Asked by .
In this activity, you will complete online research to learn about additional real-world examples of cybercrime that were committed by exploiting the security vulnerabilities discussed in the unit. Next, you’ll create a slideshow presentation that discusses each attack and talks about what could have been done to help prevent each attack.
Your slideshow should cover the following examples:
A man-in-the-middle or similar attack that relied on an application used to intercept data communication over a wireless network.
An attack similar to a man-in-the-middle attack but that targeted a wired network (e.g., wiretapping) rather than a wireless network.
A denial of service (or DDoS) attack.
A MAC spoofing attack.
A war driving attack (or company that suffered through war chalking posts).
At least one attack that spread from the original target to others through the Internet of Things (IoT), like what happened with NotPetya (This will probably be a malware attack.)
An attack that specifically targeted hardware rather than software or data.
It is not necessary for the attacks you describe to have caused thousands of dollars of damage, but they do need to have been successfully carried out. For each attack, you should clearly state the following information:
A general description of the attack and the damage it caused.
The application, hardware, or action that was used in the attack.
Why the target was vulnerable to the attack (e.g., an unpatched system, misconfigurations, etc.)
At least one step the target could have taken to help prevent the attack.
Each attack will take between two and four slides to explain. Each slide should only have one or two sentences on it.
Your submission for this activity will be your slideshow presentation.
All Answers 1
Answered by
GPT-5 mini
AI
Below is a ready-to-use slideshow script. Each line is one slide (1–2 sentences per slide). You can copy each line into one slide of your preferred presentation tool and add images or citations as needed.
Title slide
Slide 1: Cybercrime Case Studies — wireless/wired MITM, DDoS, MAC spoofing, wardriving, IoT spread, and hardware-targeted attacks.
Firesheep — wireless man-in-the-middle / session hijacking
Slide 2: In 2010 the Firesheep browser extension demonstrated how attackers on the same open Wi‑Fi network could capture session cookies and hijack accounts like Facebook and Twitter.
Slide 3: The attack used simple packet sniffing and cookie capture tools on unsecured wireless networks to impersonate legitimate users.
Slide 4: Targets were vulnerable because sites or users relied on unencrypted HTTP or had weak session protections.
Slide 5: Prevention: enforce HTTPS everywhere (HSTS), secure cookies, and use a VPN on public Wi‑Fi.
NSA "Upstream" collection — wired wiretapping / mass interception
Slide 6: The 2013 Snowden disclosures revealed the NSA’s "Upstream" program that copied communications directly from fiber‑optic backbone links and undersea cable points, amounting to large‑scale wiretapping.
Slide 7: Agencies used access to carrier infrastructure and packet‑splitting hardware to capture data in transit.
Slide 8: Targets were vulnerable because many flows were not end‑to‑end encrypted and backbone access was possible via provider cooperation or covert taps.
Slide 9: Prevention: use end‑to‑end encryption with forward secrecy, avoid plaintext protocols, and adopt stronger key management and certificate validation.
Dyn DDoS via Mirai — denial of service
Slide 10: In October 2016 the Mirai botnet launched massive DDoS attacks against DNS provider Dyn, causing outages for Twitter, Netflix, Reddit and many others.
Slide 11: Mirai infected thousands of IoT devices and used them to flood Dyn with traffic, overwhelming DNS and downstream services.
Slide 12: Devices were vulnerable because they used default or weak credentials, had exposed management services, and lacked firmware updates.
Slide 13: Prevention: change device defaults, apply patches, segment IoT off critical infrastructure, and use DDoS mitigation services (rate limiting, scrubbing).
MAC‑spoofing — service evasion / cable set‑top theft (MAC cloning)
Slide 14: Criminals have spoofed the MAC addresses of authorized set‑top boxes to fraudulently gain TV service or avoid billing, a form of service theft that has occurred repeatedly in the cable industry.
Slide 15: Attackers change their device’s NIC MAC or use MAC‑cloning tools to impersonate an authorized device.
Slide 16: Providers were vulnerable when they relied solely on MAC‑address authentication without stronger device identity checks.
Slide 17: Prevention: use device certificates or signed hardware IDs, monitor for duplicate MACs and unusual patterns, and combine MAC checks with account‑level authentication.
Wardriving / war‑chalking — discovering and marking insecure Wi‑Fi
Slide 18: Wardriving (scanning for Wi‑Fi from a vehicle) has been used to map open or misconfigured access points that attackers later exploit for fraud, hacking or data theft.
Slide 19: Attackers use tools like Kismet or NetStumbler and mapping services (e.g., Wigle) to locate vulnerable networks and sometimes mark locations via war‑chalking.
Slide 20: Targets were vulnerable when APs used no encryption, weak passphrases, or default admin credentials.
Slide 21: Prevention: enable WPA2/WPA3 with strong passphrases, disable open networks, keep AP firmware current, and monitor for unauthorized access points.
IoT‑spreading malware — Mirai propagation behavior (IoT botnets)
Slide 22: Mirai (2016) propagated by scanning the Internet for unsecured IoT devices and infecting them, causing rapid, large‑scale spread across cameras, DVRs and routers.
Slide 23: It relied on exposed Telnet/SSH and hardcoded default credentials to log in and install the bot.
Slide 24: Devices were vulnerable because manufacturers shipped devices with default passwords, lacked update mechanisms, and were Internet‑facing.
Slide 25: Prevention: manufacturers must enforce unique credentials and automatic updates, users should change defaults and disable unnecessary services, and networks should isolate IoT devices.
Stuxnet — attack that targeted hardware / industrial control systems
Slide 26: Stuxnet (discovered 2010) was malware designed to alter Siemens PLC code and cause physical damage to Iranian centrifuges, making it a landmark hardware‑targeting cyberattack.
Slide 27: It used multiple zero‑day Windows exploits to reach PLCs and then sent malicious ladder logic to change rotor speeds and disable safety reporting.
Slide 28: Targets were vulnerable due to poor ICS network segmentation, use of removable media, and lack of integrity checks on PLC programs.
Slide 29: Prevention: isolate industrial control networks (air gaps or strict segmentation), enforce signed and auditable PLC updates, deploy ICS anomaly detection, and harden physical and removable‑media policies.
Closing / next steps slide
Slide 30: For each case, use the cited mitigations—strong encryption, patching, least privilege, device identity, network segmentation, and monitoring—to reduce risk; add images and citations to the slides as required for your submission.
If you want, I can:
- Convert this into a PowerPoint or Google Slides file and attach it.
- Add speaker notes (1–2 lines per slide).
- Provide citations/links for each incident so you can include references.
Title slide
Slide 1: Cybercrime Case Studies — wireless/wired MITM, DDoS, MAC spoofing, wardriving, IoT spread, and hardware-targeted attacks.
Firesheep — wireless man-in-the-middle / session hijacking
Slide 2: In 2010 the Firesheep browser extension demonstrated how attackers on the same open Wi‑Fi network could capture session cookies and hijack accounts like Facebook and Twitter.
Slide 3: The attack used simple packet sniffing and cookie capture tools on unsecured wireless networks to impersonate legitimate users.
Slide 4: Targets were vulnerable because sites or users relied on unencrypted HTTP or had weak session protections.
Slide 5: Prevention: enforce HTTPS everywhere (HSTS), secure cookies, and use a VPN on public Wi‑Fi.
NSA "Upstream" collection — wired wiretapping / mass interception
Slide 6: The 2013 Snowden disclosures revealed the NSA’s "Upstream" program that copied communications directly from fiber‑optic backbone links and undersea cable points, amounting to large‑scale wiretapping.
Slide 7: Agencies used access to carrier infrastructure and packet‑splitting hardware to capture data in transit.
Slide 8: Targets were vulnerable because many flows were not end‑to‑end encrypted and backbone access was possible via provider cooperation or covert taps.
Slide 9: Prevention: use end‑to‑end encryption with forward secrecy, avoid plaintext protocols, and adopt stronger key management and certificate validation.
Dyn DDoS via Mirai — denial of service
Slide 10: In October 2016 the Mirai botnet launched massive DDoS attacks against DNS provider Dyn, causing outages for Twitter, Netflix, Reddit and many others.
Slide 11: Mirai infected thousands of IoT devices and used them to flood Dyn with traffic, overwhelming DNS and downstream services.
Slide 12: Devices were vulnerable because they used default or weak credentials, had exposed management services, and lacked firmware updates.
Slide 13: Prevention: change device defaults, apply patches, segment IoT off critical infrastructure, and use DDoS mitigation services (rate limiting, scrubbing).
MAC‑spoofing — service evasion / cable set‑top theft (MAC cloning)
Slide 14: Criminals have spoofed the MAC addresses of authorized set‑top boxes to fraudulently gain TV service or avoid billing, a form of service theft that has occurred repeatedly in the cable industry.
Slide 15: Attackers change their device’s NIC MAC or use MAC‑cloning tools to impersonate an authorized device.
Slide 16: Providers were vulnerable when they relied solely on MAC‑address authentication without stronger device identity checks.
Slide 17: Prevention: use device certificates or signed hardware IDs, monitor for duplicate MACs and unusual patterns, and combine MAC checks with account‑level authentication.
Wardriving / war‑chalking — discovering and marking insecure Wi‑Fi
Slide 18: Wardriving (scanning for Wi‑Fi from a vehicle) has been used to map open or misconfigured access points that attackers later exploit for fraud, hacking or data theft.
Slide 19: Attackers use tools like Kismet or NetStumbler and mapping services (e.g., Wigle) to locate vulnerable networks and sometimes mark locations via war‑chalking.
Slide 20: Targets were vulnerable when APs used no encryption, weak passphrases, or default admin credentials.
Slide 21: Prevention: enable WPA2/WPA3 with strong passphrases, disable open networks, keep AP firmware current, and monitor for unauthorized access points.
IoT‑spreading malware — Mirai propagation behavior (IoT botnets)
Slide 22: Mirai (2016) propagated by scanning the Internet for unsecured IoT devices and infecting them, causing rapid, large‑scale spread across cameras, DVRs and routers.
Slide 23: It relied on exposed Telnet/SSH and hardcoded default credentials to log in and install the bot.
Slide 24: Devices were vulnerable because manufacturers shipped devices with default passwords, lacked update mechanisms, and were Internet‑facing.
Slide 25: Prevention: manufacturers must enforce unique credentials and automatic updates, users should change defaults and disable unnecessary services, and networks should isolate IoT devices.
Stuxnet — attack that targeted hardware / industrial control systems
Slide 26: Stuxnet (discovered 2010) was malware designed to alter Siemens PLC code and cause physical damage to Iranian centrifuges, making it a landmark hardware‑targeting cyberattack.
Slide 27: It used multiple zero‑day Windows exploits to reach PLCs and then sent malicious ladder logic to change rotor speeds and disable safety reporting.
Slide 28: Targets were vulnerable due to poor ICS network segmentation, use of removable media, and lack of integrity checks on PLC programs.
Slide 29: Prevention: isolate industrial control networks (air gaps or strict segmentation), enforce signed and auditable PLC updates, deploy ICS anomaly detection, and harden physical and removable‑media policies.
Closing / next steps slide
Slide 30: For each case, use the cited mitigations—strong encryption, patching, least privilege, device identity, network segmentation, and monitoring—to reduce risk; add images and citations to the slides as required for your submission.
If you want, I can:
- Convert this into a PowerPoint or Google Slides file and attach it.
- Add speaker notes (1–2 lines per slide).
- Provide citations/links for each incident so you can include references.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.