Exploding The Myth Of The 'Ethical Hacker'

[InfoSec News <alerts () infosecnews org>]

http://www.forbes.com/sites/parmyolson/2012/07/31/exploding-the-myth-of-the-ethical-hacker/

By Parmy Olson
Forbes Staff
7/31/2012

Guest post by Conrad Constantine and Dominique Karg

Fretful members of U.S. Senate are preparing to debate the Cybersecurity 
Act of 2012, potentially making it easier for corporations to share data 
about their users with the authorities. But who are they scared of? In 
the current lexicon of the cyber security industry, it’s the so-called 
blackhat hackers who seek to subvert information for their own gain. On 
the other side of that coin are so-called whitehats, or “ethical” 
hackers. Two IT security specialists at cyber security firm AlienVault 
offer 5 reasons why the latter term is best left unsaid:

The subject of whether or not to hire an ‘ethical hacker’ has been 
debated since the 90’s, albeit with perhaps a little less misdirection 
back then. We’d argue that the ‘ethical’ hacker simply does not exist, 
so perhaps the time has come for a new question, about whether we should 
even use the term “ethical hacker.”

If you find yourself on the wrong side of a locked door, you do not 
think to yourself ‘I need an ethical locksmith’ – unless you’re a thief, 
in which case you probably have a whole host of other questions. 
Instead, you look for a locksmith, pure and simple. You trust that the 
person that turns up to break your lock will do no more, and no less, 
than the job you’ve hired him for. Calling him ethical does not 
legitimize his practice of breaking in.

So why is there a need to justify hiring a hacker by claiming he’s 
“ethical?” In my opinion, the job title itself is the problem.

[...]

--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill