Can Hacking Be Ethical?
We normally hear of hacking efforts intended to create chaos, but can hacking be done for the sake of good?
Most people who use the internet regularly are aware of the risk of hackers, or people who use advanced technical skills to steal passwords and sensitive info, or to bring down entire online systems to prove a political point. Sometimes, hackers just like to wreak havoc simply to prove that they can.
However, there’s another subset of hacker that’s less known in the internet space: the “ethical hacker”. Tech Target defines an ethical hacker as “a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.”
Also referred to as “white hat” hackers, ethical hackers can be very helpful to companies and major online businesses or social networks, as they can point out what they are doing wrong and how they can improve security for their users. This kind of process is often referred to as “bug bounty”, wherein major companies like Yahoo, Twitter or General Motors offer rewards to ethical hackers who can point out holes or bugs in their systems. Recently, Marten Mickos, chief executive officer of HackerOne Inc. and former senior vice president and general manager for Hewlett-Packard Co, was quoted in an interview with Bloomberg explaining why inviting ethical hacking in the form of a bug bounty is a valuable service for major companies.
Ethical Hacking As Big Business
Mickos says, “Even if you’ve bought all the right products or followed all the best practices there are still no guarantees that your systems are secure. By inviting friendly hackers to look for vulnerabilities you will find out what you missed. Most of our customers find a security vulnerability within 24 hours of launching on HackerOne. This is why organizations, including the U.S. Department of Defense, General Motors, Google Inc., Yahoo, Microsoft Corp. and Uber Technologies Inc., work with hackers as part of their security strategy.”
Thanks to the kind of financial incentives that only Fortune 500 companies can provide, ethical hacking is clearly becoming a marketable skill set. A simple search for “ethical hacking courses” brings up thousands of options, from accredited online courses to exam preparation. Far from being an industry that stays in the dark, ethical hacking is firmly moving into the light.
One such ethical hacker interviewed by LifeHacker said that whether it’s low-fi tactics like calling and impersonating an employee, or more technical methods like a brute force attack, “I’ve never come across a business that couldn’t be compromised.” But in so doing so, this hacker expressed that he’d found a career path which was both fulfilling and productive. “I’ve been hacking full-time for the last five years and it’s really one of the most interesting and challenging jobs anyone can have. It’s also incredibly rewarding, because I know I’m helping to protect companies and institutions from malicious hackers who would otherwise have nothing to stop them from breaking in.”
Where Do We Draw The Line?
However, the line between ethical hacking and malicious hacking isn’t always entirely clear. Several years ago, a student who breached Facebook’s security wall was sentenced to several months in prison, even though he insisted his intentions were good. He had previously been rewarded by Yahoo for locating vulnerabilities and had assumed that Facebook would react the same way to his actions. But the fact is, since he illegally accessed Facebook’s internal systems without their knowledge, his intentions didn’t matter in the eyes of the law.
This serves as a lesson that the context of hacking—rather than the intentions—is often what separates the malicious from the ethical. Would-be white hat hackers should only undertake these activities when specifically asked by an organization to do so, unless they want to suffer the potentially consequences of their actions not being warmly received.