Five Misconceptions About Cybercrime

Take a look inside the new book by cyber expert and University of Maryland University College (UMUC) adjunct professor Richard A. White, PhD.

Reading “Cybercrime: The Madness Behind the Methods” by Richard White, adjunct professor, cybersecurity information assurance at UMUC, is like going on a wild ride-along with a seasoned police officer.

The book exposes the true nature of cybercrimes and takes the reader into the psychology and motivations of the criminal. Through in-depth interviews with real-life hackers, cyber-bullies and a former FBI special agent, White delivers a holistic view of perpetrator and victim behaviors, and the steps we need to take to reduce the menace presented by hacking.

The bottom line is that cybercrime not going away and many people beyond the intended victim are affected. Technology alone is neither the sole cause nor the solution.

To help better understand cybercrime, White offers these five common misconceptions:

  1. Cybercrime originates from disadvantaged or “third-world” countries.

Cybercrime is one of the most highly organized crime syndicates ever to exist. In reality, the majority of the world’s hacks originate in developed countries such as China, Russia, the U.S., Taiwan, Romania and Hungary. Many players fulfill many roles, each for a profit exacted from victims. Tools are sold and methods are discussed on the Internet. Often programmers sell their tools with a money-back guarantee. Money has no conscience and does not care who earns it or how it is earned. No matter the country of origin, cyber criminals will always put their top-earning talents to work.

  1. Cybercrime is victimless because it is nonviolent.

Cybercrime may be perceived as victimless because it fits into the category of white-collar crime. White-collar crime is not trivial or victimless, as most white-collar criminals would have you believe. A single cybercrime effort can result in multiple victims. The original victim may have something stolen, data held for ransom or their identity used to fleece other organizations. One event can leave a single person dealing with an issue for years, but that event can also impact a person’s family, friends and co-workers who must deal with the issue and, of course, the taxpayers often take a hit.

  1. Cybercrime is committed by highly skilled and computer savvy people.

People with only basic computer skills commit most cybercrime. These criminals use simple and proven methods, many of which have been around for a long time, and seek the easiest way into a computer system. The software and methods used are readily available on the Internet for free or at a minimum cost. Phishing attacks are an example of how easy it really is. Too many people, even if they are suspicious of an email, will open it to see what is inside and, worse yet, will click a link to see where it goes.

  1. Cybercrime requires a technically complex and sophisticated solution.

As noted earlier, actual cyberattacks are not technically complex and sophisticated. But the organized crime aspects of the criminal network itself are, by their very nature, complex and sophisticated because they are designed to avoid detection and prosecution while exploiting the fruits of the actual cybercrime. Think of cybercrime as akin to a business where the actual thief is just one of many along a seemingly traditional hierarchy. With the sky being the limit and very little risk required to start, many potential hackers experiment at entry-level just to test their moxie and give it a try.

  1. Victims of cybercrimes are usually made whole again.

The sad fact is that victims often spend years trying to resolve issues created by cybercrime and rarely see the return of stolen funds. The onus is on the victim to prove that they did not apply for that credit card or transfer funds from their accounts. Imagine discovering one day that your house has a second mortgage loan on it for tens of thousands of dollars that you did not take out? And now the bank is foreclosing on your property because you did not make your loan payments. Cybercrime creates real victims dealing with long-lasting issues. But cybercrime is not always about money. Consider the fear and psychological trauma associated with cyber-stalking and cyber bullying.

“Cybercrime: The Madness Behind the Method,” published in late 2017, is available on Amazon.

Kick Off the New Year With a Comprehensive Cybersecurity Reading List

When you assemble your 2018 cybersecurity reading list, there may be no better place to start than with BookAuthority, a website based on thousands of recommendations made by hundreds of industry leaders. Hone your skills and increase your knowledge base by adding the following top entries from BookAuthority’s “100 Best Cyber Security Books of All Time” to your 2018 reading list.

“Blue Team Field Manual,” by Alan J. White, is a cybersecurity incident response guide aligning with the NIST Cybersecurity Framework consisting of the five core functions—identify, protect, detect, respond, and recover—by providing the steps to follow and commands to use when encountering a cybersecurity incident.

“Cyber Security Handbook: Protect Yourself Against Cyber Crime,” by W. Muse Greenwood, is an information resource to help business owners, leaders and team members develop policies and procedures.

“Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” by Marc Goodman, offers a journey into the digital underground to expose the ways in which criminals, corporations, and even countries are using new and emerging technologies.

“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Kim Zetter, recounts the story behind the virus that sabotaged Iran’s nuclear efforts. Zetter’s book describes how a digital attack can have the same destructive capability as the most destructive bomb.

“The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal the 2016 Election,” by Malcolm Nance, is must reading for anyone concerned with the way in which cyber thieves hacked the Democratic National Committee and stole sensitive documents, emails, donor information, and voice mails with the singular goal of getting Donald Trump elected president.

Finally, you will want to add “Cybersecurity Leadership: Powering the Modern Organization,” by University of Maryland University College’s own Mansur Hasib, widely acclaimed as the definitive book on cybersecurity leadership and governance. It defines cybersecurity and expands upon its three key tenets—people, policy and technology.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Cybersecurity Awareness Month Wrap-up: UMUC Covered a Lot of Ground

The University of Maryland University College (UMUC) marked National Cyber Security Awareness Month this past October with a slate of events and activities that stressed the importance of leadership, workforce skills, and strategies to help businesses and the public stay safe online.

Through our Facebook Live Interview series, sponsorship of the Cyber at the Crossroads Symposium, and participation in CyberMaryland 2017, UMUC cybersecurity experts shared insights into the following:

  • How Skills-based Hacking Competitions Build Critical Thinking Skills. Ajay Gupta, chair of the Computer Networks and Cybersecurity program at UMUC, opened our Facebook Live series by discussing how these competitions build essential real-world, hands-on technical skills in data forensics, network defense, ethical hacking and other areas. Gupta suggested they also foster collaboration and develop the critical—and quick—thinking skills needed to complete complex, often unfamiliar tasks.
  • What Managers and Leaders Need to Understand About Cybersecurity. Valorie King, chair of UMUC’s Cybersecurity Management and Policy program, followed Ajay’s session with a discussion about how business leaders need to understand cybersecurity at a level that makes it possible for them to effectively lead those entrusted with safeguarding their organization’s people, processes, and technologies.
  • What’s the Difference Between Security and Cybersecurity? Finally, we concluded our Facebook Live series with Mansur Hasib, chair of UMUC’s Cybersecurity Technology program, who explained the critical distinctions between these two concepts and the role cybersecurity plays in the upper management and the healthcare space.
  • Lessons Learned from Eligible Receiver 97. On Oct. 10, UMUC hosted the daylong “Cyber at the Crossroads” symposium, co-sponsored by the National Security Agency’s Cyber Center for Education and Innovation–Home of the National Cryptologic Museum. During the event, national cybersecurity leaders from government, military, industry and academia, explored in-depth the wide-ranging implications of the secret exercise—Eligible Receiver 97—that the Pentagon conducted 20 years ago to assess the vulnerabilities of Department of Defense computer networks.
  • How to Prepare the Cyber Leaders of Tomorrow. UMUC sponsored the education track at the Cyber Maryland 2017 conference that convened on Oct. 11 at the Baltimore Convention Center. Emma Garrison-Alexander, vice dean of UMUC’s Cybersecurity & Information Assurance program, moderated the session, “Cybersecurity Leadership: Preparing the Cyber Warriors of the Future,” which highlighted best practices for achieving effective cybersecurity leadership across public and private organizations and industries, as well as local, state and federal government agencies.

To learn more about all of our activities during the month of October, read our complete coverage in the UMUC Global Media Center.

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

UMUC’s Mansur Hasib Gets Serious About Cyber Education

MansurMansur Hasib, program chair for Cybersecurity Technology, University of Maryland University College (UMUC) Graduate School, and a well-known thought leader in health care technology and cybersecurity, recently won the Cybersecurity Association of Maryland’s (CAMI) People’s Choice Award for lifetime achievement.

Before a sold-out crowd of 250 attendees at the American Visionary Art Museum in Baltimore on March 22, CAMI presented 13 awards to Maryland companies, organizations and individuals judged to have outstanding cybersecurity products, services or programs, or to have made a substantial contribution to Maryland’s cybersecurity industry.

Hasib, who holds a doctorate in cybersecurity and is a former chief information officer with 30 years of public and private sector experience in health care, biotechnology, education, and energy, has always maintained that cybersecurity has three core elements — people, policy and technology. People make the decisions on what technology to use and how to support it. People determine the strategy, they configure the technology, and they use it. Leadership is critical because we need to engage people toward a business purpose and a mission.

Hasib recently spoke to HealthManagement.org and shared his thoughts on cybersecurity governance and offered his insights into how critical cybersecurity education is to Health Information Technology students.

Read the full interview.