Craig Rimando Luke White “hacking” - negative connotation Not always that way Originally a compliment Not all hacking necessarily bad “Good” hacking? Ethical hacking? “Bad” hacking groups Anonymous Lulzsec Black hat hackers DoS / DDoS Identity Theft Website Defacement Leaking Incriminating or Personal Information Viruses / Worms Is there a grey area? Honorable or benign motivations Protect computer networks Deter hackers from hacking in the future Should any form of hacking be permitted? Counter hacking Certified ethical hacking Clipper chip Pre-emptive or reactionary response to a hacking attack Ethical Worms Sovereignty over own computer but not the Internet For the greater good Self-Defense Innocent Third Party Who is in control Identify other victims Find the origin or next hop point Jerome Heckenkamp case Some company’s are founded on beneficial hacking Security Explorations “providing various services in the area of security and vulnerability research” Discovered and reported numerous Java bugs Billions of users at risk EC-Council Offers a professional certification – Certified Ethical Hacker Employed by company, penetrate networks like a hacker Purpose: find & fix security vulnerabilities Discussed and developed 1990’s government plan Installed in electronic communication with unique government encryption Only government could decrypt Valid warrant needed for each tap Same longstanding law as for wire taps Downside: Some people feared government would abuse its power Upside: monitor known criminals and terrorists Decrease the amount of crime – deter criminal activity Increase the government’s ability to fight crime Not all hacking is necessarily bad. Some can be ethically justified Intended to protect users / public Deter future attacks Find security flaws / Code innovations Infringe on privacy rights?