1.

1 Gray Areas in Security

 Since technology can be used by the good and bad guys, there is always a fine line that
separates the two.

1.1.1 BitTorrent
 BitTorrent is a peer-to-peer file sharing protocol that allows individuals all over the world
to share files whether they are the legal owners or not.
 One website will have the metadata of the files that are being offered up, but instead of
the files being available on that site’s web farm, the files are located on the user’s system
who is offering up the files.
 This distributed approach ensures that one web server farm is not overwhelmed with file
requests, but it also makes it harder to track down those who are offering up illegal
material.
 Various publishers and owners of copyrighted material have used legal means to
persuade sites that maintain such material to honor the copyrights.
 The fine line is that sites that use the BitTorrent protocol are like windows for all the
material others are offering to the world; they don’t actually host this material on their
physical servers.
o So are they legally responsible for offering and spreading illegal content?
 The entities that offer up files to be shared on a peer-to-peer sharing site are referred to as
BitTorrent trackers.
 Organizations such as Suprnova.org, TorrentSpy, LokiTorrent, and Mininova are some of
the BitTorrent trackers that have been sued and brought offline for their illegal
distribution of copyrighted material.
 The problem is that many of these entities just pop up on some other BitTorrent site a few
days later.
 BitTorrent is a common example of a technology that can be used for good and evil
purposes.

1.1.2 Search Engine Optimization (SEO)

 Today, all organizations and individuals want to be at the top of each search engine result
to get as much exposure as possible.
 Many simple to sophisticated ways are available for carrying out the necessary tasks to
climb to the top.
 The proper methods are to release metadata that directly relates to content on your site,
update your content regularly, and create legal links and backlinks to other sites, etc.
 But, for every legitimate way of working with search engine algorithms, there are ten
illegitimate ways.
 Spamdexing offers a long list of ways to fool search engines into getting a specific site
up the ladder in a search engine listing.
  Then there’s keyword stuffing, in which a malicious hacker or “black hat” will place
hidden text within a page.
o For example, if Bob has a website that carries out a phishing attack, he might
insert hidden text within his page that targets elderly people to help drive these
types of victims to his site.
 There are scraper sites that take (scrape) content from another website without
authorization.
o The malicious site will make this stolen content unique enough that it shows up as
new content on the Web, thus fooling the search engine into giving it a higher
ranking.
o These sites commonly contain mostly advertisements and links back to the
original sites.
 There are several other ways of manipulating search engine algorithms as well, for
instance, creating link farms, hidden links, fake blogs, page hijacking, and so on.
 The crux here is that some of these activities are the right way of doing things and some
of them are the wrong way of doing things.
 Our laws have not necessarily caught up with defining what is legal and illegal all the
way down to SEO algorithm activities.

1.1.3 Hacktivism
 Hacktivism refers to hacking for a cause.
 These hackers usually have a social or political agenda.
 Their intent is to send a message through their hacking activity while gaining visibility
for their cause and themselves.
 Many of these hackers participate in activities such as defacing websites, creating viruses,
and implementing DoS or other disruptive attacks to gain notoriety for their cause.
 Hacktivism commonly targets government agencies, political groups, and any other
entities these groups or individuals perceive as “bad” or “wrong.”
 Both legal and illegal methods can be used to portray political ideology.
o Is it right to try and influence social change through the use of technology?
o Is web defacement covered under freedom of speech?
o Is it wrong to carry out a virtual “sit in” on a site that provides illegal content?
o During the 2009 Iran elections, was it unethical for an individual to set up a
site that showed upheaval about the potential corrupt government elections?
 When Israeli invaded Gaza, there were many website defacements, DoS attacks, and
website highjackings.
 The claim of what is ethical versus not ethical probably depends upon which side the
individuals making these calls reside.
1.1.4 Cyber Terrorist
 There are hackers who are called cyber terrorists, who attack government computers or
public utility infrastructures, such as power stations and air-traffic-control towers.
 They crash critical systems or steal classified government information.
 While in a conflict with enemy countries some government start cyber war via Internet.
