In cases of cyberattacks and data breaches in the United States
In cases of cyberattacks and data breaches in the United States, there is often a cry to hack back – in other words, attack the attacker. In 500-750 words, explain why or why not hacking back is an appropriate response.
Make sure to
Describe the legal requirements and associated ethical steps needed to perform a penetration test.
Describe “ethical hacking” principles and conditions.
Distinguish between ethical and unethical hacking.
Distinguish between nuisance hacking, activist hacking, criminal hacking, and acts of war. When could hacking be considered an act of war?
In addition, reference a minimum of four laws listed below in your answer.
Title 10 (Armed Forces)
Title 50 (War and National Defense)
Title 18 (Crimes)
Jus ad bellum
United Nations Charter
Jus in bello
The Hague Conventions
The Geneva Conventions
Make sure to reference and cite supporting evidence from not only the textbook but two additional academic resources.
With the increased advancement in technology, cyber-attacks and data breaches in the United States are rising, putting cyber security on edge. The rapid increase in cyber-attacks has spurred conversation revolving around ethical hacking, whereby the world is warming up to the notion of attacking the attacker. New technologies are being rapidly created to counter hack the hacker and neutralize the adversaries (Saha, 2019). Penetration tests and ethical hacking are commonly used techniques to attack the attacker. When executed well, following all the legal protocols, striking the attacker is imperative in curbing cyber insecurities. These techniques have a share of risks, but the advantages outweigh the negatives.
Penetration testing entails before conducted by cyber security experts to trace and exploit weak spots in a defense system that attackers would take advantage of. Before running the penetration tests, ethical conditions need to be met. Firstly, the get out of jail free principle whereby before conducting the penetration test, the parties involved should outline the work scope of the pentester and issuance of a card authorizing the legal authority by the client and permit access (Yaacoub, 2021). Secondly, damage control in pen testing is another legal issue that must be outlined, primarily when the pen test is conducted on a live system. It can potentially impact other system users; thus, the client will be liable for consequential, ordinary, and incidental damages. Thirdly, indemnification ensures a rule authorizing the pen test and that the pen tester is tester depending on the state’s laws. Having licenses permits the pen testers to perform investigations to which only licensed PI have access. Notably, the Pen testers need to be well conversant with venue and jurisdiction laws to prevent them from going against the set rules in a given jurisdiction.
Ethical hacking entails an authorized attempt to bypass restricted access to data applications or computer systems. The ethical hack is used to resolve malicious attackers by duplicating strategies and methods of cyber stacks. Herein are the principles necessary to conduct ethical hacking. Firstly, the process should be legal; thus, the need to obtain approval. It should have defined scope, reported vulnerabilities in case of any and final respect data sensitivity, got a non-disclosure agreement, and adhered to the organization’s terms and conditions they are conducting the hacking (Nicholson, 2019). Notably, ethical hacking reduces vulnerabilities in systems and creates firewalls and security protocols. Unethical activists steal valuable information, money accounts, transactions, or access restricted networking spaces. There are numerous cases of unethical hacking today; they include criminal hackers, nuisance hacking, and activist hacking, among others, and are dependent on the perpetrator’s agenda.
Unethical hacking entails the attempt to gain unauthorized performed by cybercriminals in restricted networks and systems. Nuisance hacking entails hackers who violate principles and standards but with no intention of causing harm, while Criminal hacking uses hacking techniques to perform acts that go against the law (Saha, 2019). Activist hacking is the computer-based technique used to promote social change or political agenda; in other cases, it supports malicious intent and leads to destruction or undermines security.
Saha, S., Das, A., Kumar, A., Biswas, D., & Saha, S. (2019, August). Ethical hacking: redefining security in an information system. In International Ethical Hacking Conference (pp. 203-218). Springer, Singapore.
Nicholson, S. (2019). How ethical hacking can protect organizations from a more significant threat. Computer Fraud & Security, 2019(5), 15-19.
Yaacoub, J. P. A., Noura, H. N., Salman, O., & Chehab, A. (2021). A Survey on Ethical Hacking: Issues and Challenges. arXiv preprint arXiv:2103.15072.