Chapter 7: Information Security Threats and Policies In Europe

1. What is a botnet?

• The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn the computer into a bot (also known as a zombie). When this occurs, the computer can perform automated tasks over the Internet, without us knowing it.
• Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.
• A botnet is a network of autonomous malicious software agents that are under the control of a bot commander.
• The network is created by installing malware that exploits the vulnerabilities of Web servers, operating systems, or applications to take control of the infected computers.
• Once a computer is infected, it becomes part of a network of thousands of “zombies”, machines that are commanded to carry out the attack.

2. Describe some of the main points of the Digital Agenda for Europe.

The main points of the Digital Agenda for Europe are:

• Create a new and stable broadband regulatory environment.

-Broadband speeds of 30 Mbps will be available to all European citizens by 2020.

-Guarantee universal broadband coverage

• New public digital service infrastructure through Connecting Europe Facility loans.

- exploit the potential of Information and Communication Technologies (ICTs) in order to foster innovation, economic growth and progress.

•  Propose EU cyber-security strategy and Directive.

- For instance, to react in real-time conditions, a well function and wider network of Computer Emergency Response Teams (CERTs) should be established in Europe.

- At a more operational level, internationally coordinated information security targeted actions should be pursued, and joint action should be taken to fight computer crime, with the support of a renewed European Network and Information Security Agency (ENISA).

• Digital Single Market

- Europe has successfully dismantled cross-border barriers to trade in most physical goods and many services.

- Leveraging Europe’s digital strengths into global competitiveness, economic wealth and sustainable jobs requires the creation of a European Digital Single Market, where business can be conducted online as easily as via traditional channels.

-The Digital Single Market will require greater harmonization across policy areas to eliminate existing obstacles to the provision of pan-European online commerce and services.

•   Launch grand Coalition on digital skills and jobs

- We need to both grow our ICT sector and drive the development of individuals with the necessary understanding and skills at all levels of the value chain.

- Europe must set ambitious goals for 2015 including halving the digital literacy and competence gaps and guaranteeing that all primary and secondary schools have high-speed Internet connections. By 2012 the EU should ensure all primary and secondary school students receive training about the risks and safe use of the Internet. All adults of working age should have access to e-Skills training.

• Update EU’s copyright framework.

- diverging copyright licensing; copyright levy systems unfit for the digital age; differing data protection rules; different consumer protection regimes; contrasting interpretations of intermediary liability; technology neutral standards; lack of radio-spectrum harmonization; lack of effective payment systems to facilitate cross-border transactions and a lack of Europe-wide organised recycling schemes to support large-scale operations.

•   Accelerate cloud computing through public sector buying power.
• Launch new electronics industrial strategy – an “Airbus of Chips”

3. Explain how a cyber attack can be carried out.

There are two types and techniques of cyber attacks commonly used include:

Distributed denial-of-service

A denial of service attack occurs when “an attacker attempts to prevent legitimate users from accessing information or services.” This is typically accomplished when the attacker overloads a system with requests to view information. This would be an example of a remote attack. By extension, a distributed denial of service (DDoS) occurs when multiple computers are involved in a denial of service attack causing an even larger amount of traffic on the target website.

Vulnerability

Vulnerability is some part of the system that the attacker can take advantage of or manipulate A safe cracker, for instance, must know where the safe is and how to get into it. The vulnerability would require knowledge of the safe, its locking mechanism and what aspects may be exploited. The payload, in this case, would be a bag full of money. Given these three aspects, prior intelligence is needed to understand what access is available and what vulnerability can be exploited in order to attack precise targets.

This figure shows how a cyber attack was carried out.

4. Describe some of the weakness exploited by malware.

Malware is a program that is inserted into a system.

• The Web is made up of billions of pages created by different people with different levels of technical skills, offering rich content in many different formats. Accessing some of this content requires helper applications, such as media players. Many different types of back-end software serve up these web pages, content, and many of those formats, applications, and tools have weaknesses hackers can exploit.
• Hackers use vulnerabilities to create exploits that let them penetrate your computer or network. Often, when you visit an infected webpage or open an infected email, the attack code starts snooping around for any known weaknesses in your system.
• The level of sophistication is remarkable in that the malware sites can actually identify the particulars of your computer and operating system and infect or attack the system appropriately. For instance, if you run Safari as your browser, the malware sites will not bother trying any known Internet Explorer vulnerabilities. Instead, they focus on Safari or Safari plug-in weaknesses.
• When a useful vulnerability is found, the goal of the malware attack is to create a buffer overflow condition in your computer. This then gives the malware the capability to initiate the download of harmful code, the key loggers, botnet software, spyware ad generators, or others.
• Malware creators and distributors also take advantage of "weaknesses" in human nature, such as curiosity, trust, and desire for connection, and carelessness, to dupe users into handing over the keys to their system security.