Security and human aspects E-Book

TABLE OF CONTENTS

Opening

Introduction

Part 1: IT security and human factors

Chapter 1.0: computer security and economic crime

Chapter 1.1: approach and definition

Chapter 1.2: time, measurement, evaluation, and confidentiality

Chapter 1.3: the human generator of ambiguity

Chapter 1.4: threats, risks, and errors

Chapter 1.5: steering safety with human factors

Chapter 1.6: anticipation and action plan

Chapter 1.7: security and human factors.

Chapter 1.8: human intelligence - the art of anticipation.

Chapter 1.9: some examples

Chapter 1.10: recommendations.

Chapter 1.11: cybersecurity & AI

Part 2: the AI soc

Chapter 2.0: why use an SoC

Chapter 2.1: threat and active surveillance.

Chapter 2.2: functional table.

Chapter 2.3: intelligent SoC architecture.

Chapter 2.4: market tools

Chapter 2.5: the Aitek.6 soc knowledge cartridge

Chapter 2.6: AI in the fight against cybercrime

Appendixes

OPENING

"In a single moment, the energetic essence of the entire universe is unveiled."

After 15 years of extensive research and development, I am thrilled to present my book, "Innovation Unleashed: Manual AITEK 6," now available in bookstores. Within its pages, I delve deeply into the intricate concepts of my groundbreaking machine learning platform. This platform is distinguished by its innovative use of Auto-ML, its proprietary vector base, its automated process management system, and its insightful predictive dashboards. Additionally, I introduce the integration of business solutions known as knowledge cartridges, further enhancing its capabilities.

Between 2002 and 2006, alongside the creation of Aitek, I had the privilege of teaching security and human factors at the “Institut de lutte contre la criminalité économique” (ILCE) in Neuchâtel. The material developed for my teaching has evolved into a book, now accessible on Amazon. This journey has allowed me to share my insights into the challenges of computer security and human interaction within this realm with a broader audience — an enriching experience indeed.

In my relentless pursuit of societal innovation, I have harnessed this extraordinary platform to delve into the intersection of direct democracy and artificial intelligence. My essay, accessible on Amazon, offers a compelling exploration of the transformative possibilities arising from this amalgamation.

Venturing beyond the conventional boundaries of exploration, I immerse myself in an imaginative odyssey set in a dystopian universe within the science fiction genre. My novel, "L'espace d'un instant," takes Society to its darkest limits, exploring potential deviations and unravelling the complexities and challenges that emerge when my platform and AI encounter formidable circumstances.

INTRODUCTION

"If you know neither your enemies nor yourself, you will know your battles by your defeats" (The Art of War, Sun Tzu 600 BC)"

I am pleased to present this document, representing the course I delivered at the Institute for the Fight against Economic Crime (ILCE in french) in Neuchâtel from 2001 to 2006. This period marked a fascinating chapter in my career, with a dual focus on academic instruction and the pivotal design phase of my artificial intelligence and big data plat-form, Aitek.

During this time, the platform was still in its formative stages. While dedicating part of my time to academic teaching, we were concurrently developing the alpha version of the Aitek platform. Simultaneously, we laid the groundwork for the "knowledge cartridges" in various sectors such as pharmaceuticals, retail, customs, and supply chain, setting the stage for their future development.

When we were conducting oral exams for our students, Cedric and I came up with the idea of developing a knowledge cartridge for an Intelligent SOC (Security Operation Center) for cybersecurity. We worked together to design this innovation. I still remember a photo we took at Société Ilion after presenting our project to the team. It was an exciting moment when we could see our work taking shape.

Regrettably, Cedric's unexpected departure abruptly halted the project, and the knowledge cartridge remained dormant until now. I have undertaken the task of revisiting and organizing my notes from that period, forming Part II of my ongoing work. After necessary refinement and updates to these notes, I embarked on the writing of Part II.

In acknowledgment of their pivotal roles in this experience, I dedicate this course to two individuals who significantly contributed to its development.

I extend my sincere appreciation to Isabelle Augsburger-Bucheli, the dean of the institute, for her trust in assigning me this responsibility. Her steadfast support and expertise have been a continual source of inspiration throughout my tenure as an educator. It is under her guidance that I have been able to grow and contribute modestly to the institute.

In addition, I dedicate this course to Cédric Renouard, my collaborator for practical work and exams. Although Cédric departed too soon, entering the realm of geeks, his keen intellect, passion for technology and cybersecurity, and his eagerness to share knowledge have left an indelible mark on my professional journey.

This course (Part I) reflects my collaboration with the course I've had the pleasure of teaching for computer security education and awareness in the fight against economic crime. I trust that this document will continue to be a valuable resource for new students and professionals entering this field.

I express my gratitude to all of you for your support and contributions to our shared mission. It is through the efforts of dedicated colleagues that we can truly make a difference in the ongoing battle against economic crime.

PART 1: IT SECURITY AND HUMAN FACTORS

"Life is a web woven by humans, where randomness is the thread that creates unpredictable patterns."

CHAPTER 1.0: COMPUTER SECURITY AND ECONOMIC CRIME

"The why is the door that opens the path to knowledge."

IT security plays a crucial role in the fight against economic crime. With the rapid advancement of technology and the increasing digitization of business activities, cybercriminals are increasingly exploiting the vulnerabilities of computer systems to commit acts of fraud, theft of sensitive information and sabotage.

Strong IT security is essential to prevent and detect cybercriminal attacks, protect confidential data, and maintain the integrity of an organization's IT systems. Here are just a few reasons why IT security is important in the fight against economic crime:

Protecting Sensitive Data: Companies handle extensive amounts of sensitive data, encompassing financial information, personal customer data, and trade secrets. A security breach can result in severe consequences, including identity theft, financial fraud, and a loss of customer trust. Robust IT security measures are crucial to safeguarding this sensitive data and mitigating the risk of compromise.

Preventing Phishing Attacks: Cybercriminals often employ phishing techniques to deceive users into disclosing confidential information, such as login credentials or passwords. Effective IT security involves preventative measures and awareness campaigns to thwart phishing attacks and shield users from fraudulent attempts.

Intrusion Detection and Response: Effective IT security involves the implementation of intrusion detection and real-time monitoring systems to promptly identify suspicious activities on networks and systems. Early detection enables swift action to limit potential damage and minimize operational disruption.

Financial Transaction Security: As online financial transactions become more common, it is crucial to protect these transactions against fraud attacks. Strong IT security ensures the integrity of financial transactions by implementing encryption protocols, robust authentication mechanisms, and fraud detection systems.

Preserving Reputation and Trust: Companies falling victim to cybercrime attacks risk significant damage to their reputation and customer trust. Robust IT security demonstrates a commitment to protecting customer data, thereby strengthening trust and loyalty.

Regulatory Compliance: government and industry regulations mandate companies to protect sensitive information and implement appropriate security measures. Strong IT security facilitates compliance, avoiding penalties and legal disputes associated with non-compliance.

In conclusion, robust IT security is a pivotal element in the fight against economic crime. It safeguards sensitive data, prevents phishing attacks, detects intrusions, secures financial transactions, preserves reputation, and ensures regulatory compliance. Organizations prioritizing IT security enhance their ability to counter cyber threats and safeguard economic interests. The Master's program, while not exclusively focused on technology, recognizes the significance of IT security in combating economic crime. Students gain essential technological insights to understand negligence, ignorance, and embezzlement issues in this context.

The program emphasizes the importance of strong IT security, playing a vital role in the fight against economic crime. The program acknowledges technological advances creating opportunities for criminals and disrupting economic activities. Students learn about computer security concepts, best practices, and the implementation of technical, organizational, and human measures to protect IT systems, sensitive data, and critical processes.

Understanding potential threats and techniques used by economic criminals, students actively contribute to developing and implementing sound security strategies. They can advise organizations on asset protection, prevent data leakage, detect suspicious activity, and respond effectively to incidents.

Moreover, the program underscores cooperation and collaboration between professionals from diverse fields, including accountants, law enforcement agencies, and the judiciary. Combating economic crime demands a multidisciplinary approach where technology plays a central role. Students learn to work collaboratively, solving complex problems, sharing information, and coordinating efforts to prevent and suppress economic crime.

In summary, the Master's degree provides students with a comprehensive understanding of strong IT security and its crucial role in countering economic crime. They gain knowledge and skills to analyse risks, implement effective security strategies, and contribute to protecting companies and systems against emerging threats.

CHAPTER 1.1: APPROACH AND DEFINITION

"Words are vessels navigating the vast sea of meaning, voyaging bet-ween the shores of comprehension and the abysses of incomprehension."

When discussing computer security, the conversation often centers around hacking, carried out by various categories of hackers. There are "white hat" hackers, contracted to identify and rectify security vulnerabilities. Then, there are "grey hats" who discover flaws without being contracted but work to fix them without causing harm. Finally, there are "black hats" who exploit vulnerabilities for personal gain, disregarding the potential consequences.

These skills necessitate a deep understanding of electronics and advanced computer science. To illustrate, here are a few examples presented in a way that's accessible to the general public, avoiding technical details to prevent any potential replication of these operations.

Example 1: Where's my car?

Information technology (IT) has become pervasive across all sectors, including modern vehicles. To illustrate, let's explore how one could manipulate a modern car without its key. This scenario involves the internal communication bus known as the CAN Bus, developed in 1985 and standardized in 1991 (ISO 11898-2:2003). The CAN Bus manages exchanges between various components of vehicles, providing diagnostics on aspects like tire status, headlight status, brake status, emission control, key presence, etc.

While external communication with the vehicle is typically well secured, internal communication through the CAN Bus is often unencrypted. With a basic microcontroller, a battery, a few lines of assembly language, and proper connectors, one could connect a device to the headlights. This connected device, recognized as an internal element, can then send a series of messages amid a chaotic situation (similar to a DDoS attack) and signal the presence of the key.

With the vehicle falsely convinced that the key is present, the attacker can open the door and drive away, though caution is advised on the road (as certain functionalities like headlights may not operate optimally).

An essential detail often overlooked is that, in approximately 67% of cases, the vehicle registration document is stored in the glove compartment. While we cannot completely prevent sophisticated exploitation by malicious individuals, adopting simple habits, such as avoiding leaving important documents inside the vehicle, can make their task more challenging.

It's crucial to note that, as of your reading this, manufacturers have likely implemented measures to address such vulnerabilities. The security of electronic systems is continuously advancing to counter potential flaws and safeguard users from unauthorized manipulations. Industries responsible for these technologies incorporate protection mechanisms and regular updates to ensure a higher level of security and prevent intrusions.

Example 2: A few clock strokes later...

The internal architecture of a computer system relies on periodic interrupts generated by a clock. These interrupts occur at regular intervals, synchronized with the system's internal clock. Each interrupt prompts the processor to temporarily halt its normal execution flow, allowing for the management of tasks or the execution of specific routines.

Consider a microprocessor operating on an internal clock. At predefined intervals, this clock triggers an interrupt, commonly referred to as a clock interrupt. This initiates a coordinating routine, which varies based on the operating system running on the microprocessor. Operating systems like Windows, Unix/Linux, or macOS, for instance, use this interrupt to initiate a task scheduling process. This process involves reorganizing pending tasks and determining which tasks should be executed based on factors like priority and current status.

An example of such an interrupt is 1Ch, known as the clock tick, a periodic BIOS (Basic Input/Output System) interrupt occurring with each pulse of the computer's internal clock. On Intel x86 systems, this interrupt is addressed via the 1Ch interrupt vector. It activates approximately every 54.9254 milliseconds, with a frequency of around 18.2064819336 times per second, dependent on the internal clock frequency. During this interrupt, the processor temporarily suspends the normal execution of the ongoing program to perform a service or function related to time management.

Interrupt handling is a technique commonly used to modify or extend the standard behaviour of a computer system. By redirecting an interrupt to its own code, a program can intervene in the system's regular execution flow and execute specific actions, such as modifying parameters, executing custom code, or redirecting the interrupt back to the original routine to maintain normal system flow.

However, interrupt handling demands a deep understanding of both hardware and software, with precautions necessary to ensure system stability and security. For a malicious user to install this type of software, gaining access to the PC or phone is crucial. The human factor remains a critical element of protection even in this context, emphasizing the importance of addressing vulnerabilities related to user behaviour.

The examples provided showcase the breadth of possibilities, requiring expertise and knowledge beyond the scope of students in this course. Such topics are better suited for experts with continuous updates on a wide range of technologies, as individuals often pose the weakest link in IT security.

I could also include an example, for instance, demonstrating how one might gain access to a mailbox with knowledge of the phone number through social engineering. By employing a phone key simulator and a brute-force method, one could attempt to access the phone's voicemail and retrieve the new password.