Ransomware-attacker mot svenska sjukhus : En kvalitativ studie kring informationssäkerhetsarbetet inom svensk sjukvård

Kjellberg Karlsson, Elin, Hellström Ryckert, Astrid

January 2022

De senaste åren har visat på en ökning av så kallade ransomware-attacker riktade mot sjukvården. Sjukvården är en samhällssektor som besitter en samhällskritisk verksamhet och hanterar känsliga data vilket gör den extra utsatt mot dessa typer av attacker. Under covid-19 pandemin var läget inom sjukvården pressat och detta har setts utnyttjas av angripare som utfört ransomware-attacker riktade mot sjukhus i hopp om att dra nytta av det pressade läget och få en lösensumma utbetald. Effekterna av en sådan attack mot sjukvården kan innebära stora konsekvenser och dessa konsekvenser bör tas i beaktning då skyddsarbetet mot ransomware-attacker utformas vid sjukhusen. För att bilda en förståelse hur svenska sjukhus ser på dessa konsekvenser vid utformningen av säkerhetsarbetet undersöker denna studie ämnet genom en intervjustudie med en teoretisk grund i den informationssäkerhetsmässigt beprövade teorin Protection Motivation Theory (PMT). Sammantaget visade studien på att olika konsekvenser tas olika mycket hänsyn till vid utformningen av säkerhetsarbetet. Konsekvenser för patientsäkerhet är de konsekvenser som studien visade tas störst hänsyn till vid utformningen av säkerhetsarbetet. / Recent years have seen an increase in so-called ransomware attacks targeting healthcare. Healthcare is a sector of society that possesses a socially crucial business and handles sensitive data which makes it particularly vulnerable to these types of attacks. During the covid-19 pandemic, the healthcare sector was under pressure, and this have seen to be exploited by attackers who carried out ransomware attacks targeting hospitals in the hope of taking advantage of the pressured situation and getting the ransom paid. The effects of such an attack against healthcare can have major consequences and should be considered when designing protection against ransomware attacks at hospitals. To form an understanding of whether these consequences have been included in the design of the protection work at hospitals in Sweden, this study examines the subject through an interview study with a theoretical basis in the information security-proven theory Protection Motivation Theory (PMT). Overall, the study showed that different consequences are considered to varying degrees when designing the safety work. Consequences for patient safety are the consequences that the study showed are most considered when designing the safety work.

ransomware

ransomware attacks

IT-security

information security

Protection Motivation Theory

PMT

ransomware

ransomware-attack

IT-säkerhet

informationssäkerhet

Protection Motivation Theory

PMT

Information Systems

Dynamic Chemical Imaging And Analysis Within Biologically Active Materials

Alex M Sherman (10711971)

06 May 2021

A thorough understanding of pharmaceutical and therapeutic products and materials is important for an improved quality of life. By probing the complex behaviors and properties of these systems, new insights can allow for a better understanding of current treatments, improved design and synthesis of new drug products, and the development of new treatments for various health conditions. Often, the impact of these new insights are limited by current technology and instrumentation and by the methods in which existing data is processed. Additionally, current standards for characterization of pharmaceuticals and therapeutics are time-consuming and can delay the timeline in which these products become available to the consumer. By addressing the limitations in current instrumentation and data science methods, faster and improved characterization is possible.<div><br></div><div>Development and improvement in optical instrumentation provides potential solutions to the current limitations of characterization methods by conventional instrumentation. Limitations in speed can be addressed through the use of nonlinear optical (NLO) methods, such as second harmonic generation (SHG) and two-photon excited ultraviolet fluorescence (TPE-UVF) microscopy, or by linear methods such as fluorescence recovery after photobleaching (FRAP). For these methods, a high signal-to-noise ratio (SNR) and a nondestructive nature decrease the overall sample size requirements and collections times of these methods. Furthermore, by combination of these optical techniques with other techniques, such as thermal analysis (e.g. differential scanning calorimetry (DSC)), polarization modulation, or patterned illumination, the collection of more complex and higher quality data is possible while retaining the improved speed of these methods. Thus, this modified instrumentation can allow for improved characterization of properties such as stability, structure, and mobility of pharmaceutical and therapeutic products.<br></div><div><br></div><div>With an increase in data quantity and complexity, improvements to existing methods of analysis, as well as development of new data science methods, is essential. Machine learning (ML) architectures and empirically validated models for the analysis of existing data can provide improved quantification. Using the aforementioned optical instrumentation, auto-calibration of data acquired by SHG microscopy is one such method in which quantification of sample crystallinity is enabled by these ML and empirical models. Additionally, ML approaches utilizing generative adversarial networks (GANs) are able to improve on identification of data tampering in order to retain data security. By use of GANs to tamper with experimentally collected and/or simulated data used in existing spectral classifiers, knowledge of adversarial methods and weakness in spectral classification can be ascertained. Likewise, perturbations in physical illumination can be used to ascertain information on classification of real objects by use of GANs. Use of this knowledge can then be used to prevent further data tampering or by improving identification of data tampering.<br></div>

Nonlinear optical microscopy

Polarization dependence

Image Analysis

Adversarial attacks

Instrumentation

Srovnání současného terorismu s terorismem 70. a 80. let minulého století / Comparison of contemporary terrorism with terrorism of 1970s and 1980s

Knytlová, Petra

January 2012

The thesis deals with terrorism and its development as a social phenomenon since 1970s. It has argued that terrorism has undergone a process of radicalization and globalization, particularly as a result of the changed international situation and proliferation of modern technology. Nationalistic terrorism has been replaced with a global form of terrorism. In a similar vein, revolutionist ideologies, typical for terrorist groups of 1970s and 1980s, has given a way to radical interpretations of religions, namely Islamism, which has received substantial popularity as a result of prevailing grievances of the Muslim world. Even though there is no clear distinction between the old and the new form of terrorism, the two social phenomena differ to an important extent. During the second half of 20th century leftist terrorist groups dominated the scene with their fight for a regime change and battle against capitalism as well as imperialism. The organization of the groups took the form of hierarchy and had only limited number of members. At the beginning of the new millennium, the situation changed dramatically with the proliferation of Islamic groups, including the global terrorist group al-Qaeda. The groups work without a formal power structure and are able to hit targets anywhere in the world, as the...

A Literature Review of Connected and Automated Vehicles : Attack Vectors Due to Level of Automation

Kero, Chanelle

January 2020

The manufacturing of connected and automated vehicles (CAVs) is happening and they are aiming at providing an efficient, safe, and seamless driving experience. This is done by offering automated driving together with wireless communication to and from various objects in the surrounding environment. How automated the vehicle is can be classified from level 0 (no automation at all) to level 5 (fully automated). There is many potential attack vectors of CAVs for attackers to take advantage of and these attack vectors may change depending on what level of automation the vehicle have. There are some known vulnerabilities of CAVs where the security has been breached, but what is seemed to be lacking in the academia in the field of CAVs is a place where the majority of information regarding known attack vectors and cyber-attacks on those is collected. In addition to this the attack vectors may be analyzed for each level of automation the vehicles may have. This research is a systematic literature review (SLR) with three stages (planning, conducting, and report) based on literature review methodology presented by Kitchenham (2004). These stages aim at planning the review, finding articles, extracting information from the found articles, and finally analyzing the result of them. The literature review resulted in information regarding identified cyberattacks and attack vectors the attackers may use as a path to exploit vulnerabilities of a CAV. In total 24 types of attack vectors were identified. Some attack vectors like vehicle communication types, vehicle applications, CAN bus protocol, and broadcasted messages were highlighted the most by the authors. When the attack vectors were analyzed together with the standard of ‘Levels of Driving Automation’ it became clear that there are more vulnerabilities to consider the higher level of automation the vehicle have. The contributions of this research are hence (1) a broad summary of attack vectors of CAVs and (2) a summary of these attack vectors for every level of driving automation. This had not been done before and was found to be lacking in the academia.

Attack Vector

CAV

Connected and Automated Vehicle

Cyber-Attacks

Cyber-Security

ITS

Levels of Driving Automation

VANET

Vehicular Communication

Computer and Information Sciences

Data- och informationsvetenskap

Information Systems

Policy-driven autonomic cyberdefense using software-defined networking / Cyberdefense autonome pilotée par règles à l'aide d'un réseau défini par logiciel

Sahay, Rishikesh

14 November 2017

Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAI / Cyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP

Cyberdéfense autonome

Réseau défini par logiciel

Attaques par déni de service

Gestion de réseau à base de règles

OpenFlow

Autonomic cyberdefense

Software defined networking

Denial of service attacks

Policy based network management

OpenFlow

Plusieurs axes d'analyse de sites web compromis et malicieux / A multidimensional analysis of malicious and compromised websites

Canali, Davide

12 February 2014

L'incroyable développement du World Wide Web a permis la création de nouveaux métiers, services, ainsi que de nouveaux moyens de partage de connaissance. Le web attire aussi des malfaiteurs, qui le considèrent comme un moyen pour gagner de l'argent en exploitant les services et la propriété d'autrui. Cette thèse propose une étude des sites web compromis et malicieux sous plusieurs axes d'analyse. Même si les attaques web peuvent être de nature très compliquées, on peut quasiment toujours identifier quatre acteurs principaux dans chaque cas. Ceux sont les attaquants, les sites vulnérables hébergés par des fournisseurs d'hébergement, les utilisateurs (souvent victimes des attaques), et les sociétés de sécurité qui parcourent Internet à la recherche de sites web compromis à être bloqués. Dans cette thèse, nous analysons premièrement les attaques web du point de vue des hébergeurs, en montrant que, même si des outils gratuits permettent de détecter des signes simples de compromission, la majorité des hébergeurs échouent dans cette épreuve. Nous passons en suite à l'analyse des attaquants et des leurs motivations, en étudiant les attaques web collectés par des centaines de sites web vulnérables. Ensuite, nous étudions le comportement de milliers de victimes d'attaques web, en analysant leurs habitudes pendant la navigation, pour estimer s'il est possible de créer des "profils de risque", de façon similaire à ce que les compagnies d'assurance font aujourd'hui. Enfin, nous adoptons le point de vue des sociétés de sécurité, en proposant une solution efficace pour la détection d'attaques web convoyées par sites web compromis / The incredible growth of the World Wide Web has allowed society to create new jobs, marketplaces, as well as new ways of sharing information and money. Unfortunately, however, the web also attracts miscreants who see it as a means of making money by abusing services and other people's property. In this dissertation, we perform a multidimensional analysis of attacks involving malicious or compromised websites, by observing that, while web attacks can be very complex in nature, they generally involve four main actors. These are the attackers, the vulnerable websites hosted on the premises of hosting providers, the web users who end up being victims of attacks, and the security companies who scan the Internet trying to block malicious or compromised websites. In particular, we first analyze web attacks from a hosting provider's point of view, showing that, while simple and free security measures should allow to detect simple signs of compromise on customers' websites, most hosting providers fail to do so. Second, we switch our point of view on the attackers, by studying their modus operandi and their goals in a distributed experiment involving the collection of attacks performed against hundreds of vulnerable web sites. Third, we observe the behavior of victims of web attacks, based on the analysis of their browsing habits. This allows us to understand if it would be feasible to build risk profiles for web users, similarly to what insurance companies do. Finally, we adopt the point of view of security companies and focus on finding an efficient solution to detecting web attacks that spread on compromised websites, and infect thousands of web users every day

Sécurité

Analyse de données

Attaques web

Drive-by download

Profil utilisateur

Site web malveillant

Sécurity

Data analysis

Web attacks

Drive-by download

User profiling

Malicious website

Protection du contenu des mémoires externes dans les systèmes embarqués, aspect matériel / Protecting the content of externals memories in embedded systems, hardware aspect

Ouaarab, Salaheddine

09 September 2016

Ces dernières années, les systèmes informatiques (Cloud Computing, systèmes embarqués, etc.) sont devenus omniprésents. La plupart de ces systèmes utilisent des espaces de stockage (flash,RAM, etc.) non fiables ou non dignes de confiance pour stocker du code ou des données. La confidentialité et l’intégrité de ces données peuvent être menacées par des attaques matérielles (espionnage de bus de communication entre le composant de calcul et le composant de stockage) ou logicielles. Ces attaques peuvent ainsi révéler des informations sensibles à l’adversaire ou perturber le bon fonctionnement du système. Dans cette thèse, nous nous sommes focalisés, dans le contexte des systèmes embarqués, sur les attaques menaçant la confidentialité et l’intégrité des données qui transitent sur le bus de communication avec la mémoire ou qui sont stockées dans celle-ci.Plusieurs primitives de protection de confidentialité et d’intégrité ont déjà été proposées dans la littérature, et notamment les arbres de Merkle, une structure de données protégeant efficacement l’intégrité des données notamment contre les attaques par rejeu. Malheureusement,ces arbres ont un impact important sur les performances et sur l’empreinte mémoire du système.Dans cette thèse, nous proposons une solution basée sur des variantes d’arbres de Merkle (arbres creux) et un mécanisme de gestion adapté du cache afin de réduire grandement l’impact de la vérification d’intégrité d’un espace de stockage non fiable. Les performances de cette solution ont été évaluées théoriquement et à l’aide de simulations. De plus, une preuve est donnée de l’équivalence, du point de vue de la sécurité, avec les arbres de Merkle classiques.Enfin, cette solution a été implémentée dans le projet SecBus, une architecture matérielle et logicielle ayant pour objectif de garantir la confidentialité et l’intégrité du contenu des mémoires externes d’un système à base de microprocesseurs. Un prototype de cette architecture a été réalisé et les résultats de l’évaluation de ce dernier sont donnés. / During the past few years, computer systems (Cloud Computing, embedded systems...) have become ubiquitous. Most of these systems use unreliable or untrusted storage (flash, RAM...)to store code or data. The confidentiality and integrity of these data can be threaten by hardware (spying on the communication bus between the processing component and the storage component) or software attacks. These attacks can disclose sensitive information to the adversary or disturb the behavior of the system. In this thesis, in the context of embedded systems, we focused on the attacks that threaten the confidentiality and integrity of data that are transmittedover the memory bus or that are stored inside the memory. Several primitives used to protect the confidentiality and integrity of data have been proposed in the literature, including Merkle trees, a data structure that can protect the integrity of data including against replay attacks. However, these trees have a large impact on the performances and the memory footprint of the system. In this thesis, we propose a solution based on variants of Merkle trees (hollow trees) and a modified cache management mechanism to greatly reduce the impact of the verification of the integrity. The performances of this solution have been evaluated both theoretically and in practice using simulations. In addition, a proof a security equivalence with regular Merkle treesis given. Finally, this solution has been implemented in the SecBus architecture which aims at protecting the integrity and confidentiality of the content of external memories in an embedded system. A prototype of this architecture has been developed and the results of its evaluation are given.

Systèmes embarqués

Mémoire cache

Sécurité

Confidentialité

Attaques par rejeu

Arbres de Merkle

SoCLib

SoC

ZedBoard

Embedded systems

Cache memory

Security

Confidentiality

Replays attacks

Merkle trees

SoCLib

SoC

ZedBoard

Multidimensionality of the models and the data in the side-channel domain / Multidimensionnalité des modèles et des données dans le domaine des canaux auxiliaires

Marion, Damien

05 December 2018

Depuis la publication en 1999 du papier fondateur de Paul C. Kocher, Joshua Jaffe et Benjamin Jun, intitulé "Differential Power Analysis", les attaques par canaux auxiliaires se sont révélées être un moyen d’attaque performant contre les algorithmes cryptographiques. En effet, il s’est avéré que l’utilisation d’information extraite de canaux auxiliaires comme le temps d’exécution, la consommation de courant ou les émanations électromagnétiques, pouvait être utilisée pour retrouver des clés secrètes. C’est dans ce contexte que cette thèse propose, dans un premier temps, de traiter le problème de la réduction de dimension. En effet, en vingt ans, la complexité ainsi que la taille des données extraites des canaux auxiliaires n’a cessé de croître. C’est pourquoi la réduction de dimension de ces données permet de réduire le temps et d’augmenter l’efficacité des attaques. Les méthodes de réduction de dimension proposées le sont pour des modèles de fuites complexe et de dimension quelconques. Dans un second temps, une méthode d’évaluation d’algorithmes logiciels est proposée. Celle-ci repose sur l’analyse de l’ensemble des données manipulées lors de l’exécution du logiciel évalué. La méthode proposée est composée de plusieurs fonctionnalités permettant d’accélérer et d’augmenter l’efficacité de l’analyse, notamment dans le contexte d’évaluation d’implémentation de cryptographie en boîte blanche. / Since the publication in 1999 of the seminal paper of Paul C. Kocher, Joshua Jaffe and Benjamin Jun, entitled "Differential Power Analysis", the side-channel attacks have been proved to be efficient ways to attack cryptographic algorithms. Indeed, it has been revealed that the usage of information extracted from the side-channels such as the execution time, the power consumption or the electromagnetic emanations could be used to recover secret keys. In this context, we propose first, to treat the problem of dimensionality reduction. Indeed, since twenty years, the complexity and the size of the data extracted from the side-channels do not stop to grow. That is why the reduction of these data decreases the time and increases the efficiency of these attacks. The dimension reduction is proposed for complex leakage models and any dimension. Second, a software leakage assessment methodology is proposed ; it is based on the analysis of all the manipulated data during the execution of the software. The proposed methodology provides features that speed-up and increase the efficiency of the analysis, especially in the case of white box cryptography.

Attaques par canaux auxiliaires

Réduction de dimension

Modèles de fuites

Cryptographie en boîte blanche

AES

Side-channel attacks

Dimensionality reduction

Leakage models

White box cryptography

AES, Advanced Encryption Standard

Cryptanalyse des algorithmes de type Even-Mansour / Cryptanalysis of Even-Mansour type algorithms

Mavromati, Chrysanthi

24 January 2017

Les algorithmes cryptographiques actuels se répartissent en deux grandes familles : les algorithmes symétriques et les algorithmes asymétriques. En 1991, S. Even et Y. Mansour ont proposé une construction simple d'un algorithme de chiffrement par blocs en utilisant une permutation aléatoire. Récemment, surtout pour répondre aux nouveaux enjeux de la cryptographie à bas coût, plusieurs algorithmes ont été proposés dont la construction est basée sur le schéma Even-Mansour. Les travaux réalisés dans cette thèse ont pour objet l'analyse de ce type d'algorithmes. À cette fin, nous proposons une nouvelle attaque générique sur le schéma Even-Mansour. Ensuite, afin de montrer l'importance particulière du modèle multi-utilisateurs, nous appliquons cette attaque générique dans ce modèle. Ces deux attaques sur Even-Mansour introduisent deux nouvelles idées algorithmiques : les chaînes parallèles et la construction d'un graphe qui illustre les liens entre les clés des utilisateurs du modèle multi-utilisateurs. Finalement, basés sur ces idées, nous proposons des attaques sur les algorithmes de chiffrement par blocs DESX et PRINCE et sur le code d'authentification de message Chaskey. / Current cryptographic algorithms are divided into two families: secret-key algorithms (or symmetric algorithms) and public-key algorithms. Secret-key cryptography is characterized by the sharing of the same key K used by both legitimate users of the cryptosystem. Bloc ciphers are one of the main primitives of symmetric cryptography. In 1991, S. Even and Y. Mansour proposed a minimal construction of a bloc cipher which uses a random permutation. Recently, in the context of lightweight cryptography, many algorithms based on the Even-Mansour scheme have been proposed. In this thesis, we focus on the analysis of this type of algorithms. To this purpose, we propose a generic attack on the Even-Mansour scheme. To show the particular importance of the multi-user model, we adapt our attack to this context. With these attacks, we introduce two new algorithmic ideas: the parallel chains and the construction of graph which represents the relations between the keys of the users of the multi-user model. Finally, we use these ideas and we present attacks on the bloc ciphers DESX and PRINCE and on the message authentication code (MAC) Chaskey.

Chiffrement par bloc

Even-Mansour

Mac

PRINCE

Chaskey

Attaques par collision

Bloc cipher

Even-Mansour

Mac

PRINCE

Chaskey

Collision based attacks

005.82

Life Post 9/11: Experiences of Korean Americans Ten Years Later

Lee, Jay

18 July 2013

This is one of the first qualitative studies to investigate experiences of Korean-American Christians living in New York City at the time of 9/11. This study sought to gain an understanding of how a group of Second Generation Korean-American Christians living in New York City at the time of the 9/11 attacks experienced that event and the event's impact on their religious beliefs. The study also investigated the communication context at the time of the ten year anniversary of the event, September 11th, 2011. The guiding research questions were: RQ1) What were their life experiences of 9/11? RQ2) Was their religious status affected by the event? RQ3) What is being communicated about 9/11 after 10 years? The research design was a phenomenological study that included eight individual interviews with second generation Korean-Americans who were 14-18 years of age at the time of the 9/11 attacks. Four initial macro level thematic patterns emerged: I: The day of the attack. II: Immediate Post 9/11. III: Religious Impact. IV: 9/11 Ten years later. Some key findings in the study included narratives of various emotional responses to the event, such as panic, disbelief, and fear. Age was significant, as participants recognized how their age during and after the event, impacted their lived experiences and understanding of 9/11. Location impacted participants and their loved ones. Each participant was in high school during 9/11 which affected ways of gathering information, the impact of seeing smoke coming from the World Trade Towers, and having poor cell phone reception. The study also revealed that two participants became more religious and active in the Christian church directly because of 9/11, while the attitudes, beliefs, and practices of the other six participants were found to be unaffected by 9/11. At the ten year anniversary of 9/11 safety in New York City and in U.S. post 9/11, 'feeling vulnerable' to attacks, and 9/11 being `just another day' were among the issues addressed by participants.

September 11 Terrorist Attacks

2001 -- Influence

Korean Americans -- Religious life

Christianity

Critical and Cultural Studies

Korean Studies