Michelle Han

IM1/11/AP
1/21/2019

Geeks for Geeks. "5 Phases of Hacking." ​Geeksforgeeks.org​,

www.geeksforgeeks.org/5-phases-hacking/. Accessed 14 Jan. 2020.

This web page discusses the five phases of hacking: reconnaissance, scanning, gaining
access, maintaining access, and clearing tracks. Reconnaissance is the first step, where the
hacker is trying to collect as much information that they can about their target by doing research
or using. The second step is scanning, which is using different tools to scan the data obtained in
order to find any information that can help them infiltrate the system. After obtaining all the
necessary information, the hacker moves on to step three, where they design a plan of the
network and decide how to gain access. Once they gain access, they would have to be able to
maintain access and remain unidentified by the network’s security system. The final step is to
clear their tracks, so that no one can reach the, this is done prior to the attack and after the attack.
This source is helpful in that it provides information about a common and simplified
version of how hackers begin their process of infiltrating a network. As well, information about
the phases will help draw connections to the characteristic patterns found in many malicious
users.

Grey Campus. "Phases of Hacking." ​Greycampus​,

www.greycampus.com/opencampus/ethical-hacking/phases-of-hacking. Accessed
14 Jan. 2020.

This web article is discusses the five phases of hacking and the different types of
elements in each phase. Such as in step one, reconnaissance, there are two types of
foot-printing/information gathering, such as active (directly interacting with the target to gain
information) and passive (trying to collect information without direct interactions with the
target). In scanning, step two, there are three types of scanning, post scanning (scanning the
target for information), vulnerability scanning (scanning the target for any weaknesses that can
be exploited), and network mapping (finding any networks, routers, and firewalls). The hacker
might use a variety of tools and methods in order to both gain access and maintain access by
using Trojans, Rootkits, or other malicious files just until they finish their task. While in clearing
their tracks, the hacker would have to modify, corrupt, or even delete any logs, applications, and
files that were created or used during the process.
Though this web article is similar to the article from Geeks for Geeks, where both discuss
the five phases of hacking, this article offers more information about the different types of
approaches that hackers might take for each phase of hacking. But both are able to explain the
basic information that is easily understandable by anyone, especially those who might not
necessarily understand or have a deep knowledge in hacking.

"How Do Hackers Get into Computer Systems?" ​WhatismyIPadress.com​, edited by Chris

Parker, whatismyipaddress.com/hacking-basics. Accessed 15 Jan. 2020.
 This web article discusses how hackers get into computer systems, and explains what a
hacker is and actually does. Hackers are programmers who use their computers to get into
networks and cause trouble, such as stealing secrets, obtaining passwords, gaining personal
information, and creating enough traffic that can shut down a website. There are three types of
hackers, young kids, recreational hackers, and professionals. Young kids are basically teenagers
and young adults who are just messing around with websites and are not really trying to
intentionally harm anyone, while recreational hackers are those who are considered to be bad
guys, they might think that they have a valid reason to infiltrate a computer system because of a
grudge or a dislike. Finally, the professional hackers are expert programmers who become
addicted to the adrenaline of hacking and they often try to steal people’s money along with
personal information.
This web article not only offers information about how a hacker can infiltrate a system
but also gives off warnings and prevention methods to be prepared against any future
occurrences that might happen. Also, the article gives many examples, along with
understandable definitions, of stealing passwords and getting into the system.

Isaac, Mike, and Sheera Frenkel. "Facebook Security Breach Exposes Accounts of 50
Million Users." ​NYTimes,​ 28 Sept. 2018,
www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html.
Accessed 15 Jan. 2020.

This news article is about the Facebook data breaches that had occurred in 2018 and it
discusses the background information of what the data breaches were about. Back in September
2018, Facebook and its team had announced that 50 million users were affected as there was an
attack on its computer networks, which had exposed the personal information of about 50 million
users. As well, it shows how Facebook is struggling to maintain their reputation in the public
eye, since it was buffeted by a scandal, where a British analytics firm obtained access to the
private information of up to 87 million users, resulting in elections being affected and even some
deaths in other countries. This article also incorporates Mark Zuckerburg’s and his team’s
comments on the issue, assuring the public that they are “taking it really seriously.”
This is a reliable source, but it does not offer much information about the specific details
on the identity of the hacker(s) and how they were able to attack Facebook’s computer system
networks. Though, it does nicely provide basic background information about the situation at the
time and also including insight and comments from Mark Zuckerburg and his team.

Liu, Ruinan, et al. "Clustering User Accesses to Detect Anomalous Behavior." ​Clustering
User Accesses to Detect Anomalous Behavior​, 2019, pp. 1-9.

The research paper discusses an experiment, which is trying to differentiate between a

good (typical) user and a malicious user, who could potentially be a hacker. Main characteristics
between a malicious user and a good user can be divided into different categories, URL-based,
time-based, and parameter-based. As a good user typically does not follow any sort of pattern,
the malicious user does, for example, they tend to have multiple made-up URLs, longer
user-session, a large number of requests in a short amount of time, and a number of malicious
bots that insert abnormal characters. After conducting the experiment by simulating different
attacks using OWASP ZAP and Vega, the results were then analyzed by k-clustering methods.
The ideal result is to have a high median purity (represents that the feature is successful most of
the time) and a low difference between the minimum and maximum (represents that the feature
is steady most of the time). However, the actual results were not ideal, but with a combination of
different performing features, it would actually match the ideal results.
This research paper is useful in the area of providing the different characteristics of a
malicious user. But the experiment, itself, does not seem to be as reliable because the
vulnerability scanners and simulated website used are actually unable to match real-world
results, and there was only one subject application tested. Results would vary between the
different web applications since they all have different functions and abilities.

Nakashima, Ellen, and Ashkan Soltani. "The Ethics of Hacking 101."​ Washington Post,​
08 Oct 2014​. Sirsissuesresearcher,​
https://explore.proquest.com/sirsissuesresearcher/document/2262370097?accountid=
3292​.

This news-article discusses potential vulnerabilities that pose a threat to many computer
systems that even the military and government officials rely on. “Hackers” who are able to
breach into a system actually provide an advantage to cyber defense professionals. Cyber-offense
is the teaching and practice of ethical hacking. It starts off with seeking vulnerabilities, such as
bugs and viruses, and reporting them to the software vendor or the U.S. government. Then the
article transitions to discussing more about the role of offensive cyber skills in colleges and
universities and the controversy that surrounds it, because it is essentially teaching students a set
of dangerous skills that can be used to harm someone, intentionally or not. For example, Stuxnet
was the first usage of a cyberweapon, which was used to harm Iranian centrifuges that would
later be bombed. But not all exploits and vulnerabilities are illegal, the ones that are used with
the intent of hacking are considered illegal, otherwise, they would have safe uses, such as
unlocking an iPhone to switch providers.
This news article is helpful in ways of providing some leads to using cyber-offense skills
to defend a computer system. Also, the article helps answer a question about how simulations are
designed and how cognitive modeling might factor in vulnerabilities into a simulated penetration
of a computer system.

"Number of Social Network Users Worldwide from 2010 to 2021." ​Statista,​ J. Clemnt,
14 Aug. 2019,
www.statista.com/statistics/278414/number-of-worldwide-social-network-users/.
Accessed 14 Jan. 2020. Chart.

This source depicts a chart of the number of social network users worldwide from 2010
to 2021 (in billions), where there were 2.82 billion social network users worldwide in 2019.
Whereas, compared to the estimated number of 2.65 billion people using social media
worldwide, the projection will be about 3.1 billion by 2021. This means that by 2021, more and
more people have access to the internet and the projection will mean that the global growth of
users will be driven by the increasing use of mobile devices.
 The chart and captions offer statistics for the background/introduction paragraph for the
research paper to rely on, which would suggest the evidence of advancing technology and even
computer networks. Thus, tying into the topic of increasing hackers, which would result in more
and more people being affected annually, creating a sense of urgency about the importance of
this research topic.

OWASP. "Vulnerability Scanning Tools." ​OWASP​,

owasp.org/www-community/Vulnerability_Scanning_Tools. Accessed 15 Jan.
2020.

This source is a description from the application’s website, which describes what a
vulnerability scanner is and its functions. A vulnerability scanner is an automated tool that has
the ability to scan web applications in order to look for vulnerabilities, weaknesses, that might be
exploited. Some vulnerabilities can include: cross-site scripting, SQL injection, command
injection, path traversal, and insecure server configurations, and these are the most commonly
seen vulnerabilities in web applications. The source then goes onto listing out various examples
of different vulnerability scanners that are offered, along with information about the owner,
license, and platforms that the vulnerability scanner is compatible with.
The source does not give that much detailed information about how a vulnerability
scanner can function. It just gives some basic information about what a vulnerability scanner is
and some options that were listed below.

Parecki, Aaron. "12." ​OAuth.​ ​Oauth,​ www.oauth.com/oauth2-servers/access-tokens/.

Accessed 15 Jan. 2020.

This chapter of a manual or book/journal is about access tokens, which are the things that
applications use to make API requests on behalf of the user. The access tokens are basically the
authorization of a specific application to access different parts of a user’s information data. The
chapter describes more about the importance of access tokens and how it is crucial for the web
application to make sure that these access tokens to remain kept in confidential. Otherwise, there
would be an increase in the risk of the user being affected if something happens to their access
token, such as a data breach or hack that might occur.
The information about access tokens can be tied into the Facebook data breaches, where
the hackers were able to obtain these access tokens. This would also show the consequence of
not being able to successfully protect access tokens and it suggests that the probability of access
tokens being compromised is very likely and it can happen to any web application at any time.

Perez, Sarah, and Zack Whittaker. "Everything You Need to Know about Facebook's
Data Breach Affecting 50M Users." ​Techcrunch,​ 28 Sept. 2018,
techcrunch.com/2018/09/28/everything-you-need-to-know-about-facebooks-data-
breach-affecting-50m-users/. Accessed 15 Jan. 2020.

This web article offers more in-depth information about the Facebook data breaches that
had occurred in 2018. About 50 million users’ data were confirmed to be affected by the actions
of these unknown hackers. These hackers were able to infiltrate Facebook with three software
bugs that had led to the data exposure. Back in 2017, Facebook had accidentally introduced
vulnerabilities in its video uploader and “View As” function, which one had been left undetected
until the attack took place. But Facebook had announced that the vulnerability was fixed and the
team was starting to reset access tokens in order to better protect the security of their accounts,
since there were 40 more million users at risk of data exposure.
This article is formatted in a question and answer format, making it easier to read and
identify the important parts that pertained to the research topic. Also with this format, it was
easier to break up the article into different sections. However, there was little to none
information about how the author was able to obtain this information and it could be viewed as a
blogger giving their analysis of the situation in a lengthy blog post.

Raffer, Dan. "2019 Data Breaches: 4 Billion Records Breached so Far." ​Norton,​
us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html.
Accessed 14 Jan. 2020.

This web article from Norton provides information about the different data breaches that
had occurred in 2019 and statistics on cybersecurity in the first half of 2019. As the first half of
2019, there were 3,800 publicly disclosed breaches, 4.1 billion exposed data breaches, and a 54%
increase in the number of reported breaches when compared to the statistics from the first half of
2018. Then the source gives a list and information of the different data breaches that had
occurred, such as the company affected, date, and number of records breached. For example, in
financial data breaches, Capital One was affected on March 22 and 23, 2019, where there were
106 million records breached. Also it provides a description of what had happened, who was
affected, how they were affected, and the hacker’s performances.
This would be considered as a reliable source, since Norton is an anti-virus software
production company for many different operating systems. As well, the source includes the
source that they had used in their descriptions of the data breaches that occurred. Also, the
formatting of the website is broken down into the different categories of data breaches, such as
financial, entertainment, and etc, and it provides information for other people to take precautions
and be aware of the situation.

Roberts, Edward. "The Dark Side of Vulnerability Scanning." ​Resources.distillnetworks​,

resources.distilnetworks.com/all-blog-posts/the-dark-side-of-vulnerability-scannin
g. Accessed 15 Jan. 2020.

This blog post is about the benefits and consequences of vulnerability scanners,
describing its beneficial uses when used correctly and its harmful consequences when abused by
a black-hat hacker. The vulnerability scanners are meant to point out the weaknesses in a
website, which would notify the programmer to fix these weaknesses to prevent data breaches.
However, when in the hands of a black-hat hacker, these vulnerabilities are pointed out and it
makes it easier for the hacker to infiltrate the application if the programmer did not immediately
notice the weakness. The blog post also explains the characteristics of a vulnerability scanner,
such as automated tool, very noisy, able to access all code, and too targeted on a single request,
which could be a bad thing for the hackers.
 Though this is a blog post, the author has experience in working with web security in his
past. As well, the blog post shines a negative light on something that is thought of as a tool in
order to prevent the increase of data breaches. This can propose a research question into the
structure of a vulnerability scanner and how the information and data can be accessed by the
user.

Rodriguez, Salvador. "Facebook Says Hackers Were Able to Access Millions of Phone
Numbers and Email Addresses." ​Cnbc,​ 12 Oct. 2018,
www.cnbc.com/2018/10/12/facebook-security-breach-details.html. Accessed 15
Jan. 2020.

This news article is also about the Facebook data breaches that occurred, mentioning that
30 million users were impacted, which is about 20 million fewer than the company first
announced. Also that out of the 30 million users, only 14 million users had their private
information, such as name, contact information, and recent location, was exposed. The news
article also gives background information of what happened and the company’s statements about
the attack. Facebook announced that the attacks began on September 14 and went undetected
until September 25. The team took about two days to fix all of the vulnerabilities, stopped the
attack, and reset all of the access tokens for the affected users. Facebook, along with the FBI
were conducting an investigation in order to find out who was behind the attack and their
motives for doing so. As a solution, Facebook created and published a website for users to check
if their accounts were affected by the data breach.
Unlike the other sources on the Facebook data breaches, this news article was published
about a month after Facebook had originally announced the attacks. Thus, making this source
more reliable than the others, since this has the updated information about the Facebook data
breaches.

Rosen, Guy. "An Update on the Security Issue." ​Facebook​, 12 Oct. 2018,
about.fb.com/news/2018/10/update-on-security-issue/. Accessed 15 Jan. 2020.

This statement post is about the Facebook data breaches and Facebook’s vice president of
product management had made a statement trying to calm the public. Rosen mentions that
hackers had exploited a vulnerability in the code, which had been left unresolved since a period
between July 2017 and September 2018. Also, he makes a comment about an unusual spike of
activity that had begun just days prior to the attack, which led to Facebook starting their
investigation.
The statement post is most likely to be the most reliable source out of all of the sources
on the Facebook data breaches. This post is much more detailed about the discovery and the
vulnerabilities of the “View As” feature. As well, the author of the post is Guy Rosen, who
actually works for Facebook as the vice president of product management, making him able to
obtain first-hand information about the attacks, which most of the other sources had probably
used this statement post in their articles.
 Rouse, Margaret. "Network Vulnerability Scanning." ​WhatIs,​
searchsecurity.techtarget.com/definition/vulnerability-scanning. Accessed 15 Jan.
2020.

This article is about vulnerability scanning and the different approaches to scanning.
There are two different approaches, authenticated and unauthenticated methods. The
unauthenticated method allows the user to perform vulnerability scans for malicious uses, since
they don’t have a trusted access to a network. That type of scan could reveal the vulnerabilities
that can be accessed without logging into the network. Whereas, the authenticated scan allows
the user to log in as a network user, thus revealing vulnerabilities that are only accessible to a
trusted user or even a hacker that had gained access as a trusted user.
Similarly to the blog post about the dark side of vulnerability scanners, this source also
discusses the dangers of vulnerability scanners when abused by a user with malicious intent,
such as hackers. However, in this article post, the author, Rouse, offers a better and much more
technical term for the type of scan conducted by a malicious user.

Saifi, Yousef. "How Many People Play Fortnite? Concurrent and Registered 2019 Player
Count." ​fortniteinside.com​, 4 Nov. 2019,
fortniteinsider.com/how-many-people-play-fortnite-concurrent-and-registered-20
19-player-count/. Accessed 14 Jan. 2020.

This game news article is about the number of people that play Fortnite and gives
statistics on the number of players since the games launch from more than two years ago. As
well the number of players only grew within the past few years as the game had introduced a
new map in its new chapter and season, which was well received by its players.
The news article is able to provide statistics for the background/introduction of the
research paper, since Fortnite was one of the major platforms that had been breached in the first
half of 2019, affecting countless online players worldwide.

"Security Failure at Facebook-What We Know." ​Phys,​ 3 Oct. 2018,

phys.org/news/2018-10-failure-facebookwhat.html. Accessed 15 Jan. 2020.
This news article is also about the Facebook data breach that had affected tens of millions
of users worldwide. The source also discusses what had happened, what data was leaked, who
should worry, measures taken by Facebook, and the risk to Facebook. This news article
incorporates the legal standpoints of the data breaches’ affect on the social network company.
This would mean that due to this occurrence, companies can be fined up to a certain percentage
of their annual revenue if they break GDPR (General Data Protection Regulations). But
Facebook’s action of a 72-hour deadline regarding the public disclosure of the data breaches
might spare a fine of over a billion dollars.
This source, while incredibly similar to the other sources on Facebook’s data breaches, is
formatted in a style of question and answer. Thus, making it easier for the readers to understand
the situation. As well, unlike the other articles, this article factors in the consequences that
Facebook might face on a political level and not just an economic level.
 Techopedia. "Vulnerability Scanning." ​Techopedia​,
www.techopedia.com/definition/4160/vulnerability-scanning. Accessed 15 Jan.
2020.

This encyclopedia page is about vulnerability scanners and scanning process.

Vulnerability scanning is defined as the security technique used to identify weaknesses in a
computer system. Vulnerability scanners have many functions, such as port scanners, network
enumerators, network vulnerability scanners, web application security scanners, and computer
worms. The source then also provides their own definition and insight on a vulnerability scanner,
suggesting that there are some negative side-effects, which can lead the computer to crash during
a scan and that vulnerability scanners can range from enterprise level, which is very expensive,
to free open sources available to everyone.
The source provides a useful list of its many different functions, with the definitions
broken down into easily understandable terms that still maintain its technical vocabulary. And
unlike the other sources, this one also gives some insight about the downside of vulnerability
scanners, which many others don’t have because they are trying to encourage the use of
vulnerability scanners. While this one suggests that while vulnerability scanners are supposed to
be very useful, but not everyone could have access to one.

Vizacarra, Lucero Davalos. "Top 10 Web Security Vulnerabilities to Watch out for in
2019." ​Cai.tools​, 29 May 2019,
cai.tools.sap/blog/top-10-web-security-vulnerabilities-to-watch-out-for-in-2019/.
Accessed 15 Jan. 2020.

The web article is about the top ten web security vulnerabilities that are commonly seen
in 2019. The format of the website is that it gives an explanation of ratings, based on OWASP’s
scale. The ratings are broken down into three categories that it is evaluated on, exploitability
(how easy or difficult for an attacker to exploit), detectability (how easy or difficult for the
attacker and users to find them), and technical impact (the damage that can be caused). Then it
moves onto the actual list of vulnerabilities, providing information about what it is, more specific
types, examples, prevention methods, and the score/ratings.
This list provides many examples of vulnerabilities that are most commonly seen in 2019.
Meaning that this is keeping up with the current styles and techniques used by hackers, which
many cyber specialists are struggling with. Also, the rating and scoring is helpful as it shows
how dangerous the vulnerability is and how it can easily go undetected.

Zetter, Kim. "Hacker Lexicon: What Are DoS and DDoS Attacks?" ​Wired,​ 16 Jan. 2016,
www.wired.com/2016/01/hacker-lexicon-what-are-dos-and-ddos-attacks/.
Accessed 15 Jan. 2020.

The web article discusses DoS (denial of service) and DDos (distributed denial of
service) attacks that are currently on the rise and becoming more sophisticated each year. Both
are an attack that overwhelms a system with data, like a flood of requests made simultaneously
to a website, causing the server to crash. However, these are becoming more uncommon, since
there are more DDoS attacks that come from many computers throughout the internet, which can
either be hundreds or thousands at a time. The hackers typically use them for a variety of
reasons, some being expressing displeasure. For example, in 2011 there was an incident with the
hacktivist organization, Anonymous, where they launched a series of attacks against Paypal,
Visa, and Mastercard, which led providers unable to process donations for WikiLeaks.
The DoS and DDoS provide examples of exhibiting characteristics of a parameter
pattern. The parameter pattern is defined as malicious users making requests to modify its
parameters, while the DoS and DDoS are examples of requests that practically flood the
computer system.