One of the ethical issues that comes into play with cybercrime is “ethical hacking.” “Ethical hackers,” or “white hat hackers” are those who try to compromise computer systems for the sake of informing the content owner so they can fix the problem. Some security professionals do this for a living, so there is no ethical issue, since the target company is aware of and is paying for this service.
On the other hand, some security enthusiasts are freelancing white hat hackers. These people penetrate software and websites and publish the problem and sometimes the solutions to the problems. Sometimes these white hat hackers send this information privately to the creator, and sometimes they publish the hack publicly. Software companies and website owners are often upset about people penetrating their systems, no matter what their intentions.
Is it okay to hack a website for the purpose of helping the owner? Can the case be made that the security hole would not be exposed without being hacked? Is it possible to stop white hat hacking?
Sometimes the motivations of hackers play into how hacking is viewed in the ethical realm. When hackers attack something for some type of gain, monetary or otherwise, that would come at the cost of the targeted system, they are often looked down upon – there is not really an ethical ground to stand on in this case. But when hackers break into systems for fun, or to better their own skills and learn more about security, there is an ethical gray area. Motivation definitely affects how hackers and their actions are viewed by others, but does motivation play a part in the ethics of the action?
Hacktivism is exactly what it sounds like: hacking + activism, using computers and the Internet to promote a political or social cause. Obviously, some types of hacktivism are illegal, like breaking into proprietary systems or stealing information. Some types of hacktivism are legal, like website parodies. One of the most common types of hacktivism is a denial of service attack. This attack involves sending large amount of traffic to a certain website until it reaches its limit and crashes. More recently, DoS attacks have been done in a distributed manner, so that traffic comes from hundreds or thousands of nodes around the world. This makes the source of attacks much harder to trace. DoS attacks are illegal under US law, but very hard to enforce.
Hacktivism is in an ethical grey area. Some claim that hacktivist activities are protected under free speech. If you think about it, a Denial of Service attack is just accessing a website at a larger scale and an accelerated rate. There is no hacking or penetration of systems. Today, the Internet is the primary medium for our communication, and grassroots movements are using it as such. Is it ethically acceptable for social causes to use hacktivist techniques to further their opinion? Where should the line be set? How do we balance free speech rights and still protect corporations and individuals from too much hacktivist harm?