The Ethics of “Ethical Hacking”
Implications for Ethics Education
I have previously blogged about the controversial issue of "Ethical Hacking." In this blog, I will update that discussion and add to it because changes are happening rapidly and the number of cybersecurity attacks are increasing.
We live in an era of unprecedented cybercrime, both in quantity and quality. These attacks, which can take many forms, can significantly impact national security, business interests, and infrastructure. It is more important than ever for organizations to address these challenges, and one of the best precautions is prevention.
What is an ethical hacker?
According to techtargtet.com, an ethical hacker, also referred to as a white hacker, is an information security expert who penetrates a computer system, network, application or other computing resource on behalf of its owners -- and with their authorization. Organizations call on ethical hackers to uncover potential security vulnerabilities that malicious hackers could exploit. Ethical hacking involves a detailed process to help detect vulnerabilities in an application, system, or organization’s infrastructure to prevent future attacks and security breaches.
The purpose of ethical hacking is to evaluate the security of and identify vulnerabilities in target systems, networks or system infrastructure. The process entails finding and then attempting to exploit vulnerabilities to determine whether unauthorized access or other malicious activities are possible.
Experts who conduct ethical hacking are called “ethical hackers,” which are security experts performing security assessments to improve an organization’s security measures. After receiving approval from the business, the ethical hacker sets out to simulate hacking from malicious actors.
Unlike malicious hackers, ethical hackers use the same type of skills and knowledge to protect an organization and improve its technology rather than damage it. They should obtain various skills and certifications, and they often become specialized in certain areas. A well-rounded ethical hacker should be an expert in scripting languages, proficient in operating systems, and knowledgeable of networking. They should also possess a solid understanding of information security, especially in the context of the assessed organization.
The Different Types of Hackers
Hackers can be categorized into different types, with their names indicating the intent of the hacking system.
There are two main types of hackers according to techtarget.com are:
- White Hat Hacker: An ethical hacker that does not intend to harm the system or organization. However, they simulate this process to locate vulnerabilities and provide solutions to ensure safety in the business.
- Black Hat Hacker: Your traditional hacker, black hat hackers are non-ethical hackers that conduct attacks based on malicious intentions, often to collect monetary benefits or steal data.
Teaching Ethical Hacking Skills
Computer hacking skills are being taught in institutions of higher learning. I believe it should be taught to cyber-security students to "know the enemy" and ensure they will be equipped to effectively prevent and defend against attacks in the real world. Both academia and security experts add that schools must emphasize law and ethics so students "don't cross the line" and misuse their hacking abilities.
A wide range of educational opportunities exist for individuals interested in pursuing information security. Many of these are being offered in the public sector within community colleges and universities. It is interesting to note that while many schools offer such education and training, a number of professionals express concern about teaching hacking techniques. This apprehension stems from a fear that students may use the information unethically. In other words, they may use the information against the very company hiring them to protect their security.
A group of individuals called the Ghettohackers are trying to change way society views hackers, as stereotypical malcontents interested only in crashing systems, stealing credit cards and releasing computer viruses. While cybercrime arrests make headlines regularly, groups like GhettoHackers are aiming to help those curious about information security get hands-on experience without doing harm to others.
I am concerned about the practice of teaching ethical hacking. Is it right to teach something that itself is unethical? Do the benefits of using the skills of ethical hackers exceed the costs, such as ethical hackers not being so ethical and causing widespread damage?
The teaching ethical hacking is here to stay given the increasing number of attacks against computer systems and individuals. Let’s hope the educators are successful because ethical hackers may be drawn to the “dark side” and wind up hacking the hackers.
Blog posted by Dr. Steven Mintz, The Ethics Sage, on November 17, 2022. You can sign up for Steve’s newsletter and learn more about his activities on his website (https://www.stevenmintzethics.com/) and by following him on Facebook at: https://www.facebook.com/StevenMintzEthics and on Twitter at: https://twitter.com/ethicssage.