1. Unit 9

2.  Lets finish strong in Unit 9 discussions  Alternative seminars  Final submission of work – Tuesday, October 9 th at midnight

4.  The motives behind terrorism are difficult to quantify. We need to focus on understanding the operational framework of the planning and executing of a terrorist attack.  Identifying the patterns and common factors associated with premeditated terrorist attacks allows us to proactively respond and mitigate them.

6.  Some terrorist groups now consider public indifference to be such that more spectacular incidents involving higher casualty rates are necessary to attract attention  The effectiveness of improved security measures will prompt terrorists to seek different methods of conducting attacks  Terrorist groups are now working closer together sharing manpower, intelligence, training, equipment, operational knowledge, and resources

7.  The identity of a large number of active terrorist groups and their members are unknown to intelligence agencies. Today’s terrorists are younger, more intelligent and more importantly are willing to die for their cause.

8.  Target selection  Target Intelligence – terrorists will conduct surveillance  Operational planning - vehicle bomb, aircraft, ship, suicide bomber, chemical, biological, radiological or nuclear

9.  Direct Attack  Suicide Bomber  Dirty Bomb Attack Using CBRN Materials  Bomb Threat  Any Combination of Above

10. Denial - A feeling that a terrorist attack could never really happen Failure - to detect or heed warnings Underestimating - the potential damage Recognition - Terrorist incidents cause other incidents Underestimating - response / reaction time Failure - to conduct ongoing and comprehensive threat, risk, vulnerability assessments, document, rehearse and integrate all crisis management and security response plans

11. Do you think we are more at risk of “technical” terrorists who attack networks, or those that choose to physically attack infrastructure?

12. Type of “Hacker”Description White hat hacker A white hat hacker has the skills to break into computer systems and do damage. However, he uses his skills to help organizations. For example, a white hat hacker might work for a company to test the security of its network. Black hat hacker A black hat hacker, also known as a “cracker,” uses his skills for unethical reasons (for example, to steal funds). Gray hat hacker A gray hat hacker can be thought of as a white hat hacker who occasionally strays and acts unethically. For example, a gray hat hacker might be employed as a legitimate network security tester. However, in the course of his ethical duties, he finds an opportunity for personal gain and acts unethically to obtain that personal gain. Phreaker A phreaker is a hacker of a telecommunications system. For example, a phreaker known as “Captain Crunch” used a toy whistle he found in a box of Captain Crunch cereal (which generated a 2600-Hz tone) to trick phone systems into letting him place free long distance calls. Convincing a telecommunications carrier to permit free long distance calls in this manner is an example of “phreaking.”

13. Type of “Hacker”Description Script kiddy A script kiddy is a user who lacks the skills of a typical hacker. Rather, he downloads hacking utilities and uses those utilities to launch attacks, rather than writing his own programs. Hacktivist A hacktivist is a hacker with political motivations, such as someone who defaces the website of a political candidate. Computer security hacker A computer security hacker is knowledgeable about the technical aspects of computer and network security systems. For example, this person might attempt to attack a system protected by an IPS by fragmenting malicious traffic in a way that would go undetected by the IPS. Academic hacker An academic hacker typically is an employee or student at an institution of higher education. The academic hacker uses the institution’s computing resources to write “clever” programs. Typically, these hackers use their real names (unlike the pseudonyms often used by computer security hackers), and they tend to focus on open-standards-based software and operating systems (for example, Linux).

14. http://www.msnbc.msn.com/id/44415109/ns/ technology_and_science-security/ http://www.msnbc.msn.com/id/44415109/ns/ technology_and_science-security/

15. http://www.youtube.com/watch?v=zCmJd6TI3 w0

16. In the overall state of affairs, are we winning or losing the battle?

17. http://www.youtube.com/watch?feature=endsc reen&NR=1&v=Poc8YCuK9r0

18. If you were to summarize what your learned into one sentence, what would you say?

19. If you were to give one piece of advice to somebody regarding what you learned in this class, what would it be?

20.  The final assignment is to analyze the State of Connecticut v. Julie Amero cyber crime case by drafting a Cyber Crime Case Analysis Position Paper. The paper should address the following:  Investigative questions/answers:  Who are the victims and the offenders?  What court charges were applied to the cyber crime case?  When did the event take place and over what length of time?  Where did the event take place?  Why did the offender committed the cyber crime committed?  How did the offenders perform the cyber crime?  The development of an Attack Tree for the cyber crime case.  An analysis of the legal issues argued by both cyber crime legal teams and your position either supporting or disagreeing with their legal arguments, and why.  To prevent the damage experienced in the cyber crime case from occurring in the future, what type of defense architectures (recommendations) should organizations implement?