Ethical Hacking
eBook - ePub

Ethical Hacking

Alana Maurushat

  1. 368 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Ethical Hacking

Alana Maurushat

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

How will governments and courts protect civil liberties in this new era of hacktivism? Ethical Hacking discusses the attendant moral and legal issues. The first part of the 21st century will likely go down in history as the era when ethical hackers opened governments and the line of transparency moved by force. One need only read the motto "we open governments" on the Twitter page for Wikileaks to gain a sense of the sea change that has occurred.
Ethical hacking is the non-violent use of a technology in pursuit of a cause—political or otherwise—which is often legally and morally ambiguous. Hacktivists believe in two general but spirited principles: respect for human rights and fundamental freedoms, including freedom of expression and personal privacy; and the responsibility of government to be open, transparent and fully accountable to the public.
How courts and governments will deal with hacking attempts which operate in a grey zone of the law and where different ethical views collide remains to be seen. What is undisputed is that Ethical Hacking presents a fundamental discussion of key societal questions.
A fundamental discussion of key societal questions. This book is published in English.
-
La première moitié du XXI e siècle sera sans doute reconnue comme l'époque où le piratage éthique a ouvert de force les gouvernements, déplaçant les limites de la transparence. La page twitter de Wikileaks enchâsse cet ethos à même sa devise, « we open governments », et sa volonté d'être omniprésent. En parallèle, les grandes sociétés de technologie comme Apple se font compétition pour produire des produits de plus en plus sécuritaires et à protéger les données de leurs clients, alors même que les gouvernements tentent de limiter et de décrypter ces nouvelles technologies d'encryption.

Entre-temps, le marché des vulnérabilités en matière de sécurité augmente à mesure que les experts en sécurité informatique vendent des vulnérabilités de logiciels des grandes technologies, dont Apple et Google, contre des sommes allant de 10 000 à 1, 5 million de dollars. L'activisme en sécurité est à la hausse.

Le piratage éthique est l'utilisation non-violence d'une technologie quelconque en soutien d'une cause politique ou autre qui est souvent ambigue d'un point de vue juridique et moral. Le hacking éthique peut désigner les actes de vérification de pénétration professionnelle ou d'experts en sécurité informatique, de même que d'autres formes d'actions émergentes, comme l'hacktivisme et la désobéissance civile en ligne.

L'hacktivisme est une forme de piratage éthique, mais également une forme de militantisme des droits civils à l'ère numérique. En principe, les adeptes du hacktivisme croient en deux grands principes: le respect des droits de la personne et les libertés fondamentales, y compris la liberté d'expression et à la vie privée, et la responsabilité des gouvernements d'être ouverts, transparents et pleinement redevables au public.

En pratique, toutefois, les antécédents comme les agendas des hacktivistes sont fort diversifiés. Il n'est pas clair de quelle façon les tribunaux et les gouvernements traiteront des tentatives de piratage eu égard aux zones grises juridiques, aux approches éthiques conflictuelles, et compte tenu du fait qu'il n'existe actuellement, dans le monde, presque aucune exception aux provisions, en matière de cybercrime et de crime informatique, liées à la recherche sur la sécurité ou l'intérêt public. Il sera également difficile de déterminer le lien entre hacktivisme et droits civils.

Ce livre est publié en anglais.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Ethical Hacking un PDF/ePUB en línea?
Sí, puedes acceder a Ethical Hacking de Alana Maurushat en formato PDF o ePUB, así como a otros libros populares de Diritto y Diritto in ambito scientifico e tecnologico. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
University of Ottawa Press
Año
2019
ISBN
9780776627939
Categoría
Diritto
Categoría
Diritto in ambito scientifico e tecnologico

CHAPTER I

Why Ethical Hacking?

This book aims to explore the issue of ethical hacking from an unconventional and unique viewpoint, one that draws upon my own vast experience in this area. My background spans seventeen years and has incorporated roles as a law and cyber-security professor, human-rights activist, cyber-policy consultant, technology developer, and cybercrime investigation advisor. It is this experience that I will draw upon to form the pillars of the book, which departs from some of the conventional thinking in this area. This is not a book about Anonymous or about hacking organizations per se, though case studies from various incidences are certainly explored. This book is about various types of activities that are often referred to as “ethical hacking”—hacking for an ethical reason—whereby it will be argued that law and policy ought not to be the same here as for those hacking activities that are purely for economic gain or to cause harm or mischief. As will be seen, I have grouped ethical hacking into five groups:
  • online civil disobedience;
  • hacktivism;
  • penetration testing and security-vulnerability disclosure;
  • counterattack/hackback; and
  • security activism.
Let us start this journey first by talking briefly about you, about me, and then a lot about ethical hacking.

1.1 You

The book is designed to cater to a broad spectrum of readers, ranging from cyber-security experts and policy-makers to academics. Despite its intended primary audience, the book has also been written in such a manner as to make it accessible not only to university students but the broader general public. The complexity and rate of change seen within areas of technology, cyber security, and ethical hacking make it essential not to assume that you are across all terminology. There are many terms that common media and blogs use incorrectly or interchangeable, such as “computer virus,” which turns out to be a “computer worm.” Other new methods of malicious-software propagation may emerge that a reader would not necessarily be familiar with. In general, ethical hacking involves many technical terms that require a foundational level of understanding in order to better understand policy and other issues. For example, a denial-of-service attack is potentially lawful if your own device is used to participate in an online political protest. It would not be lawful to use a botnet that connects to unknown or third-party devices to participate in the same protest. The aim is to provide you with digestible material that demonstrates concepts through engaging case studies. These case studies of ethical hacking, spanning the last twenty years, are dissected and catalogued in a manner that identifies the groups and movements, their motivations, and the techniques they used. You will see some of the most notorious of these incidences explored referenced in chapters 46, then selected incidences are looked in context and by issues in chapters 713.
If you are a policy-maker, chapters 37 and 14 are essential reading. Chapter 3 provides the only publicly available quantitative analysis of ethical hacking in the world. The stark numbers contained within this chapter will assist you in demonstrating why the decisions and policies you recommend are fundamentally essential. As a policy-maker, you are all too aware that in a world of cleverly masked sensationalism posing as substantive information it has become difficult to discern what information can be trusted. Chapters 46 table legal cases and selected noteworthy incidences from the quantitative analysis. Throughout chapters 713 I aim to provide you with intricate and, at times, intimate looks at the world of ethical hacking, which will assist you in generating well-informed and robust policy. Chapter 14 discusses the required frameworks and changes required as a matter of both policy and law.
If you are a cyber-security expert or consider yourself a hacktivist, there are ethical and legal issues contained within this book that are essential reading. This includes policy and legal lines to be cautious of, which could easily see you cross from that of “ignore action with caution” to one of “prosecute” by authorities. These cautionary tales are drawn from my experience undertaking a large range of roles, as described above.
As I know all too well, the issues surrounding cyber security have garnered interest from a broad demographic of society, and is not limited to just policy-makers, experts, and academics. Even if you do not fit within any of the three later categories, I would still love for you to drop me a line at alanacybersecurity.com and let me know your background. While I keep analytics on how many people visit the site, and the general geographic area of the IP addresses, this will give me an opportunity to engage with you and understand the broader community interests. But please remember that if you are looking at the site or wish to contact me about a private or sensitive matter, this site offers no anonymity to you. So, connect with a VPN, proxy or other anonymizer such as TOR.
www.alanacybersecurity.com
There is also the option of communicating later using encryption and, for journalists, I have and use Signal.

1.2 Me

I have a confession: I am an ethical hacker. I use technology in a non-violent way in the pursuit of a cause, political or otherwise, which is often legally and morally ambiguous. I don’t intentionally break the law. Many of the actions I take are assumed by politicians, lawmakers, and people around the globe to be legal because there are few to no legal precedents and scant reportage. The law is written broadly, in a way that captures far more than one might expect. Part of my motivation for writing this book is to highlight how desperately new law and policy are required for ethical hackers.
As a human-rights activist I work to educate and protect online civil liberties globally, but more specifically for the jurisdictions in which I have lived and worked, namely Canada, Hong Kong, and Australia. When I lived in Hong Kong I provided research assistance for the OpenNet Initiative (a collaborative partnership between the Citizen Lab at the University of Toronto, the Berkman Center for Internet & Society at Harvard Law School, and the Advanced Network Research Group at the Cambridge Security Programme, Cambridge University) to examine how Chinese authorities filtered the Internet in 2003–2005. The testing of which sites were blocked in the Chinese firewall meant that a host of domestic Chinese laws were violated, even though the object was merely to provide an accurate reflection of what types of sites were blocked, along with where, when, and possibly why these sites were filtered. I continue to be involved in research efforts addressing civil liberties and Internet freedom for the nongovernmental Freedom House, a liberty watchdog. I was the researcher and author of the Australian Internet Freedom portion of the annual Freedom House Report, Freedom on the Net (2011–2017). Freedom on the Net is the most widely utilized worldwide resource for activists, government officials, journalists, businesses, and international organizations aiming to understand the emerging threats and opportunities in the global Internet landscape, as well as policies and developments in individual countries.
I am a professor and researcher above all else—I currently am the Professor of Cybersecurity and Behaviour at Western Sydney University. I am in the privileged position of leading multidisciplinary research and lecturing teams across a range of cyber-security projects and courses. I work with industry, government, and civil society on a daily basis. But my views about ethical hacking can be traced to a time and place long before I became a professor of cyber security. Here is a bit more about what informs the research, analysis, and opinions represented in this book.
I was a key researcher with the law and policy division of the Data to Decisions Cooperative Research Centre (D2DCRC). The D2DCRC specializes in big data/artificial intelligence for national-security purposes. The centre involved multiple computer scientists and data scientists from universities, industry (e.g., Palantir and SASS) along with governmental departments predominantly in Australia but also in Canada and the United Kingdom. With the D2DCRC, we worked on confidential matters where we helped groups make informed decisions on how new technologies were being built and how they would function based on proposed new legal and policy frameworks.
From an international perspective, I was fortunate enough to be asked to speak at a United Nations workshop in China on cyber security and human rights, where the majority of attendees were students and professors in the cyber-security division of the People’s Liberation Army’s National Defence University. The questions asked and views imparted to me were enlightening, and reminded me how much misinformation there is in cyber security and ethical hacking. My research from my honours in law, masters, and PhD degrees—and indeed my current research—has been entirely interdisciplinary, as has my work with government, law firms, and later with universities. For my PhD I worked with underground security-activist groups concerned with botnets, conducted empirical qualitative research, and worked closely with the technical community to deepen the research. I worked with individuals and organizations in Europe, Asia, North America, and Australia. This included dialoguing and consulting with individuals from Internet-service providers, the Australian Communications and Media Authority, computer emergency response teams (in Australia, Canada, and Estonia), cyber-security journalists, Shadowserver, various computer-science researchers, and the National Cyber-Forensic Training Alliance (an FBI and Carnegie Melon cybercrime training and investigative service, located in Pittsburgh). The thesis could best be described as in the field of cyber security, using methods and analysis from criminology, economics, information systems, and the law. This book borrows from my graduate work in botnets, especially in the chapter on security activism.
I am on the board of directors and am the special cyber adviser for the investigation firm IFW Global. IFW is an investigation firm specializing in cybercrime and intelligence. My advisory work has involved performing a variety of tasks, including surveillance advice, developing protocols for sensitive investigations in foreign countries, providing legal information on investigative procedures and contracting with intelligence units, as well as writing memoranda for arbitration disputes involving counterfeit engineering products. Our investigations have involved online fraud and malicious online conduct, which has led us to cooperate with cybercrime and anti-money laundering divisions of the FBI, CIA, Interpol, the AFP, the New South Wales Police Force, and Thai and Philippines police. Our investigatory work on one cybercrime case led to corruption investigations and charges against certain members of the Queensland police force. IFW is globally renowned for shutting down and recovering funds from sophisticated online organized crime, including payment-diversion fraud and boiler-room and binary-option scams.
Payment-diversion fraud typically involves a situation where a network and/or devices on a network are compromised, a criminal watches the actions of the company over time and is able to divert payment due to a supplier to an unknown third party. This is also known as compromised supply-chain fraud.
A boiler-room scam typically refers to a call centre selling questionable investments over the phone, and nearly almost always with legitimate looking fake websites.
Binary options involve a highly speculative form of trading where you don’t trade on a market but you often trade against a binary-option “company” (in market parlance, a bucket shop)—effectively, an illegitimate broker. The binary-option broker has a backdoor into an online trading platform, where the broker can manipulate prices while you, the potential customer, is trading—ensuring that you don’t win too often, or win just enough to draw you in to want to invest more. The chances of a payout are remote (one in several million), yet people are lured into investing due to premises of a big payout. Kind of like someone inciting you to invest a large sum of money on a horse race with poor odds. The difference, however, is that the odds are so remote that this type of investment is illegal in many jurisdictions. Additionally, the scammers are actively manipulating prices as you engage and invest, luring you into losing more money. Communication is often done through highly encrypted apps such as Signal, and money is exchanged and funnelled through money-laundering processes and, increasingly, through cryptocurrencies. It is extremely difficult to recover money laundered through encrypted cryptocurrencies, making this type of online fraud a lucrative business.
I provide legal and ethical information to computer-security experts (and almost certainly some hackers) on a wide range of topics, such as deviation of application program interfaces (APIs), data crawling on the Deep Web, sale of vulnerabilities and bugs, copyright issues in proof-of-concept videos, subverting national firewalls, disclosure of corrupt practices, and hacking targets. I do know that requests for information have come from Russia, Estonia, China, Jordan, Saudi Arabia, Australia, and Canada, but possibly too from anywhere as people tend to use anonymizing technology to contact me to reduce risk of identification. One person goes so far as to only send me hard documents by post.
Lastly, I have done consultancies for government and industry. In fact, this book is largely the product of research/consultancy work on ethical hacking for Public Safety Canada in 2010. Public Safety Canada engages and works with various departments on a range of cybersecurity issues and also houses the Canadian Cyber Incident Response Centre. As you can see, my understanding of cyber-security behaviour and ethical hacking is based on first-hand knowledge as well as research. That’s more than enough about me; let’s move onto the topic of the book: ethical hacking.

1.3 Ethical Hacking

What is ethical hacking? My definition differs from the computer-science terminology (which only covers penetration/intrusion testin...

Índice

  1. Cover
  2. Title Page
  3. Copyright
  4. Contents
  5. Chapter I: Why Ethical Hacking?
  6. Chapter II: Essential Terms and Concepts
  7. Chapter III: Methodology and Quantitative Studies of Ethical Hacking: Evidence-Based Decision and Policy-Making
  8. Chapter IV: Legal Cases Around the World
  9. Chapter V: Select Ethical-Hacking Incidences: Anonymous
  10. Chapter VI: Select Ethical-Hacking Incidences: Chaos Computer Club, CyberBerkut, LulzSec, Iranian Cyber Army, and Others
  11. Chapter VII: Online Civil Disobedience
  12. Chapter VIII: Hacktivism
  13. Chapter IX: Penetration/Intrusion Testing and Vulnerability Disclosure
  14. Chapter X: Counterattack/Hackback
  15. Chapter XI: Security Activism
  16. Chapter XII: Ethical-Hacking Challenges in Legal Frameworks, Investigation, Prosecution, and Sentencing
  17. Chapter XIII: Ethical Hacking, Whistle-Blowing, and Human Rights and Freedoms
  18. Chapter XIV: Toward an Ethical-Hacking Framework
  19. Bibliography
  20. Appendix: Interview Questions
  21. Backcover
Estilos de citas para Ethical Hacking

APA 6 Citation

Maurushat, A. (2019). Ethical Hacking ([edition unavailable]). University of Ottawa Press. Retrieved from https://www.perlego.com/book/962519/ethical-hacking-pdf (Original work published 2019)

Chicago Citation

Maurushat, Alana. (2019) 2019. Ethical Hacking. [Edition unavailable]. University of Ottawa Press. https://www.perlego.com/book/962519/ethical-hacking-pdf.

Harvard Citation

Maurushat, A. (2019) Ethical Hacking. [edition unavailable]. University of Ottawa Press. Available at: https://www.perlego.com/book/962519/ethical-hacking-pdf (Accessed: 14 October 2022).

MLA 7 Citation

Maurushat, Alana. Ethical Hacking. [edition unavailable]. University of Ottawa Press, 2019. Web. 14 Oct. 2022.