Blog

What were the drawbacks of the Industrial Revolution at the time? Where do we see these drawbacks continuing (in practice, by effect, or both) today?

What were the most important new ideas to gain traction during the Enlightenment?

What are the “details” of the Renaissance? When? Where? Who? What? Why?

What are the “details” of the Protestant Reformation? When? Where? Who? What? Why?

A serial cable with an RJ-45 connector is capable of being used through an RJ-45 Ethernet port.

A serial cable with an RJ-45 connector is capable of being used through an RJ-45 Ethernet port.

Latency on data networks is based on a calculation of a packet’s round trip time (RTT).

Hunter Biden Laptop Controversy In October 2020, a controversy arose involving data from a laptop that belonged to Hunter Biden. The owner of a Delaware computer shop, John Paul Mac Isaac, said the laptop had been left by a man who identified himself as Hunter Biden. Mac Isaac also stated that he is legally blind and could not be sure whether the man was Hunter Biden. Three weeks before the 2020 United States presidential election, the New York Post published a front-page story that presented emails from the laptop, alleging they showed corruption by Joe Biden, the Democratic presidential nominee and Hunter Biden’s father. According to the Post, the story was based on information provided to Rudy Giuliani, the personal attorney of incumbent president and candidate Donald Trump, by Mac Isaac. Forensic analysis later authenticated some of the emails from the laptop, including one of the two emails used by the Post in their initial reporting. Shortly after the Post story broke, social media companies blocked its links. At the same time, other news outlets declined to publish the story due to concerns about provenance and suspicions of Russian disinformation. By May 2023, no evidence had publicly surfaced to support suspicions that the laptop was part of a Russian disinformation scheme. The Hunter Biden laptop controversy involved allegations of unauthorized access to personal data and the subsequent public disclosure of potentially sensitive information. Examining whether this constitutes a false allegation of privacy violation requires addressing the elements of privacy violations and the case’s specifics. Using the assumption that the previous information is entirely TRUE, why could this case not be considered a privacy violation? Justify your answer. Can it be considered a security case if it is not a violation? If yes, define in the MITRE ATT&CK which goal(s) the malicious agent seeks to achieve. Justify your answer.   Rubric Criteria Points Understanding of Privacy Violation (5 points) 5 points: Clearly explains why the case does not meet the legal or ethical criteria for a privacy violation, referencing definitions of privacy.3-4 points: Partially explain the criteria or reasoning behind why the case may or may not be a privacy violation. 0-2 points: Minimal or no explanation of privacy violation criteria or relevance to the case. Security Classification Justification (5 points) 5 points: Provides a clear argument for why the case could or could not be classified as security, with strong evidence and reasoning. 3-4 points: Offers some reasoning for classifying the case as a security case but lacks depth or clear justification. 0-2 points: Fails to address whether the case can be considered a security case or provides weak reasoning. Application of MITRE ATT&CK Goals (5 points) 5 points: Identifies specific MITRE ATT&CK goals (e.g., Credential Access, Collection, Exfiltration) and justifies with strong connections to the scenario. 3-4 points: Mentions applicable ATT&CK goals but with limited connection to the scenario details.               0-2 points: Fails to identify relevant ATT&CK goals or justify their relevance.        

Hunter Biden Laptop Controversy In October 2020, a controversy arose involving data from a laptop that belonged to Hunter Biden. The owner of a Delaware computer shop, John Paul Mac Isaac, said the laptop had been left by a man who identified himself as Hunter Biden. Mac Isaac also stated that he is legally blind and could not be sure whether the man was Hunter Biden. Three weeks before the 2020 United States presidential election, the New York Post published a front-page story that presented emails from the laptop, alleging they showed corruption by Joe Biden, the Democratic presidential nominee and Hunter Biden’s father. According to the Post, the story was based on information provided to Rudy Giuliani, the personal attorney of incumbent president and candidate Donald Trump, by Mac Isaac. Forensic analysis later authenticated some of the emails from the laptop, including one of the two emails used by the Post in their initial reporting. Shortly after the Post story broke, social media companies blocked its links. At the same time, other news outlets declined to publish the story due to concerns about provenance and suspicions of Russian disinformation. By May 2023, no evidence had publicly surfaced to support suspicions that the laptop was part of a Russian disinformation scheme. The Hunter Biden laptop controversy involved allegations of unauthorized access to personal data and the subsequent public disclosure of potentially sensitive information. Examining whether this constitutes a false allegation of privacy violation requires addressing the elements of privacy violations and the case’s specifics. Using the assumption that the previous information is entirely TRUE, why could this case not be considered a privacy violation? Justify your answer. Can it be considered a security case if it is not a violation? If yes, define in the MITRE ATT&CK which goal(s) the malicious agent seeks to achieve. Justify your answer.   Rubric Criteria Points Understanding of Privacy Violation (5 points) 5 points: Clearly explains why the case does not meet the legal or ethical criteria for a privacy violation, referencing definitions of privacy.3-4 points: Partially explain the criteria or reasoning behind why the case may or may not be a privacy violation. 0-2 points: Minimal or no explanation of privacy violation criteria or relevance to the case. Security Classification Justification (5 points) 5 points: Provides a clear argument for why the case could or could not be classified as security, with strong evidence and reasoning. 3-4 points: Offers some reasoning for classifying the case as a security case but lacks depth or clear justification. 0-2 points: Fails to address whether the case can be considered a security case or provides weak reasoning. Application of MITRE ATT&CK Goals (5 points) 5 points: Identifies specific MITRE ATT&CK goals (e.g., Credential Access, Collection, Exfiltration) and justifies with strong connections to the scenario. 3-4 points: Mentions applicable ATT&CK goals but with limited connection to the scenario details.               0-2 points: Fails to identify relevant ATT&CK goals or justify their relevance.        

Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist As cyberattacks on national critical infrastructure and private industry increase, the U.S. Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) to standardize cybersecurity practices for defense contractors. This process is critical, as demonstrated by China’s 2007 theft of sensitive F-35 Lightning II documents, which was confirmed by Edward Snowden’s 2015 leak. Snowden’s documents revealed that a Lockheed Martin subcontractor data breach allowed China to access F-35 designs, contributing to the development of their J-31 stealth fighter. Supply chain attacks like this are becoming more frequent and damaging, as seen in high-profile cases such as the SolarWinds and Kaseya attacks. According to Ryan Heidorn, co-founder of Steel Root, adversaries are stealing intellectual property at an alarming rate, targeting large primes like Lockheed Martin and smaller suppliers that may lack sophisticated cybersecurity. The CMMC aims to curb this issue by ensuring DoD contractors implement strict cybersecurity practices. While many companies already face these requirements, CMMC enforces compliance through assessments and certification, making it a critical mechanism to prevent the loss of sensitive information. The goal is to protect valuable defense technology, like the F-35, from further theft as adversaries like China continue to target critical U.S. systems. In the context of the 2007 theft of sensitive F-35 Lightning II technical documents and other similar supply chain attacks, how could the PASTA (Process for Attack Simulation and Threat Analysis) methodology enhance defense contractors’ and DoD vendors’ overall security process to prevent future data breaches?