In general, hacking has always had negative connotations, but actually, ethical hackers are those computer programmers who use their skills in a constructive way to help government agencies or organizations protect network security and prevent any harm. In fact, ethical hackers are the ones who keep cybercriminals (aka crackers) in check. In today's world where technology is growing at rocket speed and so is cybercrime. In order to keep cybercrime under control, the role of ethical hackers has become very important.
There are three categories that hackers can be classified into:
- White Hats: They are the security professionals who use their skills to strengthen the network and protect it from bad guys. Commonly referred to as ethical hackers.
- Black Hats: They are the malicious hackers or crackers who use their skills for malicious purposes. You are the one the white hackers are protecting you from.
- Gray Hats: Depending on the situation, they become white hats or black hats. They are generally self-proclaimed ethical hackers.
Role of ethics in hacking
Ethics plays an important role in distinguishing computer crime from innocent activities. Hackers should always act professionally to stand out from cybercriminals. Some might even say how can hacking be ethical? But hacking becomes ethical in a sense as long as it makes organizations' computer systems impenetrable to crackers stealing unauthorized data for their own benefit. In this way, the weak points are revealed and the opportunity to improve the network system is given. But the issue of ethics is very sensitive. There is no so-called tradition of hacking ethics or code of honor. This vacuum creates external forces to determine how to respond when an ethical dilemma arises. So the wheels of justice can turn differently for different people. It can reward or punish the hacking efforts. The seemingly arbitrary range of results is somewhat dependent on the law, but is even more due to differing interpretations of ethical principles. These interpretations, in turn, depend on various beliefs about where the responsibility for discovering and reporting security vulnerabilities lies.
Determining liability is the most complex task here, since according to the liability principle, a manufacturer is responsible for the quality of the product, but this principle cannot be applied here, since software cannot be inherently dangerous and therefore cannot be tested all different ones Ways one program can work with thousands of other software products. It is therefore illogical to hold run-down software manufacturers liable in the same way that we hold run-down car manufacturers liable. In this sector, the competition is fierce, so the pressure to go to market is high, causing conflicts with the software testing process.
Evolution of ethical hacking
Hacking ethics have evolved over a long period of time. In its early days, a well-known manifesto called “ethics” encouraged the individual's right to pure, uninhibited freedom to hack. Of course, "freedom" meant different things to different hackers, and whatever the hackers saw fit, they did accordingly. Sometimes this freedom took the form of illegal activities. Fortunately, this hacking ethic was slowly beginning to change, or should we say the lack of it, and today the stage is set for hackers to assert their rights to self-regulate. To some extent, hackers have seized this opportunity to set guidelines for their most controversial hacking activities. Recent evidence suggests that hackers are beginning to take an interest in the way they are portrayed in the media and seek recognition for their contributions to the computing world. Predictably, however, the hackers' efforts to gain respectable status in the community have been an uphill battle. Nonetheless, hackers have started to organize and publicize their achievements, bringing their hacking activities into the mainstream by organizing conferences, etc.
An early attempt to provide a code of ethics was made by Levy, who repeatedly argues that a "hacker ethic" is responsible for finding and promoting the best and most efficient code for computer programs. He then promotes the somewhat anarchic "Hacker's Code of Ethics," claiming that access to systems should be "unlimited and complete." But encourages hackers to disregard established rules and laws. The ethical discussion advanced shortly after the 1980s, as hackers continued to assert their rights to unbridled system access. Written by a well-known hacker who goes by the alias "The Mentor," The Hacker Manifesto is a short essay that, like Levy's Code, is widely cited on the internet. The manifesto mimics Levy's Hacker's Code of Ethics by making no excuses and setting no boundaries. The new hacking guidelines provide structured guidance and provide reasonable dialogue between stakeholders. The discussions about the further development of a real hacker ethic are in full swing.
Why is ethical hacking legal?
To solve this network security problem, governments and business houses have started testing their security by having computer security personnel break into their computer systems. Here, these professions break into the system as a cracker would, but do not damage the system or steal information, but rather report the loopholes and vulnerabilities of the existing system. So ethical hacking is legal as it is done with the owner's permission to discover weaknesses in the system and suggest ways to improve it. It is part of an information risk management program that enables security to be improved. There are many certified courses that are also taught by various institutions on ethical hacking.
As computers have become a new tool to conduct both business and crime, the two worlds of information technology and the legal system have had to independently converge and meet at a point referred to as cyber law. The Information and Technology Act, 2000 (IT Act) covers all types of cybercrime committed in the country, including hacking, which is provided for in Sections 43 and 66. But in 2008, the word "hacker" was removed because ethical hacking is considered legal. Now all government agencies, private information security organizations and law enforcement professionals are constantly updating laws and technology to counter every new and emerging form of contract. Section 43a of the IT Act deals with the civil liability of cyber offenders. The section deals with the compensation that should be paid for the failure of datum protection. The criminal liability of cracking arises when the cracker's intent or liability is found to damage the system or steal vital information. If the cracker enters the system without intent to cause harm, only one form of civil liability remains under Section 43A. The criminal transgression can also lead to other criminal activities punishable under the Indian Penal Code such as: B. Cyber theft, which is punishable under Section 378 of the Indian Penal Code.
Ethical hacking is legal and there is no controversy about it, but it is very difficult to teach ethical hacking as a course because no one can be so sure with what intention the students are studying the course and their purpose is only served by the cyber distinguish criminals.
1.5 Conclusion
Technological progress is essential for human development, but it should be regulated or it will become a bane in no time. Ethical hacking is a relative problem and staying within bounds is up to individual interpretation, making regulation very complex. There needs to be more awareness of hacking and cracking in the country. The laws made by the government are strict, but lack a bit of enforceability and awareness in society. Most minor hacking cases go unnoticed because people refrain from reporting petty crimes, even when there are harsh penalties. Also, due to the lack of equipment, it is very difficult to track a virtual hacker. Since hacking can happen anywhere in the world, it becomes difficult for the police to track him down and punish him in another country. The punishment can also be a bit harsher to prevent people from indulging in such acts.
References and Quotations
- Danish Jamil and Muhammad Numan Ali Khan, "Is Ethical Hacking Ethical?", International Journal of Engineering Science and Technology (IJEST) Vol. 3 No. 5 May 2011 p. 3758.
- Gabriella Coleman and Alex Golub, Hacker Practice: Moral Genres and the Cultural Articulation of Liberalism, Anthropological Theory 2008 8 p. 255.
- Tom Forester I and Perry Morrison, Computer Ethics: Warningary Tales and Ethical Dilemmas in Computing, Spring 1991, Vol. 4, p. 193.
- Ryan, Patrick S., „Krieg, Frieden oder Patt: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics“. Virginia Journal of Law & Technology, Bd. 9, Nr. 7, Sommer 2004.
- Amit Nair“, Be the one: The Great Ethical Hacking Guide“, F&E, verfügbar unter:http://bedaone.blogspot.in/p/chapter-1-introduction-to-ethical.html.
- Michael E. Whitman, Herbert J. Mattord, Readings & Cases in Information Security: Law & Ethics, Kurstechnologie Cengage Learning, 2011 (Hrsg.).
Contributed by:
Kritika Jain, Legal Intern at Legal Desire
FAQs
What is the legality of ethical hacking? ›
So, is ethical hacking legal? Yes, It is legal as long as it is done with the owner's permission to find loopholes in the system and offer solutions to improve it. Also, it protects the system from further damage caused by the hacker. Various institutions provide many accredited hacking courses.
How many steps are there the legality of ethical hacking? ›There are mainly 5 phases in hacking. Not necessarily a hacker has to follow these 5 steps in a sequential manner. It's a stepwise process and when followed yields a better result.
What is ethical hacking Short answer? ›Definition. Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.
Can hacking be legal? ›Hacking for fun – Most hackers love what they do, it is a passion as much as a job. However, conducting hacking activity against a company or a person without their permission is viewed as an offence under the Computer Misuse Act 1990 “unauthorised access to computer material”.
Do ethical hackers need permission? ›An ethical hacker must seek authorization from the organization that owns the system. Hackers should obtain complete approval before performing any security assessment on the system or network. Determine the scope of their assessment and make known their plan to the organization.
Is all hacking is unethical and illegal? ›A hacker can be designated unethical, illegal or even morally based solely on whether the hacker has permission to enter a system or not. Hackers who work on behalf of businesses can use their expertise and skill to find the holes that can be exploited by their malicious counterparts.
Which is the legal form of hacking? ›Which is the legal form of hacking based on which jobs are provided in IT industries and firms? Explanation: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing penetration tests and identifying potential threats in any organizations and firms.
What are the 5 types of ethical hacking? ›- Black-box Testing. ...
- White-box Testing. ...
- Gray-box Testing. ...
- Web Application Hacking. ...
- Hacking Wireless Networks. ...
- Social engineering. ...
- System hacking. ...
- Web server hacking.
Hack Etiquette
Be Safe – Your safety, the safety of others, and the safety of anyone you hack should never be compromised. Be Subtle – Leave no evidence that you were ever there. Leave things as you found them – or better. If you find something broken call F-IXIT.
The goal of ethical hacking is not to cause damage or steal data like a malicious hacker would but to test the security of a system, network, or application. Ethical hackers use the same tools and techniques as malicious hackers, including social engineering, password cracking, and port scanning.
What is ethical hacking with example? ›
Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system or data. Ethical hacking is used to improve the security of the systems and networks by fixing the vulnerability found while testing.
Why is ethical hacking necessary? ›The primary benefit of ethical hacking is to prevent data from being stolen and misused by malicious attackers, as well as: Discovering vulnerabilities from an attacker's POV so that weak points can be fixed. Implementing a secure network that prevents security breaches.
What are the legal consequences of hacking? ›The law punishes hacking under the computer crime statutes. These crimes carry penalties ranging from a class B misdemeanor (punishable by up to six months in prison, a fine of up to $1,000, or both) to a class B felony (punishable by up to 20 years in prison, a fine of up to $15,000, or both).
Under which question hacking is illegal? ›Section 66 of the IT Act deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system.
Can you go to jail for being a hacker? ›Computer hacking is illegal in California. Hacking (or more formally, “unauthorized computer access”) is defined in California law as knowingly accessing any computer, computer system or network without permission. It's usually a misdemeanor, punishable by up to a year in county jail.
Is hacking illegal in the US? ›In 1986, Congress passed the Computer Fraud and Abuse Act (CFAA), now codified under Title 18 U.S. Code § 1030. This law makes it a federal crime to gain unauthorized access to “protected” computers (otherwise known as “hacking”) with the intent to defraud or do damage.
Why hacking is considered a crime? ›Hacking is a considerable crime when it affects others through loss of information, privacy problems or monetary impact. The state or federal agency involved in the case may consider the matter a computer crime such as computer fraud or cyberterrorism.
Which hackers are considered legal in cyber security? ›White Hat Hacker
They also hack the system, but they can only hack the system that they have permission to hack in order to test the security of the system. They focus on security and protecting IT system. White hat hacking is legal.
1) Thou shalt not use a computer to harm other people: 2) Thou shalt not interfere with other people's computer work: 3) Thou shalt not snoop around in other people's files: 4) Thou shalt not use a computer to steal: 5) Thou shalt not use a computer to bear false witness: 6) Thou shalt not use or copy software for ...
Who is No 1 ethical hacker in world? ›| Kevin Mitnick | |
|---|---|
| Other names | The Condor, The Darkside Hacker |
| Occupations | Information technology consultant Author |
| Organization(s) | Mitnick Security Consulting Chief Hacking Officer at KnowBe4, Inc |
| Board member of | KnowBe4 |
What methods do ethical hackers use? ›
- Phishing.
- Sniffing.
- Social Engineering.
- Footprinting.
- SQL injection.
- Enumeration.
- Ettercap.
- Netsparker.
The Hacker Ethic states two basic principles: Do no damage. Make no one pay for your actions.
What is the 1st rule of hacking? ›Rule #1: Fear not! Ignorance is bliss, anything worth doing is worth doing wrong, and two wrongs can make a right. Rule #2: Don't take apart anything that plugs directly into the wall.
What is the most common hacking technique? ›Phishing is the most common hacking technique. All of our inboxes and text messaging apps are filled with phishing messages daily.
What is an ethical hackers biggest challenge? ›Over-reliance on automated tools
If your ethical hacker relies heavily upon software tools such as vulnerabilities scanning engines then you will be unlikely to gain significant value from the ethical hacking engagement.
Ethical hackers may add a malicious code into the computer system. Some ethical hackers are untrustworthy and might at one point add a malicious code, virus or malware into an organizations computer system.
What is the difference between ethical hacking and cyber security? ›Well, Ethical Hacking is done by 'ethical' hackers who are legitimate or legal hackers, and their job is to do hacking with the permission of the owner and provide a report about the hack. Whereas, Cyber Security is managed by Cyber Security experts whose main goal is to defend the system from malicious activities.
What are the 3 types of hacking? ›Hackers fall into three general categories: black hat hackers, white hat hackers, and gray hat hackers. Although hackers are often associated with exploiting vulnerabilities to gain unauthorized access to computers, systems, or networks, not all hacking is malicious or illegal.
What is the difference between hacking and ethical hacking? ›The intention behind hacking may or may not be malicious, but that's what is commonly meant by hacking, also called unethical hacking or cracking. On the other hand, when hacking is done with the intention of improving the security of a network or protecting against cyberattacks, it is called ethical hacking.
Which is the best ethical hacking? ›- Mark Abene. Mark Abene, formerly of the hacker organizations Legion of Doom and Masters of Deception, now goes by the moniker Phiber Optik. ...
- Johan Helsingius. ...
- Linus Torvalds. ...
- Kevin Mitnick. ...
- Robert Morris. ...
- Charlie Miller. ...
- Greg Hoglund. ...
- Tsutomu Shimomura.
What are the benefits of hacking? ›
- To recover lost information, especially in case you lost your password.
- To perform penetration testing to strengthen computer and network security.
- To put adequate preventative measures in place to prevent security breaches.
Consequently, most people think of hacking as a crime, but the truth is hacking can legally be a great asset. Ethical hackers, also known as white hats, use their skills to secure and improve technology. They provide essential services to prevent possible security breaches by identifying vulnerabilities.
What are legal consequences of unethical hacking? ›the commission of an indictable offence (maximum 7 years' imprisonment under NSW Crimes Act section 192K; maximum 3 years' imprisonment under Commonwealth Criminal Code section 372.2).
Is hacking a computer illegal and punishable by law? ›Section 66 – Hacking with computer systems or unauthorised usage of computer system and network. Punishment if found guilty can be imprisonment up to three years and/or a fine of up to Rs 5 lakh.
What is illegal vs legal hacking? ›Hacking is broadly defined as the act of breaking into a computer system. Hacking is not always a crime, however. In "ethical hacking," for example, a hacker is legally permitted to exploit security networks. In other words, the hacker has the appropriate consent or authorization to do what they are doing.
Is ethical hacking the same as illegal hacking? ›While hacking is illegal, ethical hacking is a legal method of breaching a security system to detect potential security threats.
What are ethical hackers not allowed to do? ›Ethical hackers can't work without permission—they need your green light before penetrating your computer system to find weaknesses. They can't steal data or sabotage you in any way—they're just supposed to test your security.
At what point does hacking become illegal? ›Is Hacking Illegal? Any time a person hacks into a computer without permission, a crime is committed—even if the person doesn't steal information or damage the system. Hacking crimes can be prosecuted in state or federal court, likely for one of the crimes listed above.
Can the police stop hackers? ›You could try calling the FBI, but while federal law enforcement officials may have the skills to respond, they do not have the resources or the jurisdiction to handle small-scale crimes. Unless a very large sum of money has been stolen, you are going to be left to deal with this situation on your own.
Can I report a hacker to the FBI? ›If you believe you're a victim of internet fraud or cybercrime, report it to the Internet Crime Complaint Center (IC3). Or, you can use the FBI's online tips form. Your complaint will be forwarded to federal, state, local, or international law enforcement. You will also need to contact your credit card company.
How much does a hacker make an hour? ›
| Percentile | Hourly Pay Rate | Location |
|---|---|---|
| 25th Percentile Ethical Hacker Salary | $45 | US |
| 50th Percentile Ethical Hacker Salary | $51 | US |
| 75th Percentile Ethical Hacker Salary | $58 | US |
| 90th Percentile Ethical Hacker Salary | $65 | US |
Computer Fraud and Abuse Act. In 1986, Congress passed the Computer Fraud and Abuse Act (CFAA), now codified under Title 18 U.S. Code § 1030. This law makes it a federal crime to gain unauthorized access to “protected” computers (otherwise known as “hacking”) with the intent to defraud or do damage.
What are legal hackers called? ›White hat hackers are ethical security hackers who identify and fix vulnerabilities. Hacking into systems with the permission of the organizations they hack into, white hat hackers try to uncover system weaknesses in order to fix them and help strengthen a system's overall security.