Ethical Issues in Ethical Hacking

Due to the rapid development of the World Wide Web, the art of hacking has penetrated into the world of computer technologies. It means that e-business and e-commerce are under the threat of destruction. That is why, electronic information transfer is not the safest method. Nowadays, the problem of hacking is not new but the ethical discussion of the problem is still on hold. Some people believe that hackers break the law and should be punished.

Others insist on the fact that electronic espionage has the right to the existence since there are obvious cases when hackers’ skills are crucial and, therefore, there must be some ethical standards in hacking. Consequently, it is necessary to clarify whether hacking should be legally acknowledged or not. In addition, the problem of the ethical hacking and the corresponded ethical issues are to be analyzed. And, finally, the perspectives of ethical issues are also on the agenda.

Before getting down to consideration of the above-mentioned issues, it is obligatory to figure out what the term “hacking” means. To start with, it is important to understand the term “hacker” means a person who damages other computer software. An interesting interpretation of that term was given by Stuart McClure (2009) who stats that hacking is “exploiting vulnerabilities in the web server software”. He also emphasizes that it is not an algorithm of files penetration but the identification of weak points of information security. According to the author, the most vulnerable web servers are Microsoft and Windows.

Despite the fact that both interpretations are negatively colored, John Knittel and Michael Soto (2003) refer to hackers as to rather talented people that have incredible skills in computer field and programming. The most famous hackers are Bill Gates and Steve Wozniak who have created the gigantic software industries. Hence comes, that hackers could be acknowledged as the founders of the Internet and computer software. On the other hand, there are hackers who intend to break in other people’s files and to steal the secret information. According to John Knittel and Michael Soto (2003), such category of hackers should be acknowledged as crackers.

Raymond’s “The new hackers dictionary” defines that hacker is “a clever programmer”. He also emphasizes that it is irrelevant to apply this term to those who break in the computer systems. Like Knittel, he uses the term “cracker” to identify malicious hackers. (Raymond 1996 p. 232) Thus, a “good” hacker is a person who is interested in studying the details of programming language and is actually keen on programming but not just on its theory. In addition, a hacker is the one who is a connoisseur of particular programming language. Very frequently, the term hacker is misused in mass media to describe a person who intends to crack the alien computer systems. In this respect, it is better to use the term “cracker”.

Based on the above, one could not but mention the emergence of hackers’ ethic as well. Thus, Raymond gives two notions that clarify the hackers’ duties and obligations. In this respect, hacker is obliged to share the experience by creating software that would facilitate the access to information and other computer resources. However, the cracking that implies no theft or acts of vandalism is accepted among the hackers (Raymond 1996 p. 234).

The next principle of hackers’ ethics contradicts the previous one. To be more exact, some people regard cracking as an unethical act and identify it with entering and breaking. However, the assumption that cracking does not destruct the systems allows people to regard to those hackers as to “benign crackers” (Raymond 1996 p. 234). Besides, the positive outcome of the hackers cooperation is the creation of the advanced security systems and software.

Anyway, the hackers’ activity is mostly directed on the declassification of the confidential information and its general availability. So, politically and socially viewing the issue, the hackers’ activity is completely justified owing to the fact that the society has the right to know the real state of affaires. Nonetheless, the hackers’ objectives vary. There are cases when the goal may be industrial espionage or theft of the credit card information. Unauthorized access to alien computer data is a serious crime even if hackers do it just to experience some challenge (Beautty 2009 p. 430).

There is a widespread presumption that hacking means breaking the law and, therefore, it should be assessed as a crime. Here appears a big contradiction which is explained by the fact that if the crime is not directly connected with a person, hackers cannot be punished. Hence, there is slight tie between the technology and the punishment (Thomas, 2000 p. 25). According to the official law, the hackers are prohibited to steal some governmental and financial data, to interrupt secret data banks, and to damage the computer itself. In addition, computer fraud is also recognized as an offence and is strictly “persecuted under the state of the Computer Fraud and the Abuse Act of 1986 (CFAA)” (Beatty, 2009, p. 431).

According to the CFAA, fraud lies in the merchandizing the online property that does not exist. As a result, malicious hackers illegally obtain money. One of the types of fraud is identity theft. Hence, the crackers steal the number of bank accounts in order to obtain loans or credits. To prevent these crimes, the American government issued the Identity Theft and Assumption Deterrence Act of 1998 (Vacca p. 427). Another widespread kind of theft is phishing. Hackers or phishers could send an e-mail in order to enter the recipient’s information by creating the illegal web site. These web sites may be created by some suspicious companies and, therefore, they should be differentiated from the legitimate companies (Beatty, 2009, p. 431).

On the other hand, in some countries hacking is not a crime on the ground that their legislation does not pay a diligent attention the protection of intellectual property. In this case, computer attackers cannot be accused of the offence that does not exist. Still, in rare cases, hackers can contribute to the identification of some computer crimes and, therefore, they can be recognized as effective instruments in the detecting of computer law breakers, namely, crackers. Sometimes, hackers are propelled to the crime by some other people, notwithstanding the negative consequences and ignoring the official law.

The previous points lead to the consideration of such problem as hackers’ ethics and defining what the actual limits for hackers are and what issues arise out of it. To begin with, it is necessary to admit, that the connection between hacking and ethics is obvious since there are cases when hackers serve as computer “healers” and can eliminate the virus from the computer. The creation of antivirus software is also accomplished by the hackers. So, the personal computer is protected from the virus intervention. The problem of malware has simultaneously appeared with the introduction of computer technologies.

Moreover, the purpose of them is not only to detect the vulnerabilities of the electronic data base system. Viruses are created by hackers in order to get the revenue from it by creating antivirus programs. That is one more illegal way to obtain profit since hackers may sell this malware to another person or to use it in his/her own interest. Despite the fact that viruses damage the computer network, the constant increase of malware attacks proves that the creation of such programs is in high demand among the PC users.

Secondly, if hackers obtain the access to the company files of a certain database without changing and stealing anything, it cannot be appraised a crime since he/she does not do any harm to the security system. On the contrary, hacker may inform the company about the drawbacks of its security system and create a more reliable one. Moreover, copying and utilizing that information excludes any punishment since hacker leaves the information unchanged on its previous place. Besides, the private information stored in the company’s data warehouse might be illegal and high-level security systems can only constitute that a company has certain prohibited electronic records (Forester, T. and Morrison P. 1994 p. 101).Thus, Lee Freeman (Knittel, J., & Soto, M. 2004, p.261) gives an appropriate definition of ethical hacking calling it “justified hacking” presupposing that hackers’ activity implies the introduction of justice where “ends justify means”.

In order to secure the software from crackers invasion, there exist special powerful tools for software treating and monitoring. Owing to the fact that vast areas are devoted to the software checking, McClure (2009, p. 536) singles out two security testing approaches: fuzz testing and penetration testing. The first method is an advanced application that prevents an adversary access to the database and any type of software operations. To install the file-fuzzing, it is necessary to check all the formats your PC supports and to get the maximum number of valid files.

Another approach is penetration testing which is used to intrude the physical and logical defenses by using the devices of malicious hackers. This method has become the inherent component of every security system. The term pen testing was applied to all forms of ethical hacking including the analysis of software services (McClure 2009 p.537). Unlike fuzzing, penetration testing is more difficult since the invasion is carried out mostly without any automated tools but by means of efforts of experienced hackers.

And, finally, there officially exist several ethic standards of ethical hacking: Certified Ethical Hacking (CEH) and Certified Information Systems Security Professional (CISSP) are the most respectable ones. According to the CEH, hacker carries out the penetration testing in order to detect weak points in the security system imitating the steps of malicious hacking without any harm. To obtain CEH certificate, the hacker must be rigorously substantiated in the fundamentals of information security such as “confidentiality, integrity and availability” (Krutz, R. L. and Vines R. D. 2007, p. 8) According to CEH, ethical hacker should conduct penetration test and study the drawbacks of the informational system paying attention to the contract terms.

In its turn, CISSP is the certificate that promotes hackers to the advanced stage of data security system. In order to obtain the access to the CISSP, hacker should have at least three years of experience. Hence comes, this certified standard has been created to prevent the malicious hacking from interruption to the intellectual property of companies, both within the external and internal network. Nonetheless, penetration testing and ethical hacking are not the same notions since ethical hacking can use penetration testing as one of the main tools in detecting the weakness of data warehouse security.

Penetration testing might have inevitable consequences unless it performs in a proper way. Usually, companies continue to carry out business while the testing is being conducted. This might negatively affect the company’s work if a system breaks down. That is why, before getting down to work, the company must be informed that the pen testing is complete in order to avoid losses (Klevinsky et al. 2002 p. 19).

The next problem lies in the fact that testing machines are rather expensive. Thus, to accomplish a diligent testing the company should take in account the cost of configuration and its further maintenance and include the amount of information and electronic assets to be tested. Finally, the penetration must be authorized otherwise the testing could be regarded as an illegal act. In this case, a firm should demand the conclusion of some legal agreements before testing so that the tester will be assured that the act is legally permitted. The protection of benign hackers could be supported by the company’s “Get Out of Jail Card” agreement (Klevinsky et al. 2002 p. 20) that guarantees that hacker will not suffer losses or damages arising out of testing.

Considering the standards of penetration testing, there are some ethical issues for an authorized hacker to follow. First of all, pen testing occurs when the beta-quality code is available. Next, before getting down to work, the penetration team should submit the necessary documentation and to set up the goals for the pen testing application. Finally, it is necessary to keep an eye on the emergence of new components of software that may present the potential risk (McClure 2009 p. 537).

Therefore, people using hackers’ services should be aware of all the principles of hackers’ ethics otherwise they might be subjected to the responsibility of unlawful penetration to the prohibited e-sources. Due to the ever-growing demand for hacking services, consumers pay a considerable attention to the ethical standards.

In 1986 Richard Mason presented the world with “four ethical issues of the informational age” Despite the fact these issued are out of date, they are still appropriate today (Freeman & Peace 2004 p. 3). Thus, Mason singled out four main issues: privacy, accuracy, property, and accessibility. The first component, which stands for the protection of the informational confidentiality, is on issue nowadays due to increase of information technology and the rise of the information value in the decision-making process. In other words, the information that seems to be private is likely to be not.

This is also explained by the fact that the Internet itself has made the data freely accessible to billions of people if compared with the past. Moreover, the power of information possession led to the vigorous competitions and, as a result, to cyber crimes. When regarding accuracy, it is necessary to mention that in case designers create or download the information, they bear responsibility for the submission of incorrect data. In addition, the identity theft is the outcome of data falsification. The third ethical issue pointed by Mason has increased its significance in the current world of online network operations.

Mason managed to predict that bandwidth will become an ubiquitous phenomenon that has led to the unlawful downloading of software and media (Freeman and Peace 2004 p. 6). The last issue presented in the paper is closely connected with computer literacy which is crucial owing to the growing necessity to access the online data. In addition, with the growth of economic online activities, considering ethical issue is of paramount importance.

Taking into account the above mentioned, Mason’s issues are still urgent. However, the last two decades contributed to the modernizing those four outlets since computers have widened their functions and are applied both in business and at home. The points discussed by Mason have a direct tie to the ethical hacking since only “justified” hackers are governed by these principles.

Analyzing different angels of ethical issues in hacking and hacking itself, we could single out the main functions of ethical hackers and its principal values. First, hackers can be regarded as public “watchdogs” (Duquenoy et al. p. 23). That means that hackers reveal the information to the public believing that people have the right to know more. Secondly, hackers may serve as security consultants helping to prevent the database from breaching.

Since malware is becoming more sophisticated, hackers may be applied as the gardeners and improvers of the security systems. Finally, we can attach to the hackers as to the artistic site designers who create the image of the official company’s websites. Though this application is not so crucial, still, it is widely used by the many companies as one of the strategic approaches for a successful conduct of business (Duquenoy et al. p. 24). As it could be seen, hackers have a considerable importance for the amelioration of security software and for the further development of the high technologies. Perhaps, in future, hacking is on the way of becoming a profession.

After a thorough examination of the issues in ethical hacking art, the following conclusions should be made. First of all, it worth mentioning that the increasing utilization of the World Wide Web and, therefore, the introduction of ethical hacking has changed the outlook on the legislature system. So, the new laws and should be included into it since some cybercrimes are not persecuted by the law. Taking into account the all above analyzed, ethical hacking can be regarded as the most effective tool which is applied for the protection of the World Wide Web data system in case an unlawful attack occurs to disclose vulnerabilities in the data banks and network security.

In addition, the introduction of ethical standards has extremely advanced the culture of online communication and of the data exchange. These standards also allow differentiating between the crackers, or malicious hackers, and justified, or ethical hackers. However, it has restricted the data availability that contradicts hackers’ main concept of general accessibility of information.

Reference List

Beatty J. F., & Samuelson S. S., (2009). Introduction to Business Law. US: Cengage Learning.

Duquenoy,P., Jones, S., Blundel, B, G. (2007). Ethical, Legal and Professional Issues in Computing. US: Cengage Learning EMEA.

Forester T., & Morrison P. (1994). Computer Ethic: Cautionary Tales and Ethical Dilemmas in Computing. US: MIT Press.

Freeman, L., & Peace A. G. (2004). Informational Ethics: Privacy and Intellectual Property New York: Idea Group Inc.

Klevinsky, T.J., Laliberte, S., Gupta, A. (2002). Hack I.T.: Security through penetration testing. US, Canada: Addison-Wesley.

Knittel, J., & Soto, M. (2003). Everything You Need to Know about the Dangers of Computer Hacking. New York: The Rosen Publishing Group.

Krutz, R. L., & Vines R. D. (2007). The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking. US: John Wiley and Sons.

Krutz, R.L., & Vines R. D. (2002). The CISSP prep guide. US: John Wiley and Sons.

McClure, S., Scambray, J., & Kurtz, G. (2009). Hacking Exposed, Sixth Edition: Network Security Secrets and Solutions. New York: McGraw Hill Professional.

Raymond, E. (1996). The New Hacker’s Dictionary. US: MIT Press.

Thomas, D., & Loader, B. (2000). Cybercrime: law enforcement, security and surveillance in the information age‎. London: Rutledge.

Vacca, J.R. (2003) Identity theft US: Prentice Hall PTR.