Hacking in the university: contesting the valorisation of academic labour

In this article I argue for a different way of understanding the emergence of hacker culture. In doing so, I outline an account of ‘the university’ as an institution that provided the material and subsequent intellectual conditions that early hackers were drawn to and in which they worked. I argue that hacking was originally a form of academic labour that emerged out of the intensification and valorisation of scientific research within the institutional context of the university. The reproduction of hacking as a form of academic labour took place over many decades as academics and their institutions shifted from an ideal of unproductive, communal science to a more productive, entrepreneurial approach to the production of knowledge. As such, I view hacking as a peculiar, historically situated form of labour that arose out of the contradictions of the academy: vocation vs. profession; teaching vs. research; basic vs. applied research; research vs. development; private vs. public; war vs. peace; institutional autonomy vs. state dependence; scientific communalism vs. intellectual property

Landscape Mapping of Civil Society Digital Security in West Africa

In today's digital age, organisations are constantly exposed to various digital security threats. For civil society organisations (CSOs) in West Africa, the threat of cyber-attacks and data breaches is a real and growing concern. This study aims to shed light on the digital security challenges facing CSOs in West Africa, and to provide recommendations on how they can better protect themselves against digital security threats. By examining the most common threats, the exposure of CSOs to these threats, their preparedness to respond, and the effectiveness of national and organisational level policies, the study provides an in-depth analysis of the digital security landscape in West Africa

ALL-MASK: A Reconfigurable Logic Locking Method for Multicore Architecture with Sequential-Instruction-Oriented Key

Intellectual property (IP) piracy has become a non-negligible problem as the integrated circuit (IC) production supply chain is becoming increasingly globalized and separated that enables attacks by potentially untrusted attackers. Logic locking is a widely adopted method to lock the circuit module with a key and prevent hackers from cracking it. The key is the critical aspect of logic locking, but the existing works have overlooked three possible challenges of the key: safety of key storage, easy key-attempt from interface and key-related overheads, bringing the further challenges of low error rate and small state space. In this work, the key is dynamically generated by utilizing the huge space of a CPU core, and the unlocking is performed implicitly through the interconnection inside the chip. A novel low-cost logic reconfigurable gate is together proposed with ferroelectric FET (FeFET) to mitigate the reverse engineering and removal attack. Compared to the common logic locking methods, our proposed approach is 19,945 times more time consuming to traverse all the possible combinations in only 9-bit-key condition. Furthermore, our technique let key length increases this complexity exponentially and ensure the logic obfuscation effect.Comment: 15 pages, 17 figure

Network Forensic Investigation of Internal Misuse/Crime in Saudi Arabia: A Hacking Case

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic (Al Sharia) law. Network forensic investigators should comprehend Islamic legal requirements for admissible evidence such as privacy of a suspect, integrity and availability of evidence. These legal requirements should be translated into information technology to conduct the processes of digital forensic. These processes include searching for, collecting, preserving and presenting electronic evidence in an Islamic court. Although insider abuse/crime have not been usually reported to the law enforcement in Saudi Arabia, a hacking case is provided and examined in order to highlight shortcomings for producing eevidence at an organisational level in Saudi Arabia. Furthermore, this case shows that there is a conflict between the technical (ad-hoc) process of collecting e-evidence which has been followed at an organisational level by network forensic investigators and the main principle of forensic procedure in Saudi Arabia. It also illustrates that there is no technical investigative standard for digital evidence. Moreover, this research addresses these issues by proposing a technical investigative standard for digital evidence. As a result of this standard, network forensic investigation is able to produce evidence with respect to the principles of forensic procedure in Saudi Arabia. Keywords: Internal threats, malicious insider, network forensic investigation, hacking, formal controls for digital forensics, technical controls for digital forensics, informal controls for digital forensics, forensic procedure in Saudi Arabi

The creation of a national information policy combating cyber terrorism

The infrastructures of the United States are dependent upon computers. This creates a new threat to the national security of the United States in the form of cyber terrorism; Cyber terrorism is the new type of warfare. It can take a cyber terrorist seconds to break into a computer network, download information, and leave without a trace. There needs to be a comprehensive policy to combat the cyber terrorism threat; The National Information Policy is a set of ideas brought together to combat the threat of a cyber terrorist attack against the infrastructures of the United States. These ideas include: redefining the role of the military, cooperation between public and private sectors, creation of information conditions, and the establishment of a cyber court

Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats

Vehicles have become complex computer systems with multiple communication interfaces. In the future, vehicles will have even more connections to e.g., infrastructure, pedestrian smartphones, cloud, road-side-units and the Internet. External and physical interfaces, as well as internal communication buses have shown to have potential to be exploited for attack purposes. As a consequence, there is an increase in regulations which demand compliance with vehicle cyber resilience requirements. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.To address this issue, we have performed a comprehensive threat and risk analysis based on published attacks against vehicles from the past 10 years, from which we further derive necessary security and resilience techniques. The work is done using the SPMT methodology where we identify vital vehicle assets, threat actors, their motivations and objectives, and develop a comprehensive threat model. Moreover, we develop a comprehensive attack model by analyzing the identified threats and attacks. These attacks are filtered and categorized based on attack type, probability, and consequence criteria. Additionally, we perform an exhaustive mapping between asset, attack, threat actor, threat category, and required mitigation mechanism for each attack, resulting in a presentation of a secure and resilient vehicle design. Ultimately, we present the Resilient Shield a novel and imperative framework to justify and ensure security and resilience within the automotive domain

Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms

The Legal Aspects and the Enhanced Role of Cybersecurity in Protecting the Electronic Voting Process in the Context of Jordan Parliament Election Law No. (4) of 2022

This study, entitled: The legal aspects and the enhanced role of cybersecurity in protecting the electronic voting process , dealt with the concept of the electronic voting process, in addition to the most important characteristics of that process, as well as highlighting the pros and cons related to the electronic voting system. Then, the researchers singled out a proposed approach for the electronic voting process in terms of the adopted mechanism and cyber protection in accordance with the provisions of the Jordanian Election Law No. (4) of 2022. At the end of the research, the researchers recommended activating the text of Article 40 of the electoral law by issuing legislation that regulates the electronic voting process and enhances the protection of cyber security, and then updating the technical and legislative system of the Independent Election Commission and the Ministry of Political Development