iTnews

Government shuns ethical hacker safeguards

By Darren Pauli on Nov 25, 2011 3:46AM
Government shuns ethical hacker safeguards
Linked gallery: Photos: Security on the move comes to Sydney

Rejection of industry submissions was "disgusting".

The Australian Government has rejected efforts to create legal safeguards for ethical hacking, according to a UNSW researcher.

Researcher Alana Maurushat was among several security professionals to raise the idea during the recent reviews of Australia’s cybercrime laws.

Maurushat told SC Magazine’s Security on the Move conference yesterday that rejection of the proposal "infuriates me to no end."

“They asked me to make submissions; I said I couldn’t do it; They gave me extensions, so I went out of my way and took two days off, as many [industry professionals] may have, and they did not take on one suggestion in two years – disgusting.”

Maurushat and “many others” argued that Australia requires a “security research exemption” because the law “does not distinguish the motivation for hacking”.

She cited the case of OSI Security researcher Patrick Webster who was hit with legal threats after he quietly disclosed vulnerabilities to First State Superannuation. Those charges were eventually dropped following media pressure.

“It is up the public prosecutor whether or not to prosecute [a hacker] for a crime ... it leaves too much open to general discretion.”

The safeguards could also afford protection to some grey hat hackers similar to the Anonymous collective and LulzSec, and at minimum would ensure they were not simply arrested, she said.

Maurushat was pitching the ethical hacking standards dumped by Australia to the Canadian Government and said she hoped the effort to pay off within three years.

If it did, Canada would be the first country to have safeguards for ethical hacking.

Australia was “a long time” away, she said, since reviewed cybercrime bills had already passed.

The Federal Government had also rejected a parliamentary committee to discuss the legality of hacking-back. “They decided it was too hard and the decided to let the courts decide – that’s comforting.”

Maurushat suggested trust organisations could act as mediators for ethical hacking incidents, including proactive removal of malware on user computers. She also believed insurance companies could develop policies to cover this practice.

Marco Ostini, senior security analyst at AusCERT said he found the idea of removing malware from a victim without their consent challenging.

"Ethically, I think its extremely difficult," he said.

It would require "aggressive peer review" and  "very strict" rules akin to the GNU open source license, he said - features that ensure those that abused such a power "could get smacked down."

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
botnetbug bountiesfederal governmenthackingpenetration testingsecuritysecurity on the move

Partner Content

Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
How a 'micro data centre' enables your business, your way
Promoted Content How a 'micro data centre' enables your business, your way

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Darren Pauli
Nov 25 2011
3:46AM
0 Comments

Related Articles

  • Australian gov data breach numbers slip out of public view
  • Australia's ID systems 'deficient', unfit for online: review
  • RBA pushes first IaaS workload into Azure
  • Victorians lost $31.9 million to business email compromise in 2021
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.