Skip to main content Link Search Menu Expand Document (external link)
LIS 640

Week 2 Studio: Actors and Motivations

We are going to work in pairs to try to take apart a couple of cybersecurity cases and start looking at the people involved in these cybersecurity incidents.

For the assignment that was due today, you read about a specific cybersecurity incident that happened in the past in Wolff’s book. Find a partner that read about a different cybersecurity incident from that same book.

Your goal today is to start to take apart these two incidents and try to understand them from the persectives of the people involved. In particular, all of the incidents have 1) an attacker who was conducting the attack; 2) a defender who was attacked and failed to successfully defend against the attack; and 3) victims who were harmed by the attack. Your goal is to figure out who each of these people are, and then try to put yourself in the shoes of each of those people and think about how they might view the incident.

Describe the incident to your partner

Start by picking one of the incidents. Either one; it doesn’t matter which you do first. Just agree on it with your partner.

The person who read about the incident should start by describing what happened in the incident. It should be detailed, but not long. Give an overview of the incident – what happened, who did it, why they did it, etc.

Identify the actors

Next, work together to try to identify who is in each role.

  • Who was the attacker? (Name them, and provide any additional information such as where they live or who they work for)
  • Who was attacked? (Name them, and provide any additional information such as what they do)
  • Who was harmed? (Name them, or at least, identify the group of people that were harmed)

For each role, fill out the top of the Actors and Motivations worksheet. Put the name of the person or organization at the top, and any additional information right below that. And then indicate which role they play. You should have at least 2 worksheets (for attacker and defender), and probably a 3rd worksheet (if the victim is different than the defender).

As you work, think about the ecosystem of attackers. In addition to the main, named attacker, where there other people that were involved in making this happen? Did they ask someone else to get cash out of credit cards? Did they sell the information? etc. Add a sheet for each of these people also. You might not know their names; that’s OK. Fill out as much as you can.

Also, think about the ecosystem of defenders. In addition to the company / organization that was attacked, who else was involved in defense? Where there vendors or 3rd party companies that were supposed to be helping protect the target organizati n? For almost all attacks, you should consider at least two additional potential defenders: 1) law enforcement, and 2) US government involvement for international relations. Were either of these groups involved? If not, why did they choose to not get involved?

Identify the actions taken

Next, go through the chapter in the book, and try to write down a chronological list of actions taken related to this attack. Try to be as specific as you can.

It is OK if you feel like you don’t understand the technology involved, or the details of what happened. That is pretty normal, even for experts – no one fully understands all modern technologies. Instead, write down what you understand, and write down any/all details that you don’t understand as they were presented to you in the book.

Do this for all 3 of the actors involved. You’ll probably want to start with the attacker, as they are usually the one who starts the attack.

Think about how you want to do this work. Do you want to go through the chapter once with all three sheets in front of you and write down each action that happens on one of those sheets? Do you want to skim through the chapter three times, once for each actor, and only fill out actions for one actor at a time? Which is easier? Which allows you to get more of the details right?

Write down motivations.

Once you have finished writing down all of the actions, then go back and write down motivations. I recommend doing this one actor at a time.

Attacker

Start with the attacker. What is their motivation. You can probably write down a high-level motivation simply by looking at which section of the book this chapter is in – financial, espionage, or doxxing. But that’s just a start. Go into more detail about the motivation for that actor by reading the chapter carefully. Why did they do what they did? What were they really trying to accomplish? And what do we not know about their motivation? Do they have any additional, secondary motivations on top of their primary motivation?

As you do this, think about the actions. Are the actions they took consistent with the motivation(s) you list? For example, if you list them as wanting to make money, and they spent a bunch of time to steal embarassing information about someone, then that action isn’t consistent with the “make money” motivation. Why did they do that? Go through the actions you listed, and see if you are missing something, or if the motivations you’ve identified are sufficient to explain their actions.

Defender

Next, move to the defender. A good place to start is almost always “not get hacked”. But that’s not enough (obviously; they did get hacked!). Try to identify what other motivations they might have. Read the chapter carefully, and put yourself in their shoes. Are they trying to be seen as secure by the world? Are they trying to save money? Do they have political concerns? What is motivating the defenders to act they way they are?

Check the defender actions against the motivations you list also. Choosing to ignore evidence of an ongoing attack might be consistent with a “trying to save money” motivation. It also might be consistent with a “want to be seen as secure” motivation? Think about whether these actions are consistent with the motivations you’ve identified.

The defender didn’t successfully stop the attack. Do their motivations help explain why they were not able to prevent the attack? For some incidents, this might help explain it. For other incidents, it won’t. But it is worth thinking about.

Also, remember that while these book chapters are well researched and include almost all of the publicly available information about these incidents, they don’t include everything. There might be things that we don’t know.

Victim(s)

Finally, try to identify the motivations of the victims. This is probably the most difficult and uncertain set of motivations. Carefully look through the chapter, and see what you can figure out.

Let the instructor know

Once you are done filling out these three sheets (just the first sides), let the instructor know. He might ask you questions about your work, but mostly we are going to get together and discuss them as a group. No need to bother filling out the other side (2nd page).