By Pooja Vedam
Imagine if anything and everything about you — your identity, email address, credit card information — was all stolen by a malevolent hacker. This idea of hacking, commonly publicized as being a malicious action, has been present for decades, ever since the explosion of technology has become more and more well-integrated into society.
However, as of late, there have been more talks about hacking for the greater good, a term now coined as ethical hacking. According to a Certified Ethical Hacking course led by the “International Council of Electronic Commerce Consultants,” an Ethical Hacker is a “skilled professional who … look[s] for weaknesses and vulnerabilities in target systems, … [like a] a malicious hacker, but in a lawful and legitimate manner”.
In more layman terms, ethical hacking employs the same methodology and techniques used by hackers but with a different purpose. Their intent is to mimic the behavior of a ill intentioned hacker in order to determine any possible faults in the system.
Many view ethical hacking as an appropriate way to test prominent companies’ systems — a kind of quality assurance for their software. However, is this idea also promoting the general idea of hacking itself and giving others a platform to hone their abilities? Is it also giving the impression that hacking as a whole is not entirely bad when used in an appropriate, secure, and good-intentioned way?
Senior Abhilasha Goel believes that there may be clear benefits for companies to allow this practice in common usage.
“It protects people’s data by identifying weaknesses before someone else could breach it and compromise people’s data,” Goel explains. “Companies also won’t face a huge [Public Relations] fallout because of being hacked.”
Many, such as Goel, believe in this ideal that ethical hacking can protect users’ data and prevent any situations from happening in the future which would be immensely devastating. These situations have the potential to destroy the customers’ faith in the company loyalty, as they would lose their trust and cease partnership with the companies.
(Flickr, Yuri Samoilov)
Ultimately, a major part of whether or not hacking is ethical relies on the methods used. These ethical hackers, also known as ‘white-hat hackers,’ complete their job using several different techniques, often ones that mimic those of actual ‘black-hat hackers’ who have bad intentions. According to Ian Sutherland, author of novel, Invasion of Privacy, there are a couple different methods that are commonly used — mainly social engineering and hacking through the business partners.
Sutherland defines social engineering to be essentially “logging into systems using someone else’s credentials, obtained using illicit methods.” This brings up the important question of whether through this method, the hackers, even ethical ones, gain access to information that they otherwise should never be exposed to. Much of this information could be incredibly confidential, so why is it okay when they are ‘white-hat’ hackers?
Another possible technique is focusing on hacking the weaker parts of the companies’ relationships — namely, the customers and clients. Through hacking these weak-links, they are later able to gain access to the more important parts of the company’s information through trickling up through the company.
Something relevant to mention is the significance of what other methods not mentioned that hackers could have used to help these companies. Even methods such as social engineering most likely involve breaking at least one law in order to gain this information, and it can easily give confidential information to people who shouldn’t have access to this.
Junior Sravya Gonaguntla, a current ‘Introduction to Java Programming’ student, has attended several hackathons and has experienced firsthand the process of hacking. The idea of “hacking is coined with a negative connotation [because] if people have access to ethical hacking, it’s not hard to gain access to something bigger that can harm the community as a whole,” Gonaguntla said. “Ethical hacking could lead to something worse if it gets in the wrong hands.”
As a result, we should never blindly practice giving out our information and full reign of the companies who are most at risk to these so-called ‘white-hat hackers’ who claim to be fully focused merely on the good of the company. Ulterior motives can easily play a part in this situation, so it’s impossible to tell how reliable these people are.
Even as mere MVHS students, attending Hackathons and viewing how coding and hacking works in real life, we should make sure to be aware of the implications and dangers of our work as well as our internal moral compass while practicing these activities.