Contents

The Ethics of Teaching Hacking

Contents

My recent post “OzymanDNS - Tunneling SSH over DNS” caused a good friend, and someone I highly respect in the information security field, Dave Hull from Trusted Signal, to call me out on the ethics of the post.

Instead of lying to you, Dave, and to myself, I did not put any thought into the ethics of the post until Dave brought it up. Well, except for that auto subconscious RIGHT/WRONG check.

However, I have done a lot of thinking on it since Dave’s message to me, I came up with a number of reasons why the post is not unethical and a number of reasons why it was. So I am going to post my thoughts and would like to know what you think. I hardly think there is or ever will be a solid white line of ethics but lets see if we can discuss it a bit.

Ethical:

  1. Teaching people to do anything, is at it’s core, simply that. It doesn’t make them do it. The flip side of this coin will be in the unethical side so don’t get your Anti-NRA panties in a bunch yet.

  2. Offensive Security, SANS, C|EH (no they don’t teach ethics even though it’s in the name of the cert), and all the other “Penetration Testing” courses are teaching hacking. The phrase “Penetration Testing” was created so that we could pass it off to our bosses as a needed service without scaring them.

Unethical:

  1. Specifically in the post it is targeting Hotspots that charge money. Skirting this is illegal, and could land some jail time, or at least make you spend some time in airport holding, making you miss your flight. I did not put a disclaimer in the post, and I probably should have.

  2. Hak5 has a huge following of impressionable teens, who may or may not be mature enough to handle this information in the correct manor.

So, was the post unethical because it sounds like I put my stamp of approval on illegal activities? Would it have been more ethical with a disclaimer? Would have been more ethical without the targeting of hotspots? Should I take the post down?

My decision after considering everything? To leave it up, while adding a disclaimer. It is not my job to raise the worlds kids with a solid basis of ethics, but it is my responsibility not to endorse illegal activity to those who follow my activity online.

Thanks Dave, I look forward to your comments, and anyone else’s who would like to chime in on the issue.