make it harder for

a terrorist to cause harm to the country or business. For example, my dad works for a nuclear

power plant and he told me that a nuclear power plant needs a very secure security system

because if a terrorist attacks the security system it could cause a widespread blackout or a nuclear

power plant can be damaged and lead into an outage. A way businesses and the government can

test this theory would be having an ethical hacker try to hack into the computer that is fully

protected and try to hack into another computer that is not fully protected. The ethical hacker

would not know which computer is fully protected and which one is not fully protected.

So What?

With the national security having tons of information, they need to research ways to

protect against hackers. Businesses hire people to make sure that their business is safe from

hackers. Improving the security on the national security system will help businesses and the

government from being hacked. It also protects individuals from credit card theft, social security

theft, and identity theft. Some people think it is a problem when we allow ethical hackers to


hack into the computers because we consider it a crime when a normal human being hacks into a

computer because they are trying to steal from individuals. Hacking causes billions of dollars in

damages for a company or the government. To solve that problem companies and the

government need to stop worrying about the cost of security and worry about the billions of

dollars in damages that they have to pay for now. In the long run, the cost of security is cheaper

than the cost of the damages.


Figure 1: Words related to hacking

Figure 2: Hacking program


References

Blum, J., & Friday, M. (2005). Hackers Target US Power Grid. Washington Post, 11, E01.

Freestone, O., & Mitchell, V. (2004). Generation Y attitudes towards e-ethics and internet-

related misbehaviours. Journal of Business Ethics, 54(2), 121-128.

Grimm, J. Fast and the Furious observation [Document]. Retrieved from

http://moodle2.uncc.edu/course/view.php?id=37598

Grimm, W., & Grimm, L. (2014, February 20). Interview by J Grimm []. Credit card information

hacked.

Grimm, W. (2014, February 20). Interview by J Grimm []. Social security number hacked.

Kloet, J. (2002). Digitisation and its Asian discontents: the Internet, politics and hacking in

China and Indonesia. First Monday, 7(9).

Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats.

Center for Strategic & International Studies

Palmer, C. C. (2001). Ethical hacking. IBM Systems Journal, 40(3), 769-780.

Schneier, B. (2004). Hacking the business climate for network security. Computer, 37(4), 87-89.

Smith, B., Yurcik, W., & Doss, D. (2001). Ethical hacking: the security justification.

Sky apps "hacked" by Syrian Electronic Army. (n.d.). IT PRO. Retrieved March 27, 2014, from

http://www.itpro.co.uk/hacking/19876/sky-apps-hacked-syrian-electronic-army

The Fictorians. (n.d.). The Fictorians RSS. Retrieved March 27, 2014, from

http://www.fictorians.com/2012/02/08/programmers-hackers-and-technology/

Venkataramani, G., & Gopalan, S. (2007, April). Mobile phone based RFID architecture for

secure electronic Payments using RFID credit cards. In Availability, Reliability and


Security, 2007. ARES 2007. The Second International Conference on (pp. 610-620).

IEEE.

second revised

Documents