Academic journal article Journal of International Technology and Information Management

The "Ethics" of Teaching Ethical Hacking

Academic journal article Journal of International Technology and Information Management

The "Ethics" of Teaching Ethical Hacking

Article excerpt

INTRODUCTION

Hacking grew out of a tradition of mutual cooperation among software developers to create software projects that were innovative, aesthetic and included some form of technical virtuosity (Levy, 1994). As computer communications became pervasive with the rise of the Internet the term hacker was also used to describe the process of exploring and experimenting with computer networks (Sterling, 1993). However, as commercialized use of software and computer networks grew they became property with putative boundaries and crossing these boundaries became criminalized. For the purpose of this paper the terms white-hat and black-hat hacker will be used. A white-hat hacker is defined as a hacker who is committed to full compliance with legal and regulatory statutes as well as published ethical frameworks that apply to the task at hand. A black-hat hacker then is a hacker who either ignores or intentionally defies legal or regulatory statutes with presumably little interest in ethical frameworks.

In academic programs the open use of software and networks are often encouraged and even required as students work to fulfill course requirements. Students then find themselves working in partnership with other students on shared projects in much the same manner as early hackers. However, at other times the sharing of code and systems is not allowed. Students are typically informed when resources can be shared and when they cannot with little demand for students to make decisions about whether or not it is appropriate to share information or access other's systems. It is unclear that academic training environments provide students with an environment where they gain experience applying ethical practices. This paper stems from a discussion of whether students are being offered appropriate supports and experiences to help them make informed ethical decisions when applying information security training. Student expulsions and convictions for hacking activities are on the rise and indicate that more needs to be done to protect students (Cox, 2013; Schwartz, 2012).

ETHICAL HACKING

Courses teaching ethical hacking have been gaining popularity over the past decade with a growing number of schools getting involved. Curriculum related to such courses typically includes related training in ethics and law as well as a call for professors to model appropriate behavior with respect to ethical hacking. Risks related to teaching such classes is often addressed by noting that "... students who learn traditionally illegal computing skills in the course of studying computer security will use those skills for the greater good far more often than they will use them illegally or immorally (Pashel, 2007, p. 199)." When focusing on protecting society from the illegal actions of students than this answer is perhaps adequate, however, it is important to note that teaching hacking creates two separate risks. There is a risk to society if a student misuses the skills they are taught in addition to the risk to students in the program who may be drawn into illegal activity through the training received.

Protecting students is particularly important as they are often unaware of the seriousness of their actions with respect to hacking. A recent study revealed that both white-hat and black-hat hackers understand the consequences of illegal hacking, however, college students do not. The study notes, "Hackers are keenly aware that if one were caught engaging in illegal hacking activities, his/her life would be seriously disrupted. This shows the success of the United States government in communicating the seriousness of engaging in illegal hacking activities to the hacker community. Meanwhile, the college student population is not getting the same message (Young, Zhang, & Prybutok, 2007, p. 285)." There is also a significant concern as to whether students gain the experiences they need to understand how to

effectively apply the ethics training that is part of ethical hacking programs. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.