Month: April 2024

Carter Hendrick

CYSE 201s

4/10/2024

Career Paper: Ethical Hacker

            Cybersecurity has many different positions, all of which rely upon the social sciences in some way. Ethical hacking is essential to prevent attacks before they can happen by identifying vulnerabilities. As a job in cybersecurity ethical hacking also relies on the social sciences and their principles to perform the job they are given and report on their findings in a way that explains how they exploited the vulnerability that they found. Research and on-the-job experience show how ethical hacking uses social science and moral philosophies to be effective.

            Ethical hacking has a few different aspects of social science to focus on due to how heavily used they are, such as social engineering. While social science is not an official specific social science it was first brought to life in social science and is used by many different practices. In ethical hacking social science can be the key to the job depending on the situation. Ethical hacking and social engineering have its own host of points to think about like how it is used and who it is most effectively used on. Social engineering is used typically to get information that can be used to gain access into a system, but getting social engineering to work is where the challenge lies. Social engineering is used on people specifically, to attain information. “Vulnerabilities can exist not only as technical vulnerabilities such as missing security “patches” but can also be vulnerabilities in processes or people,” (Thomas Georg, 2018) To combat social engineering many companies, train their employees to not answer certain types of questions as to not reveal information. Social engineering is used during much of the life of an ethical hacker and is a great tool. Joseph Hatfield has in his article, “Virtuous human hacking: The ethics of Social Engineering in penetration-testing.” has insights into social engineering and its uses such as, “Yet human-to-human manipulation, or what cybersecurity experts call “social engineering,” also plays a critical role in the discovery and exploitation of security vulnerabilities” (Hatfield 2018)

            Social engineering is one of the many social science tools that is used in ethical hacking, but there is also many of the principles of social sciences used to truly show the difference between an ethical hacker and just another hacker. During the job an ethical hacker must infiltrate the systems of a company and write a report on how they did it. This is very similar to the experiments and research done in the social sciences. This includes the use of the principles such as objectivity, empiricism, and parsimony. Ethical hackers must be objective in their reports as to keep it professional and give unbiased criticism to the company. Empiricism plays a role in the recording and reporting of the actual process and techniques used by the ethical hacker so the company may recreate the vulnerability and defend the system. Parsimony plays a big part in ensuring that the instructions of the hacker are clear and easy to understand, also it makes it so the company can easily understand what parts of the system were accessed.

            Human factors play a big role in ethical hacking, and not just for social engineering purposes. Humans are the ones creating the systems, the defenses, digital storage, and physical storage. All of these things will have some form of vulnerability because they were made by humans, it is up to an ethical hacker to exploit them. Humans are always the most vulnerable part of a network so that makes them easily targetable as touched on earlier with social engineering. The best thing companies and really everyone can do is to stay educated on online literacy and cybersecurity as to not create an opportunity for a hacker to steal from them. “Many cybersecurity experts frame social engineering attacks as a question of technological literacy and knowledge. According to this perspective, security incidents occur because an employee did not observe common security practices nor detect manipulative techniques used by hackers.” (Nina Klimburg-Witjes, Alexander Wentland 2021)

Works Cited:

Joseph M. Hatfield, This paper offers a virtue ethics analysis of social engineering in penetration-testing. It begins by considering previous research on this topic and argues that such attempts misconstrue or more often overlook this Aristotelian tradition. It arti, Hatfield, J. M., Mouton, F., Arendt, H., Baha, A.-S., Brenner, J. E., Chauhan, S., Davidson, D., Dimkov, T., Drake, J. R., Elovici, Y., Finn, P. R., Fulton, E., Hursthouse, R., Jefferson, T., Johnson, M., Johnson, M. R., Jones, H. S., … Levy, Y. (2019, February 28). Virtuous human hacking: The ethics of Social Engineering in penetration-testing. Computers & Security. https://www.sciencedirect.com/science/article/abs/pii/S016740481831174X

Thomas Georg, & AbstractThis paper discusses the issues of implied trust in ethical hacking. Unlike many other long-established professions. (2018, October 29). Issues of implied trust in ethical hacking. The ORBIT Journal. https://www.sciencedirect.com/science/article/pii/S2515856220300213

Nina Klimburg-Witjes, Alexander Wentland, Hacking humans? Social Engineering and the construction of … (n.d.). (2021, February 10) https://journals.sagepub.com/doi/10.1177/0162243921992844

Carter Hendrick

CYSE 201

3/27/2024

Article Review #2: Preventing and Combating Cybercrime in Indonesia

Intro:

            This article by Mohammad Fadil Imran focuses on the different ways cybercrime is being fought in Indonesia. This is an extensive investigation that shows everything from laws to programs used to prevent many different cybercrimes and also actions that may not be cybercrimes but are harmful such as cyberbullying and spreading false, hateful, information.

Relating to the Social Sciences:

            The first thing I want to mention is that there is a lot of information provided from an unbiased point of view, this article shows the negative effects of cybercrime and how to prevent it. When talking about events and articles they are always cited and not taken out of context. This shows objectivity. Also, this information is explained and cited making it easy to understand and check the sources used by Imran in his article. By reading this article I was able to learn and understand a lot about the actions taken to prevent cybercrime such as when explaining the legal frameworks put in place in Indonesia by the KUDP (Indonesian: Book of Criminal Law) on page 6. He gives a summary of the article without losing the meaning. I believe that this and the way he explains the other issues in the article show exceptional parsimony. The last principle I want to highlight in this article is empiricism. As I will touch on in the next segment, Imran does his research using many literary sources that he uses to back up his points and directly uses “Laws, regulations, and court cases” as his primary sources and then uses other works from peer-reviewed journals to online academic studies to reinforce his findings.

Research methods used:

            Imran states on page 5 that there is a research gap about the topic of the article, and he aims to fix that. Imran’s questions were “What laws and protections have been put in place to keep people safe” and “What effect have these regulations had on cybercrime in Indonesia”. His research method as touched on before uses laws and other official legal documentation to show what has been put in place to protect the people of Indonesia from cybercrime. After stating the protections put in place, he then uses his secondary sources to organize and study data about the effects that the laws and regulations have had. From his research, he also formulated a list of actions that he thinks should be focused on to better protect the public from cybercrime.

How this article helps marginalized groups:

            This article brings up two groups from the beginning that face a lot of exploitation and danger online, this being children and adolescents. On the second page, Imran states that Indonesia struggles with internal cyberbullying that goes as far as the dissemination of harmful content. This is very important due to how easy it is to harm someone using cyberbullying and how it could ruin the rest of someone’s life if a cyberbully were to spread lies about a child. Due to how social media works that child or teenager would have to carry a stigma and could be mistreated by not only other children but also adults. More than just socially, children are extremely vulnerable targets for many different scams, especially young boys. Not just in Indonesia but all over the world, young curious boys end up downloading viruses due to trying to access lewd content online via fake ads, bot messages on social media, and even real people trying to convince them of the link they sent them would bypass parental locks. It is more important now than ever to protect and monitor children and teens online.

Conclusion:

            Mohammad Fadil Imran has written a very good and informative article that could be referenced by many as it fills the gap of research that was left for this topic. After reading the article I felt that I could both understand and trust the information that Imran put in front of me. I trust his research method and he uses his secondary sources liberally to reinforce the points found by his primary sources. As I said earlier in my review, Imran gives a list of priorities that he thinks should be focused on by the Indonesian government to mitigate cybercrime and I could not agree more. His priority is raising awareness of cybersecurity risks to the general population and giving resources to help them protect themselves. His second focus involves training individuals to understand and respond to cyber threats. I think these are two of the most important things we could do to protect ourselves in the modern age. To finish off my review I will leave a simple statement. This article is well written, properly cites its sources, and shows competence in research that I can trust.

Works Cited:

International Journal of Cyber Criminology

Vol 17 Issue 1 January – June 2023

Preventing and combating cybercrime in Indonesia

By: Mohammad Fadil Imran

https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/225/87

Carter Hendrick

CYSE 201S

2/14/2024

Article #1 Review

The Effect of Cyberbullying on Women in Iraq

            Cyberbullying has been a large issue for many years now, but it is usually only seen from our perspectives. This review will be of an article by Saleh Hussain Ali and many other authors, “Discrimination and Cyberbullying against Women in Iraq: Exploring Social Media and Perceived Norms”. This will be an exploration of how cyberbullying and social media affect a different group of people that is not very well represented in the modern day due to their cultural differences, Iraqi women.

Applying the Principles:

            This issue relates heavily to the principles of social sciences. This topic relates to pretty much everything depending on how you look at it, the issue is directly referencing relations over social media and how a group of people are treated online. This brings technology and sociology together, this displays relativism at work. Objectivity is found throughout the article making references to their own and others’ proven research and not assuming anything. Parsimony was easy to find as nothing in this article is too complicated to understand. Empiricism is present for similar reasons to objectivity, the facts referenced are empirical evidence. This study is not only ethically neutral, but it is a morally good thing that this study is doing by bringing up this issue into public view. Determinism is used to understand how things came to the situation as it starts with the cultural traditions of the Iraqi people to how the modern patriarchy views Iraqi women. All principles are easily found within this article reading through normally, it is not hidden or a stretch to find any of them.

The Question and Data Gathering:

            This study’s question is, what is the effect of cyberbullying on women in Iraq and how does social media impact their lives? By using a chosen group of Iraqi women and doing an interview with these women the researchers found answers to the different questions in the study such as if cyberbullying online was common for them and how they overcame these challenges. Then the qualitative data was entered into the NVivo software to be thematically analyzed. This article brings to light how many women in Iraq are cyberbullied, during the interviews it was found that eight out of nine women interviewed have experienced discrimination in their professional lives such as not receiving the same resources and opportunities as their male coworkers within their workplace. Five of the nine women also stated that they had faced cyberbullying that affected their self-esteem. One of these women also talked about how they went through such terrible cyberbullying that it dramatically affected their mental health. This was only part of the interview but by reading it, the discrimination that these women face daily is obvious. It is good that this and other articles like it are being spread into the world, so people are aware of this behavior. Iraqi culture is not wrong and not for me to judge, however, it is important that those who wish for a different life are allowed to do so.

Conclusion:

            In conclusion, this article is a great message showing qualitative data and research methods. It also has examples of all of the social science principles which shows the researcher’s and authors’ dedication to keeping the article as unbiased as possible. It will always be important for people to stay safe on and offline, but it is unfortunately more difficult for some people to do that. Articles like this are the first step to helping stop discrimination against groups of innocent people. It is not just good for Iraqi women but everyone who reads this, staying informed about other cultures and their challenges are as important as keeping up to date on your own cultures issues.

Works Cited:

View of discrimination and cyberbullying against women in Iraq: Exploring social media and perceived norms. (n.d.). https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/190/72

I think that many people do something similar to the speaker in the video, that they take an opportunity without fully understanding it. It may not work out as well as it did for him, but I think that taking opportunities like that are very important for both growth in a career and self growth. You learn more about what you like and dislike and what your own strengths and weaknesses are. I actually got into the career path of cybersecurity and hacking by throwing myself into it in high school and I am now learning it in college and enjoying myself. I personally think it is very important for people to try different things in general, but also with jobs, to find things they really enjoy and want to do which is what our speaker did.

This article has valuable information that helps other to keep safe on the internet from viruses in illegal websites and from the law. While copyright infringement is bad some of these things on the list can ruin peoples lives, such as sharing passwords online. If it is your own or someone else’s password it should not be put online because people will easily get into the account and lock out the owner long enough to steal information or money. This leads into the next issue, identity theft is a huge issue and should be fought against no matter what. Watching pirated content is bad yes but its not destroying anyone’s future, identity theft does. Identity theft can ruin someone’s credit, phone numbers, social security, and other things. This can make it difficult to do the most basic of stuff like getting a job or buying a car. Next, gathering information of minors. No matter what children should not be targeted, not for attacks, or ads, or anything else like that. It is especially creepy if it is an individual online gathering information about a minor, this can lead to many things so it is best to make sure children are safe online. Bullying and trolling is also another horrible thing that can ruin someone’s life or at least send them to therapy for many years. Unlike in the past, once school is over kids still have to deal with potential harassment from classmates or from random people online. This behavior directly links to psychological issues like depression and anxiety. Last I think that recording calls without consent is also very bad, while not the worst thing it can still be used for malicious purposes such as using it as evidence out of context or to create false charges. Overall this is a great article that is quick and shows what is wrong with each selected issue.

This article is about the quickly shifting attitude of corporations to establish VDP’s (which makes it so people who report vulnerabilities to a business cannot be held liable for breaching their system and did not abuse it) and also become more active is creating their own bug bounty programs. These kinds of programs avridines a certain amount of money for finding vulnerabilities in their systems and can be found on websites like hackerone. Originally business and corporations were not welcoming to this kind of intervention, but due to recent cybersecurity concerns they have become more open to letting freelance hackers look find vulnerabilities for them which is also more cost effective than paying more money into professional ethical hackers.

The two economic theories I think relate to this is the rational choice theory and the lassiez-fare economic theory. The rational choice theory because the company sending the breach noticed used the 3rd party platform for their website in an effort to make the best experience for their customers. The lassiez-fare theory applies because the only government interference was the police investigating to protect the right of those who could have been affected by the breach.

For the social science principles that apply, I think that empiricism and parsimony fit well. Empiricism because they had to state factually what could be affected by the breach to the customers and parsimony because the company had to make sure they did not overcomplicate the situation in the notice so that theory customers could still understand it.