From the early hacker culture that took its form and shape at the Massachusetts Institute of Technology (MIT) during the late 50s and early 60s to the present day groups of hackers, a lot has changed in the world of hacking in terms of ethics, motives, objectives, goals and incentives. Hacking, from what was considered to be a philosophy, a new way of life and a dream has now taken of a more derogatory form which feasts upon the exploitation of known and unknown vulnerabilities for illegal, unlawful financial, moral or political gains (http://en.wikipedia.org/wiki/Hackers:_Heroes_of_the_Computer_Revolution).
Lines have been drawn to differentiate the good from the bad from the ‘shady’ viz., White hat hackers, Black hat hackers and the Grey hat hackers that not only intends to define the nature of business of each but, also attempts to differentiate between the underlying ethics of these groups.
In their initial form, hackers were that breed of ‘intellectual’ people who believed in: free information, openness, the ability of computers for betterment of life, doing good for the community in general. Each of the so called sect of the hacking community was derived from the above mentioned principles and the manner in which they adopted these for either the good of the people or for their own benefits, molded their way into the current times thus making them either the Good, the Bad or the Ugly.
Building on these set of ideal or principles – whatever you may wish to call them – the white hat community came out to be the most ‘pious’ of them all, if I may, which took the initial principles of hacking and used them to bring about a positive change to the world of security. Through their ‘tinkering’ abilities, white hats ensured that they utilized their skills for the betterment of the software, hardware and the computing platform as a whole. Helping vendors fix flaws that were discovered by them rather than using those for unlawful gains is what made this community ethically noble.
White hats, by lawfully discovering a vulnerability and reporting it, not only benefit the vendor of the software, hardware, operating system, etc., they also help build a better and secure infrastructure for day to day users of those systems. Satisfaction of doing something good is one of the main ethics that drives the white hats.
Lately major internet corporations like Google (http://www.itproportal.com/2011/01/14/google-pays-out-14k-rewards-latest-chrome/), Facebook (http://www.itproportal.com/2012/01/05/facebooks-annual-hacker-cup-contest-kicks-off-end-january/) have started shelling out cash prizes for those who help them find vulnerabilities in their platforms. This proves that the ethics followed by the white hat community have been noticed and that co-ordinated disclosure, which ensures that openness of information is achieved, helps these companies stay on top of vulnerabilities which in turn will help the web user community better secure their platforms.
Collaboration is the key and information sharing is what the hackers believe in. White hats achieve these through working with their peers and with the industry to deliver the right information at the right time that proves to be beneficial for all. Coming soon -- how the white hats learn and develop their skills.
Hats off to the white hats!
Join us on Intersec to discuss the ethics of white hat hacking. What do you think? Follow this link.