You may be wondering whether there is such a thing as an ethical hacker. The answer depends on what you think of as ethics. Except for the most severe case of psychopath, everyone has rules they follow—but not everyone follows the same rules. What you think of as wrong, others might think of as acceptable. For example, many people drive over the speed limit, but some people who hold the law sacrosanct do not. Does driving over the speed limit make you unethical? It depends on how you define your ethics. If you think the speed limit is an arbitrary rule designed to help poor drivers keep control of their car—and that it doesn’t apply to superior drivers like you—then you can see speeding as ethical. But if you think the speed limit is an ethical limit which helps prevent you from killing innocent people, then driving above it for no good reason makes you unethical.
What Hackers Think Is Ethical
Hackers come in many different types, but they are generally categorized into three different groups: white hat, black hat, and gray hat. The fight against hackers can get confusing if we don’t clear up the differences.
White Hat Hackers
White hat hackers are the closest to what we may think are ethical. Many white hat hackers won’t break the law, They have all the skills of a hacker, but they only use them to attack systems they own or which they are contracted to test. This is usually called penetration testing, and many large organizations do it on a regular basis. If a trusted white hat hacker can’t break in, then an untrusted, dangerous hacker probably can’t break in either.
Black Hat Hackers
Black hat hackers are the opposite of white hat hackers. They probably don’t spend much time thinking about ethics; for them, hacking is about either damage or money—they want to hurt someone or they want to make money. The hackers who want to make money by stealing it do, of course, have an ethic—but they don’t necessarily live by it. Every thief doesn’t want anyone to steal from him what he stole from others. It’s an illogical proposition, but then I suppose that’s why hackers are humans, not computers or vulcans.
Grey Hat Hackers
In between the white hat and black hat hackers are gray hat hackers. These are the people with the most interesting ethics. Their ethics usually permit them to break the law but not to cause unreasonable damage to innocent people. Grey hat hackers are the hackers you usually hear about on the news. They’ll break into the Pentagon to make a point, but they won’t (even if they could) start launching nuclear missiles. A good example of a gray hat hacker is Julian Assange, creator of Wikileaks. He hacked a few sites before starting Wikileaks and then illegally published documents on Wikileaks, disregarding the law. However, he claims to have a higher ethic, the publication of secret information to inform democratic debate.
Not All Grey Hat Hackers Are The Same
Not all gray hat hackers have noble motives, some of them just hack for fun and to improve their skills. When they break into a website, instead of doing any serious damage, they just leave a note for the website operator indicating what needs to be fixed. This is still illegal in most countries, but it’s much nicer than getting hacked by a black hat hacker. Most hackers I know started out experimenting on their own computers (white hat hacking), but didn’t have enough experience to get hired to do legitimate penetration testing, so they did a little gray hat hacking for fun. If they got away with it, they continued hacking until they ended up getting enough skill to become a white hat hacker or they got put in a nasty situation (such as having to pay off credit card debt) and did some black hat hacking for quick cash. Unfortunately, once someone starts black hat hacking, they usually don’t stop until the police catch them. Worse, the further they get into crime, the more criminal things they’re willing to do for money—the further they distance themselves from normal ethics. For this reason, many people propose cracking down on seemingly-innocuous gray hat hacking as if it were as bad as black hat hacking. The idea is to punish hackers for any illegitimate hacking before it becomes a dangerous habit.
Confusing the whole issue of black hat, white hat, and gray hat is the older usage of the word Hacker. Before people started hacking into computers, hacker was a general name for skilled programmers. It derived from the Massachusetts Institute of Technology’s (MIT’s) model train club, which had an awful lot of skilled programmers in the late 1960s and early 1970s. In those early years, hackers were all good guys and the only trouble they got into were the usual teenage pranks. Several people in the early open source movement came from that MIT hacking scene and today many people in the open source movement use the word hacker to mean, in general, programmer. These hackers are just people who find interesting solutions to technical problems. They have nothing to do with breaking into other people’s computers. You can think of them as “zero hat” hackers.
So the next time someone asks you whether or not there is such a thing as an ethical hacker, you can tell him that there certainly are plenty of white hat hackers and zero hat hackers who have good, solid ethics.