Ethics in Hacking

From SI410
Revision as of 13:03, 20 April 2018 by WikiSysop (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Back • ↑Topics • ↑Categories


"Ethics in Hacking" explores ethical questions and topics concerned with the pair hacking and electronics. The act of hacking has an array ethical issues such as privacy concerns, the question of acceptable cyberwarfare, how cyber criminal activity should be handled by the legal system, and the rights to full use of purchased goods. Those who participate in any kind of hacking activity are called hackers. Hackers, whether in positive or negative context, constantly push the boundaries on ethical behavior over the internet raising new ethical concerns, redefine ethical standards, or reiterate unanswered questions.


Passwords can be retrieved by analyzing through packets of sent data through a network

Hackers

The word hacking, as of the late 20th and early 21st century, brings together notions of cyber-criminality or mischievous internet activity. As a verb, the word in realm of technology refers to:[1]

  • a. to write computer programs for enjoyment.
  • b. to gain access to a computer through undocumented means.

"Yes, I am a criminal. My crime is that of curiosity" [2]. Written by Loyd Blankenship under the handle, "The Mentor," "The Hacker Manifesto" was written to be an essay against criminal accusations to hackers. By The Mentor's definition, a hacker was a curious person about information. But by the definition of the public media of the 1990's, hackers were cyber criminals who stole information and caused public mischief[3][4][5]. According to the 1960s Massachusetts Institute of Technology's Tech Model Railroad Club, hackers were a bunch of pranksters who enjoyed programming[6]. The linking details between the concept of hackers were computers and the digital era.

Supporter of Anonymous protests in London Photograph: Mike Kemp/In Pictures/Corbis

Cyber Attacks

Cyber attacks are conscious decisions to get unauthorized access to a computer system. Usually they are "cyberspace-based forms of strategic attack, designed to cause costly, crippling disruptions"[7]. The attacks are also done to steal information such as social security numbers, bank accounts, and other private data.

Ethics of Cyber Attacks

The ethical grounds for a cyber attack should be based on justified warfare. The attacks are criminal by nature as they either cause damage to another party or reveal sensitive information about another party. Since computer information is not tangible like food, there isn't a necessity for such cyber crime. The role of war in the cyber attack can vary. There are wars on private information like Wikileaks[8], wars against countries known as cyber warfare [9], or even personal wars against large corporations like the multiple attacks on Sony[10]. John Arquilla stated that "war and terror have grown more 'thinkable' and ethically acceptable due to the rise of disruptive, cyberspace-based means of attack"[11]. Cyber crime is a form of warfare and repeated exposure understandably makes physical warfare a more acceptable concept. Furthermore, as many civilian services are dependent on government computer networks, cyber warfare has the potential to cause more harm to civilians than previous warfare. Particularly civilians outside of combat zones.

Groups, like Anonymous, have also used such cyber attacks in ways in which they believe they are acting in a valiant manor for the common good, like a modern time Robin Hood. They create the notion that the end justifies the means, as they fight against acts and belief systems of governments and corporations that oppose their ethical compass. This can be seen in their threats and attacks to the Israeli and Syrian governement websites for the acts of regulating and blacking out the Internet to certain parts of the country, as the governments were trying to suppress communication of their actions or hinder the communications of the rebel forces.[12]

White Hat Hacking

A White Hat hacker is an ethical computer hacker. Sometimes referred to as "Security Researchers", these individuals attempt to gain access to systems using the same methods as any other hacker. Any vulnerabilities which a White Hat hacker finds they responsibly disclose to the maintainer of the system [13]. A typical responsible disclosure timeline consists of immediately alerting the company, alerting relevant trusted internet authorities and working with them to ensure that the vulnerability is fixed. Responsible disclosure does allow for public disclosure of the bug in some scenarios. Most commonly If the company does not respond or fix the vulnerability within a reasonable time. Additionally, after they fix the bug and there is a possibility that other pieces of software may be susceptible to similar issues and disclosure would benefit the general public [14]. Many companies offer bug bounty programs. As a reward for responsibly disclosing bugs in their software, they offer cash and other incentives. Some of these bounties top the $100,000 mark. For example, Apple's bug bounty program pays out $200,000 per firmware bug responsibly disclosed [15].

Defensive Worms

Within the realm of White Hat hacking exists a controversial topic known as Defensive Worms. A defensive worm is a piece of software which spreads like a virus, but instead of running malicious code on the computers it reaches, it runs code which patches the system from currently active viruses. Unknown whether they've been widely used, ethical worms have long been a proposed solution to many malware problems as it removes the need for a human to actively patch the machine. A Defensive worm can be deemed unethical because of a few key factors. First, it is using other's bandwidth without their permission. It is also running code which a user has not authorized on their system and then using their system to continue to propagate the worm. Yes, the purpose of the worm is 'good', but that doesn't change the fact that the author of the worm is running their code and spreading it across systems which could affect the performance and impose more security implications which the author of the defensive worm has not even thought of [16]. Many argue that the benefits outweigh the costs, it removes the human element from system patching. A properly engineered, timely, defensive worm could be highly effective.[17]

Types of Cyber Attacks

Malware

A hacker using malware will attempt to get a user to download or open a malicious software. If malware gets onto ones computer, it can take control of the machine, steal sensitive data, or monitor the activity of the device.

Phishing

This type of attack is similar to a hackers use of malware, but the source of the attack is slightly different. Instead of randomly getting a user to install a harmful program on their computer through a link or a website, the hacker may try to send a message that seems to be from a reliable source. This could include and email or Social media message prompting person to open a link that will in fact install malware on ones device.

Examples of Cyber Attacks

Anonymous (group), a group of hackers against censorship of information attacked Sony websites in response to the persecution of fellow hackers who reverse engineered some of the Playstation 3 technology. Anonymous sent a warning to Sony declaring the attack because of the infringement of "free speech and Internet freedom"[18]. Sony was forced to shutdown their Playstation 3 network in order to repair the damages and fix the network. Shortly after the network was back online, LulzSec hacked Sony's photography website[19]. During the same month as the Sony hacks by Anonymous, Nissan systems were attacked by unknown hackers seeking further access to their networks. The hackers stole usernames and passwords from their databases and left a cold trace for authorities. [20] Recently the Anonymous hacking group carried out a series of direct denial of service attacks (better known as DDoS) against PayPal, MasterCard, Visa and other financial services corporations after their blockade on donations to the whistleblowing website WikiLeaks. [21]

Wikileaks is a website that releases confidential government documents without consent.

Information Hacks

Hacks for information seek to uncover the unknown. The subjects of such hacks range from celebrities to government's databases. Because of these vulnerabilities, private data encryption software was developed to conceal and protect data transmitted over the internet. The altogether driving concepts of these hacks are privacy and what pieces of information should not be open to the general public.

Ethics of Information Hacks

The internet has given the computer age the ability to distribute information with ease. Facebook and Twitter are venues for the general public to share information about themselves. There is information that users of Social Networking Services would like to keep a secret, such as personal details about their lives. A common battle ground for information hacks is the target's cell phone where private messages, account details, emails, and images are often stored[22]. The privacy battles have been waged not only by the public but governments as well. Cases against privacy from the government are the rights of personal encryption data distribution (Bernstein v. US Department of Justice)[23] and a probable cause needed to track people using cell phone data (USA v. Pen Register)[24].

Examples of Information Hacks

Wikileaks supporters supply the website with leaked information in a variety of ways. One of those ways is through the hacking of emails, cellphones, and personal accounts of political officials such as Sarah Palin's email account[25]. Another case is when a Chinese hacker gained access to Indian Military information and Tibetan activist's personal accounts[26]

See Also

References

  1. Merriam-Webster Definition: Hacking www.merriam-webster.com
  2. The Mentor. The Hacker Manifesto. www.mithral.com
  3. A Nationwide Computer-Fraud Ring Is Broken Up, 19 April 1992 www.nytimes.com
  4. 2d Jail Term Looms for Man Who Plundered a Foundation, Kathleen Teltsch, 7 July 1992 www.nytimes.com
  5. From Hacker to Symbol, John Markoff, 24 January 1990 www.nytimes.com
  6. Chapter 1 of Levy, Steven. Hackers. Sebastopol, Calif.: O'Reilly Media, 2010.
  7. Floridi, Luciano, ed. The Cambridge Handbook of Information and Computer Ethics. Cambridge, UK: Cambridge UP, 2010. Print. pg 134
  8. Wikileaks 'hacked ahead of secret US document release', 28 November 2010 www.bbc.co.uk
  9. Richard Clarke: China has hacked every major US company, Emil Protalinski, 27 March 2012 www.zdnet.com
  10. Sony PlayStation Network Hacked Again, Closes 93,000 Accounts, Ned Potter, 12 November 2011 abcnews.go.com
  11. Floridi, Luciano, ed. The Cambridge Handbook of Information and Computer Ethics. Cambridge, UK: Cambridge UP, 2010. Print. pg 134
  12. Timeline Of Anonymous And Affiliates Cyber Attacks huffingtonpost.com
  13. “What Is Responsible Disclosure?” Bugcrowd, 15 June 2017, www.bugcrowd.com/resource/what-is-responsible-disclosure/.
  14. “Vulnerability Disclosure Cheat Sheet”. Vulnerability Disclosure Cheat Sheet - OWASP, OWASP, www.owasp.org/index.php/Vulnerability_Disclosure_Cheat_Sheet.
  15. Weintraub, Seth. “Apple Announces Its First Security Bounty Program at Black Hat 2016 with up to $200K Payouts.” 9to5Mac, 5 Aug. 2016, 9to5mac.com/2016/08/04/apple-announces-its-first-security-bounty-program-at-black-hat-2016-with-up-to-200k-payouts/
  16. “Ethical Worms: A Bad Idea.” SearchEnterpriseDesktop, searchenterprisedesktop.techtarget.com/tip/Ethical-worms-A-bad-idea.
  17. Skoudis, Ed, and Lenny Zeltser. Malware: Fighting Malicious Code. Prentice Hall PTR, 2004, books.google.com/books?id=TKEAQmQV7O4C&pg=PA105&lpg=PA105&dq=ethical worm&source=bl&ots=O_4PP_pbii&sig=ws46zPYpmM1opr6aturW8TQmLGo&hl=en&sa=X&ved=0ahUKEwj8z5DMjKLaAhUJ5YMKHbw0AesQ6AEISTAG#v=onepage&q&f=false.
  18. 'Anonymous' Attacks Sony in Support of PS3 Hackers, Sara Yin, 4 April 2011 www.pcmag.com
  19. LulzSec hacker arrested over Sony attack, Charles Arthur, 29 August 2012 www.guardian.co.uk
  20. bits.blogs.nytimes.com/2012/04/24/nissan-is-latest-company-to-get-hacked/
  21. 'Anonymous' hacker convicted over WikiLeaks revenge attack on PayPal, 7 December 2012 [1]
  22. British Tabloid Apologizes to Actress for Hacking, Sarah Lyall, 7 June 2012 www.nytimes.com
  23. Floridi, Luciano, ed. The Cambridge Handbook of Information and Computer Ethics. Cambridge, UK: Cambridge UP, 2010. Print. pg 123
  24. Floridi, Luciano, ed. The Cambridge Handbook of Information and Computer Ethics. Cambridge, UK: Cambridge UP, 2010. Print. pg 123
  25. WikiLeaks, Fareed Khan, 16 August 2012 topics.nytimes.com
  26. Case Based in China Puts a Face on Persistent Hacking, Nicole Perlroth 29 March 2012 www.nytimes.com
Back • ↑Top of Page
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Ethics_in_Hacking&oldid=72141"