Applied Computing

A hacker is a skilled computer expert. Hacking involves using these skills to gain access to data and information on a device or network without authorisation. A so-called ‘black hat hacker’ aims to steal the data and information to sell or ransom; a ‘grey hat hacker’ does it for the challenge or prestige. Ethical hacking occurs when a person (known as a ‘white hat hacker’) is given authorisation to hack a device or network. The aim of ethical hacking is to identify weaknesses with the current security strategy. The hacker can inform the organisation of these weaknesses, so changes can be made to the security techniques used to improve overall security.

Organisations are often eager to have individuals with little inside knowledge of a network or information system attempt to gain access or find weaknesses in the existing security controls. The thinking behind this is that if a white hat hacker can gain access to a computer system, then so can a black hat hacker. This is important so that vulnerabilities in systems can be identified and fixed. Common techniques used in ethical hacking are penetration testing (attempting to access a network with authorisation – for example, by attacking ports) and sending phishing emails to members of the organisation.

Ethical hackers must respect the privacy of the organisations and the individuals concerned, and they must report all vulnerabilities found to the network owner.

People who have access to computer networks also have access to large amounts of confidential data. Yet the training of computer specialists does not usually focus on privacy or other ethical issues in the way that other professions do.

The following questions are examples of privacy issues you may need to consider as a computer professional.

    1. Should you read the emails of network users?

    2. Should you monitor websites visited by network users?

    3. Should you place keyloggers on computers to capture what network users are typing?

    4. Should you read documents stored on a person’s computer or on the file server?

    5. Should you view graphics stored on a person’s computer or on the file server?

A computer professional who has full network access has been given a position of considerable responsibility by the organisation that they work for. Computing is still a relatively young profession, especially when compared to medicine and law, and does not have a strong code of ethics.