Assignment – Ethics Case Study Essay

Ethics Case Study Essay Assignment help

Due 11.59pm Sunday 2 October 202220% of overall subject grade. Deliverables:

•Provide written responses to the questions (1,000 words).
•Submit your essay online via the LMS submission link.
Other requirements: •You must complete this individually.

A note on copying and plagiarism:

Plagiarism is the submission of somebody else’s work in a manner that gives the impression that the work is your own. The Department of Computer Science and Information Technology at La Trobe University treats plagiarism very seriously. When it is detected, penalties are strictly imposed.

Background
The relationship between system vulnerabilities and ethical hackers (also known as security researchers) is a complex and interdependent one.

On one hand, it can be near-impossible for companies to develop complex systems and platforms without any vulnerabilities for hacking. It is why any of the apps or programs we use are regularly required to be updated: while at times it might be to release new features, more commonly it is to provide fixes for bugs or vulnerabilities.

The role of internal teams to identify bugs and vulnerabilities is limited as they can find it difficult to consider alternative perspectives on threat potential. Increasingly, third parties provide a role in identifying issues and disclosing these to companies so they can develop fixes.
Some companies have embraced this process, and many now provide vulnerability disclosure policies to provide guidance for ‘ethical’ hackers.

The role of third-party ethical hackers are to identify vulnerabilities and advise companies in an effort to
a)improve the overall platform performance, and
b)be rewarded for their efforts in identifying platform risks.
These rewards are often known as bounties.
Typically, those who work in the space of identifying system vulnerabilities collaborate with the impacted platforms, with both parties benefiting from the reward of a more secure platform and a financial reward for the efforts of those identifying the issues.

Windows Zero-Day On 22 November 2021 Bleeping Computer reported that security researcher Abdelhamid Naceri released what is known as a zero-day vulnerability relating to Windows 10, Windows 11, and Windows Server. (A zero-day vulnerability is when a third-party releases details of a vulnerability publicly when there are no known fixes for the issue.) In detailing the vulnerability, Naceri advised that threat actors with access to a device can elevate their privileges from a status of standard user to a system privilege, enabling greater ability to access and interfere with the impacted Windows systems. Providing details of how to exploit a vulnerability without any known way to prevent it from happening puts all users of the impacted Windows systems at risk. This means that anyone with malicious intent could exploit the vulnerability and Microsoft would be unable to provide assurances to their enormous user base. Within days, it was reported that threat actors had begun abusing the vulnerability with malware. What motivated Naceri to take such an action? Naceri defended the decision to release the details of the vulnerability because he was frustrated by Microsoft’s ‘decreasing payouts in their bug bounty program’. On Twitter, @MalwareTechBlog stated ‘Under Microsoft’s new bug bounty program one of my zerodays has gone from being worth $10,000 to $1,000’. Source: Abram, L. (2021) New Windows zero-day with public exploit lets you become an admin, Bleeping Computer. Accessed 26 August 2022 https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/ Assignment This assignment is centred on the ethics of power and negotiation in IT. In this assignment you will write a 3-part report to analyse and respond to the ethical concerns around the topic identified in the case study. To clarify, you are permitted to discuss the ethics of vulnerability disclosures and the relationships between large software/platform providers and security researchers/ethical hackers. You can draw on other examples of the ethics around these relationships outside of the Naceri/Microsoft example provided above. Your assignment should include analysis of the problem from an ethical perspective, not from a technical perspective. The assignment is to be delivered/submitted online through LMS. Your paper should include analysis of the issue and the response in a carefully considered series of steps.