Computer Hacking: The Ethical Objections and Reasoning

Hacker is a term that has continually changed since the start of computing. Hacker was first coined as a term to describe that of a clever or proficient programmer. Hackers are now more commonly referred to as people that can gain unauthorized access to a variety of electronic devices. Where the term hacker is generally split into two different categories. The “white hat” and “black hat”. White hats are known to use their knowledge on hacking to subvert criminal activity while also assisting in improving an employer’s cyberspace or discover vulnerabilities within the employer’s security. White hats as well proceed to do “penetration testing” in which is testing that looks for security flaws to exploit. Black hats are conceived with the more stereotypical usage of the word hacker, a person or group that maliciously break into computer systems without prior permission and steal or alter data. Furthermore the appearance of another category being the gray hat, where they gain unauthorized access to computing resources, however, for the purpose of helping companies and organizations in identifying and resolving security issues. Their purpose unlike black hats is not malevolent but are gaining unauthorized access to these computing resources, operating right in the grey area hacking. Security is a key component in software quality assurance, with the chances of hackers bypassing your security, the need for proper surveillance is key. The main focus of this paper is to address the question on should hacking skills be taught to students? I will be addressing this question by first the ethics of hacking, then determining the benefits of hacking, and finally the arguments against teaching hacking.

Summarizing (Falk) She examines the ethical objections to all categories of hackers. Using these three ethical theories: Kantianism, utilitarianism, and Aristotle's virtue ethics. Starting with Kantianism where the establishment of personal rules for self-conduct that are mostly appreciated by other individuals, his categorical imperative in which explores the motives for actions, whether they be deemed good or ill. Being the basis for general judgement, it is to be assumed that the black hat hackers are the ones to be demonstrating ill and unethical behaviour. However, Kant would also consider the actions to be ethical that only being proven true if through malicious intent a hacker is thus slowing or weakening the advancement of what would conceived to be an enemy. Utilitarianism takes the outcomes of a behaviour or action simply asking whether or not this is maximizing pleasure while minimizing the pain. Where black hats in general seek to maximize the pain inflicted onto the company or organization affected, black hat hacking would be the only act of hacking that would be conceived as unethical by Utilitarianism.

Aristotle’s virtues asks a simple question which is whether or not the actor in question is practicing their virtues, which would also be presented as talents or skills in order to perform a morally right action. White hats as well as gray hats both have the belief that the actions that they take are morally correct, but for gray hats the organization that they exploited may or may not feel the same way that the gray hat does. Also alluding to this ethical theory black hats also may feel as if the actions that they are doing are morally right, especially if the circumstance is to impede unto an “enemy”. (Falk) further argues gray hats are simply black hat hackers in a morally ambiguous state. Recommending that “gray hacking is a morally wrong action and as such should be neither condoned by administrators, managers, or other personnel, nor practiced by well-meaning computer professionals.” (Falk) Since these hacking techniques shouldn’t be practiced it arises that hacking shouldn’t be taught in general.

Additionally many practitioners argue for benefits that stem from the inclusion of hacking in educational programs. Insufficient attention paid to cyber security is a major risk internationally, nationally, to businesses and to individuals. (Fourie et al.) As the internet continues to expand exponentially day by day and technology is increasingly ingrained into our daily lives, the risks of cyber attacks increase as well. Where if allowed to, hackers will continue to develop and evolve the methods in which will be used to penetrate defensive efforts. This looming threat evokes fear unto the management teams for organizations and companies. Without proper teaching of handling cyber attacks the question stands: How would a company effectively defend against a cyber attack when their staff know little to nothing about hacking? I assume that anything of theirs would be up for the taking.

The priority of cybersecurity within America has begun to take place, where the job market that requires security professionals is booming. “According to the Bureau of Labor Statistics, the rate of growth for jobs in information security is projected at 37% from 2012–2022—that’s much faster than the average for all other occupations.” (O'Hara) Naturally universities will seek ways in order to make cybersecurity education more effective and give more funding towards cybersecurity classes. (Pike) had interviewed 206 professionals within the cyber security field. Where he asks for guidance in creating ethical hacking educational programs. Where all 206 individuals that were questioned supported ethical hacking be included within cybersecurity courses at the university level. Most interviewees as well offering ways in which would further protect students. Identifying several factors that would lead towards the success of these programs. Four categories being recommended by 80 or more respondents being social interactions with various other white-hat hacker groups and industry professionals, ensurance of each individual as well as group be given the recognition desired, competition amongst one another with ethical reasoning, and skill development. Then 3 more categories that were recommended by about 22 or more participants those being. interaction with cybersecurity-related law enforcement, cybersecurity internships and student attendees at meetings and conferences of professional cybersecurity organizations. Giovanni Vigna a computer science professor comments that not teaching students hacking skills is “not a very smart option because the bad guys are going to develop them anyway.” He added, “The key is to make the students understand what are the lines that cannot be crossed.” So he integrates into his courses on offensive cyber “a very substantial chapter on ethical issues.” (Nakashima) As per each instructor different methods and teachings are used in order to integrate ethical reasoning with their education.

Notably hackers don’t always begin their career carrying out hacking with malicious intent, or trying to obtain a profit off or someone else’s personal information. (Xu, Hu, and Zhang) interviewed 6 black hat hackers that only started hacking due to rather innocent motives like wanting to know more about computers. Where each interviewee’s first hacking experience was something as simple as wanting to play games on the school computer when the access to the router was off. Then beginning to become more risque in their approach interests in stealing exams files from professors and creating hacking groups that were masked as clubs. The beginning of their hacking experience was fit with no ill intent but “since they were rarely caught and disciplined, they formed the moral value that as long as they do no harm to others, it is not wrong to benefit themselves.” (Xu, Hu, and Zhang)

Teaching hacking in schools allows for students to learn hacking skills that could very well access the secure networks that are within arms reach of them. Who are they to know better as they have not fully developed ethical reasoning, this leads to concern in which students will continually find themselves dealing with legal consequences even though the student themselves may not have ill intent. Where many of these students are simply just applying their technological skills unto the tools they have at their disposal. “I’m seeing a new incident reported about a public school at least every couple of days. Since I’ve been tracking from 2016 forward, I have identified nearly 600 incidents that have occurred of varying severity.” (Young)

Students perceive hacking in a variety of ways where students will hack just for fun or to gain personal benefits or to even just test oneself. An example that happened recently in Sept. 2019 a student that goes to high school in Lexington, Massachusetts started poking around in Blackboards systems. Eventually he managed to bypass the systems and gained access to millions of student information. In the end he addressed the issue with blackboard’s security to his school and then was reasonably punished. However, this started because he only simply wished to test his hacking ability, where his prior motive to wanting to be a hacker was that he thought it would be cool being like one of those hackers in the movies. (Young) Or another recent incident that high school students from the Pennsylvania district hacked into 12,000 records simply because they wanted to have an upper hand in a water gun fight. (Knowles)

The examples above show that these younger students don’t have the maturity or even ethical reasoning to be able to handle the ability to access secure and private networks. But these examples only provide for an even better reason to engage students into the practice of ethical reasoning with their interest in hacking. Where the increase in workforce for computer and cybersecurity professionals is on the rise, the potential risk of a cybersecurity breach increases. With both practical and ethical considerations that were explained within the paper suggesting that ethical hacking should be taught within school programs. The question that lingers is whether or not the teaching of hacking within schools will create many cybersecurity professionals that further protect networks and economies or will the school simply breed more people to become black hat hackers? Disregarding whether students are or are not taught hacking, Hackers will always exist. If not taught in schools, then all hackers will be self-taught in both skill and ability, then be less likely to invest into any time in ethics for cybersecurity. Hacking should be taught to students by universities and schools alike that have the material, instructors will be able to teach ethical hacking, pushing ethical practice and further reducing the likelihood that students will use their skills for ill intent. In essence hacking is an important and dangerous skill to know, and it should be taught to willing students. With in mind the teaching of hacking should be promoted with the practice of ethical reasoning.