Ethical Hacking As A Defence Mechanism

Introduction

Computer Crime is often referred to as ‘cybercrime’, “cybercrime can be thought of as crime that involves computers and computer networks. ” (Hill and Marion, 2016 [1]). Cybercrime “refers to acts that involve criminal uses of the Internet or other networked systems to cause harm to others or some form of a disturbance. ” (Hill and Marion, 2016 [1]). This means that any criminal act of breaking the law with the use of any computing device with or without intention of harm or disturbance can be referred to as computer crime. However, “It can include any criminal activity—not only on computers, networks, or the Internet but also on mobile phones or other personal devices—that is intended to cause harm to others. ” (Hill and Marion, 2016 [1]).

An example of a computer crime would be a person gaining unauthorized access to a computer system with the intent to steal or manipulate data. This would be a computer crime under the Misuse of Computers Act 1990. When is hacking an illegal activity and when it is not? In this report I will discuss computer crime focusing on the differences of traditional crime and computer crime followed by ethical hacking ending with a discussion of my thoughts and opinions on when and why hacking is not a criminal activity.

Computer Related Crime

Firstly, we must ask ourselves, how can we define what is normal crime and when crime is classed as computer related? Susan Brenner refers to Crime as something that “consists of engaging in conduct that has been outlawed by a human social grouping, such as a tribe, city-state, or nation-state, because it threatens the society’s ability to maintain social order.” (Brenner, 2012 [2]). Cybercrime, computer related crime, differs from normal crime by the way in which it is committed, “real-world criminals use physical tools— such as guns— to commit their crimes; cybercriminals use computer technology to commit cybercrimes.” (Brenner, 2012 [2]).

However, where in normal crime the target is any number of things from theft of items to a person to damaging property, computer related crime usually is targeted towards data and what can be done with the data. Hill and Marion list some types of cybercrime as “computer viruses; malware; fake emails or websites; identity theft; cyberbullying, stalking, or harassment; hacking; online scams (e. g. , Nigerian scams); credit card theft; or phishing” (Hill and Marion, 2016 [1]). Susan Kelly stated in her article ‘Computer crime losses double. ’ (Kelly, 2007 [3]) that losses from computer crime had doubled over the space of a year and then in 2015 Nigel Morris’ article ‘Millions hit by UK’s invisible crime wave’ (Morris, 2015 [4]) stated that in the last year there was 7. 6 million accounts of cybercrime in the UK alone. This proving that computer crime is an increasing problem around the world. An example of someone convicted for cybercrimes was Alex Bessell. Alex was convicted for multiple cybercrimes such as gained unauthorized control of at least 9000 computers to launch attacks against firms such as Pokemon, Skype and Google. He was also found to have been selling his own and other peoples hacking tools online and was estimated to have made over £50,000 from it. These crimes broken the Computers Misuse Act of 1990 and he was sentenced for 2 years.

Ethical Hacking

To understand what Ethical Hacking is, we need to understand what hacking itself is first. Baloch states that “In the early 1990s, the word ‘hacker’ was used to describe a great programmer, someone who was able to build complex logics. ” (Baloch, 2017 [5]). However, he also goes on to explain that over time the word has gained a “negative hype” (Baloch, 2017 [5]) due to the computer-based crime that’s around the word. He explains there are three types of hackers:

• White Hat – Often in a professional security position or researching on security. These people are given permission to hack into systems to find exploits.
• Black Hat – An individual who uses their knowledge of hacking for negative and bad purposes.
• Gray Hat – This is usually an individual who would commit both white and black hat hacker’s actions.

Ethical hackers are classed as White Hat hackers, this is because they are usually “a person who is hired and permitted by an organization to attack its systems for the purpose of identifying vulnerabilities” (Baloch, 2017 [5]). The main difference between the term ‘hacker’ and ‘ethical hacker’ is the permission given to the person. As I referred to in my pervious section criminal hacking is becoming an ever-growing problem, because of this “Ethical hackers are fast becoming an essential part of an enterprise's network security armory. ” (Caldwell, 2011 [6]).