System Administrator Crashes ISP’s Network

pexels-photo-1148820

Dariusz J. Prugar, A former system administrator at a network service provider called PA online, used his old account to access the company’s servers and created backdoors to maintain his unauthorized access to the servers. Prugar had some issues with his employer and got fire just a couple of days before his unauthorized access. To hide his activity, he installed scripts that delete his login records from the server logs. An error in the scripts led to the deleting of important files required for the company network to work. As a result, the company network crashed and the service was shut down for many customers and businesses.

After field attempts from The IT team to fix the sudden damage that crashed the network, they contacted Prugar since he was the one who built most of the company network. Suspiciously, Prugar asked his employer to pay him for the scripts he wrote for the company, the same scripts that weren’t working because of the attack. PA Online management sent a request to the FBI to investigate the case and find out if Prugar was involved.

The company service was shut down for a whole week affecting many customers and costing the company a lot of money and its reputation. The FBI investigation showed that Prugar was involved in the incident. He sentenced to two years in prison and a fine of $26,000 for computer hacking and wire fraud.

Written by Mohammed Alhamadah

Sources:

https://www.justice.gov/usao-mdpa/pr/new-york-man-sentenced-computer-hacking-shut-down-internet-service-provider

https://www.bleepingcomputer.com/news/security/sysadmin-gets-two-years-in-prison-for-sabotaging-isp/

Why Regulating the Cyber Space is Only Going to Get Harder

Conceptual dark turquoise blue colored computer binary numbers data illustration background with human hands.

Regulation in cyber space has always been hard. As we see the advancements of our generation unfold in the newest technological age, malicious activity has only gotten more complex and hidden within the manifolds of the deepest parts of the internet, commonly referred to as the dark web.

The Tor network, short for “The Onion Router,” is a source for the majority of cyber crimes that take place all over the world. Created for the purpose of hiding from oppressive regimes and being untraceable, it can be understood that Tor was a healthy and positive ideal to strive for with regards to the newly established online culture. However, today it is the source of a lot of discourse on the regulatory boundaries it regularly pressures.

On one hand, preserving the freedom of the internet is integral to making it one of the greatest inventions of our time. However, because of the layers of encryption Tor provides, it becomes so easy to break real laws and cause mayhem without any real punishments.  Knowing this, the reality of the current situation of the cyber is that morale lines are very grey and murky, which is why discourse on the policies and laws of the cyber space only get ever more challenging.

We have already seen this in cases like Swartz vs. United States, where Swartz deliberately and intentionally broke the law, but with an admirable motive. The result of this case was met with potential reform like the discussion around Aaron’s Law – a law designed to protect and correct destructive judicial tendencies and double jeopardies.

It is clear that the general consensus is that freedom is preferred, however with the introduction of Tor, this push for things like freedom of speech are a double edged sword. We cannot regulate what we cannot see, which leads to regulation only becoming harder.

Josh Brown

Spam: Only getting better

The history of spam goes decades back, but still continues to be a major problem. After so many years, one would expect spam to become an outdated form of advertising or phishing that could easily be stopped by modern technology. However, this is not the case as spam has only grown and will continue to grow in 2020.

With half the world’s population using email, it makes sense that it would still be a target. Email is such a huge platform that in 2019, over half of all emails sent were spam. Not is the number of spam, but the quality of the spam is increasing as well. Instead of the more obvious Viagra spam emails, they’re becoming more personal, making you more likely to click on it. Doing little things like adding your name or an old username and password makes it a much more believable message.

Regular people aren’t the only targets of spam. Businesses are a major target for phishing emails. In 2018, 76% of businesses reported being a victim of a phishing attack. With the average cost of a phishing attack to a mid-sized company being $1.6 million, all those attacks have caused major loss. Businesses continue to educate their employees on spam awareness, which has proven to be somewhat helpful, reducing click-through rates significantly. Unfortunately, the sheer amount of spam emails being sent out every day, the probability of an employee eventually falling for one of the emails is stacked against businesses.

-Alexa Krempa

Sources:

Apple’s cloud service finally brings COLLABORATION

Image result for icloud

For almost 10 years now, iCloud has provided Apple users the comfort of keeping their files secure across both desktop and mobile platforms. Not only does it make people feel secure with their files backed up, but the security measures Apple has provided with iCloud protect user data from not only hacker intrusion, but physical intrusion as well. iCloud data is encrypted even on Apple’s server, so consumers can rest assured that their data is private.

But what of this new folder sharing feature Apple has created? For some time now, users have been able to share files by sending others a shareable link. At WWDC 2019, Apple announced that users will now be able to share entire folders of content with other iCloud subscribers. Useful right? This creates great opportunity for collaboration between users on projects and the ability to share stuff between friends and family with a few easy clicks. This is very much comparable to and is very much a competitor of Dropbox.

iCloud is already cross-platform, allowing you to access iCloud from macOS, iOS, Microsoft Windows, and (with limited functionality) Android, as well as accessing your data from any web browser. This fluency is of great convenience, but at what cost?

For one, congregating data within one place allows hackers to gain everything at once, instead of fighting with diverse security. If someone gains access to your iCloud account, they have access to all of your data, and, with this new feature, any shared folders.

We also do not know yet how this will affect enterprise environments. There is increased sensitivity of the data within businesses, and the more sharing going on means more points of failure.

iCloud seems to be ever growing with its features, and the ability for users to secure more and more aspects of their data within the service. We must be cautious moving forward, however, as centralizing all of our data in one place can lead to all of it being compromised at once.

By: Joe Schultz

Sources:
https://support.apple.com/en-us/HT202303

https://www.macworld.com/article/3520791/folder-sharing-brings-icloud-drive-closer-to-dropbox-but-theres-work-left-to-do.html

https://www.computerworld.com/article/3520790/is-apples-icloud-folder-sharing-a-shadow-it-problem.html

The CFaA law and Cybersecurity students

Cybersecurity professionals are currently in demand. This demand is inspiring more students to pursue a Cybersecurity major and with some companies not enforcing that every hire must have a college degree, more people are using other resources to educate themselves in order to be a professional in that area. Due to the nature of cyber security, there are other resources that some students use to acquire some more experience or maybe just challenge themselves and put their knowledge to practice. Capture the flag and bug bounties are some of the most popular ways to do so, but users of those resources could face criminal charges according to the CFAA law.

What is the CFAA and what it means for cybersecurity students?

“The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization, but fails to define what “without authorization” means.”

https://www.nacdl.org/Landing/ComputerFraudandAbuseAct

Cybersecurity students are usually curious and want to explore the internet and discover what things they could do with access to the internet. With resources nowadays like capture the flag and bug bounties, the CFAA law by being essentially vague could limit access or even get people who just want to expand their knowledge in trouble, like the case of Morris. Robert Morris was a student who discovered some vulnerabilities on a network and created a worm to explore and show the consequences of said vulnerabilities. His actions were motivated by his eagerness to learn, he was granted access to the computers he used and he didn’t mean any harm on his research, yet he was still found guilty of breaking the CFAA laws.
People are currently pushing for Aaron’s law, inspired by the case of Aaron Swartz, which would then be essential to define crucial points of the CFAA, reducing its vagueness and protect people from being charged with multiple accusations over a single crime. 

Sources:
https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf
https://www.cybersecuritymastersdegree.org/what-is-aarons-law/
https://www.congress.gov/bill/99th-congress/house-bill/4718