1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 2
Deception
Cyber Attacks
Protecting National Infrastructure, 1st ed.
2
All rights Reserved
C
h
a
p
te
r 2
–
D
e

c
e
p
tio
n
Introduction
• Deception is deliberately misleading an adversary by
creating a system component that looks real but is in
reality a trap
– Sometimes called a honey pot
• Deception helps accomplish the following security
objectives
– Attention
– Energy
– Uncertainty
– Analysis
3
All rights Reserved
C
h
a
p

te
r 2
–
D
e
c
e
p
tio
n
• If adversaries are aware that perceived vulnerabilities
may, in fact, be a trap, deception may defuse actual
vulnerabilities that security mangers know nothing
about.
Introduction
4
Fig. 2.1 – Use of deception in
computing
All rights Reserved
C
h
a
p

te
r 2
–
D
e
c
e
p
tio
n
5
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p

tio
n
Introduction
• Four distinct attack stages:
– Scanning
– Discovery
– Exploitation
– Exposing
6
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e

p
tio
n
Fig. 2.2 – Stages of deception for
national infrastructure protection
7
• Adversary is scanning for exploitation points
– May include both online and offline scanning
• Deceptive design goal: Design an interface with the
following components
– Authorized services
– Real vulnerabilities
– Bogus vulnerabilities
• Data can be collected in real-time when adversary
attacks honey pot
All rights Reserved
C
h
a
p
te

r 2
–
D
e
c
e
p
tio
n
Scanning Stage
8
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p

tio
n
Fig. 2.3 – National asset service
interface with deception
9
• Deliberately inserting an open service port on an
Internet-facing server is the most straightforward
deceptive computing practice
• Adversaries face three views
– Valid open ports
– Inadvertently open ports
– Deliberately open ports connected to honey pots
• Must take care the real assets aren’t put at risk by
bogus ports
All rights Reserved
C
h
a
p
te

r 2
–
D
e
c
e
p
tio
n
Deliberately Open Ports
10
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p

tio
n
Fig. 2.4 – Use of deceptive bogus
ports to bogus assets
11
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Fig. 2.5 – Embedding a honey pot
server into a normal server complex

12
• The discovery stage is when an adversary finds and
accepts security bait embedded in the trap
• Make adversary believe real assets are bogus
– Sponsored research
– Published case studies
– Open solicitations
• Make adversary believe bogus assets are real
– Technique of duplication is often used for honey pot
design
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e

p
tio
n
Discovery Stage
13
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Fig. 2.6 – Duplication in honey pot
design

14
• Creation and special placement of deceptive
documents can be used to trick an adversary
(Especially useful for detecting a malicious insider)
– Only works when content is convincing and
– Protections appear real
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Deceptive Documents

15
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Fig. 2.7 – Planting a bogus document
in protected enclaves
16
• This stage is when an adversary exploits a discovered
vulnerability
– Early activity called low radar actions

– When detected called indications and warnings
• Key requirement: Any exploitation of a bogus asset
must not cause disclosure, integrity, theft, or
availability problems with any real asset
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Exploitation Stage
17
C
h

a
p
te
r 2
–
D
e
c
e
p
tio
n
Fig. 2.8 – Pre- and post-attack stages
at the exploitation stage
All rights Reserved
18
• Related issue: Intrusion detection and incident
response teams might be fooled into believing trap
functionality is real. False alarms can be avoided by
– Process coordination
– Trap isolation
– Back-end insiders

– Process allowance
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Exploitation Stage
19
• Understand adversary behavior by comparing it in
different environments.
• The procurement lifecycle is one of the most
underestimated components in national
infrastructure protection (from an attack

perspective)
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Procurement Tricks
20
All rights Reserved
C
h

a
p
te
r 2
–
D
e
c
e
p
tio
n
Fig. 2.9 – Using deception against
malicious suppliers
21
• The deception lifecycle ends with the adversary
exposing behavior to the deception operator
• Therefore, deception must allow a window for
observing that behavior
– Sufficient detail
– Hidden probes
– Real-time observation

All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Exposing Stage
22
All rights Reserved
C
h
a
p
te

r 2
–
D
e
c
e
p
tio
n
Fig. 2.10 – Adversary exposing stage
during deception
23
Interfaces Between
Humans and Computers
• Gathering of forensic evidence relies on
understanding how systems, protocols, and services
interact
– Human-to-human
– Human-to-computer
– Computer-to-human
– Computer-to-computer
• Real-time forensic analysis not possible for every
scenario

All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
24
All rights Reserved
C
h
a
p
te

r 2
–
D
e
c
e
p
tio
n
Fig. 2.11 – Deceptively exploiting the
human-to-human interface
25
• Programs for national deception would be better
designed based on the following assumptions:
– Selective infrastructure use
– Sharing of results and insights
– Reuse of tools and methods
• An objection to deception that remains is that it is
not effective against botnet attacks
– Though a tarpit might degrade the effectiveness of a
botnet
All rights Reserved

C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
National Deception Program
Financial Accounting and Reporting
Section 1: Statement of Cash Flows
Harnish Decorators provides the Statement of Operations,
Statement of Financial Position and Statement of Shareholders’
Equity and footnote information for use in preparing its 2012
statement of cash flows.
REQUIRED: Prepare an indirect statement of cash flows for
2012. Identify non-cash transactions. Cash paid for interest and
income taxes are not necessary
Footnote Information:

· FIXED ASSETS During 2012, Harnish had no asset purchases
or sales.
Carrying Value
2012
2011
Property Plant, and Equipment, at cost
$4,880
$4,880
Accumulated Depreciation
$3,150
$3,105
Property, Plant and Equipment, Net
$1,730
$1,775
· INVESTMENTS Harnish holds securities designated as trading
securities and as available-for-sale securities. All securities are
reported at their fair-market-values, in accordance with GAAP.
During 2012, Harnish purchased addition available-for-sale
securities with excess cash.
· DEBT AND LEASES On June 30, 2012 Harnish repaid all of
the outstanding installment notes, incurring a pre-payment
penalty of $18. Harnish issued $300 of 3% bonds due in 2020
at par to replace the financing provided by the installment note.
No other bonds were issued or retired during 2012.
Also during 2012, Harnish leased a new warehouse under a
capital lease and a new steamer under an operating lease. The
minimum lease payments for the capital lease totaled $125. The
operating lease payments totaled $45 for 2012. Operating lease
expense is included in selling costs on the income statement.
Face Value

Carrying Value
2012
2011
6% Installment Note
$0
$425
3% Bond due in 2020
$300
$300
5% Bond due in 2018
$500
$501
$503
Total Debt
$801
$928
Capital Lease Liability
$545
$450
Total Debt and Lease Liability
$1,346
$1,378
Current Portion
($46)
($177)
Total Long-term Debt and Lease Liability
$1,300
$1,201

· PENSIONS Harnish provides a defined-benefit pension plan
for its employees. During 2012, Harnish increased cash
contributions to reduce underfunding.
Pension
2012
2011
Benefit Obligation
Beginning Balance
$ 1,230
$1,125
Service Cost
$ 142
$140
Interest Cost
$66
$ 65
Benefits Paid
$ (120)
$ (100)
Ending Balance
$ 1,318
$1,230
Plan Assets
Beginning Balance
$ 430
$330
Actual Return

$ (15)
$ 60
Contributions
$ 203
$140
Benefits Paid
$ (120)
$ (100)
Ending Balance
$ 498
$430
Net Pension Asset
$ (820)
$ (800)
Net Accumulated Other Comprehensive Income
Prior Service Costs
$ -
$ -
Net Pension Gains & (losses)
$ (58)
$ -
2012
2011
Pension Expense

Service Cost
$ 142
$140
Interest Cost
$66
$ 65
Expected Return
$ (43)
$(33)
Pension Expense
$ 165
$172
· SHAREHOLDERS EQUITY During 2012, Harnish preferred
shareholders converted all shares of preferred stock to common
stock. During 2012, Harnish awarded its founder stock options
with a value of $18. The stock options vest over three years.
Harnish Designs
Income Statement
2012
Sales Revenue
973
Wage Expense
(320)
Selling General and Administrative Expenses
(120)
Depreciation Expense
(85)
Income from Operations

448
Interest Expense
(60)
Loss on early repayment of installment note
(18)
Loss on investment in trading securities
(20)
Pretax Income
350
Income Tax Expense
(100)
Net Income
250
Harnish Statement of Shareholders’ Equity for 2012
PS
CS
APIC
TS
RE
AOCI
Total
December 31, 2011 Balance
$ 200
$ 45
$ 320
$ (12)
$349
$ (8)
$694

Net Income
$250
$250
Pension gains and (losses)
$ (58)
$ (58)
Unrealized loss on available-for-sale securities
$ (8)
$(8)
Conversion of preferred stock
$ 100
$ 5
$ 95
$100
Employee compensation
$6

$ 6
Purchase of Treasury Stock
$ (11)
$ (11)
Cash Dividend
$ (64)
$ (64)
December 31, 2012 Balance
$ 300
$ 50
$ 421
$ (23)
$535
$ (74)
$909
Harnish Design
Balance Sheet
2012

2011
Change
Cash
$77
$114
-37
Investments - Trading Securities
$16
$36
-20
Investments - Available-for-Sale
$800
$695
105
Total Current Assets
$893
$845
48
Property, Plant and Equipment, net
$1,730
$1,775
-45
Capital Lease Assets
$550
$465
85
Deferred Tax Asset
$133
$81
52
Total Assets
$3,306

$3,166
140
Accounts Payable
$76
$56
20
Deferred Revenue
$18
$14
4
Dividends Payable
$1
$3
-2
Deferred Tax Liability
$36
$21
15
Current portion of Long-term Debt
$1
$127
-126
Current portion of Capital Lease Liability
$45
$50
-5
Total Current Liabilities
$177
$271
-94

Long-term Debt
$800
$801
-1
Capital Lease Liability
$500
$400
100
Net Pension Liability
$820
$800
20
Total Liabilities
$2,297
$2,272
25
Preferred Stock
$100
$200
-100
Common Stock
$50
$45
5
Additional Paid in Capital
$421
$320
101
Treasury Stock
-$23

-$12
-11
Retained Earnings
$535
$349
186
Accumulated Other Comprehensive Income (Loss)
-$74
-$8
-66
Total Shareholders’ Equity
$1,009
$894
115
Total Liabilities and Shareholders’ Equity
$3,306
$3,166
140
Section II Bond Amortization Tables (select the appropriate
table)
A.
FV
$3,000,000.00

Payment
$150,000.00
Int. Rate for period
6%
Number of Periods
5
Present Value
$2,873,629.09
End of period
Cash Payment
Interest Expense
Principal
Carrying Value
2,873,629.09
12/31/2011
150,000.00
172,417.75
(22,417.75)
2,896,046.83
12/31/2012

150,000.00
173,762.81
(23,762.81)
2,919,809.64
12/31/2013
150,000.00
175,188.58
(25,188.58)
2,944,998.22
12/31/2014
150,000.00
176,699.89
(26,699.89)
2,971,698.11
B.
FV
$3,000,000.00
Payment
$75,000.00
3%

Number of Periods
10
Present Value
$2,872,046.96
End of period
Cash Payment
Interest Expense
Principal
Carrying Value
2,872,046.96
6/30/2011
75,000.00
86,161.41
(11,161.41)
2,883,208.37
12/31/2011
75,000.00
86,496.25
(11,496.25)
2,894,704.62
6/30/2012
75,000.00
86,841.14

(11,841.14)
2,906,545.76
12/31/2012
75,000.00
87,196.37
(12,196.37)
2,918,742.13
C.
FV
$3,000,000.00
Payment
$90,000.00
2.5%
Number of Periods
10

Present Value
$3,131,280.96
End of period
Cash Payment
Interest Expense
Principal
Carrying Value
3,131,280.96
6/30/2011
90,000.00
78,282.02
11,717.98
3,119,562.98
12/31/2011
90,000.00
77,989.07
12,010.93
3,107,552.06
6/30/2012
90,000.00
77,688.80
12,311.20
3,095,240.86
12/31/2012
90,000.00
77,381.02
12,618.98

3,082,621.88
D.
FV
$3,000,000.00
Payment
$150,000.00
6%
Number of Periods
10
Present Value
$2,779,197.39

End of period
Cash Payment
Interest Expense
Principal
Carrying Value
2,779,197.39
6/30/2011
150,000.00
166,751.84
(16,751.84)
2,795,949.23
12/31/2011
150,000.00
167,756.95
(17,756.95)
2,813,706.19
6/30/2012
150,000.00
168,822.37
(18,822.37)
2,832,528.56
12/31/2012
150,000.00
169,951.71
(19,951.71)
2,852,480.27
1

3
Section 2: Equity Problems
Question 1: Mentzer Health Care, Incorporated is a hospital
management firm. Mentzer reports the following on December
31, 2011.
Common Stock: $1 par, 3 million shares authorized, 500
thousand shares issued and outstanding
$ 500,000
Additional Paid in Capital
4,000,000
Retained Earnings
1,246,000
Accumulated Other Comprehensive Income
2,100
Total Stockholders’ Equity
5,748,100
REQUIRED: Prepare the journal entries needed in 2012 to
account for the following transactions
On February 1, 2012, Mentzer repurchased 10,000 shares of
common stock for $18.00 per share. The shares were originally
issued for $9. Mentzer accounts for the shares as retired
common stock.
1. On May 1, 2012 Mentzer issued 200,000 of $1 par common
stock to the public throughan initial public offering. Shares
sold for $25 each. The underwriting firm withheld $135,000 to
cover issue costs.
2. Also on May 1, 2012, Mentzer issued 10,000 shares of $1 par
common stock to Nursing Associates, in exchange for title to
office space in their facility. The space was appraised for
$275,000.
3. On June 30, 2012 Mentzer’s bond holders converted 3,000
bonds to common stock. The 5% bonds were issued on January

1, 2011 and pay interest semi-annually on June 30th and
December 31st. The bonds mature on December 31, 2015. The
market rate at the time the bonds were issued was 6%. Each
bond converts to 50 shares of common stock. The market price
of common stock on June 30, 2012 is $28 per share. (See the
bond tables in the cover section)
4. On September 1, 2012, Mentzer reissued the 10,000 shares
repurchased in February for $30 per share.
5. On December 1, 2012, Mentzer declares a $1.00 per share
common stock dividend, payable on January 5, 2013 to
shareholders of record on December 13, 2012.
6. On December 31, 2012 Mentzer determine that the value of a
put option tied to the NYSE health-care index has declined in
value from $2.10 per contract on December 31, 2011 to $1.85
per contract. Mentzer purchased 1,000 contracts in 2011 and
designated them as a cash-flow hedge against changes in
reimbursements in 2013. The options expire in 2013.
Question 2: Slade Manufacturing Reports the following
information for 2012.
REQUIRED: Compute Basic and Diluted Earnings per share.
Slade had the following transactions related to common stock
during 2012
· On January 1, 2012 Slade had 1,000,000 share of common
stock issued and 165,000 shares in treasury.
· On March 1, 2012 Slade issued 250,000 shares of common
stock for $68 per share
· On April 1, 2012 Slade declared a 150% stock dividend.
· On May 1, 2012, Slade repurchased 750,000 shares of common
stock for $28 per share
· On December 1, 2012 Slade declared a $0.50 cash dividend
payable on December 29, 2012.
For 2012, Slade had Net Income of $3,500,000 and paid cash

dividends on the convertible preferred stock of $1,100,000 and
cash dividends on common stock of $981,250. Interest Expense
on debt totaled $790,000.
Slade also had the following potentially dilutive securities.
Assume the tax rate is 35%.
· 500,000 shares of preferred stock outstanding that are each
convertible to 3 shares of common stock at the option of the
shareholders.
· The firm has 8,000,000 stock options issued. At the end of the
year, the average stock price was $30.
· 5,000,000 options allow the holder to purchase a share of
common stock for $32.
· 3,000,000 options allow the holder to purchase a share of
common stock for $12.
Section 3: Review Problems
GRADE Part 1: PROBLEM 1 Part 2:
PROBLEM 2
Part 1, Problem 1 Michelle’s Bridal Emporium misses both 2012
interest payments on the company’s $1,000,000 outstanding
10% bonds, due to a cash crunch. The semi-annual interest
payments were scheduled for June 30th and December 31st. On
December 31, 2012, bond holders agree to modify the terms of
the bond as follows: 1) Interest for 2012 is forgiven. 2)

Beginning on December 31, 2013 will make four equal, annual
payments of $240,000 in settlement of the debt.
Required:
1. Assuming the bond was originally sold at par, give any
journal entries necessary for Michelle’s Bridal to account for
the debt restructuring on December 31, 2012. (4 points)
2. Indicate the interest rate the lender will use to calculate and
record interest expense in 2013 following the debt restructuring.
(4 points)
Part 1, Problem 2:
On December 31, 2011 Food Truck Corp leases a food truck to
Rosa’s Mexican Food. Food Truck agrees lease the vehicle for
four years, with the payment schedule below. Present values
are also shown. Assume Food Truck Corp. purchased the leased
vehicle for $7,811.48. December 31 fiscal-year-end:
Date
Payment
Present Value
(Rate=6%)
12/31/2011
$ -
$0.00
12/31/2012
$ 1,000.00
$943.40
12/31/2013
$ 3,000.00
$2,669.99
12/31/2014
$ 5,000.00
$4,198.10
Total
$ (9,000.00)
$7,811.48

1. Assuming the lease is properly classified as an operating
lease determine the following for the lessee, Food Tuck Corp.
(2 points each):
a. Net effect on 2012 cash flow from operations (direction and
amount)
b. Net effect on 2012 pretax income (direction and amount).
2. Assuming the lease is properly classified as a capital lease,
determine the following (2 points each):
a. Net effect on 2012 cash flow from operations (direction and
amount)
b. Net effect on 2012 pretax income (direction and amount).
Part 2:
GRADE Part 2: PROBLEM 1 Part 2: PROBLEM 2
Part 2, Problem 1Required: Using the financial statements and
footnotes for the cash flow problem in section 1:
1. Compute cash paid for income taxes.
Part 2, Problem 2
Required: Decker Corporation is defending against a lawsuit
and believes the likelihood of losing is only slightly more than
50%. If they lose, the expected range of loss is between $2

million and $10 million. Determine the total liability Decker
would record under the following assumptions:
1. Decker follows U.S. GAAP.
2. Decker follows IFRS.
Part 3
Part 2: PROBLEM 1 Part 2: PROBLEM 2
Part 3, Problem 1 Russell Interiors recorded a contingent
liability of $80 in 2011. For tax purposes the firm cannot
deduct the expense until it is paid in cash. In 2011 Russell
recorded a deferred tax asset of $28. In 2013, legislators and
the president agree on a tax bill and lower the statutory
corporate tax rate to 25%.
Required: Assuming the lawsuit remains unsettled, determine
the effect of the rate change on the following:
1. Net Income for 2013
2. Cash flow from operations for 2013
Part 3, Problem 2 Russell Interiors claimed a tax credit for
research in 2010. Because there was uncertainty about whether
paint samples were considered research, Russell Interiors
recorded an unrecognized tax benefit of $64, which increased
tax expense. Following an audit in 2013, Russell paid $48 in
income tax to settle the IRS claim.
Required: Determine the effect on the following:
1. Net Income for 2013
2. Cash flow from operations for 2013

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Recommended

Recommended

More Related Content

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx (20)

More from hyacinthshackley2629

More from hyacinthshackley2629 (20)

Recently uploaded

Recently uploaded (20)

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx