Computer Security Chapter 1: Ethics of Hacking and Cracking

Ethics of Hacking and Cracking

• Unethical computer hacking is a crime, and computer cracking is a term for illegally hacking into a computer system without the permission of the system's owner.
• Hackers can be categorized into two groups: White Hat (good hackers) and Black Hat (bad hackers), based on their intentions and actions.

Hacker Communities

• The White Hat/Black Hat model represents the "good guys" and "bad guys" in the hacking community, respectively.
• However, the "Gray Hat" concept suggests that the dichotomy of good and evil is not a perfect fit in the real world.

Hacker Profiling

• Hacking requires being intimately familiar with the techniques of the perpetrator or opponent.
• Reading and techniques used by both ethical and malicious hackers are identical.
• The profile of a hacker is multifaceted, and Black Hat Briefings convention highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community.

Hacker Motivations

• Common motivations for hackers include curiosity, love of puzzles, desire for recognition or fame, revenge, financial gain, and patriotism or politics.

Ethical Hacking

• Ethics are the principles of conduct that govern individuals, groups, and professions, and without a published code of ethics, it is difficult to gain public trust for a profession.
• Separating the ethical hacker from the unethical cracker will allow security professionals to present the benefits of their profession.

Evolution of Hacking

• The modern concept of hacking began in the late 1950s, with students at MIT using their access to the mainframe to work on new languages.
• The first password hacks were a response to the Compatible Time Sharing System (CTSS) developed in the early 1960s.
• In the 1970s, phone phreaks used phreaking to access telephone networks, and in the 1980s, war dialers were developed to search for open modems, leading to the growth of hacker communities.

Ethics and Issues of Information Technology

• There is a need for ethics within the hacking profession, and there is currently no national certification standard for computer security professionals.
• Certificates available denote skill levels, and vendor-neutral security certifications include CompTIA Security+, GIAC, ISC2, and EC-Council Certifications.

What Needs to Be Secured

• Protection of data provided to organizations or stored on personal computers is a high priority, and some crackers break into systems to utilize what they consider wasted computer energy.
• Using bandwidth without permission may seem harmless, but it is a crime, in addition to being unethical.
• Many hackers find it tempting to copy, download, and use proprietary software and other copyrighted works.

Summary

• Computer cracking is illegally hacking into a computer system without the permission of the system's owner.
• Hackers are commonly thought of in two groups: White Hat and Black Hat.
• The techniques used by ethical and malicious hackers are similar.
• Hackers may be motivated by curiosity, puzzles, fame, revenge, money, or patriotism.
• The modern concept of hacking began in the late 1950s, and there is a need for ethics within the hacking profession.
• Professional security experts, technologists, and hackers must develop a public code of ethics, and an ethical hacker is a security professional who applies hacking skills for defensive purposes.