Ethical Hacking

I’m going to start this article by defining hacking. I define hacking as an act that will result in the hacker accessing some data about a person without their consent or knowledge. The hacker then has access to the data and can do whatever he wishes to do with it. They can delete the original one and ask for money to return it, and they can publish it online (leak it) or anything else they wish to do with it.

The issues with hacking are apparent. A hacker is violating someone’s privacy. Hacking can also create financial or legal problems for the victim.

Now we get to the “Ethical Hacking” term. Ethical in this context means doing the same thing, except this time, the hacker intends to test the system and find its problems.

I think Ethical Hacking is ethical but under certain circumstances.

My first condition is that the system that the hacker is targeting needs to be a test system with no private data on it. The moment a hacker “can” access personal data, their hack is unethical.

My second requirement is for hackers to provide a grace period before they publish their findings. e.g., if a hacker finds a vulnerability in an operating system and then notifies them, they should give them a period of at least 90 (just an example) days to fix it and provide patches for it. Publishing the vulnerability right away is unethical, and it can put millions of people at risk.

If the software an attacker is targeting is so proprietary that the attacker cannot use it in a test environment, they should not target it in the first place. A good hacker might be able to penetrate a system and do nothing with its data and also provide the owner of the system with the information on how he was able to achieve this. I believe that this is a good thing, but gaining access to personal data is unethical, making the whole process unethical. A hack like this might prevent evil hackers from accessing users’ data. It can be justified, but it is not ethical. It is choosing the lesser evil, which is evil.