The term Black Hat and White Hat is common parlance online. Adopted from the movies – who often put the good guys in white and the bad guys in black – the analogy is simple. But when it comes to hacking, can a hacker ever be seen in a white hat?
When criminals darken our door
Almost daily we hear in the news about talented teenagers who manage to exploit weaknesses in the computer systems and networks of large corporates. Their motivations range from financial gain to simply causing chaos. Attacks of this type are always “Black Hat”. Violating data protection laws and breaking through firewalls is classed as illegal.
But is it okay when hacking is well intended?
Individuals contracted to look for vulnerabilities in a system or those who find them accidentally are often referred to as “white hats” or “ethical hackers”. Ethical hacking is such a sought-after service, that many organisations will pay individuals for identifying and sharing these security vulnerabilities. But the phrase ethical hacking remains a contradiction in terms; you often need to break laws to do it.
At night all cats are grey
The ones in between include vigilantes such as “Hacktivists” or hobbyist hackers who hack to learn or for fun. Again, by the letter of the law what they are doing is illegal but if it is done with no malicious intent and results in no harm being done, or even improves the security, can it said to be ethical?
The idiom, “at night all cats are grey” can be traced back to the 1500’s. It relates perfectly to the conundrum of ethical hacking. According to the Oxford Living Dictionary the phrase can be defined as “The qualities that distinguish people from one another are obscured in some circumstances, and if they can’t be perceived they don’t matter.” If a person’s motivations for hacking are sound, and the results are to the greater good, then what does it matter that they break laws?
Perhaps we should put our law students in a room with our cyber security students and let them thrash out the ethics of hacking.