Skip to main content

Ethical Hacking: An Oxymoron or Effective Solution? Written By: Renée Guinée

By

The Security Deficit and How We Got Here

With the rapid advancement of technology, cybercrime is a major and developing criminal justice consideration. The extra-jurisdictional nature of the internet and accessibility of global digital communication adds an international element to the investigation of cybercrimes, which is sometimes beyond the scope of national criminal justice authorities (Brants et al., 2020). The heavy presence of digital devices in society poses significant challenges for law enforcement agencies. The increasing use of new technologies in the criminal realm often means that traditional public policing services do not have the resources to combat this type of crime. We are living in an age where the threats we are facing are developing quicker than our means to fight them can keep up with.

        The structural and cultural limitations of traditional policing agencies have resulted in a security deficit in the online world. This means that crimes happening online often go unreported or are ignored by law enforcement as police lack the resources to effectively deal with their multitude (Huey et al., 2013). The expansion of cyberthreats is one example for the recent change in the system of policing, namely the pluralization of policing. Policing is now being widely offered by institutions other than the state, such as private companies or communities on a volunteer basis (Bayley & Shearing, 1996). This implies that it is no longer just traditional public policing agencies combating the various forms of crimes today. 

Ethical Hackers as a Solution?

Securing the cyber-space doesn’t just mean expanding the current paradigm by adding more police officers or providing greater resources. The distributed nature of the internet requires that the security deficit is addressed through collaborative efforts within and across various sets of public and private actors, who each have access to various resources and forms of capital (Huey et al., 2013). It is suggested that if the public police want to have a significant role in the governance of security online, they must develop relationships with other security actors, as traditional conceptualizations and methods of policing aren’t effective for developing and maintaining security networks (Huey et al., 2013).

One such private actor with which the public police could collaborate to further their efforts in regulating cybercrime is the “ethical hacker”. Ethical hacking is one of the fastest growing areas in network security, and an area that generates a lot of discussion (Farsole et al., 2010). Hacking is an activity where a person exploits the weakness in a system for self-profit or gratifications. Criminals have more opportunity and incentive to gain access to sensitive information through the internet as public and private organizations migrate more of their functions to the internet (Sahare et al., 2014). Ethical hacking is an identical activity, but which instead aims to find the source of and rectify the weakness and vulnerabilities in a system. It’s described as a process of hacking a network in an “ethical” way, so without malicious intent (Sahare et al., 2014).

Implications

Cybersecurity ensures that an organization can protect their online data and assets against security risks within the cyber environment. In this context, cybersecurity and ethical hacking techniques can be applied to decrease these risks (Al Hawamleh et al., 2020). Ethical hacking has the potential to maintain the digital privacy of users, while ultimately also foreseeing potential cyberattacks and averting their occurrence (Al Hawamleh et al., 2020). While there are many benefits that could come from utilizing the expertise of an ethical hacker within traditional policing techniques, there are also certain risks involved that have sparked the discussion around ethical hacking techniques. The question here is whether ethical hacking is indeed ethical.

For an individual to become an ethical hacker, they must be taught the strategies and methods of malicious hackers. Teaching these tactics has the potential to compound, rather than fix, the problem of the increasing number of malevolent hackers. (Smith et al., 2022). Ultimately, it is then the students’ decision whether to use their newfound skills in an ethical or malicious way. Teaching aspiring information security professionals these aggressive tactics is sometimes viewed as a double-edged sword, as they are equipping trainees with the competence to utilize the same methods used by malicious hackers, without being able to ensure whether they will use these skills for good (Smith et al., 2022). It is important then, while training them, for instructors to additionally provide a strong moral understanding of the implications their skills can have.

Conclusion

The use of hacking as a cybersecurity tool allows information security professionals to identify vulnerabilities and potential future problems (Smith et al., 2022). Ethical hackers could be just the private actor that could expand the scope and resources of public police to tackle cyber threats. The nodal governance theoretical framework recognizes that policing is increasingly a distributed phenomenon that involves associations between and across public and private actors. This theory highlights how much of the policing work that occurs in the online world actually happens through collaborative relationships (Huey et al., 2013). This suggests the importance of police and law enforcement cooperating with private actors, such as ethical hackers, to better equip themselves in approaching cybersecurity.

However, with all the benefits that may come from this relationship, we must be weary of potential pitfalls that could result from inputting resources to train these ethical hackers. There is a risk of the number of malicious hackers increasing as we educate trainees, and they decide to enter more profitable business for themselves, or they may break contract with employers. Additionally, there is the question of whether hacking is ever actually ethical (Smith et al., 2022). For ethical hackers to do their work, they must remain up to date on methods used by malicious hackers, this may call into question their professional ethics and morals (Smith et al., 2022). If they were to be integrated into policing approaches, there would have to be additional regulations to ensure they were hacking according to a code of conduct and remained trusted by employers.

A stringent and careful approach must therefore be taken to properly introduce ethical hacking into the policing sphere. It has the potential to aid in tackling some of the biggest threats we face today that are beyond our skills to confront. But it also has the potential to make the problem worse by possibly inputting resources into training a whole new group of hackers who may ultimately work against us. These are all things to consider as we progress into policing strategies in the age of new technologies in our modern society.


References

Al Hawamleh, A. M., Almuhannad Sulaiman, A., Al-Gasawneh, J. A., & Al-Rawashdeh, G. (2020). Cyber Security and Ethical Hacking: The Importance of Protecting User Data. Solid State Technology, 63(5), 7894–7899.  

Bayley, D. H., & Shearing, C. D. (1996). The Future of Policing. Law & Society Review, 30(3), 585. https://doi.org/10.2307/3054129  

Brants, C., Jackson, A., & Wilson, T. J. (2020). A comparative analysis of Anglo-dutch approaches to ‘cyber policing’: Checks and balances fit for purpose? The Journal of Criminal Law, 84(5), 451–473. https://doi.org/10.1177/0022018320952561  

Farsole, A. A., Kashikar, A. G., & Zunzunwala, A. (2010). Ethical hacking. International Journal of Computer Applications, 1(10), 14–20. https://doi.org/10.5120/229-380  

Huey, L., Nhan, J., & Broll, R. (2012). ‘uppity civilians’ and ‘cyber-vigilantes’: The role of the general public in policing cyber-crime. Criminology & Criminal Justice, 13(1), 81–97. https://doi.org/10.1177/1748895812448086  

Sahare, B., Naik, A., & Khandey, S. (2014). Study Of Ethical Hacking. International Journal of Computer Science Trends and Technology, 2(6), 6–10.

Smith, L., Chowdhury, M. M., & Latif, S. (2022). Ethical hacking: Skills to fight cybersecurity threats. EPiC Series in Computing, 82, 102–111. https://doi.org/10.29007/vwww  

Comments

Post a Comment

Popular posts from this blog

A double-edged sword: the potential benefits and risks associated with the use of online platforms in fighting crime. Written by: Dille Wienese

By
  "Technology is a tool that can allow us to create a better future, but it is not a silver bullet." -        Tim Cook, CEO of Apple Inc.   On the 18 th of March 2019, the Netherlands was shaken by a devastating attack that occurred on a tram in Utrecht. The incident resulted in the loss of four lives and left several others injured or traumatized. The perpetrator, Gökmen T., was apprehended on the same day after a manhunt and has been sentenced to life in prison (Korvinus, 2021). Following the attack, the danger level was raised to an unprecedented level of 5, which is the highest level possible. Meanwhile, group chats of my family and friends started circulating pictures of possible suspects, hints, and motives of the shooter. Although I did not think much of it then, I now realize that such speculation can have dire consequences for innocent individuals suspected of a crime. Afterward, an innocent man who was detained in connection with the Utrecht incident spoke out that
Post a Comment
Read more

The struggle of combating child pornography through public policing. Written by: Amandine Ducros

By
  The rise of child pornography in the modern era     The new growth of information technology has introduced a new form of criminality to the criminal justice system : cyber crime (Marcum, Higgins, Freiburger & Ricketts, 2010). Cyberspace has no physical geography, no territorial boundaries exist (Wells, 2000). Cyber child porn, like cyber crime, is difficult to control because by its very nature its disrespects national boundaries ( Schell, Martin, Hung, & Rueda , 2 007 ), making the task of the police force even more complicated. Indeed, information communication technology facilitates abuse and exploitation of children online, especially child pornography (Jalil, 2015). Child pornography can be defined as the sexually explicit pictures or films involving younger people under the age of 18  (Marcum, Higgins, Freiburger & Ricketts, 2010) and is available on the Internet in many different formats : pictures, videos, sound files, stories (Burk, Sowerbutts, Blundell, 2002)
Post a Comment
Read more