Ethical Hacking

Alana Maurushat Maurushat is Professor of Cybersecurity and Behaviour at Western Sydney Univeristy. She is also on the Board of Directors for the cybercrime investigation firm IFW Global.

Chapter I: Why Ethical Hacking?
1.1 You
1.2 Me
1.3 Ethical Hacking



Chapter II: Essential Terms and Concepts
2.1 Types of Ethical Hackers
2.2 Definitions and Typology of Ethical Hacking
2.3 Conventional Computer-Security-Threat Model
2.4 Common Methods Used in Ethical Hacking
2.5 Other Relevant Terms



Chapter III: Methodology and Quantitative Studies of Ethical Hacking: Evidence-Based Decision and Policy-Making
3.1 Report for Public Safety Canada, 2011
3.2 Summary of Findings
3.3 GDELT Analysis Service—Event Data(with Kevin Kim)
3.4 Google’s BigQuery (with Richard Li)
3.5 Dark-Net Analysis of Malware and Cyber-Jihad Forums
3.5.1 Cyber-Jihad Forums (with Adrian Agius)
3.5.2 Hacking Forums (with Richard Li)
3.6 Observations



Chapter IV: Legal Cases Around the World (with Jelena Ardalic)



Chapter V: Select Ethical-Hacking Incidences: Anonymous



Chapter VI: Select Ethical-Hacking Incidences: Chaos Computer Club, CyberBerkut, LulzSec, Iranian Cyber Army, and Others



Chapter VII: Online Civil Disobedience
7.1 Online Civil Disobedience in Context
7.2 Timeline
7.3 Case Studies
7.3.1 Anonymous, Operation Titstorm
7.3.2 German Lufthansa Protest
7.3.3 Twitter #TellVicEverything Campaign
7.4 Observations



Chapter VIII: Hacktivism
8.1 Hacktivism in Context
8.2 Timelines
8.3 Case Studies
8.3.1 Anonymous, Post-Christmas Charity Donations
8.3.2 Neo-Nazi Website
8.3.3 WikiLeaks, Operation Payback
8.4 Observations



Chapter IX: Penetration/Intrusion Testing and Vulnerability Disclosure
9.1 Penetration Testing and Vulnerability Disclosure in Context
9.2 Timeline
9.3 Case Studies
9.3.1 Australian Security Expert Patrick Webster
9.3.2 Cisco Router9.3.3 LulzSec Hacking to Incentivize Sony to Fix Known Software Bugs
9.3.4 Guardians of Peace, North Korea, and the Sony Pictures Hack
9.3.5 Vulnerability Hunter Glenn Mangham
9.3.6 Da Jiang Innovation
9.4 Observations



Chapter X: Counterattack/Hackback
10.1 Counterattack/Hackback in Context
10.2 Case Studies
10.2.1 LulzSec, MasterCard and PayPal, and Barr
10.2.2 Illegal Streaming Link Sites
10.2.3 Automated Counter-DDoS
10.3 The Legalization of Hackback
10.4 Observations



Chapter XI: Security Activism
11.1 Security Activism in Context
11.2 Case Studies
11.2.1 Spamhaus Project
11.2.2 Spam Fighter
11.2.3 Botnet Removal Communities
11.2.4 Cyber-Security Researcher Y
11.3 Observations



Chapter XII: Ethical-Hacking Challenges in Legal Frameworks, Investigation, Prosecution, and Sentencing
12.1 Criminal Landscape: Convention on Cybercrime and the Canadian Criminal Framework
12.2 Attribution
12.3 Jurisdiction
12.4 Evidence
12.5 Integrity, Volatility of Evidence, and the Trojan-Horse Defence
12.6 Damages
12.7 Sentencing and Dealing with Mental Disorders—Addiction and Autism Spectrum (with PhD candidate Hannah Rappaport)
12.8 Observations



Chapter XIII: Ethical Hacking, Whistle-Blowing, and Human Rights and Freedoms
13.1 The Canadian Charter of Human Rights and Freedoms
13.2 Whistle-Blowing and Ethical Hacking
13.3 Observations 



Chapter XIV: Toward an Ethical-Hacking Framework
14.1 Ethical Hacking in Context
14.2 Encourage Legitimate Space for Virtual Protests
14.3 Guidelines and Policy
14.4 Code of Conduct for Hackback
14.5 Transparency of Government Engagement with Hackback
14.6 Security Research Exemption and Public-Interest Consideration
14.7 Concluding Remarks



Bibliography
Appendix: Interview Questions