Published on November 3rd, 2016 | by Guest0
Can hacking ever really be ethical?
The phrase ‘ethical hacker’ is considered by some to be an oxymoron. Hackers are renowned for undertaking illegal activities and many people believe that even if there is a good cause or a moral agenda behind the hack, it is still fundamentally against the law. But is this really the case? In reality, the word ‘hacker’ has become widely misunderstood and people generally assume it only means someone who attempts to break in to computer systems.
It’s actually a lot more complicated and there are different types of hackers. Functionally you can break down the concept of hackers into four basic categories. There is undoubtedly some overlap between the categories, but broadly if someone is a hacker then they will fall into one of these four types:
Type 1: Criminal hackers
This the type of hacker that gets the majority of press coverage and therefore it shapes the perception of what most people think of a ‘hacker’. This kind of hacker could be a lone operator using their skills to access a private individual’s bank account or a sophisticated team of cyber criminals attempting break the defences of large companies to steal sensitive information from their database. For example, it was a malicious criminal hack that stole information from half a billion Yahoo accounts and barely a week goes by without a hack getting significant media attention.
Clearly there can be nothing ethical about criminal hackers, especially when they steal or defraud private individuals. This is simply an illegal act just like any other crime.
Type 2: Hacking for fun
The second kind of hacker isn’t doing it for financial gain or as a way to commit criminal acts – they simply do it because they like it. Attempting to hack an IT system or website presents a unique challenge to a hacker and doing so is effectively just means of testing their programming and technical abilities. Some hackers enjoy the thrill of being able to overcome the defences put in place by a company while others simply seek to understand how companies are attempting to defend themselves.
Unfortunately, of course, if these hackers are caught then they are immediately considered to be criminal hackers because it is a crime to unlawfully gain access to computer systems regardless of the intent behind the hack. It should also be noted that while the hacking might be fun for the hacker, it can present serious problems for the person or company that gets hacked as this can leave them vulnerable to cyber attacks from criminals.
We have seen examples such as a Lauri Love from Suffolk, who managed to hack into US government computers. It has been suggested that he was not attempting to do anything malicious, but rather just challenging himself. However, this has also been disputed – showing exactly how blurred the line can be.
Type 3: ‘Hacktivists’
Another kind of hacking that gets a lot of media attention is what is colloquially known as ‘hacktivism’. In this sort of activity, hackers with a moral conscience attempt to attack or bring down individuals, websites and organisations that are deemed to be illegal, corrupt or dangerous. Groups such as Anonymous have gained notoriety for their attempts to take on so-called Islamic State, the Ku Klux Klan and the Church of Scientology to either expose members or take down websites. Organisations such as WikiLeaks could also be defined as hacktivists having brought into the open many different forms of political corruption.
The question as to whether hacktivists are ‘ethical’ is very much up for debate. On one hand, WikiLeaks has been praised for releasing information on surveillance of citizens but it was also deemed to have given away material that could potentially be a national security risk. This makes hacktivism very much a grey area.
Type 4: Professional ‘ethical’ hackers
Because of the negativity surrounding the term ‘hacker’, professional ethical hackers often refer to themselves as computer security experts, but ethical hacking is very much something that is conducted on a regular basis. The majority of professional ethical hackers are employed by an organisation to test their cyber defences. The ethical hacker then simulates a real-life attack to see how well the defences stand up. To do this they will generally use the same techniques as a real hacker might try, including relatively unethical tasks like social engineering where members of staff could be tricked into giving away log in details. The hackers do this in order to uncover security flaws so that a business can be corrected before real hacks can occur.
This kind of hacking is undoubtedly the most ethical of the four types, as the end goal is to actually make a business or organisation less vulnerable to malicious hacks. However, these sorts of hackers are least likely to be identified by that name.
A flawed perception
Most of the hackers that you hear about on the news are either criminals stealing money or sensitive data, or self-styled vigilantes who are often accused of making things more difficult for police investigations in their misguided attempts to use cyber-attacks as a form of social justice. This has led to a flawed perception of what it means to be a hacker.
In fact the vast majority of people who associate themselves with the term are not criminals at all – they are simply interested in technology and the way that individuals and businesses use it. The problem is that the concept of ‘hacking’ is now so toxic that the term is often shunned by those people who are using it in a positive way. Increasingly, hackers are seen only as criminals.
In order to address this it can help to think of hackers in a different way – dividing them into two distinct types. Firstly there are the ‘black hat hackers’. These are those hackers that take part in criminal activities for their own gain. They are cyber criminals and thieves who utilise their skills in order to defraud people or steal information.
But secondly there is also a category of ‘white hat hackers’ – these are those hackers who look for weaknesses in systems in order to give a company or business the chance to fix those vulnerabilities and ensure that they are as safe as possible from future hacks.
It’s only when we get away from the idea of ‘hacking’ always being a negative and illegal term that we can start to see that ethical hacking is very much real and it performs a function that is absolutely vital to organisations and companies in the modern world.
About the author:
Dakota Murphey; BA (Hons) Marketing graduate, some of the information in this article was provided by Redscan, a managed threat detection and security services company.