Due to the rapid development of the World Wide Web, the art of hacking has penetrated the world of computer technologies. It means that e-business and e-commerce are under the threat of destruction. That is why electronic information transfer is not the safest method. Nowadays, the problem of hacking is not new but the ethical discussion of the problem is still on hold. Some people believe that hackers break the law and should be punished.
Others insist on the fact that electronic espionage has the right to exist since there are obvious cases when hackers’ skills are crucial and, therefore, there must be some ethical standards in hacking. Consequently, it is necessary to clarify whether hacking should be legally acknowledged or not. In addition, the problem of ethical hacking and the corresponded ethical issues are to be analyzed. And, finally, the perspectives of ethical issues are also on the agenda.
Before getting down to the consideration of the above-mentioned issues, it is obligatory to figure out what the term “hacking” means. To start with, it is important to understand the term “hacker” means a person who damages other computer software. An interesting interpretation of that term was given by Stuart McClure (2009) who states that hacking is” exploiting vulnerabilities in the webserver software”. He also emphasizes that it is not an algorithm of files penetration but the identification of weak points of information security. According to the author, the most vulnerable web servers are Microsoft and Windows.
Although both interpretations are negatively colored, John Knittel and Michael Soto (2003) refer to hackers as rather talented people that have incredible skills in the computer field and programming. The most famous hackers are Bill Gates and Steve Wozniak who have created the gigantic software industries. Hence comes, that hackers could be acknowledged as the founders of the Internet and computer software. On the other hand, some hackers intend to break into other’s people files and steal secret information. According to John Knittel and Michael Soto (2003), such a category of hackers should be acknowledged as crackers. The crackers are often highlighted in media misusing the term hacker.
The hackers’ activity is mostly directed at the declassification of confidential information and its general availability. So, politically and socially viewing the issue, the hackers’ activity is completely justified because society has the right to know the real state of affairs.
There is a widespread presumption that hacking means breaking the law and, therefore, it should be assessed as a crime. Here appears a big contradiction which is explained by the fact if the crime is not directly connected with a person, hackers cannot be punished. Hence, there is a slight tie between technology and punishment (Thomas, D. 2000 p. 25). According to the official law, hackers are prohibited to steal some governmental and financial data, interrupting secret data banks, and damaging the computer itself. In addition, computer fraud is also recognized as an offense and is strictly “persecuted under the state of the Computer Fraud and the Abuse Act” (Beatty, J. F. 2009, p. 431).
On the other hand, in some countries hacking is not a crime on the ground that their legislation does not pay diligent attention to the protection of intellectual property. In this case, computer attackers cannot be accused of an offense that does not exist. Still, in rare cases, hackers can contribute to the identification of some computer crimes and, therefore, they can be recognized as effective instruments in the detecting of computer lawbreakers, namely, crackers. Sometimes, hackers are propelled to the crime by some other people, notwithstanding the negative consequences and ignoring the official law.
The previous points lead to the consideration of such problems as hackers’ ethics and defining what the actual ethical hacking is and what issues arise out of it. To begin with, it is necessary to admit, that the connection between hacking and ethics is obvious since there are cases when hackers serve as computer “healers” and can eliminate the virus from the computer. The creation of antivirus software is also accomplished by hackers. So, the personal computer is protected from virus intervention.
The problem of malware has simultaneously appeared with the introduction of computer technologies. And the purpose of them is not only to detect the vulnerabilities of the electronic database system. Viruses are created by hackers to get revenue from them by creating antivirus programs. That is one more illegal way to obtain profit since hackers may sell this malware to another person or use it in his/her interest. Even though viruses damage the computer network, the constant increase of malware attacks proves that the creation of such programs is in high demand among PC users.
Secondly, if hackers obtain access to the company files of a certain database without changing and stealing anything, it cannot be appraised a crime since he/she does not do any harm to the security system. On the contrary, the hacker may inform the company about the drawbacks of its security system and create a more reliable one. Moreover, copying and utilizing that information excludes any punishment since the hacker leaves the information unchanged in its previous place.
Besides, the private information stored in the company’s data warehouse might be illegal and high-level security systems can only constitute that company has certain prohibited electronic records (Forester, T. and Morrison P. 1994 p. 101). Thus, Lee Freeman (2004, p.261) gives an appropriate definition of ethical hacking calling it “justified hacking” presupposing that hackers’ activity implies the introduction of justice where “ends justify means”
And, finally, there officially exist several ethical standards of ethical hacking: Certified Ethical Hacking (CEH) and Certified Information Systems Security Professional (CISSP) are the most respectable ones. According to the CEH, hacker carries out penetration testing to detect weak points in the security system imitating the steps of malicious hacking without any harm. To obtain a CEH certificate, the hacker must be rigorously substantiated in the fundamentals of information security such as “confidentiality, integrity and availability” (Krutz, R. L. and Vines R. D. 2007, p. 8) According to CEH, the ethical hacker should conduct penetration test and study the drawbacks of the informational system paying attention to the contract terms. In its turn, CISSP is the certificate that promotes hackers to the advanced stage of a data security system.
To obtain access to the CISSP, a hacker should have at least three years of experience. Hence comes, this certified standard has been created to prevent malicious hacking from interrupting the intellectual property of companies, both within the external and internal network. Nonetheless, penetration testing and ethical hacking are not the same notions since ethical hacking can use penetration testing as one of the main tools in detecting the weakness of data warehouse security.
Therefore, people using hackers’ services should be aware of all the principles of hackers’ ethics otherwise they might be subjected to the responsibility of unlawful penetration to the prohibited e-sources. Due to the ever-growing demand for hacking services, consumers pay considerable attention to ethical standards.
After a thorough examination of the issues in ethical hacking art, the following conclusions should be made. First of all, it is worth mentioning that the increased utilization of the World Wide Web and, therefore, the introduction of ethical hacking has changed the outlook on the legislature system.
So, the new laws and should be included in them since some cybercrimes are not persecuted by the law. Taking into account the all above analyzed, ethical hacking can be regarded as the most effective tool which is applied for the protection of the World Wide Web data system in case an unlawful attack occurs to disclose vulnerabilities in the data banks and network security. In addition, the introduction of ethical standards has extremely advanced the culture of online communication and data exchange. These standards also allow differentiating between the crackers, or malicious hackers, and justified, namely, ethical hackers. However, it has restricted the data availability that contradicts hackers’ main concept of general accessibility of information.
Beatty J. F., & Samuelson S. S., (2009). Introduction to Business Law. US: Cengage Learning.
Forester T., & Morrison P. (1994). Computer Ethic: Cautionary Tales and Ethical Dilemmas in Computing. US: MIT Press.
Freeman, L., & Peace A. G. (2004). Informational Ethics: Privacy and Intellectual Property New York: Idea Group Inc.
Knittel, J., & Soto, M. (2003). Everything You Need to Know about the Dangers of Computer Hacking. New York: The Rosen Publishing Group.
Krutz, R. L., & Vines R. D. (2007). The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking. US: John Wiley and Sons.
Krutz, R.L., & Vines R. D. (2002). The CISSP prep guide. US: John Wiley and Sons.
McClure, S., Scambray, J., & Kurtz, G. (2009). Hacking Exposed, Sixth Edition: Network Security Secrets and Solutions. New York: McGraw Hill Professional.
Thomas, D., & Loader, B. (2000). Cybercrime: law enforcement, security and surveillance in the information age. London: Rutledge.