Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st36_CaseStudyIntro.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
89 lines (53 sloc)
3.24 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ethical Hacking Case Studies | |
This week we will be looking at various case studies related to Hacking. | |
We will then discuss the various topics in the forums, and in the Lab Session. | |
For each case study I want you to consider: | |
- What were the **technical details** of the hack itself? | |
- What are the **legal** and **ethical considerations** Here? | |
- Are there other similar hacks that you have heard of? | |
# Case Study One: The Legal Elements of Hacking | |
While legislation around Cyber security is similar around the world, there are differences. | |
- Taking Europe as a baseline, the laws are consistent between | |
European countries, as they have to align with European Directives | |
- Other jurisdictions may be stricter or less strict. | |
- Laws may have similar objectives but different technicalities: | |
- Computer Crime and Abuse Act 1996 (USA) | |
- Euro Directive on Attacks against information systems 2013 | |
Read the attached articles covering ethical hacking cases in three different countries. | |
Consider: | |
- What were the key interpretations of the Law in each case? | |
- How do these Legal differences effect the Ethical hacker? | |
- What are your views on the Legal decision? | |
- Were the Judges correct in their findings, or do you disagree? | |
## The UK: Mangham Case | |
https://www.zdnet.com/article/british-student-jailed-for-hacking-into-facebook/ | |
https://www.bbc.co.uk/news/uk-england-york-north-yorkshire-17079853 | |
This case was considered under the Computer Misuse Act (1990). | |
Mangham considered himself an ethical | |
hacker, and cooperated with the police during the investigation. | |
Mangham had previously exposed flaws in Yahoo, and submitted bug | |
reports under responsible disclosure. | |
However, Mangham was sentenced to 8 months imprisonment after breaking | |
into Facebook and uploading code. | |
Upon appeal, the sentence was reduced to 4 months. | |
http://www.bailii.org/ew/cases/EWCA/Crim/2012/973.html | |
## The EU: Krol Case | |
https://www.techdirt.com/articles/20130218/00403422011/dutch-parliament-member-fined-hacking-he-says-he-was-just-exposing-security-flaw.shtml | |
https://www.csmonitor.com/World/Europe/2013/0115/Should-good-hackers-be-protected-by-law | |
Krol was fined $1000 for "Hacking" (in this case using a system | |
password that was available on a Forum), a Dutch medical Lab, and then | |
revealing the security breach to the press. | |
The Court ruled that Krol's intentions were good, however: | |
- He went to the media at the same time as the company | |
- Downloaded and printed more files *than were necessary* | |
## Al-Khabaz Case (Canada) | |
https://www.wired.com/2013/01/student-expelled-exposing-flaw/ | |
https://www.infoworld.com/article/2613635/school-that-expelled-student-hacker-may-have-ignored-16-month-old-security-flaw.html | |
https://www.huffingtonpost.ca/2013/01/22/ahmed-al-khabaz-dawson-hacking-expelled-jobs_n_2529045.html?guccounter=1&guce_referrer_us=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_cs=jxn0B5csVbZhrugW7d3pbA | |
Al-Khabaz discovered a flaw in a student records system, and reported | |
it to the College he attended. Later, he ran a vulnerability scan to | |
check if the issue had been fixed. Al-Khabaz was reported by the | |
hosting company, and subsequently expelled from college. | |
## Links | |
- CMA Based Legal Cases | |
(http://www.computerevidence.co.uk/Cases/CMA.htm) |