Our Students Papers

Elif Su Calisir - Hacktivism vs. Cyberterrorism - September 2022

In parallel with the increased accessibility to technologies, crimes committed via information systems are also emerged and increasing with recursive interactions of communications technologies with their associated societal processes. Cybercrime is a type of crime that targets the security of an information system and/or its data and/or its user and is committed by using the information system. The cyber world, hosts these new problems, crimes, and actions as they are in the physical world. The aim of this study is to focus on issues of definitions from the cyber world that are often confused with each other such as cyberterrorism and hacktivism by interpreting them based on different layers of the cyber world, and to reinforce the difference of these definitions by giving examples of the definitions put into practice. The focus will be on the concepts of cyberspace, cybercrime, cyberterrorism, online activism, hacktivism and and finally the differences will be discussed. The important point to be noted is that the structure of the actions should be the determining factor, and no matter how the group defines itself or how it is defined by others, it is the structure that will give the real identity of the action.

Artem Semykin - Deepfake Goes Politics: How the Artificial Intelligence Can Influence the Civil Society? - September 2022

New digital technologies make it increasingly difficult to distinguish real media from fake ones. One of the recent developments describing this problem is the appearance of defects that are hyperrealistic videos created with the use of artificial intelligence (AI). It is used to combine and overlay existing images and videos onto original images or videos using a machine learning technique called a "generative-adversarial network" (GAN). The combination of the existing and the original video leads to a fake video that shows a person or people performing an action that has never actually happened. Combined with the reach and speed of social media, plausible deepfakes can quickly reach millions of views from people and have a negative impact on the whole society. The use of deepfakes in such sphere as politics (especially during the war events or elections) can lead to unwanted and unexpected consequences. This article provides a comprehensive overview of deepfakes and their spread into the politics in recent days and suggests possible ways to detect fake videos in order to save stability and consciousness of society. Artificial Intelligence (AI) is the cause of the problem, but the problem can not be solved fully only from the technical point of view. The more useful and preventive decision should be found in cross-sectoral spheres: education, civil society, public policy.

Lucille Van Vooren - (Dis)information Warfare: Why Disinformation is able to Prosper and how to Fight it - July 2022

In the 21st century, the familiar form of warfare, inflicting physical damage to opposing forces and infrastructure, has made room for a new and less visible form of attack. The use of cyberweapons has taken on a central role in modern warfare where nations increasingly launch non-lethal attacks on enemy information systems. We are witnessing the rise of an information warfare in cyberspace. Disinformation is central to the arsenal of current information warfare. Social networks tremendously increased the potency of disinformation and its manipulative power. In result, disinformation is being transmitted at an unprecedented pace, safeguarding nobody from any potential influence of the attacker. Our world is dominated by a flow of disinformation, with social networks being the main culprits of proliferation. Paradoxically, disinformation can be considered the most visible, yet invisible method of attack. Its ubiquity is precisely what makes it so hard to recognize. In consequence, disinformation attacks have been able to perpetrate every sphere of society and cause damage and polarization among citizens. Our democracy is succumbing to the current information warfare, with the citizens as the main victims. As the saying goes: a team is only as strong as its weakest link. This is not different in the context of the current information war. Therefore it is essential to arm the people themselves in order to stand firm against disinformation.

Valeriia Lymishchenko - How to Not Get Away with Cybercrime? The Techniques and Challenges of Cybercrime Investigation - June 2022

The active development of the informational technologies in the recent years leads not only to new opportunities, but also to new challenges. In the issue of informatization of society and the state, one of the main problems is cybercrime. In 2021, according to the data of the Federal Bureau of Investigation, only in the United States of America were registered 847,376 cybercrimes, which became an unprecedented increase of the cybercrimes the world ever encountered with. In comparison, in 2019, the number of committed cybercrimes were approximately 460,000. In 2021 if the damage from the cybercrime was measured as a country, then it will be totaling $6 trillion USD - would be the world’s third-largest economy after the U.S. and China. All this make a cybercrime one of the most dangerous threats in the modern world.

Alessandro Pigoni - The Harder they Fall: A Multilevel Analysis of the Kaseya Supply Chain Ransomware Attack - September 2021

The digitalized world represents a perfect case of modern Goliath. A deeply interconnected system that lays itself open to an ever-increasing number of vulnerabilities that can be exploited with criminal intents. Within the mare magnum of malicious software used in the cyber domain, the category of ransomware has gained a singular interest among cybercriminals. This contribution is going to give an account of the recent spike in ransomware attacks targeting supply chains by presenting a multilevel analysis of the Kaseya VSA attack which embodies the quintessence of the current cyber-threat landscape. Based on these findings, the research is going to formulate guidelines as regards strategic measures to be taken at the national level so as to ensure the preparedness of a countrywide system for similar forthcoming threats. With reference to the Italian case, this paper is going to address the establishment of the National Cybersecurity Agency to assess whether this could represent the first step towards the right direction of lowering the overall domestic vulnerability to supply chain attacks.

Tangui Reltgen- At the Dawn of a Post-truth Era: The threat of Deepfakes on our Democratic Societies - September 2021

Even though there is now a relative awareness concerning the spread of fake news, there is a much stronger vulnerability towards fake images or video clips, because people tend to trust those types of information more. Indeed, a new technology of image modification is rapidly emerging and has a major disinformation potential due to its accessibility and its credibility. This new technology was named “deepfake”, a contraction between “deep learning'' and “fake”. The first paper dealing with deepfake technology was published in 2016, but it wasn't until the end of 2017 that deepfakes became widespread and raised public awareness after Reddit users used the deepfake technology to put faces of famous actresses on pornographic videos. Since then, deepfakes have been more realistic and easy to generate, with applications such as FaceApp or FakeApp, and open source softwares like TensorFlow and Keras. The progresses made by neural networks are posing a real challenge due to the impossibility of determining if a video is falsified, therefore creating a strong threat to our democracies. In this paper, we will first focus on the technical aspect of deepfakes and on the solutions we have to detect them. We will then propose a framework to study the impact of deepfakes as a disinformation tool by modeling the diffusion of a deepfake video in a social network, using graph theory. We will finally underline the dangers of deepfakes by examining different scenarios in which the deepfake technology is used as a weapon against a country or a company.

Giulia Antonini - Analysis of the 2019 Ransomeware attack at the Maastricht University - 2020/2021

One of the latest victims of a serious ransomware attack is the University of Maastricht, that in December 2019 had to pay 30 bitcoins, which at that moment equalled to 220,000 American dollars, to restore its database. I decided to analyse this case study because it highlights, first of all, which are the most common mistakes in the planning of a business recovery plan and, in general, in the prevention of cyberattacks, but also the fact that Universities have become one of the primary targets for cybercriminals.

Irene Parodi - Autonomous Weapon Systems and Ethical Issues. A Focus on Targeted Killings - February 2021

Artificial Intelligence (AI) is a new technology with many applications. Its development would eventually change the world technologies in all domains. The military field is highly interested in implementing AI technology. Machines’ ability to operate autonomously would develop a new way of using weapon systems. However, there are huge uncertainties about the increment of autonomy of weapon systems. Governments are trying to regulate it. Unmanned Aerial Vehicles (UAVs) – armed drones that are capable of conducting an operation completely autonomously – are quite discussed. They have multiple ethical and moral implications with regards to the International Humanitarian Law (IHL).

Lorenzo Visaggio - Hacking the infrastructure Cyber-attack, Physical Damage - 2020

The aim of this paper is to investigate cyber-attacks that target industrial control systems. In the first section, the focus will be made on CIs security: an overview of the most relevant actors and the judicial framework. Then, the most serious attacks perpetrated against industries/infrastructures so far will follow to highlight the leitmotivs of a cyber-attack of this kind. Moving to the cyber layer, the second part of the paper describes Industrial Control Systems: how they work, their communication and control protocols and specifically their intrinsic vulnerabilities. In the final section a basic penetration test on a virtual lab is conducted to underline the typical modus operandi of a cyber-attack that targets ICSs. The conclusion provides a sum-up while the greatest security challenges are underlined.

Martina Gambacorta - Understanding the Huawei case: a cybersecurity challenge? - September 2020

5G introduces new important challenges for cybersecurity, due to the increased vulnerabilities. The suspicion on Huawei of being China-backed has driven many nations to implement specific measures in order to protect their 5G network infrastructures. While considering this frame, it is argued that the Huawei case has been largely debated for strategic concerns, but not for technical ones. Specifically, three of the Five Eyes Intelligence—US, Australia and UK—have opted for banning Huawei from the country’s 5G infrastructure. In the case of the US-China trade-war reasons seem to be strongly political and commercial. Australia is mainly driven by geopolitical concerns, due to the fear of China’s presence in the Pacific area. The UK initial position was merely commercial, until the Government shifted from considering Huawei potential risks as mitigable, to respond to the US pressure on its allies and replicate the US ban on Huawei. With regard to the EU, the Toolbox of risk-mitigating measures proposes a softened approach that has merits, being able to bring together geopolitical, commercial and national security concerns. EU Member States—and some non-EU countries— should decisively pursue the measures suggested and break a standoff that resembles that of a Cold War between the US and China.

Benedetta Simonini - Cryptography and Data Security: From Cryptographic Techniques to Data Protection - July 2020

By means of this paper, the cryptographic techniques that are relevant for data securitization will be technically analyzed. Moreover, it will be shown that even though these techniques are strong, they present some vulnerabilities to cyber-attacks and they would need to be improved. Thus, after having explained the role of cryptography for data security, I will expose this science in relation to the General Data Protection Regulation, or GDPR.
Therefore, the first section analyzes the relevance of cryptography for data security. The second section examines the broad varieties of cryptographic techniques based on symmetric and asymmetric key encryption algorithms. It is relevant to analyze these techniques from a technical point of view to understand how to implement them to secure data. Then, given the relevance of the topic for several organizations, in the third part, the paper analyzes the pros and cons of encryption at the organizational level. Finally, the last section focuses on data protection with regard to the GDPR for cryptography.