A Three-Vector Approach to Blind Spots in Cybersecurity

Cyberattacks are often successful due to “blind spots”: biases and preconceived information that affect human decision making. Blind spots that obstruct a person's view of malicious activity may result in massive economic losses. This chapter examines eight cases of successful cyberattacks from economic, technological, and psychological perspectives to blind spots, termed the “core vectors.” While previous research has focused on these vectors in isolation, this chapter combines the vectors for an integrated view. As a result, the chapter provides a novel list of blind spots that enable cybercrime.

Internet-Facilitated Child Sexual Exploitation Crimes

Internet crimes against children are a problematic yet often misunderstood phenomenon. Prominent examples of these offenses include child pornography, adults soliciting minors online, and the commercialized sexual exploitation of minors (e.g., human trafficking). Drawing upon recent research, the characteristics of offenses, offenders, and victims are examined. A multitude of issues related to the psychological assessment, classification, and treatment of the individuals who commit these offenses are also explored. Strategies for the prevention of this behavior and protection of minors online are discussed.

Security of Identity-Based Encryption Algorithms

The concept of identity-based cryptography introduced the idea of using arbitrary strings such as e-mail addresses and IP addresses to form public keys with the corresponding private keys being created by the trusted authority (TA) who is in possession of a systemwide master secret. Then a party, Alice, who wants to send encrypted communication to Bob need only Bob's identifier and the systemwide public parameters. Thus, the receiver is able to choose and manipulate the public key of the intended recipient which has a number of advantages. While IBC removes the problem of trust in the public key, it introduces trust in the TA. As the TA uses the systemwide master secret to compute private keys for users in the system, it can effectively recompute a private key for any arbitrary string without having to archive private keys. This greatly simplifies key management as the TA simply needs to protect its master secret.

Information and Communication Technology Ethics and Social Responsibility

Information and communication technologies (ICTs) have penetrated during the last 20 years all human activities everywhere on the Earth. Humanity has entered into the information age, virtual reality and even virtual worlds have been crated. The basic ethical questions stay as they have always been: How are we to live? What are we to be? Of course, we ought to live good lives and be good persons. The aim of this chapter is to specify what “living a good life” and “being a good person” could be in the information age and to identify challenges and opportunities ICTs offer in this context. It is impossible to predict if the positive impacts outweigh the negative ones. Anyway, it is impossible to stop the development of ICTs. The open question is if the society ought to try to increase the costs of ICTs activities that are negative from the ethical point of view and to increase benefits of activities that are positive from the ethical point of view, who ought to do it and how. All members of society have responsibility to participate in discourse of this question.

Ethical Computing Continues From Problem to Solution

Ethical computing is instrumental in identifying and reaching a near-ideal solution to the problems arising from an environment that is technology-driven and information-intensive. Many of these problems that could have been avoided occur because we are either insensitive to or ignorant of their ethical implications. As a result, we could reach only a partial, compromised solution at best. An ideal solution is expected to be technically efficient, financially viable, legally admissible, ethically acceptable, socially desirable, and in many situations environmentally friendly (the so-called hexa-dimension criteria), and balanced in terms the six criteria or five criteria (in case the problem does not involve ecological concerns). An exposition of an ideal solution in terms of the requisite competence and the additive is presented.

The Nature, Extent, Causes, and Consequences of Cyberbullying

Raised in a digitally connected world, children and adolescents do not remember a time in which new media and technology were not such integral parts or their lives. There are many opportunities afforded by new media and technology, such as the ability to communicate efficiently with just about anyone and having access to an assortment of information at their fingertips. There is a darker side to children's and adolescents' immersion in the digitally connected world. One such consequence is cyberbullying, which has increased over the years, due to children's and adolescents' increasing usage of new media and technology. Further attention has been given to cyberbullying because of high profile cases of victims committing suicide as a consequence of being targeted by these behaviors. The purpose of this chapter is to describe the nature, extent, causes, and consequences of cyberbullying as well as cultural differences in these behaviors and theoretical underpinnings. Concluding this chapter are recommendations for future research and public policy.

Piracy and Intellectual Property Theft in the Internet Era

Stealing ideas is not something new, but stealing and transporting ideas in a massive amount has become possible in the era of the internet. Based on the frameworks of criminological theory/thesis, this chapter intends to elaborate intellectual property theft and piracy in cyberspace. Contemporary cases of intellectual property theft and piracy are used to illustrate the blurred line between victims and offenders. The impacts of related information technology should be carefully appraised, as more and more intellectual properties are in digital format.

Uncovering Limitations of E01 Self-Verifying Files

In computer forensics, it is important to understand the purpose of evidence file formats to maintain continuity of acquired data from storage devices. Evidence file formats such as E01 contain embedded data such as cyclic redundancy check (CRC) and hash values to allow a program to verify the integrity of the data contained within it. Students in computer forensics courses need to understand the concepts of CRC and hash values as well as their use and limitations in evidence files when verifying acquired data. That is the CRC and hash values in evidence file only verify the acquired data and not the evidence file per se. This important difference in E01 files was highlighted by showing students an anomaly in E01 files where certain bytes can be changed in E01 files without detection by computer forensic software using the embedded CRC and hash values. The benefit to students is that they can see the advantages of self-verification and limitations of what is verified giving the opportunity for a deeper understanding of evidence files and good practice.

Forensic Investigations in Cloud Computing

Cloud computing environments add an inherent layer of complication to a digital forensic investigation. The content of this chapter explores current forensic acquisition processes, why current processes need to be modified for cloud investigations, and how new methods can help in an investigation. A section will be included that provides recommendations for more accurate evidence acquisition in investigations. A final section will include recommendations for additional areas of research in the area of investigating cloud computing environments and acquiring cloud computing-based evidence.

Development of Personal Information Privacy Concerns Evaluation

Personal data is increasingly collected with the support of rapidly advancing information and communication technology, which raises privacy concerns among data subjects. In order to address these concerns and offer the full benefits of personal data-intensive services to the public, service providers need to understand how to evaluate privacy concerns in evolving service contexts. By analyzing the earlier privacy concerns evaluation instruments, we can learn how to adapt them to new contexts. In this chapter, the historical development of the most widely used privacy concerns evaluation instruments is presented and analyzed regarding privacy concerns' dimensions. Privacy concerns' core dimensions and the types of context dependent dimensions to be incorporated into evaluation instruments are identified. Following this, recommendations on how to utilize the existing evaluation instruments are given, as well as suggestions for future research dealing with validation and standardization of the instruments.