DOCSLIB.ORG

Cybersecurity Threats Challenges Opportunities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

November 2016 Cybersecurity Threats Challenges Opportunities “It is only when they go wrong that machines remind you how powerful they are.” Clive James Cybersecurity – Threats Challenges Opportunities 3 Contents 01 03 Foreward 1 Threats in the Executive summary 4 information age 13 The nature of threats 14 The Internet of Things (IoT) 16 Botnet armies 17 When security is an afterthought 18 Autonomous systems 19 Driverless cars and transport 19 ATMs and Point of Sale 21 What about wearables? 22 02 Cyberwarfare 24 A brave new world 5 Automated attacks 24 Cyber speak! 6 Energetic Bear 24 What is cybersecurity? 7 Cyberattacks on infrastructure 26 And the weakest link is… 9 When software kills 28 A world without cybersecurity 11 Data manipulation 29 Backdoors and espionage 29 Cloud concerns 29 Blast from the past 30 Virtualised threats 32 Industry and the individual 33 Ransomware and Cryptoware 33 Multi-vector attacks 33 Identity theft 34 The world we live in 34 04 The future in our hands 35 The 100% secure computer 37 Opportunities 38 The data-driven economy 38 Technology as wealth creation 39 Cybersecurity as job growth 39 Leveraging technology talent 39 Challenges 40 Leadership 40 Learning from history 40 Collaboration 41 Education and awareness 41 05 Looking to the road ahead 45 You are what you do 43 State of the nation 46 Legal and regulatory 43 What role can you play? 47 Services and privacy 43 Government 47 Perception and practicality 44 Education and research 50 Business and industry 50 You, the individual 50 The five pillars of cybersecurity readiness 51 Online resources 52 Through the looking glass 53 Fast facts 55 Glossary 57 References 59 Cybersecurity – Threats Challenges Opportunities 5 Foreword You’ve seen documents like this pass your desk before, but we hope this one is a little different. You can gloss over it, seeking the diamonds in the rough, but take the time to delve into the information presented here and you will walk away with a different appreciation of the laptop on your desk, the car that you drive, and the phone that you carry. Not to mention the planes you fly, Logically, then, protecting that upon Protecting that upon the banks that hold your money, the which we depend should be front which we depend should hospitals that keep you alive and of mind for government, business the very infrastructure that makes and industry, academia and every be front of mind for our cities run. In short: the basis individual with a smartphone in government, business of our modern lives. their pocket. and industry, academia It can be hard to not overuse a word Which is to say, all of us. and every individual that’s become popular thanks to If you are part of government, this public awareness, but ‘cyber’ is now with a smartphone in primer serves as a guide to the firmly entrenched in our language their pocket. greater sphere of cybersecurity and our mindset, by virtue of the fact and how it relates to our national that our society today depends so security, our national interest, and much on technology. our economic prosperity. So we’re going to talk about cyber If you are an executive, board with respect to security, as the two member, business leader, or IT are intimately intertwined. In this professional this is an opportunity guide we aim to break down what to verse yourself in the language is sometimes a large and complex and the ecosystem, the threats and issue into an easy to read and the opportunities, and to better digestible summary that should communicate the issues and – if we’ve done our job well – give responsibilities around cybersecurity you the tools to both talk confidently within your organisation. about the issues, as well as equip you with the core information required to And if you are simply an individual make decisions around cybersecurity. interested in understanding more about the nature of our digitally- Because, despite the technical driven world, this guide will provide nomenclature, the issue of cyber- the basics and a clear overview of security is as vital to our way of life how cybersecurity relates to you. as technology itself. In fact, they can’t be separated: our economic health, At the ACS we welcome every our national security, and indeed the opportunity to educate and assist. fabric of our society is now defined If you have any questions, or would by the technology we depend on like more information, please feel every day. free to contact me at: [email protected]. What’s left unsaid here, however, is the assumption that this technology Enjoy this guide. We hope it will make will continue to work as we intend – a difference to you. but this is only true if we can protect it from being hacked, manipulated, Anthony Wong 01 and controlled. President, ACS SECURING AUSTRALIA’S FUTURE At ACS we are passionate about the services to identify and certify Nations in New York, where the ICT profession being recognised as ICT professionals you can trust, importance of ICT professionalism a driver of productivity, innovation including through the Professional was acknowledged by the UN and business – able to deliver real, Standards Scheme that assures General Assembly President in 2015. tangible outcomes. professionals have the specialist In May 2016 the President of skills business can rely upon. This year ACS celebrates 50 years IFIP participated in the European of advancing ICT in Australia. Our ACS is part of the global federation Foresight Cyber Security founders and pioneers worked of professional ICT societies, Meeting where he advocated on the first innovative computers the International Federation for that professionalism of the ICT in government, academia and Information Processing (IFIP), workforce is “a key element in industry, and our members now and the first professional body to building trustworthy and reliable work at the coalface of technology receive accreditation under the systems” and that it is important development across every industry. International Professional Practice to ensure that “cyber security Partnership (IP3) – providing a and cyber resilience is also a In 2011, ACS brought together its platform for accreditation for duty of care of the individual own Cyber Taskforce from our ICT professionals and mutual ICT professional”. 23,000 members to respond to the recognition across international Federal Government’s new cyber As we move forward another boundaries. The ACS currently discussion paper, ‘Connecting with 50 years, ACS will be there chairs IP3 and plays a leading Confidence’, where we highlighted at the forefront meeting the role in the professionalism of the the need to develop co-ordination challenges and opportunities ICT workforce. and a focus on the pipeline of of ICT, and supporting the cyber professionals. IP3 has since gained global growth and potential of ICT attention after successful professionals in Australia. To play our part in securing engagements at the World Summit Australia’s future, we continue on the Information Society (WSIS) to perform the role of trusted Forum in Geneva and the United advisor to government, and deliver Cybersecurity – Threats Challenges Opportunities 2 01 Executive summary As technology continues to evolve so also do the opportunities and challenges it provides. We are at a crossroads as we move from a society already entwined with the internet to the coming age of automation, Big Data, and the Internet of Things (IoT). But as a society that runs largely Critically, this document clarifies Our aim is that this document on technology, we are also as a result the importance for Australia to take provides an informative primer on dependent on it. And just as technology responsibility for its own cybersecurity, the relevant issues facing Australia brings ever greater benefits, it also especially with regards to essential in relation to cybersecurity, to brings ever greater threats: by the infrastructure and governance. generate discussion and debate, and very nature of the opportunities it to raise awareness with regards to On the flip side – and as one of the presents it becomes a focal point for a fundamental building block of the fastest growth industries globally cybercrime, industrial espionage, and technologically-dependent society – developing our own cybersecurity cyberattacks. Therefore, protecting which we have already become. industry is also an opportunity for it is of paramount priority. economic growth, job creation, and As you will read in the following This guide looks at some of the education – ensuring Australia is pages, cybersecurity is not optional. concerns facing us in the near future well positioned for a future as a It must form part of the design of that include: digitally advanced nation. every product, of every database, of every electronic communication. And • Attack vectors such as botnets, Finally, we look at some of the – through education, awareness, and autonomous cars and ransomware. challenges that countries worldwide proactive change – we can all play a are currently dealing with in regards • Threats including data manipulation, part in securing our future. identify theft, and cyberwarfare. to cybersecurity, including: • Tangential issues such as data • The need for more collaboration sovereignty, digital trails, and in order to mitigate threats. leveraging technology talent. • Education and awareness; and Additionally, it provides some • The balance between privacy and background to the nature of digital security. ecosystems and the fundamentals of cybersecurity. Cybersecurity – Threats Challenges Opportunities 4 A brave new world You’re reading this document written with, laid out by, and printed using computers. From start to finish it existed as 0s and 1s – the binary blood of our modern world. In fact, our lives today are codified by data: almost everything we do, and everything we depend on, involves data and the technology that uses it – there are scant few areas not touched by this revolution we call the information age.
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • The Evolution of Ransomware

    The Evolution of Ransomware

    The evolution of ransomware SECURITY RESPONSE The evolution of ransomware Kevin Savage, Peter Coogan, Hon Lau Version 1.0 – August 6, 2015 Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. CONTENTS OVERVIEW ..............................................................................3 Key information ......................................................................5 Types of ransomware .............................................................5 How ransomware has evolved ...............................................7 Targets for ransomware .......................................................13 Systems impacted by ransomware ......................................14 Ransomware: How it works ..................................................18 Ransom techniques ..............................................................27 How widespread is the problem of ransomware .................33 What does the future hold for ransomware? .......................37 Conclusion ............................................................................45 Appendix ..............................................................................47 Mitigation strategies ............................................................51 Symantec detections for common ransomware families 54 Resources .............................................................................56 OVERVIEW Never before in the history of human kind have people across the world been
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W

    Attribution and Response to Cybercrime/Terrorism/Warfare Susan W

    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
  • Deterrence Theory in the Cyber-Century Lessons from a State-Of-The-Art Literature Review

    Deterrence Theory in the Cyber-Century Lessons from a State-Of-The-Art Literature Review

    Working Paper Research Division EU/Europe Stiftung Wissenschaft und Politik German Institute for International and Security Affairs Annegret Bendiek, Tobias Metzger Deterrence theory in the cyber-century Lessons from a state-of-the-art literature review SWP Working Papers are online publications of SWP’s research divisions which have not been formally reviewed by the Institute. Ludwigkirchplatz 3−4 10719 Berlin Phone +49 30 880 07-0 Fax +49 30 880 07-100 www.swp-berlin.org Working Paper RD EU/Europe, 2015/ 02, May 2015 [email protected] SWP Berlin Table of Contents List of Figures 1 List of Abbreviations 2 Introduction 3 In theory – Deterrence theory and cyberspace 4 Deterrence-by-retaliation and deterrence-by-denial 6 In practice – Suitability of cyber: lessons and implications 7 Key challenges: Credibility and capability to display and use force 7 How to deter? Deterrence-by-denial and deterrence-by- retaliation 9 Determining the type of defence 9 Adding offence to the equation 10 When and whom to deter? Immediate vs. general deterrence and the challenge of attribution 10 What to deter? Narrow vs. broad deterrence 12 For whom? Central vs. extended deterrence 13 Conclusion and outlook 14 Annex 16 Glossary 16 List of References 17 List of Figures Figure 1: Limits to retaliation in cyberspace .................. 9 Figure 2: A possible model of escalation ....................... 11 Figure 3: EEAS figure on a possible inter-ministry division of labour ................................................................. 15 Figure 4: Risk assessment
  • Cyberattack Attribution

    Cyberattack Attribution

    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
  • The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty

    The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty

    In Collaboration with Kearney The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty WHITE PAPER JULY 2021 Images: Getty Images, Unsplash Contents Foreword 3 Executive summary 4 1 Disruption drives a rethink 5 2 Resilience in action 8 2.1 Getting to grips with disruption 8 2.2 Introducing the resiliency compass 8 2.3 Who are the resilience leaders? 10 3 Setting the right course with the resiliency compass 11 4 Call for action: global coordination for the long term 14 Methodology 15 Contributors 16 Acknowledgements 17 Endnotes 19 © 2021 World Economic Forum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system. The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty 2 July 2021 The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty Foreword Unlocking the future of cooperation, resilience and prosperity for global value chains. Francisco Betti Per Kristian Hong Head of Shaping the Future of Managing Director and Advanced Manufacturing and Partner, Strategic Operations Production, Member of the and World Economic Forum Executive Committee, World Relationship Lead, Kearney Economic Forum COVID-19 has kept manufacturing companies systems if both the global economy and companies beyond busy for many months and the challenges are to successfully navigate future disruptions that are far from over, from ensuring safety and may affect global value chains. security on the shop floor and facing supply and demand disruptions to accelerating digital In 2020, the World Economic Forum, in transformation and reskilling to build resilience.
  • Crimeware on the Net

    Crimeware on the Net

    Crimeware on the Net The “Behind the scenes” of the new web economy Iftach Ian Amit Director, Security Research – Finjan BlackHat Europe, Amsterdam 2008 Who Am I ? (iamit) • Iftach Ian Amit – In Hebrew it makes more sense… • Director Security Research @ Finjan • Various security consulting/integration gigs in the past – R&D – IT • A helping hand when needed… (IAF) 2 BlackHat Europe – Amsterdam 2008 Today’s Agenda • Terminology • Past vs. Present – 10,000 feet view • Business Impact • Key Characteristics – what does it look like? – Anti-Forensics techniques – Propagation methods • What is the motive (what are they looking for)? • Tying it all up – what does it look like when successful (video). • Anything in it for us to learn from? – Looking forward on extrusion testing methodologies 3 BlackHat Europe – Amsterdam 2008 Some Terminology • Crimeware – what we refer to most malware these days is actually crimeware – malware with specific goals for making $$$ for the attackers. • Attackers – not to be confused with malicious code writers, security researchers, hackers, crackers, etc… These guys are the Gordon Gecko‟s of the web security field. The buy low, and capitalize on the investment. • Smart (often mislead) guys write the crimeware and get paid to do so. 4 BlackHat Europe – Amsterdam 2008 How Do Cybercriminals Steal Business Data? Criminals’ activity in the cyberspace Federal Prosecutor: “Cybercrime Is Funding Organized Crime” 5 BlackHat Europe – Amsterdam 2008 The Business Impact Of Crimeware Criminals target sensitive business data
  • International Security in Cyberspace: New Models for Reducing Risk Write a Description

    International Security in Cyberspace: New Models for Reducing Risk Write a Description

    Arms Control and International Security Papers Volume I I Number 20 October 20, 2020 International Security in Cyberspace: New Models for Reducing Risk by Christopher A. Ford The Arms Control and International Security Papers are produced by the Office of the Under Secretary of State for Arms Control and International Security in order to make U.S. State Department policy analysis available in an electronically-accessible format compatible with "social distancing" during the COVID-19 crisis. Arms Control and International Security Papers Volume I, Number 20 I October 20, 2020 International Security in Cyberspace: New Models for Reducing Risk International Security in Cyberspace: New Models for Reducing Risk by Christopher A. Ford1 In this ACIS Paper, Assistant Secretary Ford recounts the evolution of U.S. cyberspace security diplomacy over the last several years, describing the difficulty of making traditional "arms control" concepts work in this novel domain, but emphasizing the valuable contributions nonetheless already being made through the articulation of voluntary, nonbinding norms of responsible state behavior and a shift to a more explicitly deterrence-focused cyberspace security policy. In this ever more Internet-connected age, it is no challenge of enormous magnitude, and one to which surprise that cyber threats continue to increase. The the non-authoritarian world is still only in the early more indispensable such connectivity is for commerce, stages of mounting effective responses. communications, and innumerable aspects of daily life, the more that malicious actors see opportunities to Success in meeting these challenges requires a steal (or hold hostage) the information lifeblood of our whole-of-government response, and such a broad contemporary economy, or otherwise to profit response is indeed underway pursuant to the broad malevolently from modern dependencies.
  • Comptia® Security+ SY0-601 Cert Guide

    Comptia® Security+ SY0-601 Cert Guide

    CompTIA® Security+ SY0-601 Cert Guide Omar Santos Ron Taylor Joseph Mlodzianowski A01_Santos_Fm_pi-plii_1.indd 1 01/06/21 2:49 pm CompTIA® Security+ SY0-601 Cert Guide Editor-in-Chief Copyright © 2022 by Pearson Education, Inc. Mark Taub All rights reserved. No part of this book shall be reproduced, stored in Product Line Manager a retrieval system, or transmitted by any means, electronic, mechanical, Brett Bartow photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the Executive Editor information contained herein. Although every precaution has been taken in Nancy Davis the preparation of this book, the publisher and author assume no respon- Development Editor sibility for errors or omissions. Nor is any liability assumed for damages Christopher A. Cleveland resulting from the use of the information contained herein. ISBN-13: 978-0-13-677031-2 Managing Editor ISBN-10: 0-13-677031-2 Sandra Schroeder Library of Congress Control Number: 2021935686 Senior Project Editor ScoutAutomatedPrintCode Tonya Simpson Copy Editor Trademarks Chuck Hutchinson All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Pearson IT Certification Indexer cannot attest to the accuracy of this information. Use of a term in this book Erika Millen should not be regarded as affecting the validity of any trademark or service mark. Proofreader Abigail Manheim Warning and Disclaimer Technical Editor Every effort has been made to make this book as complete and as accurate Chris Crayton as possible, but no warranty or fitness is implied.
  • Malware to Crimeware

    Malware to Crimeware

    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
  • The Ethics of Cyberwarfare Randall R

    The Ethics of Cyberwarfare Randall R

    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
  • Ethical Hacking

    Ethical Hacking

    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.