Cyber study – Final essay

Nguyen Thuy Linh

222V904 – JOY Program, Yokohama National University, Yokohama, Japan
nguyen-linh-sb@ynu.jp

Topic: Cyberstudy in your daily life

I. Assignment paper
1. Cyberstudy issue in your daily life
Cybersecurity is one of the main issues that the 4.0 industrial revolution is prompting
people to worry about. Cybersecurity-related problems are now numerous and include
cybercrime and security breaches. To be honest, the cyber system in Vietnam, a developing
nation, is quite weak in several areas and quite rudimentary. People draw attention to a number of
major cybersecurity issues.
The first is the emergence of cyberattacks. Attacks against cyber security can result in
identity theft and extortion attempts, which can seriously harm both the victim's life and society
as a whole.
Second, the cost of our purchases is increased by cybersecurity. The price of everything
we purchase includes the whole cost of avoiding cybercrime. Businesses invest a lot of cash on
cyber security.
There was a lot of space for mistake with COVID-19 due to its haste. Most businesses
have to operate in an interim phase before settling into a secure remote working configuration
since setting up teams on secure networks, installing new software, and educating workers about
remote working practices all required time.
Not to mention, IT engineers had a tough job. They had to handle the urgent remote
office setup while also being vigilant for growing dangers that were directly tied to the issues.
2. ICT experiences
ICT is an acronym for Information & Communication Technologies, this word is
understood as Information and Communication Technology. This is a widely used term in the
current technology era, it is a combination of communication and telecommunications, intelligent
building management systems and audio-visual systems in information technology. modern.
Besides, ICT is also a term to talk about the means used to process information, share sound and
images such as telephones, media, sound processing, network transmission and functions.
monitoring ability. ICT is become a crucial part of contemporary life. With its widespread use,
ICT has benefits and drawbacks.
Positively, ICT makes life easier for people. ICT accelerates and improves all processes
and advancement. It modernizes and raises the level of living. ICT links everyone, regardless of
where they are from, and delivers a wealth of fresh cultural, historical, etc. knowledge through
 building a massive network grid and numerous worldwide social platforms to share information.
People can grow intellectually and spread their experiences with others in this way. That implies
that we can stay current and grow daily.
The most frequently reported difficulties on the negative side are privacy concerns. The
evidence demonstrates that as technology advances, hazards increase. Specifically, it is asserted
that piracy, phishing, and scamming have increased in frequency in recent years. Malware
systems and fake news are other issues that individuals must contend with since they cause
deviations in their lives. If people are not careful enough, certain personal data may be taken.
Consider the situation of the conflict between Russia and Ukraine, about which a variety of
unfiltered information circulated online. ICT, to sum up, offers many benefits as well as
drawbacks, just like every coin has two sides. We should utilize it and work to reduce the
likelihood that ICT causes.
3. Cyber crime
According to the majority of definitions, cybercrime is defined as any criminal conduct
that uses or makes use of a computer, computer network, or networked device.
Almost all cybercrime is committed by profit-driven hackers or cybercriminals.
Cybercrime may be committed by both individuals and organizations. Particularly given the pace
of IoT, some cybercriminals are well-organized, use cutting-edge tactics, and have a high degree
of technical knowledge, while others are completely new to hacking.
Computers are seldom damaged by cybercrime for reasons other than financial gain.
These might be political or personal. Cybercrime may occur in a variety of ways, including
through viruses, online fraud and forgeries, or the usage of illicit, non-filtered internet
information.
Cybercrime is a serious threat and does enormous harm to both individuals and society.
As a result, the majority of nations and capable enterprises are moving quickly to avert cyber
security breaches.
4. Lores
So far, Vietnam – a Western country with many tradition and custom, has own lores. This essay
will show you some of them:
(1) Abstain from sweeping the house and taking out the trash on Tet holiday
Many people spread word of mouth to each other, if you sweep the house in 3 days, all the luck
and fortune at the beginning of the year will drift out of the house. Therefore, on the afternoon of
the 30th of the New Year, families often clean up so that the 1st, 2nd, and 3rd days do not have to
clean. If they did, Vietnamese people often sweep into a corner of the house, wait for all 3 days
of Tet, or until the day of worship to bring grandparents, they begin to collect and dump.
(2) Differences between the Southern and Northern:
- Hanoi often values and preserves what belongs to tradition, modern Saigon has a more
modern life
- In daily communication, Hanoians value etiquette and rules, while Saigonese live more
comfortably and are somewhat informal.
- Drunk in Hanoi often has to leave early, while in Saigon, it is common to drink overnight.
(3) Gathering on Mid-Autumn. (15/7 – moon calender)
The meaning of Mid-Autumn Festival customs to Vietnamese people is reunion. On this happy
day, everyone in the family gathers together to eat moon cakes, enjoy tea, chat, and make
offerings to the ancestors. And Mid-Autumn Festival is also known as Children's Day. The
custom of Mid-Autumn Festival is unknown since when, over thousands of years, the moon is
also a sacred symbol for Vietnamese people. The shape of a full or waning moon is associated
 with joy, sadness, reunion, and parting. Therefore, the full moon is a symbol of reunion and the
Mid-Autumn Festival is called the reunion festival.
5. Misinformation, Disinformation and Malinformation
1. Information
According to Wikipedia, Information is “processed, organized and structured data. It
provides context for data and enables decision making processes.” Information appears thorough
our daily life. For instance, the knowledge we acquired everyday are information. The data of
students’ quantity who entry YNU each semester is also information.
However, in society, especially in the pace of technology development, information might
be use with wrong or bad purposes. In detail, misinformation, disinformation, and mal-
information appear, which causes many troubles in our life. Although three concepts are used for
different intentions, they’re all considered as informatic chaos.

2. Misinformation
Misinformation is defined as false information that is not spread with the goal of harming others.
That means the person propagating it thinks it to be real.

3. Disinformation
Disinformation is false information that is intentionally spread to damage an individual, a social
group, an organization, or a country. “It is a deliberate, intentional lie, and points to people being
actively disinformed by malicious actors” (Sandrine Baume, Véronique Boillet, Vincent
Martenet, 2020).
Disinformation is so-called deliberate misinformation, as the guy who disseminating it knows it
is false already.

4. Mal-information
Mal-information are information based on reality but they are utilized to hurt an
individual, social group, organization, or country.
EXAMPLE OF THE THREE CONCEPTS.
1. Mis-information
Let’s take the case of America and Europe as a telling example, of why the COVID 19
pandemic spread so severe and cause traumatic damage in these areas. One of the main causes
was the misunderstanding of the consequences that this disease causes. The belief that the
COVID is the same type of common cold with insignificant symptoms and can be cured easily
after several days was spread on the internet so much, and people trust them. The problem is that
people who share this sort of stuff almost try to be knowledgeable without intending to hurt
anyone. And this crowding effect created a great misunderstanding in society, and people failed
to thoroughly check and verify the facts they are offering.
2. Dis-information
Also under the situation of COVID 19 pandemic, some people state online that they have
“miracle cure” without any medicine or medical method. Of course, there was no chance for
those statement to become true, they were just trying to scam people to make money or at least,
get attention. But there were some falling into the traps, especially those who are ethnic minority,
who living in slums or less developed countries. Many people’s conditions get more serious or
even die because they believe in those scams.
3. Mal-information
 Recently, the dispute between Russia and Ukraine has leak many misinformation and
disinformation, but the most dangerous are mal-information. In details, Anonymous, a notorious
hacker group claimed to have leaked the personal data of more than 600 Russian FSB officers
operating in Moscow. Along with it, the hacker group also released a huge data store of 87,500
emails, about 107GB in size from Neocom Geoservices, a Russian engineering company. This
causes tremendous disadvantages for Russia and related parties.
WAY TO PREVENT MIS-, DIS-, AND MAL-INFORMATION.
Based on those above documents, I would like to suggest some solutions as follows:
- Deploy technical and technological solutions to prevent and handle false and hostile
information
- State management agencies propose to network operators to block messages by
keywords/content, identified sources. At the same time, network operators will work together to
identify and share spam message patterns, ways to prevent spam messages, and methods to
receive and handle spam messages from people.
- Focus on building solutions for filtering tools based on a large enough database to detect
fake news, false news, malicious bad news, etc., thereby, proactively preventing the spread and
warning of news.
6. Approaches to sercurity investment
The 4 ways to approach:
(1) Fear, uncertainty, and doubt (shortened to FUD) is a propaganda tactic used in sales,
marketing, public relations, politics, polling and cults.
This is a psychological effect that affects investors' perception of a market in general, giving
victims feelings of anxiety, uneasiness, fear. miss, lose what everyone around will gain.
(2) The second strategy is focused on the cost of security deployment. This way is simple
because it does not attempt to quantify the advantages of security investment and instead
treats it as a cost of doing business. However, it does not assist a corporation in determining
how much to invest in IT security.
(3) The third one is employing an indirect assessment of the cash worth of security breach
costs. Whilst loss estimates can be useful in persuading businesses to use security measures,
they are less effective in determining which technology to install or how much to invest.
(4) The last method is to employ a risk or decision-making framework that is commonly
used. They calculate the anticipated loss after identifying potential risks, estimated losses,
and their likelihoods.
EXAMPLE
1. FUD
Fear, uncertainty, and doubt (FUD) strategy has been used for years to sell investments in
security
As in the cybersecurity business, they spend a lot of time and energy competing for funding,
personnel, and important stakeholders' attention. Much of this is accomplished by instilling fear that
if the company does not increase its budget or staff, it would experience a breach, lose compliance,
or lose investor confidence, or all three.
One of the typical examples of FUDer is Tesla CEO, Elon Musk. Earlier in May 2022, Musk
was criticized for expressing concern about Bitcoin mining's harmful impact on the environment, and
he announced he would no longer accept Bitcoin for their electric vehicles. This announcement
caused a major correction in the price of Bitcoin , after the cryptocurrency hit a record high price
earlier in the year.
2. Direct cost
Business owner and investors might consider some factors affect directly on security deployment
such as:
- Physical Security: information on security, access control methods, room controls, and so forth.
- A business growth strategy
- Disruptions in income
- Losses in intellectual property
- Concerns about invasion of privacy
- License fee for security products
- Insurance premiums
- Disruption of operations, as well as the repair or upgrade of damaged items and infrastructure.
3. Indirect cost
When employing an indirect cost, the operators should take some long-term factors into
consideration:
- Revenues decreasing in the future.
- Cyberattack-related actions of competitors or hackers
- The process of rehabilitation
- Adding more cyber security rules and technology
- Hiring IT professionals and incorporating external audits
- Investment trends in cyber securities (poor vs. wealthy countries?)
- Losses in the stock exchange
4. Traditional risk decision analysis
Quite many researches before have invested in this method. For example, we have
Hierarchical Holographic Model (HHM) to evaluate IT security risks by Longstaff et al. in 2011

(Figure 1: HHM model. Source: Longstaff et al., 2011

The most common and effective model so far was created by Gordon and Loeb in 2002, which is an
economic model to identify the best degree of information security investment.
 (Figure 2: Gordon - Loeb Model. Source: Gordon and Loeb, 2002)
According to the above model, the amount of money a corporation spends on information
security should be a small percentage of the expected loss in most circumstances. The model
specifically reveals that investing in informatics security for amounts greater than 37 percent of the
projected loss is often uncomfortable.
For example, assume that the projected data value is $2,000,000, with a 20% assault probability
and a 70% likelihood of success. Thus, the possible loss in this scenario is indicated by the product
$2,000,000 0.2 0.7 = $280,000.
 Gordon and Loeb recommend that the company's securities investment not exceed $280,000
0.37 = $103600.
Introducing new technologies and investments complicates and exposes business security
infrastructures. To protect the organization from next-generation cyber threats, a unified, integrated
security architecture that is automated for operational efficiency is required. The operator should
investigate and analyze the enterprise's present position before deciding on the best way to evaluating
IT security investments.

7. Keyword to analyze the reality

(1) consumer welfare
Individual advantages gained from the consumption of products and services are considered
consumer welfare. Theoretically, individual wellbeing is characterized by an individual's subjective
judgment of his or her happiness, given prices and income. As a result, precise measuring of consumer
welfare necessitates knowledge about individual preferences.
This term is confusing because, depending on the context, consumer welfare may be seen,
interpreted, and assessed in a variety of ways.
Dollar is considered as a popular and effective measure of consumer welfare.
(2) consumers’ sruplus
Consumer surplus is a metric of consumer welfare that is defined as the difference between the
product's social value and the price paid. The size of a triangle below a demand curve and above the
observed price is used to calculate it.
 Figure 1
For example, in the figure 1, the CS (consumer surplus when the product is sale at the price of $3
(decrease from $4) is 65 x 2 = $130.
(3) dead-weight welfare loss
A deadweight welfare loss is a societal cost incurred as a result of market inefficiency, which
arises when supply and demand are out of balance.
Deadweight loss is mostly utilized in economics, but it may be applied to any shortcoming
created by poor resource allocation. For instance, tax. Because taxes raise the price of goods and services
over their equilibrium price, they produce a deadweight loss. This might result in a deadweight loss for
both the manufacturer and the customer.
(4) Digital divide
The phrase "digital divide" refers to the disparity between individuals, families, enterprises, and
geographic regions of various socioeconomic levels in terms of their access to information and
communication technologies (ICTs) and their usage of the Internet for a number of purposes.
The digital gap represents a wide range of inequalities between and within nations.
There are several factors influence the digital divide process such as age, education level, gender,
income, etc. In details, in terms of education level, college graduates are ten times more likely than non-
college graduates to profit from computers and the internet on a daily basis.
(5) externalities – oecd
Externalities are circumstances in which the effect of producing or consuming products and
services imposes costs or advantages on others that are not represented in the prices charged for such
goods and services.
Externalities bring both pros and cons. For example on negative externality, we can think of pollution,
smoke, weather, etc.
(6) free rider or riding
When one company (or individual) gains from the activities and efforts of another without paying or
sharing the expenses, this is known as free riding., and who do that is/are free rider(s).
For instance, when somebody using his neighbors’ wi-fi without paying any fee, he is called free rider,
 In business, take the case of Coca-cola in Vietnam as a telling example. Since the taste of Cocacola
and Pepsi are quite the same, but in 2020, since Vietnamese knew of Coca-cola’s tax evasion, they
boycott Cocacola and use only Pepsi. That’s how Pepsi are freeder riding.
(7) market failure
The phrase "market failure" refers to instances in which market outcomes are not Pareto optimal.
Government intervention is justified by market failures.
The US dairy market is a telling example of market failure. The industry generates significantly more
than is required by customers. Farmers are encouraged to overproduce dairy products in order to qualify
for government subsidies. As a result, governments acquire and keep an over surplus in most years.
Despite the fact that industry demand is declining, companies are increasing production.

8. Social engineering
Social engineering is defined as “An attempt to trick someone into revealing information
(e.g., a password) that can be used to attack systems or networks.” (Glossary).
Simply put, social engineering is a technique for persuading individuals to steal information
or accomplish a goal. This method is based on consumers' psychological flaws and information
security misunderstandings. As a result, rather of targeting the system's security flaws, hackers focus
on abusing users' natural tendencies. Thus, in general, social engineering is not a cyber assault at its
heart. Instead, social engineering is all about persuasion psychology.
II. ABOUT SOCIAL ENGINEERING
A. Types of attacks of Social Engineering
There are 11 main types of social engineering attack as below:
(1) Phishing: hackers create emails or websites for fake organizations and businesses to lure
users to provide information or transfer money, etc.
(2) Baiting: a form of attack using bait to seduce the victim to trap. It can also hide in USB
devices or external hard drives. Hackers can put malicious code into those devices and spread
to other devices during the user process.
(3) Vishing: combination of the words "voice" and "Phishing”, also known as voice fraud.
Vishing uses Internet phone service (VoIP) to collect personal information and financial
information from the victim.
(4) Pretexting: hackers create a scenario or a reasonable reason to steal the victim's information.
(5) Scareware: hackers will deceive users that their computers are infected with malware. After
that, hackers proposed the victim to install Scareware software to fix the problem.
(6) Water Holing: is a form of intentional attack on organizations/businesses through tricking
members to access websites containing malicious code.
(7) Quid Pro Quo: is a form of hackers pretending to provide a certain benefit in exchange for
user information.
(8) Division theft: hackers will deceive a delivery company or express delivery or wrong
delivery. Therefore, they can prevent transactions made.
(9) Honey trap: hackers pretend to be a "fascinating" person. Thereby, they approach and interact
with an online person to collect information of that person.
 (10) Tailgating attack: is also known as Piggybacking. This form of attack was performed
when the hacker pretended to be an employee and deceived the competent person to break
into the company.
(11) Rogue: Rogue software is a malware. They deceive payment goals to eliminate fake
malware.
B. Effects of social engineering
- Lost data: When attacked Social Engineering, the business will be lost data. Hackers can sell that
data block or spread on social networks. More seriously, they can return to blackmail. At this time,
the consequences are not only in data loss but also heavy financial damage.
- Loss of image and brand reputation: Customers and partners of the business will lose confidence
when hearing that businesses are attacked Social Engineering. In fact, damage in prestige and brand
image is harder to recover more than economic damage.
- Business activities are delayed: If hackers attack strongly on the server, it is likely that the network
system will collapse. That is why the business website may be suspended. Depending on the ability
of the business, this time can last from 1, 2 days to 1.2 weeks.
C. Social enginnering examples
(1) Eavesdropping
C is the person standing between A and B. C suspect A and B have something hidden.
Therefore, C conducted an attack on the conversation between the two. The form of eavesdropping
based on human factors can be done by phone and email.
(2) Pop-up Window

Some pop-up screen displayed as above can provide you a link. If you click on that link, you will be
led to a fake website of hackers. That website may ask you to provide information or seduce the
software to contain malicious code to your computer.
(3) Email Phishing
There have been many people who were attacked for Social Engineering by this form. Specifically,
hackers often email an impersonation of a reputable unit, offering attractive invitations to stimulate
users to click on the link or download the attached file. If the above actions are performed, it is likely
that the user will lose personal information or more serious than financial damage.
III. SOLUTIONS
For individuals:
 Password management
 Multi-factor authentication
 Email security with anti-phishing defenses
 Bookmark reliable sites and don't put your confidence in sites you've just visited once.
  Never click on links that contain too-good-to-be-true claims.
 Threats should not be taken lightly. Once the element of dread has been instilled in your
brain, the bad people anticipate you to readily give in.
 Learn about the security features that the websites you visit have built-in.
 To secure your system and data from all types of attacks, you must invest in an effective
security solution.
For organizations:
 Clear decentralization of social networking accounts, websites, network systems.
 Avoid using a password for many different accounts to avoid the risk of exposing
information.
 Limit posting business information on social networks to avoid bad guys impersonating.
 Enhance the knowledge of attack and how to prevent social engineering for employees.
 Perform training sessions with fake situations. Thereby, raising the awareness of vigilance
and experience dealing with the same situation.
 Use a tool to scan the malicious code and the recurring network security gap to eliminate
cyber attack risks.

9. Fake software and ransomware

(1) Cookies
A cookie is a piece of data from a website that is kept within a web browser and may be retrieved
later by the website. Cookies are used to notify a server that a user has returned to a specific website.
A cookie contains information and allows a website to show specified settings and tailored content
when visitors return to it.

Cookies can also record information such as the contents of a shopping cart, registration or login
credentials, and user preferences. This is done so that when visitors return to a site, any information
from a prior session or any specified preferences may be simply retrieved.

(Figure 1: How cookies works? – Source:

geeksforgeeks.org)
Because Cookie is a file used to store information, users' usage activities are personal, so it will be
easy for Hackers to look, find ways to break into Website systems, personal computers to steal.
information and use it for malicious purposes that you cannot foresee. For example, The Koobface
worm was discovered looking for Facebook cookies in November 2010 and utilizing the stolen
credentials to log in to victims' accounts.
 (2) Fakeapps
To put it simply, fakeapp is one that pretends to serve a purpose but is actually fraudulent,
worthless, useless, or even damaging to the user's device.
According to the definition in Trend Micro, fakeapps leverage reputable organizations or well-
known references to persuade consumers to download them. They may even seem as amusing and
appealing apps, offering features like as live wallpapers or real-time surveillance capabilities. Fake
applications may conduct a number of destructive tasks after they've been installed on a mobile
device. They may bombard consumers with advertising, track and report their location and other
sensitive data, and subscribe them to premium services without their permission. All of this can
result in the loss of data and privacy, as well as a waste of device resources.
For example, in 2017, Apple was criticized when let a fake $5 Cuphead game into Appstore with
the backgrounds look low-resolution, the animation is primitive. Meanwhile the original one is free
and at high quality.
(3) Keyloggers
Keyloggers are applications that keep track of what you type on your keyboard. These apps are
used by certain viruses to collect information from users, as combining the results of these
keystrokes, a keylogger installer can obtain private messages, email content, credit card numbers
and, most dangerously, any type of user password. There are also legal keylogging applications that
are used by businesses to monitor their staff and by parents to keep an eye on their children.
In fact, malicious software from hackers can have the function of a compact keylogger software or
it can act as a Trojan, downloading and installing a keylogger software in a simple way. silently. In
addition, the malware will also automatically set up a channel to send the information obtained by
the keylogger to the Hacker. It can be said that keyloggers are one of the most popular tools for
hackers because they can get a lot of user information by this method.
(4) Ransomware
Ransomware consists of many layers of malicious software with the function of restricting access to
the computer system it has infected, and requires a sum of money to the person who created the
malware in order to remove the restriction on access. that it created earlier. Some types of
ransomware encrypt files and data on the hard drive (to extort money), while others are simpler, they
lock the system and display a message to convince the victim to pay.
Take the Locky 2017 as a telling case. Locky first appeared in 2016, and is a relatively
sophisticated example of ransomware. It usually infects users through malicious Microsoft Office
attachments to emails. When an Office file is clicked, it may prompt the user to enable Office
macros, ostensibly to ensure that the document renders correctly, but it actually allows malware to
run. After encrypting the user's files, Locky displays a ransom note set as the user's desktop
wallpaper. This instructs the user to download the Tor Browser and visit a link specified in the note
to pay the ransom.

(5) Spyware
Spyware is a program that monitors and collects personal information without the user's
knowledge or agreement, and then delivers it to a third party. When signing the End User License
Agreement (EULA) for certain free applications, many consumers unintentionally install spyware.
 Cookies, Keyloggers, Trojans, Rootkits, etc. Are all spyware in fact. In details, we have
WildTangent. This software is installed through American Online Instant Messenger (AIM).
According to AOL (American Online), it is needed to create connections between members in
Internet games. Once installed, it will retrieve information about your name, phone number, email
address as well as CPU speed, video card parameters and DirectX. This information may be shared
with other places.

(6) Track ware

Trackware is any software application that monitors system activities, collects system data, or
monitors user behaviors and then sends that data to a third party. The data collected is neither
individually identifiable nor private.
This one is quite similar to Spyware. Spyware contains trackware.
Some ways to prevent trackware and spyware:
 Do not open emails from unknown senders.
 Only download files from trusted sources.
 Double-check before clicking on links to make sure you're being directed to the right site.
 Use a reputable network security program.
 Install modern Spyware blocking software to protect computers before hackers activate them.
Avoid traditional security programs that use signature-based technology, as this is old
technology that is very vulnerable to new malware.
 Enable the feature that prevents the distribution of Spyware on the computer (for example, the
feature to block malicious websites containing Spyware).

10. Surface web, deep web, dark web and underground market.
(1) Surface web
Surface web is the public face of the internet. When you visit a company's website, you're on the
surface website. These are basically all websites and resources connected to the internet that can be
explored and accessed for free. For example, Google's search engine "crawls" the web to find web
pages that are open to anyone.

(2) Deepweb
The deep web is all the things that are connected to the internet but hidden behind some form of
security. When you log into your webmail service or Facebook account, you are accessing the
Deep Web. Deep web will not display content until you pass these security steps.

Rather than being a dreaded part of the Internet, the deep web is the backbone of our everyday
internet experience. Therefore, it is not surprising that most websites are deep web.
 (3) Darkweb
The dark web is part of the deep web. These are websites and servers that have been intentionally
hidden. The people who run the website don't want anyone to know who they are and they
certainly don't want anyone to be able to access their website.
While the dark web is not illegal in most countries, it is quickly being adopted by criminals to
obfuscate illegal content and communications around the world. Combined with the rise of
cryptocurrencies, the dark web has enabled illegal transactions of billions of dollars.
There are many legitimate websites on the dark web but in general, most users should stay away
from them because it comes with serious cybersecurity risks and any website can be compromised.

(4) tendencies among countries in the ground market

Most underground markets in many countries deal in key commodities such as:
- Data breach dumps,
- exploit kits,
- malware,
- fake documents
However, each market will have its own trends and characteristics for products. For example, in Japan
they have Child-porn related goods, only Modified Android apps with prepaid credits paid for with
stolen credit cards in Brazil, or the US for Agora invitation code/.onion site access. So as to services
when dropping and Payment card validity checking are only provided in Russia, Fast fluxing in
Germany only.

As a result of the COVID-19 pandemic and its enormous impact worldwide, demand for malicious
and illicit goods, services, and data increase graduallly across dark web marketplaces.
Country marketplaces not only have different product offers, but also different business structures.
Instant-messaging applications and social networks are popular with cybercriminals in China and
Brazil, for example, for conducting business. Meanwhile, Japan made significant use of BBSs that
were strictly restricted (to members only). Additionally, cybercriminals in countries like Germany and
North America, where laws are enforced more seriously, are beginning to burrow deeper into the
Deep Web in order to better evade the prying eyes of law authorities. Cybercriminals from Germany
and North America, as opposed to those from other nations, rely more on the Deep Web.

11. Conspiracy and hacktivism

(1) Red flag's consequences
Those red flags of conspiracy theories are some typical examples of false information.
Almost of them causes negative effects on people. In COVID 19 situation stated, red flags may
lead to:
- people misunderstand information about covid and become confused and scared.
- loss of trust in the authority or government
- do not use personal and social protection measures (masks, etc.)
- refuse to vaccinate
 - continue to spread misinformation far away
(2) Situations by nation
The fact show us that so many people was confused under the COVID 19 situation. According to
the snap poll in 28 Countries by Gallup International Association, however, each place's response to
the problem is different.
For example, meanwhile the majority of Southern Asia part, almost people believe they can catch
the virus but still believe in the government ability to control the situation, the opposite situation
happens in the Western Europe and Japan.
Not everyone in the Western are likely willing to use a method to protect themselves from virus,
meanwhile in the Asia, they do it commonly.
Those different may occur due to differences in political institutions, cultures and different
approaches to the problem of each region.
(3) Possible loss and damage estimation
Believing misinformation and disinformation and not being vaccinated or doing protective
method are the most obvious and serious consequences of the red flags. For examples, according to a
research of John Hopkins Bloomberg School of Public Health, there was between 5% and 30% of
voluntary nonvaccination in the United States, caused at least $1 billion of harm each day in the
United States since vaccines became widely available.
While the epidemic persists, a public health initiative that successfully reduced or refuted
misinformation and disinformation and was able to minimize associated nonvaccination by 10%
would be worth between $5 and $30 million per day, or between $150 and $900 million per month.
(4) Hacktivism
Hacktivism is a social or political action carried out by breaking into and sabotaging secure
computer systems. Hackers often aim to accomplish corporate or government goals. People or groups
who practice hacktivism are called hackers
Hackers' targets include religious organizations, terrorism, drug trafficking, and pedophilia. An
example of hacktivism is denial of service (DoS) attacks to shut down the system to prevent client
access.
3 examples:
(1) An early example is malware called Worms Against Nuclear Killers (a pretty obvious
abbreviation!), which was released onto NASA networks in 1989 to protest the launch of a
carry-on nuclear rocket. Galileo probe into orbit. According to officials, the hack cost the
project half a million dollars during that time, and a lot of resources were lost.
(2) A group of hackers has revealed the email addresses of nearly 2,000 subscribers to a
newsletter supporting Isis, or even threatening to take down President Donald Trump in 2017.
(3) A notable example of modern workplace hackerism is the attack on the infidelity dating site
Ashley Madison. A group calling itself Impact Team stole the personal information of 37
million members from the site, and accused its users of being "adulterers who don't deserve to
be forgiven", the attacker said.
12. Universal services and digital inclusion
 (1) Universal Service
The word "universal service," which is used mostly in regulated industries for economic, legal, and
business purposes, refers to the practice of offering all citizens of a nation minimum standard of services
(telecommunication in this case). It is available to everybody and can be accessed by anyone without
additional support.
The three main concepts serve as the foundation for the idea of universal service, which has been
extensively studied in a number of publications:
• Accessibility: All telephone subscribers should be treated equally with regard to price, service, and
quality of service, in all locations, without distinction of race, sex, religion, or other factors;
• Availability: The level of service is the same for all users in their place of employment or residence,
at all times and without geographical discrimination;
• Affordability: For all users, the price of the service should not be a factor that limits service access.
To fulfill the need for universal service, various jurisdictions have used a variety of strategies, including
market-based reforms, obligatory service responsibilities, cross-subsidies, etc.
(2) Digital inclusion.
Digital inclusion refers to the actions required to guarantee fair access to and use of ICTs for
involvement in social and economic life, including for participation in education, social services, health,
and social and communal life. Access to inexpensive broadband Internet connections, Internet-enabled
devices, training in digital literacy, high-quality technical assistance, and programs and online material
that promote and enable collaboration, participation, and self-sufficiency are all examples of digital
inclusion.
Quite same as Universal Service, DI includes the following topics:
• Understanding how to use digital tools, including computers, smartphones, and the internet. This is
significant, but it's not often the only or biggest obstacle that people encounter.
• Connectivity: Broadband, wi-fi, and mobile access to the internet. The correct infrastructure is
necessary, but that is only the beginning.
• Accessibility: Services must be created to satisfy the requirements of every user, including those
who rely on assistive technology to use digital services.
Digital inclusion creates the fair for children, woman, disabilities, etc.
(3) example
Universal service
(1) Nigerian Communications Commission: In addition to numerous projects being carried out by the
Commission to increase universal access and service as well as to strengthen government efforts
in poverty reduction, the NCC chief executive stated that the Commission, through the Universal
Service Provision Fund (USPF), has achieved great success in ensuring that telecommunications
services are accessible to a large number of people (and communities) at affordable prices.
(2) The state of Texas: The USF is funded by a 3.3 percent monthly per line fee on intra-state
operators. created by the state to subsidize telecommunications coverage associated with its
universal service mandate. However, The Public Utility Commission put the state's fund on the
verge of insolvency in 2020 by refusing to raise the fees necessary to finance it.
Digital inclusion
(1) Open Standard
To increase options and save costs for the government and the public, the UK government
announced a shift to an open standard document format for digital collaboration. Documents
from the central government are now being distributed in this new format, but there is no
assistance available for those who are unsure of the format or who lack the knowledge or
confidence to do research.
(2) Voter Registration
The UK government also has introduced a straightforward and user-friendly online voter
registration facility. The service is advertised as being accessible to 99.9% of individuals [10],
however according to the digital inclusion scale, this service requires level 6. The population
below this level is 21 percent of the total. The digital service for voter registration is the subject
of advertising.
13. Cyber bullying and online slander
(1) Bullying
Bullying is unwelcome, hostile conduct among school-age children that involves an actual or
imagined power imbalance. Over time, the conduct is repeated or has the potential to be repeated.
Both bullied children and children who bully others may have severe, long-lasting issues.
Bullying requires aggressive conduct as well as the following elements: An Imbalance of Power
and Repetition.
(2) Cyber bullying
Bullying that occurs online, such as on computers, tablets, and mobile phones, is referred to as
cyberbullying. Cyberbullying may happen online through social media, forums, or games where
users can read, interact with, or exchange material. It can also happen through SMS, Text, and
applications. Sending, publishing, or disseminating unfavorable, hurtful, or malicious material about
someone else is considered cyberbullying. It can also involve disclosing sensitive or private
information about another individual in a way that causes shame or humiliation. Cyberbullying
occasionally veers into illegal or criminal action.
(3) type of bullying
Three different forms of bullying exist:
(1) Verbal bullying: Saying or writing hurtful things is verbal bullying. Verbal abuse consists of:
 Teasing\sName-calling
 unsuitable sexual remarks
 Taunting
 threatening to hurt someone
(2) Social bullying: Bullying someone's reputation or connections is referred to as relational bullying
or social bullying. Social aggression consists of:
 Purposefully leaving someone behind
 instructing young ones not to become friends with someone
 making false claims about someone
 Publicly embarrassing someone
(3) Physical bullying is causing harm to another person's body or property. Physical aggression
consists of:
 Hitting/kicking/pinching
 Spitting
 Tripping/pushing
 Taking or damaging someone else's property
 making offensive or crude hand motions
(4) special concerns for cyberbullying
Due to the popularity of social media and online forums, people frequently publish comments,
images, posts, and other information that may be seen by both acquaintances and complete strangers.
A person's internet activity, including any bad, unpleasant, or damaging stuff they publish, becomes a
type of irreversible public record of their beliefs, actions, and conduct. This public record, which may
be accessed by schools, companies, universities, organizations, and anyone conducting current or
prospective background checks on a person, can be considered of as their internet reputation. Not
simply the victim of cyberbullying, but also those who harass or participate in it, may have their
online reputations harmed. Cyberbullying raises particular issues since it may involve:
 Persistent - Because digital gadgets make it possible to interact instantly and constantly
throughout the day, it can be challenging for children who are victims of cyberbullying to get
help.
 Most electronically transmitted information is permanent and available to the public if not
reported and deleted. A bad internet reputation, even for bullies, can affect work opportunities,
college admissions, and other aspects of life.
 It is difficult to notice cyberbullying since instructors and parents might not hear or see it
happening.

(5) EFFECTS OF CYBERBULLYING

Long-term or frequent effects of cyberbullying can put both the victim and the bully at high risk for
anxiety, depression, and other stress-related disorders. In some well-publicized cases, some children
commit suicide. Experts say that children who are bullied - and the bullies themselves - are at greater
risk of suicide and suicide attempts.
14. Right to be forgotten
Definition: In the event that one of a number of circumstances applies, The GDPR's Recitals
65 and 66 and Article 17 states that "The data subject shall have the right to obtain from the
controller the erasure of personal data concerning him or her without undue delay and the controller
shall have the obligation to erase personal data without undue delay." A month is regarded as an
"undue delay". Additionally, you must take reasonable measures to confirm the person making the
erasure request is the data subject.
If people are unable to exercise their rights when they no longer agree to the processing,
when there are material inaccuracies in the data, or when they feel that information is being retained
needlessly, the right to manage one's data is useless.
 APPLICATION
The GDPR states the specific circumstances under which the right to be forgotten applies in
Article 17. A person has the right to have their personal information deleted in some cases below:
 The personal data is no longer necessary for the purpose an organization originally collected
or processed it.
 An organization is relying on an individual’s consent as the lawful basis for processing the
data and that individual withdraws their consent.
 An organization is relying on legitimate interests as its justification for processing an
individual’s data, the individual objects to this processing, and there is no overriding
legitimate interest for the organization to continue with the processing.
What makes a lawful request for erasure is not defined under the GDPR. A request for
erasure may be made either orally or in writing. Not just a designated contact, but any employee of
your company, may get this request. Even if a request does not include the "Right to be Forgotten,"
Article 17, the GDPR, or "Request for Erasure," it is still legal as long as it satisfies the
aforementioned requirements.
A business may face difficulties as a result of the fact that any employee could hear a
legitimate spoken request. An example "Right to Erasure" request form is provided below to assist
you in streamlining the procedure.

II. Cyber study in my daily life

1/ Vietnam’s cyberstudy overview
There was 72.10 million Internet users in Vietnam in January 2022. By 2025, it is anticipated that
Vietnam's digital economy would be worth 43 billion USD. It has, however, been the target of several
hazardous, challenging, and significant cyberattacks.
The nation is rated seventh in terms of the number of victims of cybercrime and is one of the top 10
countries most vulnerable to malware and cyberattacks.
In the first five months of 2022, Vietnam documented approximately 5,500 cases of cyberattacks,
including malware assaults, phishing attempts, and website defacement (changing visual appearance
of a website).
Along with the strong development of technology and telecommunications, crimes using high
technology in the world and Vietnam are also complicated. Damage caused by crime using high
technology over time is increasing day by day, within just 10 years, the damage scale has increased by
620%. The amount of damage is calculated based on the income of computer users and the time their
work is interrupted due to problems caused by computer viruses is also increasing.

2/ Cyber security experiences

1/ Impersonating a relative by transferring money and then appropriating it.
 Objects who set up social accounts (Facebook, Zalo...) or hack other people's accounts (hack) and then
text relatives and friends in the contact list of the fake account holder. money, or by transferring large
amounts of money to the subject's bank account, or sending a notice of a fake money order, with a link to
a fake bank website, asking the victim to access and check. Combined with the OTP code of the
fraudulent bank obtained from the victim, then control the Internet banking account, appropriating all the
money in the victim's bank account.
2/ Claiming to be the authorities calling to announce the investigation
Scammers often impersonate police officers, procuracies, courts or impersonate the police's portal to
notify subscriber owners related to cases under investigation.
Then, exploit the personal information, bank account and request to transfer all the money in the
victim's account to the bank accounts provided by the subject with the reason to serve the investigation.
3/ Taking advantage of the epidemic to send malicious links or trick the sale of fake drugs
Scammers send emails and attachments or links to content about updating the epidemic situation.
When opening an attachment or clicking on a link, the victim's computer will be attacked by malicious
code, thereby revealing personal information, credit card information.
In addition, scammers also use another trick to spread fake news about products of unknown
origin but have the ability to prevent Covid-19 virus, making many people gullible to buy.
3/ Solutions against cybercrime
(1) Activating Automatic Updates on Your Mobile Device
Setting up automatic updates on your mobile device as soon as you can is one of the most
crucial security precautions you can take to protect yourself.
Upgrades to the operating system include security patches, security fixes, and other updates that
serve to increase the security of your device.
(2) Avoid using the same password on different sites
For instance, you may have a password that is both simple to remember and somewhat
secure (it combines letters, numbers, and special characters). However, if you use it on many
websites and one of those websites has a data breach, all of your accounts that utilize that password
will suddenly be at risk.
If you use the same password for your bank and a digital music site, and the former is
breached and data is stolen, your bank is now immediately at risk. To prevent your digital life from
having a "single point of failure," you should try to use different passwords for each website you
visit.
(3) Beware of Suspicious Links or Attachments
You should never, under any circumstances, click on links in emails from senders you
don't know or download attachments you haven't specifically requested for, whether you're talking
about personal or professional email accounts. Even if the link or attachment looks to be from a
person you know, if it sounds shady, get in touch with them to confirm that they sent it.
(4) Never Online Share Personal or Sensitive Information
If you post all of this private information online, a hacker might easily use it along with
your email address to access the targeted account. Your email address and the answers to your
security questions may be found on your social media accounts, after which they can reset your
password to anything they want. You should be careful about what you publish online because if
they gain access to your account, you will find yourself entirely shut off.