Category: CyberCrime

Following the 9/11 disaster and the PATRIOT Acts passage, the powers of the United States government to conduct surveillance on both citizens and foreign entities expanded dramatically. The Computer Crime and Intellectual Property Section was added to the Department of Justice, and the National Security Agency received substantially expanded purview for the stated purpose of combating terror. However, both before these measures were put into place and especially after the 2013 leak by Edward Snowden, questions arose about the rationality and constitutionality of these measures. The indiscriminate gathering of information about private citizens is presumably a violation of the Fourth Amendment, as there is no reasonable cause for doing so in an overwhelming majority of individual cases. This paper aims to define the problem and propose a solution that will respect the Constitution while enabling the government to fight cybercrime.

Under the current law, the gathering of private data by government agencies without a reasonable cause and an appropriate warrant is illegal in accordance with the Fourth Amendment. However, Snowden has revealed that agencies engage in such behavior, regardless, while the government aided and abetted them (Boussios, 2016). They use their lack of transparency, which is nominally intended to protect the nations intelligence interest and prevent the targeted criminals from learning that they are in danger. This same obscurity enables abuses of power by government agencies, and various stories from both the 20th and 21st centuries demonstrate that numerous agents in the government are willing to engage in such. Without whistleblowers such as Snowden, it would be nearly impossible to uncover such scandals, as more and more people would become involved and complicit upon learning of its existence.

However, there also exists another avenue for surveillance, one that has a more nebulous relationship with the Fourth Amendment. Brennan-Marquis (2017) discusses how large IT corporations, such as AT&T or various internet service providers, will collect users personal information and share it with the government voluntarily. Barring scenarios where data collection is happening illegally, users typically give their consent to such gathering, described in notoriously long and convoluted Terms of Service. As a result, the Fourth Amendment is technically bypassed, as the information was given away after consent was obtained, and the company gave it away freely, as well. With that said, the end result is the same gathering of data that is ripe for abuse, which is likely beyond most citizens expectations of privacy. Hence, this issue should also be addressed, as it addresses a loophole in the Constitution.

Lastly, it is necessary to consider whether mass surveillance achieves effects in cybercrime prevention that justify its existence. Per Boussios (2016), Snowden and other advocates for the elimination of surveillance allege that the programs are ineffective in achieving their stated objectives. The reason is that, while the state has the technology needed to gather massive amounts of information, few to no effective methods exist for analyzing it and deriving useful results. At the same time, the costs of the program, both economic and social, are massive, draining billions from the budget and reducing citizen trust in the government. It should be mentioned that future developments in big data technology may enable the analysis of such massive amounts of information. However, for now, the results achieved by surveillance have been underwhelming, particularly when compared to the abuses that were uncovered.

With the dangers and failures of mass surveillance taken into consideration, the conclusion skews toward restricting the practice. With that said, the secrecy requirements of fighting crime, both physical and informational, prevent the solution of increasing transparency from being reasonable. Snowdens solution of increasing whistleblower protections, as described by Boussios (2016), may be effective, but first, a thorough review of the agencies involved in surveillance to uncover existing abuses is required. Additionally, it is necessary to consider the private company issue mentioned above. This paper recommends applying the same protections for this variety of data gathering as for seizures at government order, prohibiting agencies from accepting the information without reasonable cause. Overall, data gathering should only take place in the same circumstances as physical government searches and be subject to the same restrictions.

Mass surveillance has a strongly negative public image and a variety of negative implications that were explored by scholars and writers throughout the 20th and 21st centuries. Its dangers have been confirmed both within the U.S. government and internationally with various scandals that revealed government corruption. On the other hand, the risks of cybercrime and the effectiveness of private data gathering are less clear. The necessity of using surveillance-associated preventative measures for both cybercrime and terrorism does not appear to have been established over the nearly two decades of their use. As such, there should be little question of whether it is necessary to strike a balance between respecting citizen privacy and preventing crime. The Constitution takes precedence, and where its letter may be lacking, lawmakers and judicial bodies should respond by reinforcing its spirit to protect the integrity of the system.

References

Boussios, E. G. (2016). The right to privacy?  The debate over the United States governments control over its cyberspace. Athens Journal of Law, 2(4), 211-224.

Brennan-Marquez, K. (2017). The Constitutional limits of private surveillance. University of Kansas Law Review, 66, 485-521.

Case Study: Email Scam

Today, cybercrime is an extremely common type of criminal activity. It can be defined as any crime carried out using technology, with the computing device being the target of the attack or used as a weapon or accessory to the crime (Brush et al., 2021). An email scam and bank fraud are evident in the electronic correspondence presented by the recent victim of this type of crime. The perpetrator enticed the victim with the promise of a large sum of money, prompting them to give up their personal information. They transferred funds from the victims savings account upon receiving the information. The received email can be recognized as a scam due to poor grammar, lack of proof, and explanation of legal reasons why the money needs to be transferred to the victim.

Common Cybercrimes

There are many types of cybercrime that the public should be aware of. The most common crimes are business email compromise (BEC), identity theft, ransomware, spoofing, and phishing (Federal Bureau of Investigation, 2021). The BEC scam exploits the fact that many businesses conduct business online. The offender can use either spoof the companys email address or convince the victim that money should be wired to a new address (Federal Bureau of Investigation, 2021). Identity theft includes stealing personal information or persuading the victim to share it. Meanwhile, spoofing and phishing trick individuals into voluntarily giving up sensitive data to a site they believe are trustworthy, for example, their bank (Federal Bureau of Investigation, 2021). In addition, ransomware and malware can be installed on the victims devices to steal personal data.

Appeal to Victims

Although many people are familiar with various types of cybercrime, some still fall victim to it. Online scammers are proficient in technology and human psychology and know how to appeal to different people. Specifically, cybercriminals have perfected two elements that help them convince victims to surrender their personal information: credibility and persuasion (Jochims, 2019). Credibility is achieved through the format of spoofing and phishing emails and texts being indiscernible from real correspondence from banks or other institutions (Jochims, 2019). Meanwhile, the persuasion element lies in knowing the easiest organizations to spoof (Jochims, 2019). Furthermore, criminals exploit peoples unawareness of cybercrime trends and general ignorance about cybersecurity/ Thus, perpetrators easily appeal to victims to share sensitive data by creating credible and persuasive tools.

Pursuing cybercrime

Cybercrime differs from other types of criminal activity and is more challenging for law enforcement to pursue. The main obstacle is the anonymity afforded to the perpetrators by technology. Users can employ anonymizers, proxy servers, and anonymity networks to hide their IP address and, consequently, physical location (United Nations Office on Drugs and Crime, 2019). Even if a digital device is located, it is difficult to attribute a crime to the owner or primary user (United Nations Office on Drugs and Crime, 2019). Furthermore, it may be challenging to identify where the crime occurred and what jurisdiction it falls in (Maillart, 2018). Nevertheless, local, state, and federal agencies in the U.S. work in conjunction. For example, the FBI heads several Cyber Task Forces operating locally (Federal Bureau of Investigation, 2019). Thus, despite the jurisdictional challenge, cybercrime is being actively pursued by law enforcement agencies.

Impact of Cybercrime

Cybercrime has a severe negative effect on individuals and businesses in the community. Thus, individuals may lose substantial amounts of personal funds or deal with their identity being exploited online and offline. Furthermore, the anonymity of the offenders leads to difficulty in apprehension and, consequently, persecution. It can also lead to the victims of cyber identity theft being unable to prove their lack of involvement in fraudulent transactions. In addition, many businesses are impacted, as security breaches lead to corporate value and trust in the company decreasing (Brush et al., 2021). Business ventures can also sustain direct costs from cyberattacks and lose revenue, leading to fewer working places being available to the community.

Strategies to Address Cybercrime

Today, every individual should be able to recognize cyber threats and react to them appropriately. The first strategy to consider is education on common types of cybercrimes and safety measures. Individuals are recommended to be careful with their personal data and remove it from major data brokers to avoid identity theft (Forbes Technology Council, 2019). The use of public Wi-Fi should also be avoided, and users should set up long, random passwords to all accounts, set up account alerts, and enable two-factor authentication (Forbes Technology Council, 2019). Users would also benefit from double-checking future transactions and refusing to share information with third parties. All individuals are advised to review what institutions require personal data and what measures are installed for its protection.

References

Brush, K., Rosencrance, L., & Cobb, M. (2021). What is cybercrime? SearchSecurity. Web.

Federal Bureau of Investigation. (2019). The way forward: Working together to tackle cybercrime. Web.

Federal Bureau of Investigation. (2021). Cybercrime. Web.

Forbes Technology Council. (2019). 14 simple strategies for consumers to avoid cybercrime. Forbes. Web.

Jochims, K. (2019). Criminal appeal and secure virtual behavior. Relock. Web.

Maillart, J. (2018). The limits of subjective territorial jurisdiction in the context of cybercrime. ERA Forum, 19(3), 375-390. Web.

United Nations Office on Drugs and Crime. (2019). Cybercrime module 5 key issues: Obstacles to cybercrime investigations. Web.

Mobile Devices

Many organizations can access high-tech mobile devices today. This has improved the way they use internet in their operations. However, this has increased their vulnerability to internet crime. Mobile technology has enabled many organizations to carry out their activities via the devices.

The mobile content in many cases has led to loss of privacy and integrity for many organizations. In addition, organizations data and important information have leaked to the public. In order to be safe from these threats, the organizations should avoid installing new applications to their phones without verifying their legitimacy.

Many of these applications in the market are designed by scammers with intention of corrupting the highly secured phones. Moreover, the organizations should use mobile phones that are secured. iPhones are among the recommended mobile phones. This is because the risk can be mitigated.

Toolkits and Why They Should Concern Organizations

Toolkit is a means or channel through which cybercrime is committed. Cybercriminals use toolkits in different scenarios including malware attacks. In this case they infect search engines. Toolkits also help the cybercriminals by automating the processes such as web page creation. Examples of toolkits include XRumer, ZeuS and uMaxSoft Doorway Generator.

Toolkit should be of concern to organizations because they can be used to produce keywords for sites. This poses a risk to the organizations whose data can be found on their sites. Toolkits are also used to spread spam. For example it has been used to spread it through twitter. Organizations should protect themselves by using the latest updates on their software.

Avoiding providing information without verifying the source of request is another way to protect an organization from scams. In addition the organizations should be on the look out to avoid responding to insecure emails, installing corrupted software and other malicious activities.

Recently Reported Phishing Trends

Figure 1:

Phishing scams continue to take different dimensions. Web attacks increased in the year 2010 and 2011. Mobile phishing is also increasing with advancement in technology. Loss of finances through credit card has also been reported. This is because people are tricked into providing personal information that lead to loss of their money.

Recognizing Phishing Scams

• In phishing email the greeting line is generic while in legitimate email, it is personalized.
• Tone can also be used. That is, they ask you to follow their instructions urgently failure to which you will be responsible for the consequences thereafter.
• Always check the links and the URLs. Their links and URL use tricks such as @ symbol near the end of the address. The preceding character which is mostly ignored by the recipient give their actual address.
• Unlike legitimate mails, phishing emails may resemble websites.
• Phishing style of writing is not always formal. It includes spelling mistakes and poor grammar. This is to avoid spam filters.
• Regular use of pop-up boxes which is not common with legitimate companies is another way of recognizing phishing scams.
• You can also recognize a phishing scam if a company is claiming that you have an account with them and in the real sense you dont have.

Thing to Do When Victimized By a Phishing Scam

• Report the crime once you suspect that another person is using your identity without your consent. The law enforcement agency will investigate the issue.
• In case the phishing scam concerns financial account, communicate with the financial institution as soon as possible. This will enable them to block any transaction hence protecting your money.
• Keep every record of transaction or information exchanged between you and the people phishing. This can be used as evidence and can also help trace them.
• To avoid the occurrence of the same, one can change passwords or block the account and reopen new one.

Introduction

The paper provides an analysis of cyber crime and its impacts on the criminal justice system. Cyber-crime deals with criminal activities that manipulate computers and networks to cause harm to people, companies, and countries. Judges, prosecutors, and police undergo problems when dealing with these crimes. Reports show that the crime is on the rise because more people have access to computers and the internet than ever before. Within the duration of four years, people who have access to the internet grew by 40 million. In the year 2013, the number of crimes investigated was more than 63,000 (Bronner, 2014).

Analysis of the article

Cybercriminals are more interested in accessing intelligence information than stealing the actual property. Most of the hacks are inside jobs executed by companies employees paid by rival companies to access important data. Hackers have now turned their attention to banks to get account information rather than stealing the money. The banking industry warned that the trend would continue over the next few years, therefore new laws are required to curb the crime. It is important to understand that cybercriminals target unsecured websites and networks that are easy to hack. Only specific people are involved in the crime because the crime requires technical knowledge. The computer is the tool used for committing the crime, and it can take place at any place. China has faced the largest number of attacks than any other country, with more than 200 government websites being hacked (Bronner, 2014). Inventing the software to protect computer systems from hackers is the main challenge facing many countries.

Analysis of the impact of cyber crime on the worldwide justice system

Cyber-crime has created a major concern for governments across the world because of the increase in the number of internet users. This global challenge on the crime started after the invention of the internet. The internet enables criminals to commit crime because it connects computers all over the world. A criminal in one country can access a computer system in another country without being detected because the global computer network accelerates the crime. According to the United Nations on International cyber crimes, there is a lack of clear laws that define the role of the judiciary on issues affecting the crimes (Kshetri, 2010). When conducting investigations, challenges encountered include the diversity of computer hardware and software complexities.

Some countries lack enough resources to implement cyber-crime laws. The situation becomes difficult because countries do not want to harmonize their laws since it leads to dual criminality. More to this, working together as countries may lead to leakage of sensitive information such as financial data. The United Nation acknowledged that the lack of cyber laws is one of the challenges facing the world in this century. (Kshetri, 2010). Most countries are lagging behind in updating their technologies due to a lack of qualified personnel. The consequence of out-dated technology is that new technology has outmoded current laws, therefore restricting prosecutors and judges to fight the crimes.

Conclusion

The report analyzed cyber-crime and the impacts it has on the worldwide justice system. To solve global crime, all countries must agree to work together. They should also stop spying on one another through hacking. There is a need to increase resources to fight the crime, especially in poor countries. The judicial system needs training on the new forms of technology of fighting cyber crime. The crimes have risen because more people have access to computers and the internet than before. When conducting investigations, challenges encountered include the diversity of computer hardware and software complexities.

References

Bronner, D. (2014). Report Shows Cyber Crime is on the Rise. Web.

Kshetri, N. (2010). The Global Cyber crime Industry: Economic, Institutional and Strategic Perspectives. Berlin: Springer.

Among many social problems that have already been discussed, the issue of rising cybercrime has been on my mind the most. I would like to discuss this issue and the questions that arise from it in more detail.

In the world of today, it is difficult to imagine not using technology in some capacity, however recently gadgets that are considered helpful have been making their users more vulnerable. Whereas before to steal ones information a thief had to physically enter a home, now they can access this information from the comfort of their own home through a device, completely anonymously. Mass leaks of sensitive information from companies have been affecting thousands of people, whose Social Security numbers and other private information has been stolen by mysterious and often untraceable hackers. Online threats of violence and doxing  the act of publicly revealing private information about a person online  are becoming more wide-spread. Online stalking and harassment, theft of personal information, extortion through digital means  all of these are new issues that already plague society. Worse still, the fields of jurisprudence and law enforcement are slow to adapt to modern-day technology and oftentimes it is difficult for crimes committed in the digital space to be investigated to a satisfying conclusion even if they are reported.

It is also worth considering how many people fall under the scope of this social issue. Among the users of smartphones and smart devices are children and other vulnerable populations. Smart devices are in our cars, kitchenware, TVs, medical devices, among others. It is highly difficult to avoid using them at home or at work. However, the systems used by these devices are vast and complex, with many loopholes and weak areas that allow criminals to not only access them, but also to control them for nefarious means (Bayard, 2019, p. 69). This means that almost everyone is susceptible at any time, day or night. Cybercrime is among the worlds latest social problems and if it not quickly addressed, it is bound to snowball out of control. The biggest question raised by this issue is: what is to be done about it? It is important to consider this question at both a personal level and government level and explore possible solutions.

Reference

Bayard, E. (2019). The rise of cybercrime and the need for state cybersecurity regulations, Rutgers Computer & Tech. LJ, 4, 69-95.

Introduction

Currently, one may observe the rapid development of modern technologies that are used in most aspects of human life. IT technologies are engaged not only in many areas of business, including medicine. However, one may use them for negative purposes. Hacker break-ins and extortion of money have become widespread among private companies and at the state level. Usually, hacking of personal data and the threat of their destruction or dissemination becomes the subject of money blackmailing. Moreover, the target of hackers can be military facilities, including missile launchers, which are often controlled by computers. Therefore, this can pose a serious threat. The aim of this paper is to analyze hacking and its components, such as ethical hacking, and to manage cyber security, on the example of the Universitys data break-in.

Main body

Today, there is an increase in demand for security technologies, including hacking prevention. The trend toward digitalization in the provision of services, including healthcare systems that use electronic patient records, has led to a change in safety priorities (Abouelmehdi et al., 2017). Thereby, the concept of ethical hacking emerged, which is legal action aimed at identifying IT security weaknesses voluntarily. It has its pros both for the hacker, as working legally, and for companies, because they can safely discover the downsides of their cyber security. In this case, the white hacker not only provides information about the detected weak spots but may also deliver services to eliminate them if one has sufficient competence. However, ethical hacking also has its cons: for example, a cracker may decide to extort a large amount of money at any time if the information is valuable.

Qualitative cybersecurity includes strategies to encrypt sensitive data so there is no way to decrypt the information and use it even if a breach happens. One such strategy in healthcare is de-identification: rejecting any information that may help identify the patient (Abouelmehdi et al., 2017). One may also use it in university databases that store important students or financial information. In the event of a hack, it is necessary to adhere to a clear plan, namely, contact the relevant security authorities and inform the university management. Further, one needs to negotiate with the hacker and take steps to mitigate the consequences; this is important because a clear plan will help minimize losses in a stressful situation. Having a clear plan is necessary as hacker attacks are usually carried out unexpectedly, much like military operations. A well-thought plan will help one not act chaotically, saving valuable time and reducing stress.

In case of any emergency, including when an organization like a university is hacked, the consequences impact many aspects. There is a definite relation between leadership and core values, in this case, university ones. Thus, leadership implies, primarily, the provision of quality services, which is impossible in an unsafe cyber environment. Among the core values are those related to confidentiality, which is the main target of any attack. Likewise, IT governance provides cybersecurity services to university governance, which links the previous elements between themselves. In addition, communication between the IT department and university governance, especially in an emergency, is usually foreseen in the cybersecurity risk management plan. Therefore, the main component of a cybersecurity plan is communication between the mentioned links. All this formulates the connection between the above elements, as well as the interest of all parties.

In the case under consideration, namely the hacking of the University of an ethical nature, as it was mentioned by a hacker, with a proposal to improve cybersecurity on a voluntary basis, there are several stakeholders. Firstly, the main ones are the hacker and, accordingly, the object of hacking, namely the Universitys governance and the IT department. However, stakeholders are also students, as the object to whom the University provides services, and staff (teachers and workers). It is formulated by the Universitys success affecting their performance, which also affects the Universitys work. Thereby, all parties are interconnected and interested in the successful resolution of the situation.

Considering that the break-in was of an ethical nature, it is necessary to determine whether both parties acted ethically. From a hackers perspective, the very proposal to improve cybersecurity seems ethical. However, one should not forget that it was done without warning. Thus, the IT director was obliged to accept the fact of having no choice. Moreover, no legal agreement was concluded confirming the voluntariness and legality of such actions. Consequently, the hackers actions seem unethical, although they did not intend to blackmail or extort a large amount of money. The actions of the IT director are ethical, as they were conditioned by the emergency plan and by the fact of a security threat. Namely, the notification of the security service and the university governing bodies and negotiations to de-escalate the situation.

Actions to be taken by IT in the event of a breach include those aimed at leveling the consequences of the situation. Firstly, immediately after receiving a message from a hacker, it is necessary to notify all the relevant authorities. These include the IT security department, governing bodies (in the current case of the University), and senior management. Further, one should analyze the scale of the threat and what information was hacked. Moreover, it is crucial to assess the degree of a threat if the conditions set by the hacker are not met and the potential losses. In addition, one needs to try to negotiate in order to gain time for further actions. It is also important because one may try to negotiate with the hacker or reduce the damage.

Ethical hacks can be helpful in the context of improving cybersecurity in general. Indeed, the IT field is a specific and new one that must be subjected to hacking attempts to enhance security systems. In addition, sometimes hackers have the necessary specialized knowledge that is lacking when training security professionals. Nowadays, extensive data security and privacy are considered a barrier for researchers (Abouelmehdi et al., 2017). In other words, the IT department could partner with white-hat hackers to improve their skills, taking ethical hacking to the next level. Even though companies practice cooperation with ethical hackers, it does not seem to be enough.

Conclusion

Consequently, one may conclude that the development of information technology has led to the use of computers in almost all areas of service provision, business, and industry. This formulates high priority in designing proper protection strategies. In the context of cybersecurity risk management, it is vital not only to have good protection but also to have a clear plan for dealing with a threat. One needs to develop existing cybersecurity strategies, such as de-identification, to provide a higher level of safety. Moreover, in the context of university hacking, it was identified that hackers actions are unethical. In contrast, the actions of the IT director are ethical and according to the plan in place to manage the cyber security risk.

Reference

Abouelmehdi, K., Hssane, A. B., Khaloufi, H., & Saadi, M. (2017). Big data security and privacy in healthcare: A review. Procedia Computer Science, 113, 73-80.

Introduction/Literature Review

Cybercrime is an illegal activity that targets computer users and networks of devices for malicious reasons. Most cybercrime activities are undertaken by hackers and crackers who want to manipulate the online system to make money or for social and political initiatives. The phenomenon can be done by a person or organization, such as governments using advanced techniques which require competency in the internet of things (IoT), a tool powered by artificial intelligence (AI). According to Saini et al. (2012), cybercrime is an act committed or omitted in violation of a law forbidding or commanding it and for which punishment is imposed upon conviction. Therefore, it means the word carries a wide array of issues related to criminal activities facilitated by the intensive utilization of millions of computers and related systems in the contemporary world.

It is not easy to curl cybercrime issues in the businesses nowadays. Broadhurst (2006) says, Controlling crime involving digital technology and computer networks will also require a variety of new networks: networks between police and other agencies within government, networks between police and private institutions, and networks of police across national borders. Therefore, it is difficult to end the criminal activities done online without collaboration between agencies involved in cyber issues. For example, the Council of Europes Cyber-crime Convention (CoECC) shows efforts to build the global significance of the fight against cybercrime activities (Broadhurst, 2006). Other examples include the United Nations Convention (UNC) against transnational organized crime which deals with world criminal networks where a significant cyber safety risk is involved.

Methodology

This report used various articles that were available for consultation on cybercrime issues. A total of 14 sources were used to compile the data and bring conclusions based on the findings. Most of the sources used ranged between 2012 and 2020, with many being scholarly, meaning they have been peer-reviewed. The key terms for the search were the effects of cybercrime in businesses, types of cybercrime, and how to control cybercrime. The report is presented and arranged in professional and academic prose.

Types and Examples of Cybercrime

This type of cybercrime happens when an attacker monitors information streams from a given end where the details are collected for personal gain. It comprises sniffing into data network traffic and observing the streams such as radio (Choo & Grabosky, 2013). This requires the attacker to be consistent in monitoring frequent communications or may initiate an established data stream that probes users to get into the trap by participating in various online programs. The attacker can read the content from the explicit data channels. in this case, data can be intercepted or modified and distributed to third parties who tamper with it to gain their leads. For example, when an online user changes dollar amounts in a transaction from $100 to $10,000, an entire set of valid data may interject onto the network, repeating as many times as the attacker wants (Saini et al., 2012). An evident example is phishing emails, as seen in Figure 1 below, where hackers send emails to random users with links that can be useful in redirecting them to access financial data for the victims, which may end up robbing them virtually.

Network Crime

This type of cybercrime is one in which a computer network is interfered with where the attacker inputs, transmits, damages, and deletes a given network data, suppressing the information contained in the data set. For this type of crime to occur, a network must be interfered with or altered in a sabotaging manner for the user to dominate the network usage on their end (Choo & Grabosky, 2013). For example, identity theft is a common occasion where users fakes themselves to represent other parties without their official verification or consent. Various software that can undertake this type of cybercrime includes keyloggers, Trojans, bots, and mail clients (Gordon and Ford, 2006). For example, IM and FTP software can commission various functions. Hence, they cannot be fully said to be crimeware.

Access Crime

This type of cybercrime is where unauthorized access or virus dissemination is executed successfully. An insiders view of a computer cracker underground is rampant in unauthorized access whereby a user can separate computer screens from manipulating files or media they want. Malicious software may attach to other software, such as Trojan Horse, Logic Bomb, and Rabbit (Tendulkar, 2013). In this case, a victims system is destroyed and may incur the cost of either changing the system or rebooting it to start from scratch, depending on the level of attack. Distributed denial of service (DDOS) is an example under this category where crackers access a host machine and freezes it such that no intended user can access it (Tendulkar, 2013). This threat harms organizations since there could be financial implications that may result adversely from access crime.

Impacts of Cybercrime on Businesses

Modern businesses are influenced highly by digital tools that transform or drive enterprises to meet revenue and profits. There are many aspects of how business is related to cyber activities. For instance, in the United Kingdom, 7% of the population, representing about 4 million individuals, have been the victim of identity fraud which has financial implications (Lagazio et al., 2014). Due to cybercrime, many companies have been exploited financially, making their online business transactions vulnerable to hackers and crackers. Increasing revenue is set to deal with access crime or network sabotage, which is commonly experienced in businesses (Lagazio et al., 2014). The digital innovations for upcoming business giants have been affected as the firms fear losses that may incur if attacked financially.

Additionally, when a company falls prey to cyber-attacks, the customers do not have the confidence to transact with the enterprise for fear that they might fall on the same track (Lagazio et al., 2014). Thus, it means businesses continually lose valuable leads due to uncertain events caused by cybercrime. There are trust issues where buyers may not be able to positively perceive an existing e-commerce channel, as seen in figure 2 below (Apau & Koranteng, 2020). Moreover, consumers have changed their attitude toward businesses, meaning the intention to purchase on e-platforms can vary due to rampant cybercrime issues. The conceptual framework of the above idea can be seen in Figure 1.

There is a major problem when it comes to combating issues that are brought about by cybercrime. The consequences can be felt in private businesses where alteration of financial planning can be rampant. According to xxx, a study undertaken on US companies shows that the median annualized cost of cybercrime for 50 organizations is $5.9 million per year, with a range of $1.5 million to $36.5 million each year per company (Das and Nayak, 2013). That comes despite the awareness of cyber threats on financial consequences in the said organizations. Therefore, cybercrime has brought financial strains when companies try to combat or respond to online attacks. Businesses fall victim to cybercrime but at different levels, and there is an economic impact.

From the above details, the cost of protection, loss of sales, and uncertain business sustainability are the key effects of cybercrime on businesses. For example, Target Corporation announced been breached its cyber security in 2013, where more than 40 million credit card data was accessed (Smith et al., 2018). Many accounts were affected, and the customers credit and debit card details were sold in the black market for about $53 million (Smith et al., 2018). Table 1 shows a list of companies affected by cybercrime and its effects on their daily operations.

Table 1: Companies and cybercrime 

The Cost of Cybercrime

Combatting cybercrime is costly to organizations because the monetary implications for preventing and dealing with attacks is increasing daily. As seen in Figure 3 below, various industries have been affected by cyber-attacks worldwide as per the 2010-11 data. According to United Nations Security Agency (USA), the cost of cybercrime was approximately $385 billion in 2014 (Watkins, 2014). In the UK, the National Audit estimated the cost to be 18 billion Euros per year, whereas the US figures indicate roughly $100 billion per annum (Watkins, 2014). As of now, the cybercrime cost is around $6 trillion, which is projected by 2021. According to Morgan (2020), it is expected by 2025, the cost will go high by 15%, reaching an approximated figure of $10.5 trillion. That will be one of the most significant transfers of economic wealth since time immemorial, with risks towards innovation and investment in the business.

The costs are based on destroyed data, stolen funds, low productivity, and intellectual property theft, among others. The biggest contributor to this cost includes ransomware, which has reached epidemic levels. Morgan and Calif (2020) say, A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion in 2017, up from $325 million in 2015  a 15X increase in just two years. The damages for 2018 were estimated at $8 billion, and for 2019 the figure rose to $11.5 billion. Thus, cybercrime is one of the drawbacks that may affect the worlds technicalities, economies of scale, and political realms.

Additionally, cybercrime has led to significant loss of business and intellectual property, which means increased costs in leveraging security, workflows, and company reputation for companies. In this case, firms that report major attacks end up dropping by 1.5% value of their stock (Watkins, 2014). For example, a Canadian-based company, Nortel Networks Limited, has fallen prey to Chinese attackers for many years, and it went bankrupt in 2009 (Watkins, 2014). All the impact was from the theft of critical data for the company due to cybercrime. Intellectual property theft has accounted for almost 75% of financial losses in businesses (Watkins, 2014). The US insurance sector grew by less than 100 million USD for yearly premiums (Watkins, 2014). Many Asian and European companies are observing a similar trend as cyber-attacks continue to cost their market values.

Actions Taken to Combat Cybercrime: How to Stop Cybercrime

Cybercrime framework revolves around a series of processes that can curl online attacks. A company needs to identify, protect, detect, respond and recover any measure attempting to limit their cyber safety, as seen in Figure 4 below (Crane, 2020). Firstly is combatting through collaborative initiatives such as using investigative agencies such as the Federal Bureau of Investigations (FBI) to examine computer intrusions (Smith et al., 2018). Secondly, there are reporting mechanisms that effectively address the matter where the public can get reliable techniques that comply with a crime. That means operational and investigative support is considered while boosting research and innovation to counter the attacks. Various preventive measures can be employed to protect the cyber-related attacks. For example, keeping firewalls on to protect malicious users is important (Setiawan et al., 2018). Furthermore, an organization or a user should install antivirus software that is up to date to spy on any ransomware technology.

For instance, knowledge of how to use digital platforms is required to enlighten users about the dangers of using foreign private networks to download or transact online. Use of full-service internet security protocols is encouraged, such as using Norton 360 software that offers in-one protection for networks and handsets (Van de Mark, 2020). Lastly, it is important to protect devices or networks using key-in values that are not easily authenticated without the users consent. That includes suggesting strong passwords for various useful logins in a digital platform. For large organizations, offering training to employees and creating a system security plan (SSP) is recommendable since the practices keep data secure (Van de Mark, 2020). Enforcing a strong password policy is required for the employees or users in various levels of organizational business.

Conclusion

Cybercrime includes illegal computer usage, which targets organizations and users. An example of cybercrime is phishing, identity theft, and DDOS. Businesses have lost sales, incurred high protective costs, and experienced changes in consumerism trends. The cost of cybercrime is approximately $6 trillion, and figures may double by 2025. The preventive measures for cybercrime include preventive measures and a cybersecurity framework that uses a calculative strategy to monitor intrusions. Organizations must follow compliant measures that will enable effective combatting of cybercrime issues.

References

B. Watkins, The impact of cyber attacks on the private sector, Association for International affairs, 2014.

C. Crane, How to prevent cybercrime: 9 helpful tips, Hashed Out by The SSL Store, (Online). Web.

H. Saini, Y. Yao, and T. Panda, Cyber-crimes and their impacts: A review, International Journal of Engineering Research, vol. 2, no. 2, pp. 202209, 2012.

K. T. Smith, A. Jones, L. Johnson, and L. M. Smith, Examination of cybercrime and its effects on corporate stock value, Journal of Information, Communication and Ethics in Society, vol. 17, no. 1, pp. 4260, 2019.

K.K. Choo and P. Grabosky, Cybercrime, Oxford Handbooks Online, vol. 2, no. 3, pp. 2334, 2013.

M. Lagazio, N. Sherif, and M. Cushman, A multi-level approach to understanding the impact of cybercrime on the financial sector, Computers & Security, vol. 45, no. 21, pp. 5874, 2014.

N. Setiawan, V. cita emia Tarigan, P. buana Sari, Y. Rossanty, P. Nasution, and I. Siregar, Impact of cybercrime in e-business and trust, International Journal of Civil Engineering and Technology, vol. 9, no. 7, pp. 652656.

R. Apau and F. N. Koranteng, Impact of cybercrime and trust on the use of e-commerce technologies: An application of the theory of planned behavior, International Journal of Cyber Criminology, vol. 13, no. 2, pp. 228254, 2020.

R. Broadhurst, Developments in the global law enforcement of cyber-crime, SSRN, vol. 29, no. 3, pp. 126.

R. Tendulkar, Cyber-crime, securities markets and systemic risk, World Federation of Exchanges, vol. 3, no. 7, pp. 356, 2013.

R. Van de Mark, Industry of anonymity: Inside the business of cybercrime by Jonathan Lusthaus, Osgoode Hall Law, vol. 61, no. 5, pp. 18, 2020.

S. Das and T. Nayak, Impact of cybercrime: Issues and challenges, International Journal of Engineering Sciences & Emerging Technologies, vol. 6, no. 2, pp. 112, 2013.

S. Gordon and R. Ford, On the definition and classification of cybercrime, Journal in Computer Virology, vol. 2, no. 1, pp. 1320, 2006.

[14] S. Morgan and S. Calif, Cybercrime to cost the world $10.5 trillion annually by 2025, Cybercrime Magazine, (Online). Web.

Other than the two basic types of computer crimes above, what non-computer crimes might a computer forensics examiner get involved with, and how?

A computer forensics examiner may be called upon to provide evidence and advice in a court of law. He or she should always gather and preserve evidence according to Federal Rules of Evidence. The examiner has three basic tasks which include finding, preserving, and preparing evidence (Vacca, 2005). Before logs disappear, digital forensics investigators are required to capture as much information as possible to be presented in court as evidence.

What is the purpose of a standard operating procedure (SOP) in digital forensics? You might also think of this as a systematic approach to the investigation. List five activities that should be in every SOP for digital forensics.

Standard operating procedures (SOPs) are usually the ultimate goal of practitioner-based computer forensic models. Proper SOPs are essential for digital forensic practitioners to perform investigations that ensure validity, legitimacy, and reliability of digital evidence (Peterson & Shenoi, 2009). According to Casey (2007), a SOP is a set of steps that should be performed each time a computer is collected or examined. The activities in every SOP include collecting evidence, preserving the evidence, analyzing the evidence in a consistent and thorough manner, preparing reports based upon the evidence analyzed by each examiner, and documenting cases complete with notes, worksheets, and other documents used by the examiner to support his or her conclusions.

What is the primary difference between government run and corporate run high-tech investigations?

Computer forensics can be either a public investigation or a corporate investigation (Nelson, Phillips & Steuart, 2009). Ordinarily, a public investigation involves government agencies that are responsible for criminal investigations and prosecution. These government agencies range from local, county, and state or provincial police departments to federal regulatory enforcement agencies. While public investigations involve criminal cases and government agencies, corporate investigations deal with private companies, non-law enforcement government agencies, and lawyers. Private organizations are never governed directly by criminal law or Fourth Amendment issues. They are instead governed by internal policies that define expected employee behavior and conduct in the workplace. To some extent, corporate investigations can also involve litigation.

If you are hired to conduct a digital forensics investigation by either side in a criminal or civil action, to what do you owe your allegiance?

If hired to conduct a digital forensics investigation by either side in a criminal or civil action, I will have no choice but to fully represent the interests of my client and defend him or her at whatever cost. This is regardless of whether or not the client in the digital forensics investigation case is on the wrong. As my clients legal advisor, I have an obligation to protect his or her interests at every stage of the digital forensics investigation till the end (Chow & Shenoi, 2010). The most important thing is to be able to prove that my client requires fair judgment and an opportunity to be heard.

What software or hardware tool must be used in digital media acquisition to protect against inadvertent tainting of evidence by the operating system.

ProDiscover Basic is one of the forensic tools used to write protect any evidence media to ensure that it is not altered (Harvey, 2005). Usually, the program will be started differently depending on the type of operating system in use. When files are deleted, the space they originally occupied become free and can be used for new files that are saved or files that expand as data is added to them. The files that were deleted remain on the disk until a new file is saved to the same physical location, overwriting the old file. With the help of ProDiscover Basic, the deleted files can be retrieved for use as evidence.

Name three different tools that can be used to create bit-stream backup images and identify their strengths.

For the purpose of forensic examination, special forensic software must be used to undertake bit stream imaging. One of tools used is Storage Media Archival Recovery Toolkit (SMART). This tool can acquire digital evidence from a wide variety of devices by creating a true and accurate bit image copy of the original and authenticating the data acquired (Johansson & Maitra, 2003). Its core functions are data acquisition, data authentication, data analysis, and logging as well as reporting. EnCase is another tool used for bit stream imaging. Its core functions include multiple sorting of fields, automated search and analysis of ZIP files and email attachments, file signature and hash library support, and Unicode support. Maresware is a Mares and Companys forensic software product. It provides an essential set of tools for investigating computer records and securing private information.

How does a collision occur in the context of authenticating images of computer media?

Generally, a collision in the context of authenticating images of computer media occurs when specific blocks of authentication are used as input. Typically, this never happens in the real world. However, there are certain security algorithms that can be trusted to deliver reliable results. The MD5, for example, provides secure mechanisms that avoid the frequency of collisions (Shinder & Cross, 2008). It can, therefore, be relied upon by professionals in the digital forensics field.

Discuss physical security of digital forensics labs, including why physical security is necessary and important.

In order to setup a proper digital forensics function, it is necessary for the digital forensics professional to see to it that the actual equipment that performs the digital forensics investigation is both available and securely kept. Physical security is, therefore, very critical in ensuring that a digital forensic investigation process can be trusted (Shoemaker, Conklin & Conklin, 2011). Moreover, because the gathering of electronic evidence often requires a highly controlled physical environment, the digital forensics professional is also responsible for ensuring that the electrical, thermal, acoustic, and physical security requirements of the digital investigation space are continuously satisfied. In conjunction with this latter responsibility, the digital forensics professional is responsible for making certain that the physical requirements of the digital forensics lab are kept up to date including ensuring that access to the laboratory is restricted to authorized personnel.

Compare and contrast the physical vs. logical architecture of a hard disk.

Generally, different physical organization structures of the disk are held by driver software. One of the tasks of computer operating system is to hide such physical differences from users and application programs by providing a logical interface for file access (Borghoff, 2005). The migration strategy which copies data between media that are of different physical, but of the same logical structure, is called replication. An example would be the migration between a hard disk and a Universal Serial Bus device. When using replication, restriction mechanisms carry data to the new media without problems if the information used by the mechanism does not depend on the physical properties of the access media. Other authenticity features or strict copy protection directly depend on the properties of the data representation or of the physical media themselves.

The Fourth Amendment to the Constitution was designed to guarantee a persons right to what? How does it do that?

The Fourth Amendment protects Americans from unreasonable police searches and seizures. It is included in the Bill of Rights to place limits on governments power to interfere with the American citizens. For many years since the Fourth Amendment was adopted, many rules have been established to carefully control when and how searches and seizures are conducted (Smith, 2010). While some people argue that these rules make it too difficult for the police and other law enforcers to catch criminals and win courtroom convictions, others argue the exact opposite.

What is the difference between making a standard copy of a piece of media and making a forensically sound bit-stream backup copy?

Bit stream backups are more thorough than standard backups (Gottschalk, 2012). Unlike standard backups, bit stream backups involve copying every bit of data on a storage device. It is recommended that two such copies of data be made of the original when hard disk drives are involved. Any processing should be performed on one of the backup copies. According to (Vacca, 2005), processing a computer hard disk drive for evidence without a bit stream image backup is like playing with fire in a gas station.

References

Borghoff, U. M. (2005). Long Term Preservation of Digital Documents. Tulsa, OK: Springer.

Casey, E. (2007). Handbook of Computer Crime Investigation: Forensic Tools and Technology. Burlington, MA: Academic Press.

Chow, K. & Shenoi, S. (2010). Advances in Digital Forensics VI: Sixth IFIP WG 11.9 International Conference on Digital Forensics, Hong Kong, China, January 4-6, 2010, Revised Selected Papers. Tulsa, OK: Springer.

Gottschalk, P. (2012). Investigation and Prevention of Financial Crime: Knowledge Management, Intelligence Strategy and Executive Leadership. Burlington, VT: Gower Publishing, Ltd.

Harvey, D. R. (2005). Preserving Digital Materials. Morlenbach, Germany: Walter de Gruyter.

Johansson, T. & Maitra, S. (2003). Progress in Cryptology-INDOCRYPT 2003[: 4th International Conference on Cryptology in India, New Delhi, India, December 8-10, 2003: Proceedings. Berlin, Germany: Springer.

Nelson, B., Phillips, A. & Steuart, C. (2009). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.

Peterson, G. & Shenoi, S. (2009). Advances in Digital Forensics V: Fifth IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2009, Revised Selected Papers. Tulsa, OK: Springer.

Shinder, D. L. & Cross, M. (2008). Scene of the Cybercrime. Burlington, MA: Syngress.

Shoemaker, D., Conklin, W. A. & Conklin, W. A. (2011). Cybersecurity: The Essential Body of Knowledge. Boston, MA: Cengage Learning.

Smith, R. (2010). Fourth Amendment: The Right to Privacy. Edina, MN: ABDO Publishing Company.

Vacca, J. R. (2005). Computer Forensics: Computer Crime Scene Investigation, Volume 1. Hingham, Massachusetts: Charles River Media, Inc.

With the rapid development of new technologies, the safety of personal data is expected to increase. However, no matter how secure a wireless network is, there are some special tools and methods that allow certain people to crack it. Despite the fact that there is a great number of solutions that allow to overcome these attacks, wireless hacking is still a significant threat for networks. The purpose of this paper is to discuss some wireless hacking techniques that affect the security of cloud systems and summarize the article written by Kumar, Mani, and Akunuru.

To begin with, the cloud is one of the modern and rather promising systems that has provided Internet-based services massive growth. Though the security of the cloud is considered to be its vital function, some safety threats are still a significant challenge in this system. Precisely the wireless hacking, which is cracking a networks security protocols and getting full access to abuse, download, store, and view it, is recognized as the prevalent method threatening to attack the cloud system (Rahalkar, 2016). In their article, the authors describe four main wireless hacking techniques (Kumar, Mani, & Akunuru, 2016). In order to completely understand this topic, it is essential to discuss all of them.

Generally, the four key hacking methods are cloud malware injection attack, wrapping attack, denial of service (DoS) attack, and account hijacking attack. First, the attack of malware injection is when a hacker finds a web applications vulnerabilities and embeds hostile codes into it (Kumar et al., 2016). These actions alter the course of the usual implementation. It is necessary for an attacker to produce his or her service request, virtual machine, or personal application and apply it to the clouds structure (Kumar et al., 2016). Second, when the web servers validate signed requests, wrapping attacks determine their weakness using extension markup language signature wrapping.

Third, denial of service attack is attempting to stop the legal users from accessing cloud resources. The attacker sends special bulk messages asking the server to check the requests (Kumar et al., 2016). The purpose of such attacks is to make crucial components fail or consume available hardware resources. Finally, to undertake account hijacking, the attacker needs stolen credentials (Kumar et al., 2016). This allows him or her to get access to sensitive information and compromise the provided services confidentiality, availability, and integrity (Kumar et al., 2016). The types of account hijacking include returning falsified information, manipulating data redirection to illegitimate websites, and eavesdropping on the transaction or sensitive activities.

Apart from discussing the types of wireless hacking that threaten cloud, the article provides the typical reasons for attacking networks and lists some solutions to overcome wireless hacking techniques (Kumar et al., 2016). Therefore, stolen evidence acts as the major factor to hijack the account of individuals (Kumar et al., 2016, p. 90). The attackers other motives are to restrict access to information, steal personal data, change the sent message, and create destruction to the cloud-server system.

As preventing and overcoming wireless hacking techniques is the primary goal of the cloud, some effective methods are invented. For example, there are two-factor authentications that require users entering into three properties to ensure their identities (Kumar et al., 2016). Moreover, perceiving the security policies of service level agreements and cloud provider, employing proactive supervision to predict unauthorized activities, and restricting the account credentials sharing between users and services are the ways to prevent wireless hacking.

References

Kumar, B., Mani, J., & Akunuru, P. C. (2016). A review of wireless hacking techniques that affect the security of cloud systems. Journal of Computations & Modelling, 6(3), 87-103.

Rahalkar, S.A. (2016) Wireless hacking. In Certified ethical hacker (CEH) foundation guide (pp. 143-151). Berkeley, CA: Apress.

Abstract

This paper explores hacking from the perspective of ethics. The ethicality of hacking depends on the motive of the hacker, which also forms the basis for the definition of the different forms of hacking. White hat hackers are ethical according to utilitarianism as they bring utility to the greatest number of individuals. In this paper, white hat and black hat hackers are the ethical players and their actions will be tested for ethicality. Utilitarianism will be used as the test, and the utility approach will be applied as the provision for the test. The paper concludes that white hat hacking is pro ethical while black hat hacking is con ethical.

Introduction

Hacking involves compromising computers systems or networks to access information. The difference between the several forms of hacking hinges on the hackers motives. For instance, a white hat hacker will breach a system or network to expose weaknesses to the owners of such systems with the aim of averting such occurrences before they happen. On the other side, black hat hackers compromise a system for personal gains.

This paper starts by defining hacking together with giving its brief history. The paper then explores white hat and black hat hacking by using an accounting firm as an entity that can be hacked. White hat and black hat hackers are identified as the ethical actors in this case. White hat and black hat hacking are the actions being tested for ethics, and the ethical test is utilitarianism. The specific provisions of utilitarianism are given and incorporated in determining whether the ethical test is pro ethical or con ethical.

What is Hacking?

Hacking is the act of manipulating computer systems and networks to gain access. In most cases, hacking is illegal. The history of hacking goes back to 1965 when William Mathews working at the Massachusetts Institute of Technology (MIT) discovered that the Compatible Time-Sharing System (CTSS) could be compromised to display system password to anyone logged into the system (Erickson, 2008). This discovery, albeit accidental, laid the foundation for hacking as known today.

However, the first known hacker was John Drapper, who invented a method of making free long distance calls, with the help of a toy whistle given away with his cereal (Sample III, 2006, p. 254). The method was nicknamed blue box, and it was mainly used for communication purposes. The first known computer hacker was an employee at the National CSS, who developed software to steal passwords from clients.

Currently, there are two common forms of hacking, viz. black hat and white hat hacking. The difference between the two is based on the motive behind the exercise. Black hat hacking involves compromising computer systems and networks to access information for personal or malicious gains. On the other side, white hat hacking is carried out for non-malicious purposes like exposing system vulnerabilities to improve security.

The ethicality of hacking depends on the motive behind it. For instance, white hat hacking can be termed as ethical because it helps in the improvement of the systems security, which is a good cause. White hat hacker is the ethical actor identified in this case. On the other side, white hat hacking is the action being tested for ethics.

Brief History of Utilitarianism

Utilitarianism is a normative ethics theory, which holds that a morally good action is one that helps the greatest number of people (Mill, 2002, p. 14). In 1780, Jeremy Bentham coined the term utilitarianism to address the issue of moral actions that would bring happiness to the majority of people in a given set up. Later on in 1861, John Stuart Mill enhanced this theory by introducing qualitative measures, which digressed from Benthams quantitative approach in the definition of the term utility. In the 20^th Century, G.E. Moore broadened the definition of utilitarianism by arguing that other values could be maximized as opposed to focusing on pleasure. Utilitarianism is the test being applied in this case.

The ethical standards of a Utilitarian Society

The first ethical standard of a utilitarian society is the utility approach, whereby the best course of action is the one that brings utility to the majority in society (Rosen, 2003). The right approach focuses on the most ethical action that protects, in the best way possible, the moral rights of individuals in that society. Another standard is the fairness or justice standard, whereby individuals living in society should be treated equally or fairly in case inequality is necessary.

The common good ethical standard emphasizes that any action should promote the well-being of everyone in a given setup. Finally, the virtue ethical standard encourages actions that will lead to the development of humanity in different merits like honesty, prudence, self-control, and compassion among others (Singer, 2011). The utility approach will be used as the specific provision of the test.

Ethical hacking

Any form of hacking that seeks to promote the fidelity of a system can be termed as ethical. For instance, white hacking is ethical because it seeks to help system owners to improve security, which ultimately leads to the common good of protecting the users of such a system or network.

Hacking an Accounting Firm

A hacker can breach the systems of an accounting firm to access the clients data for different reasons. A hacker can use stolen laptops or backup drives to access an accounting firms data. In other scenarios, a hacker can use pilfered passwords.

A black hat hacker hacking an accounting firm

A black hat can install malware in an accounting firms system software. The malware is then used to provide access to the systems software like Oracle or SAP. After gaining access to the system, it becomes easy to steal clients information. The most common information that can be stolen includes the clients full names, addresses, phone numbers, social security numbers, and bank account information among others.

This information can be used in tax fraud, identity theft, or steal money from the affected individuals. One advantage of black hat hacking is that firms can hire the hackers to expose system vulnerabilities. The greatest disadvantage of black hat hacking is that most perpetrators are doing it out of malice, and they can cause huge losses to the company. Clients can quit that company and sue it for damages hence huge losses.

A white hat hacker hacking an accounting firm

A white hat hack can use system passwords or backup data to breach the security of an accounting firms system software. Besides, white hat hackers can plant malware in the accounting system software just like their black hat counterparts. White hat hackers can access all the information available in the system. However, when they get the information, they pass it to the firms data security team to work on ways of averting such attacks in the future. The advantage of white hacking is that firms improve their security after the exposure, which prevents data breaches before they happen. The downside of this practice is that the hackers can turn against the firm and share information with third parties who then use it to compromise the systems (Mitnick & Simon, 2005).

Pro or con ethical

White hat hacking seeks to bring utility to the highest number of individuals using the hacked system. The ultimate beneficiaries of white hat hacking in an accounting firm are the clients whose information is protected from the activities of black hat hackers seeking to use it for malicious goals. Therefore, according to utilitarianism, white hat hacking is the best course of action that can be taken in an accounting firm faced with the threat of security breaches. In this case, the ethical test is satisfied; hence, it is pro ethical. On the other hand, black hat hacking brings utility to the minority (only the hacker), and thus it fails the test of utilitarianism. Hence, it is con ethical.

Conclusion

In the light of this papers discussions, it suffices to conclude that white hat hacking is pro ethical while black hat hacking is con ethical. According to the utility provision of utilitarianism, an action is termed ethical if it brings utility to the greatest number of people. In this case, the accounting firms clients, which are the majority, derive utility from white hacking as it secures their information from being stolen by black hat hackers. On the other side, black hat hacking is con ethical because only the hacker, the minority, derives utility from his/her actions, and thus this act fails the utilitarianism test.

References

Erickson, J. (2008). Hacking: The art of exploitation (2nd ed.). San Francisco, CA: No Starch Press.

Mill, J.S. (2002). Utilitarianism (2nd ed.). Indianapolis, IN: Hackett Publishing Company.

Mitnick, K., & Simon, W. (2005). The art of intrusion: the real stories behind the exploits of hackers, intruders, and deceivers. Indianapolis, IN: Wiley Publishing.

Rosen, F. (2003). Classical utilitarianism from Hume to Mill. Abington, UK: Routledge.

Sample III, C. (2006). PSP Hacks. Sebastopol, CA: OReilly.

Singer, P. (2011). Practical Ethics (3rd ed.). Cambridge, UK: Cambridge University Press.