When we hear the word hacker we think of a person who has gained access to a system they do not have permission to access. “The first generation of hackers who emerged in the 1960s was individuals who would be called technology enthusiasts today. These early hackers would go on to create the foundation for technologies and the Internet such as the ARPANET” (Oriyano and Michael 2). They also initiated many early software development movements that led to what is known today as open source. Hacking was motivated by intellectual curiosity; causing damage or stealing information was against the rules for this small number of people. In the 1980s, hackers started gaining more of the negative connotations by which the public now identifies them. Movies such as War Games and media attention started altering the image of a hacker from a technology enthusiast to a computer criminal (“Hacking History”).
During this time period, hackers engaged in activities such as theft of service by breaking into phone systems to make free phone calls. In many respects, the 1980s formed the basis for what a hacker is today. “Over the past two decades, the definition of what a hacker is has evolved dramatically from what was accepted in the 1980s and even the 1990s” (Oriyano and Michael 3). A hacker has become such a universal term. However, there are experience hackers who never break the law, and who define hacking as producing an outcome the system designer never anticipated. Some acts with good intentions, others with bad intentions, and yet others with a mixture of both. No matter what the intentions were, the outcomes of their actions affected the world in some way. When popular organizations such as Microsoft and Apple were founded, they open a new and free attitude towards software development evolved (“Hacking History”).
However the good came along with the bad. Some hackers were more interested in their own personal gain and strived to circumvent security measures that existed. This paper details the notable groups of hackers such as the white hat, black hat and Grey hat hackers, and their effect of hacking on society, as well as the ethical evaluation from Kantianism and Utilitarianism ethical theories point of view. A hacker can in fact be a person who acts in a legal or illegal way. According to Sean-Philip Oriyano and Michael Gregg in their book Hacker Techniques, there are four groups of hackers exist and they are Script Kiddies, White Hat hackers, Black Hat hackers and Grey Hat hackers.
Script kiddies: “These hackers occupy the lowest level of the hacker hierarchy. They typically possess very basic skills and rely upon existing tools that they can locate on the Internet” (Oriyano and Michael 3). These hackers are the beginners and may or may not understand the impact of their actions in the larger scheme of things. It is important, however, not to underestimate the damage these individuals can cause; they can still do a great deal of harm. -White Hat hackers: “a white hat hacker is someone who has non malicious intent whenever he breaks into security systems” (Hackers Types).
In fact, a large number of white hat hackers are security developers or experts themselves who want to push the boundaries of their own IT security to test out how vulnerable or impenetrable their current system is. These individuals know how hacking works and the danger it poses, but use their skills for good. They adhere to an ethic of do no harm. “White hat hackers are sometimes also referred to as ethical hackers, which is the name most widely known by the general public” (Hackers Types). These include members of the open source and free software movement as well as home computer hobbyists. White Hat hackers do not participate in illegal activities.
-Black hat hackers: also known as a cracker is the type of hacker that has malicious intent whenever he goes about breaking into computer security systems with the use of technology such as a network, phone system, or computer and without authorization. “A Black hat hacker has, through actions or stated intent, indicated that his or her hacking is designed to break the law, disrupt systems or businesses, or generate an illegal financial return” (Fear of a black hat 3). His malevolent purposes can range from all sorts cybercrimes such as piracy, identity theft, credit card fraud, vandalism, and so forth. He may or may not utilize questionable tactics such as deploying worms and malicious sites to meet his ends. Hackers in this class should be considered to be up to no good, as the saying goes. They may have an agenda or no agenda at all. In most cases, black hat hackers and outright criminal activity are not too far removed from one another (“The Various Types of Pirates”). Grey Hat hackers: “are hybrids of white and black hat hackers. They sometimes act legally with good intentions, while other times illegally for their own personal gain” (“Grey Hat Hacker Law”). A grey hat hacker is someone who exhibits traits from both white hats and black hats.
More to the point, this is the kind of hacker that isn’t a penetration tester but will go ahead and surf the Internet for vulnerable systems he could exploit. Like a white hat, he’ll inform the administrator of the website of the vulnerabilities he found after hacking through the site. Like a black hat, he will hack any site freely and without any prompting or authorization from owners whatsoever. He will even offer to repair the vulnerable site he exposed in the first place for a fee (“Grey Hat Hacker Law”). Based on Utilitarian theory, it must add up the positive and negative outcomes to determine whether hacking is a good action to take or not. Also, we must consider the probability of the outcome, the value of the outcome on each affected person, and the number of people affected.
Each type of hackers has a specific motivation and outcome for their action. Script kiddies they are running scripts or code against computers or networks and are hoping something will happen There are several reasons behind this. One is money or more likely is the fame they get amongst their peers. Script kiddies can cause a huge harm if they succeed Script kiddies can have a much greater capability to cause problems, and that could cause a loss of sensitive information or harm for a lot of affected people. Thus, Script kiddies’ hacking is wrong from Utilitarian perspective that can allow them escalated privileges or gain them access to something or somewhere they should not be. White hat hackers trying to break the security system to ensure that a malicious hacker could not exploit. They are reporting the problems instead of taking advantage of them. From the utilitarian point of view, white hat hackers are ethical hackers, they have the right motivating to prevent any danger that could happen to their security system.
Black hat hackers are breaking the computer systems for malicious reasons. They could hack bank accounts in order to make transferences to their own accounts, stealing information to be sold in the black market, or attacking the computer network of an organization for money. The black hackers are the only benefit from the hacking and it may cause a big lost for a company or individuals who have been hacked.
So Black hat hacking is wrong from Utilitarian perspective. Grey hat hackers use their skills in order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it or do harm for someone else. The moment they cross that boundary, they become black hackers. They act in good will, in the same time they get benefits from reporting security holes or weaknesses in the system, and offering to repair what he exposed in the first place for a fee. Grey hat hackers are helping the companies and other community to improve their computer security systems, so Grey hat hacking is an ethical action from Utilitarian perspective.
The Kantian analysis of any type of hacker would focus on the principle that the will of each hacker should be reflected on that hacking rather than the results of the action. Script kiddies usually have very limited computer skills and can be quite immature. They are maybe trying to obtain attention or learning intention or just for fun, so according to the Kantianism theory Script kiddies hackers are doing nothing wrong because they don’t have the will to hurt others. The White hat hackers use the programming skills to determine vulnerabilities in computer systems. They try to hack the system in order to improve it, based on Kantianism theory that is an ethical action to do. While the Black hat hackers are exploiting these vulnerabilities for mischief or personal gain. Black hats fit the widely held stereotype that hackers are criminals performing illegal activities for personal gain and attacking others. They are the computer criminals. On Kantianism point of view, Black hat hacking is wrong. A Gray hat hacker doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
For example, A White hat hacker would ask for permission before testing the system’s security and alert the organization after compromising it. A Black hat hacker would compromise a computer system, without permission, stealing the data inside for their own personal gain or vandalizing the system. A Gray hat hacker might attempt to compromise a computer system, without permission, informing the organization after the fact and allowing them to fix the problem. Based on Kantianism theory, Grey hat hackers doing the right thing because they are acting in good will. There are consequences for illegal hacking actions. Under U.S law, the maximum penalties for hacking are sever. The computer fraud and abuse act criminalize a wide variety of hacking related activities such as accessing without authorization, transmitting classified government information, trafficking in computer passwords and computer fraud.
“The maximum penalty imposed for violating the computer fraud and abuse act is 20 years in prison and a $250,000 fine” (Quninn 317). A good example of an ethical hacker is George Deglin, “he is a cofounder and lead programmer of Hiptic Games, and a security researcher for many companies. Deglin has been in the news previously for discovering various security holes between Yelp and Facebook that put user data at risk” (Haley). He always likes to check and see if there is any new update on Facebook. One day, Deglin was looking for what’s new on Facebook, as far as vulnerabilities, and that’s his window of opportunity to find security holes. In this case, he saw; in their documentation they had a new website where they put up some samples. He went to it, and it was clearly a Facebook website, but it’s also clearly not managed by the same people who design the normal Facebook.com experience.
On this web hosting space, they put up a bunch of sample code and little testing things that they were doing. “The team was working in this web hosting space; they probably had a lot of new members, who were learning about Facebook’s API” (Haley). One of the things that they had uploaded to this server was a zip file containing some sample source code. The team had uploaded a zip file to the website.
Deglin found the path for the zip file and downloaded it. One of the files contained several user names and passwords, one of them worked as an administrative login to the server itself. Delgin got access to the database of several Facebook employees and developers. So it is possible that he would have been able to see private data that he wasn’t supposed to be able to see. Also, he could change all the code so that all the developers who were working with this website could see something else. He essentially had the ability to take complete control over a website that Facebook owned and where they sent developers to look at stuff. But he decided to report that to Facebook because he thought it’s unethical to go farther and its crime too; he wanted to give them the opportunity to see it as soon as possible so that they can fix it and nobody malicious can find it. “Facebook has a website where security researchers, or anyone who finds vulnerabilities, can submit reports of security holes that they’ve found” (Haley). They also award a cash prize depending on the scenario.
So immediately after he found it, he submitted it. Usually it takes them a couple of days to respond. This time, they responded to it within a couple of hours. They fixed it overnight, and then, they sent him an e-mail saying it was fixed, also saying that they’d pay him a few thousand dollars for finding it (Haley).
Deglin is an example of Grey Hat hackers, who was looking for security holes and he found a way to hack the website that has important information for the Facebook company. However, he didn’t get any advantage of that security defect, because he thought that is unethical and illegal action to take. Based on the Kantianism analysis theory Deglin did the right thing, he had a good will when he hacked the website, he wanted to discover the new Facebook update, but he found a security weakness and that ended him hacking the website. From a utilitarian perspective, must add up the positive and negative outcomes to determine Deglin action. When he decided to report the security hole to Facebook (positive action), he didn’t want to harm anyone or to get a personal gain from that information. Also, the company awarded him a couple of thousands (benefit), so Deglin did the right action because he didn’t harm anyone.
Hackers have been responsible for both good and bad incidents in society. “As a result of White Hat hackers we have foundations such as the Free Software Foundation that have made it possible for computer users to use, study, copy, modify, and redistribute computer programs freely” (Cecil 5). Grey Hat hackers have also had positive effects on society by working to find vulnerabilities in popular software products with the intentions of notifying the creators so they can fix the problems before a Black Hat hacker can come along and exploit the flaw. However, during the prime time of hacking in the mid 90’s Black Hat hackers caused all sorts of harm. “The NY Times reported that in 1997, there were more than 1900 hacker websites and more than 30 hacker publications.
In 1998, 418 cases were given to federal prosecutors. That was 43% more than the previous year” (Cecil 5). In the first and second quarter of 1999, businesses were said to have lost $7.6 billion as a result of viruses. Also in 1999, corporations spent $7.1 billion on security and were estimated to spend a total of $17 billion in a matter of four years. Over 1400 web hacks were reported as of July 1999. One can assume that from 1999 to 2007, these numbers have more than doubled. Big businesses are not the only ones that feel the wrath of Black Hat hacking. Anyone who uses a computer suffers from their works. Hackers use mechanisms such as social engineering and phishing to gather personal information from unknowing victims in an effort further their control.
“According to Javelin Strategy and Research, in 2005 11.6% of all identity thefts were obtained through online means. Based on the latest 2007 data, the average fraud amount per victim was $5, 720 and the average resolution time was 25 hours” (Cecil 5). Computer users also spend time and resources dealing with SPAM. In 1996, a user received an average 2,200 SPAM messages a year, and spent an average of four to five seconds on each message. “28% of the people responded to a SPAM message and 8% of people purchased a product. Time and money spent on SPAM is an ever increasing number, in 2007 alone, the amount of SPAM is estimated to increase by 63%” (Cecil 5). I think everything in the world has its good side as well as bad side, and hacking is not an exception.
There is no way for us stop unethical hackers doing bad things, but as a future computer engineer, we can always choose to stand on the good side. There are numerous hacking organizations, and publications throughout the world. The White, Black and Grey hackers are some more groups that have had a significant impact on hacker society, and continue to influence the ideologies of new hackers that are entering the marketplace. Many popular software applications such as Microsoft, Linux, and the GNU project may not exist without the achievements of the open source and free software hacking group. Black Hat hackers as a group have cost society billions of dollars and have resulted in an undetermined number of hours in time fixing the problems that have resulted from the hacker’s actions.
