Find and blog about an illustrative case of hacktivism:
I located information about a group called Electrohippies who also used a nowadays well-known aspect of cyber space which is called denial-of-service (DOS) action.
Quote: The Electrohippies Collective (Ehippies) is an international group of internet activists based in Oxfordshire, England, whose purpose is to express disapproval of governmental policies of mass media censorship and control of the Internet “in order to provide a ‘safe environment’ for corporations to do their deals.”
The first step they took in order to fight for their cause was in 1999, in Seattle and against the World Trade Organization (WTO). Thousands of people gathered to disrupt the World Trade Organisation conference by preventing delegates from entering the conference venue. Simultaneously, an online direct protest was run by The Electrohippies Collective. The Ehippies claimed success for the action, saying 450,000 people participated over 5 days, resulting in the WTO conference network being constantly slowed and periodically brought to a halt.
The same tactic has been used since then and by many different groups. Also the variety of institutions attacked have changed. The 2007 estonian case stated well enough that when certain groups or movements make their goal to attack certain institutions, they no longer look at the relation between the institution and the situation. I mean that before, it was an attack towards a certain institution, but now the hacktivists target whatever institutions they can cripple or paralyze, no matter the relevance(in the estonian case it was just the country which was the same).
Blog about a good case of social engineering:
There was a case in Estonia a couple of years ago, which was more like a scam. Hotels and guesthouses recieved e-mails concerning a reservation for a larger group. Also a verified bank statement was sent within the e-mail and the institution was asked to return the extra amount in the letter. Unfortunately some of the institution workers did return the amounts before checking if the amount had reached their bank accounts and through that got scammed.
But a more relevant case was this summer which also received some media attention. A lot of people recieved e-mails from someone called Scott E. Guggenheim, an against poverty programme coordinator in the World Bank. People were told that they had been given 550 000 dollars which are held in the Malaisian branch of the bank. And all that is needed, is the transfer sequrity fee which was a bit less than 200 dollars. The sender also requests for the full name, home address, mobile phone number and a copy of his/her passport or ID card. There is unfortunately very little information on the success of that letter but as history has shown, it is not uncommon for people to believe and address these letters.
Formulate some measures which can reduce the effectiveness of social engineering attempts:
Firstly I would point out that very little information is given to users who are not so “at home” with computers. If a novice user sees a link with his/her friends name on the screen which says that check out my new pictures, they automatically think it is ok. So the main part would be to inform the users and take away the “want” to press everything that is interesting on the web. Also some distrust should be injected into the users. People seem to be very gullible when it comes to some information on the web. Sometimes even checking from a friend, if they asked for some information or sent an email like that, seems like too much to do and that is where/when the issues arise.