In a study of the ethics of hacking, I had the idea of discussing a controversial dilemma which has been argued for ages. However, in this paper I’m going to argue this concept from the perspective of hacking. Is it morally justifiable to learn the skills of hacking and train to use these skills underground for the purpose of becoming more experienced white hat hackers, in other words, ethical hackers?
Why train underground on real targets?
Before taking this article into the subsequent phase, I would like to obliterate the confusion regarding some of the terminology I use (and yes I am a big fan of introductions). Hacker, in this article, is used to designate a person who is an online security expert. Some theorists, professionals, book writers, or just writers like to use the term hacker as a reference for programmerscomputer specialistsengineers who work on extending the functionality of a physical or a non physical object to bypass its original purpose or to enhance and optimize its efficiency and performance. Well in a way, online security experts do the same thing. For in order to be a good hacker one must master the ins and outs of the platform heshe is intending to break into in order to successfully gain access and maintain it. However, the above takes an article by itself to discuss and currently I’m going to leap directly to the point.
Why do hackers need to experience an attack on a real target? The answer is simple. If one does not experience the rush behind committing a crime, the motivation for being a thief and the thrill of attaining the grand prize, one will never acquire neither the patience nor the creativity to do hisher task well.
The rush, motivation and thrill are the essence of any worthy of admiration hacking attempt. I’m being amoral here, I understand, but reality is not always morally just. Hackers portrayed by the media are considered criminals who take pleasure in destruction. Sorry to disappoint you, but most of the talented hackers do it for the sole purpose of education. You’d be surprised at how many successful breaking attempts occur on a daily basis without destruction of property, theft of material and disclosure of private data. However, it is indeed a fact, that many professional black hat hackers do it for personal profit, but this is not the core of my discussion.
Therefore, for the sake of clarification and not restriction, any certified ethical hacker, security consultant, software developer and IT specialist must learn how to break into a protected system with the risk of being caught. The ethical hacking process does include a black box break in attempt, which in short, provides the hacker the legal ground to engage in an attack at any given date, time, system, and use any method or skill to achieve success, whether via social engineering, using an arsenal of tools, or by identity theft, with no prior knowledge of the network infrastructure or system to be tested. While to my humble opinion this is the most efficient of the numerous ways, it is still incomplete without the correct mindset.
There are indeed other methods to use which might guarantee the system’s security, but the efficiency of all these methods rely on attaining the above thinking prerequisites.
Is it unethical to train underground?
As in any discussion of a philosophical theoryconcept, the validity of the conclusion is based on the strength of the premises. In addition the soundness of the conclusion, as important as it is, is not the subject at hand. Being with or against the following point of view is left to your reasoning.
I would like to introduce an ethical theory called “Utilitarianism” and based on it I will try to draw a conclusion. Be advised that there are numerous ethical theories (Kantianism, Consequentialism, Deontology, etc…). My goal is shedding the light on the topic from an academic perspective and not drawing a firm, concrete hard conclusion.
Utilitarianism, in very simple words, is judging the moral worth of an act based on its consequences. The judgment follows a small set of rules which if respected will enable the portrayal of a, relatively, valid conclusion. The main aspect of a utilitarian act is to minimize the negative utility, such as personal gain, suffering, pain, personal satisfaction and maximizing the good utility such as generating more happiness.
Hence, logically, on one hand, underground hacking attempts on a potential target would cause pain and distress for a potential number of people. On the other hand, the experience gained from such attempts will be beneficial for a larger number of parties. Nevertheless, the amount of pain and distress for the attacked parties can be minimized to the bare minimum. To a point where the target might not even be knowledgeable of the breaking attempt, consequently no actual damage of property is caused. Of course many controversies will rise from what I’ve just said, but think about it, isn’t this type of reasoning similar to the meaning of sacrifice, wars, and many other world injustice induced each and every day?
Therefore, according to the argument above (as short as it is), undergoing an underground hacking training is indeed beneficial for a large amount of parties.
However, this article remains inconclusive and further discussion remains necessary.