The ethics of ethical hacking and hactivism

Philosophy

INTRODUCTION

One of the leading news ahead of the US Presidential elections on 3rd November 2020 was this one:

„Donald Trump’s Twitter account was allegedly hacked last week after a Dutch researcher correctly guessed the president’s password: “maga2020!”, Dutch media reported. Victor Gevers, a security expert, had access to Trump’s direct messages, could post tweets in his name and change his profile, De Volkskrant newspaper reported. Gevers – who previously managed to log into Trump’s account in 2016 – apparently gained access by guessing Trump’s password. He tried “maga2020!” on his fifth attempt and it worked. Maga stands for Trump’s oft used campaign slogan Make America Great Again. “I expected to be blocked after four failed attempts. Or at least would
be asked to provide additional information,” Gevers told De Volkskrant.
Allegedly gaining access to Trump’s Twitter meant Gevers was suddenly able to connect with 87 million users – the number of Trump’s followers – and according to De Volkskrant’s story, it sent him into a bit of a panic.


So, he tries to warn others. Trump’s campaign team, his family. He sends messages via Twitter asking if someone will call Trump’s attention to the fact that his Twitter account is not safe. He tags the CIA, the White House, the FBI, Twitter themselves. No response,” the paper reported. A day later, Gevers noticed that two-step verification had been activated on Trump’s account, he noted. Two days later, the Secret Service got in touch. According to De Volkskrant, they thanked him for bringing the security problem to their attention.“ (source: theguardian.com)

What Victor Gevers did was an act of the so-called “white hacking” also known as “ethical hacking”. His purpose was not to steal any data or cause turmoil but to give warning on the security issues of the Twitter account of the US President. He believes he should be given credit for protecting Trump from actual hacking and bigger damage. But should we?

TASK

Students are divided into two teams:

Team 1: Associates of Victor Gevers. You believe his act did Trump a favour. You strongly back his actions and are convinced that white hacking is the right thing to do when it comes to the greater good. Identifying a security weakness helped take preventive measures to avoid malicious hacking attempts at a later stage. This was a morally good act.

Team 2: Associates of President Trump. You condemn the action of Victor Gevers. What he did was a crime and he should be prosecuted. You believe that there is no such thing as ethical hacking when there is no consent on the part of the affected person. This deed was not only a breach of security but also an invasion of privacy. It is immoral.

The two teams have the task to present their positions and take part in a debate on ethical hacking. Make a presentation including different scenarios on what would be the consequences of such actions. What would happen if a malicious hacker gained access to the President’s account? Was Trump really protected by being publicly exposed to vulnerability? Did Victor Gevers have the right to check on the security of this account or is it the task of the President’s team to make sure there is no breach of his security of any
kind? Discuss the benefits but also the potential threat of such morally controversial actions.

PROCESS

Read this article https://www.businessmagazinegainesville.com/when-ishacking-ethical/ and watch this video https://www.youtube.com/watch?v=XLvPpirlmEs

Is it possible to divide clearly and unambiguously the hackers into being “black” and “white”? Are black-hat hackers the bad guys and white-hat hackers the good guys? Do you find differences in the motives that drive them? Do you spot any controversies?

They represent a decentralized international activist/hacktivist collective/movement that is widely known for its various cyber attacks against several governments, government institutions and government agencies, corporations, etc. Supporters have called the group “freedom fighters” and digital Robin Hoods while critics have described them as “cyber-terrorists”. In recent times they have supported WikiLeaks, the Occupy movements as well as the Black Lives Matter marches. What type of hackers do you think the Anonymous are? Black or white? Good or bad? Do they impose any danger to society or do they act purely in the interest of society? Watch the following video to see the most famous cyber-attacks performed by the movement: https://www.youtube.com/watch?v=ZDjOd5C7P5I What do you think about them? Were they morally right to intervene in these cases? What are the consequences of their actions? Would you call the people affected by their initiatives “victims”?

Find out more about it here: https://en.wikipedia.org/wiki/Hacktivism. Do you think hacktivists serve to protect free speech, human rights and freedom of information or do they perform a form of civil disobedience just for the sake of it? Do hacktivists strike any controversies? Do they provoke a public debate? Is hacktivism a force for good or evil? Do you find ethics in their actions?

RESOURCES

To learn more about white and black hacking click on the following links:
https://www.theguardian.com/us-news/2020/oct/22/trump-twitter-hacked-dutch-researcher-password 
https://www.businessmagazinegainesville.com/when-is-hacking-ethical/ 
https://staysafeonline.org/blog/how-can-ethical-hacking-be-ethical/ 
https://www.eccouncil.org/ethical-hacking/ 
https://www.youtube.com/watch?v=XLvPpirlmEs 
https://hub.packtpub.com/10-times-ethical-hackers-spotted-a-software-vulnerability-and-averted-a-crisis/ 

To learn more about different moral theories you can use the following resources:
https://www.csus.edu/indiv/g/gaskilld/ethics/kantian%20ethics.htm 
https://en.wikipedia.org/wiki/Utilitarianism 
https://en.wikipedia.org/wiki/Aristotelian_ethics 
https://en.wikipedia.org/wiki/Moral_absolutism 
https://greatergood.berkeley.edu/article/item/right_and_wrong_in_the_real_world 
https://www.brown.edu/academics/science-and-technology-studies/framework-making-ethical-decisions 
https://plato.stanford.edu/entries/egoism/#EthiEgoi 
https://en.wikipedia.org/wiki/Ethical_egoism 
https://en.wikipedia.org/wiki/Common_good 

To understand better the Anonymous, you can check out the following links:
https://en.wikipedia.org/wiki/Anonymous_(group) 
https://computer.howstuffworks.com/anonymous.htm 

More on hacktivism is available here:
https://www.securitymagazine.com/articles/87362-the-very-real-threat-of-the-new-hactivism 
https://www.difesaesicurezza.com/en/cyber-en/hactivism-as-fashion-has-ended-its-returning-to-origins/ 
https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-hacktivism/ 

CONCLUSION

Upon completing this web quest students will become aware of the infinite number of morally controversial actions we face on a daily basis. They should be able to make their own opinion on topical issues such as the endeavours for justice of the Anonymous and other related hacktivist formations. By exploring in detail the motives behind such actions and the consequences they lead to, students will develop their critical and analytical thinking. In addition to that, students will become aware of various moral theories and will be able to analyse actions and events from their perspective.

Learning outcomes

Skills:

  • Critical thinking
  • Analytical thinking
  • Argumentation
  • Teamwork
  • Presentation skills
  • Research skills
  • Debate skills

Evaluation of learning achievements

In this section we will not dive very deep into the underlying educational theories about evaluation and testing: there’s too much out there than we could possibly cover in this small project report.

Instead, we want to concentrate on procedures that enable both students/pupils and their teachers to establish if the learning goals of the Webquest were achieved and, if so, to what extent. We recommend teachers make use of a combined evaluation procedure, that consists of:

  1. Statements by learners (after being asked to do so)
    • telling what they learned about the subject (knowledge-oriented self-evaluation): now (after going through the Webquest) I know that …
    • telling what he/she learned about herself/himself (formative evaluation, in this case, diagnostic self-evaluation): now (after going through the Webquest) I know about myself that I …
      This pair of basic statements add up to a so-called learner report, in which the pupil/student reflects on what the Webquest brought him/her in terms of acquired knowledge and new personal views and attitudes concerning the subject.

    For instance:

    • ‘I learned that in medieval times the hygiene of people was hardly a concern which helped to let epidemic diseases like the Plague cause so many casualties’ Or:
    • ‘I learned the facts and I know the earth is warming, but I cannot understand why people were so stupid to pollute the world and let it warm up so much.
    • ‘I learned from the information about diseases that this subject is more appealing to me than I would expect in advance: maybe I should consider a medical career’. Or:
      ‘The Webquests confirms what I thought already: I could not care less about the climate and global warming. In fact, I thought it was all a hoax and I still do!’

    This kind of assessment seems more subjective than it actually is: in his standard work on testing and evaluation (and much more), simply called Methodology (1974), Prof. A.D. de Groot described how consistent the student’s self-evaluations appeared to be: when asked again after 5 or 10 years, their evaluation would almost be the same. De Groot advised teachers to use the learner report as a start for joint evaluations, striving for consensus between teacher and student/pupil about the learning outcomes and their value for the learner, but also compared with the learning objectives as stated in the curriculum.

  2. The learning achievements are visible in the output produced by the students: it is physical evidence: reports, answers to questions asked in the Webquest, presentations, and performance during presentations (preferably recorded). The teacher completes an evaluation grid stating clearly what the learning outcomes for the student/pupil are. The categories in the grid can be modified by the teacher to cover more precisely the content of a Webquest.

    >We advise teachers to use the grid to start a joint evaluation discussion, aiming at consensus or at least understanding between the teacher and the student/pupil about the learning outcomes: were they achieved (as planned in the curriculum and communicated before the Webquest started) and to what extent? To communicate the learning goals clearly before any learning activity starts, is a transparency requirement that is widely acknowledged in the educational community. The history of making learning objectives explicit goes back to the evaluation ‘Bible’ by Bloom, Hastings and Madaus: ‘Handbook on formative and summative evaluation of student learning’ (1971), a standard work that also served as inspiration for the earlier mentioned Prof. De Groot.

 

The procedure also applies when students/pupils have worked together on a Webquest. The teacher will ask questions about individual contributions: ‘What did you find? What part did you write? How did you find the illustrations? Who made  the final presentation?’

All the evidence (of learning efforts and outcomes plus joint evaluations) is preferably stored in the learning portfolio of the student, or in any other suitable storage system (folders with written or printed documents, online collection of files, etcetera ).

Changes in personal points of view and feelings are harder to value and here the consensus between teacher and student/pupil about experiences during the learning process provides essential insights.

The grid below gives an example of how the evaluation of the learning process and achievements can be shaped: what kind of reactions to the Webquest does the teacher expect and how valuable are they? Is the teacher capable to explain the value or score allocated to answers or presentations given by pupils? Does the pupil/student understand the evaluation outcomes, and does he/she agree? If an agreement (consensus is not possible, it is still the teacher who decides how to value the student’s work.

Please note that the text in the grid addresses the pupil/student directly: this is important and it is in fact a prerequisite for using such an evaluation grid: it is specifically meant to enable a discussion of learning results between teacher and student and not to communicate learning achievements of learners to others who had no direct role in the Webquest.

Evaluation Grid

Funded by
sCOOL-IT erasmus logo EN

The European Commission’s support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Talk To Us

t: +357 2466 40 40
f: +357 2465 00 90
escool.it@scool-it.eu

Funded by
sCOOL-IT erasmus logo EN

The European Commission’s support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Talk To Us

t: +357 2466 40 40
f: +357 2465 00 90
escool.it@scool-it.eu

Funded by
sCOOL-IT erasmus logo EN

The European Commission’s support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Talk To Us

t: +357 2466 40 40
f: +357 2465 00 90
escool.it@scool-it.eu

©2019 sCOOL-IT. All Rights Reserved.
Designed & Developed by PCX Management

Skip to content