Case Study 8: Information Security Threats and Policies in Europe (pages 357-358)

In the term "botnet" as used here, the "bot" is short for robot. A single bot is a software  program that can, when surreptitiously installed on a person's computer, execute certain specified commands. Botnet is a network of autonomous malicious software agent there are under the control of a bot commander. The network is created by installing malware that exploits the vulnerabilities of Web servers, operating systems, or application to take control of the infected computers.
 A botnet also refer to the collection of internet–connected programs in order to perform task. This can be as mundane as keeping control of an internet relay chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The world botnet is a portmanteau of robot and network.

Question 2:

The main point of the Digital Agenda of Europe is to define the key role that information and communication technologies will play in 2020.The initiative calls of a single, open Europe digital market. Another goal is that broadband speed of 30Mbps be available to all European citizen by 2020 in term of security, the initiative is considering the implementation of measure to protect privacy and the establishment of a well-functioning network of CERT to  prevent cybercrime and respond effectively to cyber-attacks. The European Commission has  proposed a Digital Agenda. Its main objective is to develop a digital single market in order to generate smart, sustainable and inclusive growth in Europe.

The obstacles hindering the Digital Agenda are the:

•fragmented digital markets;

•lack of interoperability;

•rising cybercrime and risk of low trust in networks;

•lack of investment in networks;

•insufficient research and innovation efforts;

•lack of digital literacy and skills;

•missed opportunities in addressing societal challenges


Question 3:

From a simple individual ping commands and message flooding to more sophisticated distributed denial of service (DDoS) attacks. Hacking is coordinated by using a large number of compromised servers organized in a botnet distributed around the world. There are 3 basic parts to a cyber-attack: i.

• Access: a method to get inside or gain access to a network or system ii.

• Vulnerability: some part of the system that the attacker can take advantage of or manipulate iii.

• Payload: the purpose of the attack, namely, what exactly is the target and how significant will the damage There are many other forms cyber-attacks may take.

Denial Of Service attack occurs when “an attacker attempts to prevent legitimate users from
accessing information or services.” This is typically accomplished when the attacker
overloads a system with requests to view information. This would be an example of a remote attack.

Spear phishing is another simple method by which an attack may gain access to a computer system or network. Once some information about a target is acquired, an email is sent  purporting to be from a legitimate company asking for information such as usernames and  passwords to banking websites or network logins.

Backdoors, or hooks, are placed inside a computer or network in order to create a vulnerability that can be exploited later on.

And tampering with basic electronics is a simple type of cyber-attack. It is also possible that such software or even hardware could be installed into electronics by the original manufacturer.

Question 4:

Malware, known as Stuxnet is a shorthand term that encompasses all types of malicious software. This includes viruses, worms, Trojan horses, spyware, and all other types of software that get put onto your computer without you knowing it. Malware may exploit weakness to initially infiltrate a system or to gain additional privileges on an already- compromised machine. The weaknesses may be exploiting automatically by malware authors creations or manually by attempt will be generically called attackers. Weaknesses fall into two broad categories, based on where the weakness lies. Technical weakness involves tricking people. The malware, hidden in shortcuts to executable programs (files with extension .ink) was executed automatically when the content of an infected USB drive was displayed. Employing this same technique, the worms were capable of installing other malware.

Data gathered later by other experts indicates that the worms was actually looking for some specific programmable Logic Controllers(PLC) devices used in a specific industrial plants. A fact that points to the possibility that malware was part of the sites infected with sabotage.

The significance that such a sophisticated treat represents to the industrial recourses in Europe and others parts of the world cannot be underestimated.