Professional Documents
Culture Documents
Big Data Ethics Essay
Big Data Ethics Essay
Jason Moore
UHON 401
10/17/19
A majority of data breaches that compromise user data happen through a practice
called hacking. Hacking can be described as the practice of exploiting vulnerabilities in software
for an unofficial purpose. The results can be disastrous; according to the 2019 MidYear
QuickView Data Breach Report released in June of this year, “3,813 breaches were reported
through June 30, exposing over 4.1 billion records” (“Statistics show…”). For these reasons,
hacking usually carries a negative connotation for exposing the private data of others without
consent. However, multiple types of categories of hacking exist. In order to understand the
ethical dilemmas and boundaries involved in the large field of hacking, we first must
The first category of hacking that we should examine are illegal hackers, or “black hat
hackers” (“What is the Difference…”). Black hat hackers are usually the hackers behind infamous
data breaches who work by stealing information from systems which they were not authorized
to access. Hackers also change or destroy information through malignant software they spread
called “malware” or “worms”. A Cornell graduate student, Robert Morris, was responsible for
creating the first computer worm software. Originally intending for the worm to give him an idea
of the size of the web, he spread his worm across multiple computers where the worms would
propagate and spread to other computers by themselves. However, the worms replicated
themselves on their host computers so frequently that they crashed vital military and university
systems that spurred an investigation from the FBI (“THE MORRIS WORM…”). The interesting
part of this case is that Morris originally had innocent intentions unlike most typical black hat
hackers today, but his unauthorized access to protected computers broke federal law and he was
convicted under the Computer Fraud and Abuse Act of 1990 (“THE MORRIS WORM…”).
Black hat hacking also targets companies with large databases to increase the amount of
data they can gather. Equifax is one of the three largest consumer credit reporting agencies in
the United States (“Nation’s Big Three…”). In 2017, it was the target of a data breach from black
hat hackers which compromised the information of half the citizens in the United States
(O'Brien). The information exposed by the data breach included sensitive information of the
victims such as “…name, address, Social Security number, and date of birth” (“What is a
Credit…”).
The retail store Target was another company that found its data breached by black hat
hackers. By gaining access to the customer service database through stolen credentials, the
information of 41 million consumers were exposed including their phone numbers, addresses,
and card numbers (McCoy). The data breach affected Target consumer, Target shareholders,
and banks that issued the customer’s credit cards, resulting in over 100 lawsuits and a
“white hat hackers”. Ethical hacking can be described as “… performed with the target's
authorization. The intent of ethical hacking is to find out vulnerabilities from a hacker's
viewpoint so systems can be better secured” (S.Patil). In other words, white hat hackers use all
the same skills and tools as black hat hackers—they are just hacking legally by getting
permission. Santiago Lopez was a 19 year old man when he realized that his hacking skills could
be used to make money legally by finding bugs for companies wanting to find weaknesses in
their software to make it stronger (“How One Teenager…”). After bug payouts from companies
such as Verizon and Twitter, he became the first millionaire bug-bounty hacker on the ethical
hacking platform called HackerOne (Hamilton). White hat hackers usually help to strengthen
company security, saving the information of millions of people that would otherwise be
The third type of hackers have characteristics between black and white hat hackers.
Appropriately termed “grey hat hackers”, these hackers show a grey area between black and
white hat hacking, showing elements of ethical but illegal activities in their exploits. Grey hat
hackers may, for example, hack a company, determine weaknesses in the company’s software,
then notify the company of the weakness while asking for a fee to fix it. They may also decide
to take unethical injustices into their own hands regardless of legality. The Impact Team, a grey-
hat hacking group threatened the website Ashley Madison, a dating site that promoted their
users’ extramarital affairs (Brown). After The Impact Team demanded Ashely Madison bring its
website down and Ashley Madison failed to comply, the website became the subject of The
Impact Team’s data breach that exposed user information of over 33 million accounts
(Robinson).
group of hackers that use their skills without permission to make activist statements. When the
Parliament of Uganda was considering a law that would increase the penalty of homosexuality
from 14 years in jail to life, Anonymous hacked the prime minister’s website and publicly
posted a message expressing their disagreement (“Uganda Prime Minister…”). The group has
undergone different activism operations with mixed reactions from people who either support
their activist messages or to those who disagree with the means of spreading their message
Having understood the three types of hackers, the varying boundaries of ethicality can
be seen between the three categories. Hacking is a set of skills that gives a person the potential
to make a difference. But through analyzing the different kinds of hacking, we can see how a
person can either decide to use their skills for good intentions or for bad intentions. We have
finally come to our ethical dilemma: how do we increase the favorable potential of ethical
hacking and lessen the negative effects of illegal hacking when it comes to safeguarding big
data?
We can explore this question by first exploring the laws and repercussions currently in
place for people who use hacking for nefarious purposes. The federal Computer Fraud and
Abuse Act of 1984 was put in place to limit cybercrime. It states that “…persons who access
computers ‘without authorization’ will typically be outsiders (e.g., hackers)… outside intruders
who break into a computer could be punished for any intentional, reckless, or other damage
they cause by their trespass” (Freeman). Locally, New Mexico law has varying punishments for
people who either willfully access a computer without authorization, commit computer abuse
(which is when a hacker attempts to destroy or damage computer property) or for computer
access with intent to defraud or embezzle. The fines and crime seriousness range from a petty
misdemeanor if damage to the computer service is two-hundred and fifty dollars or less to a
second-degree felony if the service is worth twenty-thousand dollars. Across the nation, similar
Enacting laws to reduce an unwanted and harmful behavior that is a net negative for
society is always a positive first step. However, these repercussions do not seem to deter the
record-breaking data breaches that we have experienced from this year alone (“Statistics
show…”). When it comes to finding a solution to lessening illegal hacking, it becomes important
to figure out what would drive a person to go down the criminal route. Santiago Lopez, the 19-
year-old millionaire bug-bounty hunter, was asked in an interview whether he had ever wanted
to use his skills for “bad” hacking. Lopez replied “At the beginning, I was a little tempted…Bug
bounties saved me in that way” (“How One Teen…”). Lopez was lucky to have had a background
in which he already knew about bug bounties when he was fifteen. But this interview might
lead credence to the fact that people might not be exposed to the idea that ethical hacking,
which can be equally as profitable, exists. Media has also played a role in selective information,
glorifying illegal hacking to audiences with over 93 different movies spanning the topic, but not
lending the same attention to ethical hacking and its benefits (Freeze). As well as enacting laws,
supplementing the laws with true social change and conversation could be the difference
between a talented ethical hacker protecting people’s data or a talented unethical hacker
Secondly, the ethical dilemmas presented with grey hat hacking should be explored.
Because of the lack of authorization, grey hat hacking can be classified as illegal under federal
and some state laws. Companies and individuals who find themselves targets argue that their
intellectual properties are being damaged or that they are being harassed by the online
activists. On the other hand, “Hacktivists”, hackers who consider themselves activists of a
cause, argue that they use their skills as a way of expressing their beliefs.
When the US government began threatening organizations with legal action for being
connected to the whistleblowing site known as WikiLeaks, organizations such as PayPal cut
contact. When PayPal suspended the account for donations to WikiLeaks, Anonymous grey hat
hackers took it open themselves to launch an attack to bring PayPal down. Afterwards, the FBI
arrested fourteen of the hackers that were behind trying to publicize the information that the
Grey hat hackers believe that their way of voicing their opinions of injustices is through
their hacking skills. For example, a Youtuber named Project Mayhem is known for using his skills
To make a decision on grey hat hacking and the free-speech argument used by its
advocates, keeping in mind what would be the best and most cyber-secure route for everyone,
I believe that privacy and legality should be considered before freedom of speech. Although
Anonymous arguably launched attacks on targets that were fighting against human rights, it
blurs the line between what is socially acceptable as an activist cause and what is not. If a
hacktivist’s cause is deemed appropriate, then that may give permission to future hackers to
take down sites or software even if they only mildly disagree with them. This would leave
software business, independent developers, and website that promote the public’s well-being
to be at the whims of the ones who have hacking skills. I believe that this is a greater threat
than to let questionable websites or software to continue existing. The safest route for
everyone as they use services online is to express feelings of dissent through ways other than
hacktivism.
Since there will always be illegal hackers waiting to exploit weaknesses in code, software
fortification is a next step for business to take to secure the information of their user base.
Businesses should be held financially accountable to the people who has had their sensitive
data exposed to illegal hackers. Businesses who are at risk of becoming targets through the
information they collect should pass quality control tests on their software standards, coding
standards, and undergo required white hat hacking tests before they are cleared to handle user
information. This would incentivize businesses to pass the tests that would ensure the safety of
their customers while gathering the information from users that is important to make their
business succeed.
Given that black hat hacking is still a large problem despite potential legal repercussions,
the promotion of white hat hacking, or ethical hacking, is an effective way to combat illegal
hacking. White hat hacking is more favorable to the other categories of hacking; a more cyber-
secure future depends on the promotion of white hat hacking and making the practice more
widespread. How can this be done? Part of the culprit might lie in how many people go into the
computer science field in the first place. STEM fields are not as frequently chosen and out of
the already-smaller pool of graduates, only 8% were computer science majors (Code.org).
Encouragement in participating in the field and early awareness of computer science might
interest some people to get involved in the first place. Additionally, more frequent exposure to
ethical hacking as opposed to illegal hacking might help people who may be tempted to the
In conclusion, the large field of hacking can be a more productive and reputable practice
if attention is given to the different types of hacking and how to either discourage or encourage
them. The best way to combat unethical hacking and encourage ethical hacking is through an
earlier introduction into the field to motivate prospective recruits. Additionally, the constant
ethical hacking to create a more welcoming environment and discourse were people learn
more about the practice. Finally, grey hat hacking must be shown to be the slippery slope that
can cause company software, public websites, and online services from being at the whims and
opinions of the hackers who call themselves hacktivists. It is important that the public learn
that the best hacking practices are the ones that are authorized and keeping us all safe.
Bibliography
"Statistics show 2019 may be worst year ever for data breaches." US Official News, 21 Aug.
2019, p. NA. Gale OneFile: News,
https://link.gale.com/apps/doc/A601506606/STND?u=albu78484&sid=STND&xid=1200
daa5. Accessed 17 Oct. 2019.
"THE MORRIS WORM; 30 YEARS SINCE FIRST MAJOR ATTACK ON THE INTERNET." States News
Service, 2 Nov. 2018. Gale Academic Onefile, https://link-gale-
com.libproxy.unm.edu/apps/doc/A560889522/AONE?u=albu78484&sid=AONE&xid=e36
cfcc8. Accessed 17 Oct. 2019.
“2011 New Mexico Statutes :: Chapter 30: Criminal Offenses :: Article 45: Computer Crimes, 30-
45-1 through 30-45-7.” Justia Law, law.justia.com/codes/new-
mexico/2011/chapter30/article45/.
“How One Teenager Is Making Millions by Hacking Legally.” BBC News, BBC, 1 Mar. 2019,
www.bbc.com/news/av/technology-47407609/how-one-teenager-is-making-millions-by-
hacking-legally.
“Nation's Big Three Consumer Reporting Agencies Agree To Pay $2.5 Million To Settle FTC
Charges of Violating Fair Credit Reporting Act.” Federal Trade Commission, 13 Jan. 2000,
www.ftc.gov/news-events/press-releases/2000/01/nations-big-three-consumer-
reporting-agencies-agree-pay-25.
“Settlement of Target Data Breach Consumer Class Action Is Derailed On Appeal.” Data
Protection Report, 27 Apr. 2018, www.dataprotectionreport.com/2017/02/settlement-of-
target-data-breach-consumer-class-action-is-derailed-on-appeal/.
“Uganda Prime Minister Hacked 'over Gay Rights'.” BBC News, BBC, 16 Aug. 2012,
www.bbc.com/news/world-africa-19281664.
Brown, Aaron. “Britons' DIRTIEST Secrets EXPOSED: Hackers Threaten to LEAK Ashley Madison
Cheaters Online.” Express.co.uk, Express.co.uk, 21 July 2015, www.express.co.uk/life-
style/science-technology/592354/Ashley-Madison-Established-Men-Hack-Avid-Life-
Media-Sexual-Fantasy-Credit-Card-Name.
Code.org. “Computer Science Climbs to 4th Most Popular STEM Major for College-Bound
Students.” Medium, Medium, 9 Jan. 2019, medium.com/@codeorg/computer-science-
climbs-to-4th-most-popular-stem-major-for-college-bound-students-773ce681b96c.
Dunhill, Jack. “Programmer Uses His Tech Skills To Get Hilarious Revenge On Phone Scammers.”
IFLScience, IFLScience, 19 June 2019, www.iflscience.com/technology/programmer-uses-
his-tech-skills-to-get-hilarious-revenge-on-phone-scammers/.
Freeman, Jason. “The Computer Fraud and Abuse Act (CFAA).” Freeman Law, 5 Jan. 2019,
freemanlaw-pllc.com/computer-fraud-abuse-act-cfaa/.
Freeze, Di. “The Complete List of Hacker And Cybersecurity Movies, Version 2.0.” Cybercrime
Magazine, 29 Aug. 2019, cybersecurityventures.com/movies-about-cybersecurity-and-
hacking/.
Hamilton, Isobel Asher. “Here's What It's like Being a Hacker Millionaire under the Age of 25.”
Business Insider, Business Insider, 22 Sept. 2019, www.businessinsider.com/how-2-
white-hat-hackers-became-millionaires-before-the-age-of-25-2019-9.
Hurwitz, Judith, et al. Big Data For Dummies. [Electronic Resource]. For Dummies,
2013. EBSCOhost,
search.ebscohost.com/login.aspx?direct=true&db=cat06111a&AN=unm.978111864417
1&site=eds-live&scope=site.
McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million
Consumers.” USA Today, Gannett Satellite Information Network, 23 May 2017,
www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-
affected-consumers/102063932/.
Mills, Elinor. “FBI Arrests 16 in Anonymous Hacking Investigation.” CNET, CNET, 19 July 2011,
www.cnet.com/news/fbi-arrests-16-in-anonymous-hacking-investigation/.
O'Brien, Sara Ashley. “Equifax Data Breach: 143 Million People Could Be Affected.” CNNMoney,
Cable News Network, 8 Sept. 2017,
money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html.
Robinson, Rick. “Two Important Lessons From the Ashley Madison Breach.” Security
Intelligence, 28 Oct. 2015, securityintelligence.com/two-important-lessons-from-the-
ashley-madison-breach/.
S. Patil, A. Jangra, M. Bhale, A. Raina and P. Kulkarni, "Ethical hacking: The need for cyber
security," 2017 IEEE International Conference on Power, Control, Signals and
Instrumentation Engineering (ICPCSI), Chennai, 2017, pp. 1602-1606.
doi: 10.1109/ICPCSI.2017.8391982