INVITATION TO CYBERSECURITY 52 that the vulnerability existed or they would say it is overblown and not a practical concern. Researchers provide companies advanced notice so the companies will have time to fix the vulnerability and release a patch if necessary before bad actors find out about it. The idea is that by the time of the public disclosure, the vulnerability would be a moot point, but the cybersecurity researcher would still receive credit for his effort. Cybersecurity researchers, like all ethical hackers, must be careful to act ethically at all times, respect the rights of all citizens, and obey all applicable laws. The responsible disclosure process in particular is a good case study for an ethical analysis like the ones outlined in Chapter 10 of this textbook. 3.1.2 Illegal Hacking “I have a lot of regrets, but I think my essential failing was that I lost touch with the accountability and responsibility that comes with being a member of society. A friend of mine once told me to behave as though everyone could see what I was doing all the time. A sure way to avoid engaging in illegal conduct, but I guess I wasn’t a believer because when I was invisible, I forgot all about this advice. I know now that we can’t be invisible, and that it’s dangerous thinking.” - notorious hacker Max Butler at his sentencing Unfortunately, there are far more black hat hackers than white hats. Illegal hacking is the main concern of this textbook, and it is helpful to distinguish among several different categories of illegal hacking. The first main distinction is the difference between internal and external hackers relative to the organization that is being hacked. An internal hacker is called an insider threat. An insider threat is a person that works for the organization they attack. Insider threats are difficult to prevent because they are trusted and have at least some legitimate access to computer systems and data in order to do their jobs. Where they cross the line into illegal hacking is when they exceed their authorized access—a form of obtaining unauthorized access. The threat posed by external versus insider threats are comparable to the difference a random bank robber poses versus the manager of the bank. The manager has legitimate access to the assets of the bank, and knows all the security protocols, including the lock combination to the safe. Also, insider threats are difficult to detect because it is easier for them to cover up their crimes—in the bank example, the manager can tamper with logs and other official records. Organizations have to put many controls in place to deter, prevent, and detect insider threats (more on controls in Chapter 5). Any hacker who is not an insider threat is an external threat. All the categories of hacking in the following subsections apply to both insider and external threats. Most hackers are external threats since the outsiders of any organization greatly outnumber the insiders. Whether an insider or an external threat, illegal hacking can be categorized by the motivations of the hackers.
RkJQdWJsaXNoZXIy MTM4ODY=