Does Ethical Hacking Exist?

There’s a fine line between good and evil when it comes to hacking, but where does that fine line sit?

The words ‘ethical hacking’ may not seem to belong together, but the unprecedented release of sensitive web-hosted information in recent times has propelled this dubious concept into the public spotlight. Data loss and theft have been in the news more than ever before this year, from Ashley Madison to Mossack Fonseca, and the question of whether hacking can ever truly be deemed ethical has been discussed far and wide.

Hackers often argue that they have a moral duty to expose misbehaviour, from the State-level malpractice detailed in the WikiLeaks files to the cheating spouses on Ashley Madison’s databases. With recent Mossack Fonseca leaks highlighting how even the data of the super-rich isn’t completely free from the hacker’s glare, online data has never been in such peril. It seems this is true irrespective of whether the data involves customer details, financial information or corporate documents.

So what is ethical hacking?

Ethical hacking represents the main countermeasure against hacktivism and cyber-criminality. It allows IT experts to pit their wits against a company’s security infrastructure, probing for vulnerabilities and assembling reports on how those systems could be improved. Conducted with the full approval of the client, and maintaining confidentiality, ethical hacking is the digital version of employing a poacher-turned-gamekeeper. The US government has been testing its computer systems in this way since the 1970s, on the basis that it takes a hacker to catch a hacker. Few other people have comparable understanding of coding, security systems, etc.

Of course, the poacher-turned-gamekeeper argument has always been morally suspect since it can be argued that the (supposedly reformed) criminals are benefiting from their past misdemeanours. An ethical hacker is still a hacker – perhaps with a guilty conscience or a newfound sense of responsibility – and they’re hardly able to occupy the moral high ground over the likes of hacktivist group Anonymous. Between ‘benevolent’ white hat and ‘malicious’ black hat hacking is a large grey area, particularly in light of a disturbing new trend where black hats betray each other to the authorities, thinning out the competition and improving their own nefarious prospects.

Given this current spate of black-on-black hacking, and bearing in mind how much information is stored digitally nowadays, ethical hacking is starting to resemble a necessary evil. The Ashley Madison hack led to suicides and divorces, which is unforgivable considering adultery isn’t actually illegal. Everyone has their own moral compass, and the 2011 leak of Arizona law enforcement officers’ social security numbers was deemed justifiable and necessary by the hackers in question. Few observers agreed, but the information was still out there in the public domain.

And so we return to the ethical hackers, spending long caffeine-fuelled nights hunting for server backdoors and registry key flaws. An increasing number of white hats arrive in corporate offices brandishing a qualification from the International Council of E-Commerce Consultants. When you can obtain an official certificate in a particular area, its legitimacy is surely confirmed – proof that ethical hacking is a necessary evil, and one that’s here to stay.

Let us know what you think about ethical hacking over on our Twitter page.