Group Paper Topics

  1. The nature of hacking has changed in recent years with the change in usage of computing devices.
    How has hacking changed?
    In the early days of hacking, the primary purpose of hacking was to disrupt the workflow of an
    organization, business or government. At the time, we had PC computers and mobile devices, smart
    phones and tablets were not in wide usage. Viruses, worms and Trojan Horses were the common types
    of malware. It was relatively easy to disrupt a person’s usage of computers by damaging the operating
    system which was stored on a hard drive. The operating system is copied from the hard drive into
    memory and runs from memory. Thus, a virus can be loaded in memory and change the files resident
    on the hard drive. This causes the PC to be unusable because the operating system has been changed.
    Current computing devices such as smart phones and tablets have the operating system
    “burned” into a chip and cannot be changed unless the chip, called a SoC (Software on a Chip), is rooted.
    Even though the operating system is burned into a chip it can be changed by erasing the code from the
    chip electrically (EEPROM) and reloading the OS into the chip.
    Now, most hackers are after information and would rather steal information to either use it for
    monetary gain or to affect the operations of the government. For example, ransomware is currently the
    most dangerous type of malware in existence. The hacker can encrypt an organizations data and then
    blackmail them to provide the key to decrypt the data. Hackers will steal medical information to scam
    Medicare. Other hackers will steal emails to embarrass political opponents.
  2. Privacy? How is privacy now being affected by the high-tech companies.
    Currently, Google, Amazon, Twitter and Facebook collect information on every member they
    have. You agree to this collection and usage of your information when you sign the EULA to join any of
    these groups. If you want to join you have to agree to allow them to collect this information or you
    can’t use their platform. Is this fair? Whether or not it’s fair, it is legal.
    Once the companies collect the information, they can use it any way they choose. They can sell
    it to other companies, to politicians, to academics for research purposes. Why is this collection of
    information important and valuable? Any security expert is never interested in what people say but
    rather what they do. Sales and marketing experts also find focus groups and questionnaires less than
    completely accurate. Politicians rip their hair out at the inaccuracies of polls. Remember the polls for
    the presidential race in 2016 had Hillary Clinton winning the election handily, in a landslide? Donald
    Trump won despite all the polls saying otherwise.
    It is a truism in security that words always lie but actions can never lie. In the case of polls,
    many people said they would vote one way and then actually voted differently when they got into the
  3. Another aspect of Privacy. How do the high-tech companies manipulate data to suit their own ends?
    Do not make a judgment call on these companies’ political leanings, simply explain them in
    order to be accurate in your hypothesis. For example, it’s been reported in the news that a majority of
    Google’s high-level management leans to the liberal side and tend to support Democrats. This is not a
    judgment, simply what’s been reported in various press outlets. One professor reported in a
    congressional hearing that Google deliberately manipulates the sites that come up in a Google search in
    order to change voting patterns.
    Is this possible? Is it desirable or dangerous for a private company to have this kind of power?
    If not how can we stop it through legislation? How would you write a law to stop high-tech companies
    from gathering and using this information? Should these high-tech companies have this kind of power
    whether they wield it or not?
  4. Individual privacy vs. law enforcement.
    Every law enforcement officer including AG Barr, James Clapper, former DNI, and other law
    enforcement and intelligence service leaders have decried the ability of citizens to encrypt their data in
    a manner that prevents law enforcement from reading their emails or cracking the password.
    The current standard in encryption is PKI. With PKI it is impossible to crack the password and
    decrypt a message even though the code that encrypts the message is open source and publicly
    available. Having the source code of the PKI algorithm does not help in cracking and decrypting the
    message. The only option for law enforcement when they have a phone such as the iPhone from the
    San Bernardino terrorist is to try to guess the password. However, Apple and Android have both made
    it impossible to guess a password enough times to open the phone. iPhone and Android phones both
    have a feature that will “brick” the phone after a certain number of unsuccessful guesses at the
    password. When trying to crack the password for the phone acquired from the San Bernardino terrorist,
    the FBI realized they couldn’t do it and tried to use the court system to force Apple to install a back door
    into their phones and provide a master key to the FBI. This effort failed.
    Congress has tried many times over the years to assist law enforcement by passing a law that
    would require all companies building communications hardware, developing communications apps or
    encryption software to include a backdoor in their systems. Privacy advocates, usually composed of
    private citizens, have managed to defeat such legislation thus far. Privacy advocates have managed to
    make legislators understand that providing a master key to law enforcement guarantees that hackers
    will discover the backdoors and either steal the master key or develop their own.
    Develop a hypothesis as to whether it would be better to have a back door into every system
    with a master key held by law enforcement or is it better to enable private citizens to keep their
    communications private.
  5. Intellectual property vs. the Internet.
    Intellectual property still exists in the age of the Internet and is still protected under the law.
    However, since it is possible to download or copy and paste almost anything off the Internet intellectual
    property has been abused more and more often. There have been numerous examples of literary prizes
    awarded and then rescinded over plagiarism and theft of intellectual property.
    Currently China is open and above board about acquiring intellectual property. The government
    of China will not allow any company, particularly American companies, to conduct business in their
    country unless the company agrees to give up any intellectual property regarding the products they sell
    in China.
    Younger students today don’t think there is anything wrong with copying information off the
    Internet and presenting it as their own work. I have had discussions with students in which they
    proposed the idea that since they searched for the information on the Internet and then found it, they
    could copy it and present it as their own work. The concept of intellectual property seems to be falling
    by the wayside due to the Internet.
    Develop a hypothesis as to whether we should continue or even strengthen intellectual property
    laws, or should we simply abandon intellectual property laws and make anything that is posted on the
    Internet fair game.
  6. Cyberterrorism vs. cyberwarfare.
    The only known instance of cyberterrorism in the world today is the Stuxnet worm which was
    installed on computers in Iran to disable their nuclear reactors which can produce weapons grade
    fissionable material to enable Iran to develop a nuclear warhead. The Stuxnet worm was discovered by
    Kaspersky Labs which produced and marketed one of the most effective antivirus programs in the world.
    Kaspersky Labs traced the origins of the Stuxnet worm to the CIA. The Stuxnet worm was
    developed specifically to infect centrifuges in Iran’s nuclear plant to disrupt their nuclear development
    program. It has been reported that Israeli security agencies were heavily involved in the mission to load
    the worm.
    A few years later, an NSA employee took various malware and tools home that the agency used
    in their cyber operations and loaded it on his personal computer. The computer had Kaspersky Labs
    antivirus loaded on it and alerted Kaspersky to the infection as antivirus programs are supposed to. It
    was reported that Israeli agents which were employed by Kaspersky reported that Kaspersky had ties to
    the Russian government. Shortly thereafter, US intelligence agencies released a report that Kaspersky
    had connections with the Russian government and recommended that Kaspersky antivirus and all other
    Kaspersky products be banned from Federal government computers.
    Considering the timing and sequence of events was Kaspersky banned because they had ties to
    the Russian government or were they banned because they exposed the Stuxnet worm and the CIA’s
    attempt at disabling the Iranian nuclear program?
    Some people would say that the CIA’s development and use of the Stuxnet worm was
    cyberwarfare. Others would say it was cyberterrorism. Which was it? Support your answer with
  7. Edward Snowden, traitor or hero?
    Edward Snowden was a contractor for the NSA and a former employee of the CIA. Snowden
    released thousands, if not millions of documents proving that various American intelligence agencies
    were violating their charters if not actually violating laws by gathering telephone conversations, emails,
    messages and various other communications of American citizens. Some people believe that Edward
    Snowden is a whistle blower against the super-secret intelligence agencies by leaking those documents.
    Other people believe Snowden is a traitor for violating American laws and fleeing to Russia in order to
    claim asylum and remain out of prison.
    Develop a hypothesis as to whether Snowden is a whistle-blower or a traitor and support that
    hypothesis with research.
  8. Wikileaks.
    Wikileaks is an international non-profit organization headed by Julian Assange, an Australian
    Internet activist. Wikileaks is responsible for releasing numerous news leaks and classified material
    from anonymous sources including the documents leaked by Edward Snowden. When the Bank of
    America cut off Wikileaks donation accounts the hacker group Anonymous hacked the Bank of America
    and forced them to reopen the Wikileaks account so that Wikileaks could continue to accept donations.
    Develop a hypothesis supported by research as to whether Wikileaks is essential to a free
    society or has Wikileaks damaged countries such as the United States through their release of
    confidential information. Remember that nothing Wikileaks has released has ever been proven to be
    false. Should Wikileaks be allowed to continue to exist? Does it provide a valuable service to average
    people by keeping them informed? Or should Wikileaks be shut down due to the damage it has caused
    various governments, high placed officials and organizations?
  9. Child protection in cyberspace.
    The Internet has become an integrated component of the learning process of children. Children
    have neither the maturity to understand the consequences of their actions, nor the knowledge to
    protect themselves so it is up to us to protect children when they are accessing the Internet. Dangers to
    children lurk on the Internet from sex traffickers to kiddie porn developers to simply cyber-bullying.
    There are numerous laws currently in place to protect children. It is not possible in today’s learning
    environment to restrict children from accessing the Internet. That places any child so restricted at a
    terrible disadvantage in the learning process. Plus, these children will have to learn about the dangers
    so that they can be responsible adults and protect themselves when they grow mature enough to do so.
    Develop a hypothesis and support with research. Are we going far enough with our current laws
    or do we need to expand the current protection laws in place? If you believe we should expand the
    laws, what laws would you pass to enhance our children’s safety?
  10. Ethical vs. Legal in cyberspace.
    We all know that there is quite a large difference between laws and ethics. What may be lawful
    may be ethical and what is ethical may often be illegal. Are the laws governing cybersecurity currently
    on the books enough to guide cybersecurity professionals or would you say there are large gaps
    between ethical conduct and lawful conduct. It is unlikely that congress will be able to pass any laws
    materially affecting the conduct of cybersecurity professionals. Apart from the partisan divide in
    Congress, the Senate and the President which virtually guarantees that very few laws will get passed
    there is also the fact that politicians are not tech-savvy enough to know what laws are necessary in
    today’s environment.
    It is a known fact that very few people will follow a rule or law unless there is a detrimental
    effect from failure to follow that law. If the penalties are not sufficiently large many people will not
    modify their behavior. The only way to get people to follow laws is through the threat of force. Only
    the government can apply force. If we assume that laws cannot or will not be passed to govern
    behavior of cybersecurity professionals then we must fall back on ethical behavior. We must develop a
    code of ethics. What would be your recommendation for a code of ethics governing the behavior of a
    cybersecurity professional and is there any way to enforce that code of ethics?