…..oxymoron or necessary business tool?

–By Grant Lloyd, CTO Softline and Sage AAMEA

Image

According to most national law: “Breaking and entering is the crime of entering a residence or other enclosed property without authorization and some element of force. If there is intent to commit a crime, this is burglary. Without an intent to commit a crime, breaking and entering by itself usually carries a charge of the crime of trespass”.

Whilst intellectual property and access to systems is treated differently from that of physical property in many legal jurisdictions around the globe, it is perhaps expedient to draw parallels between “hacking” a system belonging to someone else, and, Breaking & Entering (B&E).

Whilst potentially arguable, it is contended that since “White Hat Cracking” involves gaining explicit permission from the owner of the system (and perhaps even payment for service rendered) to hack a specific system or sub-system and to provide information regarding security flaws to the owner thereof, that pre-authorised, contracted “White Hat Cracking” is indeed both a service to commissioning organisations as well as ethical.

On the other hand, it is proposed that any other form of hacking: grey, black or “hacktivism” is not only unethical but potentially illegal too, depending obviously on the jurisdiction.

If one considers the relatively benign definition of “hacktivism” proposed by TheHacktivist.com, as a recombinant initiative blossoming from the joining of hackers and activists in order to refine, modify and invent computer systems and networks, one may be easily mislead.

Grey hat cracking is often intended to identify security shortfalls in an organisation with the intent to elicit either monetary compensation (for identifying such shortfalls in the systems of an organisation) after-the-fact, or, to generate awareness of such system integrity violations not only for the purposes of preventing such shortfalls in the future but also to garner credit, kudos and recognition for the hackers efforts i.e. “ego-based hacking”.

Black hat cracking is usually malicious or at least mischievous in nature and as such is potentially even less ethical.

It is however necessary to concede that it is important to identify the motives of hackers and hacktivists, on a case by case basis, in order to establish the true intent of hacking initiatives before one can simply classify these as either unethical or illegal.

However, the question which one cannot escape is the following: “If hackers (for any unauthorised reason) attempt to access private property (in the form of a business’ or individuals systems) irrespective of intent (with or without causing direct or consequential damage as a result), are they not at the very least guilty of trespassing, perhaps even B&E?”

Computer professionals and their commercial colleagues should at the very minimum be aware of the potential benefits of controlled hacking as well as the benefits of authorised hacking initiatives initiated to verify the integrity of particularly mission-critical systems.  Indeed, one would further suggest that any form of hacktivism should be replaced by transparent, visible and legal methods of addressing problems posed by the use of the internet.

For example, hacking a spam server (simply because one can) lowers the computer programmer (professional or amateur) to the same level as the spammers and does not enhance the image of the industry whatsoever.  It would be preferable to follow legal and formal means to address the problem rather than making use of the “vigilante-style” internet behaviour facilitated through hacking in anything other than its highest and most benevolent forms…..