Information and System Security

This session will discuss ping attacks, password cracking, and social engineering, all related to information and system security.  If anyone is familiar with DOS and ping commands, you will find that this is the simplest form of sending data over the internet.  This is how computers and servers talk to each other, sending and receiving packets of information and translating them into usable information.  However, sometimes, the systems can be overloaded with too much data, which bogs the system down or can even crash the system.  Sometimes, hackers or malicious individuals try to crash systems or cause interruptions to the flow of information on purpose, which is called a DOS attack.  The ping commands can use three types of “Denial of Service” or Internet Control Message Protocol (ICMP) attacks, which have unique effects.  There is the ping flood, Smurf attack, and the ping of death.  The main difference between these is the types of messages these cyber criminals send to do the dirty work.  The Flood or volumetric attack is a DDoS attack that uses shear volume.  This often hides the cybercriminal's real agenda to enter the target system and retrieve valuable data.  The Smurf or protocol attack is another DDoS attack similar to the flood attack, but it works at different network layers, like the router or other network devices (Imperva, 2021).  The Ping of Death attack is an IP fragmentation attack that uses the size limitations of packets to overwhelm the target.  Each of these attacks can be used to hide the main objective of stealing information or to just cause monetary loss by denying access to millions of users.

            There are other ways cybercriminals can exploit the internet or disrupt users' lives.  Some like gaining access to accounts and information by password cracking or social engineering.  Password cracking is a brute force effort to obtain the target's password to gain entry into the private information of the target or access financial accounts to steal money.  However, this type of hack is very time-consuming and very resource-intensive. Usually, it requires high-powered machine(s) like Graphics Processing Unit (GPU) clusters or cloud services (Tihanyi, N. et al., 2024).  Still, others like to aim for human vulnerabilities by utilizing social engineering.  As Theodore Longtchi (et al., 2024) state, “Humans are the weakest link in cybersecurity, and this situation is seemingly worsening” (p. 210).  This attempt at accessing information is by deception and manipulation to obtain private and confidential information for malicious acts.

            My suggestion to all computer users to keep from falling victim to password cracking would be to make your passwords at least sixteen characters long and change them often.  Figure 1 gives an indication of how long it would take to brute force a password with technology today.

                                    Figure 1

            Cybercriminals are sly and skilled at manipulation, so all technology users should take extra steps to guard their private and personal information because the criminals may have already grabbed some of your public information and is looking to fill in the gaps by social engineering to get a social security number here and an account number their and build a replica of you to exploit.

References

Imperva. (2021). DDoS Attack Types & Mitigation Methods | Imperva. Learning Center. https://www.imperva.com/learn/ddos/ddos-attacks/

Longtchi, T.T., R.M. Rodriguez, L. Al-Shawaf, A. Atyabi, and S. Xu. (2024). “Internet-Based Social Engineering Psychology, Attacks, and Defenses: A Survey.” Proceedings of the IEEE, Proc. IEEE 112 (3): 210–46. doi:10.1109/JPROC.2024.3379855

Tihanyi, N., Bisztray, T., Borsos, B., & Raveau, S. (2024). Privacy-Preserving Password Cracking: How a Third Party Can Crack Our Password Hash Without Learning the Hash Value or the Cleartext. IEEE Transactions on Information Forensics and Security, Information Forensics and Security, IEEE Transactions on, IEEE Trans.Inform.Forensic Secur, 19, 2981–2996. https://doi.org/10.1109/TIFS.2024.3356162

Whitney, L. (2022). How an 8-character password could be cracked in less than an hour [Image]. In TechRepublic. https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/