1Copyright__2012_Elsevier_IncAll_Rights_ReservedChapter

Chapter 2

Deception

Cyber Attacks Protecting National Infrastructure, 1st ed.

C h a p te

r 2 –

D e c e p tio

Introduction

• Deception is deliberately misleading an adversary by creating a system component that looks real but is in reality a trap – Sometimes called a honey pot

• Deception helps accomplish the following security objectives – Attention

– Energy

– Uncertainty

– Analysis

C h a p te

r 2 –

D e c e p tio

• If adversaries are aware that perceived vulnerabilities may, in fact, be a trap, deception may defuse actual vulnerabilities that security mangers know nothing about.

Introduction

Fig. 2.1 – Use of deception in computing

C h a p te

r 2 –

D e c e p tio

C h a p te

r 2 –

D e c e p tio

Introduction

• Four distinct attack stages: – Scanning

– Discovery

– Exploitation

– Exposing

C h a p te

r 2 –

D e c e p tio

Fig. 2.2 – Stages of deception for national infrastructure protection

• Adversary is scanning for exploitation points – May include both online and offline scanning

• Deceptive design goal: Design an interface with the following components – Authorized services

– Real vulnerabilities

– Bogus vulnerabilities

• Data can be collected in real-time when adversary attacks honey pot

C h a p te

r 2 –

D e c e p tio

Scanning Stage

C h a p te

r 2 –

D e c e p tio

Fig. 2.3 – National asset service interface with deception

• Deliberately inserting an open service port on an Internet-facing server is the most straightforward deceptive computing practice

• Adversaries face three views

– Valid open ports

– Inadvertently open ports

– Deliberately open ports connected to honey pots

• Must take care the real assets aren’t put at risk by bogus ports

C h a p te

r 2 –

D e c e p tio

Deliberately Open Ports

C h a p te

r 2 –

D e c e p tio

Fig. 2.4 – Use of deceptive bogus ports to bogus assets

C h a p te

r 2 –

D e c e p tio

Fig. 2.5 – Embedding a honey pot server into a normal server complex

• The discovery stage is when an adversary finds and accepts security bait embedded in the trap

• Make adversary believe real assets are bogus – Sponsored research

– Published case studies

– Open solicitations

• Make adversary believe bogus assets are real – Technique of duplication is often used for honey pot

design

C h a p te

r 2 –

D e c e p tio

Discovery Stage

C h a p te

r 2 –

D e c e p tio

Fig. 2.6 – Duplication in honey pot design

• Creation and special placement of deceptive documents can be used to trick an adversary (Especially useful for detecting a malicious insider) – Only works when content is convincing and

– Protections appear real

C h a p te

r 2 –

D e c e p tio

Deceptive Documents

C h a p te

r 2 –

D e c e p tio

Fig. 2.7 – Planting a bogus document in protected enclaves

• This stage is when an adversary exploits a discovered vulnerability – Early activity called low radar actions

– When detected called indications and warnings

• Key requirement: Any exploitation of a bogus asset must not cause disclosure, integrity, theft, or availability problems with any real asset

C h a p te

r 2 –

D e c e p tio

Exploitation Stage

C h a p te

r 2 –

D e c e p tio

Fig. 2.8 – Pre- and post-attack stages at the exploitation stage

• Related issue: Intrusion detection and incident response teams might be fooled into believing trap functionality is real. False alarms can be avoided by – Process coordination

– Trap isolation

– Back-end insiders

– Process allowance

C h a p te

r 2 –

D e c e p tio

Exploitation Stage

• Understand adversary behavior by comparing it in different environments.

• The procurement lifecycle is one of the most underestimated components in national infrastructure protection (from an attack perspective)

C h a p te

r 2 –

D e c e p tio

Procurement Tricks

C h a p te

r 2 –

D e c e p tio

Fig. 2.9 – Using deception against malicious suppliers

• The deception lifecycle ends with the adversary exposing behavior to the deception operator

• Therefore, deception must allow a window for observing that behavior – Sufficient detail

– Hidden probes

– Real-time observation

C h a p te

r 2 –

D e c e p tio

Exposing Stage

C h a p te

r 2 –

D e c e p tio

Fig. 2.10 – Adversary exposing stage during deception

Interfaces Between Humans and Computers

• Gathering of forensic evidence relies on understanding how systems, protocols, and services interact – Human-to-human

– Human-to-computer

– Computer-to-human

– Computer-to-computer

• Real-time forensic analysis not possible for every scenario

C h a p te

r 2 –

D e c e p tio

C h a p te

r 2 –

D e c e p tio

Fig. 2.11 – Deceptively exploiting the human-to-human interface

• Programs for national deception would be better designed based on the following assumptions: – Selective infrastructure use

– Sharing of results and insights

– Reuse of tools and methods

• An objection to deception that remains is that it is not effective against botnet attacks – Though a tarpit might degrade the effectiveness of a

botnet

C h a p te

r 2 –

D e c e p tio

National Deception Program

Financial Accounting and Reporting

Section 1: Statement of Cash Flows

Harnish Decorators provides the Statement of Operations, Statement of Financial Position and Statement of Shareholders’ Equity and footnote information for use in preparing its 2012 statement of cash flows.

REQUIRED: Prepare an indirect statement of cash flows for 2012. Identify non-cash transactions. Cash paid for interest and income taxes are not necessary

Footnote Information:

· FIXED ASSETS During 2012, Harnish had no asset purchases or sales.

	Carrying Value
	2012	2011
Property Plant, and Equipment, at cost	$4,880	$4,880
Accumulated Depreciation	$3,150	$3,105
Property, Plant and Equipment, Net	$1,730	$1,775

· INVESTMENTS Harnish holds securities designated as trading securities and as available-for-sale securities. All securities are reported at their fair-market-values, in accordance with GAAP. During 2012, Harnish purchased addition available-for-sale securities with excess cash.

· DEBT AND LEASES On June 30, 2012 Harnish repaid all of the outstanding installment notes, incurring a pre-payment penalty of $18. Harnish issued $300 of 3% bonds due in 2020 at par to replace the financing provided by the installment note. No other bonds were issued or retired during 2012.

Also during 2012, Harnish leased a new warehouse under a capital lease and a new steamer under an operating lease. The minimum lease payments for the capital lease totaled $125. The operating lease payments totaled $45 for 2012. Operating lease expense is included in selling costs on the income statement.

	Face Value	Carrying Value
		2012	2011
6% Installment Note		$0	$425
3% Bond due in 2020	$300	$300
5% Bond due in 2018	$500	$501	$503
Total Debt		$801	$928
Capital Lease Liability		$545	$450
Total Debt and Lease Liability	$1,346	$1,378
Current Portion		($46)	($177)
Total Long-term Debt and Lease Liability	$1,300	$1,201

· PENSIONS Harnish provides a defined-benefit pension plan for its employees. During 2012, Harnish increased cash contributions to reduce underfunding.

	Pension
	2012	2011
Benefit Obligation
Beginning Balance	$ 1,230	$1,125
Service Cost	$ 142	$140
Interest Cost	$66	$ 65
Benefits Paid	$ (120)	$ (100)
Ending Balance	$ 1,318	$1,230

Plan Assets
Beginning Balance	$ 430	$330
Actual Return	$ (15)	$ 60
Contributions	$ 203	$140
Benefits Paid	$ (120)	$ (100)
Ending Balance	$ 498	$430

Net Pension Asset	$ (820)	$ (800)

Net Accumulated Other Comprehensive Income
Prior Service Costs	$ -	$ -
Net Pension Gains & (losses)	$ (58)	$ -

	2012	2011
Pension Expense
Service Cost	$ 142	$140
Interest Cost	$66	$ 65
Expected Return	$ (43)	$(33)
Pension Expense	$ 165	$172

· SHAREHOLDERS EQUITY During 2012, Harnish preferred shareholders converted all shares of preferred stock to common stock. During 2012, Harnish awarded its founder stock options with a value of $18. The stock options vest over three years.

Harnish Designs Income Statement
	2012
Sales Revenue	973

Wage Expense	(320)
Selling General and Administrative Expenses	(120)
Depreciation Expense	(85)

Income from Operations	448

Interest Expense	(60)
Loss on early repayment of installment note	(18)
Loss on investment in trading securities	(20)

Pretax Income	350
Income Tax Expense	(100)
Net Income	250

Harnish Statement of Shareholders’ Equity for 2012
	PS	CS	APIC	TS	RE	AOCI	Total
December 31, 2011 Balance	$ 200	$ 45	$ 320	$ (12)	$349	$ (8)	$694
Net Income					$250		$250
Pension gains and (losses)						$ (58)	$ (58)
Unrealized loss on available-for-sale securities						$ (8)	$(8)
Conversion of preferred stock	$ 100	$ 5	$ 95				$100
Employee compensation			$6				$ 6
Purchase of Treasury Stock				$ (11)			$ (11)
Cash Dividend					$ (64)		$ (64)
December 31, 2012 Balance	$ 300	$ 50	$ 421	$ (23)	$535	$ (74)	$909

Harnish Design Balance Sheet
	2012	2011	Change
Cash	$77	$114	-37
Investments - Trading Securities	$16	$36	-20
Investments - Available-for-Sale	$800	$695	105
Total Current Assets	$893	$845	48

Property, Plant and Equipment, net	$1,730	$1,775	-45
Capital Lease Assets	$550	$465	85
Deferred Tax Asset	$133	$81	52
Total Assets	$3,306	$3,166	140

Accounts Payable	$76	$56	20
Deferred Revenue	$18	$14	4
Dividends Payable	$1	$3	-2
Deferred Tax Liability	$36	$21	15
Current portion of Long-term Debt	$1	$127	-126
Current portion of Capital Lease Liability	$45	$50	-5
Total Current Liabilities	$177	$271	-94

Long-term Debt	$800	$801	-1
Capital Lease Liability	$500	$400	100
Net Pension Liability	$820	$800	20
Total Liabilities	$2,297	$2,272	25

Preferred Stock	$100	$200	-100
Common Stock	$50	$45	5
Additional Paid in Capital	$421	$320	101
Treasury Stock	-$23	-$12	-11
Retained Earnings	$535	$349	186
Accumulated Other Comprehensive Income (Loss)	-$74	-$8	-66
Total Shareholders’ Equity	$1,009	$894	115

Total Liabilities and Shareholders’ Equity	$3,306	$3,166	140

Section II Bond Amortization Tables (select the appropriate table)

A.
FV	$3,000,000.00
Payment	$150,000.00
Int. Rate for period	6%
Number of Periods	5
Present Value	$2,873,629.09
End of period	Cash Payment	Interest Expense	Principal	Carrying Value
				2,873,629.09
12/31/2011	150,000.00	172,417.75	(22,417.75)	2,896,046.83
12/31/2012	150,000.00	173,762.81	(23,762.81)	2,919,809.64
12/31/2013	150,000.00	175,188.58	(25,188.58)	2,944,998.22
12/31/2014	150,000.00	176,699.89	(26,699.89)	2,971,698.11

B.
FV	$3,000,000.00
Payment	$75,000.00
Int. Rate for period	3%
Number of Periods	10
Present Value	$2,872,046.96
End of period	Cash Payment	Interest Expense	Principal	Carrying Value
				2,872,046.96
6/30/2011	75,000.00	86,161.41	(11,161.41)	2,883,208.37
12/31/2011	75,000.00	86,496.25	(11,496.25)	2,894,704.62
6/30/2012	75,000.00	86,841.14	(11,841.14)	2,906,545.76
12/31/2012	75,000.00	87,196.37	(12,196.37)	2,918,742.13

C.
FV	$3,000,000.00
Payment	$90,000.00
Int. Rate for period	2.5%
Number of Periods	10
Present Value	$3,131,280.96
End of period	Cash Payment	Interest Expense	Principal	Carrying Value
				3,131,280.96
6/30/2011	90,000.00	78,282.02	11,717.98	3,119,562.98
12/31/2011	90,000.00	77,989.07	12,010.93	3,107,552.06
6/30/2012	90,000.00	77,688.80	12,311.20	3,095,240.86
12/31/2012	90,000.00	77,381.02	12,618.98	3,082,621.88

D.
FV	$3,000,000.00
Payment	$150,000.00
Int. Rate for period	6%
Number of Periods	10
Present Value	$2,779,197.39
End of period	Cash Payment	Interest Expense	Principal	Carrying Value
				2,779,197.39
6/30/2011	150,000.00	166,751.84	(16,751.84)	2,795,949.23
12/31/2011	150,000.00	167,756.95	(17,756.95)	2,813,706.19
6/30/2012	150,000.00	168,822.37	(18,822.37)	2,832,528.56
12/31/2012	150,000.00	169,951.71	(19,951.71)	2,852,480.27

Section 2: Equity Problems

Question 1: Mentzer Health Care, Incorporated is a hospital management firm. Mentzer reports the following on December 31, 2011.

Common Stock: $1 par, 3 million shares authorized, 500 thousand shares issued and outstanding	$ 500,000
Additional Paid in Capital	4,000,000
Retained Earnings	1,246,000
Accumulated Other Comprehensive Income	2,100
Total Stockholders’ Equity	5,748,100

REQUIRED: Prepare the journal entries needed in 2012 to account for the following transactions

On February 1, 2012, Mentzer repurchased 10,000 shares of common stock for $18.00 per share. The shares were originally issued for $9. Mentzer accounts for the shares as retired common stock.

1. On May 1, 2012 Mentzer issued 200,000 of $1 par common stock to the public throughan initial public offering. Shares sold for $25 each. The underwriting firm withheld $135,000 to cover issue costs.

2. Also on May 1, 2012, Mentzer issued 10,000 shares of $1 par common stock to Nursing Associates, in exchange for title to office space in their facility. The space was appraised for $275,000.

3. On June 30, 2012 Mentzer’s bond holders converted 3,000 bonds to common stock. The 5% bonds were issued on January 1, 2011 and pay interest semi-annually on June 30th and December 31st. The bonds mature on December 31, 2015. The market rate at the time the bonds were issued was 6%. Each bond converts to 50 shares of common stock. The market price of common stock on June 30, 2012 is $28 per share. (See the bond tables in the cover section)

4. On September 1, 2012, Mentzer reissued the 10,000 shares repurchased in February for $30 per share.

5. On December 1, 2012, Mentzer declares a $1.00 per share common stock dividend, payable on January 5, 2013 to shareholders of record on December 13, 2012.

6. On December 31, 2012 Mentzer determine that the value of a put option tied to the NYSE health-care index has declined in value from $2.10 per contract on December 31, 2011 to $1.85 per contract. Mentzer purchased 1,000 contracts in 2011 and designated them as a cash-flow hedge against changes in reimbursements in 2013. The options expire in 2013.

Question 2: Slade Manufacturing Reports the following information for 2012.

REQUIRED: Compute Basic and Diluted Earnings per share.

Slade had the following transactions related to common stock during 2012

· On January 1, 2012 Slade had 1,000,000 share of common stock issued and 165,000 shares in treasury.

· On March 1, 2012 Slade issued 250,000 shares of common stock for $68 per share

· On April 1, 2012 Slade declared a 150% stock dividend.

· On May 1, 2012, Slade repurchased 750,000 shares of common stock for $28 per share

· On December 1, 2012 Slade declared a $0.50 cash dividend payable on December 29, 2012.

For 2012, Slade had Net Income of $3,500,000 and paid cash dividends on the convertible preferred stock of $1,100,000 and cash dividends on common stock of $981,250. Interest Expense on debt totaled $790,000.

Slade also had the following potentially dilutive securities. Assume the tax rate is 35%.

· 500,000 shares of preferred stock outstanding that are each convertible to 3 shares of common stock at the option of the shareholders.

· The firm has 8,000,000 stock options issued. At the end of the year, the average stock price was $30.

· 5,000,000 options allow the holder to purchase a share of common stock for $32.

· 3,000,000 options allow the holder to purchase a share of common stock for $12.

Section 3: Review Problems

GRADE Part 1: PROBLEM 1 Part 2: PROBLEM 2

Part 1, Problem 1 Michelle’s Bridal Emporium misses both 2012 interest payments on the company’s $1,000,000 outstanding 10% bonds, due to a cash crunch. The semi-annual interest payments were scheduled for June 30th and December 31st. On December 31, 2012, bond holders agree to modify the terms of the bond as follows: 1) Interest for 2012 is forgiven. 2) Beginning on December 31, 2013 will make four equal, annual payments of $240,000 in settlement of the debt.

Required:

1. Assuming the bond was originally sold at par, give any journal entries necessary for Michelle’s Bridal to account for the debt restructuring on December 31, 2012. (4 points)

2. Indicate the interest rate the lender will use to calculate and record interest expense in 2013 following the debt restructuring. (4 points)

Part 1, Problem 2:

On December 31, 2011 Food Truck Corp leases a food truck to Rosa’s Mexican Food. Food Truck agrees lease the vehicle for four years, with the payment schedule below. Present values are also shown. Assume Food Truck Corp. purchased the leased vehicle for $7,811.48. December 31 fiscal-year-end:

Date	Payment	Present Value (Rate=6%)
12/31/2011	$ -	$0.00
12/31/2012	$ 1,000.00	$943.40
12/31/2013	$ 3,000.00	$2,669.99
12/31/2014	$ 5,000.00	$4,198.10
Total	$ (9,000.00)	$7,811.48

1. Assuming the lease is properly classified as an operating lease determine the following for the lessee, Food Tuck Corp. (2 points each):

a. Net effect on 2012 cash flow from operations (direction and amount)

b. Net effect on 2012 pretax income (direction and amount).

2. Assuming the lease is properly classified as a capital lease, determine the following (2 points each):

a. Net effect on 2012 cash flow from operations (direction and amount)

b. Net effect on 2012 pretax income (direction and amount).

Part 2:

GRADE Part 2: PROBLEM 1 Part 2: PROBLEM 2

Part 2, Problem 1 Required: Using the financial statements and footnotes for the cash flow problem in section 1:

1. Compute cash paid for income taxes.

Part 2, Problem 2

Required: Decker Corporation is defending against a lawsuit and believes the likelihood of losing is only slightly more than 50%. If they lose, the expected range of loss is between $2 million and $10 million. Determine the total liability Decker would record under the following assumptions:

1. Decker follows U.S. GAAP.

2. Decker follows IFRS.

Part 3

Part 2: PROBLEM 1 Part 2: PROBLEM 2

Part 3, Problem 1 Russell Interiors recorded a contingent liability of $80 in 2011. For tax purposes the firm cannot deduct the expense until it is paid in cash. In 2011 Russell recorded a deferred tax asset of $28. In 2013, legislators and the president agree on a tax bill and lower the statutory corporate tax rate to 25%.

Required: Assuming the lawsuit remains unsettled, determine the effect of the rate change on the following:

1. Net Income for 2013

2. Cash flow from operations for 2013

Part 3, Problem 2 Russell Interiors claimed a tax credit for research in 2010. Because there was uncertainty about whether paint samples were considered research, Russell Interiors recorded an unrecognized tax benefit of $64, which increased tax expense. Following an audit in 2013, Russell paid $48 in income tax to settle the IRS claim.

Required: Determine the effect on the following:

1. Net Income for 2013

2. Cash flow from operations for 2013

blog6

Get help from top-rated tutors in any subject.