Ethical versus Unethical Hacking - Research Paper Example

Ethical versus Unethical Hacking Hacking: Understanding Ethics 2: Ethical vs. Unethical Hacking 3: Hacking cannot be considered as either good or bad. Instead, it exists as do so many actions throughout the world we live in. Ultimately, the ethical interpretation of whether hacking can be considered good or bad is measured in the same way that other actions can be considered as good or bad; namely whether or not it seeks to maximize the best interests of broader society and does not seek its sole purpose to enrich or benefit the individual that is involved in the hacking. Roadmap of Research: 1.1 Provide an ethical interpretation as well as an unethical interpretation of the practice of hacking 1.2 Provide definition and background of the problem; allowing the analyst to appreciate the terms that will be used and understand the broader relevance 1.3 Provide core characteristics that help to define ethical and unethical hacking 1.4 Analyze the level of harm that is indicative of hacking and seek to justify this with the ethics that have previously been analyzed Data Collection and Overview Plan: Changes in the manner in which global communication takes place has created an increased strain with respect to issues of hacking and data security. The revelations of individuals such as Julian Assange and Edward Snowden have underscored the pertinence and relevance of considering the potential for information to be compromised, hacked, and used by third parties that have never been given license or permission for such use. As such, the relevance of hacking is something that not only considers an individual hacker but entire corporations, or national security apparatus. For this very reason, the following plan will provide an overview for how information will be included, what will be discussed and what metrics will be utilized to measure and draw inference upon hacking and the differential, if any exists, between “ethical” and “unethical” hacking. In this way, the following brief discussion has analyzed a litany of both primary and secondary texts in the attempt to provide a valid and fair overview into the issues at hand. Furthermore, by discussing and analyzing the different theoretical approaches that different authors have made, in determining ethics and/or the definitions/interpretation of hacking, the analysis has engaged in a diverse approach to the literature and sought to reflect this with respect to the representations and determinations that have been made. Ethical versus Unethical Hacking In this evolved and highly digital era, cyber security is probably the most notable type of security individuals and companies ought to be concerned with. Businesses, governments, schools, banks, hospitals and virtually every modern institution that comes to mind keeps and organizes information it acquires electronically. Individuals also have a host of information stored electronically. This implies that highly sensitive information – from account and credit card numbers, to phone bills and medical records – is available to people who can decide to steal, manipulate, or share the information maliciously (Leeson & Coyne, 2005). Hacking is mostly associated with these malicious acts by individuals or groups of proficient programmers. However, not all hackers and hacking is wrong, and some do assist in developing robust systems and guarding them against attacks. This paper looks at both ethical and unethical hacking showing how businesses gain or suffer from the respective practice. Definitions and Background Hacker, as a term, has two meanings in the information and technology world today. Initially, a hacker was defined as an individual who loves learning the specifics of computer systems and the channels that can be used to stretch the capabilities of computer systems. Original definitions contrasted hackers to people who were only satisfied with minimum information about computers and their associated systems. In another definition, hackers were considered as those people who enjoyed programming and not simply theorizing about it (Raymond, 1996). This commentary definition was usually protracted to the verb form of the term. Therefore, hacking was regarded as a term that meant the rapid development of new programs or the innovating existing ones to become complicated software. The increasing availability of computer systems enabled user communities outside universities and research centers to access computers. Soon, user communities or regular users began to view computers as highly flexible tools that could be used for various things. Whether the new users programmed, used simple word processors, played games, or did mundane things, they found computers highly interesting. There was never a time that computers lacked individuals who wanted to use them. Computers hiked in terms of cost and restriction because of their increasing popularity. Users would challenge the predefined access controls when they began to experience restriction. Stealing of important account numbers and passwords related to computer systems by looking through the shoulder, using computer bugs, or even taking control of the entire system became common. Users would do myriad things in order to get a chance to use a program of their choice or simply alter the limitations set for the programs that were running (Palmer, 2001). Such practices gave rise to the other side of hacking, which to date is considered illegal. Previously, computer intrusions were fairly few, with the worst case scenario being the wastage or theft of important computer time. In some instances, these intrusions would take the form of computer jokes. However, the recreations did not remain benign for a long time. Once in a while, computer novices or the less careful users would bring down computer systems or damage important information contained in systems prompting system administrators to take repairing actions. In other instances, system administrators would deny computers users access to systems once they found out that they could cause damage or had malicious intentions. The media soon discovered the many intrusions and the extent of damage malicious users made in computer systems. Recreation and intrusion practices became “news” as the media picked up events and stories about them. The media then popularized the computer criminals as “hackers” and computer intruders and crackers today are still named similarly (Palmer, 2001). Ethical Hacking The Internet has become ubiquitous making computer security a major concern for governments and organizations. Organizations and individuals want to make the most out the Internet and engage in advertising, e-commerce activities, information access and distribution, and other important pursuits, but they are concerned about the risk of being hacked. At the same instance, consumers are worried about the security and privacy of their information such as home addresses, social security numbers, and credit card details. A search for solutions by organizations has led to the adoption of “hacking” as a way to prevent intrusion and illegal hacking. Organizations and governments have come to the realization that they need computer security professional to prevent illegal hacking through breaking into their systems. The technique is analogous to hiring independent auditors to verify books in an organization. In situations of ensuring computer security, these “ethical hackers” employ the same techniques and use the same tools that illegal hackers or intruders use to ensure that culprits do not steal information from systems or cause damage while engaging in malicious activities (Palmer, 2001). Ethical hacking practices have been in use since the historic days when computers were still novel. The United States Air Force engaged in various ethical hacking practices to ensure it sealed loopholes that could be used by illegal hackers. In their security evaluation, the United States Air Force evaluated the Multics operating software and system for potential application of a two level clandestine system. Their assessment found that the operating system had several vulnerabilities despite its robustness. Vulnerabilities ranged from hardware issues to software security loopholes. The evaluation also established that the procedures that the personnel engaged in posed security risks to the system. Hackers would intrude the system with little effort once they established the loopholes. Besides the Multics operating system assessment, the United States military has been involved in myriad ethical hacking activities. Ethical hacking outside the military became common with the growth of computer networking. Farmer and Venema is one of the most significant ethical hackings that were done in the early 90s. Discussions regarding the use of intrusion techniques to evaluate security issues in systems occurred probably for the first time. With the purpose of making the computer and network security levels of computers on intranets and the Internet better, Framer and Venema went ahead to explain how they would collect sufficient information regarding their targets to be able to access systems. They offered several examples of how the relevant information could be put to use illegally by malicious individuals to exploit and take over control from their targets. With this information at hand, Farmer and Venema provided suggestions on how organizations could prevent such intrusions (Palmer, 2001). Characteristics of Ethical Hackers Early and current efforts to prevent intrusion into systems illuminate great examples of ethical hackers. Helpful, ethical hackers possess a set of skills that prevent them from crossing the boundaries and using their knowledge and opportunity to manipulate systems maliciously. Firstly, ethical hackers need to be trustworthy completely. While conducting tests on the security level of systems for clients or organizations, ethical hackers come across highly classified information. Trustworthiness assists ethical hackers to keep classified information safe and not to use such information to the disadvantage of their clients or organizations. In many instances, if the hackers publicize such information, organizations suffer attacks from real intruders leading to financial losses. Ethical hackers usually hold important “keys” to an organization during their evaluation of systems (Graves, 2007). Therefore, ethical hackers need to be trusted to use sufficient control over all the information that could cause damages if misused. The sensitivity of the data accessed during assessment requires that organizations take strong measures to ensure that their systems are secure. As for the ethical hackers, limited access to computer systems laboratories and workstations is called for to avoid violations. The workstations should be well protected physically meaning that they should have floor-to-ceiling walls, several secure Internet connections, robust cryptography to secure electronic outcomes, and isolated networks for purposes of testing. However, strong physical structures do not offer proper of security if the people who are maintaining or overseeing them are careless (Graves, 2007). Thus, ethical hackers need to keep up with the physical structures and ensure that they leave workstations and sensitive areas locked or out of limits to regular staff or outsiders. Ethical hackers quintessentially have excellent computer networking and programming skills. They should have been in networking and computer business for long enough to know every detail about them. Ethical hackers are also adept at managing and conducting installations to systems that employ current system software such as Windows or UNIX. Ethical hackers need to augment these skills with in-depth knowledge of software and hardware offered by current networking hardware and computer vendors. Notably, knowledge and skills or a specialization in security are not necessary all the time, as robust skills in other key areas in IT imply a great comprehension of the security needs of various systems. Systems management expertise is essential for the actual susceptibility testing, but is also needed when making a report for the client or organization after the culmination of the test (Palmer, 2001). Finally, great ethical hackers need to have patience and drive compared to other people. Unlike the way movies depict hacking, the process needs a lot of persistence and time. This is an important characteristic, since criminals in the cyber world are known to have extreme patience and a heart to monitor systems for a long time. Criminal hackers spend several days or even weeks monitoring systems while waiting for the best time to hack into the system. A typical assessment may need several hours of tedious work that is hard to automate. Some parts of the assessment have to be done after normal working hours to avoid causing interruptions with normal production at targets or to simulate a near perfect timing of the actual network intrusion or attack. Ethical hackers also need great patience when they meet systems that they do not know much about (Simpson, 2012). This also calls for constant review and education to keep up with the ever changing developments in technology. Unethical Hacking and Its Harms Unethical hacking involves entering into foreign computer system for personal or financial gain. With the advancements of technology, the number of hackers intruding into computer systems of organizations is increasing. While system administrators assist organizations in preventing intruders, they also use their capabilities to “help themselves” and avoid being caught. System administrators act as hackers in such instances and they benefit themselves at the expense of others. Although they do assist the organizations or clients they work for to ward off attacks, they also present ethical implication as they wear black hats in instances where they need to benefit themselves. It is highly unfortunate that some skilled system administrators use their prowess to cause harm to the society by identifying vulnerabilities in organizations’ systems using the knowledge to avoid payments for the goods and services they desire (Spafford, 1992). Black Hat Hackers also present myriad unethical issues through their motives and actions. Good hackers such as White Hat Hackers make it possible for people to use, duplicate, study, adjusts, and redistribute computer software. Scholars consider White Hat Hackers as good hackers. In addition to that, Grey Hat Hackers also benefit the society by focusing on identification of vulnerabilities in current and popular application and system software with the motive of giving creators notification and assisting them to fix the bugs or problems. However, ethical issues arise when a group of hackers known as Black Hat hackers leads to all commotion by exploiting flaws. In the 1990s, when hackers were on the rise, Black Hat Hackers caused a lot of commotion. Businesses lost greatly to the tune of millions, and myriad systems broke down, as a result, of the actions of hackers. Reports stated that these hackers made businesses to lose more than $7 billion, as a result, of viruses that they multiplied and spread through networks (Thomas, 2005). Some of the most prolific and expensive victims of Black Hat Hacking have been entrepreneurship or businesses. Black Hat Hackers target businesses more that they target individual computer users because of their financial and personal data. To make matters worse, companies suffer from hacking attacks from their own employees. As a result, businesses lose billions every year because of computer breaches and hacking. Often, the actual cost of hacking cannot be assessed because the impacts of cybercrimes and security breaches can dawdle for years after the attackers have intruded systems and caused damage. Companies risk consumer confidence and in most cases are charged for exposing consumer information and any loss that occurs as a result. The cost of recovering from unethical attacks spreads swiftly from investigative fees, to legal fees, to stock performance, to customer report, etc. (Jamil, 2011). Unethical hacking can lead to threats to safety or public health. However, hacks that causes vulnerabilities and extends threats to the safety of the public are not as common as those that are done for financial benefits. That implies that most of the computer crimes that occur are either motivated by personal or financial reasons. Almost a quarter of the cases that occur involve current or former employees or students taking advantage of the knowledge they have on internal systems to gain financially or retaliate. Most of the accused cyber criminals are known participants in underground organizations for hacking. Their motivations often align with what how the culture and society portray hackers: thrill-seekers, anti-social, young, competitive, and bold. Most of the cases of hacking involve young males. Although ethnicity is not associated with hacking, most of the cyber criminals are Americans. Conclusion Hacking is a popular term today for all the wrong reasons, which include cybercrime, system intrusion, and security breaches. However, the term’s definition has two sides: the good side, which entails gaining knowledge about systems for purposes of enhancing security, and the bad side, which involves gaining illegal access to systems so as to steal or damage information. Ethical hacking is important to organizations and governments as it prevents unethical hacking. However, the boundary between ethical and unethical hacking is slim, and it calls for qualities such as trustworthiness to ensure that system administrators to do not use sensitive information maliciously. References Graves, K. (2007). CEH: official certified ethical hacker review guide. Chemistry & biodiversity (Vol. 1, p. 238). Jamil, D. (2011). Is Ethical Hacking Ethical? International Journal of Engineering Science and Technology, 3(5), 3758–3763. Leeson, P. T., & Coyne, C. J. (2005). The Economics of Computer Hacking *. West Virginia University. Palmer, C. C. (2001). Ethical hacking. IBM Systems Journal, 40(3), 769–780. doi:10.1147/sj.403.0769 Raymond, E. S. (1996). The New Hacker’s Dictionary (3rd Ed.). Cambridge, MA, USA: MIT Press. Simpson, M. T. (2012). Hands-On Ethical Hacking and Network Defense (p. 464). Cengage Learning. Spafford, E. H. (1992). Are computer hacker break-ins ethical? Journal of Systems and Software. doi:10.1016/0164-1212(92)90079-Y Thomas, J. (2005). The moral ambiguity of social control in cyberspace: a retro-assessment of  the “golden age” of hacking. New Media & Society. doi:10.1177/1461444805056008 Read More