Television and movies have convinced most people that hackers are malicious individuals whose motivations can be reduced to personal financial gain. These cybercriminals are not the only ones. There is a whole hacking community that wants to stop these criminals from obtaining what they want.
These are known as ethical hackers or white hats and play an important role in modern cybersecurity. These people have to tread a fine line between legal and illegal, righteous or not. A single mistake could lead to a bad reputation and even jail time. This is a terrible outcome for someone trying to make the internet safer. What are the ethics of hacking, you ask?
“The system owner must give permission for the computer expert to access a network.”
What is ethical hacking?
It is important to distinguish ethical hacking from immoral hacking. Margaret Rouse, a TechTarget contributor, says that although there is much debate about what actions are appropriate, the consensus is that the computer expert must have permission from the system’s owner to access a network or machine.
While a yes or a no answer is fairly straightforward in terms of permission, it can get complicated when trying to figure out the concept of ownership in a digital environment. You owned the tractor you bought years ago. You had the right to modify or improve your tractor in any way you chose. Manufacturers don’t want this to happen.
John Deere recently announced that farmers who use their tractor only had an “implied license for the lifetime of the vehicle to drive the vehicle” and not the right to own the machine. Kyle Wiens, a Wired contributor, says John Deere is trying to protect the software it has installed on its tractors. This means it is against hacking and modification. It remains to be seen if this will hold up, but it is a great example of how complicated ownership can be.
It is important for ethical hackers that they thoroughly investigate the company they are being contacted by and the rights of users on the organization’s network. While a business may own the computer that an employee uses every day, does it also own the user’s Facebook data? If he visited this site using the company’s machine, then yes. What about photos that are stored on the computer? This is a complex situation that requires both intense study and the ability to just go with your gut instincts.
It can be difficult to determine who owns a piece of data in an age of mass connectivity.
A common mistake people make when considering this type of hacking is to assume that any moral action is automatically legal or ethical. Justin Shafer’s recent events are a good example. Shafer, a Texas computer expert, is known for finding vulnerabilities in dental data management software. He contacted the appropriate authorities when he discovered a vulnerability in dental data management software.
Recently, however, Shafer was in trouble with the FBI for his actions regarding a File Transfer Protocol server owned by Patterson Dental. According to The Daily Dot, this company, which helps dentists manage their dental data through a platform called Eaglesoft had somehow allowed patient information to be accessed via an unsecured public server.
This vulnerability was discovered by Shafer while he was looking through Patterson Dental’s database credential security systems. He immediately tried to notify the company about it. Patterson Dental and FBI allege that Shafer violated Computer Fraud and Abuse Act. Both parties believe that Shafer “exceeded authorized accessibility,” which means that he was not granted permission to access the server the way he wanted.
Although he hasn’t been charged or convicted yet, this incident shows that a legal or ethical act doesn’t always have to be a moral one. Shafer was not trying to steal information or teach others how to access the server in a way that he did. He was simply trying to make sure that the 22,000 patients who were involved in this scandal didn’t have their private data stolen.
However, Shafer is not responsible for this. Patterson Dental is the owner of that server and can be very angry that someone outside accessed it without their consent. This will hopefully be a wakeup call for Patterson Dental to ensure patient data security. However, the fact is that a hacker can do something morally right and still violate the law. It’s a delicate line and one of the reasons ethical hackers make so much is because of the complexity of the matter.