ETHICAL HACKINGIS ALL HACKING CREATED EQUAL?

Craig RimandoLuke White

“hacking” - negative connotation

Not always that way Originally a compliment

Not all hacking necessarily bad “Good” hacking? Ethical hacking?

INTRODUCTION

“Bad” hacking groups Anonymous Lulzsec

Black hat hackers DoS / DDoS Identity Theft Website Defacement Leaking Incriminating or Personal Information Viruses / Worms

THE DARK SIDE

Is there a grey area? Honorable or benign motivations Protect computer networks Deter hackers from hacking in the future

Should any form of hacking be permitted? Counter hacking Certified ethical hacking Clipper chip

IS ALL HACKING BAD?

Pre-emptive or reactionary response to a hacking attack

Ethical Worms Sovereignty over own computer but not the Internet For the greater good

Self-Defense

Innocent Third Party Who is in control Identify other victims Find the origin or next hop point

Jerome Heckenkamp case

COUNTER HACKING

Some company’s are founded on beneficial hacking Security Explorations “providing various services in the area of

security and vulnerability research” Discovered and reported numerous Java

bugs Billions of users at risk

EC-Council Offers a professional certification – Certified Ethical Hacker Employed by company, penetrate networks like a hacker Purpose: find & fix security vulnerabilities

CERTIFIED ETHICAL HACKERS

Discussed and developed 1990’s government plan Installed in electronic communication with unique

government encryption Only government could decrypt Valid warrant needed for each tap

Same longstanding law as for wire taps Downside: Some people feared government would

abuse its power Upside: monitor known criminals and terrorists

Decrease the amount of crime – deter criminal activity Increase the government’s ability to fight crime

CLIPPER CHIP

Not all hacking is necessarily bad.

Some can be ethically justified Intended to protect users / public Deter future attacks Find security flaws / Code innovations

Infringe on privacy rights?

CONCLUSION

QUESTIONS