ethical.blue Magazine

// Cybersecurity clarified.

Some Thoughts About Ethical Hacking

2022-05-27   Dawid Farbaniec
...
First let's try to define the term hacker. People who break the security of information systems are often called hackers. No matter what are their intentions (good or bad), they are, according to most media, hackers. For example: If someone steals some amount of money and did it by breaking or bypassing the security of the bank – it's hacker. This is unwanted by the real hacker community who wish to exclude cybercriminals from their culture. For this purpose, i.a. they advise to use the term cracker on cybercriminals.

I remember time when the Polish crack scene was alive (I was very young). I watched different groups and they didn't publish exploits, didn't damage websites, or hacked bank accounts/internet wallets. Cracker groups released zines (magazines) to share knowledge. They also created programs that operated on executable files, such as EXE Packer/Protector. It was part of this harmless activity (they probably did some other good things that I don't remember now). When it comes to the illegal activity of cracker groups from my life time, I remember breaking the security of commercial software (releasing cracks, keygens, etc.).



For the reasons described above, I do not use the term cracker for a cybercriminal. Nowadays it's hard to find an installer for some application which is 126KB and includes graphics, animations and chiptune melody. It's real art.



I think a hacker is a good term for an IT security breach, but not as general as most media use, but with the appropriate division:
  • black hat – a hacker who acts illegally or semi-legally. Through the found security bugs, he can gain access to the attacked system and, for example, steal confidential data. He can also publish or sell illegal hacking tools.
  • white hat or ethical hacker – a hacker who acts legally. He tries not to cause any harm, even when he discovers access to an unsecured system. Reports found bugs to companies, website administrators or program authors so that a security patch can be released.
  • gray hat – a hacker who is not always as bad as a black hat, but may take actions that deselect it as a pure white hat.

Morality

Looking at the division of hackers into black, white and gray hats presented above, the answer appears that hacking does not have to be against moral values, because there are "good hackers" defined as white hats. White hat activities combined with the evaluation of certain actions through your own conscience allow you to be a hacker and not be sinned because of it.

However, no one is perfect, and we do not meet only well-intentioned and ethical spirits. Hacker community has good people fascinated with computers, but also cybercriminals, so you should think carefully about each of your actions.

For example, when creating an exploit for a newly discovered vulnerability, you need to think about whether it were really created for a good purpose. Showing the example of a security bug and an example of an attack can serve educational purposes and be a guide on how to protect yourself. However, when the created tool will enable even novice computer users to breach security, it is worth considering whether we gave a powerful digital weapon to random people.

On the issue of creating malware, below I present the quote from some priest.
Quote:
Satan wants people to think that he doesn't exist, so that they don't know how he works, then it's easier for him to control them.

In the above quote, Satan can be compared to malware. Therefore, researching and analyzing malicious code itself is not unethical. In the case of development of applications that fit the term "malicious", I leave the decision to your conscience. However, I will also mention that reading about demons and their operation is not bad, because exorcists learn about, for example, possession techniques. After all, the border between good and bad in this matter is very easy to break.

Who is Ethical Hacker?

Ethical hacker is the IT Security person who works legally. Personally, I think gray hats should not be excluded. Everyone has falls, and the important thing is that someone still wants to get up. An example may be the situation of a person I know who, for financial reasons, wrote and sold malware at a young age. Later this man starts contributing to the community, found a job, and somehow manages not to go back to evil.

Bibliography

http://robinski.org/starocie/programy-w-assemblerze/htbinstaller/ [access: 2020-10-27]