Ethical Hacking?

I believe that there are situations in which hacking a system would be ethical. Adams and McCrindle (2008) describe grey-hat attacks as having the aim of “identifying potential vulnerabilities and inform the organization of their weaknesses”; they also state that the reason for seeing grey-hat attacks as unethical is due to unintended consequences that may follow the attacks. I do not think that grey-hat techniques are ethical because of the risks they involve and that it is unethical to attack a system that you do not know or are unable to rectify (due to your lack of knowledge for the inner system).

In scenarios such as the response by hackers to WikiLeaks, users are hacking organisations and sites that fail to support WikiLeaks. An article by Neal (2010) described how a 16 year old boy from the Netherlands was arrested for his part in the “Operation Payback” DDoS attack on MasterCard and Visa. I also disagree with these tactics as no good is coming from it.

A scenario in which I would be pro-hacking is where the system in question is either involved in illegal activities or is involved in inciting illegal activities. Of course the hacking of this system would come after the correct measures of due diligence had been adhered to; such as reporting the system to their host, or to the authorities. An article by Brandt (2004) described how the NSA (National Security Agency – America) appeared at the “Defcon 12 hackers’ conference” to seek out highly skilled “hackers” to work for their organisation. Conspiracy theories aside, this scenario would be another ethical realm of hacking, to investigate illegal activities to help fight crime; anything from tracking down distributors of child pornography over the internet, to those who publish credit card details to the public.

References

Adams, A & McCrindle, J (2008) Pandora’s Box: Social and professional issues of the information age. England: John Wiley & Sons Ltd.

Brandt, A (2010) Feds Seek a Few Good Hackers [Online] PC World. Available from: http://www.pcworld.com/article/117226/feds_seek_a_few_good_hackers.html (Accessed: 12 December 2010).

Neal, D (2010) Dutch teen arrested over WikiLeaks revenge hacks [Online] V3. Available from: http://www.v3.co.uk/v3/news/2273867/wikileaks-paypal-hack (Accessed: 12 December 2010).

 

Responsibilities for Computing Professionals in Developing Material for the Internet

Responsibilities of the Computing Professional

The responsibilities of the computing professional, as covered in my previous posts, are both ethical and legal. It is our duty to inform and guide from our experience and expertise. The cliché of using our ‘powers’ for ‘good’ and not ‘evil’ can be broadly applied; as with almost any other profession.

Responsibilities Relating to Development of Internet Material

The word development here has a double connotation. Firstly the actual programming of “material” which could constitute any system that generates content or systems available on the internet or allows the generation of content on the internet. As discussed by Adams and McCrindle (2008, p.352), a number of malicious examples of software, created by computing professionals, are readily available on the Internet.

I’d like to briefly outline the relevant examples.

  1. Trojan Horses: These are quite literally as their name suggests, programs that pose as something innocent (most of the time), but hold inside them harmful code that will potentially damage your data or perform some other illicit task.
  2. Virus: This is a term many use to encompass all forms of malicious software, but is itself a specific type of malicious software. It can be carried with a Trojan Horse and usually replicates itself to other files and programs on the computer. Most of the time the program carries out a task that usually causes harm to data and possibly even hardware.
  3. Worm: These infections ‘worm’ their way through a network without requiring the means of a Trojan Horse or Virus to spread. If they are to spread outside of the current network they may also be carried via Trojan Horses.
  4. Zombie: These are programs designed to allow ‘back doors’ to a system so that it can be remotely accessed to perform a number of tasks (often used for Distributed Denial of Service attacks).

Secondly, perhaps a less direct means of our responsibility as computing professionals can be the “written” (typed) information we spread across the internet. Publicly releasing knowledge that could jeopardise systems is an ethical issue we need to take seriously. Sometimes, this may be a difficult decision to make but it is always something that should not be taken lightly.

Responsibilities Relating to the Usage of the Internet

Due to the global nature of the internet, its reach going into many secure facilities, government agencies, banks and other authorities; we must ensure that securing the implementations of these systems is a top priority. Adams and McCrindle (2008, p.368) describe black, white and grey hat crackers and the controversial issue of whether grey hat techniques are in the best interests of the organisation or not. Personally I am partial to both it being wrong and right as it really boils down to the situation at hand. If they grey-hat techniques simply identify back doors or other security threats without interfering or having negative effects on the current system, and provided the grey hat crackers do not plaster the vulnerabilities all over the internet – it may be acceptable. A paper by the Electronic Frontier Foundation mentions that grey-hat techniques may violate a number of laws such as the Computer Fraud and Abuse Act, Anti-Circumvention Provisions of the DMCA, Copyright Law and other state laws, so it is probably best to either secure your research or request permission beforehand when doing such techniques.

References

Adams, A & McCrindle, J (2008) Pandora’s Box: Social and professional issues of the information age. England: John Wiley & Sons Ltd.

Electronic Frontier Foundation (n.d.) A “Grey Hat” Guide [Online]. Available from: http://www.eff.org/issues/coders/grey-hat-guide (Accessed: 5 December 2010).