Blog

HOW ONE OF YOUR VIRTUAL PERSONA COULD WORTH 500,000,000.00 EURO

HOW ONE OF YOUR VIRTUAL PERSONA COULD WORTH 500,000,000.00 EURO

FADI ABU ZUHRI

INTRODUCTION

The advancement of technology has brought about massive change in the lives of people. These developments have greatly affected how they transact and behave online. Many of the activities that were conducted face-to-face have transformed in the virtual world. More and more people have built comprehensive online profiles for them to shop, bank, and connect with friends to the point that they have created a Virtual Identity or Persona of themselves.

An individual’s Virtual Persona allows them to access their credit status, bank balances, engage in gaming, socializing, dating, blogging, etc. This makes your Virtual Identity of immense value to organizations and people. Your online behaviour indicates your buying patterns; your social and financial status attracts certain people who want to befriend you.

Virtual Persona has real value and certain entities may want access it and impersonate in the virtual world. Data derived from the virtual persona has become a source of profiteering legally and illegally. The widespread proliferation of illegal and unrestricted use of private information necessitates the need for effective online Identity Management to create a safe online environment for ecommerce and Internet usage as a whole (Smedinghoff, 2011).

People need to understand that in the virtual world, their online identities have immense value. Earlier, people stored their identity cards in their wallets. Now these are stored online – whether it is your social, legal or financial profile. This means, your Virtual Identity can potentially be stolen electronically. Even something as harmless as online gaming is subject to the same threats. Games such as “World of Warcraft” are termed Massively Multiplayer Online Role-Playing Game (MMORPG) as it engages a huge number of users. The “World of Warcraft” holds the Guinness World Records for the largest monthly subscribers of 11.6 million (Mitchell, 2009). The other most played MMORPG include Final Fantasy, The Elder Scrolls Online, Guild Wars 2, Blade & Soul, Black Desert Online, RuneScape, EVE Online and Star Wars (IG Critic, 2016). Various Augmented Reality games, Pokémon Go for example, also are gaining popularity. Such virtual communities are not immune to cyber attacks.

This paper explores the subject of Virtual Identity, the risk and opportunities of losing them to cyber theft. It reports on how organizations, legally and illegally, are analysing your Virtual Persona and what it could mean to losing accessing your Virtual Identity. The paper focuses on Virtual Reality (VR), Augmented Reality (AR), Analytical Tools and services available to analyse Virtual Identities.

VIRTUAL REALITY: RISK & OPPORTUNITIES

Virtual Reality (VR) describes the world that exists in our minds when we are interacting online. It is the computer-generated artificial environment that users can interact with (Biocca & Levy, 1995). This artificial environment can be experienced via stimuli as sounds and sights afforded by a computer. Virtual Identities are created in VR and represent users in the video games, chat rooms, virtual common space or any other similar environments. These identities aimed at complementing various virtual spaces and platforms are simply referred to as “Avatars” (Morgan, 2009). An Avatar includes a representative video content or image, a profile, a name, or a “handle” that offers more information about an individual’s Virtual Identities.

People create virtue identities by creating virtual representatives of themselves (Rheingold, 1991). In online games, the individual’s Virtual Identity may be part of their identity but may differ from their own identity. In other spaces such as Basecamp, Virtual Identities may be less creatively oriented and represent the user’s actual physical identity, where the user uses their own image or name for an Avatar (Witmer & Singer, 1998).

These virtual platforms pose special risks to users, as they are hubs for Cybercriminals. This occurs because VR technology is built upon existing platforms (Lanier, 1992). As such, it offers little new attack opportunity. At the highest level, VR is largely a new input and display mechanism added to the traditional devices. The technology is powered with underlying computers (whether a mobile, personal computer or console device) that have not really changed much. However, VR facilitates positional and orientation tracking. Physical body movements are tracked. The comprehensive behaviour tracking can be quantified to understand preferences, divert the user’s attention and even sell things (Rubin, 2016). Perhaps, the risk posed by it is not any greater than any other device or software that the user may add to his or her computer.

Today, the use of VR in gaming provides users with a fantasy world that is disconnected from reality. This way, it offers the opportunity to the identity thieves to attack VR and monetize such attacks via social engineering.

Finally, tracking data on online shopping facilitated through VR may allow Cybercriminals to make dangerous attacks. Online shopping provides users with an entirely different VR experience. It allows users to browse items online and even try these items on the Avatar. Unfortunately, the program used can identify a person’s debit card or credit card and Cybercriminals can capture and sell this information.

A Cybercriminal can also use VR/ AR headsets tracker such as web-coding tricks to find valuable information of the user, monitor mouse clicks and movements and use this data in recreating the user actions in a similar way one could mimic the manual pin entry (Fox, Arena, & Bailenson, 2009).

AUGMENTED REALITY: RISK & OPPORTUNITIES

Augmented Reality (AR) describes a series of technologies (i.e., Head-Mounted Displays (HMDs)) that makes it possible for the real-time mixing of content generated via computer with video display (Azuma R. T., 1997). It is used to integrate virtual information into the physical environment of a person making it possible for them to perceive it as existing in their environment (Janin, Mizell, & Caudell, 1993). Its functioning is based on the techniques that was developed in VR and interacts with the virtual world. AR technologies are defined by the following features: (1) interactive in real-time; (2) combining virtual and real; and (3) registered in 3D (Azuma, Baillot, Behringer, Feiner, Julier, & MacIntyre, 2001). This means that these technologies are registered in 3D and interact in real-time. This ensures accurate registration and tracking to ensure the user obtains a believable image. As such, the three key building blocks of AR systems are real-time rendering, display technology and tracking and registration (de Sa & Churchill, 2012).

New mobile wearable computing applications supporting AR functionality are increasingly become possible with the decrease in size and increase in the power of computers making it possible for users to access online services everywhere and always. This flexibility allows applications that enable users to exploit the surrounding context. This AR presents a powerful User Interface (UI) to context aware computing environments (Mekni & Lemieu, 2013). Currently, AR exists in consumer products including Microsoft’s HoloLens, Google Glass, Apple’s iPhone X, Samsung Pixie and games such as Pokémon Go.

AR devices may be prone to attacks and lead to identity theft. For instance, a Cybercriminal using Social Engineering and 3D models can alter and create fake videos and games. Computer scientists and animators have already succeeded in creating the techniques to take the voice recording of a person and make them say something they didn’t. They can give a person different lip movements and expressions by altering the person’s video. This can be achieved by way of tracking a history of movement of a person in VR. While these fake videos are yet to be perfected on, it demonstrates how accurate 3D models and VR tracking could change things. The individual’s unique identifiers could be their physical or verbal “ticks” or unique movements. If compromised, Cybercriminals can use these personal intricacies to digitally impersonate a user or to socially engineer one’s friends (Shatte, Holdsworth, & Lee, 2014).

AR technology was developed over forty years back. Pokémon Go just made AR mainstream. Cybercriminals see AR as an opportunity to execute their malicious intents, and have already seized the opportunity of the popularity of games and various other applications to execute their malicious intents (Zhou, Duh, & Billinghurst, 2008). They have succeeded in creating Windows ransomware, SMS spam, scareware apps, lockscreen apps and apps for purpose of executing their malicious intents. They use fake Windows-based Pokémon Go Bot to attack the users of Pokémon Go Bot. This Pokémon Go Bot application levels the account of the user with little effort by mimicking the role of a fake Pokémon trainer (Paz, 2016).

People are also exploiting Pokémon Go to spread malware to the AR game via bogus guides (Tynan, 2017). Augmented wearable technology pose a serious risk as images in the field of view of a person could be manipulated. These Cybercriminals essentially substitute real virtual objects with fake virtual objects. These AR Cybercriminals could also reinvent a new version of ransomware, which could be used for malicious purposes. By using this new breed of ransomware, these Cybercriminals could make a Doctor who is using Microsoft HoloLens to lose control of it or to pay ransoms. Cybercriminals can also use AR devices to collect personal health data and biometric data and use it for malicious intentions (Boyajian, 2017).

ANALYTICAL TOOLS AND SERVICES

The online technology has generated huge amount of data from video streaming, social media activities, online game playing and browsing in the Internet. These data are accumulating day by day from various sources, through different methods of inputting via different technologies. These data accumulated are called as “Big Data” which is considered to be broad, fast and voluminous. It is either structured or unstructured, but still useful to derive data sets and subsets to sell and utilize by online and non-online companies for increasing market coverage and profits (Tiwarkhede & Kakde, 2015).

Companies engaging in analytic services record and then sell online profiles like user/ screen names, email addresses, web site addresses, interests, preferences, home addresses, professional history, and the number of friends or followers an online user has. There are also companies who gather and synthesize data on the tweets, posts, comments, likes, shares, and recommendations of the user in his social media accounts (Beckett, 2012).

Analytic service and online data industry is reported to be a $300 billion-a-year industry, employing around 3 million people in the United States alone (Morris & Lavandera, 2012). There are a lot of successful companies that provide analytical services and data brokering. These companies, supposedly, know more about you than Google. The list includes Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf, and Recorded Future (Mirani & Nisen, 2014). What they do is look into online personal profiles of the users, gathering information like names, friends, activities and interests of those personal profiles and selling them to end users for advertising, marketing and other legitimate economic activities. Basically, it collects information like contact detail, interests, preferences and demographics, then aggregating those information gathered based on a subset needed or applicable to its clients. Acxiom alone has recorded over a billion dollar in revenue for its analytical services involving 144 million US households (Morris & Lavandera, 2012).

Data brokers are intelligent in gathering data and know how to use it. They take advantage of the vast data available online in order to deliver relevant services to users, suggest products and services that the users might need or subliminally suggesting that they need it. These companies claim that all the information gathered and sold is legal, secure and suitable for the users. Data brokers cater to different customers that can range from small enterprises to large Fortune 500 companies (Morris & Lavandera, 2012).

Data brokers source their information from a variety of places. For example, Facebook, Google and other free apps are collecting your data and selling it to those who are willing to pay for it. And then there are Cybercriminals who steal this information and sell on the dark net.

It is scary to think what damage a cyber attack on data aggregators could do. In September 2017, Equifax reported a massive data breach. Initially reported as affective 143 million people, the estimate was revised to 145.5 million later. Cybercriminals accessed consumer’s highly sensitive personal and financial information including names, birthdates, addresses and credit card numbers (Hackett, 2017).

CONCLUSION

The cost of virtual persona of a user is priced depending on its legality, usage and the purpose of its application. Bank details, credit history and the availability of personal documents like driver’s license are seen as high value. Financial Times has presented a calculator to show what each bit of your personal information is worth (Steel, Locke, Cadman, & Freese, 2013). The more is revealed about your real and virtual behaviour, the more valuable your information is. And consider the fact that this information is constantly traded and resold to multiple buyers. It is not difficult to imagine that over the course of your lifetime (or afterlife) your persona may be worth 500 million Euros.

In almost all of the cases the owner of such personal information does not receive the income, or even a tiny share of it, from the revenues generated by the analytics service providers who sell this to willing buyers. The owner themselves are facing risk of breach in security when their information is leaked to undesirable elements who will use their identity to commit fraudulent and criminal activities, leaving them liable for credit fraud or for the unpaid loan that they did not apply for in the first place. The real owner of the personal data faces the burden of proving his/ her innocence.

AR and VR devices are highly complex and relatively new. They are vulnerable and attractive to Cybercriminals looking for the weakest link. Some argue that Cybersecurity’s weakest link are the organization’s own employees (Banham, 2017). Social engineering, as it is also known, is where Cybercriminals deceive their victims and gain their trust. Once the Cybercriminal gains entry, the best protective software turns useless. Therefore, organizations need to invest in on-going Cybersecurity awareness for their employees.

Does it make sense to blame people who are the value creators in organizations? Shouldn’t technical systems be built for normal people rather than techies building systems for techies?

REFERENCES

1.Azuma, R. T. (1997). A Survey of Augmented Reality. Presence: Teleoperators and Virtual Environments , 6 (4), 355-385.

2.Azuma, R., Baillot, Y., Behringer, R., Feiner, S., Julier, S., & MacIntyre, B. (2001). Recent advances in augmented reality. Computer Graphics and Applications , 21 (6), 34–47.

3.Banham, R. (2017, March 20). The Weakest Link In Your Cyber Defenses? Your Own Employees. Retrieved 2017, from https://www.forbes.com/sites/eycybersecurity/2017/03/20/the-weakest-link-in-your-cyber-defenses-your-own-employees/#7815acac5d51

4.Beckett, L. (2012, November 9). Yes, Companies Are Harvesting – and Selling – Your Facebook Profile. Retrieved 2017, from ProPublica: https://www.propublica.org/article/yes-companies-are-harvesting-and-selling-your-social-media-profiles

5.Bimber, O., Raskar, R., & Inami, M. (2005). Spatial Augmented Reality. Wellesley: AK Peters.

6.Biocca, F., & Levy, M. (1995). Communication applications of Virtual Reality. Hillsdale, NJ: Erlbaum.

7.Boyajian, L. (2017, February 27). The 3 biggest challenges facing Augmented Reality. Retrieved 2017, from Network World: http://www.networkworld.com/article/3174804/mobile-wireless/the-3-biggest-challenges-facing-augmented-reality.html

8.de Sa, M., & Churchill, E. (2012). Mobile augmented reality: exploring design and prototyping techniques. 14th international conference on Human-computer interaction with mobile devices and services (pp. 221–23). ACM.

9.Eskelinen, M. (2001). Towards computer game studies. Digital Creativity , 175–183.

10.Fox, J., Arena, D., & Bailenson, J. N. (2009). Virtual Reality: A Survival Guide for the Social Scientist. Journal of Media Psychology , 95–113.

11.Hackett, R. (2017, October 2). Equifax Underestimated by 2.5 Million the Number of Potential Breach Victims. Retrieved 2017, from http://fortune.com/2017/10/02/equifax-credit-breach-total/

12.IG Critic. (2016). Most Played MMORPG Games of 2016. Retrieved 2017, from http://igcritic.com/blog/2016/03/17/most-played-mmorpg-games-of-2016/

13.Janin, A. L., Mizell, D. W., & Caudell, T. P. (1993). Calibration of head-mounted displays for augmented reality applications. (pp. 246–255). IEEE.

14.Lanier, J. (1992). Virtual reality: The promise of the future. Interactive Learning International , 275–279.

15.Mekni, M., & Lemieu, A. (2013). Augmented Reality: Applications, Challenges and Future Trends. Applied Computational Science .

16.Mirani, L., & Nisen, M. (2014, May 27). The nine companies that know more about you than Google or Facebook. Retrieved 2017, from https://qz.com/213900/the-nine-companies-that-know-more-about-you-than-google-or-facebook/

17.Mitchell, B. (2009, June 5). E3 2009: Guinness World Records announces awards at E3. Retrieved 2017, from http://www.ign.com/articles/2009/06/05/e3-2009-guinnes-world-records-announces-awards-at-e3

18.Morgan, G. (2009, July 24). Challenges of Online Game Development: A Review. Simulation & Gaming. (Sage) Retrieved 2017, from Simulation & Gaming: http://research.ncl.ac.uk/game/research/publications/87445d01.pdf

19.Morris, J., & Lavandera, E. (2012, August 12). Why big companies buy, sell your data. Retrieved 2017, from CNN: http://edition.cnn.com/2012/08/23/tech/web/big-data-acxiom/

20.Paz, R. D. (2016, August 24). Pokémon Go Accounts Targeted by Bogus Pokémon Go Bot. Retrieved 2017, from Fortinet: https://blog.fortinet.com/2016/08/24/pokemon-go-accounts-targeted-by-bogus-pokemon-go-bot

21.Rheingold, H. (1991). Virtual reality. New York: Simon & Schuster.

22.Rubin, P. (2016). AR, VR, MR: Making Sense of Magic Leap and the Future of Reality. Retrieved 2017, from https://www.wired.com/2016/04/magic-leap-vr/

23.Shatte, A., Holdsworth, J., & Lee, I. (2014). Mobile augmented reality based context-aware library management system. Expert Systems with Applications , 41 (5), 2174–2185.

24.Smedinghoff, T. J. (2011). Introduction to Online Identity Management. Colloquium on Electronic Commerce .

25.Steel, E., Locke, C., Cadman, E., & Freese, B. (2013, June 13). How much is your personal data worth? Retrieved 2017, from http://ig.ft.com/how-much-is-your-personal-data-worth/?mhq5j=e5

26.Tiwarkhede, A. A., & Kakde, V. (2015). A Review Paper on Big Data Analytics. International Journal of Science and Research , 845-848.

27.Tynan, D. (2017, June 9). Augmented reality could be next hacker playground. Retrieved 2017, from https://www.the-parallax.com/2017/06/09/augmented-reality-hacker-playground/

28.Witmer, B., & Singer, M. (1998). Measuring presence in virtual environments: A presence questionnaire. PRESENCE: Teleoperators and Virtual Environments. Presence , 7 (3), 225–240.

29.Zhou, F., Duh, B. I., & Billinghurst, M. (2008). Trends in augmented reality tracking, interaction and display: A review often years of ISMAR. 7th IEEE/ACM International Symposium on Mixed and Augmented Reality (pp. 193–202). IEEE Computer Society.

SMARTPHONES AND BIG DATA – THE END OF PRIVACY

SMARTPHONES AND BIG DATA – THE END OF PRIVACY

FADI ABU ZUHRI

INTRODUCTION

Technology is rapidly advancing. The technology that was there ten years ago is not the technology that is there today and it will not be there in ten years to come, as new technologies would have been adopted (Briggs & Thomas, 2015). Smartphone manufacturers have adopted various biometric security measures such as voice recognition, fingerprints, facial recognition and IRIS scanners to protect its users. In the not too distant future, biometric scanners and other new security measures would be commonplace. This article shows how such technological advancements can be creepy, as the safety of users’ information would no longer be guaranteed.

WHAT YOUR SMARTPHONE MIGHT BE REVEALING ABOUT YOU

A smartphone can say so much about a person’s personality including the person’s likes and dislikes, the person’s location, which services are being used and how much time spent on various apps, even the mood can be predicted. The smartphone could in fact trigger services to send the individual targeted advertisements (Tene & Polonetsky, 2013).

A study conducted by the University of Lancaster indicated that the operating system of a smartphone, whether Android or OS can depict the personality of an individual. Apparently, people who used Android phones were found to be more honest and humble than those who used iPhones. Further research indicated that Android phone users were found to be kinder, more open and less extroverted that OS users. They concluded by stating that the smartphone is the most basic level of personalization, which can tell a lot about a user (Shaw, Ellis, Kendrick, Ziegler, & Wiseman, 2016).

The applications that the users download could also tell about their personality traits, where that person is downloading from and the services that the individual is using which allow advertising companies to send targeted ads to that individual. A future with Radio Frequency Identification (RFID) implants offer a wide range of challenges and opportunities with identifying pepole (Rotter, Daskala, & Compano, 2008). It has become more and more apparent that the smartphone is the mini digital version of a user and that is why many users do not like other people using their smartphones. This calls for the use of security measures such as biometric scanners to protect the users.

THE PROS AND CONS OF BIOMETRIC SCANNERS

Over the years, smartphone manufacturers have managed to upgrade these devices with embedded biometric scanners (Mayer-Schönberger & Cukier, 2014). Smartphone manufacturers companies have started adding biometric scanners to protect the users. The biometric scanners are beneficial in that they can identify criminals, understand an individual’s online behavior, and predict the political or religious affiliations of that person (Hubbard, 2008). For instance, when a criminal tries to withdraw funds from a person’s online banking through a smartphone, biometric scanners may be able to detect that there is a change of fingerprints and use mechanisms to protect the user such as locking down of the smartphone to prevent withdrawal of the funds. A biometric scanner could proactively scans for viruses to protect the user of the smartphone (Gilbert, 2009).

However, this has proven to be more creepy than beneficial since the personal information of the users can be compromised if someone can hack the biometric scanner. The biometric scanner stores personal information such as the fingerprints of an individual, individual likes and dislikes, app preferences, physical location, etc. (Lieberoth & Hansen, 2011). The biometric scanner could predict a person’s political or religious affiliations. For example, if political elections registers voters using biometric registration, this information can be linked to the person (Greenberger & Padesky, 2015). It is, therefore, evident that future smartphone with more biometric scanners are creepier as they are in a position to store personal information, identify criminals, understand the online behavior of an individual, and depict his or her political or religious affiliations.

HOW BIG DATA IS MARKING THE END OF PRIVACY

It is being suggested that smartphones will, in future, carry out blood tests, medical scans, and even offer diagnosis by linking with advanced medical profiles and databases. Biosensors would be linked to smartphones, monitor the patient’s vital signs and treatment (Topol, 2016).

Powerful alogorithms that run the in backend and link to your smartphone could help the government fight terrorism or online retailers predict buying patterns. For example, Amazon, through its Kindle application, knows which section of the book is most engaging and which one is not. This information can be used to target the user with other interesting sections or prompt the reader to buy another book. Big data and real-time constant surveillance through our smartphones mark the start of new digital revolutions that can change the way we think and interact in a new world. Big data could even predict our future behavior and possibly implicate us for something we did not even do (Mayer-Schönberger & Cukier, 2014).

CONCLUSION

While the benefits of smartphones and in-built security are much touted, one needs to consider the power they are increasingly being vested with as technology advances. With the emergence of new technologies, smartphone manufacturers can enhance more security measures for the users while at the same time store more personal information (Ferguson, 2015). The personal information that is likely to be kept by a biometric scanner includes an individual’s fingerprints, personality traits, likes and dislikes, political and religious affiliations, geo-location, preferred apps and so forth (Fadiman, 2012).

REFERENCES

  1. Briggs, P., & Thomas, L. (2015). An inclusive, value sensitive design perspective on future identity technologies. ACM Transactions on Computer-Human Interaction (TOCHI) , 22 (5).
  2. Fadiman, A. (2012). The spirit catches you, and you fall: A Hmong child, her American doctors, and the collision of two cultures. Macmillan.
  3. Ferguson, A. G. (2015). Big Data and Predictive Reasonable Suspicion (Vol. 163). University of Pennsylvania Law Review.
  4. Gilbert, D. (2009). Stumbling on happiness. USA: Vintage Books.
  5. Greenberger, D., & Padesky, C. A. (2015). Mind over Mood: Change how you feel by changing the way you think. USA: Guilford Publications.
  6. Hubbard, T. E. (2008). Automatic license plate recognition: an exciting new law enforcement tool with potentially scary consequences. Syracuse Journal of Science & Techlogy Law , 18 (3).
  7. Lieberoth, A., & Hansen, F. A. (2011). Can autobiographical memories create better learning? The case of a scary game. Proceedings of ECGBL. The 5th European Conference on Games Based Learning, (pp. 350-357). Athens, Greece.
  8. Mayer-Schönberger, V., & Cukier, K. (2014). Big data: A revolution that will transform how we live, work, and think. Houghton Mifflin Harcourt.
  9. Rotter, P., Daskala, B., & Compano, R. (2008). RFID implants: Opportunities and challenges for identifying people. IEEE Technology and Society Magazine , 27 (2).
  10. Shaw, H., Ellis, D. A., Kendrick, L.-R., Ziegler, F., & Wiseman, R. (2016). Predicting Smartphone Operating System from Personality and Individual Differences. Cyberpsychology, Behavior, and Social Networking , 19 (12), 727-732.
  11. Tene, O., & Polonetsky, J. (2013). A theory of creepy: technology, privacy, and shifting social norms. Yale Journal of Law and Technology , 16 (1).
  12. Topol, E. (2016). The patient will see you now: the future of medicine is in your hands. Basic Books.

DARKER SIDE OF CRYPTOCURRENCY AND THE ROLE OF DARTH VADER

DARKER SIDE OF CRYPTOCURRENCY AND THE ROLE OF DARTH VADER

FADI ABU ZUHRI

INTRODUCTION

Cryptocurrency is the latest innovation in currency that has been introduced in the world today. It involves the use of digital assets to work as a medium of exchange by the use of cryptography. In 2009, Bitcoin became the first company to decentralize cryptocurrency and ever since, many companies have mushroomed to provide the same services (Gao, Clark, & Lindqvist, 2016).

The introduction of this particular medium of exchange was aimed at reducing the production of currency and makes the whole idea of digital assets come to play. The various reasons that have made this particular medium of exchange grow in popularity is the fact that this particular exchange has the ability to reduce the amount of currency that is circulating in various financial institutions that are present today. Also, the assets that have been transformed to the form of Cryptocurrency are less culpable to be followed up as far as legal matters are concerned.

To take an example, Bitcoins have suddenly become a major topic of financial innovation all over the world. There are various benefits of Bitcoin. For instance, Bitcoin has no transaction costs. It is transparent and very open (VPRO, 2015). The development of this technology also comes up with some hitches despite the fact that more and more people are using it as the most preferred medium of exchange. It is estimated that more than 10 million people hold Bitcoin wallets (Burniske & White, 2017). For these reasons, we take a look at the darker side of Crytocurrency.

BLOCKCHAINS EXPLAINED

A blockchain consists of blocks, each holding some data, linked with other blocks. A block of data, in Bitcoin for example, is limited to one megabyte and there is no limit on the number of transactions that can fit in a block (BitcoinWiki, 2016). A blockchain is open, distributed and ensures that the transactions are immutable and can be verified. This is achieved by unique hashing algorithm, like SHA-256. A hashing algorithm provides a unique sequence of bits to authenticate the integrity of the data. Any change in the data leads to a different hash. The hash of one block gets embedded in the next block and so on (Sims, 2017). While this ensured integrity it did not prevent anyone from replicating the blockchain. This is solved by the use of cryptographic nonce (Rogaway, 2004). A nonce is an arbitrary number added within the block to generate a specific type of hash. This, for example in 2017, is a sequence of seventeen zeros at the beginning of the hash. Recreating this hash sequence is infeasible due to the massive computing power required.

MISUNDERSTANDING CRYTOCURRENCY

A lack of public awareness is a cause of misunderstanding Cryptocurrency. People haven’t had enough time to educate themselves about how these systems works (Baur, Bühler, Bick, & Bonorden, 2015). Cryptocurrency is a very young technology when it comes to dealing with currency. People embraced this new idea but not everyone has evaluated the pros and cons of owning and transacting in Cryptocurrencies. This makes them vulnerable to being conned and even losing their fortune.

RISK AND VOLATILITY

Bitcoin and other Cryptocurrencies are still growing and undergoing various developments. Blockchains use private key (secret key) to access digital currency wallets, trade and transact. Thus, protecting your private key is of utmost importance, as it is irreplaceable if lost or stolen, just like cash. It is estimated that the value of lost Bitcoins is US$ 950 million (Berke, 2017). If Darth Vader lost his private key, his money is forever lost in Internet’s virtual space.

Popularity of Cryptocurrency is also increasing as evidenced by the fact that daily Bitcoin transactional volume is over $200 million (Burniske & White, 2017). There is a great risk that this high demand of this Bitcoins may fail to be satisfied raising skepticism from the client on whether the company can meet the demand of the customers. Also, there is a big risk when it comes to the idea of volatility involving the change in prices of the Bitcoin (Kostakis & Giotitsas, 2014). Currently, the Bitcoin prices change every day due to the events related to the production and trade of Cryptocurrencies. There is a risk because at this infancy stage of Bitcoins, there might be loopholes that have not been discovered and it would be important to discover them and cover them as soon as possible to avoid future catastrophe in the transactions.

Your computing power could be used without your knowledge by Cybercriminals for Cryptocurrency mining operations. Such an attack was reported recently when unpatched Windows 2003 Webservers were infected with modified mining software (Monero). The loss was estimated at more than US$ 63,000 in digital currency (Seals, 2017).

PRONE TO MALWARE ATTACK

Cryptocurrency works on a technology of storing assets on a publicly accessible digital platform that could attract cyber-criminals. They could be a constant attempt to try to come up with malware with an attempt of stealing this money (Kostakis & Giotitsas, 2014). Hackers from all corners of the world always try to come up with ways to break the cipher on which these particular Cryptocurrencies have been encrypted. Bitfinex is the largest US dollar-based Bitcoin exchange in the world. It suffers from the effects of a DDoS attack on its systems. Apart from the attacks against the Cryptocurrency exchanges, DDoS has also attacked the Russian exchange BTC-e. Bitcoin inherits decentralization, which is of advantage but also one of its biggest risks and challenges (Muncaster, 2017).

Also, there is a risk of malware in the form or viruses and even Trojans. The fact that all the transactions involving Cryptocurrencies are conducted via the Internet puts this particular type of exchange at the risk of being attacked by malware on the Internet that might decipher or corrupt information that is present about the Bitcoin. The most probable attack by malware is through ransomware where criminals will intercept the information and demand money in exchange.

DECRIMINALISING CRYTOCURRENCY

It is well known within the law enforcement circles that civilian-type vehicles are a preferred choice to blend in with the crowd and go unnoticed. Vehicles such as Toyota Corolla sedans, Ford F-150 pickups, or Chevrolet Malibu sedans are popular choices by both drug dealers and narcotics officers in the United States (Clinton, 2014). Does that mean an unmarked Toyota Corolla should be suspected an accomplice to a crime?

Anyone who has seen the movie “Jaws” will remember how deadly sharks can be. But in reality, you are more likely to be killed by a deer than by sharks, bears and alligators combined. Statistics show that for every one shark related death on average in the United States, 120 deaths are due to deers, 58 due to flying insects and 28 due to dogs. This is in stark contrast to 0.18 deaths per year by a wolf, or on average one person every 5 years (Lopez, 2016). These examples are just a reminder to how people are quick to dismiss Cryptocurrency because the ransomware perpetrators demanded money in Bitcoins. It almost seems as if the media is bent upon projecting Cryptocurrency as the iconic evil currency, similar to Darth Vader of Star Wars fame.

It is argued that for currency to be a suitable medium of exchange, it should be easily dispersed and easily spent. This is not the case for Cryptocurrencies since it is not easily liquidated and thus it cannot be spent as easily as cash. This limitation makes it hard for the Cryptocurrencies to be popular among those engaged in “dark business” (Rogojanu & Badea, 2014). As much as it is touted that Crytocurrencies work outside the traditional modes of banking, evading detection, law enforcement agencies might have access to tools to keep track of the transactions that take place with Cryptocurrency. These arguments suggest that it is a common misconception that Cryptocurrency is a trading ground for illegal business such as Money Laundering and Drug Trafficking.

CONCLUSION

Cryptocurrency is a revolutionary concept that is sure to disrupt the market. It has come with many advantages over the current medium of exchange. These advantages have led to a lot of people to adopt this technology sometimes without having the full knowledge of how this particular business is conducted (Al Kawasmi, Arnautovic, & Svetinovic, 2015).

This particular technology could be the next big thing as a medium of exchange, but there must be a lot of policy formulation that must follow up to ensure that there is minimal fraud. Also, this technology being at an infancy stage there should be a lot of development that should take place to ensure that this whole system functions well and without any doubt from the clients.

While fiat currencies are backed by the government, Cryptocurrencies are generated on a computer system with no governmental guarantees. While some find comfort in government backing, it also means that the government can print an unlimited amount of fiat currency. Fiat currency, in some cases, is not backed up any physical asset like gold. On one had the value of fiat currencies are subject to regulations, market and political forces; on the other hand, Crytocurrencies are influenced by supply and demand.

Owning a Toyota Corolla is not illegal even though it s popular vehicle for criminals who wish to go unnoticed. Popular culture criminalizes the wolf and the shark for killing one and five people every 5 years. The lovely deer is not criminalized even after it is responsible for 120 deaths a year.

Cryptocurrencies are not without its challenges. While there are voices asking for stronger government regulation, does it not defeat the whole premise of decentralization that Cryptocurrency stands for? Despite the name Cryptocurrency, is it not just another asset class that presents a convenient form of value exchange? Why regulate it anymore than you would any taxable good of value?

Is there a solution to recovering your encrypted assets locked by a private key? Can you be given ownership of your Cryptocurreny wallet if it was lost or stolen? Losing ownership of one’s private key is seen as the ultimate risk with no signs of a viable solution.

REFERENCES

1.Al Kawasmi, E., Arnautovic, E., & Svetinovic, D. (2015). BitcoinBased Decentralized Carbon Emissions Trading Infrastructure Model. Systems Engineering , 18 (2), 115-130.

2.Baur, A. W., Bühler, J., Bick, M., & Bonorden, C. S. (2015). Cryptocurrencies as a disruption? empirical findings on user adoption and future potential of bitcoin and co. In Conference on e-Business, e-Services and e-Society (pp. 63-80). Springer International Publishing.

3.Berke, A. (2017, March 7). How Safe Are Blockchains? It Depends. Retrieved 2017, from https://hbr.org/2017/03/how-safe-are-blockchains-it-depends

4.BitcoinWiki. (2016, April 11). Block size limit controversy. Retrieved 2017, from https://en.bitcoin.it/wiki/Block_size_limit_controversy

5.Burniske, C., & White, A. (2017, January). Bitcoin: Ringing the bell for a new asset class. Retrieved 2017, from Ark Invest: http://research.ark-invest.com/bitcoin-asset-class

6.Clinton, P. (2014, March). Driving a Drug Dealer’s Car. Retrieved 2017, from http://www.government-fleet.com/channel/procurement/article/story/2014/03/driving-a-drug-dealer-s-car.aspx

7.Gao, X., Clark, G. D., & Lindqvist, J. (2016). Of Two Minds, Multiple Addresses, and One Ledger: Characterizing Opinions, Knowledge, and Perceptions of Bitcoin Across Users and Non-Users. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, (pp. 1656-1668). Santa Clara, California.

8.Kostakis, V., & Giotitsas, C. (2014). The (A) political economy of Bitcoin. Communication, Capitalism & Critique. Open Access Journal for a Global Sustainable Information Society , 12 (2), 431-440.

9.Lopez, G. (2016, September 24). You are way more likely to be killed by deer than by sharks, bears, and gators combined. Retrieved 2017, from https://www.vox.com/2016/9/24/13032272/killer-animals-deer-sharks-bears

10.Muncaster, P. (2017, June 15). World’s Largest Bitcoin Exchange Bitfinex Crippled by DDoS. Retrieved 2017, from https://www.infosecurity-magazine.com/news/worlds-largest-bitcoin-exchange/

11.Rogaway, P. (2004). Nonce-Based Symmetric Encryption. In B. Roy, & W. Meier (Eds.), Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science (Vol. 3017, pp. 348-358). Berlin, Heidelber: Springer.

12.Rogojanu, A., & Badea, L. (2014). The issue of competing currencies. Case study–Bitcoin. Theoretical and Applied Economics , 21 (1), 103-114.

13.Seals, T. (2017, September 29). Monero-Mining Campaign Takes the Easy Road to Cash Gains. Retrieved 2017, from https://www.infosecurity-magazine.com/news/moneromining-campaign-takes-cash/

14.Sims, G. (2017, September 29). What is a blockchain. Retrieved 2017, from https://www.youtube.com/watch?v=KN-FQR7A6Iw&feature=youtu.be

15.VPRO. (2015, November 1). The Bitcoin Gospel. Retrieved 2017, from https://topdocumentaryfilms.com/bitcoin-gospel/

Dr. Berg’s New Body Type Guide: Get Healthy Lose Weight & Feel Great

Dr. Berg’s New Body Type Guide: Get Healthy Lose Weight & Feel Great Hardcover – October 24, 2017

The New Body Type Guide by Eric Berg, DC, is a major upgraded and improved version of his best selling book, The 7 Principles of Fat Burning. In his recent years, many new discoveries and observations prompted Dr. Berg to come out with a new version to bust through any slow metabolism. Dr. Berg will teach you how to take your results to a whole new level and get your body into super health state. Also added is several additional chapters on acupressure techniques to rid stress, pleasure food recipes that are healthy and how to stick to your plan no matter what comes up. But the major change is in what you are going to be eating. Forget about cravings, blood sugar imbalances and the numerous continued problems people have when they struggle to lose weight. This is your personal guild to customize your results based on your body type – let the adventure begin!
(Eric Berg, DC)

UNETHICAL RECRUITER PIMP INDULGES JOBSEEKERS WEAKNESS AND WISHES

UNETHICAL RECRUITER PIMP INDULGES JOBSEEKERS WEAKNESS AND WISHES

FADI ABU ZUHRI

INTRODUCTION

Having a decent job that meets a person’s needs and expectations is a vital necessity for any adult. According to Calenda (2016), the need sometimes becomes crucial for individuals who have just completed their education or in dire need for employment. This high demand sometimes leads to desperation which makes a job seeker vulnerable and at the disposal of their potential employees. This issue is very common that is why there are agencies created by laws to handle these cases. It is, therefore, important for us to understand some of these unethical issues and also understand how we can deal with these particular issues.

Various ways will display the wrong approach when it comes to the recruitment process (Shaffer, Bakhshi, & Kim, 2015). Any of the following behaviors are conducted by recruiters, they should be considered unethical and should be reported to ensure that they are not repeated and promote a high level of professionalism.

PHISHING FOR PERSONAL INFORMATION

Fake job interviews are increasingly becoming common. This is one way for fraudsters to fish for personal information and money. Scammers use sophisticated tools and techniques to obtain sensitive personal financial information from prospective candidates. Stealing identity is quite valuable as it can be sold over the “dark net” for money (Williams & Pellecchia, 2017).

There are also instances of people roping in the expertise of job seekers for free under the delusion that they are being interviewed for a fancy job. Job seekers, therefore, need to be vigilant and ask relevant questions on the hiring process. They need to be beware of undue appreciation and for people who do not paint a consistent picture of the job profile (Ryan, 2017).

USING EXPLODING JOB OFFERS

Exploding job offers are job offers with a short expiry date. The regular period that has been set for the period between the announcement and the date of recruitment is not less than two weeks, anything less than this is considered to be an exploding job offer. Exploding job offers are not encouraged since they put pressure on the candidate to beat the deadline and make the necessary arrangements for the job (Shaffer, Bakhshi, Dutka, & Phillips, 2016). Ample time is required to be given to a candidate of any interview so that they can gather all the materials that are needed for the recruitment, gather the materials that they think will assist them to secure the job and also prepare themselves psychologically. It is considered unethical if one will be informed of the availability of a job opportunity less than two weeks before the day of the interview, this will be practically preparing them to fail.

TYING BONUS SIGNING TO EXPLODING JOB OFFERS

The issue of tying of bonus signing comes with a lot of controversies given that these unique gifts come with certain terms and conditions (Calenda, 2016). It is, therefore, prudent for someone to understand these particular conditions before he or she signs the given bonus to avoid situations where they get caught up in compromising situations when they are to leave the company.

USING HIGH-PRESSURE INTERVIEW TACTICS

Some approaches during interviews tend to scare away the candidates and lower their confidence in front of the panel. Interviews are meant to gauge the candidates’ knowledge and ability to carry out the various tasks that are required of them (de Silva, Opatha, & Gamage, 2016). There are incidents where the recruiters will use techniques that are meant to scare the candidates from attending the interview or even reduce the number of the people so that they can deal with just a few candidates. These tactics of scaring away the candidates are not encouraged given that it denies candidates a chance to express themselves in a more comfortable environment. An example of these tactics involves asking the candidate irrelevant questions for example; what your worst experience is? These questions are supposed to be asked in an informal context. Asking these questions leaves the candidate confused on how to respond to the questions since they find it awkward.

REVOKING ON A JOB OFFER TO A CANDIDATE

Revoking a job offer to a candidate is something that should highly be avoided. Job offers are open to all candidates provided that they meet the requirement of the job as indicated in the announcement. There are cases when recruiters just decide to revoke the offers to some candidates without any solid grounds for this particular action. This is considered to be unethical because if an individual has met the entire requirement that he or she is expected to have attained, then it is very rightful of them to claim the job.

WITHHOLDING RELEVANT INFORMATION IN EXTENDING A JOB OFFER

When announcing for a particular interview, it is important for the recruiters always to disclose all the information about the jobs that are being offered. Information such as job salary, relocation allowance, starting date and job title are very vital, and it is important that these particular items are included (Jeske & Shultz, 2016). To understand the importance of including this information, let us consider the issue of salary. What motivates people to go for particular work is the salary; the salary usually goes hand in hand with experience and the level of knowledge and education. Including information about the salary minimizes the cases of underpayment.

EXHIBITING UNPROFESSIONAL BEHAVIOR

The recruitment process of employees should be done by any given organization or companies with maximum consideration to professionalism just like any other formal activity of the organization. Any personal behavior that depicts unprofessional conduct in any recruitment process is highly discouraged. There are various forms of unethical conduct including fraternizing and harassment. These two particular acts may be different in this context but should not be entertained.

Fraternizing involves associating with the candidates in a personal and friendly manner. It is not expected that the recruiting panel starts treating the candidates in a very friendly manner that will suggest any form of favors. This particular act of fraternizing might compromise the whole process of recruitment leading to the recruiting of incompetent employees. Another unprofessional conduct during the process of recruitment is harassment (Shaffer et al., 2016). Harassment of candidates includes all forms of harassments including sexual, personal, racial, age and even bullying. All these acts do not provide a comfortable environment for the candidates and are highly discouraged.

CONCLUSION

An unethical recruiter is a pimp who advertises and indulges jobseekers weakness and/ or wishes to gain something at the expense of the job seeker. Although certain activities are not criminalized in the real world, it is pretty close to human slavery as the jobseeker is victimised by being coerced into taking up a job offer that is not worth it.

It is so unjust and unethical for recruiters to take advantage of those who step at their doorstep in search of a livelihood (Wong & Li, 2015). This issue has undermined the professionalism of the company that is recruiting its employees, and it may lead to employing of incompetent people. So, this issue is considered misconduct and those who are victims should report these cases to ensure that the perpetrators face the law.

REFERENCES

  1. Calenda, D. (2016). Sustainable recruitment’of foreign-educated nurses: ethical and work related issues. The case of Finland. Robert Schuman Centre for Advanced Studies Research Paper .
  2. de Silva, V. A., Opatha, H. H., & Gamage, A. S. (2016). Towards Extending the Ethical Dimension of Human Resource Management. International Business Research , 9 (10), 151.
  3. Jeske, D., & Shultz, K. S. (2016). Using social media content for screening in recruitment and selection: pros and cons. Work, Employment & Society , 30 (3), 535-546.
  4. Ryan, L. (2017, August 8). Ten Signs You’re Interviewing For A Fake Job Opportunity. Retrieved 2017, from https://www.forbes.com/sites/lizryan/2017/08/08/ten-signs-youre-interviewing-for-a-fake-job-opportunity/#43cbd2987aaa
  5. Shaffer, F. A., Bakhshi, M., & Kim, E. M. (2015). Business Case for Ethical Recruitment. Nurse Leader , 13 (5), 40-48.
  6. Shaffer, F. A., Bakhshi, M., Dutka, J. T., & Phillips, J. (2016). Code for ethical international recruitment practices: the CGFNS Alliance case study. Human Resources for Health , 14 (31).
  7. Williams , A., & Pellecchia, R. (2017, July 6). Fake Online Job Interviews Phishing for Your Personal Information. Retrieved 2017, from Financial Industry Regulatory Authority: http://www.finra.org/newsroom/2017/fake-online-job-interviews-phishing-your-personal-information
  8. Wong, S. C., & Li, J. S. (2015). Will hotel employees’ perception of unethical managerial behavior affect their job satisfaction? A study of Chinese hotel employees in China. International Journal of Contemporary Hospitality Management , 27 (5), 853-877.

CYBER BODY LANGUAGE

CYBER BODY LANGUAGE

FADI ABU ZUHRI

INTRODUCTION

For several hundreds of years, official agencies have been studying techniques and mechanisms to identify individuals. They started off by passports and identity cards and later developed to more controversial schemes like DNA profiling and body surveillance (Caplan & Torpey, 2001).

It is estimated that there are 39 million web servers worldwide that host 3 billion indexable web pages with 20 billion links. There is an ever increasing surveillance by government as well as telecom operators at the cost of privacy of netizens (Batty, 2003). Technological advances in identity and behaviour mapping have become more daring in the recent times. The handheld mobile phones and other gadgets have made it possible for businesses get to know about the behaviour of the people and allow them to gather vital information that can help them reach out to these users. Phone manufacturers, software developers and internet search engines are now able to detect the behaviour and interests of the users through integrated algorithms and computing devices.

Cyber Body Language is best understood as “Context-Awareness” where a device or software is designed, primarily or partly, to analyse the behaviour or pattern of the users and apply information gathered to automatically assert products, services, or other purposes such as security monitoring.

This article covers the implications of Cyber Body Language’s Context-Awareness and how it will affect the users in terms of privacy, finances and consumption. The review of related literature discusses Cyber Body Language, Context-Awareness, Context-Awareness Computing, Privacy, Geolocations and Targeted Ads through personalized hypermedia application.

CYBER BODY LANGUAGE

According to Oracle (2014), Cyber Body Language or “Digital Body Language” is similar to facial expression or behaviour a user makes when interacting in the cyber world. In an online equivalent, these behaviours and expressions could be web browsing history, download history, web searches and online communication. This behaviour is the raw data that provides informaton about the user’s interests, needs and so on. Even the schedule of the user’s online presence can be useful information for the organizations monitoring the user’s behaviour (Oracle, 2014).

The transformative shift of physical activities such as online shopping transactions had created a marketing challenge of comprehending online consumer behaviour (Woods, 2009). Oracle (2014) stated that marketing and sales operations need to be adapted to ensure that it is Context-Aware or able to comprehend the Cyber Body Language of the consumers. It is imperative that the organization must first have a broad understanding of the impact of the shift and how all the processes came to change with it. An organization must be well-equipped with the necessary technology and infrastructure to be able to synthesize the information based on the consumer behaviour. (Oracle, 2014)

CONTEXT-AWARENESS

Dey (2001) defined context as any data that can be utilized to describe the environment of an entity. According to him, an entity can be the user, location or a thing that is significant in the domain of the application or software (Dey, 2001). On the other hand, Context-Awareness is defined as someone who is the user of the information. In such as case, a system is said to be Context-Aware when it has the ability to gather and synthesize the context information and apply it in the improvement and adaptability of the device (Byun & Cheverst, 2004).

Context-Awareness is aimed to provide efficiency and usability of service offered to the users and this is only possible through being flexible and aware of the changing behaviors of the users (Bolchini, Schreiber, & Tanca, 2007; Dey, 2001; Zhu, Mutka, & Ni, 2005). It has been said that context played a very crucial role because it is built up from user information and included data on status, location and interests (Korpipää, Mäntyjärvi, Kela, Keränen, & Malm, 2003; Kwon, 2004).

CONTEXT-AWARENESS COMPUTING

In understanding Cyber Body Language, there were Context-Aware Systems developed that take advantage of user behaviour. Context-Aware Systems gather context, analyse such context gathered and then with the information acquired is used to customize the system based on the behaviour or changing situation of the user (Khattak et al., 2014).

Facebook plans to figure out the emotional state of the users. It files a stir of patents that try to find out our emotions. One of the patents is Augmenting Text Messages with Emotion Information which involves decorating the text messages to fit the people’s moods. Therefore, Facebook intends to join some features with words to show the impressions of the sender (Vaas, 2017).

The other proposed Emotion-Reading patent is Techniques for Emotion Detection and Content Delivery. It plans to own its path to the cameras on our phones, tablets, and laptops by observing us as we peer at the screens. Another Emotion-Gleaning technology has been described where one will generate emojis based on the user’s facial Expression. These types of technology tools can be used by the marketers to gauge the reaction of the consumers and cater to them (Vaas, 2017).

In short, Context-Aware Systems are made to adapt their systems in accordance to the context of the user without their active participation in such changes (Khattak, et al., 2014). The development of these Context-Aware Systems synthesizes the behaviour and environment of the user with an aim to ensure that such systems will continually be usable and effective throughout time (Baldauf, Dustdar, & Rosenberg, 2007; Khattak, et al., 2011; Chen, Nugent, & Wang, 2012).

Context-Aware Systems are becoming more popular and have been developed into diverse domains or interface such as Location-Based Systems (Want, Hopper, Falcão, & Gibbons, 1992), Context-Aware file system (Hess & Campbell, 2003), Context-Aware Security (Covington, Fogla, Zhiyuan, & Ahamad, 2002), Context-Aware Activity Recognition (Khattak, et al., 2011), Context Based Searching (Ding, et al., 2004; Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013), and Intelligent Healthcare Systems (Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013; Khattak, Pervez, Lee, & Lee, 2011; Hussain, et al., 2013; Khattak, Pervez, Han, Lee, & Nugent, 2012). Nowadays, the use of Context-Aware Systems has become commonplace and part of everyday life for users of the cyber world. In fact, Cyber Behaviour sensing and computing devices are known to have been already installed in most smart devices (Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013; Khattak, Pervez, Lee, & Lee, 2011; Han, Vinh, Lee, & Lee, 2012).

The context gathered from the users is classified as internal or external (Hofer, Schwinger, Pichler, Leonhartsberger, & Altmann, 2013). But the quality of information derived by the Context-Aware Systems is not dependent on whether it is internal or external. Such systems are designed to acquire and synthesize context in order to make it useful and effective for further processing (Baldauf, Dustdar, & Rosenberg, 2007; Han, Vinh, Lee, & Lee, 2012).

Another domain of Context-Awareness is a personalised hypermedia application. It is a hypermedia system which, like any Context-Aware Systems, applies the information, structure and the physical attributes of the networked hypermedia objects to the user’s environment, characterization and behaviour. This Context-Aware domain is considered as an interactive system. This means that users are allowed to navigate a network of linked hypermedia objects. Examples of hypermedia are the web pages which contain various media types like text, photos, videos, clips, applications and other similar elements. (Kobsa, Koenemann, & Pohl, 2001)

PRIVACY

User behaviour in the internet has become subject to breach of privacy and security. Smith et al. (1996) enumerated the four instances where the issue of privacy concerns arise, to wit: the gathering of personal information, unapproved indirect use of personal information, supplying of wrong personal information, and unauthorized access to personal data (Stewart & Segars, 2002). These concerns in online marketing are being applied in the same regards like collection of the personal information, storage and control of these information and observance of the privacy practices and use such data in a way that promotes marketing without breaching the sensitive line of privacy (Malhotra, Kim, & Agarwal, 2004). On the other hand, most consumers are concerned on the unapproved indirect use of data and the supplying of wrong personal information (Brown & Muchira, 2004). There will be a possibility that the consumer may lose his trust to the vendor when the latter insisted on getting the information evoking privacy concerns (Camp, 2003).

Google and Microsoft argue that it has the right to scan all emails passing through its systems. This means that Google can read keywords that can trigger relevant advertisements (Schofield, 2013). Facebook has a privacy setting to allow users to stop the collection of behavioural information. However by default this is set to allow the collection of private information. Even if one were to opt out, it does not stop advertisements on Facebook (Smith L. , 2016).

There are various instances that are possible to happen in terms of breaching of privacy with the utilization of Cyber Body Language . Context-Aware Systems are made smart and adaptable, mostly users are caught off guard, but their behavioural patterns are already studied in the furtherance of the systems they use. Most of the time, this Context-Aware devices are useful, but unauthorized access or misused of the data gathered from the user might post a security threat. Although there may be concerns that Context-Aware Systems can be very damaging to the privacy of the user, it should also consider that these Context-Aware Systems can also provide security. This way, the Context-Aware Systems can intelligently analyse the behaviour of the user, assess the possible breach of security and synthesize those information to strengthen the security systems.

According to Milne and Gordon (1993), the collection of such Personal Information called for the proper treatment as it is considered to be an “Implied Social Contract” with the consumer. The consumer has a right to sue and be entitled with compensation if there such an instance where his trust has been breached by the vendor (Solove, 2006). Because of this, the vendor is always required to ensure that he observed fair information practices to guarantee the consumer that his personal information is well-respected and well-preserved (Culnan, 2000; Dinev & Hart, 2006).

GEOLOCATIONS

One of the domains of Context-Aware Services popularly applied is the location-based services. These services are usually present in mobile services that follow the location of their users (Rao & Minakakis, 2003) which basically the primary market of the Context-Awareness. One location-based services application widely used is the Geo-Fencing and also its allied services like a notification signal wherein it reminds user when it enters a certain area like a nearby police station or school grounds. (Namiot, 2013)

According to Rivero-Rodriguez et al. (2016), there can be issues or problems can arise from the inability to secure location privacy in an Location-Based Context-Aware environment One of the issues in location-enabled aware device is the spamming where the user is barraged by advertisements of the products or services from businesses. The second issue is the threat to personal safety of the user where he can be easily targeted of harassment, assault or any crime because his location is easily traced. The last issue is the ability of other users to access the spatio temporal information of a user where their Privacy, Personal Information, Religious and Political views are located. (Rivero-Rodriguez, Pileggi, & Nykänen, 2016)

TARGETED ADS

Advertisements are targeted to users that meet certain behavioural characteristics. An example of this is the tool created by Cambridge University called “Apply Magic Sauce” which is said to predict the Psycho-Demographic profile of the user based on the footprints left on the social media like Twitter and Facebook. This is developed to give specific perception on the behaviour, personality, attitude, interest and level of interest of the user (Psychometric Centre of University of Cambridge, 2017).

Another tool called “Crystal” is also created to predict the profile of a user by analyzing the email history and LinkedIn profile of a user. This tool can also be used against the email contacts to analyse their behaviour for the user will have a perception of his contact’s behaviour or character. The main objective of this tool is for the user to become a good communicator (Crystal Project Inc., 2017).

CONCLUSION

The use of Cyber Body Language is a result of the evolutionary process of computing systems were user’s patterns and behaviors are studied to become the trigger points for enhancement, upgradation or replacement of systems installed. This adaptability mechanism of devices has been developed really well to read Cyber Body Languages that it became a source of concern for all. Since most users had already experienced how it can exploit, harass, bombard or sneak into their personal space where security and privacy is at great risk. However, it cannot be discounted that the utilization of Cyber Body Languages is a mine-field for discoveries that can help continuously upgrade and advance technologies without explicit participation from the users. Keeping in mind the age-old respect of one’s privacy and personal space, it is only logical to suggest that the development of Cyber Body Languages should be regulated.

REFERENCES

  1. Baldauf, M., Dustdar, S., & Rosenberg, F. (2007). A Survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput , 263-277.
  2. Batty, M. (2003). The Next Big Thing: Surveillance from the Ground up. Environment and Planning B: Urban Analytics and City Science , 30 (3).
  3. Bolchini, C., Schreiber, F. A., & Tanca, L. (2007). A methodology for a very small database designs. Information Systems , 61-82.
  4. Brown, M., & Muchira, R. (2004). Investigating the Relationship between Internet Privacy Concerns and Online Purchase Behavior. Journal of Electronic Commerce Research , 62-70.
  5. Camp, L. J. (2003). Design for trust. In R. Falcone, Trust, Reputation and Security: Theories and Practice,. Springer-Verlang.
  6. Caplan, J., & Torpey, J. (2001). Documenting Individual Identity: The Development of State Practices in the Modern World. Princeton, NJ: Princeton University Press.
  7. Chen, L., Nugent, C., & Wang, H. (2012). A knowledge-driven approach to activity recognition in smart homes. IEEE Transactions on Knowledge and Data Engineering , 961–974.
  8. Covington, M., Fogla, P., Zhiyuan, Z., & Ahamad, M. (2002). A context-aware security architecture for emerging applications. 18th Annual Computer Security Applications Conference, (pp. 249-258). Las Vegas, NV.
  9. Crystal Project Inc. (2017). Crystal. Retrieved May 15, 2017 from Crystal Knows: https://www.crystalknows.com/
  10. Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? . Journal of Public Policy and Marketing , 20-26.
  11. Dey, A. K. (2001). Understanding and using context. Personal and Ubiquitous Computing , 4-7.
  12. Dinev, T., & Hart, P. (2006). An Extended Privacy Calculus Model for E-Commerce Transactions. Information Systems Research , 61-80.
  13. Ding, L., Finin, T., Joshi, A., Pan, R., Scott Cost, R., Peng, Y., et al. (2004). Swoogle: A search and metadata engine for the semantic web. 13th ACM International Conference on Information and Knowledge Management, , (pp. 8-13). Washington, DC.
  14. Han, M., Vinh, L., Lee, Y., & Lee, S. (2012). Comprehensive context recognizer based on multimodal sensors in a smartphone. Sensors , 12588–12605.
  15. Hess, C., & Campbell, R. (2003). An application of a context-aware file system. Personal and Ubiquitous Computing , 339–352.
  16. Hofer, T., Schwinger, W., Pichler, M., Leonhartsberger, G., & Altmann, J. (2013). Context-awareness on mobile devices-The hydrogen approach. 36th Annual Hawaii International Conference on System Sciences, (pp. 6-9). Big Island, HI, USA.
  17. Hussain, M., Khattak, A., Khan, W., Fatima, I., Amin, M., Pervez, Z., et al. (2013). Cloud-based Smart CDSS for chronic diseases. Health Technology , 153-175.
  18. Khattak, A. M., Akbar, N., Aazam, M., Ali, T., Khan, A. M., Jeon, S., et al. (2014). Context Representation and Fusion: Advancements and Opportunities. Sensors , 9628–9668.
  19. Khattak, A., Ahmad, N., Mustafa, J., Pervez, Z., Latif, K., & Lee, S. (2013). Context-aware Search in Dynamic Repositories of Digital Documents. 16th IEEE International Conference on Computational Science and Engineering (CSE 2013), (pp. 3-5). Sydney, Australia.
  20. Khattak, A., Pervez, Z., Han, M., Lee, S., & Nugent, C. (2012). DDSS: Dynamic decision support system for elderly. 25th IEEE International Symposium on Computer-Based Medical Systems (CBMS 2012), (pp. 20-22). Rome, Italy.
  21. Khattak, A., Pervez, Z., Lee, S., & Lee, Y. (2011). Intelligent healthcare service provisioning using ontology with low-level sensory data. KSII Transactions on Internet and Information Systems , 2016–2034.
  22. Khattak, A., Truc, P., Hung, L., Vinh, L., Dang, V., Guan, D., et al. (2011). Towards smart homes using low level sensory data. Sensors , 11581–11604.
  23. Kobsa, A., Koenemann, J., & Pohl, W. (2001). Personalised hypermedia presentation techniques for improving online customer relationships. The Knowledge Engineering Review , 111-155.
  24. Korpipää, P., Mäntyjärvi, J., Kela, J., Keränen, H., & Malm, E. J. (2003). Managing context information in mobile devices. IEEE Pervasive Computing , 42-51.
  25. Kwon, O. B. (2004). Modeling and generating context-aware agent-based applications with amended colored petri nets. Expert Systems with Applications , 609-621.
  26. Malhotra, N., Kim, S. S., & Agarwal, J. (2004). Internet Users’ Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research , 336-355.
  27. Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy Marketing , 206–215.
  28. Namiot, D. (2013). GeoFence Services. International Journal of Open Information Technologies , 30-33.
  29. Oracle. (2014). Digital Body Language: Reading and Responding to Online Digital Body Behaviors. Digital Body Language Guide .
  30. Psychometric Centre of University of Cambridge. (2017). Facebook and Twitter Prediction. Retrieved May 15, 2017 from Psychometric Centre of University of Cambridge: https://applymagicsauce.com/demo.html
  31. Rao, B., & Minakakis, L. (2003). Evolution of Mobile Location-based Services. Commun. ACM , 61-65.
  32. Rivero-Rodriguez, A., Pileggi, P., & Nykänen, O. A. (2016). Mobile Context-Aware Systems: Technologies Resources and Applications. International Journal of Interactive Mobile Technologies , 25-32.
  33. Schofield, J. (2013, August 15). Is Gmail secure enough for my private emails? Retrieved 2017 from https://www.theguardian.com/technology/askjack/2013/aug/15/gmail-google-email-privacy
  34. Smith, H. J., Milberg, S., & Burke, S. (1996). Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quarterly , 167-196.
  35. Smith, L. (2016, June 3). You Need to Update Your Facebook Privacy Settings — Again. Retrieved 2017 from http://www.goodhousekeeping.com/life/news/a38801/targeted-facebook-ads-privacy-settings/
  36. Solove, D. J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review , 477.
  37. Stewart, K. A., & Segars, A. H. (2002). An empirical examination of the concern for information privacy instrument. Information Systems Research , 36-49.
  38. Vaas, L. (2017, June 12). Facebook wants to feel your pain (and your joy). Retrieved 2017 from https://nakedsecurity.sophos.com/2017/06/12/facebook-wants-to-feel-your-pain-and-your-joy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
  39. Want, R., Hopper, A., Falcão, V., & Gibbons, J. (1992). The active badge location system. ACM Transactions on Information Systems , 91-102.
  40. Woods, S. (2009). Digital Body Language: Deciphering Customer Intentions in an Online World. Danville, CA: New Year Publishing.
  41. Zhu, F., Mutka, M. W., & Ni, L. M. (2005). Service discovery in pervasive computing environments. IEEE Pervasive Computing , 81-90.

 

CHALLENGES FACED BY CYBER FORENSIC INVESTIGATOR – CONCEPTS AND TECHNIQUES

CHALLENGES FACED BY CYBER FORENSIC INVESTIGATOR – CONCEPTS AND TECHNIQUES

FADI ABU ZUHRI

INTRODUCTION

This paper looks at the techniques and tools used by Cyber Forensic Investigators in various scenarios that prove to be quite challenging. Cyber Forensic Investigators are tasked with presenting digital evidence to the courts. The courts would only accept evidence that is based on reliable principles and methods. One therefore needs to have a way to distinguish reliable techniques from unreliable ones. For example, certain groups consider evidence from astronomy reliable while evidence from astrology is not considered reliable even though they both use the same tools – star charts, planetary positions, telescopes, etc. Cyber Forensic techniques and tools need to be evaluated for reliability before presenting to the courts.

LIVE FORENSICS

Live forensic is mostly applied when the item under investigation is rather too large to be represented practically by imaging (Karie & Venter, 2015). Also, there are situations where the system that is to be investigated is too big to be broken down for postmortem. There also occurs a situation where the computer that is to be investigated is very far away from the Cyber Forensic Investigator. This entire situation will have required the technique of live forensics to be applied. However, the whole case does not mean that one would have to download all these details from a remote location since this will require a more sophisticated network to perform this operation (Christopher, 2006). Additionally, there are cases where the aspect of capture cannot be used for the purpose of postmortem analysis for example memory contents, open ports and other operating aspects of a running computer. In this case, it is advisable that one should use court tested methods to avoid a situation where you will be required to prove the viability of the method in question. According to Peter (2005), the most used situation where the assistance of live forensics is required is in the cases of digital forensic incidence response where it is used if one has an understanding of what is in the memory, what is being communicated out by the computer and what processes and ports are running.

There has been the migration of organization’s data to storage in the cloud at a high rate by various corporations. Many decision makers of technology have invested their businesses in the cloud services. Based on the experience of the organizations, there are three main challenges that one ought to overcome to perform sound data collection in the cloud. Firstly, it is easy to get in, but hard to get back the organization’s data out once it has been drawn to the cloud. Secondly, data protection laws are different in various countries. Thirdly, Office 365, which is seeing a growing adoption among organizations, are inadequate for large-scale collection creating a great challenge for data collection (Barocchini & Maccherola, 2017).

DATA RECOVERY

Reliable methods of data recovery are critical for any Forensic Investigator as the situation of losing data is sometimes inevitable during criminal investigations (Rogers & Seigfried, 2014). For any Cyber Forensic Investigator, information is key and therefore it is highly recommended that measures are put in place to ensure that information can be recovered once lost. In case the information is lost, effective methods of data recovery should be put forward. For example, when one loses a file that he or she has no extra copy of; it would really be easy for them to recover the file if the file were recent and not overwritten. The methods to be deployed in the process of data recovery depend on whether one wants to get the data in in-depth or just a copy of the file. For the case of the whole file, it is possible to recover the file by bookmarking the file as you analyze them bit by bit as you go just like in document forensics (Karie & Venter, 2015). For the case of a copy of the file, computer forensics allows one to get the file from the Image as a stand-alone file.

RECOVERING POTENTIALLY OVERWRITTEN FILES

Digital storage is designed in such a way that when one deletes a file, it stays saved in the digital memory to allow natural restoration of the file. But there is a situation, mainly as a result of disk fragmentation, which could result in this particular data being lost. Fragmentation results in the overwriting of this particular files and it would be possible to recover these files using the file table (Samy et al., 2017). The file table is what determines the way files are stored physically within that particular storage. If the data has been partially overwritten, it will be possible to recover the data by reconstruction of the file header. If the file header has been overwritten, file carving is used (Rogers & Seigfried, 2014).

PASSWORD RECOVERY

Passwords are put in place to ensure data security, and there comes a time when the password itself becomes a threat to data security. For this reason, it is important that measures for password recovery should be in place. The process may be easy or hard depending on the type of password that is being recovered (Bennet, 2012). The easiest way to password recovery is the dictionary. This tool assumes that the passwords are a dictionary and through trial and error the appropriate password is found. After the dictionary attack, hash or password replacement is the next step of password recovery. This case does not apply to all situations given that other systems are complex. If the dictionary attack is not successful in password recovery, then another process called brute force can be used. This process is a widely known password recovery process but is time consuming. The time factor here is determined by the number of possible combination in order to receive the actual password that is required.

FORENSIC IMAGE ANALYSIS

Forensic Image Analysis uses search indexing and file filtering techniques. Index search technique is used in where the data has been grouped into various categories using the index. Digital devices store data using the index for the purpose of aiding people to retrieve data. The file filtering tool, on the other hand, uses hashes to gain access to the necessary files (Karie & Venter, 2015).

The general idea about forensic image analysis lies in the various tools that are used for this challenge. The most used tool is the search tool which includes two types of search. Index search is the easiest form of search that involves the search of the database. When an application is processing the disk for image analysis, it creates then indexes table in the back-end database. Searching of the image will be done through the aid of this particular index. The second technique that is applied is the file filtering. The file filtering tool uses hashes to gain access to the necessary files. This method works by eliminating the undesirable item and select those that the forensic investigator prefers (Simon & Choo, 2014).

CRYPTANALYSIS AND STEGANALYSIS

Steganalysis is the process of finding hidden data within digital objects. This is similar to cryptanalysis applied to cryptography. Information can be hidden in messages, images, or file within another message (Otair, 2015).

The idea of encryption has always been a major obstacle to most of the Cyber Forensic Investigators since they are very hard to break and also due to the fact that not all encryption is the same. The process of encryption is usually done by an application which most of the time leave trails of plaintext behind. These plain texts are hard to find, yet they provide all the necessary requirements to break encryption. The first step towards breaking encryption is to identify the type of application that has been used. Some applications are good in deleting all traces of plain text, but it would be still possible to break the encryption if the plaintext was saved elsewhere of even in another version. The next step is you identify the weakness of the application that has been used for encryption then you exploit the weakness then you can finally access the file if you know the file name (Quick & Choo, 2016).

FORENSIC NETWORK ANALYSIS

Sniffing is the process of analyzing all the data that passes through a given network. Sniffers are available as open-source, commercial and more sophisticated ones (Dykstra & Sherman, 2013). For sniffers to work in a particular network, it must be configured in promiscuous mode allowing them to receive network traffic even if not addressed to this particular Network Interface Cards (NICs) (Gordon, 2016).

BIG DATA

The challenge of big data is to try to isolate the useful data from the vast amounts of data available. In forensics, big data is randomly distributed as compared to simple data, which is stratified, and its analysis requires just simple methods of data mining. After separation of the data, cluster analysis is the step that follows. Cluster analysis involves using a given criteria to try to group the data in an orderly manner depending on the attributes of the data (Rogers & Seigfried, 2014).

The criteria that will be used in the grouping will be up to the efforts of the Cyber Forensic Investigator. Another method that is very vital here is detection, which looks at the data in a perspective which is different from that of the Cyber Forensic Investigator. The last approach is independencies which use some rule to try to find the various relationships of the data that interest the Cyber Forensic Investigator (Gordon, 2016).

SAFE ANALYSIS OF MALWARE

Cyber Forensic Investigators need to identify and if possible, eliminate all imminent dangers posed by malware before analyzing digital evidence. The most common method used for this particular challenge is sandboxing. Sandboxing involves creating a virtual machine on the physical computer that can be operated in the computer as a separate entity (Rogers & Seigfried, 2014).

Which this approach, it will be possible for one to undertake high-risk activities using the virtual machine and deal will eliminate the malware that pose a threat to the work being done by the Cyber Forensic Investigator. According to Samy et al. (2017), the sandboxing tools also have the capability of encapsulating a computer in web-browsing thus providing security from drive-by malware.

DATA VISUALIZATION

A common tool for data visualization in Cyber Forensics is link analysis. This particular tool includes the use of graphs, pie charts, and crosstabs, among others to try to create a visual impression. This is a more practical approach in the field of forensic analysis where it is more interactive and literarily visual (Bennet, 2012).

Ruan et al. (2011) indicate that data visualization entirely depends on the visualization tools possess by Cyber Forensic Investigator meaning that there are many open-source and commercial visualization tools present in the market. The basic idea of data visualization is to aid people to understand the data by seeing the data. (Ruan, Carthy, Kechadi, & Crosbie, 2011).

CONCLUSION

A national workshop found that the most important challenges in Cyber Forensics were education, training and funding, the size of memory, data volume, and understanding of technology (Baggili & Breitinger, 2017). Cyber forensic investigators are very vital in various cases today given that there has been a rapid change in technology over the years. This knowledge is very crucial today especially in court cases where the use of this kind of technology has seen into it that there has been a change in the way various cases that proved hard to make a conclusion be easy.

REFERENCES

  1. Baggili, I., & Breitinger, F. (2017, June 22). NSF National Workshop on Redefining Cyber Forensics. Retrieved 2017, from https://www.youtube.com/watch?v=RBHWVclGmmk&feature=youtu.be
  2. Barocchini, A., & Maccherola, S. (2017, May 31). 3 Challenges to Data Collection in the Cloud. Retrieved 2017, from http://accessdata.com/blog/3-challenges-to-data-collection-in-the-cloud
  3. Bennet, D. W. (2012). The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigations. Information Security Journal: A Global Perspective , 21 (3), 159-168.
  4. Brown, C. L. (2006). Computer Evidence Collection & Preservation. Massachusetts: Charles River Media, Inc.
  5. Dykstra, J., & Sherman, A. T. (2013). Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation , 10, 87-95.
  6. Karie, N. M., & Venter, H. S. (2015). Taxonomy of challenges for digital forensics. Journal of forensic sciences , 60 (4), 885-893.
  7. Quick, D., & Choo, K. (2016). Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing , 19 (2), 723-740.
  8. Rogers, M. K., & Seigfried, K. (2014). The future of computer forensics: a needs analysis survey. Computers & Security , 23 (1), 12-16.
  9. Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011). Cloud forensics. IFIP International Conference on Digital Forensics (pp. 35-46). Berlin: Springer.
  10. Samy, G. N., Shanmugam, B., Maarop, N., Magalingam, P., Perumal, S., & Albakri, S. H. (2017). Digital Forensic Challenges in the Cloud Computing Environment. International Conference of Reliable Information and Communication Technology , 669-676.
  11. Simon, M., & Choo, K. (2014). Digital forensics: challenges and future research directions. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2421339. In I.-S. Kim, & J. Liu, Contemporary Trends in Asian Criminal Justice: Paving the Way for the Future (pp. 105-146). Seoul, South Korea: Korean Institute of Criminology.
  12. Stephenson, P. (n.d.). (ISC)² Guide to the CCFP CBK.

THE CYBER EFFECT

THE CYBER EFFECT

FADI ABU ZUHRI

INTRODUCTION

The world has transformed over the ages. Long ago, people used to use postage to convey information or messages. Today, emails have replaced postage. Then came the newspapers and magazines to share information on a periodic basis with a larger mass market. Today, people can find information on the World Wide Web through various search engines (Hay, Meldrum, & Mann, 2010). While all this seems quite exciting for the population, advancement in technology does not always mean that the world is progressing in the right direction. This is referred to as “The Cyber Effect” where advancement in technology or life may be good but at the same time pose serious threats and risks to the people.

CYBER-UTOPIANISM

According to Aiken (2016), people need to find a balance in an era of cyber-utopianism. Cyber-utopianism is the belief that online communication is liberating and that the Internet is the platform for sharing ideas and thoughts. Ideally, cyber-utopianism is that naive belief that the web favors the oppressed rather than the oppressor. Aiken (2016) compares the current situation to what existed several years ago when making her argument. She states that the world without the Internet was simple. People who were in that era knew what they have, who they are, and what their values were. After the advancement in technology, things changed. Values were broken and people started to behave differently. Despite the fact that advancement in technology acted as a source of information to many people, it leads to the deterioration of moral standards. This is the first adverse Cyber Effect.

In her book, Aiken (2016) further stated that cyber-utopianism is like that moment where one is going on a trip and as they are heading out of the door with their luggage, they have to confirm and make sure that they have everything that they need before they embark on their trip. Before a country embarks on a journey of technological advancement, it has to make sure that enough security measures are in place to mitigate any risks and threats that may come as a result. Countries ought to invest in strong security measures and seal all loopholes before advancing its technology to prevent any loss of confidential data and information (Naughton, 2016). This is the second adverse Cyber Effect.

CYBER SPACE

According to Aiken (2016), the world is not prepared for cyberspace. She describes cyberspace as a place that is separate from us (Ahuja, 2016). Aiken (2016) anticipates that by 2020, technology would have advanced to a point where people would be immersed in their smart homes and smart cars and they would be clad in wearable technologies. During that time, she anticipates that their babies would be in captivating seats with their tablets and they would be wearing face-obscuring helmets. Besides, their age-mates would be fractured in various social networking sites and platforms, human labour would be replaced with robots, and dark thoughts would pervade the country (Ronson, 2016). This is the third negative Cyber Effect. Here, it is evident that cyber space would change the lives of people and thus lead to deterioration of moral standards, loss of jobs, complex lives and cyber threats such as cyber-bullying and cyber-terrorism.

FORENSIC CYBER PSYCHOLOGY

The main question that arises in Aiken’s (2016) book is that we cannot afford losing out on forensic science (Spiegel & Grau, 2016). According to Aiken (2016), forensic science is the study of physical evidence of a crime scene such as body fluids, fibres and fingerprints. Aiken (2016) further states that even if the world is changing, the physical evidence of a crime scene from fossils will still remain the same over years to come. Aiken (2016) states that forensic cyber psychology will remain to be the same for generations to come (Steiner-Adair, 2016). Forensic cyber psychology means the cyber behavioural evidence that are left online. Apparently, every contact or user leaves a trace and thus add his or her footprint on cyber space.

Cyber space is also beneficial to a country. The internet could be used to arrest the biggest human trafficker and curb internet crimes against children (CBS NEWS, 2016). Aiken (2016) gives an example of how the Internet could be used by the law enforcement agencies to curb crime. It is, therefore, evident that cyber space has both negative and positive effects.

CONCLUSION

People nowadays are living through an exciting moment of history since lives are being transformed through advancement in technology. However, everything new is not always good and advancement in technology does not always mean that a country is progressing. Having cyber space may have several effects such as deterioration of moral standards, security threats, loss of jobs as humans are replaced with robots, change in the ways of lives of people, cyber threats such as cyber bullying and adoption of complicated lives by people (Ando & Sakamoto, 2008). To conclude, one thing that has not changed and that is not bound to change despite the advancement in technology is human emotions and cultural affinity among people. However as people move more of their lives online, one is left to wonder if technology can improve emotional intelligence.

REFERENCES

  1. Anjana, Ahuja (2016). The Cyber Effect by Mary Aiken review. Financial Times. Retrieved June 19, 2017, from, https://www.ft.com/content/8d571710-8bdf-11e6-8cb7-e7ada1d123b1
  2. Alexandra, Frean (2016). The Cyber Effect by Mary Aiken. The Times. Retrieved June 19, 2017, https://www.thetimes.co.uk/article/the-cyber-effect-a-pioneering-cyberpsychologist-explains-how-human-behaviour-changes-online-by-mary-aiken-fwkxkj3t6

  3. Ando, R., & Sakamoto, A. (2008). The effect of cyber-friends on loneliness and social anxiety: Differences between high and low self-evaluated physical attractiveness groups. Computers in Human Behavior24(3), 993-1009.

  4. CBS News (August 23, 2016). Cyberpsychologist Aiken on catching online bullies. Retrieved June 20, 2017, from, http://www.cbsnews.com/news/cyberbullying-prevention-social-media-teenagers-mary-aiken-cyberpsychologist/
  5. Catherine, Steiner-Adair (2016). Who are we and who are we becoming in the cyber-world? Cyber effect Review. Retrieved June 19, 2017, from, https://www.washingtonpost.com/opinions/who-are-we–and-who-are-we-becoming–in-the-cyber-world/2016/08/18/30c1068e-60cc-11e6-af8e-54aa2e849447_story.html?utm_term=.58038d402277

  6. Hay, C., Meldrum, R., & Mann, K. (2010). Traditional bullying, cyber bullying, and deviance: A general strain theory approach. Journal of Contemporary Criminal Justice26(2), 130-147.

  7. John, Naughton (2016). The Cyber Effect by Mary Aiken – review. Retrieved June 19, 2017, from, https://www.theguardian.com/books/2016/aug/14/the-cyber-effect-mary-aiken-review-internet-social-media-psychology
  8. Jon, Ronson (2016). The cyber effect Review: A Pioneering Cyberpsychologist Explains How Human Behavior Changes Online by Mary Aiken. Retrieved June 19, 2017, from, https://www.nytimes.com/2016/09/11/books/review/cyber-effect-mary-aiken.html
  9. Mary, Aiken (2016). The cyber effect: A Pioneering cyberpsychologist explains how human behavior changes online. Retrieved June 19, 2017, from, http://www.maryaiken.com/cyber-effect/
  10. Spiegel & Grau (2016). The cyber effect: A Pioneering Cyberpsychologist Explains How Human Behavior Changes Online. KIRKUS Review. Retrieved June 19, 2017, from, https://www.kirkusreviews.com/book-reviews/mary-aiken/the-cyber-effect/

HOW YOU STILL EXIST HERE, WHEN YOU ARE ALREADY THERE

HOW YOU STILL EXIST HERE, WHEN YOU ARE ALREADY THERE

FADI ABU ZUHRI

INTRODUCTION

The advancement of technology has brought about changes in how people interact and perceive each other and their environment. The presence of online gaming, Virtual Reality and Augmented Reality has paved the way not only in the perception of reality but also in the enjoyment of games, improvement of services, advancement of healthcare and business innovation.

This paper will focus on the characteristics, features and challenges of online gaming, Virtual Reality (VR) and Augmented Reality (AR).

ONLINE GAMING

Online gaming is an activity using a video game that is connected to the Internet or another computer network where a number of users are participating in one game (Rollings & Hall, 2006). Online gaming has become a popular activity for children, teenagers, young and old adults. A significant amount of time is spent gamers online where they can participate in games that offer club-like virtual communities. With this, the players can virtually socialize and participate in competitive gaming and computer-mediated encounters with other players around the world (Voiskounsky, Mitina, & Avetisova, 2004).

Interaction with fellow gamers is considered to be the highlight of this virtual experience (Lewinski, 2000; Csikszentmihalyi, 1997; Mithra, 1998). Laurel (1993) defined interaction as conduct of communication between two or more people and how this communication affects them (Laurel, 1993). For instance, an online game where a player interact with a certain monster, defeating and killing the monster, the player is rewarded depending on the monster’s response. This kind of interaction has a substantial effect on the popularity of online gaming as it immerses the player in a virtual world through narratives, missions and personalized avatars (Lewinski, 2000; Ju & Wagner, 1997; Cummins, 2002; Eskelinen, 2001). This phenomenon has encouraged online game developers to offer a unique out-of-this-world experience in the games they build (Lewinski, 2000; Johnson, 1998; Gillespie, 1997).

In spite of its popularity, online gaming faces several challenges that hinder the development of enabling technologies that improve the interaction and experience in online gaming. Secretly held engineering practices and proprietary approaches to building games have made it impossible to create online gaming standards. Life span of a game is limited where evolution, upgrading, and new missions are no longer available upon reaching a certain level. A lack of game play description hinders the analysis and creation of new gaming environment (Morgan, 2009).

VIRTUAL REALITY

Virtual Reality (VR) describes a virtually and digitally developed space or environment that a person can access only through the usage of highly technological equipment (Lanier, 1992; Rheingold, 1991; Sutherland, 1968). When a person is inside the created space, the person can travel from one place to another, virtually interacting with the objects and people present in that digital environment. Decades ago, the concept of VR was coupled with images of people wearing futuristic headgears, gloves and full-body suits. This has become the symbol of an emerging technological advancement that can be seen nowadays. VR is continually improving as scientists and artists are working on how this technology can be further optimized to create out-of-the-body experience (Fox, Arena, & Bailenson, 2009).

Virtual reality refers to a virtual environment. This environment is a rendered digital space where the user is placed upon entering a VR experience. In this place, the user’s movements are tracked, surroundings are created, and the user’s experience is rendered based on their reactions to the interactions. To illustrate, in an online game, where keys are used to move forward or sideward, which in effect cause the game to create a new environment based on this movement. The virtual environment makes use of the cues coming from the movement of the player to render new environments, replacing the real actual environment with the virtual environment (Fox, Arena, & Bailenson, 2009).

According to Biocca and Levy (1995), an effective virtual environment is one where the player’s sensory impressions are blocked and separated from the real world environment. The bodily senses of the players must be immersed in the digital world while the user’s physical body is visible to the real world. The player is immersed in the virtual world created by the game where the user’s emotional and psychological being is experiencing a different version of themselves, separate from the physical world (Witmer & Singer, 1998). There are several versions on how a virtual environment can be rendered and experienced. It can be through computer-based platforms, mobile phones and portable electronics like tablets, desktop monitors or wearable VR gadget where a player can move their entire body and interact with the virtual world (Fox, Arena, & Bailenson, 2009).

The Virtual Reality and the virtual environment constantly tracks the user and renders the environment accordingly, thereby enhancing user experience. Unlike the usual games, Virtual Reality provides an optimal level of interaction with the digital world. In the virtual environment, the gamer is given a role where the flow of the game itself can be modified depending on the gamer’s achievements and upgrades. This interaction alone inhibits the gamer to use their cognitive and active participation to realize their progress while playing. Thus, Virtual Reality promotes interactivity between the gamer and the game, which make it more realistic albeit abstract. (Fox, Arena, & Bailenson, 2009)

AUGMENTED REALITY

Augmented Reality (AR) is a different flavour of Virtual Reality or virtual environment. Augmented reality combines the element of the physical world and the digital world. Unlike Virtual Reality, where the gamer is immersed in a rendered environment, Augmented Reality allows the gamer to perceive the real world, virtually, in real time. However, in Augmented Reality, despite the appearance of the physical world, composite virtual objects are continuously rendered and imposed (Azuma, 1997).

In essence, Augmented Reality is merely a combination of real and virtual environments. In AR, the interaction is in real time and it operates and uses 3D environment. The technology in Augmented Reality allows certain digital objects presented visually but cannot be detected alone by the gamer without any interface. This kind of reality, allows a gamer to perceive graphical interfaces combined with the real world in the real time. The use of Augmented Reality involves the combination of advanced technologies that are responsible in materializing digital content with the gamer’s perception of the environment. The technology of Augmented Reality is basically a gold mine for possibilities as it can be used not just in games but also in sports, entertainment, education, medicine, and businesses. (Kipper & Rampolla, 2012)

According to Boyajian (2017) the launch of Pokémon Go in 2016 popularised AD to the rest of the world. The presence and use of Augmented Reality overshadowed the popularity of Virtual Reality (Boyajian, 2017).

The advancement of Augmented Reality and Virtual Reality has proven to be useful in the scenarios like education, medicine and business. However, there are challenges in further enhancement of Augmented Reality and it mass popularity. The first challenge is the limited availablity and cost of AR hardware like headsets. As such, the usage of these headsets is restricted to enterprise and military use. Most developed hardwares are not even available to the public. Aside from price and limited supply, the portability and convenience is also an issue because some hardware needs to be tethered to a computer (Boyajian, 2017).

A second challenge for Augmented Reality is the content which means the corresponding applications that must be installed for the AR and its hardware. As such, hardware manufacturers make sure that their market has already installed the suitable applications in their mobile phones or computers to make use of the hardware.  In addition to this, it is essential for the company to develop 3D content to integrate with their applications and provide optimal virtual experience. However, developing 3D content is costly and time consuming (Boyajian, 2017).

The final challenge facing Augmented Reality is educating the mass market. Vast majority of consumers do not have the knowledge or even awareness of Augmented Reality. There may be others who have exposure, but their experience in Augmented Reality is limited and does not focus on practical aspects of their lives.  Because of this, there is an opportunity for AR and VR to be mainstreamed in the educational curriculum so that students have better grasp about this technology and can think of innovations that are applicable and necessary to the real world (Boyajian, 2017).

CONCLUSION

The introduction of online gaming, Virtual Reality and Augmented Reality has shattered the typical perception on what is present and what it not. These technologies allowed a user to be physically present but mentally and psychologically detached to the real world, fully immersed with the 2D/3D environment he is in, interacting and making progress. With the Augmented Reality, a person can see objects digitally rendered that are not possible to be physically present, but with the help of hardwares and graphical interface, can be present and allow interaction. These technologies are not just for games but can be widely used in practical ways like education, medicine, sports among other applications.

It is only a matter or time before these applications become commonplace given the fast pace of technological advancements. It is too early to evaluate the security considerations related to AR/ VR. Forensic science is still grappling with how to understand psychological behaviour in virtual environments. Would these applications take into consideration the cultural and emotional element of human interaction? These and many other questions remain unanswered as we pump millions of dollars into developing better gaming environments.

REFERENCES

  1. Azuma, R. T. (1997). A Survey of Augmented Reality. Presence: Teleoperators and Virtual Environments, 355-385.
  2. Biocca, F., & Levy, M. (1995). Communication applications of Virtual Reality. In F. Biocca, & M. Levy, Communication in the age of Virtual Reality (pp. 127–157). Hillsdale, NJ: Erlbaum.
  3. Boyajian, L. (2017, February 27). The 3 biggest challenges facing Augmented Reality. Retrieved June 19, 2017, from Network World: http://www.networkworld.com/article/3174804/mobile-wireless/the-3-biggest-challenges-facing-augmented-reality.html
  4. Csikszentmihalyi, M. (1997). Finding flow: the psychology of engagement with everyday life. New York: Basic Books.
  5. Cummins, N. (2002). Integrating e-commerce and games. Personal and Ubiquitous , 362–370.
  6. Eskelinen, M. (2001). Towards computer game studies. Digital Creativity, 175–183.
  7. Fox, J., Arena, D., & Bailenson, J. N. (2009). Virtual Reality: A Survival Guide for the Social Scientist. Journal of Media Psychology, 95–113.
  8. Gillespie, T. (1997). Digital storytelling and computer game design. Proceeding of the 1997 CHI Conference on Human Factors in Computing Systems, (pp. 148–149).
  9. Johnson, J. (1998). Simplifying the controls of an interactivemovie game. Proceeding of the 1998 CHI Conference on Human Factors in Computing Systems, (pp. 65-72).
  10. Ju, E., & Wagner, C. (1997). Personal computer adventure games: their structure, principles, and applicability for training. The DATA BASE for Advancesin Information Systems.
  11. Kipper, G., & Rampolla, J. (2012). Augmented Reality: An Emerging Technologies Guide to AR. Elsevier.
  12. Lanier, J. (1992). Virtual reality: The promise of the future. Interactive Learning International, 275–279.
  13. Laurel, B. (1993). Computer as theatre. New York: Addison-Wesley.
  14. Lewinski, J. (2000). Developer’s guide to computer game design. Portland: Wordware Publishing Inc.
  15. Mithra, P. (1998). 10 ways to destroy a perfectly good game idea. Proceeding of the 1998 CHI Conference on Human Factors in Computing Systems, (p. 377).
  16. Morgan, G. (2009). Challenges of Online Game Development: A Review. Simulation & Gaming.
  17. Rheingold, H. (1991). Virtual reality. New York: Simon & Schuster.
  18. Rollings, A., & Hall, E. A. (2006). Fundamentals of Game Design. Prentice Hall.
  19. Sutherland, I. (1968). A head mounted three dimensional display. Proceedings of the Fall Joint Computer Conference.
  20. Voiskounsky, A. E., Mitina, O. V., & Avetisova, A. A. (2004). Playing Online Games: Flow Experience . PsychNology Journal, 259 – 281.
  21. Witmer, B., & Singer, M. (1998). Measuring presence in virtual environments: A presence questionnaire. PRESENCE: Teleoperators and Virtual Environments, 225–240.

CYBER FORENSIC CHALLENGES

CYBER FORENSIC CHALLENGES

FADI ABU ZUHRI

 

INTRODUCTION

The increase in the number of people using networked digital devices has led to incidences of crime that call for forensic investigations (Brown, 2015). The existence of Cyber Forensics skills has made it possible to gather evidence from such devices. The evidence collected is used in courts to establish the crime and bring Cyber criminals to justice. Cyber Forensic investigators and analysts are often entrusted with the task of finding, recording, analysing, and reporting of digital evidence. The whole process of gathering forensic evidence has a number of challenges. These challenges are categorized into five broad areas: hardware challenges, software challenges, cloud forensic challenges, legal challenges and human challenges (Karie, & Venter, 2015; Lindsey, 2006; Mohay, 2005).

HARDWARE CHALLENGES

Hardware challenges are linked to the needs of the modulated technology and enhancements of the hardware. Studies suggested that some criminal suspects change the hard disk within their devices before the Cyber Forensic expert can gain access to the device (National Institute of Justice, 2002; Brown, 2015). In such cases, the suspects use the write blockers to shift information between the two hard disks. The main effect is that a forensic examination of the new hard disk, may not display some of the relevant evidence. On the other hand, the evidence gathered from the new hard disk will lack consistency, and may not be apparent (Brown, 2015; Spafford, 2006).

Further, the evidence gathered from a device that was reset, may accentuate the problem since during the reset process, a small portion of the backup information is likely to have been reinstalled. For example, different mobile devices have hard disks that have enmeshed algorithm that are responsible for erasing the data automatically. Since the technology for collecting information from unused devices or devices where information was deleted by a user is still under development, there is likely to be some delays in obtaining such information. It is for this reasons that some Cyber Forensic experts have reported tremendous challenges in retrieving information from content that was deleted from the device (Spafford, 2006).

SOFTWARE CHALLENGES

The current era of technological advancements and changes in gathering forensic evidence has resulted into the birth of Platform as a Service (PaaS) and Software as a Service (SaaS), which have brought a number of changes into the computing structure. The use of new software and new technology has brought about a number of challenges. One of the challenges is lined to the well-developed device operating system. The current operating systems have been log enabled, and now requires a Cyber Forensic expert to gather background information on the device, which includes the information on accessibility of the application, usage of the application, and the level of information provided by the specific user of the application. Even though the new development appears like a progress for the different devices, the development requires some time for it to mature (Spafford, 2006; Giordano & Maciag, 2002).

Several challenges have been reported on the application accessibility since the application and the operating system are defined differently (Giordano & Maciag, 2002). For example, any alteration made on the file content may not be tracked until it is compared with subsequent/previous file versions or, if it is compared with the modified version of the time stamp. In case the Cyber Forensic expert suspects some manipulation on the document, it would be a challenge to determine the extent of manipulation (Brown, 2015).

Further, some forms of applications and log information that are collected by the application or the operating system, could be useful as evidence in certain cases. Despite the usefulness of the application, the awareness of its use is still at an infant stage making it difficult for the Cyber Forensic experts to ensure the effective use of the application. For example, an operating system like Windows 8 will collect information on all the Wi-Fi networks that have been accessed together with the transmission of the data. The information gathered would help investigations, such as those investigations that involve theft of data or in cases of network intrusion. However, a correlation between the gathered information, from the sources, and the event violation in the gathered information is a concept under research and experimentation (Giordano & Maciag, 2002).

The high number of mobile messaging applications available across the globe uses a software that automatically erase the information that is shared. The main challenge here is that it will be complex for a Cyber Forensic expert to gather such information that was deleted. Another challenge is the encryption in different mobile devices with intention of having the information protected especially during the process of gathering data. For example, gathering data from encrypted mobile chat applications may pose a challenge in certain situations. Contrary to popular belief all mobile chat applications are not encrypted. Certain mobile chats allow a secure connection between the sender and the receiver with no option to retrieve the message after a set time period. Other sessions are simply saved as text messages in the phone storage allowing anyone with the mobile phone passcode to access all stored messages. Even without a passcode, it is technically possible for the chat server to provide chat history with the right encryption key. The decryption of devices may be a challenge to some investigations where the storage or device itself is encrypted (Giordano & Maciag, 2002).

Not handing over mobile device PIN and passwords could lead to legal consequences in certain countries. For example, not giving passwords can get someone arrested according to Schedule 7 of Terrorism Act in the United Kingdom (legislation.gov.uk, 2008; Mandhai, 2017).

CLOUD FORENSIC CHALLENGES

Cloud computing is now used by smart mobile devices. The flexibility and scalability of cloud computing poses a huge challenge to forensic investigation (Lopez, Moon, & Park, 2016). The data in these devices, maybe able to be accessed everywhere hence posing another challenge to the investigators. It is a challenge for the investigator to locate the data in a way that ensures the privacy rights of the users. The investigators require the knowledge on anti-forensic tools, practices, and tools that help ensure that the forensic analysis is done accordingly (Spafford, 2006; Lopez, Moon, & Park, 2016).

Cloud-based applications also enable users to ensure that data is accessed from various devices. For example, if one of the two devices of a single user is compromised and both devices lead to some changes in the application, it would be difficult for the Cyber Forensic expert to identify the real source of the change. High risks may compromise credentials and theft of the identity in an environment that is cloud-based and lead to changes that are unknown such as the evidence remaining unknown. On the other hand, an email viewed using a user’s smart mobile device and deleted may not be traced easily. In most cases, it would be difficult to examine severs of the mail and identify the evidence of the deleted communication (Lopez, Moon, & Park, 2016).

LEGAL CHALLENGES

There have been some changes in the data protection and privacy regulations in different countries across the globe (Garrie & Morrissy, 2014). Cyber laws and regulations in different jurisdiction vary and many do not take into account, the complexity in collecting forensic evidence. For example, in the machine of a suspect, the information that is available is likely to have some personal information that could be crucial in an investigation. However, accessibility to such private information is likely to be considered as a violation of user privacy (Spafford, 2006).

On the other hand, the era of companies giving some provision to their employees to use their individual devices in accessing the official communication is likely to contribute to several challenges involved in data gathering. Accessing the email of a user, for instance, using webmail and a smart mobile device together with downloading the involved attachments is an example of theft of personal data. In the current era, collecting specific information from a user device is in itself a challenge (Kaur & Kaur, 2012).

HUMAN CHALLENGES

Cyber Forensic experts are tasked with collecting and analysing the role of identifying criminals and going through all the evidence gathered against the criminals. These are well-trained professionals working for the public law enforcement agencies or in the private sector to perform roles that are associated to the collection and analysis of forensic evidence. The Cyber Forensic experts also come up with reports that are majorly used in the legal settings for investigations. Besides working in the laboratory, Cyber Forensic experts take up the role of applying the techniques of forensic investigation in the field uncovering the data that is relevant for the court (Karie & Venter, 2015).

The Cyber Forensic experts have the ability of recovering data, which was deleted previously, hidden in the mobile folds, or encrypted. The court, in most cases, calls the Cyber Forensic experts to provide testimony in the court and elaborate on the evidence reports during a given investigation. As such, the Cyber Forensic investigators get involved in complicated cases that may include examining Internet abuse, determining the digital resources that are misused, verifying the offenders’ alibis, and examining how the network was used to come up with forensic threats. There are times when the Cyber Forensic expert is expected to offer support to cases that deal with intrusions, breaching of data, or any form of incident. Through the application of the relevant software and techniques, the device, system or the platform is examined for any kind of evidence on the persons involved on the crime (Karie, & Venter, 2015).

In a forensic examination, data is retrieved from the digital devices, which are considered to be evidence required for the investigations. In most cases, a systematic approach may be used to analyse the evidence, which would be presented in the court at the time of the proceedings. At an early stage of the investigation, the Cyber Forensic expert is required to get involved in gathering evidence. Early engagement in the investigation process helps the Cyber Forensic expert to be in a position to restore all the content without causing damage to the integrity (Karie, & Venter, 2015).

There are different types of forensic cases that are handled by the Cyber Forensic experts. Some of the cases deal with intruders getting into the victim’ devices and stealing their data, other cases, are for the crime offenders who launch attacks on several websites or those who try to gain some access to the names of the users and the password so as to engage in identity fraud. A Cyber Forensic expert has the ability to explore the type of fraud committed by analysing the evidence and using the required techniques. Despite the reason behind the investigation, the experts go through the process procedurally to ensure the findings recorded or gathered are sound. After opening a given case, the items that would be seized include the digital devices, software, and other media equipment’s so as to run the investigation. In the retrieval process, the items considered essential will be gathered so as to give the analyst everything that would be required for the testimony (Karie, & Venter, 2015).

Another human-related challenge faced by Cyber Forensics is spoliation (Cavaliere 2001; Mercer 2004). Spoliation occurs when the person handling evidence fails to preserve, alters evidence, or destroys evidence that could be useful in pending ligation (Watson, 2004). Spoliation may be caused by negligent on the part of the party handling the litigation or handling evidence and intentional destroying evidence by the handler.

OTHER CHALLENGES

Elsewhere, in a literature-based study, Karie and Venter (2015) identified and categorized cyber forensic challenges into four: technical challenges, law enforcement or legal system challenges, personal-related challenges and operational challenges.

Technical Challenges were identified as vast volume of data; bandwidth restrictions; encryption; volatility of digital evidence; incompatibility among heterogeneous forensic techniques; the digital media’s limited lifespan; emerging devices and technologies, sophistication of digital crimes; anti-forensics; emerging cloud forensic challenge.

Legal Challenges were identified as jurisdiction, admissibility of digital forensic techniques and tools; prosecuting digital crimes; privacy; ethical issues; lack of sufficient support for civic prosecution or legal criminal prosecution.

Personnel-related Challenges were identified as semantic disparities in Cyber Forensics; insufficient qualified Cyber Forensic personnel; insufficient forensic knowledge and the reuse among personnel; strict Cyber Forensic investigator licensing requirements; and lack of formal unified digital forensic domain knowledge.

Lastly, Operational Challenges were identified as significant manual analysis and intervention; incidence detection, prevention and response; lack of standardized procedures and processes; and trust of Audit Trails (Vaciago, 2012; Mercuri, 2009; Bassett, Bass, & O’Brien, 2006; Liu, & Brown, 2006; Richard, & Roussev, 2006; Arthur, & Hein, 2004; Mohay, 2005).

CONCLUSION

This paper revealed several challenges faced by Cyber Forensics. These challenges can be categorized into five: hardware, software, cloud, legal and human. They can also be categorized into technical challenges, law enforcement or legal system challenges, personal-related challenges, and operational challenges. While the available literature has sufficient details on the technical aspects of Cyber Forensic investigation, the human element only seems to touch the surface. There is a huge gap in terms of understanding the emotional and cultural aspects of the stakeholders involved in the investigation process. This calls for a review of Cyber Forensics where elements of Emotional Intelligence (EQ), Cultural Intelligence (CQ) and People Intelligence (PQ) are further investigated for a better understanding.

REFERENCES

  1. Arthur, K.K., & Hein, S.V. (2004). An investigation into computer forensic tools. Proceedings of the ISSA conference; Midrand, South Africa. Piscataway, NJ: IEEE Computer Society Publishers; 1–11.
  2. Bassett, R., Bass, L., & O’Brien, P. (2006). Computer forensics: an essential ingredient for cyber security. J Inform Sci Technol; 3:22–32.
  3. Brown, C. (2015) Investigating and prosecuting cybercrime: Forensic dependencies and Barriers to Justice. International Journal of Cyber Criminology, 9 (1): 55-119.
  4. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. Revision 2. National Institute of Standards and Technology; 2012 Aug.; NIST Special Publication 800-61
  5. Cavaliere, F. J. (2001). “The Web-wise Lawyer,” Practical Lawyer; 47(4): 9-10.
  6. Garrie, D. & Morrissy, D. (2014). Digital forensic evidence in the courtroom: Understanding content and quality. Northwest Journal of technology and intellectual property, 12 (2): 121.
  7. Giordano, J & Maciag, C. (2002). Cyber forensic: A military operations perspective. International Journal of digital evidence, 1 (2): 1-13.
  8. Kaur, R & Kaur, A. (2012). Digital Forensics. International Journal of Computer Application, 50(5): 0975-887.
  9. Karie, N.M., & Venter, H.S. (2015). Taxonomy of challenges for digital forensics. Journal Forensics, Sci, 60(4): 885-893.
  10. Liu, V., & Brown, F. (2006). Bleeding-edge anti-forensics. Proceedings of the InfoSec World Conference & Expo; Orlando, FL. Washington, DC: NIST Special Publication; 800–86.
  11. Lopez, E.M. & Moon, S.Y., & Park, H.J. (2016). Scenario-Based Digital Forensics Challenges in Cloud Computing. Symmetry, 8 (107): 2-20.
  12. Lindsey, T. (2006). Challenges in Digital Forensics. Retrieved on 8th May 2017 from http://www.dfrws.org/2006/proceedings/Lindsey-press.pdf
  13. legislation.gov.uk. (2008). Counter-Terrorism Act 2008. Retrieved May 23, 2017, from http://www.legislation.gov.uk/ukpga/2008/28/schedule/7
  14. Mandhai, S. (2017, May 15). Cage activist faces charges for not giving up passwords. Retrieved May 23, 2017, from http://www.aljazeera.com/news/2017/05/cage-activist-faces-charges-giving-passwords-170515130616563.html
  15. Mercer, L. D. (2004). “Characteristics and Preservation of Digital Evidence,” FBI Law Enforcement Bulletin 73(3): 28-34.
  16. Mercuri, R. (2009). Criminal defense challenges in computer forensics. Proceedings of the Digital Forensics and Cyber Crime Conference, Albany, NY. Berlin/Heidelberg: Springer Berlin Heidelberg Publishers.
  17. Mohay, G. (2005). Technical Challenges and Directions for Digital Forensics in 1st International Workshop on Systematic Approaches to Digital Forensic Engineering.
  18. National Institute of Justice. (2002). Results from Tools and Technology Working Group, Governors Summit on Cybercrime and Cyber terrorism, Princeton NJ.
  19. Richard, G.G., & Roussev, V. (2006). Digital forensics tools – the next generation.
    Hershey, PA: Idea Group Inc; 76–91.
  20. Vaciago, G. (2012). Cloud computing and data jurisdiction: a new challenge for
    digital forensics. Proceedings of the third International Conference on Technical and Legal Aspects of the e-Society; Valencia, Spain. IARIA XPS Press; 7–12.
  21. Spafford E. (2006). Some Challenges in Digital Forensics. In: Olivier M.S., Shenoi S. (eds) Advances in Digital Forensics II. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA
  22. Watson, L. M. (2004). “Anticipating electronic discovery in commercial cases,” Michigan Bar Journal. 83(31), 23-45.
Translate »