Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. [1] Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.
The term lawful hacking has been used for law enforcement agencies who utilize hacking. [2]
Security hackers have extensive knowledge of technology (particularly electronic devices and computer programs and networks), and may use their knowledge for illegal or unethical purposes. Hackers take advantage of vulnerabilities in software and systems; the hacking consists of manipulating computer systems or electronic devices to remotely control a machine or access stored data. [3]
Due to new technologies, it was necessary to update cryptographic algorithms. This need has raised the level of complexity of techniques used for encrypting the data of individuals to guarantee network security. Because of the difficulty of deciphering data, government agencies have begun to search for other ways to conduct criminal investigations; one such option is hacking. [4]
Since government hacking is characterized by the use of technology to obtain information on citizens' devices, some say that government agents could also manipulate device data or insert new data. [5] In addition to manipulating data from individuals, tools developed by the government could be used by criminals. [6]
To conduct searches and gain remote access on a regular, large scale, legal attempts have been made to change encryption. Weaker encryption would make technology less secure overall. Governments could copy, modify, or delete data during digital investigations.
Hacking is a set of actions which exploit the capabilities of electronic devices. Cyberwarfare is a set of practices in defense of political, socio-environmental, socio-technological and cultural causes which is waged in cyberspace (particularly the Internet). Intergovernmental cyberwarfare is a consciously defined, orderly action by a government to attack another government, focusing on the other country's resources, systems and organizations. A cyberattack, thought to be a joint US-Israeli operation, was made on Iran's nuclear power plants in 2010. The attack was made by Stuxnet, a computer worm which targets Microsoft Windows systems and Siemens devices. [7]
Government attacks on security use several methods.
This technique sends malware over the Internet to search computers remotely, usually for information which is transmitted (or stored) on anonymous target computers. Malware can control a computer's operating system, giving investigators great power. According to attorney and educator Jennifer Granick, the courts should restrict government use of malware due to its uncontrollable distribution. [8]
A government may find system vulnerabilities and use them for investigative purposes. The Vulnerability Action Process (VEP), a system-vulnerability policy, was created to allow the US government to decide whether to disclose information about security vulnerabilities. The policy does not require disclosure of security breaches to technology vendors, and discussion leading to a decision is not open to the public. [9]
Because of the complexity of encryption, governments attempt to unravel and defeat such security features to obtain data. Encryption backdoors allow the strongest encryption to be ignored. [9]
The government can hack into computers remotely, whether authorized or not by a court. To meet needs, agents CAN copy, modify, delete, and create data. With inadequate oversight of the judicial system, this practice occurs stealthily through the creation of warrants; it is possible to deny the sharing of malware details with defendants during a trial.
From the moment a government allows hacking for investigations and other reasons of state, positive or negative impacts are possible; a number of harms may occur.
Generally, hackers damage devices or software and may limit their operation; data on devices involved in the attack may be lost. Replacing devices and efforts to recover data may also be costly, increasing financial damage.
Hackers may also harm a target's image, specifically or generally. The reputation of an individual is placed at risk for a number of reasons; a person may be innocent but is hypothesized as the target of an attack. In most cases, the individual cannot perceive that he is being attacked and risks being involved in improper security practices.
Government operations on the Internet to assist in certain operations may reduce digital security. Other users may also be vulnerable to black-market actors, who could introduce viruses into software updates or create (or maintain) hardware. Loss of confidence in the Internet could affect communications and the economy. [3]
Due to technological innovations, the US government has focused on research techniques; examples include the use of hackers and malware through software deployment. Diversified methods infiltrate and monitor others, especially when the target is an irregular activity by the computer network and an investigation must be remote. [10] The Federal Bureau of Investigation uses Network Investigative Techniques (NITs).
The US government has increasingly used hacking as an investigative technique. Since 2002, the FBI has used malware in virtual criminal investigations. [11] The main research targets of early NITs were individual computers. The FBI has since developed a form of hacking that attacks millions of computers in one operation. [12] The use of this technique was encouraged by privacy technologies which ensure that users have their identity, and their activities, hidden. Malware is installed so the government can identify targets who use tools that hide their IP address, location, or identity.
The best-known and legitimate form of government hacking is the watering hole attack, in which the government takes control of a criminal-activity site and distributes a virus to computers that access the site. The malware can be installed through a link clicked by a user or through access to a site. The user is unaware of the infection on their machine; the malware partially controls it, searches for identifying information, and sends it to the source.
To deploy malware, the FBI requires authorization and uses search warrants issued by magistrates in accordance with Rule 41 of the Federal Rules of Criminal Procedure. According to a court transcript, one operation affected 8,000 computers in 120 countries. [13]
In one case which demonstrated this new use of technology by the government, the FBI obtained access to a server in North Carolina that stored photos and videos of child victims of sexual abuse and shared them through a website accessed by thousands of users. Instead of shutting down the site, the bureau controlled it for 13 days to create hundreds of criminal cases. According to the FBI, its action was justified by the arrest of hundreds of alleged pedophiles. [14]
This section needs additional citations for verification .(July 2019) |
Former National Security Agency agent Edward Snowden announced in June 2013 the existence of the PRISM program, which monitors the Internet. [15]
The Ethiopian government was accused of using FinSpy software to obtain personal data from an Ethiopian naturalized American citizen. Kidane (the person's pseudonym) reportedly had data from Skype calls, Internet searches and emails monitored by the software.
Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.
Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Crimeware is a class of malware designed specifically to automate cybercrime.
Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.
Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.
Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.
The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.
The following outline is provided as an overview of and topical guide to computer security:
Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.
Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.
This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.
Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian, who target organizations rather than individual consumers.