1

Exploring Cybersecurity and Computer Science

Milcah Barretto
ISearch
2017

Introduction
Every single day, even right now, as you are reading this, some sort of cybercrime has

been committed. Whether it be a credit card company or a celebritys cell phone being hacked,

or perhaps the government gaining intelligence on other countries. Cybercrime, especially with

the development of technology, in recent years, has increased. Directly leading to the emergence

of digital forensics, the uncovering and examination of evidence located on all things electronic

with digital storage, including computers, cell phones, and networks (Garfinkel, 2013). Due to

this field being so new, more research needs to be done and this field has yet to implement

concrete standards. Each cyber forensic scientist can solve a case in various ways.
In 2016, around 40% of the world or more than 3 billion people have access to internet

compared to a measly 1% in 1995 (Internet Live Stats, 2016) showing how easily accessible the

internet is now more than ever before. The risk of malicious attacks on the internet and cyber

space has also increased more than ever before, especially when it pertains to money and
 2

politics. An example of a personal attack of cyber security breach would simply be a hacker

breaking through the security firewalls of your phone, enabling them to control every bit of your

phone. Hackers of this caliber usually want one thing only money. Therefore, their usual

scheme is to dial and redial a premium phone number such as a 1-800 telephone number, the

hacker then gets a cut of the charges, wiring the money to their own accounts. If done discretely,

victims would never know, however if a hacker could do this to multiple phones simultaneously

the money adds up quickly, as high as $200,000 per company hacked over the course of a few

days (Perlroth, 2014).

More recently and on a much bigger scale, 2016 was plagued with many cyber scandals.

On a national level, the bank Wells Fargo was found to have had employees illegally opening

unauthorized deposit and credit card accounts to boost sales figures luring in stock market buyers

(Tara, 2016). However, using the analysis of digital forensics and a Wells Fargo audit, the truth

was revealed. On the political and global level, American intelligence agencies have informed

the White House that they have high confidence that the Russian government was behind the

hacking of emails and documents from the Democratic National Committee, however, what is

unknown is whether the break-in was a routine cyberespionage which most countries including

the US conducts around the world or a deliberate manipulation of the presidential election

(Sanger, Schmitt, 2016). There have also been even more threats about perhaps more

manipulation from Russia, this time during the actual election day and the threat of changing

votes of Americans. With these possible breaches looming the role of digital forensics is

imperative.
With the growing epidemic of cybersecurity breaches, the opportunities for the field of

digital forensics grows with it. The need for specialists have been high and has been growing

each year. The 2012 US Bureau of Labor Statistics showed that forensic experts in computer
 3

information could have an impressive growth within the next 10 years. They projected a 22%

increase for job opportunities for people working in the field, that could mean 120,000 new jobs.

Furthermore, the government itself willingly funds college programs during the summer to

spread awareness of the importance of cybersecurity and to hopefully get more young

individuals involved in such a growing field.

What I Knew
During the summer of 2016 I attended cybersecurity camps at Norfolk State University.

At this camp, the professors discussed the real-life implications of any cybersecurity breach.

Many programs were taught to us to battle any data breaches and to decipher any hidden

messages whether it be steganography, hiding messages in pictures, or cryptography, disguising

information so only a certain person can decipher the message. General computer skills were

also such as coding via the Python language as well as general computer safety.
With this capstone product, I would like to create a product that could give my fellow

Ocean Lakes students the same experience I had during the summer. I plan on creating an

interactive website that I will present to a computer class. I intend for them to be exposed to this

whole field of digital forensic, hopefully walking away with an idea that this field exists and is

thriving as well as in desperate need of young individuals with already great general computer

skills like them.

Ive known ever since freshman year that I wanted to be involved in the field of forensic

science and each of my past symposium projects have pertained to forensic science. I know the

basic facts of forensic science. I know that one of the first times that forensic science was ever

utilized was in ancient Rome with Roman Quintilian used a bloody print to prove his clients

innocence. I know how vast forensic science is with many disciplines such pathology,

psychiatry, and toxicology to name a few. However, what I want to accomplish now, beyond the
 4

facts, is to create a product that will give the same type of lightbulb moment I had during the

camp to any student interested in computers.

My Story
I attended the Cybersecurity Summer Academy at Norfolk State University from June 27

to July 1, 2016. The purpose of the academy was to provide a foundation of knowledge to

interested students about the very fast-moving industry of cybersecurity. The government funded

this camp due to the need for young students to get involved early because of the numerous

cyber threats the government receives every day. There is an emphasis to get young students

involved because our generation has been accustomed to using computers and we already have

great general computer skills.

With the professors of NSU we learned various programs and tools used for decoding any

type of computer evidence left on the scene of a crime. Cryptography deals with how to disguise

information so only authorized personnel may see it. We learned that combining substitution

(letter replaced by different letter) and permutation (letter moved to different position) would be

the best way to encrypt anything. Essentially when someone wants to encrypt a message through

email or anything that needs to be written out, they can have a code shifting either left or right.

A message hello tom with a right shift of 3 would end up being khoor wrp.
A similar idea of hiding images in files is when a carrier is sent to a receiver without

anyone but the sender and the receiver knowing. This is done to hide information, give secret

information to friends, and commonly used by the government and companies. This is called

steganography and the programs used to perform this was also taught to us via tutorials that

explained the step by step process. Through the carrier, WinHip, one must create a new file with

notepad, open a picture in WinHip, the program will hide a message in the picture, an added

security of a password. With QuickStego, like WinHip, a picture must be opened and a message

should be typed into the program so that it may hide it in the picture. The only significant
 5

difference with the two is that WinHip has an added security of a password and in QuickStego

you do not need to type your message in notepad but into the program itself.
We were taught by Dr. Luay Wahsheh of the number system conversions which is the

language of numbers used to communicate what you want the computer to do. We learned

how to convert from one system to another. From decimal to binary you must divide by 2, from

decimal to hexadecimal you must divide by 16, from binary to decimal you must multiply 2 to

whatever exponent necessary then add and finally from hexadecimal to decimal you multiply 16

to a certain exponent and then add.

Both Dr. Luay Wahsheh and Dr. Frank Hu gave us interactive tutorials in which we

explored different types of programs and their purpose to a cyber security analyst. With

WinHex, the activity made me familiar with the different file types, this software allows you to

put in any file and helps you really determine what type it is because sometimes criminals will

deliberately change the file name to disguise it from investigators. For example a file type that

has .jpg will always have the code of FF D8 FF E0 but a criminal attempting to hide this image

would change it to a .doc file but the code will reveal the truth. Using FTK will maintain the

integrity of digital evidence, creating an image allows you to create a whole other copy of the

flash drive therefore investigators can delve into and change that instead of manipulating the

original piece of evidence. It is essential to create a copy of each acquisition. The procedure of

computer forensics goes as follows: collect, preserve, analyze, and present. We maintain the

integrity of digital evidence using the MD5 function in FTK Imager so that the digital signature

of a file or an entire drive can be obtained. This helps determine whether the file has been

modified of not. Hash box is also very essential, every time there is a piece of evidence this

must be recorded and you need to verify it yourself.

On the final day of camp we had a case of deleted grades and we had to use what we

learned all week to retrieve the grades and convict the correct criminals. The premise of the case
 6

was some of Mr. Moores grades had gone missing and all his files had been deleted, however

we knew that although a file could be deleted, there is a possibility for retrieval. Therefore,

using QuickStego we were able to intercept a hidden message in a picture and using that as piece

of information we were able to use Caesar Cipher and figure out the password to an email

account that had the culprits plan all laid out. We were able to identify the suspects and

determine how they were able to execute their plan.

I think this camp was such a great experience due to the abundance of information given

and the incredible professors teaching. I enjoyed talking to fellow students about cyber security

and it was a bit of a glimpse to college life. Through the camp, I got a solid foundation and grasp

as to what those in the cyber security industry do and how they do it. I also think that with the

information I have gained, I can really build up and create a great product.
Another program I attended was the GenCyber Security Summer Camp at Norfolk State

University from July 5 to July 15, 2016 from 9 am to 4 pm. This program was a much more

vast. It delved into the ideas of general computer ideas and computer science. We learned about

computer programming and coding in general. This was also funded by the government, again

showing the importance of cybersecurity and getting many kids involved.

The very first day was dedicated to the learning cyber security awareness. The

department chair of the Computer Science department, Dr. Aurelia Williams came in and talked

to us about how important it is to be aware of the ethics that come within using the internet and

how at times with the job, ethics can be compromised. She described scenarios where a persons

privacy is breeched because of an ongoing situation and she also reiterated how nothing can ever

be deleted, even once you delete a file, it can be retrieved in many ways. The reasons why we

use cyberspace include communication, staying connected to friends and family, business,

managing transportation, electricity, banking, and for entertainment purposes. We then were
 7

introduced to the definition of cybersecurity, which is the focus on protecting computers,

networks, programs, and data from unintended or unauthorized access, change or destruction.
To continue delving further into cybersecurity, we learned about the ten topics within it.

There is cybercrime which is any criminal activity carried out by means of computers or the

internet. Email security refers to the collective measures used to secure the access and content of

an email. While identity theft is the fraudulent acquisition and use of a persons private

identifying information, usually for financial gains. We also learned about copyrights which are

laws that protect an authors original expression in creative works such as writings, music,

movies, art and other works of the imagination. Cyber ethics was also talked about which is the

code of behavior for using the internet, similarly we talked about internet safety which states that

it is imperative to avoid individuals who have negative intentions. Other topics include E-

commerce, the using of the internet to do business such as buying and selling goods and services

online. There is also digital photography which is using digital technology to capture and

process images which is similar to the other topic of online communication which includes

chatrooms, instant messaging, and text messaging. Finally there is the topic of cyberbullying

which is bullying through internet applications and technologies such as mentioned with online

communication. We were then divided into groups and my particular group presented the topic

of cyberbullying.
The next day we were taught about the 10 principles of Cyber Security. Resource

encapsulation is the idea of combining elements to create a new entity. While layered security is

combining multiple security controls to protect resources. Information Hiding is hiding the

implementation of data or functions to the users. Abstraction is the idea of explaining or

summarizing in a way that can be easily understood. Simplicity is the concept keeping software

as simple and as focused as possible. Minimization is simplifying software to decrease the

 8

number of ways it can be exploited. Another principle is domain separation which is a way to

separate data into logically-defined domains. Modularization is the degree to which a systems

components may be separated and recombined. Process Isolation is the segregation of different

software. And finally, least privilege is the practice of limiting access to the minimal level that

will allow normal functioning.

With these principles and topics in mind we were taught the basics of coding in the

language of Python. We used an online program called Code Academy which included tutorials

and interactive activities. The basics of Python was introduced to us. There are variables used to

store values while whitespace is used to structure code. There is also a string which includes

letters, numbers, and symbols. Each character in the string is assigned a number which is the

index. Sting methods allow the person who codes to perform a specific task for that particular

string. For example you would type lower(number of particular string) to get rid of all

capitalization in the string. These principles, topics, and coding concluded the first week of this

camp.
The second week focused specifically on cybersecurity, we learned about the programs

that help find evidence much like what I did in the first camp. We discussed cryptography

through Caesar cipher, steganography through QuickStego and WinHip, how to acquire and

verify data through WinHex and FTK Imager. Much like the previous camp we had to use our

acquired skills and help solve a case. This time though, someone had stolen the money needed

for the students to eat their lunch in the caf at NSU. We tracked down emails, and purchases

from a certain computer using that money and we were able to find the culprits.
Within the week we also had guest speakers who talked about the importance and

emergence of cyber security. Mr. Darren Spence, a forensic examiner, was our first guest

speaker. He provides service to special agents, works for Computer Analysis Response Team

(CART) and what he experiences is nothing like you see on television. He stated that the US
 9

governments 3rd priority now is cyber security. His responsibilities include managing lab

equipment, staying current on technology, community outreach and also works with cybercrime

including hacking and harassment.

The second presenter was Mr. Andrea DiFabio who is the chief information security

officer at NSU. He is in charge of making sure the internet is running smoothly as well as

making sure the students are staying safe on the internet. He encountered a dilemma a couple

years ago in which HBO filed a lawsuit against a student for illegally downloading a Game of

Thrones episode and breaking copyright laws. He had the task to further look into the student

and found many songs and movies illegally downloaded. The case was settled but the student

had to pay approximately $22,000 for a song and $250,000 for a movie.
Our final speaker was a young entrepreneur, Mr. Deshaun Jones, who currently works for

a shipping company in Norfolk. His job is to keep their website safe and free from any threats.

He protects the computers network from unauthorized access, vulnerability and attacks. He

plans on establishing his own cyber security company providing a safe environment for

companies and people. He mentioned how much the field is growing because of the ever-

changing ways of technology, there is about a 11.3% annual growth rate in the field and one of

the many reasons is the roles vary in cyber security, you can work for a retail company,

businesses, the government, everywhere you look there is a need for a safe cyberspace.
I think the first week of the program was very helpful especially learning coding and the

fundamentals of computer science and digital forensics. However, the second week essentially

repeated the previous camp. Although repetitive, it did help solidify my skills and I was able to

help out my peers a lot. This camp was for middle school and high school students so compared

to the other camp it was a bit less rigorous.

Conclusions
The making of the website was a very tedious and at times, frustrating process. My

whole plan was to use the web language Python to create the site, however I later found out that
 10

the easiest way was to just use notepad and write in HTML. The hardest part for me was nailing

the interactive part of my product. I had this whole vision of me recreating Code Academy and

letting my audience have a go at coding, however I did not have the ability to do this. I had all

these ideas that werent really plausible with the set of skills I had. I needed to re-evaluate the

situation and make a product that did fit the set of skills I had.
With HTML, I was easily able to have the basic outline of my website. I knew I wanted

5 pages to truly capture the essence of the camp as well as cybersecurity. The home page

includes a little introduction of the purpose as well as a little information about myself and my

experience. Then the next page, titled Relevance showed the importance of cybersecurity in

our society today. To further prove this, I included current events, as well as events that effect

people locally, nationally, and even globally. Next, I titled Sneak Peek to which I give the

audience a general idea as to what the camp was about. Then for the next page I titled

Implications which talks about the future of cybersecurity and what it holds for students, to

prove the point I added a little snippet of the live count of how much internet users are growing

showing the direct correlation of the need for cybersecurity and the count. And finally, to

incorporate a little interactive part of the website like I originally planned, I had the idea to create

a quiz for the audience to take and see if they are ready and if they should go to the cyber camps

at NSU. Again, I came across some trouble with trying to directly create it in the website. The

type of quiz I wanted to incorporate was a checklist quiz like on Buzzfeed. So instead of coding

a quiz directly into the website, I created a Buzzfeed account and made a quiz that way, then

embedded the that page onto my website.

To get feedback, the original plan was to present to a computer science class at Ocean

Lakes. However, the first due date, I was not ready because of the difficulty I had with the

coding and interactive parts so I wasnt able to present. Then going into the winter break, I got
 11

in contact with my peers from the camps in which we all greeted each other happy holidays. That

sparked an idea for me to create a website specifically for NSU. So, that I may advertise the

camps through which I can share my experiences as well as the significance of cybersecurity to

those who are interested and in addition to that I get to dip my foot in a little bit of web

designing.
The hardest part for me throughout the entire journey was time management and just

committing to one audience. I always almost had everything finished, but there was always a

missing piece. My website was ready but there was an interactive piece that I just couldnt quite

figure out. My paper was ready but the conclusion was missing. I know I should have managed

my time better and committing to an audience would have extremely helped. I knew that my

eventual product would be a website, it just wasnt clear as to who my audience was. The entire

purpose of my product is to inspire and encourage those who are interested in computers to really

see what cybersecurity had to offer. Like mentioned before, the original plan was to present to

my peers in Ocean Lakes, but I ended up creating a website for NSU promoting the camps. I

think that I made the right decision because I really wanted to give back to the organization of

NSU as well as my mentor, Dr. Cheryl Hinds. I think having this website can really show kids

interested in the camp what its all about from a student perspective. I also believe that I would

not have been able to sufficiently entice my peers if I did present to them my website. I know

that most of them already knew most of the information so I thought long and hard about what I

was most comfortable with and what need I could better fulfill, and I decided my audience would

be those interested in the NSU camps.

Results
Through many threads of emails and texts, Dr. Hinds and I collaborated on the website. I

sent her a website that I created while she provided me her comments and suggestions as to what

I needed to do to make it better. I did have some grammatical errors on the site. There were also
 12

a couple of images that she didnt believe were needed or related but the rest were. She also

suggested in making the website more personal so she offered to give me the pictures taken

during the camps. There was also one embedded website that did not work so I had to fix it.

With this feedback, I realized even more, how important the visuals of a website are. If you want

your audience to truly grasp what you are saying, the website must be aesthetically pleasing.
Dr. Hinds also suggested changes for not only the aesthetics but also the actual content.

For the part in which I titled Sneak Peek she recommended that I state what we learned and

what we did in each camp since my description was quite vague. Also for the web page titled

Implications she encouraged me to give more statistics about the job outlook of the

cybersecurity industry. To really make a website work, I needed it not to only be visually

appealing but the content also needs to grab the attention of the audience as well as engage.

With the feedback she gave me, I followed her suggestions which made the website much more

effective in inspiring those who are interested in the field of study.

Despite all the hardships, I am very proud of this project. I am proud of the product I

made. But furthermore, I am proud of the experiences I had during it all. I have gained so much

knowledge inside and even more so, outside of the classroom. With this journey, I have gained

amazing friends who hold the same interests as me and will always check up on me from time to

time. I have also gained a person I can look up to and will always be grateful for, my mentor, Dr.

Hinds.
As for the future, I envision myself taking computer science classes as well as computer

programming or web development in college. Which at the very least, I will take those classes as

an elective. I am not 100% sure on what my future has in store for me pertaining to my school

choice or major, but I absolutely believe that I will be involved in computer science and

cybersecurity one way or another.

 13

References
Forensics Scientists Career Outlook & Salary Info. Retrieved from

http://www.forensicscolleges.com/careers/forensic-scientist
Garfinkel, S. (2013, October). Digital Forensics. Retrieved from

http://www.americanscientist.org/issues/pub/digital-forensics
Internet Live Stats. (2016, October). Internet Users in the World. Retrieved from

http://www.internetlivestats.com/
Perlroth, N. (2014, October 19). Phone Hackers Dial and Redial to Steal Billions. Retrieved

from http://www.nytimes.com/2014/10/20/technology/dial-and-redial-phone-hackers-

stealing-billions-.html?_r=0
Sanger, D., Schmitt, E. (2016, July 26). Spy Agency Consensus Grows That Russia Hacked

DNC. Retrieved from http://www.nytimes.com/2016/07/27/us/politics/spy-agency-

consensus-grows-that-russia-hacked-dnc.html
Seals, T. (2016). Wells Fargo Pays Largest Consumer Fine in US History. Retrieved from

http://www.infosecurity-magazine.com/news/wells-fargo-pays-largest-consumer/
 14

Appendix

The home page serves as an

introduction for the audience. It includes the purpose of the site as well as information
about who I am.
 15

This page shows how significant and relevant the industry of cyber security is and to show this,
current events are included.
 16

To give the audience a little taste as to what the camps at NSU were like, this page was created.
It states some of the topics covered in each camp.
 17

This pages purpose is to give students an idea as to how the field is significantly growing and
continues to have a bright future. Statistics of growth as well as salary of those in the
field are provided.
 18

The final page is an interactive quiz in which the picture can be clicked and will redirect the
students to a Buzzfeed quiz that determines if you would be ready for the camps.

This is an example of the coding done for the website in note using HTML to create the website.
This was the coding done for the home page.