 Get ready to put on your tinfoil hats because now that we've talked about the internet We have to talk about information security one of the quick things since there is no chapter of this in your book I have included a nice little PDF on blackboard. So One of the things we have to be careful about is now that we're on the internet now that we're all connected Well, there are some malicious people out there that Might we don't want to do us harm not in the mean way like physically, but you know through digital Taking our credit cards and whatnot. So what does it mean to even have information security? Well, what that means is just to protect information. I know that sounds pretty simplistic in itself But we do this because it makes sure that we don't lose Things like our credit card information. That's a big deal or even identity theft You know if I happen to put my social security number on my computer and then somebody gets that well They can go to any kind of bank that they want and take out loans in my name and that ruins my credit And then debtors come up and well That's not good. Also because if we're not a person if we're a company, that's a big thing All of us. Let's think about for example target targets a big company and just a few months ago They got hacked especially during the holiday season. That was kind of scary So what happens? Well, we have to make sure that we as a company don't get hacked That's kind of important. So what are the three major parts of security? Now these are going to sound very similar to each other But they are kind of important to know about Confidentiality integrity and availability now confidentiality that means that only the Authorized user has access to whatever we're talking about. Let's think about your grades for a second Only two people Only two people should have access to your grades you and myself You so you can actually see them and me because I need to give it to you Well, that's actually where something like integrity comes into play integrity means that You Even though you have access to your grades should not have the ability to change it Otherwise everyone would get an a in the class and what am I doing here? Right? So that's where that stuff comes into play. I should be the only one that has access to changing your grade Then availability again. You should have access to viewing your grade. I should have access to editing your grade That's where those concepts come into play. They do all like I said sound very Mesh together, but it is important to know the differences between the subtle things Now like I said earlier just as a kind of quick little History lesson on it. What happened with target? Well, what happened was there was this malware created and malware is just a shortened version of malicious software Now malware is not the same as a virus a virus is malware but malware is sort of the umbrella term for all malicious software and this russian 17 year old child Man, I won't go into the details of whether that child or man 17 year old russian Had developed this software and he was selling it on the black market for roughly about $2,000 and Well, unfortunately, guess what? It was actually very tiny. We think about binary again for a second, you know an mp3 is about Three megabytes big three to about six megabytes big this file was only 200 Kilobytes big it was tiny smaller than a picture on facebook And what happened was because all of target's Point of sale service machines, you know where the cashiers work all those were connected to the internet They had A slight little problem. They had something known as a vulnerability vulnerability could be exploited Those are a bunch of five dollar words, but that vulnerability that's you know the chink in the armor And what happened was this hacker developed something he called the black pos to Pretty much go in there and one of the things you can kind of notice on the slides is target Not only were they connected to the internet, but they were using default passwords That's something that's not a good idea because if it's default, I know what it is You know what it is and if it's connected to the internet, I have access to it So what happened was he Sold this software. He didn't actually do it himself. He sold it to other people They used the default password logged into those things and installed this software And that's where the credit card information got a little hazy So another good version is something known as the crypto locker virus This is actually kind of fallen back a little bit But this is actually something about a year and a half ago was really really scary And what happened was what this would do is it would run in the background You wouldn't know that it was running until the very end when you would take a look at that red screen where all of a sudden your Your files all of your personal data your pictures your your documents all of it has now become encrypted And the only way to get out of it is by paying $300 to this company. It's actually known as ransomware. Basically they've It's like an online mugging all of a sudden you're you're being held up at gunpoint because if you don't pay those hackers Then guess what you lose your files forever Now what they were doing is because obviously money is transferable and it's also, you know Something that you can kind of track on the internet. They were actually using something known as bitcoin And that's kind of this is actually one of the things that made Bitcoin so popular about a year and a half ago is because they were making a lot of money with bitcoin and at the point They had earned roughly about 41,000 bitcoin That translates out into about 40 million dollars or at least the time When bitcoin had hit a roughly about a thousand dollars So they were making a lot of money all of a sudden kind of crazy Here's the even scarier part. We as it professionals can't fix it it's actually They looked at the crypto lock virus and they said wow. Yeah, you guys did a really good job at making this thing You better pay the money and if you you get that offer you get the point you You pay or you don't pay and a lot of it professionals It was actually going to take them more time and more money just to recover it than to pay it So what they do they actually paid These hackers that $300 Because it was just faster to do it that way scared, right So I've already started to throw out a little bit of terminology for you guys. I've talked about vulnerabilities and exploitation Not just to rehash that vulnerabilities. That's that chink in the armor. It's that kind of you didn't think about it They have built up this big security system and it's that unlocked door It's the broken window that we forgot about and someone snuck in well when they're sneaking in that's exploiting The vulnerability. I know that it's there. It's the weakness If you're a fan of video games, it's the big glowing red thing that you know, you shoot For the boss everything else that just bounces off of off of well We also have things known as our asset now again. Let's use the analogy of some physical devices Say for example, I actually just happened to get a new car recently and I've Wanted to soup it up. I want to I want to get the bells and whistles because I I'm I used to have a bad, you know 98 Saturn and now that I got something fancy. I want to I want to doll it up. So suddenly I buy this Really expensive speaker system and I've got nice little, you know, I don't know how big they are 18 inch speakers That's a big number, right? Yeah, okay 18 inch bigger. I got this thing dolled out completely and well, that's an asset You know people break into cars to steal that kind of stuff Well, that's the threat going on there is that someone's going to break into my car and steal my speaker systems The person who does the breaking in the burglar. That's known as the threat agent in computer terms. This is the hacker Well, that vulnerability, uh, if I don't do anything to my car, I just leave it as is, you know, the vulnerability is well Nobody's watching it. You know, no one's watching my car right now out there in the parking lot I'm kind of scared but What do we do? That's where we deal with the risk and we have three different options that we can do with risk We can accept it diminish it and transfer it now. We'll start with diminishing it. That's the big one What do we do with diminishing risk? Well What I can do is I can put locks on my car, which You know that comes standard edition nowadays. I can put a sound an alarm system on my car Which again newer cars have some older cars do not We can continue to diminish it and this is actually where the idea of transferring risk can come into play instead of Me having to worry about it. Well, I've done is I've transferred the risk to k-fair community college And what they've done is because they don't want to deal with that and they don't want to be liable to it What they've done is they've transferred it to campus security. We actually outsource campus security So we're not, you know, you actually have the wilmington police department dealing with it new handover police department That is so if something goes wrong, guess what? That's their job. Mm-hmm Well, we keep on going eventually we have to accept it because obviously I don't have an armored guard In front of my computer in front of my car or in front of my computer just to get back onto it side of things I have to eventually accept that You know, someone might eventually take my computer think about it like oceans 11 oceans 12 ocean 13 You can put as many traps snares warnings of security systems in place But there's still going to be the one percent chance someone's going to, you know Get in and eventually we just have to accept that that's going to be the case. It's always going to be that way No matter what Just to kind of keep on going there We do have one more term and that's known as cyber terrorism we're starting to become a very more connected world and so cyber terrorism what it is is people who are driven by ideological desires and they ideological means and We're not talking so much, you know extremist terrorist Although they do have some functionality with that, but we also have to think about groups like anonymous Well, guess what they are technically doing cyber terrorism cyber terrorism I know it's big fancy scary word, especially in the u.s nowadays But what they're doing is they're following their ideology way back in the day. We go back to like 2005 2006 4chan 4chan.org were kind of the 4chan was the big proponent. They were the big instigators of making anonymous You know who they are They got very pissed off at the church of Scientology Church of Scientology had been censoring a lot of people on the internet And so what did they do by following their ideology of the internet being free? You know a freedom of speech place They began to hack the church of Scientology and they also got to protest it and that's where we got into this If you're really curious look up Project Chanology and you'll learn all about sort of anonymous's first exposure out there into the real world