Locational wireless and social media-based surveillance

The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly available for extraction. A number of researchers have used this opportunity to design and build tools for a variety of uses – both respectable and nefarious. Furthermore, due to the peculiarities of the IEEE 802.11 specification, wireless-enabled smart devices disclose a number of attributes, which can be observed via passive monitoring. These attributes coupled with the information that can be extracted using social media APIs present an opportunity for research into locational surveillance, device fingerprinting and device user identification techniques. This paper presents an in-progress research study and details the findings to date

Locational wireless and social media-based surveillance

The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly available for extraction. A number of researchers have used this opportunity to design and build tools for a variety of uses – both respectable and nefarious. Furthermore, due to the peculiarities of the IEEE 802.11 specification, wireless-enabled smart devices disclose a number of attributes, which can be observed via passive monitoring. These attributes coupled with the information that can be extracted using social media APIs present an opportunity for research into locational surveillance, device fingerprinting and device user identification techniques. This paper presents an in-progress research study and details the findings to date

Industrial control protocols in the Internet core: Dismantling operational practices

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., by DRDoS attacks). In this paper, we measure and analyze inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. These traffic observations are correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We uncover mainly unprotected inter-domain ICS traffic and provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks. Additionally, we survey recent security extensions of ICS protocols, of which we find very little deployment. We estimate an upper bound of the deployment status for ICS security protocols in the Internet core

Cyber threats confronting the digital built environment: Common data environment vulnerabilities and block chain deterrence

Purpose Smart cities provide fully integrated and networked connectivity between virtual/digital assets and physical building/infrastructure assets to form digital economies. However, industrial espionage, cyber-crime and deplorable politically driven cyber-interventions threaten to disrupt and/or physically damage the critical infrastructure that supports national wealth generation and preserves the health, safety and welfare of the populous. The purpose of this paper is to present a comprehensive review of cyber-threats confronting critical infrastructure asset management reliant upon a common data environment to augment building information modelling (BIM) implementation. Design/methodology/approach An interpretivist, methodological approach to reviewing pertinent literature (that contained elements of positivism) was adopted. The ensuing mixed methods analysis: reports upon case studies of cyber-physical attacks; reveals distinct categories of hackers; identifies and reports upon the various motivations for the perpetrators/actors; and explains the varied reconnaissance techniques adopted. Findings The paper concludes with direction for future research work and a recommendation to utilize innovative block chain technology as a potential risk mitigation measure for digital built environment vulnerabilities. Originality/value While cyber security and digitization of the built environment have been widely covered within the extant literature in isolation, scant research has hitherto conducted an holistic review of the perceived threats, deterrence applications and future developments in a digitized Architecture, Engineering, Construction and Operations (AECO) sector. This review presents concise and lucid reference guidance that will intellectually challenge, and better inform, both practitioners and researchers in the AECO field of enquiry

What Makes Them Click? Applying The Rational Choice Perspective To The Hacking Underground

The increasing dependence of modern societies, industries, and individuals on information technology and computer networks renders them ever more vulnerable to attacks on critical IT infrastructures. While the societal threat posed by hackers and other types of cyber-criminals has been growing significantly in the last decade, main-stream criminology has only recently begun to realize the significance of this threat. Cyber-criminology is slowly emerging as a subfield of criminological study and has yet to overcome many of the problems other areas of criminological research have already mastered. Aside from substantial methodological and theoretical problems, cyber-criminology currently also suffers from the scarcity of available data. As a result, scientific answers to crucial questions, such as who exactly the attackers are and why they engage in hacking activities, remain largely fragmentary. The present study begins to fill this remaining gap in the literature. It examines survey data about hackers, their involvement in hacking, their motivations to hack, and their hacking careers. The data for this study was collected during a large hacking convention in Washington D.C. in February 2008. The theoretical framework guiding the analyses is the rational choice perspective (Clarke & Cornish, 1985). Several hypotheses about hackers are derived from the theory and some of its models are transposed into the context of hackers. Results suggest that the rational choice perspective is a viable theory when applied to cyber-criminals. Findings also demonstrate that the creation of more effective countermeasures requires adjustments to our understanding of who hackers really are and why they hack