Chapter XII: Social Engineering

An example of social engineering
One story of social engineering happened a couple of years ago. ".. group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network". And how easily was that done! They managed to obtain small amounts of access, one bit here, other there, from different employees. They used some detective work to find out things about the firm; a call to the HR (Human Resources) and they had the names of the employees which were important for their cause.

They got in from the front door by pretending they´ve lost the key and to the security area they got in again by pretending, this time to have lost their identity badges. In both places a employee opened the door for them. The strangers planned their attack so that the CFO was out of town so they entered his office and since his computer was unlocked they got financial data off it. They also dug through the trashes and found different useful documents. The friendly janitor gave them a garbage pail - it was easy to carry all this material out of the building in it.

These strangers also knew how to imitate the voice of the CFO and got his network password by phone, pretending to be in a hurry (from the ADP-support I guess). And after this they just used some hacking tools and managed to get super-user access into the system.

Sounds really way too easy! Well, there were some obvious mistakes from the firm´s behalf, for example you should never let a stranger inside the firm.. Always ask something you can double-check from some other. And hey, who leaves his/her computer unlocked?

Source

How to fight against social engineering
As I wrote before, never let strangers inside the firm. There should be a certain protocol for the employees what to do if they have lost their key; some direction has to be around to let them in, someone who can make sure who they are. And that double-checking is also effective, to ask who he/she comes to meet, maybe even offer to show the way.. At least to call to this mentioed person and ask if the guest has arrived.

Yes, people want to believe that others have good intentions and feel themselves intruders if they need to ask something from a stranger. A janitor is good in this case, all the strangers trying into the building should go to him/her, introduce themselves, fill a form of some information themselves and the cause of the visit, and so on. This happens in some companies and it´s effective.

Doors to employees rooms should always be locked and so should their computers be also. And no notes on the table considering the password..

And of course the systems needs to be as secure as possible, at least passwords and different levels of access to information.

What is social engineering? Wikipedia´s definition

Chapter XI: Hacktivism

Wikipedia says that hacktivism is "the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development."
Source

In that same Wikipedia article are some interesting examples of hacktivism. Bronc Buster got my attention the most since I feel a country shouldn´t restrict the use of Internet from the people. And it seemed funny that this incident happened almost precicely ten years ago.

On Wikipedia it was told that Bronc Buster disabled some firewalls so that Chinese people got uncensored access to Internet. When I put his name on Google to search for Finnish pages about him, I got only a page that told he is a cracker who managed to change the web pages of government of China concerning human rights to a page which judged strongly the Chinese government and got links to pages which critisize the Chinese human rights politics. The page Bronc Buster made is in here.

Bronc Buster made his attack almost immediately the service got opened (26.10.1998) and mocked also the security of the pages: he said that it took only two minutes to break into the service.

Bronc Buster is said to be a member of Legions of the Underground, at least in this page it is said so. And in this page is it said that he is a member of Hacktivismo.

Here is also an interesting article about this occasion.

Master Thesis: Outline

New

• Title
Development of Self-Direction Through Self-Reflection in a Webcourse

• Introduction
The work to create this Master´s Thesis began when I was asked to do my study about an eLearning-course which has took place in spring 2008. I was asked to collect material written by the students in their weekly reflections.

After I collected the reflections from the students´ blogs to excel-files I started to look different relations between the answers. I´ve got interested about the students self-direction when participating courses myself and I feel that it is quite essential for the success of the student in online learning. I wanted to find out how and also how teachers could support it. This is why I focused to different elements of self-direction also with the materials of this precise course.

Studying the self-direction also brought up the usage of tools, so I studied the relation between them. The more familiar the student is with the tool/tools he/she uses the easier it is to be self-directed. But the usage of the tools is just one part. In this process I noticed that the essence what I would want to find is how to help teachers/tutors to keep the students in the courses and studying actively. Self-direction is a big part of it.

• -existing work
!!!
• -research question
Does self-direction develop in time? Is it so that who is self-directed stays so, who not does not develop? What is the identification of self-direction in self-reflections?
• -hypothesis
Self-direction can develop in time. Most students self-direction doesn´t develop. Self-direction can be seen in self-reflections through choices of student, developing of ideas and use of schedules.
• -goal
The goal is to find out how self-direction might develop in time and how self-direction is identified from self-reflections.

• Main part
• -method
Quantitative datacollecting, qualitative analyzing, focus groups
• -description of media project
!!!
• -synthesis and analysis of material/data
!!!

• Conclusions
!!!
• -outcomes
!!!
• -evaluation of the outcomes against the hypothesis
!!!
• -evaluation of the outcomes against the goal
!!!
• -implications
!!!

Literature & other:

Brockett, R. G. and Hiemstra, R. (1991) Self-Direction in Adult Learning. Perspectives on theory, research and practice, London: Routledge.

Brookfield, S. (ed.) (1985) Self-Directed Learning. From theory to practice, San Francisco: Jossey-Bass.

Candy, P. C. (1991) Self-direction for Lifelong Learning. A comprehensive guide to theory and practice, San Francisco: Jossey-Bass.

Hayes, C. (1998) Beyond the American Dream. Lifelong learning and the search for meaning in a postmodern world, Wasilla: Autodidactic Press.

Jarvis, P. (1992) Paradoxes of Learning. On becoming an individual in society, San Francisco: Jossey-Bass.

Knowles, M. (1975) Self-Directed Learning. A guide for learners and teachers, Englewood Cliffs: Prentice Hall/Cambridge.

http://www.tash.org/mdnewdirections/selfdirection.htm
http://www.infed.org/biblio/b-selfdr.htm
http://www.ncrel.org/sdrs/areas/issues/students/learning/lr200.htm

Chapter X: Minorities

All the different minority groups can experience how to be treated as "normal" in Internet. This is because of a simple fact: in Internet all you (must) give is text. Just if you want to you can show a picture of yourself, but an avatar can also be for example a cartoon character. It´s quite easy to "hide" behind text, it´s up to you what you want to reveal about yourself.

One interesting group is blind people. In real life they are spotted immediately and other people behave in a certain pattern when communicating with a blind person. You try to give the blind person space and not to stare him/her and maybe you treat him/her a bit like he/she wouldn´t understand so easily what you say..

But online a blind person can surf around almost like any other. With a editor which reads texts and pictures (so everybody who makes webpages: remember the alt tags in the pictures!) he/she can browse easily and with a certain keyboard a blind person can write just like that. Nobody notices that he/she is blind.

Chapter IX: Hackers

Bagbiter
I had some hilarious moments with the alphabets if the Jargon File. There were many phrases that caught my attention, for example "Airplane Rule", "Alice and Bob", "Banana Problem", "Control-C", "Easter Egg", "Gang Bang"...

But Bagbiter kind of suited nicely to my situation - fighting with my laptop. This really is such a bagbiter, working extremely clumsy! This term is funny, I would have never guessed or figured out such; how does biting and bag even get together :D Thinking of somebody biting a bag is quite a weird image when taking it literally, really funny that these words have come together and got a definition like this. Well, the roots of this term are at the sixties and seventies and refer most likely also to scrotum, so..

Bagbiter is not only an annoying computer, but also a person like loser. Hmm.. I have to remember that next time I feel the need to use the word loser, bagbiter would get more attention ;)

The Jargon File

Hacker Ethic
By Steven Levy there are seven features:

Access to computers should be unlimited and total
Well, in today´s world we are getting close to this - as long as we think of like Europe, USA.. In poor countries this isn´t happening so fast than in others. Thirst for knowledge is real and can be seen everywhere, but the positive attitude is a bit of a question mark since people tend to be so busy and lazy nowadays ;) But I think that the world really is full of fascinating problems to be solved. And pragmatic altruism is really worth of seeking! "No problem should ever have to be solved twice". Amen to that. Freedom? Well, it is shouted at every street corner nowadays.

Always yield to Hands-On Imperative
The point is clear: hands on. Do it, don´t just plan and analyze. If something can be done, do it. This would be so lovely to see more in action! I just hate the heavy wheels of decision making in companies.. You need to fill this paper to get that and the other paper to get that.. Do this plan and that analyzis.. Think of it for a month, are you really sure you want to do it?.. Blaah.

All information should be free
Well, everybody can have access to quite many kind of information, but this feature isn´t really happening in today´s world, especially when you connect it to the previous feature: you should also be allowed to improve and add things.

Mistrust authority - promote decentralization
Bureaucracy is a swear word if you ask me. I´ve worked in too many projects including different layers of bureaucracy.. But it seems to be like this today. And not all authority is a bad thing, as it is pointed out in this feature too. Just not to fall under authorities. And the end part of this feature complements the first half. Decentralization really is a central feature of the Internet and is one of trends in today´s world.

Hackers should be judged by their hacking
Equality is almost something worth gaining for, maybe someday it really works in world. Why would for example gender has anything to do with your skills? Or paycheck..

You can create art and beauty on a computer
This is obvious today. Today you even don´t have to be so good with fancy image editing tools, it´s quite simple to create things with your computer. Coding isn´t anymore the only thing considered art with computers :)

Computers can change your life for the better
Really they can. They can spare time for you to do something nice. For example you don´t have to go to a bank and line up for ages to get a bill paid, you can pay it from your eBank. You can meet new and interesting people in Internet. You can create things.

These are the classical features of hacker ethic.

Pekka Himanen has also made his own list:

Passion
Doing something from your heart. How important is that? Extremely. It´s a shame that so many has to work just to get money. How wonderful it would be to work through your passion!

Freedom
Really, the best results come from necessity and creativity. In some companies this is noticed, others still rely on strict schedules and boundaries.

(Hacker) work ethic
Irregular lifestyle is also flexible, but maybe it doesn´t work in every places :)

(Hacker) money ethic
It definitely sounds wise to spend some time to gather around the needed resources. And concentrating to ensure the broadest possible audience while choosing smaller immediate profits - how good example is Linux?! There is no need to explain.

(Hacker) network ethic
Freedom of word and thought is something which should be self-evident. And in a way Internet supports it: everybody has the chance of saying their opinion public. Resisting censorship is also quite wide-spread nowadays.

Caring
Humanity, caring of those who are not so fortunate. How self-evident should that be to everybody? Really, why would you want to have a lot of money? How about settling for enough and giving the rest to others who really need it for survival?

Creativity
And in the ground lies creativity. Use your own abilities in an imaginative way. Let the creativity run through you. Don´t hold back. Maybe this way you actually can give the world something valuable.

Looking these lists of seven´s you just wonder: why won´t we all become hackers?

Steven Levy: Hackers - Heroes of the Computer Revolution
+ our course materials

Chapter VIII: Ubiquitous Computing

Actually this chapter didn´t have any "ToDo" :)

But our group is doing a study of this subject, it is developing in here.

Chapter VII: Digital Divide

Digital Divide in Finland
Well, in Finland we haven´t got in media any cases about digital divide, at least I haven´t noticed. Maybe the situation in general is so good? Of course there are people in Finland too who are poor and can´t afford buying computers and so on or live in a place where Internet connection is hard to get (even impossible?) or just not interested in media and that´s why they don´t have the needed equipments.

But mostly it is their own choice, since even if you are poor (or otherwise don´t have your own equipments or connections) there are always the public computers and accesses to Internet, for example in libraries or some Internet Cafes.

So I´d say that digital divide in Finland is a choice.

And seems like it´s not only my opinion:
"As in other countries with high ICT penetration, closing the digital divide in Finland now seems to depend increasingly on citizens’ own choices. In addition to improved access and cost, computer and Internet use will depend on citizens’ perceptions of the value-added of online services, thereby further raising the stakes for improving e-government."
Source

Internet availability in Finland
Internet availability is very good in Finland - as long as you live in Southern Finland. It is so easy just to think this busy Southern Finland and forget that in the North there is a lot of wilderness.

I´d say that in North you do get to Internet if you want to, for example in a library. But connections at home might be more rare.

Even we had some difficulties having Internet connection. Or to get it wasn´t hard, but there was only one provider and the price was quite salty.. And we live only 60km North from Helsinki! But yes, we live in the country side.

Some statistics
Population: 5 244 749
Country Area: 388 145 sq km
Internet Users (Mar/2008): 3 600 000
Penetration per ITU: 68,6%
Broadband subscribers (June/2007): 1 518 900, per OECD, 29%
Source