Internet Security
When is Hacking a Crime
Who is a Hacker?
In the most general sense, a "hacker" is someone who enjoys modifying
and subverting systems, whether technological, bureaucratic or
sociological.
Most often the term is used to describe someone who has learned about
technology by picking apart systems.
In the past decade, however, "hacker" has come to describe those
people with a hands-on interest in computer security and circumventing
such security. In the middle are the gray hats, who are finding their
once-acceptable acts, such as informing the public of company security
holes, could now land them in jail.
Even the White House has now weighed in on the controversy. While
acknowledging the need for third-party discovery of flaws, President
Bush's cybersecurity team believed that more stringent ethics needed to
be the rule, rather than the exception.
They are reaching a crossroads where decisions have to be made as to
which way people are going to go: Are they going to continue to
function as a security consultant or go to the dark side?
That sentiment is echoing across the once-vast gray area where the
majority of hackers toil. With law enforcement and
corporate legal departments increasingly on the attack, many security
experts are worrying that the next bug they discover or tool they
create could get them sued or prosecuted.
"You can't do very much anymore," said a security
expert and hacker for a network protection firm. "It
used to be that you could hack a box and people would say, 'Ah, it's
just a stupid kid.' Now it's a mission-critical server you just hit,
and that's terrorism." ..well, we all have our opinions.
Making the situation more grey is the amorphous definition of
ethical hacking. Although the subject had been explored extensively
in law and ethics philosophy, rarely a month goes by without a debate
over whether a particular vulnerability had been a disclosed
responsibility.
The term "gray hat" was originally coined by the L0pht - one of the
best-known old-school hacking groups, pronounced "the loft" - for those
who wanted to stand apart from corporate security testers but also
distance themselves from the notorious black hats. This category,
defined by this phrase, has come to encompass most independent security
experts and consultants, as well as many corporate security
researchers.
The term 'gray hat' represents the independent researcher
who didn't have a vested interest in any particular company or
product.
Some don't believe that a gray area should exist, even for
hackers who break into a company's servers only to inform its network
administrators about the vulnerabilities.
Now, if you are gray, you are black. It's not that what you do is not understood,
but it comes down to WHAT you are actually doing.
When hackers attack a network, an administrators now have a few ways to judge
their intent. Every incident must be treated as an emergency, so every trespasser should be treated as a criminal, until full intent is realized.
That point of view may be in the minority today, but it's rapidly
gaining support. The trend is lending new strength to such laws as the
Digital Millennium Copyright Act.
The DMCA has become a favorite legal weapon of the software and media
industries to silence critics and security experts, despite exemptions
written by the Library of Congress for security research.
Today's security-conscious climate means that programmers and hackers
have to pay more attention to politics and laws, a new sensitivity
that some believe have discouraged them from notifying companies of
vulnerabilities.
You will find much more on this topic at WorldsLargestNetwork.com
|
WorldsLargestNetwork.com
