Legal Aspects of Ethical Hacking

Ethical hacking is an attempt to get into a system, data or app using the techniques of
malicious hackers. The point of ethical hacking is to identify the vulnerabilities and the
weaknesses of a software, and to solve them before they are exploited by a hacker.
They are also known as “White Hat Hackers”. Technology is growing rapidly and has
become a part of our everyday lives. Hackers try to take advantage of our increasing
dependability on technology and hack into our systems. Below attached is a graph
depicting the number of cyber attacks that caused the loss of over a million dollars in
the past decade.

As you can see, the trend increased drastically in 2016 and it has only increased since
then.

Ethical hacking is very important as without it, companies are prone to getting hacked
and potentially losing millions of dollars and data. An example of this would be when
Yahoo! got hacked in 2013. The breach affected over 3 million accounts. The users’
names, phone numbers, email addresses, passwords and even backup email
addresses were obtained by the hackers. Because of this, Yahoo got a lot of backlash
and was hit with several lawsuits. Yahoo’s worth also went down, as it sold itself for
$4.48 billion, $350 million less than its original price. User’s that use the same password
for everything were at the most risk, because all their accounts were compromised.
Ethical hacking is very useful to companies as it protects crucial data and helps set up a
secure environment that prevents breaching of data. It also gains the trust of customers
and investors by ensuring the security of their products and information.

Technology is growing at a remarkably fast pace and is constantly improving. The most
crucial stage of improvement is identifying weaknesses and working on improving them.
Ethical hacking helps us identify those weaknesses and makes companies less prone to
getting hacked and losing all valuable data.

The field of ethical hacking is less known and therefore a few pursue it, and even fewer
make use of it. This is the reason why so many companies are losing money and
important data to hackers as they are not equipped with the right methods to prevent it.
Ethical hacking prevents these major losses and prepares companies for attackers.

This research is very relevant in today’s society as many companies are becoming a
victim to hackers. Having a weak website and system will lead to more data being
compromised at the hands of hackers. But not many take the help of ethical hackers to
safeguard their data. This research’s focus is to find less risky ways to practice ethical
hacking so that companies can trust ethical hackers and prevent cyber attacks on their
websites.

Research Problem

● To find out what separates ethical hacking from malicious hacking

There is a thin line that divides ethical and malicious hacking. The process of
ethical hacking is planned, approved and directed by the owners of the database.
Though it makes companies vulnerable to the hands of said hackers, it proves to
be extremely helpful in the long run. Malicious hacking is deliberately breaking
into a company's system to steal and sell important data. Ethical hacking actually
helps prevent malicious hacking to some extent. There are also another type of
hackers who are called “Grey Hackers”. They stand in the middle of malicious
and ethical hackers. They hack systems just for fun and entertainment. They
don’t steal data or cause any real damage to the systems but they are not
approved by the companies to hack into their systems so what they are doing is
still deemed illegal even though no damage is done.

● To find and discuss the risks of ethical hacking

The main risk of ethical hacking is information disclosure and breaching of data.
Companies make themselves vulnerable to the hands of hackers through this
method. Even though it helps a lot in the safety and security of a company, it is
still a risky option as you are putting your company's most valuable assets into a
hacker’s hands. Ethical hacking is prone to errors which can cause a negative
 effect in the profitability of the company. The hacker could be at a legal risk if the
job is done carelessly and inefficiently. The hacker hired by the company could
also be corrupt and greedy for money. He can sell information to other hackers
about how your system works and they can exploit it.

● To discover safer ways of ethical hacking

A solution needs to be come up with to make ethical hacking a reputable field of

work. There are many risks concerning ethical hacking and more research and
work needs to be done to make it more efficient and worthwhile. Ethical hacking
can be done in a safe way by creating definite and clear boundaries and the
consequences of breaking them. Both parties should agree to the drafted
contracts and withhold their part of the contract. The hackers should be kept
under supervision to avoid any deception. The risks will still be there but if any
breach of contract is done, the concerned authorities will be contacted. Another
safer way of ethical hacking is to perform it in a non production environment. A
“non production” or a “test” environment is a safe environment which is a copy of
the actual system, but without the real data. Hackers can test out the
vulnerabilities on the test environment. That gives them no restrictions and also
enhances the accuracy and efficiency of the work. It also prevents any damage
the company might face if the process goes wrong.

Objectives

This research would be beneficial as more research into ethical hacking will help people
be more aware about such fields and what they are for. More information and research
in this field will prove to be useful in the future as technology is advancing at a fast
pace. Companies who employ ethical hackers are also taking a risk and making
themselves vulnerable to malfunctions and errors during the process. Designing safer
ways of ethical hacking will help companies secure their software more and decrease
the chances of hackers taking advantage of it.

Research Design

This research will use surveys as a method to collect information and personal opinions
from software developers and the public.

Survey:

1. Have you heard of the term 'ethical hacking' ?

Yes. — 75%
No. — 25%

2. What do you think ethical hacking is ?

 Exploiting softwares to gain personal information. — 0%
A legal attempt at infiltrating softwares. — 75%
Not sure. — 25%

3. Have you ever come across a situation where ethical hacking was employed ?
Yes. — 0%
No. — 100%
4. Do you think companies should employ ethical hackers ?
Yes. — 62.5%
No. — 37.5%
5. Should laws related to hacking be equally applicable to ethical hacking ?
Yes. — 100%
No. — 0%
6. On a scale of 1-5 , how legal do you think ethical hacking is ?
1 — 0%
2 — 0%
3 — 0%
4 — 25%
5 — 75%

The above survey clarifies that ethical hacking is rarely chosen as a pursuable career
option. There is still apprehension about whether it is a reputable field or not. However,
most seem to think that ethical hacking is still legal even though it is using the same
methods as malicious hacking. You can say that ethical hacking uses the wrong
methods for the right goal.

Scope and Limitations

The goal of this research is to identify common risks companies face when employing
ethical hackers and how to solve those risks. The goal is to also separate ethical
hacking and malicious hacking, and to understand the legal aspects behind them.
Ethical hacking benefits all companies as everything in today’s generation works on
technology. Society will be benefited by this research because it brings light to the
issues and risks related to ethical hacking. It also aims to solve any doubts and
uncertainties regarding the field. If more people come to know about ethical hacking,
they will start looking into it more deeply and will make use of it. This research will also
establish ethical hacking as a possible field of work that people might pursue seriously
in the future.

The limitations faced are the limited amount of data available as it is still a new and
emerging field. Even though technology has advanced greatly in the past decades,
ethical hacking is still being looked at as uncertain, risky and a waste of resources and
time. This research aims to erase that impression of ethical hacking and make it more
credible in the world of technology. Ethical hacking is also not a stable job right now,
therefore only a few actually go into this field. Due to this issue, opinions from ethical
hackers are difficult to get. More of an insight into what the field is like would have been
extremely helpful and informative for this research.

Bibliography

https://panmore.com/ethical-hacking-code-of-ethics-security-risk-issues

https://medium.com/@ipspecialist/pros-and-cons-of-certified-ethical-hacker-7d5490effb
21#:~:text=The%20legal%20risks%20of%20ethical,it%20is%20not%20performed%20pr
operly

https://info-savvy.com/scope-and-limitations-of-ethical-hacking/

https://www.eccouncil.org/ethical-hacking/