Running head: TECHNICAL TECHNOPATH 1

Technical Technopath: Taking Control of our Technological World

Hilkiah D. Lawe

Legal Studies Academy

First Colonial High School

TECHNICAL TECHNOPATH 2

Abstract

This paper highlights why it is important to continue expanding one’s knowledge of the ever

changing technological world. The author starts off explaining how we need to keep up with our

technological advances and even giving a little teaser of hacktivism. Next, the author dives into

the history of computer laws including court cases and international differences. Then, the

author continues to explain a few cyber attacks that target a single party or person that people

should be cautious of. The author then moves on to explain a few cyber attacks that target

more than one person or organization, but are still important to be cautious of. Finally, the

author goes into explaining hacktivism, hacking groups, and white hat hacking. The author

finishes off the paper analyzing performing a recap of all the prior information; connecting the

information to why people should learn more about internet safety and hacktivism; and

providing even more benefits for the people who expand their knowledge of the topic.

Keywords:

Black hat hackers - Assess systems and exploits flaws for personal gain

White hat hackers - Assess systems to find flaws and patches them
TECHNICAL TECHNOPATH 3

Taking Control of our Technological World

Technology runs rampant within the world controlling nearly every aspect of it. Will it

take control of humans, too or will humanity take matters into their own hands? Simply put,

there is an opportunity to understand and better utilize a component of the world known as

technology and humanity should take advantage of it instead of being consumed by it. The

world is advanced, essential, and evolving. It is necessary, much like the cave people did before

us, to utilize advantages and stay on top of the world's advances. Technology is primarily one

aspect that can’t get too far ahead of society without putting the world at risk. The internet

offers ways to express ourselves, learn, make purchases, and more. However, the internet also

offers threats, incorrect information, scams, and more. There are people who take over official

sites or personal information for a motivated reason known as hacktivists. These hacktivists are

difficult to catch since they could be anyone and they are usually difficult to identify. However,

it is possible to learn to control technology just like these hacktivists but instead use the power

for good and not selfish reasons. Learning to control these technological powers will also better

protect everyone from online attackers. The world may even begin understanding and

apprehending the antagonists better than it has ever before.

History of Computer Laws

Computer laws have, much like other laws, adapted over time. From creating a

computer law to adding to previously established laws, things have been put in place to help

make an effort towards a safer electronic world. There are even different laws pertaining to

computer use in different parts of the world.

TECHNICAL TECHNOPATH 4

Regina v. Gold & Schifreen

The primary origins of computer laws are court cases. Many court cases changed the

tide of computer laws since the internet is such a complex area. Although there are many court

cases, there is one that prompted the creation of computer laws (Leyden, 2015, p.1). Regina v.

Gold & Schifreen is a case about Robert Schifreen and Stephen Gold. Both hackers stumbled

upon access to Prestel interactive viewdata service. The Prestel company is a British telecom

business. This service is the communication line for the Prestel company.They found the

password of a Prestel engineer and accessed the system eventually finding the personal

message box belonging to Prince Phillip inside the system. The Prestel computer network that

they infiltrated was meant to be used to launch and control the UK’s nuclear missiles if the

computers were all down. Presrel found out about what they did and had them arrested. When

it came time for the trial an appropriate law to apply to the case did not exist. The law used to

charge Gold and Schifreen was the Forgery and Counterfeiting act 1981. With this act not being

very appropriate for the case, the UK courts saw an opportunity to fix a big mistake in their

laws. Following this case the Computer Misuse Act was born. “The Computer Misuse Act (CMA)

1990 is a key piece of legislation that criminalises the act of accessing or modifying data stored

on a computer system without appropriate consent or permission” (McCallion, 2020). This law

has been in place and in power ever since 1990.

Martin Gottesfeld

Regina v. Gold & Schifreen is a major case that shaped computer laws. However, there

are a plethora of cases that involve the misuse of computers. There are even cases that used an

alternative computer law called the Computer Fraud and Abuse Act. One of these cases is about
TECHNICAL TECHNOPATH 5

Martin Gottesfeld and his hacktivism. The issue of this case is whether or not he violated the

Computer Fraud and Abuse Act. Gottesfeld wanted to draw attention to Justina Pelletier’s

situation. Pelletier was kept in a psychiatric ward against her parents wishes. Gottesfeld disliked

this and felt he needed to act upon the problem. He coded for weeks and sent out practice runs

against the hospital technology. He decided to launch DDoS attacks on multiple medical

facilities, including the one that held Pelletier. Gottesfeld made his actions very public, even

uploading YouTube videos to gather supporters, and admitted his crimes to the judge.

Gottesfeld was sentenced to 10 years in prison. Gottesfeld’s means were justified but his ends

were not. This hacktivist acted to help out a person who was treated unfairly. Unfortunately for

him, the judge did not focus on that aspect of the event very hard. The judge saw a man who

compromised hospitals and caused some $600,000 in damage from lost revenue (Wilff, 2019,

p.1). Overall, this showcases a risk of being in control of technology. While this shouldn’t stop

us from wanting to learn about the internet and its in’s and out's, it should keep us humble and

keen when it comes to not abusing control over the internet.

United Kingdom vs. United States

Computer laws are nowhere near as plain and simple as they may seem. Most people

understand their limitations in the online world, but people also probably don’t know that

different areas of the world utilize different computer laws. Two relevant laws for computers

are the Computer Misuse Act and the Computer Fraud and Abuse Act which reign in the UK and

U.S. respectively. As previously stated, “The Computer Misuse Act criminalises the act of

accessing or modifying data stored on a computer system without appropriate consent or

permission” (McCallion, 2020). This act contains three levels of penalty (McCallion, 2020).
TECHNICAL TECHNOPATH 6

Similarly, “The Computer Fraud and Abuse Act prohibits intentionally accessing a computer

without authorization or in excess of authorization” (National Association of Criminal Defense

Lawyers, n.d.). The Computer Fraud and Abuse Act contains many provisions under it.

Personal Cyber Attacks

Cyber attacks are not jokes, and they usually have a specific audience. The audience can

range from the whole technological world to one person sitting behind a screen. The list of

cyber attacks that focus a single target is a very extensive list that is expanding as time passess.

Some of these attacks include phishing attacks, man-in-the-middle attacks, and ransomware

attacks. “Phishing is the practice of sending fraudulent communications that appear to come

from a reputable source, usually through email” (Cisco, n.d.). In simpler terms, this attack

consists of a perpetrator extracting information out of a target in any way in order to steal

sensitive data. Another cyber attack is the man-in-the-middle attack. This attack is pretty self-

explanatory and can be abbreviated as MitM. “Man-in-the-middle (MitM) attacks, also known

as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction”

(Cisco, n.d.). The attack requires the attacker to breach the two party transaction in order to

steal information from the target. One last personal cyber attack is a ransomware attack.

“Ransomware is a type of malicious software, or malware, designed to deny access to a

computer system or data until a ransom is paid” (Cybersecurity & Infrastructure Security

Agency, n.d.). This attack involves ransomware being used on the target in order for the

attacker to gain revenue. These are just a few personal attacks, but it is alway good to be very

cautious of all of them. The more knowledge we have of technology the more protection we

can provide against its malicious effects.

TECHNICAL TECHNOPATH 7

Widespread Cyber Attacks

Cyber attacks can take on many different forms. Along with personal attacks, there are

widespread attacks they impact more than one person or organization. The list of widespread

cyber attacks is also very lengthy so a few examples are Distributed Denial of Service (DDoS)

attacks, Structured Query Language (SQL) Injection, DNS Tunneling, and Zero-day exploit. DDoS

attacks are a more common type of attack. This attack was used in Martin Gottesfield’s case

mentioned earlier. “A denial-of-service attack floods systems, servers, or networks with traffic

to exhaust resources and bandwidth” (Cisco, n.d.). Denial of service attacks result in the victims

being able to operate regularly. With this explanation it’s clear to see how impactful this attack

could be on active hospitals like in Gottesfield’s case. Another widespread attack is a SQL

injection. “A Structured Query Language (SQL) injection occurs when an attacker inserts

malicious code into a server that uses SQL and forces the server to reveal information it

normally would not” (Cisco, n.d.). SQL injections can only be applied to specific servers that use

SQL. This attack involves the culprit basically manipulating the system that holds private

information into revealing the information and giving to them with malicious SQL. One more

widespread cyber attack is DNS tunneling.

DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port 53. It

sends HTTP and other protocol traffic over DNS. There are various, legitimate reasons to

utilize DNS tunneling. However, there are also malicious reasons to use DNS Tunneling

VPN services. They can be used to disguise outbound traffic as DNS, concealing data that

is typically shared through an internet connection. For malicious use, DNS requests are

manipulated to exfiltrate data from a compromised system to the attacker’s

TECHNICAL TECHNOPATH 8

infrastructure. It can also be used for command and control callbacks from the

attacker’s infrastructure to a compromised system (Cisco, n.d.).

One last widespread attack is a zero-day exploit. “A zero-day exploit hits after a network

vulnerability is announced but before a patch or solution is implemented” (Cisco, n.d.). This

attack involves a hacker simply taking advantage of a known problem within a system before it

can be fixed. Some attacks can be simple like zero day exploits or they can be very technical like

DNS tunneling. It;s important to be informed about as many as a person can be in order to

maximize and optimize protection from the evolving, technology consumed world.

Hacktivism

This is the definition of Hacktivism: “The act of misusing a computer system or network

for a socially or politically motivated reason” (Rouse & Bacon, 2018). The people that practice

hacktivism are known as hacktivists. “The first hackers originated from the Massachusetes

institution of technology (MIT) with the main goal of improving the software and hardware they

were working on” (Selfkey, 2019). Hacktivists are criminals on the internet, but they give the

world a reason to improve internet security. The world is always faced with challenges, but it’s

getting over the challenges that make it stronger. When it comes to technology, in order to

improve from it’s bad side we must keep ourselves informed, practice safe use of this craft and

increase our skills on the craft.

Hacking as a Collective

While some hacktivists like to identify as a single party or even stay hidden, there are

also hacktivists that affiliate themselves to a specific group. There’s a hefty number of hacking

groups but some are more notorious than others. Some of these groups include Carbanak,
TECHNICAL TECHNOPATH 9

Legion of Doom, and Anonymous. Carbanak is one of the hacker groups that is still active.

Although not much is known about this group, they have stolen $1 billion from banks

worldwide (Selfkey, 2019). Even with their leader captured the group still remains active and

effective (Selfkey, 2019). Another notorious hacker group is Legion of Doom. This hacking group

is currency inactive. They were a great technological threat during their active time through

1980 to the early 2000’s and penned the infamous Hacker’s manifesto (Selfkey, 2019). This

group was also a team in the Great Hacker War against a hacker group called the Masters of

Deception (Selfkey, 2019). One last hacker group, which is probably the most notorious, is

Anonymous. Anonymous is one of the biggest hacker groups that is inactive, or at least very

quiet as of now (Selfkey, 2019). Anonymous is one of the stronger hacker groups because it’s

members are even unknown to the other members. Martin Goteesfield even claimed to be a

member of Anonymous after he was caught. At the same time, Anonymous went out of their

way to make a post on social media explaining that using cyber attacks a hospital was too far

and that they needed to stop. These big name hacktivist groups are threats to some people and

robinhood-like to others.

Barnaby Jack

Hacktivism, however a criminal act, can result in a safer world once the problem is

resolved. Keren Elazari, a cybersecurity expert, made a TEDTalk that explains how the impact of

hackers can benefit the world. She explains that “The beauty of hackers…is that they force us to

evolve and improve” (Elazari, 2014). During the very informative TEDTalk, she highlights a very

impactful hacker and programmer. The man she highlights is Barnaby Jack for his work with

ATM’s, Pacemakers, and Insulin pumps. Jack is best known for his tactics with ATM’s callled
TECHNICAL TECHNOPATH 10

“Jackpotting.” “Jackpotting” was where Jack instilled malicious software into an ATM causing it

to continuously dispense money whenever he wanted it to. Barnaby Jack also discovered how

easy it was to hack into pacemakers and cause an electrical shock executing the victim. Along

with this he discovered how easy it was to hack into insulin pumps and control the amount it

produced resulting in the victim receiving a lethal amount. Barnaby Jack discovering these flaws

in these systems allowed for them to be patched before anyone could take advantage of them

and hurt someone. Keren Elazari understood that without Barnaby Jack and other notorious

white hat hackers many online systems wouldn’t be secure and could have resulted in loss of

revenue, property, information, or life.

Concluding Analysis

Technology will stop for no one. Since this is the case, people need to focus on updating

their knowledge and protection in order to keep with the world. Becoming more

knowledgeable about the internet is why Barnaby Jack and other white hat hackers have

achieved a high status. People should take the time to learn more about the dangers of

technology. An enhanced knowledge of the internet can allow for new professions to become

available. People learning to protect against attacks could also set someone up for a job in IT. as

an ethical hacker, or as a penetration tester. Taking advantage of the technological world

would be a step towards success for the world.

TECHNICAL TECHNOPATH 11

References

Ahmed, N. (Oct 2019). Cyber Criminals and Attack Types. Defence Journal, 23(3), 40.

Cisco. (n.d.). What are the most common cyber attacks? Cisco. Retrieved October 28,

2020, from https://www.cisco.com/c/en/us/products/security/common-

cyberattacks.html

Cybersecurity & Infrastructure Security Agency. (n.d.). Ransomware guidance and

resources. Cybersecurity & Infrastructure Security Agency. Retrieved October 29, 2020,

from https://www.cisa.gov/ransomware

Elazari, K. (Director). (2014). Hackers: The internet's immune system [TED Talk]. TED

Talks.

https://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_system?

language=zh

Goodrum, A., & Manion, M. (Fall 2000). The Ethics of Hacktivism. Journal of Information

Ethics, 9(2), 51-59,96.

Leyden, J. (2015, March 26). How a hack on Prince Philip's Prestel account led to UK

computer law. The Register, 1-3.

https://www.theregister.com/2015/03/26/prestel_hack_anniversary_prince_philip_co

mputer_misuse/

McCallion, J. (2020, October 8). What is the Computer Misuse Act. ITPro. Retrieved

October 24, 2020, from https://www.itpro.co.uk/it-legislation/28174/what-is-the-

computer-misuse-act
TECHNICAL TECHNOPATH 12

National Association of Criminal Defense Lawyers. (n.d.). Computer Fraud and Abuse Act

(CFAA). National Association of Criminal Defense Lawyers. Retrieved November 6, 2020,

from https://www.nacdl.org/Landing/ComputerFraudandAbuseAct

Rouse, M., & Bacon, M. (2018, July). Hacktivism [Online forum post]. TechTarget.

https://searchsecurity.techtarget.com/definition/hacktivism#:~:text=Hacktivism%20is

%20the%20act%20of,hacktivism%20are%20known%20as%20hacktivists.

R v Gold & Schifreen. (n.d.). IT Law Wiki. Retrieved October 19, 2020, from

https://itlaw.wikia.org/wiki/R_v_Gold_%26_Schifreen

Selfkey. (2019, December 10). The 7 most notorious hacking groups of all time. Selfkey.

https://selfkey.org/the-7-most-notorious-hacking-groups-of-all-time/

Sobers, R. (n.d.). 110 must-know cyersecurity statistics for 2020. Varonis. Retrieved

October 23, 2020, from https://www.varonis.com/blog/cybersecurity-statistics/

Wilff, J. (2019, January 16). Practice hacktivism at your own risk. Slate.

https://slate.com/technology/2019/01/martin-gottesfeld-hacktivism-ddos-boston-

childrens-justina-pelletier.html

Zlady, H. (2020, August 28). New Zealand spy agency investigating "severe" cyberattack

on stock exchange. CNN Business. Retrieved September 15, 2020, from

https://www.cnn.com/2020/08/27/investing/new-zealand-stock-exchange-cyber-

attack/index.html