Ethics for the IT Professional
Prof Carol Kinzler
Submitted: May 31, 2015
Hackers and hacking as it would be understood by the layman would be that of a criminal, villain or a person set on being a menace to the IT community. Not all hackers are bad nor the act of hacking. These two words bring a negative connotation to a necessary activity of the advancement of information technology. In the following paragraphs the ethical need for a hacker and the act of legal hacking better known as an Ethical Hacker or Ethical Hacking.
Hackers and Their Tools
To begin lets define what a hacker is and what is hacking. A hacker may be defined as a person who is a clever programmer or to mean someone who tries to break into computers systems. Hackers can be motivated by whomever or whatever is sponsoring his or her actions. An Ethical Hacker as defined by the EC Council (International Council of Electronic Commerce Consultants) is:
An individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker (Certified Ethical Hacker, n.d.).
An ethical hackers or hacking is important; they think like and act like real hackers but work for the good of an organization or even the government. Ethical hackers work for organization, companies, the FBI, governments and the military. The ethical hacker uses tools and techniques to obtain secure and classified information. One such technique is penetration testing, which is assessing the overall security of a system or program before attackers do. Specifically, the process of attempting to gain access to resources without knowledge of usernames, passwords and normal means of access (Northcutt, 2006). Ethical hackers at Veracode use automated tools such static analysis and dynamic analysis which are designed to find vulnerabilities like malicious code or insufficient encryption which both may cause security breaches (DuPaul, n.d.).
How is Hacking Ethical One might say hackers and hacking is bad and illegal. In the everyday sense it is, but from the security stand, they and it are required. Information Technology is evolving and companies must stay abreast to threats and vulnerabilities. When adopting new technologies like cloud computing, virtualization, or IT outsourcing, companies are facing imminent security threats and must adjust their security processes, policies, and architectures accordingly (Lewandowska, 2012). To achieve this the course of action can likely be to hire a hacker to attempt to infiltrate new systems and to use their processes and tactics to protect the new product. By 2017 the global Cyber Security market is expected to grow to $120 billion and will have an estimated annual cost to fight cybercrime of $100 billion so employing hackers is a justified endeavor (Cyber Crime Statistice, 2013).
Is this ethical, employing an individual to basically perform illegal acts? Yes it is. An example of ethical hacking when a group of kids calling themselves ethical hackers who work for a security firm called Trustwave demonstrated how easy it can be to break in to places usually thought as being secure (Skytta, 2012). Specially, Matt Jakubowski was able to access credit cards, business, phone and internet conversations; he calls himself a “penetration tester” (one who hacks into a system with the owner’s permission) which is testing things to make sure they are secure. Jakubowski is one member of a team of ethical hackers whose customers are mainly banks and fortune 500 businesses which pay them to test and improve security. Another example, Matthew Pemble an individual employed to expose security flaws in computer systems so they can be fixed. One may ask if these ethical hackers can be trusted. Pemble worked his way from being a weapons engineer with the Royal Navy for twelve years to