View the step-by-step solution to:

Question

Anthony and Sarah are a cybersecurity team hired by a young but growing mobile device manufacturer to beef

up their infosec operations. The company had two embarrassing security breaches in recent months and is determined to take a more aggressive security approach moving forward; a friend of the company's founders recommended Anthony and Sarah as fitting the bill. Anthony and Sarah favor an especially aggressive and offense-driven style of cybersecurity practice. Their techniques include:

- Forced Inoculation in the Wild: If Anthony and Sarah discover a worm that is beginning to spread quickly on the manufacturer's devices, they will design and release 'into the wild' (on the Internet) a worm of their own design that remotely and autonomously patches host systems against the malware. Users are not made aware that they are downloading or installing the patch worm, it is spread and activated through the same

surreptitious techniques as malware.

- Automated Disabling: They create security tool that, if it detects an infected host computer on the network, immediately launches a disabling attack on that computer, breaking its link to the network so that it cannot infect more systems. The infected host computer will, without warning, lose its network connection and all networked

programs running will be interrupted until the security administrator can come to disinfect, patch, and reboot the host computer.

- Hacking Back and Honeypots: Anthony and Sarah use a variety of techniques to attack computers that appear to be carrying out hostile actions against their network: from installing spyware on attacking systems in an effort to identify the perpetrator, installing disabling malware on the attacking system, deleting stolen data, and creating 'honeypots' on their own network that appear to be vulnerable troves of sensitive data but really allow them to lure and infect attackers' systems. They are aware that these techniques in many contexts are illegal and pose the risk of 'collateral damage' to innocent third parties whose systems have been commandeered or spoofed without their knowledge, but they see their vigilante approach as justified, at least in some cases, by the lack of effective law enforcement remedies for ransomware and other cyberattacks on the company.

Anthony and Sarah know that their methods are regarded as ethically questionable by a significant portion of the security community, and so they do not disclose details of their methods, either to their employer (who takes a "the less I know the better" approach,) or to users of the company network or the public whose systems may be impacted by their methods. Their motto is, 'the ends justify the means,' and if they can discourage future attacks on the company, they regard their job as well done.


Question 5.7: How might Anthony and Sarah's conduct be judged according to each of the three ethical theories described in Section 4: Utilitarian, Deontological, and Virtue Ethics (Briefly explain your answers for each)?



Question 5.8: How should the conduct of Anthony and Sarah's employer be evaluated here? Was it ethical, and if not, what ethical standards/duties/best practices were violated by the employer?

Top Answer

Answer 5.7 : The Anthony and Sarah's conduct is considered justified in terms of Utilitarianism; moreover, it is considered... View the full answer

Sign up to view the full answer

Why Join Course Hero?

Course Hero has all the homework and study help you need to succeed! We’ve got course-specific notes, study guides, and practice tests along with expert tutors.

  • -

    Study Documents

    Find the best study resources around, tagged to your specific courses. Share your own to gain free Course Hero access.

    Browse Documents
  • -

    Question & Answers

    Get one-on-one homework help from our expert tutors—available online 24/7. Ask your own questions or browse existing Q&A threads. Satisfaction guaranteed!

    Ask a Question