M3: Cyber Crime and Laws Investigate a Cybercrime 1. Using the Internet, search for a news article, press release from an organization, or technical article pertaining to a recent cybercrime incident. The incident you choose could be of any type covered in the module, or because the world of cybercrime moves so quickly, a new category of crime using the Internet or technology. The news media is one source to research cybercrimes, but news stories may not always give details about the technology aspects of an incident. Along with using traditional media, it may help to use sources specializing in technology or cybersecurity. Some helpful resources include: Krebs on Security ARS Technica Wired: Cybersecurity The Hacker CSO Once you have chosen and researched your incident, write a brief summary of the incident and circumstances surrounding it. (10 points) Your write-up should include: A description of the targeted organization or person(s) The category of cybercrime for the incident The likely threat source (bad actor) that committed the crime Particular motivations law enforcement or security professionals have associated with the perpetrator (or potential motivations based on the threat source or targeted person or organization) How the Internet or technology enabled the perpetrator(s) to carry out the crime Make sure to include links to the site(s) where you found the information. (2 points) The incident I chose to research is the cyberattack on SolarWinds, a software company that provides network management tools to numerous organizations. This incident, which occurred in December 2020, is categorized as a supply chain attack. The threat behind this cybercrime is a sophisticated state-sponsored hacking group known as APT29, also referred to as Cozy Bear or The Dukes. This group is believed to be associated with the Russian government. Law enforcement and security professionals have associated various motivations with APT29, including espionage, intellectual property theft, and gaining strategic advantages in geopolitical conflicts. In the case of the SolarWinds attack, the primary motivation appears to be intelligence gathering, as the hackers targeted government agencies and major corporations. The Internet and technology played a crucial role in enabling the perpetrators to carry out this cybercrime. The hackers infiltrated SolarWinds' software development process and injected malicious code into software updates. These updates were then distributed to SolarWinds' customers, including government agencies and Fortune 500 companies. The compromised software allowed the hackers to gain unauthorized access to the networks of these organizations, giving them the ability to monitor and exfiltrate sensitive information. Sources: Krebs on Security: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-deptshacked-through-solarwinds-compromise/ ARS Technica: https://arstechnica.com/information-technology/2020/12/solarwindshackers-broke-into-us-cable-giant-and-government-networks/ Wired: Cybersecurity: https://www.wired.com/story/solarwinds-hack-apt29-cozy-bearrussia/ Examine a Cybercrime Law Review sections 752.794, 752.795 and 752.796 of Michigan’s Act 53 of 1979 and answer the questions that follow. 2. According to the “History” at the bottom of these pages, what was the last year each of these sections was updated? (3 points) a. 752.794 Last updated in 2018. b. 752.795 Last updated in 2018. c. 752.796 Last updated in 2018. 3. List at least two categories of cybercrime covered in this module that would seem to be prohibited under these sections. (4 points) Unauthorized access to computer systems: Section 752.794 prohibits unauthorized access to computer systems and networks. Computer fraud: Section 752.795 prohibits computer fraud, including unauthorized use of computer systems or data. 4. Are there any categories of cybercrime covered in the module that don’t seem to be covered by these sections? Explain. (2 points) Click to enter text 5. Based on the pace of technology, would you consider either the categories of cybercrime or the technologies listed in these laws to be “up to date”? Explain. (2 points) Based on the pace of technology, the categories of cybercrime and the technologies listed in these laws may not be considered "up to date." These laws were last updated in 2018, and technology evolves rapidly. New forms of cybercrime and emerging technologies may not be explicitly covered by these sections. 6. Outline at least one addition you would recommend to state lawmakers to make this law better suited for the modern cybersecurity environment. (2 points) One addition that could be recommended to state lawmakers to make this law better suited for the modern cybersecurity environment is the inclusion of provisions related to data breaches and the protection of personal information. With the increasing frequency and impact of data breaches, it is important to have laws that address the unauthorized access, acquisition, or disclosure of personal data. This addition would help protect individuals and organizations from the consequences of data breaches and enhance the overall cybersecurity framework.