HACKING: THE GOOD, THE BAD AND THE UGLY

Eric Entenberg
ENC1102: Freshman Composition
March 23, 2016

Introduction
With the progression of technology and exchange of information, there exists unique
problems that occur alongside such advancements. The popularity of attacks upon personal and
commercial information is very high; with a variety of techniques applied for combatting threats,
professionals are constantly kept on their toes. In this essay I shall examine some popular types
of cyber-attacks and what computer scientists and IT specialists are doing to stop this.
Furthermore I will also analyze the effectiveness of each proposed technique in regard to
eliminating the particular issue that the technique was used for in an attempt to help further the
current conversation regarding cyber-security.
To build a fundamental background of information for my research, I included some
journal articles that elaborate upon fundamental issues existing within the realm of personal
information securities. The research spans a broad spectrum of topics crossing boundaries
between multiple technological fields. The advancing amount of cyber-crime committed against
organizations is another relevant addition to the conversation; the article, The Threat of
Advancing Cyber Crimes in Organizations: Awareness and Preventions introduces some ideas
regarding the prevention of criminal activity from afflicting corporations. In a 2013 journal entry
titled, A Forensic Study of the Effectiveness of Selected Anti-Virus Products Against SSDT
Hooking Rootkits, the effectiveness of anti-virus software in regard to system service descriptor
table, or SSDT for short, hook attacks. The inclusion of this is an attempt to show that a persons
basic understanding of cyber-attacks may not be sound; the fact that some popular anti-virus
programs simply could not defend against a simple attack may change some opinions. In the
2015 article, TRAP: using TaRgeted Ads to unveil Google personal Profiles, the usage of
target ads in an attempt to reveal personal information is discussed as a rampant issue in
Googles AdWords system. Many people may not graze over this idea due to the fact that
advertisements are generally passive on various sites therefore bringing this information to light
is essential. Finally, the inclusion of a brief introduction to steganography, via Govind Saranges,
Study of Various Techniques of Steganography and Steganalysis, is important because at least
a relative understanding of steganography is helpful to understand the technical nature of my
support to the argument. I also consulted some less overt attacks such as outlined in, New
Threats to SMS-Assisted Mobile Internet Services from 4G LTE Networks, regarding attacks
upon cellphones due to an advancement in system architecture and even the security of personal
internet networks in the 2014 article An Investigation of Security Trends in Personal Wireless
Networks, to show how the consumer is not safe anywhere from an attack.
With regards to exhibits of my claims, I reviewed the specific advancements and
observations of other researchers. Anti-forensics, the study of obstruction of forensics tools,
techniques are implemented to aid in privatizing information. I exhibit multiple instances of
anti-forensics to help give an understanding of the concept through reference to the articles,
HIDEINSIDE - A Novel Randomized Encrypted Antiforensic Information Hiding from 2013,
Hiding Data, Forensics, and Anti-Forensics from 2007 to show some progression of
information hiding techniques of the modern era, A Novel File-Concealing Method for
Computer Anti-Forensics from 2013 to show an alternative file concealing anti-forensics
technique. One instance includes the security of a cloud computing network in the 2013 journal
entry, Cloud Computing-Based Forensic Analysis for Collaborative Network Security
Management System. Various other encryption techniques are covered including the use of a
generalized Vernam Cipher, exemplified in the article A New Randomized Data Hiding

2
Algorithm with Encrypted Secret Message Using Modified Generalized Vernam Cipher Method:
RAN-SEC Algorithm along with a new breakthrough in hiding information in various
randomized cover files throughout the system as indicated in the 2016 article Data
Concealments with High Privacy in New Technology File System. In addition to that, I also
observed some brute force protection of personal privacy, via the addition of numerous
addresses, through the updating of the IPv, internet protocol version, from version four to version
six in Privacy and Security in IPv6.
My argument is going to be supported through the techniques applied in the various
articles. By comparing the claims of the current research about the topic, an amalgamation of
ideas can be created to reflect an optimized reflection of the current state of cyber security with
potential to improve the personal data security situation. Through the application of current
digital forensic techniques, it appears that hiding information in the excess space left at the end
of a data cluster, known as slack space, is a viable option for hiding messages. When a file is
created, the space allocated for it is left to be larger than the exact size of the file to allow for
growth; however, the data is easily lost if the file where it is stored is either moved or destroyed.
If the data is necessary to keep track of completely, one can employ randomized encryption
techniques to increase the chance that the hacker will not break the encryption. My methodology
for analysis of these articles includes the comparison of the effectiveness of each technique with
each of the other technique. I can also compare the recent circumstances of the data breach at
UCF in an attempt to further make the topic more relevant.
In conclusion, the methods hiding of data is constantly changing because there is a
constant need for improvement due to the actions of malicious hackers. While it is generally
considered synonymous for hackers to be malicious; this couldnt be further from the case. The
hacking of current methods help computer scientists stay ahead of the black hats or more well
known as the bad hackers.

Proposal
Thesis: The recent large scale cyber-attacks upon companies creates a huge need for
advancement within cyber security; this requires computer scientists to not only refine the
techniques used to combat cyber threats but also the creation of new methods to protect
ourselves from these digital attacks.
Intended audience: My intended audience is a group of college students who are willing to
learn about some unfamiliar information that may or may not be relevant to their personal
interests. The audience will likely not know much about the technical topics regarding cyber
security however they will likely be familiar with some of the threats posed because they are
relevant to the common person. I would imagine that the audience would likely be sympathetic
toward my topic because improving upon the security of ones personal information seems to
benefit the individuals.
Kinds of sources: I include scholarly writings regarding cryptography and other computer
theory because it demonstrates the ideology of the computer science community in regards to
security. Internet resources that are relevant to current issues will help connect my argument into
why we need to improve our current cyber security techniques.
Graphs or charts: Charts and Graphs are useful for demonstrating the relationship between
entities in a network along with the results of tests performed upon the system.
Documentation Style: I plan to use CMS because it is generally accepted as standard in
computer science

Research Map
Key Phrases: cyber security, information security, cryptography, and cyber terrorism.
Types of Research: All of my sources are of scholarly origin; a vast majority of the references are
from journals but there is also a book on techniques implemented in cloud systems.
Timeline: March, April/May
Mar 1 - digital

paper trail due

8 work on

3 work on

research dossier
9

10 revise dossier

6 work on 7
research

11

12

dossier
13 revise

14

research

revise

dossier

dossie

15 research

19

20

21

26

27

28

16

17 final dossier

r
18

dossier draft
22

23

due
24

25

29

30

31 rhetorical

dossier

analysis workshop
draft due

Apr 1

2 TED

3- revise

begin

talk/ revise rhetorica

TED talk

rhetorical

l analysis

5 TED talk

6 finish

7 final draft

pitch due

rhetorical

rhetorical

analysis

analysis

5
analysis

8 work

9 work

10

on

on

work on

research

research

research

paper
15 work

paper
16 revise

paper
17

18

19 workshop

20 work

21 workshop

on

research

revise

finish

draft 3 due

on self

draft self-

research

paper

research

researc

assessmen

assessment

paper
22 Final

23

paper
24

h paper
25

26 first ted

t
27 study

due
28 - prepare

draft due

prepare for prepare

prepare

talks

day

for ted talk

ted talk

for ted

for ted

29 -

30 -

talk
May 1 -

talk
2-

prepare

prepare for prepare

prepare

for ted

ted talk

for ted

for ted

talk

talk

talk

11

12 Workshop

13

draft 1 due

14 team
meetings, draft
2 due

3 final exam

Annotated Bibliography
. Srinivasan, A S. T. Nazaraj and A. Stavrou. HIDEINSIDE A novel randomized encrypted
antiforensic information hiding 2013
Several techniques have been proposed for information hiding including hiding in slack space,
which is the focus of this paper. However, current techniques of hiding in slack space depend on
utilizing exiting slack space on the disk, which can be seriously limiting. Also, all techniques

6
proposed thus far for hiding in slack space are impacted by the cluster size on the disk since the
maximum slack space is a function of the cluster size. This necessitates splitting the data to be
hidden into numerous parts, making it cumbersome to remember their locations and sequence for
reassembly. Finally, hiding in existing slack space risks loss of data due to overwriting if the file
whose slack is used for hiding grows in size. In this paper we propose HIDEINsIDE
a novel on-demand slack space generator that creates new files on-the-fly that act as the cover
file for hiding. The proposed method is an Antiforensics as well as a Steganographic technique.
With HIDEINsIDE, the information to be hidden is split into n chunks where n is the number
of cover files created. The number of cover files created depends on the amount of data to be
hidden and the size of the clusters. Each chunk of data is then encrypted and stuffed randomly
into the slack space of one of the n cover files along with the MD5 hash value of the encrypted
chunk. We finish the hiding process by creating a map-file of the randomly hidden chunks such
that they can be easily reassembled in the correct sequence upon retrieval. The MD5 hash
verifies the integrity of the retrieved chunks before they are deciphered. The map-file resides on
an external drive making it extremely difficult, if not impossible, to locate, decrypt and
reassemble the hidden chunks in the correct order to retrieve the hidden information.
[ABSTRACT FROM PUBLISHER]
The primary author is an Indian computer science professor from Temple University who earned
his PhD in computer science from FAU. There is no bias in this article because it is
demonstrating a technique to conceal sensitive information from intruders rather than asserting
an argument.
Kumar, Anil, Jaini Shah. The Threat of Advancing Cyber Crimes in Organizations: Awareness
and Preventions 2014
With the era of globalization, computers, mobile phones and the Internet have become part of
our daily routine. As a result of this, online processing information is made available on the
internet bringing in new threats in the form of cybercrimes. Such threats not only come in
different faces, but they also have different execution methods making it difficult for cyber
experts to find a viable solution. Due to the high rates of threats, nations around the globe have
become concerned about their Netizens' online safety and have implemented several Acts of
Parliament and International Instruments. However, most of the laws are still in A Mother's
Womb which are in the process of evolution. There are several reasons why cyber-attacks are
planned, as some have serious agendas tagged on them, while others are simply planned as
pranks. This paper not only seeks to analyze the political, economic and social effects of cybercrimes in organizations but also recommends how one can be made aware and prevent cybercrimes in organizations as prevention is better than cure. [ABSTRACT FROM AUTHOR]
The primary author of this article is a Kenyan lecturer of computer science at Maasai Mara
University. The bias of this article is little to none seeing as it is an informative article.
Hsu, Fu-Hau, Min-Hao Wu, Syun-Cheng Ou and Shiuh-Jeng Wang. Data concealments with
high privacy in new technology file system 2016
This paper proposes a new approach, called file concealer (FC), to conceal files in a computer
system. FC modifies metadata about a file in NTFS (New Technology File System) to hide the

7
file. Unlike traditional hooking methods which can be easily detected by antivirus software,
experimental results show that it is difficult for antivirus software to detect the files hidden by
FC. Moreover, to enhance the concealment capability of FC, FC also rearranges the order of
some data sectors of a hidden file. As a result, even if another person finds the original sectors
used by the hidden file, it is difficult for him to recover the original content of the hidden file.
Experimental results show that even data recovery tools cannot restore the content of a hidden
file. All information that is required to restore a hidden file is stored in a file, called recovery file
hereafter. When a user uses FC to hide a file, the user can specify any file as a host file, such as
an image file, to which the recovery file will be appended. As a result, the user can easily restore
a hidden file; however, it is difficult for other person to detect or restore the hidden file and the
related recovery file. [ABSTRACT FROM AUTHOR]
The primary author of this article is a Taiwanese associate professor and the National Central
University in Taiwan. Again since the purpose of the article is informative, the bias is very
minimal. The authors are implementing a technique to make it harder for hackers to uncover
sensitive information by randomizing the order so even if an intruder could find the hidden files
it would further be near impossible to decrypt the entire selection correctly.
Sarage, Govind N.. Study of Various Techniques of Steganography and Steganalysis 2014
Steganography and steganalysis are important tools that allows transmission of information
over and over communications channel. The purpose of steganographic communication is to hide
the mere existence of a secret message. Steganography refers to the technology of hiding data
into digital media without drawing any suspicion, while steganalysis is the art of detecting the
presence of steganography. This paper provides a brief study on steganography and steganalysis
for digital images, mainly covering the fundamental concepts, the various techniques. Some
commonly used techniques for improving steganographic security and enhancing steganalytic
capability are summarized and possible research trends are discussed. [ABSTRACT FROM
AUTHOR]
The author is an Indian computer scientist working with the National Defense Academy of India.
His bias will fall within a more rigid political basis because he works for the government.
Tu, Guan-Hua, Yuanjie Li, Chunyi Peng, et al. New Threats to SMS-Assisted Mobile Internet
Services from 4G LTE Networks 2015
Mobile Internet is becoming the norm. With more personalized mobile devices in hand, many
services choose to offer alternative, usually more convenient, approaches to authenticating and
delivering the content between mobile users and service providers. One main option is to use
mobile text service (i.e., short messaging service). Through associating an online account with a
personal phone number, it aims to provide mobile-friendly, always-online, and even more secure
experience. Such carrier-grade text service has been widely used to assist versatile mobile
services, including social networking, banking, e-commerce, mobile-health, to name a few.
However, as cellular network technology independently advances to the latest IP-based 4G LTE,
we find that these mobile services are exposed to new threats raised by this change. In particular,
messaging service over " has to shift from the conventional circuit-switched (CS) design to the
packet-switched (PS) paradigm as 4G LTE supports PS only. However, its shields to messaging
integrity and user authentication are not in place, while the legacy security mechanisms in 2G

8
and 3G are in vain. As a consequence, such weaknesses can be exploited to launch attacks
against a targeted individual, a large scale of mobile users and even service providers. These
attacks are contact-less without physically accessing to the victims' devices. They might result in
distressing account hijacking, real-dollar loss and even spam lawsuits. Our study shows that 53
of 64 mobile services over 27 industries are vulnerable to at least one above threat, and some are
even prone to million-dollar loss. We validate these proof-of-concept attacks in a controlled
environment in one major US carrier which supports more than 100 million users. We finally
propose quick fixes and recommended remedies and discuss security insights and lessons we
have learnt. [ABSTRACT FROM AUTHOR]
The primary author is a post-doctoral scholar at UCLA studying computer science. As an expert
within the wireless networking market, the author likely has a bias toward the importance of
wireless communication systems portability. This article helps illustrate that attacks are very
close to the user and that it does not take much for a hacker to gain access to personal
information.
Berghel, Hal. Hiding Data, Forensics, and Anti-Forensics 2007
The article covers methods to hide electronic data on computer networks. Through the use of
network protocol for some unintended purpose via incorporating data in packets in
unconventional places, and creating packets by using options fields in packets to show covert
data, in addition physical data hiding, covert data being hidden among light data, or data
intended to be seen, also occurs.
The author is a professor of computer science at UNLV, where he previously served as the
Director of computer science and the Associate Dean of the College of Engineering. This article
is purely informative, leaving little room for personal bias. This shows a foundation of data
hiding and anti-forensics by being the oldest of my selected articles while still retaining some
relevance due to being within the last 10 years.
Peng, Jing, Can Wang, and Hu Wu. A Novel File-Concealing Method for Computer AntiForensics 2013
To mitigate the contradiction between the security of the long random key and the convenience
for memorizing of the short key, a novel file-concealing method for computer anti-forensics is
proposed in this paper. This method processes the secret file with the symmetric encryption
algorithm and the XOR operation, and it combines the advantages of the symmetric encryption
and the steganography. The files concealed by this method cannot be restored by the adversary
even though the symmetric key is leaked. With this method, the defense ability against the brute
force method is improved significantly with a very little overhead; and the method does not have
any special requirements on the carrier files chosen by the user. Consequently, the method is
applicable to the anti-forensic environment. According to the principle of the method, an antiforensic prototype tool for Windows platform, which is named StegEncrypt, is developed. This
tool can be used to protect the secret files to be saved or transferred against the adversary's brute
force cracking. [ABSTRACT FROM AUTHOR]
The primary author of this article is an associate professor at Montclair State University in New
Jersey. Since the article is purely reporting findings of a technique, the bias is non-existant. This

9
article helps defend against brute force, trying every possible outcome, attacks by encrypting the
file and the key.
Liu, Lu, Thomas Stimpson, Nick Antonopoulos, Zhijun Ding and Yongzhao Zhan. An
Investigation of Security Trends in Personal Wireless Networks 2014
Wireless networks are an integral part of day-to-day life for many people, with businesses and
home users relying on them for connectivity and communication. This paper examines the
problems relating to the topic of wireless security and the background literature. Following this,
primary research has been undertaken that focuses on the current trend of wireless security.
Previous work is used to create a timeline of encryption usage and helps to exhibit the
differences between 2009 and 2012. Moreover, a novel 802.11 denial-of-service device has been
created to demonstrate the way in which it is possible to design a new threat based on current
technologies and equipment that is freely available. The findings are then used to produce
recommendations that present the most appropriate countermeasures to the threats found.
[ABSTRACT FROM AUTHOR]
The main author is a professor of distributed computing at the University of Derby in the UK.
The author likely holds favor toward the use of wireless networks due to his research interests in
cloud computing and wireless sensor networks.
Conti, Mauro, Vittoria Cozza, Marinella Petrocchi and Angelo Spognardi. TRAP: using
TaRgeted Ads to unveil Google personal Profiles 2015
In the last decade, the advertisement market spread significantly in the web and mobile app
system. Its effectiveness is also due thanks to the possibility to target the advertisement on the
specific interests of the actual user, other than on the content of the website hosting the
advertisement. In this scenario, became of great value services that collect and hence can provide
information about the browsing user, like Facebook and Google. In this paper, we show how to
maliciously exploit the Google Targeted Advertising system to infer personal information in
Google user profiles. In particular, the attack we consider is external from Google and relies on
combining data from Google AdWords with other data collected from a website of the Google
Display Network. We validate the effectiveness of our proposed attack, also discussing possible
application scenarios. The result of our research shows a significant practical privacy issue
behind such type of targeted advertising service, and call for further investigation and the design
of more privacy-aware solutions, possibly without impeding the current business model involved
in online advertisement. [ABSTRACT FROM AUTHOR]
The primary author of this article is an associate professor at the University of Padua math
department in Italy. As a scholar within computer science he likely holds bias against companies
profiting on the data that a user creates through using a service.
Ray, R., J. Sanyal, T. Das, K. Goswami, S. Das and A. Nath. A new randomized data hiding
algorithm with encrypted secret message using modified generalized Vernam Cipher
Method: RAN-SEC algorithm 2011
This paper proposes a new method for hiding any encrypted secret message inside a cover file
by substituting the LSB of randomly selected bytes of cover file. For encrypting secret message

10
we have used a new algorithm called Modified Generalized Vernam Cipher Method (MGVCM).
For hiding secret message we have proposed a new method in which we have inserted the bits of
each character of secret message file in the LSB of eight randomly selected bytes of the cover
file. The randomly selected bytes read from cover file correspond to successive locations of a
randomized offset matrix starting from a certain base address in cover file. The offset matrix is
randomized using the randomization method of the previously published MSA encryption
method. The randomized embedding of message in a cover file gives an additional layer of
security over the encryption. [ABSTRACT FROM PUBLISHER]
Seeing as this is yet another informative article, the bias is kept to a minimum.
Al-Shaheri, Sami, Dale Lindskog, Pavol Zavarsky and Ron Ruhl. A Forensic Study of the
Effectiveness of Selected Anti-Virus Products Against Ssdt Hooking Rootkits 2013
For Microsoft Windows Operating Systems, both anti-virus products and kernel rootkits often
hook the System Service Dispatch Table (SSDT). This research paper investigates the interaction
between these two in terms of the SSDT. To investigate these matters, we extracted digital
evidence from volatile memory, and studied that evidence using the Volatility framework. Due to
the diversity in detection techniques used by the anti-virus products, and the diversity of
infection techniques used by rootkits, our investigation produced diverse results, results that
helped us to understand several SSDT hooking strategies, and the interaction between the
selected anti-virus products and the rootkit samples. [ABSTRACT FROM AUTHOR]
The primary author is a scholar from Concordia University in Alberta, Canada. The bias could
be held that anti-virus in general is not very useful due to the fact that hackers are always
outsmarting these programs.
Jegatheesan, Sowmyan, Dr. El-kadri, Privacy and Security in IPv6 2013
Many Internet service providers (ISPs) throughout the world are now in the process of
integrating IPv6 into their Internet access products for retail customers and corporate clients. One
of the most important features of the IPv6 protocol is its huge address space. This will enable
users to assign a life-long stable, unique and globally routable IP address to each personal device.
All users will be able to set up public services at home and be able to communicate from and to
their devices from any point in the network. The resulting end-to-end reachability is considered a
major improvement over the current situation.IPv6 evoked a new debate between privacy and
security in order to attract more unique IP addresses to locate users, especially with the advent of
mobile devices. While the initial IPv6 specification from 1995 does already contain a variety of
security considerations (namely, message integrity protection as well as encryption based on
IPsec), privacy aspects have not played a major role in the beginning. [ABSTRACT FROM
AUTHOR]
The primary author is a Harvard graduate of Information Technology. As an expert within the
technological sector, he likely holds a bias toward wanting to use new technology over the
antiquated technology that is being replaced.
Chen, Z., F.Y. Han, J. W. Cao, X. Jiang, and S. Chen. Cloud Computing-Based Forensic Analysis
for Collaborative Network Security Management System 2013

11

Internet security problems remain a major challenge with many security concerns such as
Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks,
consist of a large number of bots that generate huge volumes of spam or launch Distributed
Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the
status of Internet security further. To address these problems, a practical collaborative network
security management system is proposed with an effective collaborative Unified Threat
Management (UTM) and traffic probers. A distributed security overlay network with a
centralized security center leverages a peer-to-peer communication protocol used in the UTMs
collaborative module and connects them virtually to exchange network events and security rules.
Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a
design and implementation of a cloud-based security center for network security forensic
analysis. We propose using cloud storage to keep collected traffic data and then processing it
with cloud computing platforms to find the malicious attacks. As a practical example, phishing
attack forensic analysis is presented and the required computing and storage resources are
evaluated based on real trace data. The cloud-based security center can instruct each
collaborative UTM and prober to collect events and raw traffic, send them back for deep
analysis, and generate new security rules. These new security rules are enforced by collaborative
UTM and the feedback events of such rules are returned to the security center. By this type of
close-loop control, the collaborative network security management system can identify and
address new distributed attacks more quickly and effectively. [ABSTRACT FROM AUTHOR]
The primary author is a Chinese computer engineer. Since the basis is informative, the bias is
nearly nonexistent. This article shows some basic risks and attacks to cloud based computing
services and asserts ways to amend security protocols.