Rules of Warfare
docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
220
Subject
Law
Date
Jan 9, 2024
Type
docx
Pages
7
Uploaded by DrNewt2032
Rules of Warfare
Emmett J Norris
Grand Canyon University
CYB-220
Truly Moore
11/12/2023
Rules of Warfare
Abstract
This explores the evolving influence of technology in personal and professional spheres, highlighting the vulnerability individuals and organizations face in the cyber world. Amidst the clamor for retaliatory measures, including "hacking back," a detailed examination reveals the appropriateness of refraining from such actions, considering legal, ethical, and strategic factors. The discussion delves into the legal landscape of penetration testing, emphasizing the importance
of consent, legal compliance, and transparent collaborations. Ethical hacking, characterized by cooperation and adherence to principles, is contrasted with malicious unethical hacking. The understanding of hacking categories and the potential escalation to acts of war, governed by international law, further complicates the decision-making process. The fear of war, legal consequences, and the U.S. preventive stance against hack-back retaliation provide compelling reasons to avoid retaliation, considering collateral damage, voided insurance, and the use of enslaved botnets by attackers. In navigating this tech-dominated landscape, a nuanced understanding of legal, ethical, and strategic factors underscores the wisdom of refraining from hacking back as a measured and responsible response to cyber threats.
As technology advances, so does the power it has on us in everyone’s personal and professional lives. This has only become more apparent in today’s cyber world where not only is most people’s lives on full display online but their entire identities are vulnerable on there as well. In the wake of cyberattacks and data breaches in the United States, there is often a clamor for retaliatory measures, including the controversial idea of "hacking back." However, a closer examination reveals that not hacking back is an appropriate response, considering legal, ethical, and strategic factors.
Before delving into the hacking back debate, it is crucial to understand the legal requirements and ethical steps involved in penetration testing. Penetration testing, a controlled form of ethical hacking, is conducted by organizations to identify vulnerabilities in their systems proactively (Synopsys, N/A)
. The legal landscape surrounding penetration testing is governed by laws such as Title 18 (Crimes), which prohibits unauthorized access to computer systems
(Congress, 1948)
. To conduct a legal and ethical penetration test, organizations must obtain explicit consent from the system owner, ensuring that the testing adheres to predetermined scopes and does not result in any damage. This ensures legal compliance and sets the stage for a transparent and mutually beneficial collaboration between ethical hackers and organizations. Since in this hypothetical, a company is being attacked in a non-ethical manner then the victim is
more than unlikely to be able to receive the ability to get clearance to hack them back without repercussions from the law depending on the situation.
Ethical hacking, characterized by cooperation and collaboration, operates under well-
defined principles or rules
(Synopsys, N/A)
. Obtaining explicit consent from the target system's owner is paramount, and ethical hackers must adhere to predefined rules of engagement. The principles of confidentiality, integrity, and availability guide ethical hacking efforts, emphasizing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
the responsible use of discovered vulnerabilities to enhance overall cybersecurity. However, there is a huge difference between ethical and non-ethical hacking. Ethical hacking is primarily different from unethical hacking based on intent. Ethical hackers work with organizations to strengthen security, while unethical hackers engage in unauthorized activities for malicious purposes (S12-H4Ck, N/A)
. The distinction lies in the ethical hacker's commitment to responsible disclosure, transparency, and the improvement of cybersecurity measures, as opposed to the stealthy and harmful motives of unethical hackers. Also important is understanding the various categories of hacking, as it is crucial for evaluating the appropriateness of offensive cyber operations. Nuisance hacking involves minor, non-malicious activities, while activist hacking pursues social or political agendas. Criminal hacking encompasses serious offenses such as theft and sabotage. Determining when hacking constitutes an act of war is intricate and involves international law, specifically Jus ad bellum (the justification for war) and Jus in bello (laws during war).
Now that the various forms and reasons for hacking have been covered, why would someone not want to retaliate when one is hacked? Hacking is considered an act of war when it reaches a threshold that causes significant harm or disruption, potentially violating the United Nations Charter. The Tallinn Manual provides guidance on applying international law to cyber conflicts, helping to discern when a cyber operation may be considered an armed attack (Jensen, 2017)
. The United Nations Charter prohibits the use of force between states, and a cyberattack that causes severe consequences could trigger a response under the principles of self-defense. With the fear of war, one might not consider retaliating without convening to see if this is just a rouge group or a full-on declaration of war. As tensions rise in the world over foreign politics, war is one of the big things that most groups will want to avoid at most costs and would want to
prevent any escalation of attacks. Another reason for if a victim lives within the United States is that the U.S. prevents Hack-Back retaliation. This is mainly due to the federal government viewing all unethical hacking as criminal activity unless sanctioned by the government
(Bastion)
. Two more possible reasons would be collateral damage and voided insurance. While these two might seem like small reasons compared to the previous, they are still very important to the person or entity that is being attacked or was hacked. With the advancement of todays technology, most attackers use what are known as enslaved botnets. These are groups of compromised devices that are used instead of the hackers own devices to prevent any direct retaliation from the victim. Retaliation would not only be avoided by the hacker but would also directly affect the other compromised party causing more distress for them. Also, most companies that handle large networks will typically have insurance to cover the loss of stolen information and data to help recoup losses and payout lawsuits. Any retaliation from a victim will almost always result in the nullification of that insurance policy preventing the victim from being able to financially recover.
In a tech-dominated era, the pervasive influence of technology leaves individuals and organizations exposed to cyber threats. Cyberattacks often prompt calls for retaliatory action, including the controversial "hacking back." However, a closer look at legal, ethical, and strategic
considerations advocates refraining from such measures. Penetration testing, an ethical hacking practice, emphasizes consent, legal compliance, and transparent collaborations. Ethical hacking, marked by cooperation and principles, contrasts with malicious unethical hacking. Understanding hacking categories informs the assessment of offensive cyber operations, considering the potential escalation to acts of war guided by international law. The fear of war, legal consequences, and the U.S. preventive stance against hack-back retaliation provide reasons
to avoid retaliation. Collateral damage, voided insurance, and attackers' use of enslaved botnets complicate the decision. In this tech-savvy landscape, a nuanced understanding of legal, ethical, and strategic factors underscores the wisdom of refraining from hacking back as a measured and responsible response to cyber threats.
References
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Bastion, B. (n.d.). 5 Reasons Hack Backs Are a Bad Idea. Blue Bastion. Retrieved from https://www.bluebastion.net/5-reasons-hack-backs-are-a-bad-idea/#:~:text=If%20a
%20victim%20hacks%20back,they%20wouldn't%20be%20victimized.
Congress, U. (1948, June 25). Title 18. Retrieved from https://uscode.house.gov/view.xhtml?
path=/prelim@title18&edition=prelim
Jensen, E. T. (2017). THE TALLINN MANUAL 2.0: HIGHLIGHTS AND INSIGHTS. GEORGETOWN JOURNAL OF INTERNATIONAL LAW.
N/A. (2015, January 22). What are jus ad bellum and jus in bello? ICRC. Retrieved from https://www.icrc.org/en/document/what-are-jus-ad-bellum-and-jus-bello-0%EF%BB
%BF
Nations, U. (2019, June 10). Geneva Conventions and their additional protocols. Geneva Conventions and their additional protocols
. Cornell Law School. Retrieved from https://www.law.cornell.edu/wex/geneva_conventions_and_their_additional_protocols
S12-H4Ck. (N/A, July 9). The Line Between Ethical and Unethical Hacking. Retrieved from https://medium.com/@s12deff/the-line-between-ethical-and-unethical-hacking-
71fef14ea514
Synopsys. (N/A). Penetration Testing. N/A
. N/A. Retrieved from https://www.synopsys.com/glossary/what-is-penetration-testing.html