Anthony and Sarah are a cybersecurity team hired by a young but growing mobile device manufacturer to beef up
their infosec operations. The company had two embarrassing security breaches in recent months and is determined to take a more aggressive security approach moving forward; a friend of the company's founders recommended Anthony and Sarah as fitting the bill. Anthony and Sarah favor an especially aggressive and offense-driven style of cybersecurity practice. Their techniques include:
- Forced Inoculation in the Wild: If Anthony and Sarah discover a worm that is beginning to spread quickly on the manufacturer's devices, they will design and release 'into the wild' (on the Internet) a worm of their own design that remotely and autonomously patches host systems against the malware. Users are not made aware that they are downloading or installing the patch worm, it is spread and activated through the same
surreptitious techniques as malware.
- Automated Disabling: They create security tool that, if it detects an infected host computer on the network, immediately launches a disabling attack on that computer, breaking its link to the network so that it cannot infect more systems. The infected host computer will, without warning, lose its network connection and all networked
programs running will be interrupted until the security administrator can come to disinfect, patch, and reboot the host computer.
- Hacking Back and Honeypots: Anthony and Sarah use a variety of techniques to attack computers that appear to be carrying out hostile actions against their network: from installing spyware on attacking systems in an effort to identify the perpetrator, installing disabling malware on the attacking system, deleting stolen data, and creating 'honeypots' on their own network that appear to be vulnerable troves of sensitive data but really allow them to lure and infect attackers' systems. They are aware that these techniques in many contexts are illegal and pose the risk of 'collateral damage' to innocent third parties whose systems have been commandeered or spoofed without their knowledge, but they see their vigilante approach as justified, at least in some cases, by the lack of effective law enforcement remedies for ransomware and other cyberattacks on the company.
Anthony and Sarah know that their methods are regarded as ethically questionable by a significant portion of the security community, and so they do not disclose details of their methods, either to their employer (who takes a "the less I know the better" approach,) or to users of the company network or the public whose systems may be impacted by their methods. Their motto is, 'the ends justify the means,' and if they can discourage future attacks on the company, they regard their job as well done.
Question 5.5: Identify the 5 most significant ethical issues/questions raised by this Anthony and Sarah's cybersecurity practice.
Question 5.6: Off the first set of 12 ethical best practices in cybersecurity listed in Section 5, which ones Anthony and Sarah seem not to reliably practice? Explain your answer.
Recently Asked Questions
- Hi I need help in Java. I need help in created the following program: An inversion in an int array is a pair of elements a[i] and a[j] where ia[j]. In other
- Hi this questions is intended to learn and not be submitted. I provided the following to help the tutor understand the question. In Java, I need help in
- Hello Please help me on the below What are the essential scientific and technological discoveries that are the source of smart home?