The use of hacking to identify weaknesses in computer security has become an increasingly controversial issue in recent years. Awareness of this issue is important, because our ever increasing reliance on technology means that breaches in computer security have the potential to have wide-ranging and devastating consequences to society, worldwide. This essay will begin by clearly defining the term ‘hacking’ and will examine the type of people who hack and for what reasons. There will then follow a discussion of the moral argument on hacking before examining a few brief examples. The essay will then conclude by arguing against the use of hacking as a means of identifying weaknesses in computer security.
What is it to ‘hack’?
Hacking has two primary definitions; the first refers to the enthusiastic and skilful use of computers to solve problems (Techterms, 2013); the second, to “gain unauthorized access to data in a system or computer” (Oxford Dictionaries, 2013). In the context of this essay the second definition is more appropriate and will be the meaning inferred throughout. This definition also more closely aligns with legal terminology used in the UK when describing the hacking of computers. The Computer Misuse Act (1990) introduced three criminal offenses:
1. Unauthorised access to computer material.
2. Unauthorised access with intent to commit or facilitate commission of further offences.
3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
a. Making, supplying or obtaining articles for use in offence under section 1 or 3
The important phrase to draw from both the dictionary and legal definitions is ‘unauthorised access.’ This will be useful for helping to determine whether the actions of those who hack are really hacking or can be described better by other terminology. This essay will also discuss the issues of hacking from a UK legal perspective.
Who hacks and why?
Those who hack can be split into three generic groups: ‘Black Hat’, ‘White Hats’ and ‘Grey Hats’.
Black Hats gain unauthorised access to computer systems and networks for malicious purposes. They exploit security weaknesses to promote their own interests, be that for criminal purposes (e.g. theft of data, blackmail etc) or simply to increase their reputation within the hacker community. They do not care about the impact they have on others and have complete disregard for the law (Rouse M. , 2007).
White Hats, or ‘ethical hackers’, work with companies to find flaws in their computer security. This is done with authorisation and often underpinned by a legally binding contract. The White Hat does not publicise security flaws until after they have been patched and is not motivated by person gain (Rouse M. , 2007).
As may be imagined, a Grey Hat is a mixture of a White and Black Hat. They will typically gain unauthorised access to systems and networks to find flaws in the security...