This document discusses Madeleine Leininger's transcultural nursing care theory over 5 articles. The theory focuses on providing culturally congruent care by understanding patients' cultural values and beliefs. It presents cases that apply the theory, such as caring for a Bedouin woman with cancer. The theory includes 3 modes of care - culture care re-patterning, accommodation, and preservation. It aims to improve healthcare by reducing conflicts between patients' cultures and provided care. The theory changed how nursing care considers cultural diversity and improved quality of life outcomes.
9953330565 Low Rate Call Girls In Rohini Delhi NCR
Running head THE TRANSCULTURAL NURSING CARE THEORY 1THE TRANSC.docx
1. Running head: THE TRANSCULTURAL NURSING CARE
THEORY 1
THE TRANSCULTURAL NURSING CARE THEORY 8
The Transcultural Nursing Care Theory of Madeline Leininger
Student’s name
Instructor
Course
Date
Transcultural Nursing Theory Articule #1
Leininger, M. (1994). Quality of life from a transcultural
nursing perspective. Nursing Science Quarterly, 7(1), 22-28.
Leininger explains her belief in this article that the quality of
life is derived from her theory of culture care diversity and
2. universality. She tries to demonstrate how medical attendants
should adopt a transcultural nursing perception in improving the
quality of life as compared to how it has been perceived in most
of the traditional and patterned descriptions. She talks about the
five cultures that she says when appropriately incorporated in
nursing care, a more advanced discipline and profession of
culturally constituted care patterns will be attained. These
cultures include: Mexican Americans, Philippine Americans,
Anglo-Americans, Gadsup of New Guinea and Native North
Americans. The article delved more on universality rather than
diversity (p 26).
It is complex when one tries to understand the quality of life,
and thus, different approaches of culturally patterned care are
used to describe the conditions and expressions of humans. The
symbolic, expression and meaning referents in most cases are
influenced by diversity in humans. According to Leininger, the
quality of life should be understood from an inside culturally
patterned establishment in order for the results to be accurate
and reliable (p 28). The underlying challenge existing in
nursing practice is to help health care providers distinguish and
identify the inside and outside patterned expressions and
meanings linked with the quality of life to help nurses make
sound treatment decisions, behaviors and counseling.
In summary, the article revealed that the quality of life is in a
large part described by culturally patterned and articulated
through our way of living as well as the prevailing cultural
ideas. Leininger concludes by stating that, what determines the
quality of life is not universal. However, further research is
needed to validate and understand more the meaning of quality
of life.
Transcultural Nursing Theory Articule #2
Nashwan, A., & Mansour, D. (2015). Caring for a Bedouin
female patient with breast cancer: An application of Leininger’s
theory of culture care diversity and universality. Global Journal
of Medicine and Public Health, 2(3), 1-6.
In this article, the transcultural cultural theory as developed by
3. Madeleine Leininger shows how patient care should be
administered based on one’s practices, values, and cultural
beliefs. Madeleine Leininger presents her arguments in this
article using a clinical encounter that relates to her transcultural
nursing care theory of a Bedouin woman client who is being
assessed, diagnosed and treated for malignant growth (p 4).
Upon the arrival of the client in the facility with complaints of
pain and other symptoms of cancerous growth in her right
breast, nurses are mandated to educate the woman about the
beliefs and traditions of the Bedouin community so as to
provide treatment that aligns with her culture. When it comes to
providing medical care by considering cultural factors of the
Bedouin community, healthcare providers must use a holistic
approach that is not limited to being culturally sensitive
towards them.
The interdisciplinary team taking assessments, diagnosis,
performing testing procedures, and administering treatment
should apply transcultural theory while performing these tasks
in order to validate this theory. I believe, therefore, when
nurses considered the cultural background of the client helped
the client/family to build trust and feelings of attachment with
health care providers rather than conflicts among them.
Furthermore, Leininger’s theory also helps nurses to deliver
care using a holistic care approach, which strongly correlates
with the Bedouin culture that medical treatment using drugs
should be provided alongside medicinal herbals to prevent
deterioration of illnesses.
To be perfectly honest, the most significant thing I have learned
was to respect the difference despite its structure or content,
likewise, the significance of cultural competence as a capacity
of people and frameworks to react deferentially and viably to
individuals of all classes, cultures, races, ethnic differences and
religions in a way that perceives, insists, and values the cultural
contrasts and likenesses and the value of people, families, and
communities and ensures and saves the dignity of each.
Transcultural Nursing Theory Articule #3
4. Busher Betancourt, D. A. (2016). Madeleine Leininger and the
transcultural theory of nursing. The Downtown Review, 2(1), 1.
In the late 50s, Leininger was able to identify as well as relating
different cultural background behaviors of children who were
employed in a “child guidance home” (p 1). She learned that it
is important to focus on early child’s healthcare development in
the early stages. This forced Leininger to research what was
lacking in the nurse’s knowledge at that time that cultural
diversity is an important factor to be considered while providing
care. Later, he came up with a transcultural theory of nursing
that changed the way nursing care was being practiced. The
focus of her theory is to enlighten nurses to consider different
cultures as well as be prepared to care for patients using
acceptable approaches that meet the patient’s cultural demands.
Healthcare facilities in some of the developed countries like the
United States serve as the international destination in providing
advanced care. Patients from different backgrounds come into
the hospital with the hope of receiving services that meet their
needs especially services that do not overlook cultural beliefs
and values. Leininger’s theory acts as a platform for nurses to
provide culturally sensitive care. Therefore, hospitals aiming to
deliver culturally congruent and positive care; people’s quality
of life must be respected whereby all nurses are forced to
understand different cultural values and beliefs of people to
deliver culturally congruent and positive health care.
The expertise of a nurse is significant during the management
process of the disease since there can be not curing without
caring. Transcultural nursing theory is only effective and
successful when nurses provide care by understanding their
diverse patients in every stage of the treatment journey. Hence,
Madeleine’s theory unlocks the cultural competence of our
present nursing practice that has a fascinating history and
traditionally diverse future.
Transcultural Nursing Theory Articule #4
Leininger, M. (2007). Theoretical questions and concerns:
Response from the theory of culture care diversity and
5. universality perspective. Nursing Science Quarterly, 20(1), 9-
13.
This source is describing the reason behind Leininger’s
pioneering work of developing a ground-breaking culturally
congruent care theory. In the 1950s, culturally congruent care
was practiced in the hospitals that nurses failed to associate
care with patient’s diversity and universality perspective. The
practice of the model in responding to theoretical concerns in
those hospitals was geared towards addressing the cultural
dynamics and how nurses related with their clients during care
delivery. As a result of its focus, healthcare providers needed a
theory that could explain the outcome of the type of care they
would offer in response to sub-standard care provided.
In the aspects of nursing, Leininger’s theory ought to
characterize different cultural traits and differentiate those
behaviors as either diverse, implying it’s supposed to be
exceptional to the particular culture experienced, or universal
implying it is encountered in many cultures. Globally,
Madeleine’s experience as an anthropologist alongside her
intercultural theory adequately laid a framework for
representing different cultures. Practicing medical caretakers
can apply this distinguishing evidence and order of cultural
values in delivering congruent competent care based on a
cultural foundation. Health care industries apply this cultural
care approach to meet their patient’s needs without overlooking
their background cultural aspects.
Unlike theories that focus primarily on diagnosis, Leininger’s
theory is holistic because it incorporates everyone as a whole.
Three modes of care are used in this holistic theory to change
the traditional intervention approaches of treating patients. The
first mode of care is culture care re-designing and rebuilding;
the second mode is culture care convenience, and lastly,
supported and safeguarded culture care. Nurses are in a position
of incorporating planned congruent care in these three modes as
well as presenting a domain helpful for ideal wellbeing working
for the patient.
6. Transcultural Nursing Theory Articule #5
Clarke, P. N., McFarland, M. R., Andrews, M. M., & Leininger,
M. (2009). Caring: Some reflections on the impact of the
culture care theory by McFarland & Andrews and a conversation
with Leininger. Nursing Science Quarterly, 22(3), 233-239.
The article discusses the efforts and supports Madeleine
Leininger brought in founding the transcultural nursing and care
for any human culture. In her theory, she came up with an
ethnonursing method of practicing care that describes the
importance of understanding a patient’s cultural background
because people have different beliefs, ideas, values and the care
for each is different. In modern hospitals, her contributions are
greatly felt in the field of culture care. She wanted her theory to
give meaning to other people as well as health outcomes to
relate to culture. On page 238, the theory explains how nurses
should apply ethnonursing strategy in merging knowledge of
diversities, and universals among cultures in association to
values, beliefs, disease patterns, wellness, health, and
humanistic care. The theory employs a comparative focus to
explore values, expressions, patterns, and lifeway’s within and
between cultures (p.238).
In this article, three modes of cultural aspect are deemed
important by Madeleine Leininger. These modes are: re-
pattering, accommodation, and preservation. Nursing cultural
competency has been measured along with these three modes as
well as how congruent care should be administered. To
demonstrate her key components of the theory, Leininger’s
sunrise model has been used in practice for a long time.
However, the theory is full of assumptions. Some of the
assumption Leininger sunrise model is having is that care is
essential to healing and curing as well as cultural differences
between the patient and the caregiver is experienced in any
human culture globally (p 236). Nursing practices change
changed all over the world through her theory as it focused on
care. She emphasized that nurses' personal believes or
professional backgrounds should not interfere with the type of
7. care supposed to be offered to patients. Her theory has
improved the culture of care and the overall nursing profession.
UNPROTECTED DATA: REVIEW OF INTERNET
ENABLED PSYCHOLOGICAL
AND INFORMATION WARFARE
Francisco GARCIA MARTINEZ
Illinois Institute of Technology, School of Applied Technology,
Chicago, Illinois, USA
[email protected]
Maurice DAWSON
Illinois Institute of Technology, School of Applied Technology,
Chicago, Illinois, USA
[email protected]
ABSTRACT
Since the last elections in the United States, France, and other
nations, fake
news has become a tool to manipulate voters. This creation of
fake news creates a
problem that ripples through an entire society creating division.
However, the media
has not scrutinized enough on data misuse. Daily it appears that
there are breaches
causing millions of users to have their personal information
taken, exposed, and
sold on the Dark Web in exchange of encrypted currencies.
Recently, news has
surfaced of major social media sites allowing emails to be read
8. without user
consent. These issues bring upon concern for the misuse of data
and more
importantly, how can this be used for information warfare and
the exploitation of
targeted groups through the use of the Internet. It is essential
that organizations
continuously review current data policies to ensure that they do
not become victims
of information warfare.
KEYWORDS: data misuse, information warfare, Internet
security, intelligence
1. Information Warfare
In the battlefield, there is a type of
warfare known as psychological operations.
This aspect of warfare is used to create a
favorable image, gaining adherents, and
undermining opponents had already become a
significant weapon of 20th-century warfare.
However, “they are neither a substitute for
power nor a panacea” (Headquarters
Department of the Army, 1979, pp. 1-5) but
employed correctly they can be instrumental,
making the difference between success or
failure in military operations. And not
exclusively military operations, but also in
numerous other fields, such as technology or
marketing.
Information warfare is, in general
terms, a way of protecting one’s information
infrastructure while attacking someone else’s
by using computers. In the past century, it
10. billion i
by the
conclud
surveyed
espionag
Th
much i
adversa
informa
confiden
From th
three l
warfare
and glob
a single
electron
persona
to, har
theft o
attacks
informa
specific
ransomw
(NSA) hav
ations to
on programs
first recorde
f the Boeing
great impo
p. 1) remar
tional Trad
in the Unite
11. ge at $23.8
in 1989”. B
University
ded that 48
d admitted
ge victims (S
he primary
information
ary while
ation infras
ntiality, int
he economic
levels of
, being th
bal levels. T
e individual
nic privacy.
al level incl
rassment, e
or blackma
often con
ation gatheri
c targeted c
ware (O’G
ve cooperate
create
s (Elbirt, 20
ed use was
g Corporation
12. ortance that
rks in his p
de Commiss
ed States du
8 billion in
Besides, a stu
y of Illin
8 % of th
d to bei
Schawartau
Figu
purpose is
n as possib
e protec
structure, t
tegrity, and
c point of v
impact in
hese person
The persona
l or group
. Attacks d
lude, but ar
extortion, p
ailing. The
nsist of an
ing to, later
ampaign of
Gorman &
13. ed with priv
infrastruct
003). The ter
by Thomas
n in 1976, is
t A. J. Elb
paper that “
sion estima
ue to econom
1987 and $
udy conduc
nois in 19
he compan
ing industr
, 1997).
ure no. 1: Inf
to retrieve
ble from
cting on
thus ensuri
d availabili
view, there
n informati
nal, corpora
al level affe
of individu
directed to
re not limi
personal d
ese kinds
14. n individua
r on, perform
f blackmail
& McDona
vate
ture
rm,
s P.
s of
birt
“the
ated
mic
$40
cted
988
nies
rial
a
ph
ma
Al
fav
dis
da
inf
cre
Pr
att
co
att
(E
17. orrected, d
reading of
n individual
nd the mali
e resulting d
When
arfare attac
organizatio
industrial
vel. The u
volve comp
lease of the
srupting
dditionally,
information
Service at
cial engine
or modi
common
sition over
ir services o
onsequence,
warfare attack
998 the Nat
Centre (NIP
rforms th
n attack: inf
18. ning, and
.
ocess
other per
uthorizedly
formation.
on could be
due to th
data across
l’s privacy
cious activ
damage is o
the cond
ks are elev
ons, they ar
espionage
usual corpo
petitor info
eir propriet
an adve
there have
n warfare att
ttack (DoS
eering, or
ification o
goal of ga
their oppon
or stealing c
, threatened
ks, the Unite
19. tional Infra
PC). Typic
hree steps
formation g
attack e
sonal level
altering so
Thought
e easily rem
he extreme
the networ
has been i
vity has bee
often irrepar
ducted info
vated to co
re often ref
e or the c
orate level
ormation th
ary informa
ersary’s
e also been
tacks are
attack),
deletion,
of data.
aining a
20. nents by
classified
d by this
ed States
astructure
ally, an
when
gathering,
execution
l attacks
meone’s
t this
moved or
ely fast
rk. Once
invaded,
en done,
rable.
ormation
ompanies
ferred to
corporate
attacks
heft, the
ation, or
activity.
cases of
188
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
21. governments making use of Information
Warfare tactics to provide information to a
private organization within the country
from a competitor of a foreign country.
Elbirt gives an example of this kind of
activity in his paper: “Hitachi paid IBM a
reported $300 million in a settlement
agreement after being caught spying on a
new generation of IBM computer equipment
and that French intelligence was proven to
have spied on Boeing to help Airbus”
(Elbirt, 2003, p. 5).
Economic espionage, or global level
attacks, refer to the government’s use of
Information Warfare techniques to combat
other countries or their allies in the desire of
improving their economy or obtaining a
better combative position. Nonetheless,
these attacks are not limited to government
activities, but they also include terrorist
groups, such as Anonymous, Al-Qa’ida, or
the famous Chinese cyber espionage group,
Axiom. However, they require a large
number of people involved and a significant
monetary investment. A key aspect of being
successful at the global level relays on
being capable of organizing this vast
number of people while maintaining a high
level of privacy.
Concerning data collection, databases
can represent a great source of useful data
22. within the information warfare. Numerous
access control countermeasures have been
developed and are implemented, preventing
unauthorized users from accessing and
retrieving confidential information.
Nevertheless, those techniques do not
address the inference control problem,
where a user could perform legitimate
general queries to the database as a whole
while restricting him from extracting
individual’s private information (Elmasri,
2008). Clifton and Marks (1996) introduce
some possible solutions in their paper.
To ensure that a company cannot infer
private data from public data to, later, use it
to gain a better position than its competitors
in the information warfare.
2. All Source Intelligence
Analyzing data could provide valuable
information regarding an organization’s or
individual’s activity with the use of Open
Source Intelligence (OSINT) tools. OSINT
data is unclassified information or data that is
publicly available. OSINT is not to be a
substitute for other sources of intelligence but
rather complement existing methods to
collect information such as Geospatial
Intelligence (GEOINT), Signal Intelligence
(SIGINT), Human Intelligence (HUMINT),
and Measurement Intelligence (MASINT).
This data collection method relies on
information that is found publicly without the
need to request access to it, and it can be used
to generate reports (Stalder & Hirsh, 2002).
23. Having access to this data allows an attacker
to develop an intelligence analysis on the
target. This analysis can be a culmination of
information about the target’s movements,
online behaviors, technical data, and more.
With the Internet, several applications such as
Maltego can make the profession of an
OSINT analyst done with ease. This means
they can create transforms, perform sentiment
analysis of words, and review other public
databases with ease.
3. Misuse of Data
The widespread use of newer
technologies and their correspondent tools
and apps leads to infinite quantities of data
released to the Internet. However, the most
critical finding in the last recent years is
that all this data has a value. All this
information which was practically
discarded was a source of intelligence that
traditionally took a significant work effort
to collect. Hence, enterprises have
increased their investments in software,
hardware, staff, education, and other
associated items that constitute the digital
world, by 50 %, to $4 trillion (Gantz &
Reinsel, 2011). Grantz and Reinsel state in
their paper that “the amount of information
individuals create themselves – writing
189
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
24. documents, taking pictures, downloading
music, etc. – is far less than the amount of
information being created about them in the
digital universe” (Gantz & Reinsel, 2011,
p. 1). Therefore, we cannot imagine how
significant this amount of data is, and even
less wonder how to handle it. That is why
companies are putting all their efforts to be
able to generate value by extracting just the
right information, or even by misusing the
data for different purposes for what it was
collected. Being capable of doing so would
enormously help to position themselves in
the “pole position” of the information
warfare.
It cannot be denied that the new
features included in popular apps usually
make someone’s life easier. However, the
actual goal of the company for developing
that new functionality remains unthinkable
and unknown to the end user. These goals
can range from the selling of data to third
parties or collecting data to sell other
products to the end user (Ahmed, 2004).
It was probably not to make everyone’s lives
more comfortable but to know more about
them; to gather more useful information
about the people which can later be
transformed into personal-oriented marketing
strategies and, eventually, more revenues to
the corporation. What enterprises usually
achieve with these techniques is to get more
private information about their users’ data, or
25. metadata, which, as a result, is growing
extremely faster than the actual data itself.
In recent years several patents can be found
that deal with mobile data collection to
(Sinisi, 2007). Facebook’s new “face
recognition” or “tag suggestion” feature is an
excellent example of this. This functionality
identifies a user’s face in a picture and
notifies him of the uploaded photo. Thus, the
user can decide whether to be tagged in the
photo or, even more, report someone who has
uploaded a picture of him without consent.
Although several privacy experts claim that it
is an excellent advance in protecting
someone’s privacy preventing fraud and
identity theft, what Facebook does is
maintaining what it is called a “template”
(Fussell, 2018). This template is a string of
numbers that is unique for each user, which
could be considered similar to a fingerprint.
As a consequence, Facebook becomes the
owner of extremely protected biometric
data of its customers, that could later be
tasked for malicious purposes.
According to John T. Soma et al.
personally identifiable information (PII)
“is now a commodity that companies trade
and sell” (Soma, Couson & Cadkin, 2009,
p. 1). Furthermore, it is equaling or even
surpassing the value of traditional financial
assets in large corporations. Nevertheless,
the question is: are companies benefitting
from the use and trade of PII without
protecting the privacy interests of those PII
26. owners? This entails consequences for
commercial and technological sectors.
In the marketing industry, the benefits
of using PII are double (Soma, Couson &
Cadkin, 2009). Imagine that an online store
sells alcohol to its consumers. Collecting
data such as gender or nationality may not
make any difference, but, if it also collected
age values, it could significantly narrow its
target to old enough consumers. Thus, the
store would not only increase its revenues
by approaching more likely possible buyers
but also reduce costs by discarding
underage consumers. Moreover, consumers
can also benefit from companies keeping
their PII, tailoring them future activity.
Cloud computing is becoming an
excellent solution for many small and
medium companies since it represents a
great way of saving money by sharing
resources with other organizations and
190
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
avoid buying and maintaining their servers.
However, regarding security, cloud
providers may have to face different risks
and challenges to the ones in conventional
IT environments. From the end user’s point
of view, they are still reticent to cloud
27. computing technologies, concerned about
their data privacy and security issues —
even more after knowing about the most
significant cloud computing providers
security breaches. Google Gmail was
exposed to a severe vulnerability up to
4 hours in its VMware virtualization for
Mac version in 2009, where attackers could
take advantage of this vulnerability to
execute malicious code on the host (Chen &
Zhao, 2012). Microsoft Azure also suffered
a severe outage accident on its cloud
services for 22 hours earlier this year.
Concerning the health sector, due to
the augment of health information available
in the Internet, patients tend to look for
their symptoms online, sharing especially
private data to everyone, without
considering its associated security risks.
Researchers comment that “Both specialists
and patients can benefit from linking family
health profiles so that all relevant
information is available for reference when
the need arises” (Gajanayake, Iannella &
Sahama, 2011, p. 31) obviously, developing a
safe and private environment. The access of
illegitimate persons to one’s health
information can have critical consequences
when later being disclosed or misused since it
contains sensitive data tremendously useful
for ransom ware or social engineering attacks.
Thus, they propose an information
accountability mechanism as the solution to
information misuse in the health field.
Moreover, they claim that with their approach
28. “when inappropriate misuse is detected, the
agent defines methods of holding the users
accountable for misuse” (Gajanayake,
Iannella & Sahama, 2011, p. 37).
4. PII Exploits
Krishnamurthy and Wills define
personally Identifiable Information (PII) as
“information which can be used to
distinguish or trace an individual’s identity
either alone or when combined with other
public information that is linkable to a
specific individual” (Krishnamurthy &
Willis, 2009, p. 7). The term encompasses
any information that can uniquely identify
an individual, such as name, birthday,
address, phone number, social security
number, fingerprints, or a face photo.
Social networking sites are web-based
services that allow their members to build a
public or semi-public profile and connect
with other strangers based on shared
interests, hobbies, or political thoughts
(Boyd & Ellison, 2007). We could say that
social media is an expansion of traditional
media, offering individuals highly capable
and nearly unlimited ways of
communicating and networking with others.
There are many different kinds of social
media business models, varying from
sharing live-photos of places you are
currently visiting activities focused on
growing your professional network and
seek jobs. Nevertheless, just like everything
29. in this world, social networking sites also
have their drawbacks. Users do not often
realize the massive amounts of personal
data that they are sharing with their network
and thus, how they are being exposed to
exploits of these data.
All social networks offer a wide range
of possibilities concerning the privacy
settings of their members. If an individual
leaves these settings public by default, this
can constitute a breach of privacy.
Consequently, a malicious user can perform
a reconnaissance attack and gather as much
possible information to conduct a
successful social engineering attack later.
191
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
However, having a public profile is not the
only vulnerability to private information on
a social networking site. In their paper, P.
Gundecha et al. discuss how a social media
user can become way more exposed to
exploits of his data by merely adding a
vulnerable friend. They define a vulnerable
friend “from an individual user’s
perspective is dependent on whether or not
the user’s friends’ privacy settings protect
the friend and the individual’s network of
friends (which includes the user)”
(Gundecha, Barbier & Liu, 2011, p. 511).
30. Hence, a single user’s privacy settings can
compromise its entire network.
Frequently, social media websites
partner with third-party servers to provide
content and advertisements to their users.
Although these websites claim in their
privacy policies that they share cookies to
third parties to offer a better user experience
to their members, these cookies do not
exclusively consist of Internet Protocol (IP)
addresses (Symantec Corporation, n.d.). What
is more, some third-party servers are in fact
trackers or aggregators, that follow the user
habits before, while and after the user’s
interaction with the social media application
(Krishnamurthy & Willis, 2009).
Krishnamurthy and Wills define this action of
combining this PII with other information and
sharing it to external websites as “leakage”.
In their paper, they present a study
demonstrating how Online Social Networks
(OSN) often provide information linked to a
particular person to third parties via a
combination of HTTP headers and cookies.
Most of the times, when a person
publishes a document or picture on the
Internet, he is not aware of the PII or other
identifiers attached to it, even less how to
remove them. There are countless situations
in which personal information is retrieved
from documents with inappropriate
security. Therefore, this private data can
further be used to commit malicious
31. activities. An example of information leak
caused by inadequate attempts to secure
protected information took place in 2000
when a secret CIA document about a coup
in Iran was published in The New York
Times website (Aura, Kuhn & Roe, 2006).
The company unsuccessfully tried to erase
the names of the persons involved by just
painting white squares over their names.
As a consequence, the names were still in
the publication’s metadata and could easily
be retrieved.
5. Where Stolen Data Can Be
Found: Dark and Deep Web
The types of data captured through
poor security practices and improper coding
techniques provide not only side channels
into the organizations but a plethora of
details. For example, a photo provides lots of
metadata that can give insight into camera
type, specific detailed information of photo
taken, latitude, and longitude coordinates.
These items can be used to create an
intelligence analysis of a target with the
number of connected devices and those on
the Web with a lack of security protections.
However, the key is where these stolen data
and information end up do.
The definition of the Internet as the
mainstream perceives does not entirely
represent what the entity is. Because of an
increasing number of static HyperText
Markup Language (HTML) pages, there is an
32. enormous amount of information hidden in the
layers of deep and dark Web where most
search engines cannot have access (see Figure
no. 2). The pathway to these remote Web
locations is provided through static Uniform
Resource Locator (URL) links due to their
existence being depended on responses to
queries submitted through the query interface
of an underlying database. It is estimated that
43,000 to 96,000 deep Web sites exist along
with 7,500 terabytes of data (He, Patel, Zhang
& Chang, 2007).
192
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
Th
website
being th
sense li
Take th
example
database
informin
crawler
all “kn
website
you nee
searchin
he issue w
s is that t
33. he site is no
ike a standa
he search
e items a
e by eith
ng Google
s looking fo
nown” web
is not ind
ed to know
ng for dir
ith trying t
they do no
ot indexed i
ard search
engine Go
are added
her the w
of their UR
for, finding,
bsites it fi
dexed in e
the URL of
rectly. No
Figure no.
Figure n
to locate de
ot exist. T
34. in a traditio
engine wor
oogle.com
to Googl
website its
RL or the w
, and indexi
inds. A de
ither capac
f what you
ow there
3: Example
no. 2: Comp
eep
hat
nal
rks.
for
le’s
self
web
ing
eep
city
are
are
ex
35. am
are
Du
Do
en
sta
In
en
sea
Ho
no
tha
e of the Duc
plete Web
xtensive data
mounts of s
e called
uckDuckGo
ogPile for
ngines allo
andard sear
some case
ngines can b
arch terms
owever, eve
ot take into
at is found o
ckDuckGo S
abases that
36. search engi
metasearc
o (see Fig
example. T
ow you t
rch engines
es, as man
be searched
and the p
en these me
account th
on the deep
Search Page
try to comp
ine data, an
ch engine
gure no.
These meta
to search
s all at on
ny as 40-50
d with the
press of a
tasearch en
he vast info
web.
e
37. pile large
nd these
es like
3) and
a search
various
ne time.
0 search
entry of
button.
ngines do
ormation
193
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
There are several specialty search
engines such as TORCH and the Onion URL
Repository which index as many deep
websites that can be found. The key to these
types of search engines is that they do not act
like traditional searches. You need to have
access to TOR networks which work as a
semi-autonomous network that provides
private browser and viewing of sites. Once
you are on this network, you still be able to
access repositories of different search engines
usually broken down by subject matter and
start you dig into the deep web.
38. Another item of note is the deep web,
and the dark web is not the same thing. While
you may make use of TOR to access the dark
web search engines that index the deep web.
Both these environments are independent of
each other. Deep websites sites can be found
using traditional browsing methods as long as
you know the URL for it where dark websites
leverage a software package like TOR to
access the pages.
The Onion Router (TOR) gained
popularity when the news was released
around the globe about Edward Snowden
exposing what the American government was
doing with citizens’ data. The tool of choice
used was TOR. The Tor Browser can be used
on Gnu Not Unix (GNU) Linux, Windows,
and Mac without the need for installation of
any software (Tor Project, n.d.). Tor was
developed further by the Defense Advanced
Research Projects Agency (DARPA) after the
first principle of onion routing developed
from a United States Naval Research
Laboratory scientist. In Figure no. 4 shown
are two Tor Browsers on Ubuntu Linux.
The other browser shows The Uncensored
Hidden Wiki and some onion links that have
been verified. The first browser window
displays the welcome message for
anonymous exploration.
Figure no. 4: TOR Browsers
39. 194
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
TOR is native in the Tails Operating
Systems (OS) Tails is a Debian based Linux
distribution which primary goal is the
preserve privacy and anonymity to beat
surveillance.
In recent years, organizations such as
the NSA have been attacks this browser. One
attack revealed was the exploitation of the
Tor Browser Bundle. When using the Tor
Browser security that leaves a system
vulnerable such as Flash become enabled in
this attack (Schneier, 2013). This attack
targeted the Firefox browser by identifying
the Tor Users and executing attacks against
the browser (Schneier, 2013). Other tools
detected Hypertext Transfer Protocol (HTTP)
through Capability Network Exploitation
(CNE), which is the starting point for finding
Tor users. Researchers at the University of
Waterloo and Stony Brook University discuss
active attacks for website fingerprinting to
identify destination web pages by passively
observing their communication traffic (Wang,
Nithyanand, Johnson & Goldberg, 2014).
However, these attacks have not
deterred the use of Tor Browser. For users
conducting illicit activities, this browser
allows for undetected movement. One
40. needs not to look too far to see the activities
that occur on the Dark Web from the sale of
illicit narcotics to human trafficking.
Services from experienced hackers to
assassins can be located using Tor and
exploring Hidden Wiki.
Some browsers allow the user to
protect their privacy. One such browser is
Searx that does not share the users’ IP, search
history, and aggregates the results of more
than seventy search engines (Tauber, n.d.).
Searx browsers allow for advertisement
filtering, personalization, and use of HTTP
POST by default. Figure no. 5 shows the
results of a search of Illinois Institute of
Technology that populates that allows for
files to be downloaded; pages scraped and
allowed customization in terms of time.
Figure no. 5: Searx Browser
195
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
There have been several occasions
where the Tor network has been abused for
personal gain. In 2013 a Harvard University
student used this mean of anonymity to send
emails to the school for a hidden bomb threat
to avoid a final exam (Lin, Tong, Zhijie &
Zhen, 2017). Silk Road is an online black
market being accessed by nearly one million
41. users through the exclusive access of the
Onion Router. It includes illegal services like
drug trafficking, child pornography, and arms
trafficking; the value of its transactions has
been calculated to be worth $12 billion.
Its operations were shut down in October
2013 by the Federal Bureau of Investigation
(Lin, Tong, Zhijie & Zhen, 2017).
“Anonymous” the notorious worldwide
hacker organization, launched a DDoS attack
against Sony Corp in April 2011. They used
the anonymous network and managed to steal
the personal data of nearly 1 billion people.
This attack had a disruptive financial impact
of $171 million (Lin, Tong, Zhijie & Zhen,
2017).
6. Using Web for Targeted Warfare
Researchers have discovered that
Internet sites such as YouTube Kids and
YouTube have detected unsafe content
through nefarious promoters that target kids
through psychological means (Kaushal,
Saha, Bajaj & Kumaraguru, 2016). This
means that the threat landscape is altering
to include all active users regardless of age
or other constraints previously considered
off limits. In the past mainly adults have
been the targets of individuals or nation
states however due to technological
advances and increased connectivity any
connected user can be a target.
Reviewing the Open Web Application
42. Security Project (OWASP) top 10 over the
last ten years, it is apparent that the same
critical web application vulnerabilities are
still found (Wichers, 2013). One such
vulnerability is the Common Weakness
Enumeration (CWE) 89: Structured Query
Language (SQL) Injection, which is rather
easy to exploit using an application called
sqlmap. A simple search of php?id=[number]
while bringing up several websites through a
query that can be a potential target.
7. Conclusion
The misuse of data and deficiency of
knowledge to apply security controls is a
critical issue across enterprise networks.
The Internet has allowed for older
techniques used for warfare to be
modernized at levels that make a novice
intelligence analyst near a Subject Matter
Expert (SME). This is a drastic change to
the landscape of the current battlefield in
which is still evolving with the ever
expansion of networked systems such as the
Internet of Things (IoT) and 5G. The
apparent scarcity of applied cybersecurity
protections is allowing for threat agents to
take advantage of organizations and
individuals that lack the necessary
knowledge for ensuring protection. This,
combined with laws that do not require
companies to have stronger security, enable
attackers to perform exploits continuously.
REFERENCES
43. Ahmed, S. R. (2004). Applications of data mining in retail
business. International
Conference on Information Technology: Coding and Computing.
Proceedings. ITCC, Vol. 2,
455-459. IEEE.
Aldrich, R. W. (1996). The international legal implications of
information warfare
(No. INSS-OP-9). Colorado: Air Force Academy Colorado
Springs Co.
196
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
Aura, T., Kuhn, T. A., & Roe, M. (2006). Scanning electronic
documents for personally
identifiable information. Proceedings of the 5th ACM workshop
on Privacy in electronic
society, 41-50, New York, USA: ACM.
Boyd, D. M., & Ellison, N. B. (2007). Social network sites:
Definition, history, and
scholarship. Journal of Computer-Mediated Communication,
Vol. 13, Issue 1, 210-230.
Chen, D., & Zhao, H. (2012). Data security and privacy
protection issues in cloud
computing. International Conference on Computer Science and
Electronics Engineering,
Vol. 1, 647-651, IEEE.
Clifton, C., & Marks, D. (1996). Security and privacy
44. implications of data mining. ACM
SIGMOD Workshop on Research Issues on Data Mining and
Knowledge Discovery, 15-19.
Elbirt, A. J. (2003). Information Warfare: Are you at risk?.
IEEE Technology and
Society Magazine, Vol. 22, Issue 4, 13-19.
Elmasri, R. (2008). Fundamentals of database systems. India:
Pearson Education.
Fussell, S. (2018). Facebook’s New Face Recognition Features:
What We Do
(and Don’t) Know [Updated], available at:
https://gizmodo.com/facebooks-new-face-
recognition-features-what-we-do-an-1823359911, accessed on
18 March 2019.
Gajanayake, R., Iannella, R., & Sahama, T. (2011). Sharing with
care: An information
accountability perspective. IEEE Internet Computing, Vol. 15,
Issue 4, 31-38.
Gantz, J., & Reinsel, D. (2011). Extracting value from chaos.
IDC iview, 1142, 1-12.
Gundecha, P., Barbier, G., & Liu, H. (2011). Exploiting
vulnerability to secure user
privacy on a social networking site. Proceedings of the 17th
ACM SIGKDD international
conference on Knowledge discovery and data mining, 511-519,
New York, USA: Association
for Computing Machinery.
He, B., Patel, M., Zhang, Z., & Chang, K. C-C. (2007).
Accessing the deep Web.
45. Communications of the ACM, 50(5), 94-101.
Headquarters Department of the Army (1979). Psychological
Operations. Field Manual,
No. 33-1, Washington: U.S. Government printing office.
Kaushal, R., Saha, S., Bajaj, P., & Kumaraguru, P. (2016).
KidsTube: Detection,
characterization and analysis of child unsafe content &
promoters on YouTube. 14th Annual
Conference on Privacy, Security and Trust (PST), 157-164,
IEEE.
Krishnamurthy, B., & Wills, C. E. (2009). On the leakage of
personally identifiable
information via online social networks. Proceedings of the 2nd
ACM workshop on Online
social networks, 7-12, ACM.
Lin, Z., Tong, L., Zhijie, M., & Zhen, L. (2017). Research on
Cyber Crime Threats and
Countermeasures about Tor Anonymous Network Based on
Meek Confusion Plug-in.
International Conference on Robots & Intelligent System
(ICRIS), Vol. 1, 246-249,
doi:10.1109/icris.2017.69.
O’Gorman, G., & McDonald, G. (2012). Ransomware: A
Growing Menace, available
at:
http://www.symantec.com/content/en/us/enterprise/media/securi
ty_response/whitepapers/
ransomware-a-growing-menace.pdf, accessed on 17 September
2019.
Schawartau, W. (1997). What Exactly is Information Warfare? –
46. Part 2, Journal
Network Security, Issue 10, Amsterdam: Elsevier Science
Publishers.
Schneier, B. (2013). Carry On: Sound Advice from Schneier on
Security, New Jersey,
USA: John Wiley & Sons.
Sinisi, J. P. (2007). U.S. Patent No. 7,313,759, Washington,
DC: U.S. Patent and
Trademark Office.
197
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC
Soma, J. T., Courson, J. Z., & Cadkin, J. (2009). Corporate
Privacy Trend: The “Value”
of Personally Identifiable Information (“PII”) Equals the
“Value” of Financial Assets.
Richmond Journal of Law & Technology, Vol. 15, Issue 4, 11.
Stalder, F., & Hirsh, J. (2002). Open source intelligence. First
Monday, Vol. 7,
Issue 6, 1-8.
Symantec Corporation. (n.d.). What Are Cookies?, available at:
https:// us.norton.com/
internetsecurity-how-to-what-are-cookies.html, accessed on 07
July 2019.
Tauber, A. (n.d.). Welcome to searx, available at:
https://asciimoo.github.io/searx/,
accessed on 03 December 2018.
47. Tor Project. (n.d.). What is Tor Browser?, available at:
https://www.torproject.org/
projects/ torbrowser.html.en, accessed on 03 December 2018.
Wang, T., Cai, C., Nithyanand, R., Johnson, R., & Goldberg, I.
(2014). Effective
Attacks and Provable Defenses for Website Fingerprinting. The
Proceedings of the 23rd
USENIX Security Symposium, San Diego, CA.
Wang, P., Dawson, M., & Williams, K. L. (2018). Improving
Cyber Defense Education
through National Standard Alignment: Case Studies.
International Journal of
Hyperconnectivity and the Internet of Things (IJHIoT), Vol. 2,
Issue 1, 12-28.
Wichers, D. (2013). The Open Web Application Security Project
(OWASP)
Top10 -2013. OWASP Foundation.
198
Bereitgestellt von provisional account | Unauthentifiziert |
Heruntergeladen 05.02.20 03:53 UTC