ITT 340 Legal Ethical Issues of Social Engineering

docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

340

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

4

Uploaded by PeanutButterEater102

Report
Legal/Ethical Issues of Social Engineering 1 ITT 340- Cybersecurity and Ethical Hacking Legal/Ethical Issues of Social Engineering
Legal/Ethical Issues of Social Engineering 2 As mentioned in the cyber laws and ethical hacking essay, there are several statutes that cover Computer Tampering, Unlawful Possession of an Access Device, Unauthorized Release of Proprietary or Confidential Computer Security Information, and statute 18-502 which covers Prohibited activities; applicability. Most people understand the definition of the term hacker; however the law expands and covers pretty much any computer illegalities a person can think of. The most common technique a hacker may use to gain access to a victim’s device is to use social engineering. There is a wide range to social engineering methods that a hacker can use including phone calls, promising rewards in exchange for the information needed, phishing or baiting emails and websites, tailgating off another employee to enter the building, and much more. I will discuss some of these methods in detail and use real life examples while going over laws that allow entities to engage in social engineering. The federal Computer Fraud and Abuse Act (CFAA) are the main laws that bring computer crime offenders to justice and seeks to reduce malicious hacking attacks. These laws were formed in 1986 and were most recently updated in 2008 to make even opening a computer without consent a crime. Some of the computer crimes included in this act are obtaining national security information, accessing a computer and obtaining information without consent, intentionally damaging by knowing transmission, password trafficking, extortion using computers, attempt and conspiracy to commit an offense and more (NACDL - National Association of Criminal Defense Lawyers, n.d.). Social engineering involves mainly personal data being acquired using phishing techniques to obtain the necessary information. There are several different scenarios that a hacker can use to engage in phishing. A hacker could call in and pretend to be upper management or tech support in the organization. The hacker would then say there is an issue with the device and they need remote support to fix the problem. Once remote access is granted the hacker would be able to access the network. Perhaps the most common attack is through email or text messages. The hacker would send a message again pretending to be upper-level management or tech support and providing a link to do a favor for them. Once the link is clicked a back door to the network is granted to the hacker. The final computer crime federal law I am going to go over is Computer Provisions of the USA Patriot Act. Sections 209, 217, and 220 of this act covered computer crimes such as seizing voicemails with a search warrant, the hacker trespasser exception, and search warrants for electronic evidence located in another district. The USA Patriot Act was replaced by USA Freedom Act in 2015, signed into place by President Obama. This new act allows the federal government to use rover wiretap on potential terrorists, conduct electronic surveillance, and other counterterrorism and criminal reform measures. When given the following scenario: “We have targeted a company with 1,000 employees spread out over five locations. In this instance, we have discovered that the company deals with insurance claims for the health care industry. As most know, health care companies or companies that deal with private health care information must be compliant to certain government regulations, including HIPAA.” The hackers can launch a pretexting attack to acquire the PPI or patient data they are seeking. The pretexting example I will use for this scenario is referred to as “ I need you to complete this task ASAP”. The hacker may create duplicate accounts of a senior executive like a supervisor or even the CEO. The hacker would research the executive even using their picture, possibly even their voice, a similar address, and contact information to launch the attack. They would then message the victim employee pretending to be the executive and giving them a task to complete. The employee would then complete the task no
Legal/Ethical Issues of Social Engineering 3 questions asked since it appears to be coming from upper management especially if they are not used to receiving messages from the executive. Social engineering attacks are very common and human error is the number one reason for most cyber-attacks. There are laws in place that bring the criminals to justice, however not every criminal is caught before the organization loses the data or finances. There are laws that prevent the organizations or victims from hacking back to the hacker, making them rely on the assistance of authorities. The best way to prevent social engineering attacks is to educate all employees. If a company has thousands of employees a message from the CEO would be very unusual, let alone the CEO asking me for a favor. When in doubt, forward suspicious emails and messages to the IT department and check suspicious emails for misspellings and the senders address to determine if it may be a scam.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Legal/Ethical Issues of Social Engineering 4 References 13-2316 - Computer tampering; venue; forfeiture; classification. (n.d.). Arizona Legislature. from https://www.azleg.gov/ars/13/02316.htm DM Cantor. (2023, June 16). Computer tampering, computer crimes & release of confidential computer information. https://dmcantor.com/computer-crimes (2005, April 21). FBI.gov. https://archives.fbi.gov/archives/news/testimony/computer-provisions-of-the- usa-patriot-act Gowing, G. T. (n.d.). Cybersecurity from a Christian worldview. LeTourneau University, Longview, Texas USA. https://www.letu.edu/academics/arts-and-sciences/story-cybersecurity-glyn-gowing.html Imperva. (2023). Pretexting. https://www.imperva.com/learn/application-security/pretexting/#:~:text=Pretexting%20and%20the %20Law,-Pretexting%20is%2C%20in&text=For%20financial%20institutions%20governed%20by,by %20deception%20or%20false%20pretenses Justia Law. (n.d.). 2016 Arizona revised statutes :: Title 18 - Information technology :: § 18-502 prohibited activities; applicability. https://law.justia.com/codes/arizona/2016/title-18/section-18-502/ NACDL - National Association of Criminal Defense Lawyers. (n.d.). Computer Fraud and Abuse Act (CFAA). https://www.nacdl.org/Landing/ComputerFraudandAbuseAct#:~:text=The%20CFAA%20prohibits %20intentionally%20accessing,every%20aspect%20of%20computer%20activity

Related Documents

7080_Coca Cola_Week 3 Discussion Board.docx
SITXHRM003_Student_Assessment_Tasks_08_07_20_95ee7d0a472b77c292103a0d7749ab8e.docx.pdf (2 files merg
APPLE INC PROJECT.docx
_wgu_course_c838___managing_cloud_security_exam-299.pdf
Information Technology Systems.docx
_wgu_course_c838___managing_cloud_security_exam-46.pdf
C841 Task 2 Template (IHP4).docx
Banff National Park of Canada Energy Conservation.edited.edited.docx
Signature Assignment.docx
BSBWHS411 - Assessment Task 1 v1.2 (1).docx
Business_Intelligence_and_Dashboards_assessment_202324_-_Tagged.pdf
LX20231119-1986.docx