Index

Note: Page numbers followed by “f” and “t” refer to figures and tables, respectively.

A

Access and escalation, 132–133

Access class barring (ACB) mechanism, 121

Access control, 65, 66t

Account credentials chain attack, 49–52

credit card attack surface, 51

takeaways, 51–52

victim’s chronology, 50

Active medical devices (AMDs), 82, 83, 83, 86–87

Adoption, of wireless technology, 21–22

Advanced persistent threat (APT) activity, 28

Air gap, 135

Aircracking, 5

Airjacking, 5

Alliance for Telecommunications Industry Solutions (ATIS), 5

AM radio broadcast, 21–22, 22

American Radio Relay League, 21–22

ANSI Network on Smart and Sustainable Cities (ANSSC), 103

Anthem attack, 80–81

Anti-virus (AV) controls, 4, 27–28, 28

AppleId, 51

Assault, 133–134

Attack chronology, 95–103

Cyber Storm, 98–99

doxing attack, 95–98

Attack methodology, 131

Attack strategy

burrow attack, 67–74

commercial applications, 70–72

takeaways, 72–74

victim’s chronology, 69–70

command and control (C&C), 28

denial-of-service (DoS), 28

Internet of Things (IoT), 29–30

layered vulnerabilities, 30

malware transmission, 27–28

mobile commerce, 29

mobile payment, 27

SMS infection vector, 28–29

suicide malware, 28

Attack vector(s), 11

Authentication, 14

Authentication attacks, 7, 9

Authority, 49

Authorization, 14

Automated access class barring (AACB), 120

Automated business-to-business activities, 74

Automated sensors, 71–72

Automatic identification and data capture (AIDC) technology, 15

Availability attacks, 7, 9

B

Big Bandage Theory, 130–131

Black Hat Conference, 26–27

Bluejacking, 5–6

Bluesnarfing, 6

Bluetooth, 1–2, 2, 2, 4, 5, 13–14, 13, 14, 14

Bluetooth Low Energy (BLE) guideline, 14–15

Bogus email and snail messages, 57–58

“Boy in the bubble” syndrome, 69–70

Bricking (of device), 57

Broadband wireless, 11

Business productivity devices, 69–70

C

Call to action

for automated systems, 137–138

data protection, 138

devices, 137

network architecture, 137–138

for individuals, 136–137

data protection, 137

mobile and fixed devices, 136–137

networks, 137

for organizations, 134–136

credentials and access control, 135–136

data protection, 136

incident response, 136

mobile and fixed devices, 134–135

network architecture, 135

security-conscious culture, 136

Caller ID spoofing, 6

Central and Eastern European countries (CEEs), 23–24

Central locking systems, 70

Children’s Online Privacy Protection Act of 1998 (COPPA), 80

Citizen to government (C2G) services, 100–101

Clinician-focused active medical devices, 83

Code-division, multiple-access (CDMA) networks, 118–119

Cognitive Wireless Regional Area Network (WRAN), 11

Command and control (C&C), 28

attacks, on automated processes, 9

web server, 26

Commercial and industrial contexts, WAPs in, 63

commercial space taxonomy, 65–74

burrow attack, 67–74

industrial applications, 67

opportunities, 63–65

Commercial space taxonomy, 65–74

Commercial spaces, 63

Commjacking, 6, 53

Common access cards (CACs), 99

Common operating picture (COP), 115

Communications media, 7

Conference calling, 23

Confidentiality, 14, 80

Confidentiality attacks, 7, 8

Congestion events, 119

Consistency, 48

Consumer price index comparison of telephone services, 24f

Control systems, 67

Copper, signals transmitted over, 7

Copper-wire connection, 4

Credential theft, 9

Credentials, 30–31, 48

and access control, 135–136

Credit card attack surface, 51

Credit card chips, 58–59

Cyber security, 98

Cyber Storm, 98–99, 114–115, 115

Cyber-espionage figures, 64–65

Cyberspace, 110

D

Darkhotel, 54

Data Breaches, 9, 64t, 88

Data governance, 99–100, 103

Data integrity, 8–9, 80

DefCon, 12

Denial-of-service (DoS) attacks, 11–13, 17, 28

Department of Interior (DoI), 96–97

Department of Transportation (DoT), 97–98

Device logs, analysis of, 74

Digital forensics tools/techniques, 63–64

Digital infections, 77–78

Digital literacy, 98

Digital pickpocketing and data slurping, 58–59

Distributed denial of service (DDoS) attack, 65–67

Doxing attack, 95–98

Drone skyjacking, 6

E

E-filing PIN system, attacks against, 98

eGovernment services, 100–101, 103

Electromagnetic interference (EMI), 4

Electromagnetic signals, 3

Electronic Communications Privacy Act of 1986 (ECPA), 80

Electronic medical records (EMRs), 8–9

and medical devices, 81–85

availability, 86–87

confidentiality, 80

and industrial control systems (ICS), 86–88

integrity, 81–83

Electronic official personnel folder (eOPF), 96–97

Electronics Product Code Global Incorporated (EPCglobal), 15–16

Emergency management, public safety and, 111–112

End-to-end security in communications, 7

Ethical hackers, 3

European Telecommunications Standards Institute (ETSI), 5, 7–8

Exfiltration, 133

F

Fear, 3

Federal Communications Commission (FCC), 21–22

Federal Educational Rights and Privacy Act of 1974 (FERPA), 80

Federal Emergency Management Agency (FEMA), 111

Federal government, 99–103

local governments, 102–103

state governments, 99–101

Federal Information Systems Management Act of 2002 (FISMA), 93, 123

Fiber optic media, 5

Financial Services Modernization Act of 1999, 80

Firewalls, implementing, 78–79

First Responder Network Authority (FirstNet), 113, 121

5G technology, 8

512-bit encryption keys, 55

Fixed and mobile wireless access points, 1

differentiation between, 3–4

hacking end game, 1–3

hybrid networks and communications channels

challenges for securing, 5–6

hacking opportunities in, 4–5

recommendations for wireless/hybrid systems, 10–12

use case scenarios, 12–13

wired networks and systems, implications for connections with, 6–10

authentication attacks, 9

availability attacks, 9

C&C attacks on automated processes, 9

confidentiality attacks, 8

integrity attacks, 8–9

network penetration attacks, 7–8

4G long-term evolution (LTE), 113, 120

Frequency hopping spread spectrum (FHSS) technology, 13–14

G

Gadget attack, 56–57

Gateways, 73

Global system for mobile (GSM), 118–119

Google accounts, accessing, 51

Government Emergency Telecommunications Service (GETS), 118–121

Governmental context, for hacking wireless access points, 93

Cyber Storm, 98–99

doxing attack, 95–98

federal government, 99–103

local government, 102–103

state government, 99–101

takeaways, 102–103

Gramm-Leach-Bliley Act (GLBA), 80

Gullibles travel attack, 54–56

takeaways, 55–56

victim’s chronology, 54–55

H

Hacker profiles, 1

Hacking end game, 1–3

Hacking goals

strategies and steps, 30–31

Hard-bricked device, 57

Health Information Portability and Accountability Act of 1996 (HIPAA), 79, 80, 88

Health information technology (HIT) environment, 79

Health Information Technology and Economics Clinical Health (HITECH) Act, 80

Hollywood Presbyterian Hospital attack, 79, 84–85

Honeypot, 52–53

Hybrid networks and communications channels

challenges for securing, 5–6

hacking opportunities in, 4–5

I

Incremental security actions, 133–134

Independent Security Advisors, 83

Indicators of attack (IoA), 97

Indicators of compromise (IoC), 97

Individuals, hacks against, 47

account credentials chain attack, 49–52

credit card attack surface, 51

takeaways, 51–52

victim’s chronology, 50

gullibles travel attack, 54–56

takeaways, 55–56

victim’s chronology, 54–55

internet of hacked things attack, 56–59

bogus email and snail messages, 57–58

bricking a device, 57

digital pickpocketing and data slurping, 58–59

gadget attack, 56–57

takeaways, 59

public Wi-Fi hotspot attack, 52–54

commjacking, 53

honeypot look-alike, 52–53

takeaways, 53–54

victim’s chronology, 52

Industrial applications, 67

Industrial control systems (ICS) technologies, 16

Industrial facilities, 63

Industrial sabotage, 67–74

Information and communications technologies (ICTs), 5

Information scarcity, 48

Inspector Gadget cyborg, 56

Institute of Electrical and Electronics Engineers (IEEE), 5, 5, 9

IEEE 802 standards, 9–10, 9–11, 10–11, 10f

IEEE 802.11, 10, 11–13, 12t

IEEE 802.11b, 9

IEEE 802.11i, 9

IEEE 802.15, 10–11

IEEE 802.16, 11

IEEE 802.20, 11

IEEE 802.22, 11

Insulin pump attack, 83–84

Integrity, 81–83

Integrity attacks, 7, 8–9

Interconnected medical devices (IMDs)

medjacking through, 143

Interconnectivity model, 13–14

Interference, 3

International Electrotechnical Commission (IEC), 15–16

International Standards Organization (ISO), 5

International Telecommunications Union (ITU), 5, 7, 7

Internet Engineering Task Force (IETF), 5, 8

Internet of Everything (IoE), 1–2

Internet of hacked things attack, 56–59

bogus email and snail messages, 57–58

bricking a device, 57

digital pickpocketing and data slurping, 58–59

gadget attack, 56–57

Internet of Things (IoT), 1–2, 29–30

Internet service provider (ISP), 13, 113–114

Interoperability challenges, 112–115

Intrusion detection systems (IDS), 74

Intrusion prevention system (IPS), 71

IRS E-filing PIN system, attacks against, 98

J

Juice jacking, 6

K

KeyPoint Government Solutions, 94

L

Layered vulnerabilities, 30

Legacy technology infrastructure, 55

Local area network (LAN) technologies, 5, 9–10

M

MAC address, 9

Machine-to-machine (M2M) communications, 116

Magnetic stripe technology, 58

Malware families with C&C servers, 10t

Malware transmission, 27–28, 77–78

Market penetration, wireless, 22–23

Medical environments, WAPs in, 77

Anthem attack, 80–81

convenience factors versus system responsiveness, 79

EHRs, medical devices, and ICS, 86–88

availability, 86–87

confidentiality, 80

integrity, 81–83

Hollywood Hospital hack attack, 84–85

medjacking, 83–84

PACS pivot attack, 87–88

Medical industry, 77

Medjacking, 83–84

through interconnected medical devices, 143

Metropolitan area network (MAN), 9–10

Middle Class Tax Relief and Job Creation Act of 2012, 113

MITM attacks, 53, 57

Mobile apps vetting process, 117

Mobile broadband wireless, 11

Mobile commerce, 29

Mobile devices, 2, 2, 18, 27, 129

Mobile payment, 27

Monetary gain, 2–3

Money, in security program, 130

Motivation, of hacker, 2t

N

National Association of State Chief Information Officers (NASCIO), 100–101

National Incident Management System (NIMS), 112

National Institute of Standards and Technology (NIST), 5, 7–8, 14, 73

National Public Safety Broadband Network (NPSBN), 121, 122f

National security, 109–111

real-world attack scenarios, 123–125

National Security and Emergency Preparedness (NS/EP), 112f, 121

National Security Telecommunications Advisory Committee (NSTAC), 121

Near field communication (NFC) devices, 55

Network layer, 6

Network penetration attacks, 7–8, 7

Network segregation, 79

Network topologies, 7

Next generation network (NGN) infrastructure, 121

Noncivilian government context, 109

challenges

interoperability, 112–115

personnel, 115–116

policy and procedure, 115

National Public Safety Broadband Network (NPSBN), 121, 122f

national security, 109–111

real-world attack scenarios, 123–125

public safety and emergency management, 111–112

representative challenges

personnel, 115–116

policy and procedure, 115

technology, 116–121

technology, 116–121

North American Industry Classification Standard (NAICS) code, 64–65

O

Obfuscation, 133–134

Office of Emergency Communications (OEC), 118, 118

Office of Personnel Management (OPM), 94, 94–95

Open Systems Interconnection (OSI) model, 6, 7

Open Web Application Strategy Project (OWASP), 30, 30f

OpenBerlin Innovation Center, 70

Over-the-air provisioning (OTAP) protocols, 6

P

Pairing, 3

Panopticon-style environments, 57

Passive medical device, 82

Patient-focused active medical devices, 82

Patient-focused passive medical devices, 82

Patrol cars, communications in, 22

PEAR (preparation, execution, awareness, repetition), 130

Peer-to-peer networking, 8

Personal area network (PAN), 9–10

Personal identity verification (PIV) cards, 99

Personally identifiable information (PII), 48, 55

Phishing, 48, 49

Piconet, 13–14, 14

Picture archive and communications systems (PACS) pivot attack, 87–88

Pivot attack, 87–88

Plain old telephone system (POTS) infrastructure, 23–24, 24–26, 26

Point-to-multipoint capability, 14

Point-to-point connectivity, 7, 65

Polymorphing malware, proliferation of, 27–28

Presentation layer, 6

Privacy Clearinghouse, 80

Process-focused active medical devices, 83

Programmable logic controllers (PLCs), 69, 71, 71

Public Safety Access Point (PSAP), 120–121

Public safety and emergency management, 111–112

Public Wi-Fi hotspot attack, 52–54

commjacking, 53

compromising, 141

honeypot look-alike, 52–53

victim’s chronology, 52

Public wireless router attack surface, exploiting, 53

Public/private partnerships, 93

R

Radio Act of 1912, 21–22

Radio aspect of wireless, 2

Radio broadcast, AM, 21–22, 22

Radio Frequency Identification (RFID), 1–2, 15–16

RFID chips, 55

RFID tag, 27

Radio resource management (RRM), 6

Radio wave spectrum, 21

Random access channel (RACH), 120

Ransomware, 2–3, 28, 85

Reciprocation, 48

Reconnaissance, 130–131

Regional area network (RAN), 9–10

Remote authentication dial-in user service (RADIUS) cracking, 7

Risk management, 129, 133

Rogue access points, 8, 9

S

Scanning, 131–132

Scarcity, 48

Scatternet, 14

Secure Mobile Computing initiative, 56

Secure Simple Pairing (SSP), 14

Security engineer’s view on autonomous vehicles, 139

Security features, 4

Security Mode 1, 14

Security Mode 2, 14

Security Mode 3, 14

Service set identifier (SSID), 8, 9

broadcasting, 8

names, 101

Shadow IT, 132–133, 133

Signals transmitted over copper, 7

Simplified wireless devices, 4

Skyjacking, 6

Smart buildings, 70, 72

Smart city, 97–98, 101, 102, 103

Smart grid, 7–8

Smart Grid Coordination Group (SG-CG), 7–8

Smartphone, 4, 4, 4, 28–29, 29, 99–100

SMS infection vector, 28–29

Social engineering, 47, 47, 47, 49

Social validation, 49

Soft-bricked device, 57

SP800-53, 99, 103

Spearphishing attack, 142

Stuxnet, 67–74

Suicide malware, 28

Supervisory Control and Data Acquisition (SCADA), 16–17, 67

Supply chain, 97

Surveillance, 56–57, 65–67, 71

Sustainment, 133–134

T

Technology penetration rates, longitudinal comparison of, 25t

Telecommunications rules of engagement, 6–8

Telecommunications standards, 5–6

Telephone service, wireless, 22

Telephone services, consumer price index comparison of, 24f

Thinking like a hacker

access and escalation, 132–133

exfiltration, 133

reconnaissance, 130–131

scanning, 131–132

sustainment, assault, obfuscation, 133–134

Third Generation Partnership Project (3GPP), 5, 8

Transceiver, 1–2

Transistor radio, 3

Transport layer, 6

U

UN Hacker Profiling Project (HPP), 1

US Investigations Services (USIS), 94, 94

US Office of Personnel Management (OPM), 81, 94, 94, 96

V

Vehicle cyber security, 97–98

VPN, 52, 53, 55, 99, 134–135, 137

W

Warchalking, 100

Watering hole attack, 54–55, 80

Wide area network (WAN), 9–10

Wi-Fi Alliance, 9

Wi-Fi connection, 4, 5, 5, 14–15

Wired networks and systems, implications for connections with, 6–10

authentication attacks, 9

availability attacks, 9

C&C attacks on automated processes, 9

confidentiality attacks, 8

integrity attacks, 8–9

network penetration attacks, 7–8

Wireless attack elements

C&C (ICS Environment), 28

DoS, 28

Internet of Things (IoT), 29–30

layered vulnerabilities, 30

malware transmission, 27–28

mobile commerce, 29

mobile payment, 27

SMS infection vector, 28–29

suicide malware, 28

Wireless channels, 71

Wireless communications rules of engagement, 8–9

Wireless consumer-grade surveillance devices, 57

Wireless equivalent privacy (WEP), 9, 9

Wireless LAN controller (WLC), 6

Wireless LAN/Wi-Fi (802.11X), 11–13

Wireless Local Area Network (WLAN), 10

Wireless market penetration, 22–23

Wireless medical devices, 82–83

Wireless Metropolitan Area Network (WMAN)/WiMAX (802.16), 11, 13, 13

Wireless penetration rates, 23–26, 26–30

Wireless Personal Area Network (WPAN), 10–11, 13, 13–15

Wireless Priority Service (WPS), 118–121

Wireless router, 53, 53

Wireless security, 2

Wireless sensors, 72

Wireline connections, 4

Z

Zero-day attacks, 27–28