This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The term hacking has a wide range of reputation in the last decade. Hackers are mostly used to describe skilled teams of specialist in the field of computer and information security. Most often, hackers are programmers (Forristal and Traxler, 2008, p.23). The use of the word “hacker” is usually overlaped with crackers who break into people's systems and gain unauthorized access in order to damage the date.
Currently, laws in most countries around the world consider hacking as unethical behaviour and laws have been passed to prosecute this behaviour; this is due to hackers, who in most cases have access the virtual world of someone's machine without his/her permission, on teh other hand, Spafford states that these intrusions are ethically acceptable only in [life-saving circumstances] in case that this action would save someone's life. (Spafford, 1992).
A new term has been added to the hacking culture “ethical hackers”, who use their knowledge to increase the security level of the internet community by exposing and fixing security flaws. “Ethical hacking is done in an attempt to prevent malicious attacks from being successful” ( Forristal and Traxler, 2001, p.39).
The origin of hacking can be traced to the beginning of using telephone services, however, the term hacking used firstly on 1960s by MIT‘s computer community. The well known example of hacking attacks happened in mid February 2000. Several e-commerce and non-e-commerce Web sites were attacked within approximately three days period (Cole, 2001, p.12). These sites became unreachable to legitimate users during that period. Due to the attack was a distributed Denial of Service attack.
This report will focus on the ethical issues of hacking. By giving a brief explination about the hacking culture, and going forward into the kinds of security awareness that hackers may provide among large institutions and software companies it will also point out some examples of large organizations which were able to identify their software faults in a better sense after employing ethical hackers. finally, the report will explain hackers' motivations behind which they help companies to fix their security holes.
As companies are much more aware of their security level than ever before and as there is no such a bug-free software, most software today is tested for bug and this may cost a great deal of money and a delay in releasing the products. Frequently, we hear about bugs being discovered by researchers. At the same time, software companies hasten to fix these bugs, Most of which are not publicly known unless hackers report them publicly. Furthermore, It is quite common that hackers provide services to institutions by the time they discover a security flaw in a system. It is hard to determine whether these services are ethical or unethical. On the one hand, they inform companies about their security holes, therefore, they provide a good service for both the company and the company's customers by preventing cyber-criminals from exploiting these flaws. On the other hand, they often exploit this for themselves by firstly, giving the company a bad security reputation . Secondly, gaing a significant amount of money from that particular company.
An example of this is the hacking operation into Mac's operating system by Dino Dai Zovi, the New York-based security researcher, who found out flaws within Apple's Safari and Quick Time applications and used these vulnerabilities to break into the system configurations.
Speaking to Macworld magazine after the CanSecWest conference. Zovi points out that deducting such flaws indicate that this operating system is likely to contain other undiscovered vulnerabilities (Keizer, 2007). This give a warning not only to Mac's operating system users, but also for the other operating[ systems'] users . As a result, Apple issued patches for its QuickTime fixing critical security flaws then, it released an updating program and eventually it made a series of security improvements before releasing QuickTime. In this case, both sides were contented as Apple improved the product, and non of its users were seriously harmd, and the hacker proved the level of knowledge he has among other hackers[a9ranihi] .
Cole (2001, p.16) gives another example about a number of banks when a group of hackers were testing the security of the banks .Once the group found a security vulnerable in one of these banks, they transferred over $10 million dollars from the bank to a private account. That attack was so difficult to detect by the bank. After a short period of time, the manager of teh bank was informed about the attack. He preferred not to publish this incident in order to protect the bank's reputation as a result an agreement has been made between the two sides. hackers who were involved in this situation have provided kind of an ethical service to the bank by protecting teh customer's privacy from other hackers. This emphasises that hackers have the upper hand with their security knowledge.
To make hacking [much] legally it should be under the power of the institutions, and to protect the reputation of the organisation which is likely to be lost when customers hear about security vulnerabilities from hackers. Consequently, most of these institutions adopt the idea of using hackers to discover their system's errors. Arising new class of hackers “ethical hackers”.
According to Cole (2001, p.800), having a secure network requires a constant research of new exploits, deep understanding of how hackers work and having a security professionals who are familiar with the method used by hackers Forristal and Traxler. (2001, pp.40-41) address another issue of using penetrating testing. protection by using hackers with high security knowledge against any attack by malicious hacker does not ensure that ethical hackers will use the [handed tools ]probably.
The argument about ethical hacking started on 1988, after the widespread of Morris's worm over the internet. His self-replicating worm spread to nearly 6,000 networks. Robert Morris was convicted for the damage caused by the Internet Worm, “but his defence lawyers argued that he had provided a service in exposing security flaws” (Smith et al. 2001).
Since that, hackers have been employed by most important organisations to help in taking action against any malicious attacks and to provide technical details concerning t the security flaws. Their duties include finding the weaknesses of the system and to test the effectiveness of the security systems . “Those people will be trusted by the organisations and have a full access to its database to examine its IT infrastructure using the same skills and methods as a malicious hacker”(Hackers beware!, 2006). Lancaster University, for instance, has become the first educational institution in the UK to offer the EC-Council Certified Ethical Hacker qualification. People, who have this certificate, are likely to be employed by that university to ensure a high level of protection its database.
Nowadays governments employ hackers to perform the task of information monitoring and help the security authorities to control the abuse of technology such as FBI and CIA. Moreover, large companies in the field of technology, such as IBM maintain employing teams of ethical hackers (Palmer, 2001, p.772).
What Motivate hackers?
Most often, challenge and boredom are the basic motivations which make normal people turn into hackers. Hackers often have a wide range of skills and experience .They tend to challenge each other and even to challenge themselves to find out holes other people would never find. Forristal and Traxler (2001, p.39) describe this challenge as “intelligent challenge”. Moreover, Stories about hacking mostly come from people who were fired from their jobs, this makes them hack as ravage.
another big reason is The will of fame . Fame is very important in the hacking community, thus, hackers usually use their real names when hacking so that the the whole world will witness their accomplishment on the other hand, hacking for personal gain is not very common hence, Governments and institutions tend to employ hackers with good salaries for the purpose of espionage and deducting criminals.
Hackers who deduct securities errors and report these errors to the companies, are usually non-money motivated hackers and criminal tendency may not be found in this type of hackers neither. As mentioned earlier the motivation behind hacking is either the interesting of doing such a new things which not all computer users can do or because of their work in a security team in a big software company.
The online environment seems to be more and more hazardous these days with the increasing number of computer hacking crimes and the security risks that follow. As a result, it is clear that no institutions are sure about the quality of their security systems.
Hackers may provide an ethical service which help software companies to deduct security holes in their systems and keep their [customers' information] safe . This will increase the security level of the internet community. Hence most large institutions have the attitude of employing “ethical hackers” against hackers. The role which the former play is clearly noticed in many large software companies. Moreover, the effect of such ahackers has improved the security of the internet when ethical hackers inform the organisation at which they work in about the holes in their system before becoming volnurabilities which allow other hackers the access to the system
Cole, E. (2001). Hackers Beware: Defending Your Network from the Wily Hacker. TheUnited States of America: Sams.
Forristal. J. and Traxler. J. (2001). Hacking Proofing Your Applications: The Only Way to Stop a Hacker IS to Think Like One.The Untied State of America: Syngress Media.
Keizer, G. (2007) Contest winner: Vista more secure than Mac OS
Available from :http://www.macworld.com/article/57616/2007/04/daizovi.html
[Accessed: 21 December 2009].
Lancaster University (2006). Hackers beware!. Available from: http://domino.lancs.ac.uk/Info/lunews.nsf/I/A18A1522208A2BB6802571B00053F6BF [Accessed 20 December 2009]
Palmer, C. 2001. Ethical Hacking. IBM Systems Journal, 3: 769-780.
Smith. B et al. (2002). Ethical hacking: the security justification redux .International Symposium on Technology and Society (ISTAS) [online], pages 374 - 379. Available from : http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1013840&isnumber=21825 [Accessed 20 December 2009]
Spafford, H. (1992). Are Computer Hacker Break-ins Ethical? Journal of Systems Software, 17: 41-47.
Wilbanks, L. (2008). When Black Hats Are Really White. 10(5), Avaliable from : http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4629853&isnumber=4629835 [Accessed 21 December 2009].
Beaver, K. (2004). Hacking for Dummies. Indiana: Wiley Publishing.
Coffin, B. (2003, July 1). IT Takes a Thief: Ethical Hackers Test Your Defenses. Available from: http://findarticles.com/p/articles/mi_qa5332/is_/ai_n29015644
[Accessed 21 December 2009].
Graham, P. (2004). Hackers & Painters: Big Ideas from the Computer Age. California: O'Reilly Media.
Scambray, J. (2008). Hacking Exposed Windows: Windows Security Secrets & Solutions 3rd ed . New York: McGraw-Hill.
Tayloy, P. (1999). Hackers: Crime and the Digital Sublime. London: Routledge.
West, A. (2008). Learn the Basics of Ethical Hacker Training.
Available from: http://ezinearticles.com/?Learn-the-Basics-of-Ethical-Hacker-Training&id=1536739 [ Accessed 20 December 2009]
Hacking: A history (2000) Available from : http://news.bbc.co.uk/1/hi/sci/tech/994700.stm [Accessed 21/12/2009]