Computer Forensics and Irish Law

They say that ignorance of the Law is not a defence but how many people could really say that they have any idea of the legislation regarding compute use. The answer is not many and therefore most computer users do not know if their activities are considered illegal or illegal, other then the obvious ones that appear from time to time in the news media and normally involve fraud, theft or child pornography. This paper is a short overview and discussion of the Irish legislation that can be applied to computer activities and how “computer crime” is dealt with in Irish law courts

Cosmic Radiation

The planet Earth orbits the Sun in what is often considered to be empty space but is in fact full of very small charged particles speeding in all directions. The situation can be compared to the Earth having to constantly travel in a light shower of rain and with the atmosphere acting like an umbrella. The \u27rain\u27 is made up of charged particles called \u27Cosmic Rays\u27. The name cosmic ray was given long ago to invisible ionising radiation that could mysteriously discharge an electroscope even when the electroscope was heavy insulated. Early scientists quickly established a relationship between the rate of charge loss and altitude, i.e. a gold-leaf electroscope would loose its charge much faster at the top of a mountain than at sea level, [1]. Many clever experiments led scientists to suspect that invisible radiation was coming from the sky and penetrating the electroscope thus neutralising the charge, [2]. The nature of the ionising radiation and its origin has remained one of the primary areas of research in astrophysics over the last hundred years. This article gives an overview of elemental cosmic radiation and also presents the results from an experiment to measure the upper charge regions of the cosmic radiation spectrum

Improving the Stealthiness of DNS-Based Covert Communication

At present, the recommended stance to take regarding Cyber Security is to assume a state of compromise. With the increase in Bring Your Own Device (BYOD), the Internet of Things (IOT) and Advanced Persistent Threats (ATPs), network boundaries have become porous and difficult to defend from external threats. Modern malware is complex and adept at making its presence hard to detect. Recent studies have shown that some malware variants are capable of using multiple covert communication channels for command and control (C2) and data exfiltration activities. Examples of this level of covert communication can be found in malware that targets Point of Sale (POS) systems and it has been hugely successful in exfiltrating large amounts of valuable payment information that can be sold on the black market. In the vast majority of cases, malware needs to communicate with some control mechanism or human controller in order to coordinate attacks, maintain lists of compromised machines and to exfiltrate data. There are many channels that malware can use for its communication. However, in recent times there has been an increase in malware that uses the Domain Name System (DNS) for communications in some shape or form. The work carried out in this paper explores the extent to which DNS can be used as a covert communication channel by examining a number of advanced approaches that can be used to increase the stealthy nature of DNS-based covert channels. Our work describes techniques that can be used to shadow legitimate network traffic by observing network packets leaving a host machine (piggybacking), the use of statistical modelling such as the Poisson distribution and a dynamic Poisson distribution model that can be used to further conceal malicious DNS activity within a network. The results obtained from this work show that current DNS-based C2 and data exfiltration approaches employed by malware have considerable room for improvement which suggests that DNS-based covert communication will remain a realistic threat into the future

Detection of DNS Based Covert Channels

Information theft or data exfiltration, whether personal or corporate, is now a lucrative mainstay of cybercrime activity. Recent security reports have suggested that while information, such as credit card data is still a prime target, other data such as corporate secrets, employee files and intellectual property are increasingly sought after on the black market. Malicious actors that are intent on exfiltrating valuable data, usually employ some form of Advanced Persistent Threat (APT) in order to exfiltrate large amounts of data over a long period of time with a high degree of covertness. Botnets are prime examples of APTs that are usually established on targeted systems through malware or exploit kits that leverage system vulnerabilities. Once established, Botnets rely on covert command and control (C&C) communications with a central server, this allows a malicious actor to keep track of compromised systems and to send out instructions for compromised systems to do their biding. Covert channels provide an ideal mechanism for data exfiltration and the exchange of command and control messages that are essential to a Botnets effectiveness. Our work focuses on one particular form of covert channel that enables communication of hidden messages over normal Domain Name Server (DNS) network traffic. Covert channels based on DNS traffic are of particular interest, as DNS requests are an essential part of most Internet traffic and as a result are rarely filtered or blocked by firewalls. As part of our work we have created a test bed system that uses a covert DNS channel to exfiltrate data from a compromised host. Using this system we have carried out network traffic analysis that uses baseline comparisons as a means to fingerprint covert DNS activity. Even though detection of covert DNS activity is relatively straightforward, there is anecdotal evidence to suggest that most organisations do not filter or pay enough attention to DNS traffic and are therefore susceptible to data exfiltration attacks once a host on their network has been compromised. Our work shows that freely available covert DNS tools have particular traffic signatures that can be detected in order to mitigate data exfiltration and C&C traffic

Web Enabled Embedded Devices

The trend in manufacturing of computerised control systems has been to miniaturise the components while increasing the functionality of the systems. This has led to the development of small inexpensive hand-held computer devices coupled with the availability of a user friendly application development language, Java and public cost-effect communication networks has given the developer a programmable web-enabled embedded device. This paper investigates the steps involved in programming the Tiny InterNet Interface platform and analyses the limitations imposed by miniaturisation on this device

Modern Techniques for Discovering Digital Steganography

Digital steganography can be difficult to detect and as such is an ideal way of engaging in covert communications across the Internet. This research paper is a work-in-progress report on instances of steganography that were identified on websites on the Internet including some from the DarkWeb using the application of new methods of deep learning algorithms. This approach to the identification of Least Significant Bit (LSB) Steganography using Convolutional Neural Networks (CNN) has demonstrated some efficiency for image classification. The CNN algorithm was trained using datasets of images with known steganography and then applied to datasets with images to identify concealed data. The algorithm was trained using 5000 clean images and 5000 Steganography images. With the correct configurations made to the deep learning algorithms, positive results were obtained demonstrating a greater speed, accuracy and fewer false positives than the current steganalysis tools

Active vibration control (AVC) of a satellite boom structure using optimally positioned stacked piezoelectric actuators

In this paper, results for active vibration control predicted from experimental measurements on a lightweight structure are compared with purely computational predictions. The structure studied is a 4.5m long satellite boom consisting of 10 identical bays with equilateral triangular cross sections. First, the results from a Fortran code that is based on a receptance analysis are validated against the experimental forced response of the boom structure. Exhaustive searches are then carried out to find the optimum positions for one and two actuators. Finally, a genetic algorithm is employed to find high-quality positions for three actuators on the structure that will achieve the greatest reductions in vibration transmission. Having found these actuator positions, experiments are then carried out to verify the quality of the theoretical predictions. It was found that the attenuation achievable in practice for one, two and three actuators were, respectively, 15.1, 26.1 and 33.5 dB

Active vibration control (AVC) of a satellite boom structure using optimally positioned stacked piezoelectric actuators

In this paper, results for active vibration control predicted from experimental measurements on a lightweight structure are compared with purely computational predictions. The structure studied is a 4.5m long satellite boom consisting of 10 identical bays with equilateral triangular cross sections. First, the results from a Fortran code that is based on a receptance analysis are validated against the experimental forced response of the boom structure. Exhaustive searches are then carried out to find the optimum positions for one and two actuators. Finally, a genetic algorithm is employed to find high-quality positions for three actuators on the structure that will achieve the greatest reductions in vibration transmission. Having found these actuator positions, experiments are then carried out to verify the quality of the theoretical predictions. It was found that the attenuation achievable in practice for one, two and three actuators were, respectively, 15.1, 26.1 and 33.5 dB

Is Your Wireless Network Being Hacked?

Wireless networks provide vulnerable gateways for unauthorised entry to networks or even a standalone wireless computer. The independent radio signals that constitute wireless communications have no physical boundary to keep them in check. This allows a third party to easily eavesdrop on communications sessions and by capturing the data packets, they can break the encryption keys and access the data within the network. The public awareness of the insecurity of wireless networks is surprisingly poor despite frequent news media reports of the vulnerabilities of the equipment and the activities of the criminals prepare to exploit it. In this paper we review the security protocols commonly used on wireless networks and investigate their weaknesses by showing how easy it is to crack the codes using tools freely available on the Internet