Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

DADA/Articles/st36_CaseStudyIntro.md

Go to file
 
 
Cannot retrieve contributors at this time
Ethical Hacking Case Studies Case Study One: The Legal Elements of Hacking The UK: Mangham Case The EU: Krol Case Al-Khabaz Case (Canada) Links
89 lines (53 sloc) 3.24 KB
Raw Blame
Open in GitHub Desktop

Ethical Hacking Case Studies

This week we will be looking at various case studies related to Hacking. We will then discuss the various topics in the forums, and in the Lab Session.

For each case study I want you to consider:

  • What were the technical details of the hack itself?
  • What are the legal and ethical considerations Here?
  • Are there other similar hacks that you have heard of?

Case Study One: The Legal Elements of Hacking

While legislation around Cyber security is similar around the world, there are differences.

  • Taking Europe as a baseline, the laws are consistent between European countries, as they have to align with European Directives
  • Other jurisdictions may be stricter or less strict.
  • Laws may have similar objectives but different technicalities:
    • Computer Crime and Abuse Act 1996 (USA)
    • Euro Directive on Attacks against information systems 2013

Read the attached articles covering ethical hacking cases in three different countries. Consider:

- What were the key interpretations of the Law in each case?
- How do these Legal differences effect the Ethical hacker?
- What are your views on the Legal decision?
   - Were the Judges correct in their findings, or do you disagree?

The UK: Mangham Case

https://www.zdnet.com/article/british-student-jailed-for-hacking-into-facebook/

https://www.bbc.co.uk/news/uk-england-york-north-yorkshire-17079853

This case was considered under the Computer Misuse Act (1990).

Mangham considered himself an ethical hacker, and cooperated with the police during the investigation. Mangham had previously exposed flaws in Yahoo, and submitted bug reports under responsible disclosure.

However, Mangham was sentenced to 8 months imprisonment after breaking into Facebook and uploading code.

Upon appeal, the sentence was reduced to 4 months.

http://www.bailii.org/ew/cases/EWCA/Crim/2012/973.html

The EU: Krol Case

https://www.techdirt.com/articles/20130218/00403422011/dutch-parliament-member-fined-hacking-he-says-he-was-just-exposing-security-flaw.shtml

https://www.csmonitor.com/World/Europe/2013/0115/Should-good-hackers-be-protected-by-law

Krol was fined $1000 for "Hacking" (in this case using a system password that was available on a Forum), a Dutch medical Lab, and then revealing the security breach to the press.

The Court ruled that Krol's intentions were good, however:

  • He went to the media at the same time as the company
  • Downloaded and printed more files than were necessary

Al-Khabaz Case (Canada)

https://www.wired.com/2013/01/student-expelled-exposing-flaw/ https://www.infoworld.com/article/2613635/school-that-expelled-student-hacker-may-have-ignored-16-month-old-security-flaw.html

https://www.huffingtonpost.ca/2013/01/22/ahmed-al-khabaz-dawson-hacking-expelled-jobs_n_2529045.html?guccounter=1&guce_referrer_us=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_cs=jxn0B5csVbZhrugW7d3pbA

Al-Khabaz discovered a flaw in a student records system, and reported it to the College he attended. Later, he ran a vulnerability scan to check if the issue had been fixed. Al-Khabaz was reported by the hosting company, and subsequently expelled from college.

Links