UNIVERSITY OF HERTFORDSHIRE
SCHOOL OF COMPUTER SCIENCE
BSc COMPUTER SCIENCE
6WCM0032-0901-2018 – Computer Systems Security (COM)
Task 1 – “Ethical Hacking as a defense mechanism and operation”
SHASHI DEV PERSAD
BSc Computer Science
ACADEMIC YEAR- 2018-19
MONDAY OCTOBER 15TH 20181.0 INTRODUCTION
Computer technology has developed exponentially since the dawn of the new millennium and brings with it many good things: electronic commerce, online banking, e-mail, video conferencing etc. The problem is that with evolution of computer technology there are also evolving dark sides which can be classified as computer crime. Computer crime is more commonly known as “Cyber-crime”.
“Cybercrime is a criminal act in which computerized equipment, automated service, or communications mechanism is either the object or the means of perpetrating legal or regulatory restricted or prohibited offenses.” (Schreider 2017).
The UK’s National Cyber Security Strategy 2016 defines threats by cyber criminals who commit cyber-crimes:
“THREATS Cyber criminals 3.2. This strategy deals with cyber-crime in the context of two interrelated forms of criminal activity:
• cyber-dependent crimes – crimes that can be committed only through the use of Information and Communications Technology (ICT) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g. developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity);
• cyber-enabled crimes – traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).” (National Cyber Security Strategy 2016)
The improvement of systems security to prevent a criminal hacker has become an important concern to society. There are many ways to protect those information systems and Ethical Hacking can be utilized as one of the methods. This report analyses the ethical, legal, and social implications of Ethical Hacking as a defense mechanism with the purpose of finding out if ethical hacking is ethical or unethical and to draw conclusions to support Ethical Hacking as a non-criminal activity.
2.0 COMPUTER CRIMINAL ACTIVITIES
“Society prepares the crime, the criminal commits it” – Henry Thomas Buckle.
It would be about difficult to construct associations with the law in a digital security plan without knowing the essentials of criminal law. Two elements of criminal law to be considered:
Mens rea- The guilty state of mind or the evil intent of the offender. However, as cybercriminals operate remotely and customarily without witnesses, it’s nearly not possible to prove their intent or state of mind during the commission of their hacking into a system or network.
Actus Reus- actus reus is the criminality of the offense itself where law enforcement collects the evidence and witness testimony necessary to prove beyond a reasonable doubt that one or more individuals committed the crime (Schreider 2017). Unfortunately, existing laws nearly create it not possible for prosecutors to ascertain wrongdoing due to the fact that would be cybercrime offenders can easily cover their digital tracks or evidence.
TRADITIONAL CRIME VS CYBERCRIME
Cybercrimes are more prevalent than traditional crimes. This is because recently, computers or networks have been used to facilitate traditional crime such as theft, blackmail and forgery (Law Essays and Papers, 2018)
The table below shows a comparison of traditional crime vs cybercrime:
TRADITIONAL CRIME CYBERCRIME
Theft- Criminal theft is a general term used to describe crimes that involve the taking of personal property without the owner’s consent (Sewell 2018) Identity Theft- Identity theft is the act of a person obtaining information illegally about someone else. Thieves CITATION Com17 l 1033 (Anon., 2017) try to find such information as full name, maiden name, address, date of birth, social security number, passwords, phone number, e-mail, and credit card numbers. The thief can then use this information to gain access to bank accounts, e-mail, cell phones, identify themselves as you, or sells your information (Computer Hope 2017)
Blackmail- Blackmail is the crime of threatening to reveal embarrassing, disgraceful or damaging information about a person to the public, family, spouse or associates unless money is paid to purchase silence (US Legal Inc., 2016) Cyber extortion- Cyber extortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack (TechTarget 2018)
Forgery- A person commits the crime of forgery in the first degree if, with intent to defraud, he falsely makes, completes or alters a written instrument (US Legal Inc., 2016) Computer Forgery- When a perpetrator alters documents stored in computerized form, the crime committed may be forgery. In this instance, computer systems are the target of criminal activity. Computers, however, can also be used as instruments with which to commit forgery (Wells 2002)
2.2 HOW ARE CYBERCRIMES COMITTED?
There are several types of cybercrimes and these are highlighted below:
Cyber Crime against Individual
Cyber Stalking ; Harassment
Cyber Crime against Property
Intellectual Property Crimes
Cyber Crime against Organization
Denial of Service Attacks
Notable recent cybercrime court cases mentionable are:
July 26, 2013 – Five Russian and Ukrainian hackers charged in $300 million crime from the theft and use of 160 million credit card numbers from Carrefour SA, JCPenney, JetBlue Airways, Visa, and others (Williams, 2015).
December 17, 2015 – Six defendants from China, Germany, Singapore, and the US plead guilty to $100 million software piracy scheme. Over a period of six years 170,000 stolen Microsoft and Adobe activation keys were sold illegally (US Department of Justice, 2015).
September 6, 2018- DOJ to charge North Korean Spy in Sony Hack (Steinbuch, 2018)
What is the difference between a hacker and a cracker?
Hacker- While this term originally referred to a clever or expert programmer, it is now more commonly used to refer to someone who can gain unauthorized access to other computers (Christensson, 2006)
By definition, hackers are someone who enthusiastically likes the workings of programs, systems, computers and computer networks, and can be assumed as experts in the field.
Along with the passage of time there are many terms that have similarities with hackers, for example crackers. A simple cracker is a criminal hacker, which is someone who tries illegally to get access to the system to steal or damage information.
From the definition of hackers, the term ethical hacker appears, namely an ethical hacker is an individual hired to hack into a system to identify and repair potential vulnerabilities, effectively preventing exploitation by malicious hackers. They are security experts that specialize in the penetration testing (pen-testing) of computer and software systems for the purpose of evaluating, strengthening and improving security (Techopedia, 2018).
Ethical hackers use the same tools as hackers, but they are not threatening the system. Some people do ethical hacking as a hobby, while some do for careers.
Ethical Hackers assess frameworks utilizing various techniques, some of which include:
Denial of Service (DoS) assaults: These are generally connected by flooding a framework with solicitations, rendering it unfit to deal with extra demands, which ends administration to different clients or results in framework flood as well as shutdown.
Social Engineering strategies: Similar to basic extortion, these incorporate any demonstration that controls a client into disclosing data or performing particular activities.
Security scanners: Used to find vulnerabilities, security scanners are misuse instruments intended to find vulnerabilities in systems.
Organizations must strive to identify risks and impacts for the protection mechanism. Part of the work of an ethical hacker is to identify potential vulnerabilities to critical assets and testing systems to see if they are vulnerable to exploitation. The activities described are security tests. Ethical hackers can conduct security tests from unknown perspectives, blackbox testing, or with all documentation and test object knowledge, whitebox testing. The type of approach to the test taken will depend on the time, funds and purpose of the security test. Organizations can have many aspects of their protective systems tested, such as physical security, telephone systems, wireless access, insider access, or external hacking. To do this test, ethical hackers need a variety of skills. They must be proficient in the technical aspects of the network but also understand the policies and procedures. There is no one ethical hacker understands all operating systems, network protocols, or application software. If Ethical hacking was not legal, there would not be certification courses (e.g. CEH certification) made available to persons willing to pursue a career in ethical hacking.
BIBLIOGRAPHY Anon., 2016. National Cyber Security Strategy 2016. Online Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdfAccessed 15 October 2018.
Anon., 2016. US Legal, Inc. Online Available at: https://definitions.uslegal.com/b/blackmail/Accessed 15 October 2018.
Anon., 2017. Computer Hope. Online Available at: https://www.computerhope.com/jargon/i/identhef.htmAccessed 15 October 2018.
Anon., 2018. Traditional Crime and Cyber Crime. Online Available at: https://lawaspect.com/traditional-crime-cyber-crime/Accessed 15 October 2018.
Match, L., 2018. Criminal Theft vs Civil Theft. Online Available at: https://www.legalmatch.com/law-library/article/criminal-theft-vs-civil-theft.htmlAccessed 15 October 2018.
Office of Public Affairs, U. D. o. J., 2015. Justice News. Online Available at: https://www.justice.gov/opa/pr/operation-software-slashers-six-defendants-plead-guilty-100-million-software-piracy-schemeAccessed 15 October 2018.
Rouse, M., 2015. TechTarget. Online Available at: https://searchsecurity.techtarget.com/definition/cyberextortionAccessed 15 October 2018.
Schreider, T., 2017. The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business. s.l.:Rothstein Publishing.
Steinbuch, Y., 2018. New York Post. Online Available at: https://nypost.com/2018/09/06/doj-to-charge-north-korean-spy-in-sony-hack/Accessed 15 October 2018.
Wells, J. T., 2002. The Computer as a Tool for Fraud. In: Computer Fraud and Information Security. s.l.:AICPA/PDI, p. Chapter 3.
Williams, K., 2015. The Hill. Online Available at: https://thehill.com/policy/cybersecurity/253904-second-russian-hacker-pleads-guilty-in-massive-data-theft-schemeAccessed 15 October 2018.
Hacking- Christensson, P. (2006). Hacker Definition. Retrieved 2018, Oct 15, from https://techterms.com