I recently ran into a very interesting discussion on a LinkedIn group that I belong to called the “Legal IT Network”. The question that starts the discussion is – “Is it the methods or the targets that make a hacker unethical?” The question has risen because of a “patriotic” hacker who has recently been attacking Jihadi recruiting websites. A Question and Answer session and an email correspondence reveals more about the motives and methods of the attacks by the one who self-proclaims his name “the Jester.” He basically reveals how he has been in combat, and is very passionate about what he is doing, even though he himself struggles about it being right. He targets Jihad recruiting groups who use the internet as their primary method of recruitment. As a conservative and a patriot myself, I can definitely say that I can see where he is coming from, and if he can justify what he is doing to himself, then all the power to him. However, it seems that many information security professionals don’t feel the same way and I also understand why.
L. Brent Hutson, CEO & Security Evangelist at MicroSolved, Inc, a leading provider of security assessments and penetration testing, shared some great thoughts on the subject in the LinkedIn discussion. He argues that it’s not a methodology or the target that account for ethics, but the intent – and here’s why.
“But, make no mistake, today “hacking” as it is often used in the media is just another word for criminal behavior. Criminal behavior, by its very definition, is outside of the ethical boundaries of a society.
“Hacktivism” is unethical, not because of its goals, but because of the intent of the attacker to compromise, modify or control the underlying system components that are in use. Basically, “messing around with things that don’t belong to you” is outside of the ethical boundaries of our society. Thus, in my definition, it is the intent behind the actions that make it unethical.” (L. Brent Hutson)
I very much agree with what Brent has to say, and I do think that even though I can understand where “the Jester” is coming from, his actions still cannot be deemed as “ethical”. Even though Americans have a very different beliefs than the Jihad, that doesn’t make this type of act justified. If everyone who had the ability started openly attacking every organization they don’t agree with, the internet wouldn’t be a safe place at all. I also have a hard time accepting “The Jester’s” choice to open himself up to the public, and you can even follow him on Twitter (th3j35t3r). In doing so, he is naturally open to the skepticism of desiring fame or credit for his actions. Here you watch a video showing the XerXes tool that is used and developed by “the Jester” to spring an attack on the targeted web sites.
One tangent subject that I had thought of while writing this blog post was, even though what “The Jester” is doing may not be viewed as ethical by some, would there be a difference if the U.S government was distributing these attacks? Surely it would increase national security, but at the same time may not be in good practice. It is something to think about, and up to you to decide.