1
00:00:02,670 --> 00:00:06,580
Another threat consists of tampering with data.

2
00:00:06,780 --> 00:00:14,040
Back in the day swapping Web sites was a popular joke in the slide you can see an older Web site from

3
00:00:14,040 --> 00:00:15,150
1997

4
00:00:17,720 --> 00:00:20,450
data tampering isn't just harmless fun.

5
00:00:21,540 --> 00:00:23,670
It can have serious consequences.

6
00:00:25,220 --> 00:00:28,120
But putting manipulated data on trusted web.

7
00:00:29,210 --> 00:00:31,780
Attackers can misinform large groups of people.

8
00:00:34,410 --> 00:00:37,040
Data swapping can be used as a propaganda tool

9
00:00:40,400 --> 00:00:46,720
many systems perform automatic operations on the basis of certain data.

10
00:00:46,800 --> 00:00:51,420
If somebody modifies the data it will affect the working of the whole system.

11
00:00:53,080 --> 00:00:58,120
The person who controls the data flow of a system that is for some reason important can control that

12
00:00:58,120 --> 00:01:00,380
system.

13
00:01:00,390 --> 00:01:03,290
This is a serious threat.

14
00:01:03,330 --> 00:01:08,210
For example by modifying prices we can manipulate the market

15
00:01:11,090 --> 00:01:18,800
another type of threat is repudiation not a repudiation is a feature of a system that makes it possible

16
00:01:18,800 --> 00:01:26,050
to prove a user has performed a certain operation on the system not repudiation is the essential feature

17
00:01:26,050 --> 00:01:27,630
of electronic business.

18
00:01:28,930 --> 00:01:36,150
E-business couldn't exist if it were possible to repudiate an offer or an order otherwise having already

19
00:01:36,150 --> 00:01:40,030
received the parcel you could say it hadn't been you who made the order.

20
00:01:40,050 --> 00:01:42,960
You could also question details such as price or quantity

21
00:01:45,750 --> 00:01:51,300
the ability to prove that someone has performed a certain operation is the reason why people can trust

22
00:01:51,360 --> 00:01:55,320
one another in the virtual world.

23
00:01:55,330 --> 00:02:02,200
However many systems don't guarantee non repudiation by default which is an easy vulnerability to exploit.

24
00:02:04,900 --> 00:02:09,960
A story of a system administrator in the local job center is one such example.

25
00:02:11,750 --> 00:02:17,530
The administrator exploited the fact that the system didn't guarantee non repudiation.

26
00:02:17,660 --> 00:02:24,300
He created fictional applicants for unemployment benefits to appropriate the money everyone knew he

27
00:02:24,300 --> 00:02:29,640
must have been the perpetrator because he was the only administrator in the system but his guilt cannot

28
00:02:29,640 --> 00:02:36,030
be proven because of the lack of nown repudiation the evidence was only circumstantial

29
00:02:39,800 --> 00:02:43,370
information disclosure can have very serious consequences.

30
00:02:44,170 --> 00:02:51,160
You can learn about some of the more spectacular data leaks from the news in 2011 the Sony company was

31
00:02:51,160 --> 00:02:54,970
troubled by many fortunate events and data leak was one of them.

32
00:02:55,900 --> 00:03:03,530
In April that year attackers stole credit card numbers of 80 million clients of the company.

33
00:03:03,640 --> 00:03:04,930
That's massive.

34
00:03:04,930 --> 00:03:07,090
That's twice the population of Poland.

35
00:03:09,680 --> 00:03:13,460
Some issues get less publicity than others though.

36
00:03:13,600 --> 00:03:18,310
Such was the case with one of the U.S. Army bases that controlled the flights of unmanned reconnaissance

37
00:03:18,310 --> 00:03:20,950
aircraft.

38
00:03:20,970 --> 00:03:22,940
This is an extremely secret facility.

39
00:03:22,940 --> 00:03:29,990
Only few people can answer taking photographs of it even from outside is forbidden.

40
00:03:32,830 --> 00:03:39,460
Despite all the security measures someone infected the computers in the base with a virus likely this

41
00:03:39,460 --> 00:03:41,790
was due to a lack of security policy.

42
00:03:43,970 --> 00:03:50,830
The virus collected the information used by the navigators of the drones the attacker had access to

43
00:03:50,830 --> 00:03:54,330
data concerning the aircraft locations and flight routes.

44
00:03:56,330 --> 00:03:59,550
The U.S. Army acknowledged the attack.

45
00:03:59,700 --> 00:04:03,960
It was acknowledged that someone had tracked all flights of the reconnaissance drones for a couple of

46
00:04:03,960 --> 00:04:04,890
weeks.

47
00:04:07,220 --> 00:04:11,300
The effect it had on the operations in Iraq and Afghanistan remains unknown.

48
00:04:13,050 --> 00:04:18,230
However the Army denied that the person who tracked the flights managed to control the aircraft.

49
00:04:18,270 --> 00:04:23,820
Nevertheless the incident had tremendous impact on the security of the system.