Digital Security 1

Digital Security: The History and Evolution of Cyber Safety

Christina Aspland

Business Writing 211

Instructor Kathy Standen

November 16, 2016

Digital Security 2

Table of Contents

Executive Summary 3Introduction 4Discussion of Findings 4

Cyber Security 4What is cyber security? 4What is a cyber-attack? 4Who is behind the attack? 5What steps is cyber security taking to protect people? 5

Digital Security Failures 6The First Known Online Bank Robbery 6

How they did it 6How it was resolved 6Impact on cyber security 6

The Ashley Madison Hack 6The crime 7The aftermath 7Lessons learned from the Ashley Madison hack 8

Cyber Security and Politics 8Hillary Clinton’s Email Controversy 8

Why was it an issue? 8What to expect when creating a server 8The Outcome Currently 9

Cyber Warfare on a Greater Scale 9Zero Day Attacks 9

Recent examples of a zero day 9How to prevent zero day attacks 10Pwn2Own 10

The Sony Hack 10How did it happen? 11Why did the hackers target Sony? 11The damage done to Sony. 11

Anonymous and vigilantism 11The background of Anonymous 11Who is Anonymous today? 12

Conclusions 13Recommendations 13References 14Appendix 17

List of FiguresFigure

1 Average of Losses in 2014 52 The Top 25 Cities Affected by the Data Breach 7

Digital Security 3

Digital Security: The History and Evolution of Cyber Safety

Executive Summary

Over the last few decades, cyber security has become a significant concern among government bodies, and commercial businesses. Nearly everyone in society is connected to the digital world in some way, and because of that everyone is at risk. Hackers are invading sophisticated digital infrastructures more frequently now than ever recorded in history.

Vigilantism has started to emerge in the cyber world. One of the most well-known vigilante groups is Anonymous. The group consists of hundreds, if not thousands of unknown hackers claiming to protect human rights. Although the government refuses to claim association with the group, it seems they have no intention to stop the group from breaking the law.

Hackers have a wide variety of motivations. Some hackers hack for bragging rights; others hack because they are bored. People who use malware, or viruses to hack are in search for an easy way to steal. More sophisticated hackers look for unpatched failures in software to destroy servers and companies. It is likely that hackers exchange digital codes and information over a black market; high profile programs and software can be sold upward of $500,000. Another group that utilizes hacking for their own ends are terrorists. They leverage vital information to hurt others. Countries are always searching for cyber leaks to undermine rival countries in hopes to achieve a specific political dominance.  

The National Security Agency, the National Cyber Security Alliance, the Federal Bureau of Investigation, and the Department of Homeland Security, have supported the National Cyber Security Awareness Month in October every year since 2004. The goal of this event is to promote cyber awareness and encourage the public to be more proactive about their security practices online.

It is estimated that cyber insurance companies will double prices of what they are currently charging over the next four years. Anything digital, or any technology that houses information, personal or private, needs protection. The cyber world is still a relatively new concept. Information discovered by hackers and researchers is not clearly defined yet. Buying and selling of virtual information is not clearly addressed in the legal realm.

Cyber security does not fall onto the shoulders of one individual. Vendors of goods and services need to protect their clients by fortifying their payment structures and networks. The government needs to create clear guidelines for cyber-crimes, and enforce them. Schools need to begin educating people of the importance of cyber security and awareness. Preventing attacks starts with the user, creating strong passwords and always updating software when it is available.

We are taught from a young age to protect our valuables, lock our doors at night, and put our money in banks to prevent theft. Why does our security stop at the physical world? Considering that most financial assets are now stored online, it is critical that cyber security is taken seriously now more than ever before.

Digital Security 4

Introduction

One of the first cyber-attacks happened in 1989 with a simple computer worm. Since then, the Pentagon estimates about ten million attempts of cyber-attacks occur per day. Digital security has evolved quickly to respond to the sheer number of attacks launched.

As the digital world has grown, the need for security has become an everyday necessity. Most people are aware that anything posted to the internet is no longer private. What happens with finances, or business transaction? How does someone know that their assets will be protected from the millions of attacks every day?

Sources cited in this paper present a variety of current events. Credible sources used here include ABC News, business insider, and the Federal Bureau of Investigation.

The purpose of this paper is to discuss digital security and its applications.  The history of the issue its evolution, and its future will be discussed.  The most recent adjustments to digital security like recent server breaches and email security will be addressed. The benefits digital security will be evaluated as well as potential pitfalls or issues.  

Discussion of Findings

Before covering content on cyber-attacks, this paper will cover necessary background information on digital security.

Cyber Security

What is cyber security? Anything digital, or any technology that houses information personal or private requires protection. The digital world is so vast it cannot be summed up in one category. Some examples would be computers, software, programs, networks, and servers. As technology advances, information storage platforms multiply as do opportunities for hackers to gain unauthorized access. Cyber security is defined as protection of one's digital assets from criminal activities.  

What is a cyber-attack? Cyber-attacks can happen in numerous ways. Some of the most common attacks follow:

Trojans and viruses: Code that has the ability of duplicating itself to cause harm to systems or software.

Phishing attacks: Don’t click on those spam emails! Sometimes spam email contains a link, or a document that contains a virus that can damage a system and steal valuable information.

Zero day hacks: Unpatched or outdated software that gives hackers the opportunity to breach the software.

Computer worms: A program that can duplicate itself to compromise a computer system, sometimes so drastically the computer cannot be recovered.

Advanced persistent threats: Unauthorized criminals gain access to information in a database

These tend to be the most common forms of cyber-attacks. In 2014 approximately $800 million was stolen in cyber-crimes. Refer to (Figure 1).

Digital Security 5

Figure 1: Average of Losses in 2014

Source: Statista.com, May 26, 2015

Fortunately, there are precautions that can be taken to avoid falling prey to these scams.

Who is behind the attack? Every scenario is different. Some people do it to gloat to their peers. Others hack into a competitor's system to gain the upper hand in a marketing deal. A few of those hackers sell secured information on the black market for a profit. Some people believe they deserve the rights to information that is not their property; the government refer to these as vigilantes. Terrorists steal critical information to hurt our country by compromising the public trust in the government’s ability to keep us safe. The Federal Bureau of Investigation has created a special team dedicated to cyber security to prevent devastating attacks and reduce losses because of successful intrusions.

What steps are corporations and the government taking to protect people? For common breaches, virus scanners help prevent many cyber risks. Services like McAfee and Norton cover four out of the five most common cyber-attacks. The scanners detect Trojans, viruses, phishing, spyware, malware, and much more. Regularly performing scans on computers, and software can reduce the risk of infiltration. Also, be sure to update software as often as possible to avoid unpatched software leaks. These types of precautions will cover most online transactions. Refer to the appendix to view types of data, and the benefits and drawbacks each source can offer.

Digital Security 6

The National Security Agency, the National Cyber Security Alliance, the Federal Bureau of Investigation, and the Department of Homeland Security, have supported the National Cyber Security Awareness Month in October every year since 2004. The goal of this month is to promote cyber awareness and encourage the public to have a more secure online experience.

Digital Security Failures

The First Known Online Bank Robbery. As technology is advanced, so did criminal activity. About two decades ago the first cyber robbery occurred, resulting in $10 million of lost revenue. During July of 1994, the Federal Bureau of Investigation received an alert from a bank missing $400,000 from a client's account.

How they did it. The criminals behind the act retrieved information from the bank's cash management system. This system allowed clients to transfer money between bank accounts across the globe. They did this by compromising the accounts and accessing the identification and passwords on file.

How it was resolved. The FBI monitored the bank's transaction, searching for further illegal activity. About 40 illegal transfers were located during the months June through October. The money was being sent overseas, the total of all transfers added up to $10 million. The FBI proceeded to have all accounts frozen overseas so that no additional money could be stolen.

Russian authorities and the FBI worked together to uncover the criminals behind the act. Two co-conspirators were caught in Russia. Both attempted to withdraw funds and deposit them into personal accounts. These men were the middlemen in the crime, with the intention to move the profits into personal accounts and receive a lump-sum payment after the job was complete.

The only bank in the United States that received some of the stolen funds was in San Francisco. The owners of the bank account were a Russian couple. Both were caught trying to withdraw funds from accounts in the city and were arrested. They cooperated with authorities and informed them the hacking transaction was done inside a St. Petersburg computer firm. They also confirmed that they were working under Vladimir Levin, who was also Russian.

During March 1995, Vladimir Levin was tricked into traveling to London. He was arrested there and extradited to the United States where he pled guilty three years later.

Impact on cyber security. The banks that suffered losses took steps to improve network security. As this was believed to be one of the first online banking robberies, the financial industry is now more aware of the virtual theft and has made network security a priority. Additionally, the FBI expanded its online security, creating new teams to combat threats like this in the future.

The Ashley Madison Hack. Ashley Madison is a Canadian-based dating website encouraging adults to engage in acts of infidelity. Their slogan currently is “Life is short, have an affair.”  On July 20, 2015, a group that called themselves the “Impact Team” made multiple threats to the company implying they were going to leak personal information of their clients if they did not take down the website.

Digital Security 7

The crime. On August 18, 2015, the cyber criminals released confidential information of approximately 37 million customers. See (Figure 2) for the cities most affected. Thousands of people lost their jobs; numerous families disintegrated, and even some suicides happened because of the leaked information.

Figure 2: The Top 25 Cities Affected by the Data Breach

Source: Independent.co.uk, August 21, 2015

The aftermath. The company built its trust through the anonymity of the website. After the hack, Ashley Madison’s reputation has slipped through the cracks. Over $578 million in class-action lawsuits are filed against the company. These lawsuits claimed the company failed to protect the customer's information.

“The sensitivity of the information is so extreme, and the repercussions of this breach are so extreme, it puts the damages faced by members in a completely different category of class-action suits.” Ted Charney, a lawyer at Charney Lawers. (theguardian.com, 2015)

Unfortunately, the hacker was never found. Initially, it is suggested that the hack was from an internal source. This idea was ruled out based on the ransom notes left by the hackers before the data release. Investigators believe the attack was not random, and it is possible that the hacker had a personal grudge against someone using the website. It was also possible that the hacker believed himself or herself as a vigilante of a sort.

Digital Security 8

An anonymous hacker group released a statement saying, “The general assumption, in this community, seemed to be that attacking a firm such as Avid Life Media (A bit shouty, a bit sleazy) was fair game.” (theguardian.com, 2015)

Lessons learned from the Ashley Madison Hack. Any company has the potential to be a target for a cyber-attack. There is no single solution to be universally accepted by everyone in society. There is a chance someone behind a computer is waiting for the right moment to expose an embarrass a company. It is important for users and customers of any website to be cautious of their personal information. The full burden of online security does not weigh fully on the consumer; the producers and suppliers of online content need to protection of these resources as well. Companies need to take steps to be aware of potential threats.

Ashley Madison was hacked by what society knows today as a “Hacktivist”. This type of hacker bases their target on social and political views. These types of hackers commit about 25% of all cyber-attacks. It is important for businesses with controversial products and offerings take greater steps to improve their cyber-security.

Ashley Madison was unaware of the flaws in their security until after the data was released. Other companies should use this as an example, protect now before it is too late. Although in this case, the hacker’s methods are still unknown. Security teams suggest an outside company to test security systems by the penetration and vulnerability assessment. Every large company should back up their data, and have a backup plan should a hacker gain access to secure files. Be prepared to recover data as quickly as possible. Having a simple plan ready for an emergency like Ashley Madison’s attack could mean the difference between the end of a company and continuing success.

Cyber Security and Politics

Hillary Clinton’s Email Controversy. In 2009, Hillary Clinton created an email server from her home in New York. She used the server for both personal and work matters. She used the email during her full four years as secretary of state. Additionally, co-workers used this server as well. It became a turning point in March 2015, as it was a potentially violating federal regulations.

Why was it an issue? Using her personal server to relay classified and top secret government matters put the United States intelligence community at risk. A personal server is not nearly as secure as one regulated by the government. Any information forwarded to her server was at risk of exposure to terrorists and hackers. Clinton had a purpose for using private servers.  Deletion of content on a private server meant all information was gone permanently. Therefore, she could decide what information could remain private, and what would become public with respect to public records requests.

It was not until September 2016 that the server was fully handed over to the state Department of Investigation. Of the thousands of emails, about 125 contained restricted information that could potentially be misused if the content was stolen.

What to Expect When Creating a Server.  Hillary Clinton claims the server was created out of convenience. Creating a server is not easily done. A server can be the size of a computer

Digital Security 9

or multiple computers. Additionally, there needs to be an operating system to host the server. Encryption, domain, software, firewalls, and a dozen other needs must be met to run a fully functioning server. It is complicated enough that someone with professional IT experience would be required to create such a platform. Having a private server requires an entire team of security providers to create a secure and protected environment.

The government offers email services to government employees that protects them from potential threats and dangers. Although no system is perfectly protected, the government has multiple departments backing up these servers to provide the most secure environment for top secret information.

Clinton’s server would require extremely complex passwords, to protect herself from potential threats and malware that could penetrate the accounts. Robert Siciliano, an internet security professional, stated, “A home server is kind of like putting your money in your mattress.” (theatlantic.com March 16, 2015) It is believed that her server is complex, but it is unknown how well protected it was.

It is thought that she created this server to avoid the threats of the faulty cloud system associated with email currently. Cloud type emails such as Yahoo, and Gmail, has information stored in a server that cannot be controlled by the user directly. The laws regulating private servers being used for government officials is presently ambiguous.

The Outcome Currently. A second investigation conducted by the Federal Bureau of Investigation has cleared Clinton from breaking any outstanding laws, although that does not excuse the poor behavior. The FBI director James Comey stated, “There is evidence that they were extremely careless in their handling of very sensitive, highly classified information.” (CNN, July 2016). Comey also explains that while Clinton was traveling outside of the United States, it was feasible that belligerent persons could have accessed the documents. Emails can be breached easily through viruses, phishing, and spam. This was what initially raised the concern and investigation of the emails.

Cyber Warfare on a Greater Scale

Zero Day Attacks. Although the above cyber-attacks are rather common, there are threats that are more significant. Elite hackers search for something called “zero days”. This term refers to vulnerability in a specific piece of software that the company involved is not aware of the weakness. It could affect anything from a webcam on a computer, to completely disabling a moving vehicle.

Recent examples of a zero day. Charlie Miller was formerly known for hacking the national security agency but now works as a security researcher. In 2015, he discovered a way to hack Chrysler vehicles from hundreds of miles away.  With the touch of a button, Miller could easily remove the brakes or put the car in reverse. Miller could even disable the brakes of thousands of vehicles at once. He did this by hacking into the head unit, which is the receiver inside of the dashboard of the car. The reason he could interfere with the car remotely was that the head unit connects to the internet. All they had to do was connect to the head unit, realize there was a vulnerability, and begin transmitting the code to alter the software.

Digital Security 10

Miller contacted Chrysler about the hole in the software immediately. The company did not do anything to resolve the issue at first. After nine months and no response, Miller made the information available to the public. Chrysler patched the software within the week.  

How to prevent zero-day attack. Software needs to be monitored and patched regularly. Patching software involves resolving issues with existing code. Security researchers like Miller are often scolded for finding these “zero-day” issues. Companies have no interest in taking time and spending money on problems that currently do not exist. Companies turn a blind eye to holes in the software found by security researchers. Following the previous example, the company was angry with Miller for his capacity to penetrate the systems of thousands of cars at once. In this case, the company was lucky the information did not land in the hands of a someone interested in hurting the United States.

After the crisis was over, Chrysler opened a bounty program to the public offering rewards to anyone who discovered bugs in the system. Zero days can cost companies thousands of dollars, and software companies are fighting to patch any existing flaws.

Although sometimes preventable, a zero day can be sold into the wrong hands for upwards of half of a million dollars and used for destruction. While this sounds like dealing in the black market, buying and selling of zero days are not yet regulated or considered illegal. The security researchers tend to refer to this market as the defense and offense market. Bug bounty programs give hackers the opportunity to make a profit without doing deals with people who may intend to do harm.

There are only four ways handle a zero-day attack:

1. Resolve the software issues internally2. Higher an external security researcher3. Put out a bug bounty for the software holes4. Ignore the issues until someone somewhere attacks the company

Pwn2Own. Pwn2Own is a conference for hackers held annually in Vancouver, Canada since 2008. It spotlights cyber security, and each year targets different software like Adobe, or Microsoft, with the intent to uncover flaws that could potentially destroy a company. There are half a million dollars in prize money at stake for the winning team. These teams often research the zero days of software for months in advance. The information uncovered from the conference is divulged to the vendors so they can resolve the issues.

This year TenCent Security Team Sniper, a team based in Shanghai, took home $145,000 in rewards for their zero-day discovery against Microsoft Edge. In an interview after the conference was over, TenCent explained that during the conference they received an offer to sell the zero-day code for an unknown amount of money to a third party. They also stated that throughout the year, as they discover these zero-day they use open channels to contact the vendors. They refused to comment on who they were selling too, but claim they discover these faults with the intent to defend, not attack.

The Sony Hack. During November 2014, executives at Sony Corporation received an extortion email. It implied that someone had information about the company, and they were threatening to release it. Sony immediately reported to The Federal Bureau of Investigation, but

Digital Security 11

within the week, associates lost all control of their computers when a hacker group took full authority of the company’s systems. Soon after the hackers had penetrated the systems, confidential information started appearing all over the internet. The data included everything from employee salaries, corporate information, and movie leaks. Sony executives were struggling to protect what was left of the company, but the damages were done and they were too late.

How did it happen? The Federal Bureau of Investigation concluded it took multiple days, if not weeks to retrieve the data. They suggested that spear phishing could have be the key into the system. Spear phishing happens when someone within the company receives an email with content that has an attachment or link. Once the attachment is opened, or the link has been accessed, the program launches malware that can debilitate a system within hours. The malware has a small contingency though, being that it can only access what the user can access. To get the information that they did, it is likely the malware breached the system of an employee with administrative authority. The malware began copying records of data, but also the hackers programmed it to delete information from the systems, almost wiping Sony’s servers clean.

Why did hackers target Sony? Sony was in the middle of producing a movie called The Interview. In short, the movie was a political satire comedy with the climax of the movie ending in the death of Kim Jong-il, the current leader of North Korea. Throughout the production of the movie, the company received messages stating, “Don’t forget September 11”. Sony made the decision to never release the film and remove all advertisements about it. On December 19, 2014, Barack Obama released a statement that North Korea was behind the cyber-attack. This was the first time a President openly linked a cyber-attack directly to another country.

The damage done to Sony. The co-chairman of Sony Pictures, Amy Pascal, was forced to resign from her position within six months after the hack, due to salacious emails. After investigations and other damages, Sony paid over $15 million in expenses. At the end of 2014, Sony reported an average loss of $341 million overall in profit was lost from the company that year.

Anonymous and vigilantism. Vigilantism has become more pronounced in the past few years in the cyber world.One of the most well-known vigilante groups is Anonymous. The group consists of hundreds, if not thousands of unknown hackers claiming to protect human rights. Although the government refuses to claim association with the group, it seems they have no intention to stop the illegal activity that the group continues to proudly parade.

The background of Anonymous. The first attack by Anonymous was directed towards The Church of Scientology. The Church of Scientology interested in removing a controversial video with Tom Cruise that was leaked from someone inside the organization. The church started threatening companies, such as Gawker, that posted the video. Anonymous decided to troll the church. Trolling is defined as an act of online communication from one person to another with the intent to harass and irritate the recipient. The content of the message can range from petty arguments to tricking the recipient into clicking on a link to a bizarre video or captioned picture that has nothing to do with the original topic. Anonymous began a series of prank calls, and sent the church hundreds of pizza deliveries. Anonymous saw that the petty acts weren’t doing enough, the group decided launched a Distributed Denial of Service, also known as DDoS. A DDoS attack overwhelms a system with so much information that it causes the server to crash. When the attack is over, the system can resume as normal, with no devastating damages.

Digital Security 12

Although the attack on the church was intended to be a trolling event, the group began playing with the idea of activism and real political movements.

Anonymous decided to protest in public against The Church of Scientology. What they expected was a small turnout, but what they got was thousands of protesters taking to the street wearing the group’s logo. This is the origin story of one of the largest vigilante groups still active today.

Who is Anonymous today? The group is ironically known by the Guy Fawkes masks worn by its supports, most well-known from the film V for Vendetta. The supporters view the group as a protest movement, a campaigning for social change. The group thrives on damaging the reputation of high profile people usually by leaking confidential information.

In 2011, the government began arresting members of Anonymous for high profile cyber hacks. Most of the people arrested only served two or three months in jail, or paid a fine. The arrests only added fuel to the fire despite the government’s intention of weakening the group.

The only link the government had to Anonymous was an informant they had caught named Hector Xavier Monsegur. When they arrested Monsegur, they gave him the option to reveal what information he knew about members of Anonymous or risk going to prison and losing custody of his foster children. Monsegur decided to take the offer, and sold out his friends and colleagues soon thereafter.  

Jeremy Hammond was one of the top hackers of Anonymous and believed in social activism even before the group was created. He was also one of the most significant hacktivists that was captured with the help from Monsegur. He helped launch a program in Anonymous called Antisec.  This program created a hack that penetrated the systems of Stratfor, a company that revolves around global intelligence. In summary, the company provides informed perspective about geopolitics and context to significant world events. Monsegur lead the Federal Bureau of Investigation to Hammond, who was arrested and is now serving ten years in federal prison for the Stratfor hack. In short, the Stratfor released thousands of credit-card information of clients to Stratfor.

It seems like the government decides when Anonymous is threatening, and when the illegal activity is beneficial to them. An unknown government informant stated that Anonymous has helped with a few key cyber-crime events and prevented cyber-attacks. They also revealed that Anonymous can be significantly more efficient at retrieving information that would potentially take weeks, if not months, to push through the required governmental red tape. For now, the government views Anonymous as a loaded gun. The organization could be weaponized or could function with the government in a symbiotic relationship. Only time will tell the ultimate outcome.  

Ultimately, the cyber world is still in its early stages of development. Some information discovered by hackers and researchers cannot be categorized yet. Buying and selling virtual information, such as a zero day, is not written clearly under the law. Cyber security has a lot of room to grow, and projections show that cyber insurance will double, if not triple, within the next five years.

Digital Security 13

Conclusions

The digital world has changed drastically over the last decade. Forward thinking has changed the way communities do business. The digital world has overridden society, and they have no intention to go back to pen and paper.

With technology developing so rapidly, the need for new security and safety precautions has quickly taking the forefront. Cyber security starts with the consumer. Consumers best defense against cyber theft can easily be managed at home. Using virus scanners regularly can effectively decrease these risks. Updating software regularly, and avoiding spam email can reduce these risks as well. Although these precautions seem simple, it can be the protection needed to save a consumer from identity theft.

Although the risk to the average user is relatively low, companies need to guard their assets a step further. Researchers suggest large corporation should designate teams to manage the large computer networks. Criminals trying to breach large systems like this seek loopholes in the software, discussed above as zero days. Additionally, team meetings should be held to further educate employees about potential risks and steps they can take to protect themselves and their colleagues.

Lastly, the cyber world lacks necessary regulations. Vigilantes, such as Anonymous, have proven to pull strings frequently with no repercussions. It is important that our government does not turn a blind eye, because one day information could slip into the wrong hands that may lead to disturbing consequences.

Recommendations

Cyber security does not fall onto the shoulders of one individual. Vendors of goods and services need to protect their clients by protecting payment structures and networks. The government needs to create clear guidelines for cybercrimes, and enforce those rules. Schools need to begin educating people of the importance of cyber security and awareness. Preventing attacks can start with the user, creating strong passwords and always updating software when it is available.

There is a need for further regulations by the government. The lack of laws governing cyber interactions is currently nonexistent. Considering the buying and selling of zero day codes and software is already underway, our government needs to create a platform that will regulate these sales. If these cyber programs reach the hands of a terrorist or criminal, the aftermath may be devastating. If our government begins taking steps now to control of the cyber world, we may be able to prevent events like the attack on 9/11.

We are taught from a young age to protect our valuables, lock our doors at night, and put our money in banks to prevent theft. Why does our security stop at the physical world? Considering that most financial assets are now stored online, it is critical that cyber security is taken seriously now more than ever before.

Digital Security 14

References

Armstrong, A. (2016, April 21). Pwn2Own 2016 - The Results. Retrieved November 10, 2016, from http://www.i-programmer.info/news/149-security/9556-pwn2own2016.html

Ashley Madison adultery website faces $578m class action over data breach. (2015, August 22). Retrieved November 07, 2016, from https://www.theguardian.com/technology/2015/aug/22/adultery-website-ashley-madison-faces-578m-class-action-over-data-breach

Boren, Z. D. (2015, August 21). Ashley Madison: 6 charts that show who uses the infidelity website. Retrieved November 07, 2016, from http://www.independent.co.uk/life-style/gadgets-and-tech/news/ashley-madison-hack-6-charts-that-show-who-uses-the-infidelity-website-10465498.html

Borrett, M. (2015, March 06). Modernizing Digital Security to Protect Banks From Fraud. Retrieved November 02, 2016, from https://securityintelligence.com/modernizing-digital-security-to-protect-banks-from-fraudblog/

Camhi, J. (2016, March 21). Cyber attacks are costing companies millions of dollars - here's how they can mitigate these costs. Retrieved November 03, 2016, from http://www.businessinsider.com/cyber-attacks-are-costing-companies-millions-of-dollars-heres-how-they-can-mitigate-those-costs-2016-2

Finn, D., & Van Alstin, C. M. (2015). Paper-era security in the digital age. Does hospital data security start with you?. Health Management Technology, 36(11), 12-13.

Fung, B. (2013, March 8). How many cyber-attacks hit the USA last year? Retrieved November 2, 2016, from http://www.nextgov.com/security/2013/03/how-many-cyberattacks-hit-united-states-last-year/61775/

Gallinger, D. (Producer). (2016, October 25). Cyberwar S2 Ep1 [Television series episode]. In Zero Day. Viceland.

Grimes, R. A. (2012, December 04). The 5 cyber attacks you're most likely to face. Retrieved November 03, 2016, from http://www.infoworld.com/article/2616316/security/the-5-cyber-attacks-you-re-most-likely-to-face.html

Hot Technologies in Cyber Security - Cyber Degrees. (n.d.). Retrieved November 02, 2016, from http://www.cyberdegrees.org/resources/hot-technologies-cyber-security/

Julian, T. (2014, December 04). Defining Moments in the History of Cyber-Security. Retrieved November 02, 2016, from http://www.infosecurity-magazine.com/opinions/the-history-of-cybersecurity/

Digital Security 15

Kim, S., & Enjoli, F. (2015, October 1). What You Should Know About the New Credit Card Chip Rule. Retrieved November 02, 2016, from http://teslapayments.com/2015/10/what-you-should-know-about-the-new-credit-card-chip-rule/

Kreig, G. (2016, July 5). FBI boss Comey's 7 most damning lines on Clinton. Retrieved November 09, 2016, from http://www.cnn.com/2016/07/05/politics/

Krebs on Security. (2015, August 15). Retrieved November 03, 2016, from

https://krebsonsecurity.com/2015/08/who-hacked-ashley-madison/

Leffler, Greg (2015 December 27). Types of Internet Security Threats and Its Prevention. Retrieved November 2, 2016, from www.linkedin.com/pulse/types-internet-security-threats-its-prevention-mr-ooppss

Murphy, M. (2015, March 16). Retrieved November 07, 2016, from http://www.theatlantic.com/technology/archive/2015/03/how-to-set-up-a-clinton-style-home-server/387841/

Richter, F. (2015, May 26). Infographic: Americans Lost Hundreds of Millions to Online Scams in 2014. Retrieved November 07, 2016, from https://www.statista.com/chart/3494/internet-scams-2014/

Rosenquist, M. (2016, May 23). What cybersecurity data should you trust? Retrieved November 07, 2016, from http://blogs.intel.com/evangelists/2016/05/23/cybersecurity-data-trust/

Security – Digital Citizenship. (n.d.). Retrieved November 02, 2018, from sites.google.com/a/aea11.k12.ia.us/heartland-digital-citizenship/security

Shueh, J. (n.d.). 12 Startups Poised to take on the Latest Cybersecurity Threats. Retrieved November 02, 2016, from http://www.govtech.com/security/12-Startups-Poised-to-take-on-the-Latest-Cybersecurity-Threats.html

Teenage hackers are biggest cyber threat. (2015). Daily Telegraph (London), 14.

Ten Ways Evolving Technology Affects Cybersecurity. (2016). Retrieved November 02, 2016, from http://programs.online.utica.edu/articles/ten-ways-evolving-technology-affects-cybersecurity-0321

Walker, H. (2015, March 10). Why did Hillary Clinton delete about 30,000 emails? Retrieved November 03, 2016, from http://www.businessinsider.com/why-did-hillary-clinton-delete-about-30000-emails-2015-3

Why is Cybersecurity Important? (2015, April 28). Retrieved November 13, 2016, from http://informationassurance.regis.edu/ia-programs/resources/ia-update/why-is-cybersecurity-important

Digital Security 16

Zaharia, A. (2015, October 15). 12 True Stories that Will Make You Care About Cyber Security - Heimdal Security Blog. Retrieved November 02, 2016, from https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-about-cyber-security/

Zetter, K. (2015, August 21). Answers to Your Burning Questions on the Ashley Madison Hack. Retrieved November 03, 2016, from https://www.wired.com/2015/08/ashley-madison-hack-everything-you-need-to-know-your-questions-explained/

Zurcher, A. (2016, November 6). Hillary Clinton emails - what's it all about? Retrieved November 07, 2016, from http://www.bbc.com/news/world-us-canada-31806907

Digital Security 17

Appendix

Source: intel.com (May 23, 2016)