A Model for Emergency Response Systems

Cyber war and cyber terrorism is real and is being waged. Cyber terrorists and cyber warriors are attacking systems and succeeding in their attacks. This requires management to prepare for the worst case, the loss and destruction of critical data and systems. This chapter helps management prepare for this worst case by discussing how to design and build emergency response systems. These systems are used to respond to worst case attacks. Additionally, these systems are useful for responding to other disasters that can cause the loss of systems and data. This chapter presents research into emergency response systems and concludes with a model of what an emergency response system should consist of.

Data Mining

Data mining is a growing collection of computational techniques for automatic analysis of structured, semi-structured, and unstructured data with the purpose of identifying important trends and previously unknown behavioral patterns. Data mining is widely recognized as the most important and central technology for homeland security in general and for cyber warfare in particular

Content-Based Policy Specification for Multimedia Authorization and Access Control Model

Cyber terrorism is one of the emergent issues to handle in the domain of security and access control models. Cyber Terrorist attacks on information systems are growing further and becoming significantly effective. Multimedia object retrieval systems are considered one of many targets tolerable for such attacks due to the fact that they are being increasingly used in governmental departments. For these reasons, the need for an access control system is considered an unavoidable matter to be taken at a high priority. Several textual-oriented authorization models have been provided in the literature. However, multimedia objects are more complex in structure and content than textual ones, and thus require models to provide full multimedia-oriented components specification. In this paper, we point out some of the related work addressing multimedia objects authorization and access control models where objects such as documents, images, videos, sounds, etc., are being protected from unauthorized access. We describe also our model defined to handle multimedia content access control and security breaches that might occur due to users’ relations.

Use of Remotely Sensed Imagery in Cyber Warfare and Cyber Counterterrorism

Remote sensing refers to the acquisition of information at a distance. More specifically, it has come to mean using aerial photographs or sensors on satellites to gather data about features on the surface of the earth. In this article, remote sensing and related concepts are defined and the methods used in gathering and processing remotely sensed imagery are discussed. The evolution of remote sensing, generic applications and major sources of remotely sensed imagery and programs used in processing and analyzing remotely sensed imagery are presented. Then the application of remote sensing in warfare and counterterrorism is discussed in general terms with a number of specific examples of successes and failures in this particular area. Next, the potential for misuse of the increasing amount of high resolution imagery available over the Internet is discussed along with prudent countermeasures to potential abuses of this data. Finally, future trends with respect to this rapidly evolving technology are included.

Social Engineering

Traditionally, “social engineering” is a term describing “efforts to systematically manage popular attitudes and social behavior on a large scale” (Wikipedia, 2006). In this context, the practice of social engineering is the application of perception management techniques to a large populous. As it relates to terrorism, social engineering is a tool used by terrorists whose actions are intended to cause the loss of confidence in a social institution’s ability to protect the security of its citizens and assets.

SQL Code Poisoning

Anomaly Detection; Cookie Poisoning; CRLF Injection Attack; Cross-Site Scripting (or CSS) Attack Database Administrator (DBA); Database Management System (DBMS); Database Structured Query Language (SQL); Directory Traversal Attack; Google Hacking Attack; Secrecy; Integrity; and Availability; SQL Code Poisoning (or SQL Injection) Attack

The Analysis of Money Laundering Techniq

There exist many connections between money laundering and terrorism financing concerning illicit practices for fundraising, transfer or withdrawal of funds. The characteristic multistage process of money laundering is also typical for the terrorism financing and often contains a series of transactions in order to conceal the origin or disposition of money. The purpose of this article is the analysis of the best suited techniques of money laundering for terrorism financing using electronic payment systems (like transfers, mobile payment systems or virtual gold currencies). Furthermore, the suitability of payment systems for conducting secret transactions for terrorism financing will be analyzed regarding the realization of a single phase of money laundering.

Deception in Cyber Attacks

Cyberspace, computers, and networks are now potential terrain of warfare. We describe some effective forms of deception in cyberspace and discuss how these deceptions are used in attacks. After a general assessment of deception opportunities in cyberspace, we consider various forms of identity deceptions, denial-of-service attacks, Trojan horses, and several other forms of deception. We then speculate on the directions in which cyber attacks may evolve in the future.

Cryptography

One of the main methods of security is cryptography encrypting data so that only a person with the right key can decrypt it and make sense of the data. There are many forms of encryption, some more effective than others. Cryptography works by taking the original information and converting it with cipher text, which encrypts the information to an unreadable form. To decrypt the information we simply d the opposite and decipher the unreadable information back into plain text. This enciphering and deciphering of information is done using an algorithm called a cipher. A cipher is basically like a secret code, but the main difference between using a secret code and a cipher is that a secret code will only work at a level of meaning. This chapter discusses a little of the history of cryptography, some popular encryption methods, and also some of the issues regarding encryption, such as government restrictions.

Ten Information Warfare Trends

This chapter discusses the rapid entry of information conflicts into civilian and commercial arenas by highlighting 10 trends in information warfare. The growing societal reliance on cyber technologies has increased exposure to dangerous sources of information warfare threats. Corporate leaders must be aware of the diversity of potential attacks, including from high-tech espionage, organized crime, perception battles, and attacks from ordinary hackers or groups sponsored by nation-states or business competitors. Based on a literature review conducted by the authors, we offer an information warfare framework that contains the ten trends to promote a greater understanding of the growing cyber threat facing the commercial environment.