Brayden Hicks

Per. 1

Hacking and Cybersecurity

In the day and age we live in technology has become a crucial part of our everyday lives.

You cant open your eyes without seeing some sort of gadget or computer. This opens up a new

world for crime and corruption. Hacking can encompass any form of accessing or using

technology without the owners permission, Or any form of using something for a task it wasnt

designed for. Hacking is in fact so prevalent yet we dont even realize its there. Millions of data

instances are stolen every year. Companies and individuals are brought to their knees by the

effects of cybercrime. Laws are often vague and unclear. There are many different types of

hackers and even more victims associated with hacking. Any device you can think of is

hackable. The list of possible hacks is so long its impossible to list.

The public stigma really misguides what a hacker is. Most people see a creepy, glasses

clad, nerd who sits in his basement and wreaks havoc. In reality, while this vision remains true

for some, hackers come in all shapes and sizes. There are three main categories: White hat,

Black hat, and Grey hat. White hat hackers are the good guys. This would include security

analysts and penetration testers. They have created a career of hacking. Companies pay good

money for a well qualified cyber security analyst. On the opposite side of the scale there are

Black hat hackers. These are the bad dudes. People who game the system; Their only goal is

making money and destroying things. They work by destroying databases and crashing servers.

If done right a proper hack can raise hundreds of thousands of dollars often times even millions.

The line gets really fuzzy in the middle; This is where grey hatters lye. These individuals often

have a good career but partake in extracurricular forms of deception. They take a little bit extra

on the side. This is still just as illegal as what the black hatters do, but they like to think theyre

good because they do it for a living. The grey hat category also includes those who fight for a

cause. They damage and destroy for a certain viewpoint whether good or bad. This gets

complicated quickly. While still illegal, the morals and ethics involved in such instances are

extremely blurry. People have been many a time put in prison for actions that seem quite right to

the public but are still highly illegal in a legality situation. Such an example would be famous
 Brayden Hicks
Per. 1

hacker/ hacktivist Bryan Seely. At one point he was running a $10 million dollar a year hacking

organization. Through simple manipulation of advertising he could turn any small business into

a corporate leader. His actions get really difficult to decipher as we move into his whistleblowing.

Feeling bad for his actions, he decided to let people know about how easy it was. He reached

out to google and all the other major advertisers. They all ignored him.

Finally Bryan did something he couldnt undo. To prove a point he modified the FBI field

office and Secret service office google pages. He redirected all phone calls through two

separate accounts and had them forwarded back to the office through a simple wiretap server.

The first call came in and wallah, Seely had just recorded a government conversation. A Serious

federal offense. I couldve done this for every congressman, the White House, mayors, lawyers,

banks, foreign embassies, you name it, said Seely (qtd in Atkins 3). All his closest friends

recommended he turn himself in. As he marched into the secret service office and told his story,

no one believed him. For me to pull this off and them to roll their eyes, I just had to say, Screw

you. Pick up your phone and call your D.C. office right now, said Seely (qtd in Atkins 3). The

call went through and seely played a recording for the office secretary. Within twenty minutes he

was locked in an interrogation room. He was ordered to cease and desist. His story shows an

in-depth look at all sides of hacking.

The victims of cybercrime vary drastically. Many people believe that only large

businesses are affected by cybercrime. This is an inaccurate myth. Thousands of individuals are

affected by cybercriminal instances every year. An example of individual victimization can be

seen through car theft. A recent article by David Crookes gives details on what can be done to a

car with just a minor knowledge of hacking and a computer.

Two men from Texas are being tried for such actions. They are believed to be involved in

the theft of over thirty Chrysler and Dodge cars. They managed this by hacking into the cars,

unlocking them, and starting them. They were able to do this in just under 10 minutes. This is a

frightening prospect. Their trial is set to be held in just a couple months (crooks).

1
 Brayden Hicks
Per. 1

Large businesses are also vulnerable to cyber attacks. Instances of data breach can

have devastating effects on large businesses and their customers. A recent example of a large

data dump is the Ashley Madison attack. Millions of user data was compromised and leaked.

Hackers broke into databases and leaked stolen files through several outlets. People

everywhere gained access to dirty secrets entrusted to Ashley Madison by its customers. Target

retailers were also attacked just a year or two ago. Thousands of credit card numbers and

emails were pilfered. The ever reach of cybercrime has dramatic consequences for all who

become trapped in its wake.

Laws and statutes surrounding cybercrime often dont do much to help. Its very difficult

on most occasions to catch the bandits. Criminals are becoming increasingly talented at

remaining anonymous. In a journal article titled Hacking the Anti-Hacking Statute:

Using the Computer Fraud and Abuse Act to Secure Public Data Exclusivity the author goes

over one of the main litigation tools used to prosecute cybercrime. He discusses the computer

fraud and abuse act or the CFAA for short. His discussion goes deeper into one of the several

ways in which an individual can violate a law. Mr. Nicholas A Wolfe wrote:

The Computer Fraud and Abuse Act (CFAA) was drafted to draw the line between
hacks and hacking. Drafted in 1986 and amended with a frequency similar to iOS
updates, there are nine ways to violate the CFAA.2 This article covers just one.
Subsection 1030(a)(2)(C) provides that anyone who (1) intentionally accesses without
or in excess of authorization (2) information (3) that causes a plaintiff at least $5,000
loss in a 1-year period is engaged in hacking under the CFAA.3 Access without or in
excess of authorization is generally interpreted with reference to circumvention of some
access
control. Concerning the $5,000 loss requirement, the plaintiff is generally required to
submit a supporting declaration.4 3 At its core, the CFAA is intended to deter the
exploitation of computer system vulnerabilities that cause damage to the computer
system. Ironically, in so doing, the CFAA has exposed two of its own vulnerabilities in
the face of a dynamic technological Landscape: (1) Literal application of access
control to encompass any access control, including mere token controls;5 (2) Cursory
review of loss declarations to include any first party expense, whether incurred
reasonably or unreasonably.6 4 The consequences of these vulnerabilities are
widespread. For example, if you are reading this article in a Chrome browser and were
to open a new tab and navigate to the Seattle Times website, read your maximum
article limit, and then press Ctrl + U to view the source code and read one additional
article in HTML form, the 3Taps court would likely interpret your actions as hacking
under the CFAA.7 5 These two vulnerabilities enable unchecked application of a

2
 Brayden Hicks
Per. 1

powerful criminal statute as as a tactical tool to gain business or litigation advantage,

particularly as a para-copyright tool to secure exclusivity to otherwise publicly
accessible data.8 (wolfe 13:3)
This is particularly frightening due to a prosecutor's ability to manipulate such statute in order to

win a case. This means that breaking the law could easily be achieved by accident or mistake

with little or no actual malcontent intended.

Some states are passing new laws to clarify this. Florida passed a new law just this year

called the Computer Abuse and Data Recovery Act. This allows companies and the government

to go after cyber criminals. It allows them to prosecute for data breach and other attacks. The

law allows companies and entities to get monetary payment to repair and rebuild (Kain 65).

The word hacking is most often times associated with computers only. In reality pretty

much anything can be hacked. If its powered by electricity and it does anything more than make

your coffee it can be hacked. Your coffee maker may even be vulnerable as well. In a Ted talk

Avi Rubin gives several very shocking examples. The worst of which is a implanted medical

pacemaker. Through wireless networks an attacker can do pretty much anything to the patient.

They can change rhythm, access patient details, and surprisingly even deliver a lethal shock

(Rubin).

Another creative and scary instance of technological manipulation discussed in his talk

was the monitoring of keystrokes using an old iphone set on a desk beside a keyboard. The

university study he referenced showed that it was possible to record keystrokes on a keyboard

with around 80% accuracy by using the accelerometer on an old iphone. Whats the

significance?,most people would ask. Most of the sensors on modern day cell phones are

locked down heavily and require more skill to break into. The accelerometer is an exception. It is

not well known as a intrusive sensor and as such is kept relatively unsecure. The researchers

were able to use minimal vibrations recorded by the iphones accelerometer and cross

reference them with what was being typed. They created an algorithm that with almost 80%

3
 Brayden Hicks
Per. 1

accuracy recorded keystrokes. The computer would even substitute a list of words for unknown

fields. From their a human would only have to substitute the word that made sense into the

keyed phrase (Rubin) Such instances are only minimal examples of what is possible.

Cybercriminals are very good at what they do. On the extreme end of cybercrime there are

advanced physical means by which systems can be hacked using physical hardware clues. In

an article written by Daniel Genkin and several others, physical key extraction techniques are

described. By monitoring minute fluctuations in power consumption, electromagnetic fields, and

other external factors a hacker can gain information about a system including cryptographic

keys. Determined assailants can reverse engineer chips and signals to produce passwords and

other means of entry(Genkin 70). These techniques are extremely advanced and are often

employed at a very secret and expensive level. Such individuals are very dangerous.

Another aspect of hacking is what someone would deem reasonable cybersecurity.

The journal entry written by Kevin L. Miller explores this topic. In the world we live in everything

is fueled by information. It can in some ways be considered extremely valuable. Reasonable

cybersecurity includes expectations of security with businesses and individuals in daily dealings.

For example when you purchase something online or sign up for a service, you expect the

vendor to keep your information safe. This is where legality can get fuzzy. Reasonable

cybersecurity can be very different depending on the perspective of the viewer (Miller 22).

Scientists are researching ways to prevent hacking. Mike Duff wrote an article

about car hacking and the related fears. He fears that ransomware will someday be a means for

hackers to lock cars for ransom. His team of researchers have set up an advanced simulator to

test certain attacks. His work is an effort to make cars safer and less vulnerable to hackers (Duff

20).

It is very essential more research be put into securing our society. Knowing what can

be hacked and how to stop it is essential for a secure future. Cybersecurity will make or break

the future. Laws need to be revised for clarity and punishments for breaking such laws need to

4
 Brayden Hicks
Per. 1

be enforced. These threats will not go away but will only get stronger and more prevalent.

Future careers depend on increased knowledge in systems and their functions.

Works cited

Atkins, Drew. "Hacker In A White Hat." Seattle Business 26.9 (2015): 16. MasterFILE Complete.

Web. 22 Sept. 2016.

Crookes, David. "Car Hacking." Web User 405 (2016): 36. MasterFILE Complete. Web. 22 Sept.

2016.

DUFF, MIKE. "New Tech To Combat Hacking." Autocar (2016): 20. MasterFILE Complete. Web.

26 Sept. 2016.

GENKIN, DANIEL, et al. "Physical Key Extraction Attacks On Pcs." Communications Of The

ACM 59.6 (2016): 70-79. Business Source Premier. Web. 22 Sept. 2016.

Kain, Robert C. "The New Computer Abuse And Data Recovery Act: A Business Tool Against

Computer Hacking." Florida Bar Journal 90.1 (2016): 65-68. Academic Search Premier.

Web. 26 Sept. 2016.

5
 Brayden Hicks
Per. 1

Miller, Kevin L. "What We Talk About When We Talk About "Reasonable Cybersecurity": A

Proactive And Adaptive Approach." Florida Bar Journal 90.8 (2016): 22-31. Legal

Collection. Web. 22 Sept. 2016.

Wolfe, Nicholas A. "Hacking The Anti-Hacking Statute: Using The Computer Fraud And Abuse

Act To Secure Public Data Exclusivity." Journal Of International Human Rights 13.3

(2015): 301-315. Academic Search Premier. Web. 22 Sept. 2016.