Jack Caravelli, Nigel Jones - Cyber Security, Threats and Responses for Governments and Business.

Cyber Security, Threats and Responses for Governments and Business written by Jack Caravelli and Nigel Jones is a book that focuses on international cyber-policy issues and discusses about current and future situation of cyber security and goes over national cyber security strategies. Book is published in 2019 and it discusses about issues, theories, important characters like Obama, Putin and Trump, and previous years cyber attacks and how these all have impacted the whole world and the security of our noways Web. 

Authors describe cyber crime as ”a criminal offense by use of the Internet and computer technologies". They have given plenty of different examples for the definition. One thing that they strongly pinpoint almost in every chapter is that the nations should work more together and make strategies how to conquer the current and future criminals of the World Wide Web. 

At first the book discusses about cyber crime in general and gives plenty of great examples how internet has been used for previous years attacks and how they evolved even further. They use a lot of examples of Facebook, the action of ISIS and NSA, how and why the terror attack 911 happened and how internet was used there. Many of the great countries have been taken to examples too, like Russia, North Korea, USA and China. It discusses how important and powerful tool internet including dark and deep web can be for recruitment and propaganda for example for ISIS. There was told that through dark web can be learned for the example how to build a car bomb and how to use it. 

Authors go over the WannaCry case and also discusses about Stuxnet and how it still affect our behavior in the internet. They discuss about the trustworthiness and confidentially of IoT and that it’s a concept of confidentiality, integrity and availability of information.  

Finally in the end of the book they have carefully choose pretty interesting case study that overviews and analyses the cyber security strategy of United Kingdom in 2008.

Book was pretty interesting to read and it discusses about very important issues that we still have in our current world. It gives an inside look and analyze to many previous years attacks that we have had. There can be found the first truck driver attacks in Spain, how Snowden reveled sensitive information and what consequences that brought to him and to NSA also there was mentioned Estonian cyber attacks.

As a conclusion the book provides carefully detailed image of the political, financial, data protection, privacy, and reputational problems caused by the cyber attacks. It offers a forward-looking approach, discussing emerging trends that will bring new challenges to those charged with enhancing cyber security.

71Y-rGfNNeL.jpg

Assistive technology - Eye-Tracking

 Assistive technology (AT) is any item, piece of equipment, software program, or product system that is used to increase, maintain, or improve the functional capabilities of persons with disabilities. - ATIA, 2021.

I choose to explore more assistive technology based on eye-tracking. It's interesting how some device or specific software is made for as small and precise moved as eye-movement. 

According to assistive technology oriented company Boundless this kind of high-technology is based on the head tracking and eye control systems that measure head or eye positions and directly translate their movement into mouse movements. A quick nod of the head or blink of the eye and individuals with mobility challenges can navigate a computer completely hands free.

Windows Control Monitor (windows-control-monitor-screenshot-1900x1200.png)

"Tobii Gaze interaction software is a computer access method that allows those with disabilities to navigate and control their computer with their eyes, similarly as an everyday computer user uses a mouse (e.g., activate, select, zoom, scroll, etc.) to control their computer. Gaze interaction only requires the movement of the eye itself—the movement of other muscles is not required, making it a perfect solution for those with rehabilitative disabilities." - Rudnicki, 2020.

With these kinds of softwares and devices people are able to do several tasks that they wouldn't be able to do without these softwares. They are more able to express themselves, entertain themselves, do their daily tasks over the internet and have more freedom in their life. They are more able to connect with different people and get also support faster if needed.

According to Rudnicki functionality of a Tobii eye tracker, uses invisible infra-red light to illuminate the eyes. From there, two extremely high quality camera sensors capture the reflection off of the retina and the cornea of the eyes, commonly referred to as “red eye” and the glint, respectively. The eye tracker then uses these two points to build a 3D model of the user’s eyes to determine two things: where the user is looking (gaze point) and where the user’s eyes are in space, relative to the location of the computer (track box).

This information is then paired with Tobii Windows Control to allow the computer to know exactly where the user is looking with an accuracy of 1cm. The computer can then track the user’s gaze point and, ultimately, tell the computer where their eyes are looking at all times. By knowing where the user’s eyes are looking, the eye tracking device then can control the computer, similar to the way a mouse lets you control it with your hand.

When googling issues of the softwares and devices, there was a warning of epilepsy and that a certain medical devices are susceptible to disturbance by IR light and/or radiation, other that was mentioned were rare connection issues with the software and the device used together.

Other these kind of softwares to mention are Precision Gaze Mouse software, Camera Mouse developed at Boston College and IntelliGaze from Alea Technologies.

Sources:

https://www.atia.org/home/at-resources/what-is-at/ (accessed 27.04.2021)

https://www.boundlessat.com/Mobility/Head-Eye-Control (accessed 27.04.2021)

https://papunet.net/saavutettavuus/silman-liikkeilla-ohjattava-kohdistin (accessed 27.04.2021)) 

https://precisiongazemouse.org (accessed 27.04.2021)

https://windowsreport.com/eye-control-software-pc/ (published 09.08.2017, accessed 27.04.2021)

https://help.tobii.com/hc/en-us/articles/212372449-Safety-guidelines (published 2016, accessed 27.04.2021)

Kali Linux and Elementary OS

Kali Linux

Kali Linux formerly known as BackTrack Linux is Debian-based on Linux distribution. It’s mainly aimed for cybersecurity experts and persons who want to explore and develop their skills with advanced penetration testing and conducting digital forensics. It's initial release was at 13 March 2013 and since then there has been minor bug fixes during the years.

Kali Linux is under GPLv3 license and maintained and funded by Offensive Security. Kali Linux includes security tools, such as: WireShark, Autopsy,  Nmap and Kismet among others. It’s free, open-source, FHS compliant, completely customizable, multi-language supported and contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

Kali Linux uses the APT package manager and the latest version is Kali 2021.1.

It's doesn't have an official yearly release date, it releases new versions/updates when ever they are ready to use.

Kali Linux desktop (kali-desktop-xfce.jpg)

Elementary OS

aka ”A privacy-respecting replacement for Windows and macOS”

Elementary OS is a Linux distribution based on Ubuntu LTS that features the custom developed Pantheon desktop environment. It’s initial release date was 31 March 2011 and it’s applications are developed and maintained by Elementary, Inc plus it’s under GPLv3 license too. It promotes itself as a "fast, open, and privacy-respecting" replacement to macOS and Windows and has a pay-what-you-want model.

Elementary OS has MacOS-inspired interface with a large icon dock interface instead a Windows-style Start button and taskbar. Includes the custom coded apps and paid app store that are available with Elementary.

Previous versions are 0.1 Jupiter and it featured a customized Gnome desktop, and was based on Ubuntu 10.10. After Jupiter there has come 0.2 Luna, 0.3 Freya, 0.4 Loki, 5.0 Juno and the latest version is called 5.1.7 ”Hera”.

It has been assumed that elementary OS 6 is released between October 2021 and December 2021. For Elementary OS 6 there is planned to be more refreshed look and feel including typography and the system stylesheet, major updates to communication and organization apps by leaning on the Evolution data server back-end and new installer and initial setup among other updates.

Found issues in current version 5.1.7 "Hera" during 2020 till this day:
-  Freezing up more often than prior releases
- Connecting Wifi hasn't been working properly
- Doesn't have any input in the list to enable the Noise Supression function
- Problems with minimizing windows
- Some libraries and packages that would normally be included with other distros aren’t installed

Other distros that look and feel like macOS are Deepin Linux, BackSlash Linux and Ubuntu Budgie among others.

Elementary OS desktop (elementaryos.jpeg)

Sources:

https://www.tecmint.com/linux-distro-for-power-users/ (published 25.09.2020, accessed 23.04.2021)

https://www.cmscritic.com/reviews/elementary-os-review/ (published 17.12.2019, accessed 23.04.2021)

https://www.kali.org/releases/ (accessed 23.04.2021)

https://www.kali.org/docs/introduction/what-is-kali-linux/ (accessed 23.04.2021)

https://blog.elementary.io/updates-for-july-2020/ (published 07.08.2020, accessed 23.04.2021)

https://www.maketecheasier.com/elementary-os-hera-review/ (published 26.06.2020, accessed 23.04.2021)

https://www.debugpoint.com/2020/09/elementary-os-6-odin-new-features-release-date/ (published 15.02.2020, accessed 23.04.2021)

The Values of Hacker Ethic in 2020

Steven Levy’s hacker ethic was based on positive attitude, total freedom and extreme accessibility of information. In his theory everything should be free and available for everyone in every time. He also stated that no one should trust the authorities and the hackers should be judged by their hacking/actions not by their age, degrees etc. What I liked in his statements the the positivity and he’s belief that everything should be free and accessible for everyone at all the time, with our restriction . That would be an ideal situation if it would work, but there has to be restrictions and also authorities who create and maintain them and observe that everything works. "Children need to be guided and criminals restrained" says it all.. Internet is full of content that is not suitable for kids and also too much content for criminals to use if that content would be free and legal to use. 

    I also both agree and disagree with the point that all the information should be free. Back then it was totally understandable that everything was free because there wasn’t so much context available. Nowadays it’s nice to find all the information what is out there but on the other hand those sources, articles and news haven’t emerged there by themselves, there is always a person behind them, a person who is getting maybe even his living from it. So in that case I totally understand that some information is restricted or behind a subtraction or some little payment.  In last points he mentioned that people are able to use computers to create and that the computers can change ones life. I have to agree with these last states too, because computers and the usage of different softwares make our life easier, gives opportunity to create or test something new and we can rely on it’s magical world when we are bored and access content that entertains us at that point. I personally have got new friends trough internet, found events that I wouldn’t normally go and other stuff, so I could say also computers and internet has changed maybe not my life but affected it much.

Possible future hacker ? (photo-1589652717521-10c0d092dea9)

At the nineties Eric S. Raymond stated that to identify a hacker the conditions of attitude, skills and status should all be true. He also gave several advices how to become a hacker - main points were to learn how to program, use several different kind of softwares, knowledge of English and extra points if you could have a certain style while doing it. In my opinion the way you look or behave shouldn't affect to the fact are you a hacker or not. I think it's more important what you think about yourself and how skillful and motivated you are. People are so different so there can't be only one definition how a hacker look or behave like. 

What comes to the Linus Law that stated that hackers are driven by the though of survival, social life and entertainment, is interesting to be honest. Like Linus Torvalds mentioned in the text those can be seen as the basic needs of human being and I agree with it, because in general all we do nowadays with computer are for surviving(work), social life(Facebook) and entertainment(Netflix). 

Pekka Himanen shared the hacker ethic into seven categories which are passion, freedom, work ethic, money ethic, network ethic, caring and creativity. I like how he has separated all the sections and described them too. I think the most important point of his categories is the first one; passion. Always whatever we do a little bit more than something daily basis we have some kind of passion for it that drives us forward and maintains the interest towards it. That is true in hacking and other computing too, when you are passioned about it, then you have more energy to solve problems and explore the internet.

Russia Internet Censorship & Privacy concerns of Facial Recognition

Internet Censorship

"Internet censorship is the control of information that can be viewed by the public on the Internet and can be carried out by governments, institutions, and even private organizations. Censored content can include copyrighted information, harmful or sensitive content, and more." - Poetker, 2019 

Internet Censorship (internet-censorship-16500-thumbnail-4.jpg)

“Russian authorities’ approach to the internet rests on two pillars: control and increasing isolation from the World Wide Web,” - Williamson, 2020

I found from multiple sources that especially during the COVID-19 pandemic, Russia has been censoring more and more the internet from their citizens. 

According to Human Rights Watch page the Russia has significantly expanded laws and regulations tightening control over the internet infrastructure, several online content, and the privacy of communications. If this is carried out to their full  restrictive potential, the new measures will severely undermine the ability of people in Russia to exercise their human rights online, including freedom of expression and freedom of access to information.

It was also said that in 2019 there was brought into use  “sovereign internet”, that required specific internet service providers to install special equipments that allows authorities to outwit the providers and automatically block unwanted content that had been banned by the government. During these times there has been violations to the privacy of mobile communications too.

According to “sovereign internet” law, this technology should prevent users from accessing any content the authorities deem unwanted by using direct commands, which the authorities have programmed, without the users or ISPs even noticing
The “sovereign internet” law also requires the creation of a national domain domain name system (DNS). Blocking can range from a single message or post to an ongoing network shutdown, including cutting Russia off from the World Wide Web or shutting down connectivity within Russia.

According to John Faulds in Techradar the major internet Restrictions in Russia began in 2012, with the introduction of a blacklist, and increased further in 2014 during the crisis in Ukraine when the aim was to silence voices critical of government policy.

My personal experience of censorship was at my previous job, when I tried to watch Netflix from my work computer the page was blocked, it was sad but I solved the problem by taking my personal computer to use too.

Facial Recognition 

”Facial recognition is a way of identifying or confirming an individual’s identity using their face. Facial recognition systems can be used to identify people in photos, videos, or in real-time.” - Kapersky 

Face Recognition (face-unlock-kPIF--621x414@LiveMint.jpg)

Facial recognition is used widely in different services from unlocking a device to find a missing person and it’s based on biometric security.

According Thales website stated that the main problems with facial recognition are quality photographs of a person's face, forced or unaware facial recognition and alternatively stealing the numeric code and they may lead to major privacy issues.
For example there was written that in 2009, some authorized hackers successfully used photos to trick the systems used by Lenovo, Asus, and Toshiba laptops.
Another example case from Switlane webpage was that also in 2019, more than 100,000 photos and license plates were stolen from the Border Agency database. Such security breaches raise concerns over whether increasing use of face recognition is jeopardizing Americans’ privacy. 

One way to prevent it is to add Liveness detection, that only opens the phone if the facial recognition notices an actual face.

Also there has been cases where facial recognition of a phone opens for identical twins, should work like that either.

Sources:

https://www.hrw.org/news/2020/06/18/russia-growing-internet-isolation-control-censorship (published 18.06.2020, accessed 10.04.2021)

https://www.hrw.org/news/2019/10/31/russia-new-law-expands-government-control-online (published 31.10.2019, accessed 10.04.2021)

https://www.orange-business.com/en/blogs/understanding-russias-new-sovereign-internet-law (published 24.02.2020, accessed 10.04.2021)

https://www.vox.com/recode/22189727/2020-pandemic-ruined-digital-privacy (published 23.12.2020, accessed 10.04.2021)

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/inspired/liveness-detection (published 04.12.2020, accessed 10.04.2021)

https://www.kaspersky.com/resource-center/definitions/what-is-facial-recognition (accessed 10.04.2021)

https://www.swiftlane.com/blog/facial-recognition-privacy-concerns/ published 01.10.2020, accessed 10.04.2021)

https://www.techradar.com/vpn/which-websites-and-services-are-banned-in-russia (24.08.2020, accessed 10.04.2021)

IT Security Finland

The Mitnick formula

The Mitnick formula states that the security is a combination of proper technology, sufficient training and suitable policy.

Code (photo-1542831371-32f555c86880)

I think that nowadays it’s important to know about the security threats, different risks and also how to act when they happen.
I’m not so sure about the general situation in Finland, what I can refer is my own experiences and what I have read. Even thought Finland has a high level of knowledge, skills and strong expertise in the IT field there is something still missing.. What I have read from the news and heard is that the level of the security in Finland is not so good as people think it is.

For the last year you could have read from the Finnish news that several people have got phishing emails, calls and text messages asking their passwords and other information. My personal risky experience was with one of these calls last year, when I got a call from Microsoft IT support. Here is a link for that:  Microsoft IT support fraud.  

Before that I wasn’t aware of these kind of calls and also I just had one technical Microsoft problem in my work computer to which I was waiting for a call form our IT department.
It was a sum of coincidences. Luckily I had a bit experience of IT and security and at the time the ”Professional Microsoft IT Technician” started asking my email passwords and bank accounts I got suspicious and ended the call. I have to admit he had done his homework and was truly believable. He explained everything to me very precisely and as simple as possible.
Another "attack"  happened to me couple days ago, when I got text message from the ”post office” of Finland and they told that my package is arrived and I should sign some document thought some link…no thanks, I haven’t ordered anything.

What comes to the training part, all the information that I have got is from school mainly and from my previous job. I was working for a IT company for two years and they had an online security training pretty often, they could have been better but at least something.
Most of the trainings usually focused on the main threats and how they occur, I think it would be also important to know how to act and get away safely when it happens.

Recent cases that I found that have happened in Finland are the hacking of psychotherapy center Vastaamo in 2020, where the hackers hijacked and published mental health data of hundreds of patients. Another one was flying company Finnair that was hacked and the frequent flyer data was hacked, it affected around 200,000 members of the Finnair Plus programme. Finnish politicians email accounts were hacked in 2020 too.

Sources:

https://www.foreigner.fi/articulo/national/scandal-over-the-hijack-and-and-publication-of-private-mental-health-data/20201023121903008599.html (published 23.10.2020, accessed 01.04.2021)

https://yle.fi/uutiset/osasto/news/finnair_frequent_flyer_data_hacked/11820715

(published 04.03.2021, accessed 01.04.2021)

https://yle.fi/uutiset/osasto/news/police_finns_lose_1m_to_online_fraudsters_so_far_this_year/11804957 (published 23.02.2021, accessed 01.04.2021)

https://www.bloomberg.com/news/articles/2020-12-28/finnish-politicians-email-accounts-targeted-by-cyber-attack (published 28.12.2020, accessed 01.04.2021)

https://www.kyberturvallisuuskeskus.fi/fi/ (accessed 01.04.2021)

Importance of the design

The Hawaiian false missile alert

 Until humans learn how to command machines with their minds (or vice versa), we're always going to need some sort of menu, control panel or whatever to interact with our machines and tell them to do our jobs for us - Hillabin, Cracked 2012 

Before the AI is developed enough to work without human presence there is always needed those control panels or command-line to the software or device to work. I was searching different kind of disasters that have occurred because of a bad design and there was several of them. Most crucial ones were plane and car crashes. One that got my interest was so called Hawaii Human error even thought the reason wasn’t anyone’s fault, it was just bad design that caused the mislick. Usually when bad design or lacking instructions combined pressure is not a good sum of elements.

This Hawaii false missile alert is a good example of a case where a user interface design can do huge misunderstanding and panic for the people. Luckily in this case there wasn’t real danger but a good example that with better design these kind of mistakes could have been prevented too.

“BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.” 

Alert above was sent to Hawaii citizens on 13.01.2018 and it made people to panic and pack their stuff and run away, even thought nothing was going to happen.

According to Don Norman in FastCompany the system is tested twice a day with the person doing the test selecting the test message from a list. In this case, it is believed, the person accidentally selected the wrong message.

“Someone clicked the wrong thing on the computer” - Richard Rapoza

”Three words that can potentially reframe how we think about solutions that can prevent this kind of accident from happening down the road: BLAME THE DESIGN.” - Melnick, Klick 2018

”The main, elementary design rule is: never do a dangerous (or irreversible) action without requiring confirmation,* ideally by a second person who is separated from the person doing the action.” - Norman, FastCompany 2018

Picture of the list (DTowcFJU0AAvtVo)

Of course it’s easier to blame the person who clicked the button to send the message but in the article there was explained well that problems that poor design construct are mainly poor labeling, disorganization, non-differentiated visual treatments and poorly done error prevention.
When the mistake was noticed they informed the citizens as soon as possible and told that there no missiles coming and everything is alright.
Luckily these kind of "fake"disasters  are also an opportunity to learn from our mistakes and make the softwares that we use better, so we don't repeat them again in the future. Here is also a quick good example how the software used for the warning system could be improved. There could be more clear interface with bright colors and simple easily understandable text(labeling). Another feature can be the double-check part, are you sure ? - if yes please confirm.

Example of improved GUI (5-hawaii.png)

Ugly design saves lives!

Smoking has been a major problem all the time and all around the world. The nicotine in it creates addiction and it's difficult to quit when once started. Australia made great approach towards to discrease the amount of smokers.

They actually made history in 2012 when publishing the new cigarette packs with unappealing color as possible and realistic pictures of the consequences of smoking. The color is called “Opaque Couché” and gives an image of death and filth. The packages are covered with ugly  garish photos of smoking-related illnesses like for example tooth problems, tumors, diseased heart muscle and rotted toes etc. The purpose behind this has been getting people to stop smoking and decrease the purchase amount of the cigarette products.

“It’s an unequivocal message that this is a dangerous product and not a lifestyle product.” - Hammond, University of Waterloo

Cigarette packs before (cigs.jpg)

Smoking packages now smoking_1866776c.jpg

According to the study of Victoria White, Tahlia Williams and Melanie Wakefield, the introduction of plain packaging with larger graphic health warnings changed adolescents’ perceptions of cigarette packs and brands. The new packaging and branding has affected enormously to the opinion of smoking and smokers in general and also for its purchasing numbers around the world. They also stated that seven to 12 months after the introduction of standardized packaging in Australia, the appeal of cigarette packs and brands to adolescents who had seen packs in the previous 6 months had decreased significantly.

Sources:

https://www.cracked.com/article_19776_6-disasters-caused-by-poorly-designed-user-interfaces.html (published 17.04.2012, accessed 28.03.2021)

https://www.klick.com/health/news/blog/user-experience/disaster-due-to-disastrous-design/ (published 26.01.2018, accessed 28.03.2021)

https://www.fastcompany.com/90157153/don-norman-what-went-wrong-in-hawaii-human-error-nope-bad-design (published 16.01.2018, accessed 28.03.2021)

https://www.creativesafetysupply.com/articles/safety-colors/ (published 30.08.2016, accessed 28.03.2021) 

https://www.smithsonianmag.com/smart-news/worlds-ugliest-color-could-help-people-quit-smoking-180959364/ (published 09.06.2016, accessed 30.03.2021)

https://tobaccocontrol.bmj.com/content/24/Suppl_2/ii42 (published 25.02.2015, accessed 30.03.2021)