• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Buried in cloud files? We can help with Spring cleaning!

    Whether you use Dropbox, Drive, G-Suite, OneDrive, Gmail, Slack, Notion, or all of the above, Dokkio will organize your files for you. Try Dokkio (from the makers of PBworks) for free today.

  • Dokkio (from the makers of PBworks) was #2 on Product Hunt! Check out what people are saying by clicking here.


Consorting with Black Hats and Negotiating with Cybercriminals: The Ethics of Information Security

Page history last edited by Paul Nicholas Santos 6 years, 7 months ago

Title of the Essay:     

     Consorting with Black Hats and Negotiating with Cyber criminals: The Ethics of Information Security, Terri Williams, October 30, 2015 


Title of the Reflection: 

     Contacting the Dark Side of the Web 


First Impression:   

     After reading the title, my first impression is that the article will talk about the dark side of the web and how we should deal with them in terms of securing ourselves.  



     “That’s why Burroughs concludes, “The question is not if you will be breached – the question is when.”” 


Reflection Proper: 

     The article mainly talks about the ethical issues with contacting black hat hackers on the forums, negotiating with cyber criminals and talking with the government.  

For the first topic, which is having a contact with black hat hackers on the internet forums, The issue here is that there is an assumption that if you’re talking with black hat hackers, then you are considered to be one of them; however, if you ask me, the best way to learn about their ways would be to understand how they do it. Security analysts do it to learn their ways in order to better protect their clients.  

     For the other individuals who enter such forums, I think the ethical way is to disclose the security issue to the said companies instead of doing nothing or simply telling your friends about it. A person should stop a crime from happening even though it is still in the works, like the ones written on the forums.  

As for the companies who threaten people who disclose loopholes in their system, they need to understand that it is the best way to protect their system. If I were them, I would focus the money used to file a legal action against the said person and pay him or her for the effort she gave into better protecting the company’s system. It will cost the company less to put a cork on the current system rather than paying millions of money to create a new security system that has lots of bugs and possible loopholes in it.  

     For the second issue, which is to negotiate with cyber criminals for the stolen information. I think it is unethical for the company to pay them for specific information that can be duplicated by two clicks of a mouse or four buttons. Thus, paying for the said information is useless since the company will only give the money to the cyber criminal and the cyber criminal can do anything with the said information. If the information that the cyber criminal has is the information about the employees of the company, I think that the best solution would be to ask the help of a security firm to track the records of the company, what IP address accessed what file on what day and on what time. If the security firm tracked the cyber criminal, the company should ask the help of the government in putting the cyber criminal in custody for the heinous crime he or she committed.  

     Finally, on the third issue, wherein the company asks the help of the government to track the cyber criminal's footsteps and to put him or her into custody, I think that it is better to ask a security firm to do the tracking instead of the government. By doing so, they protected the image of the company from being exposed to the politicking that goes on in the government sector. Plus, they can reassure that the security firm will keep their files confidential from prying eyes of the public, which could lead to their stocks plummeting or their image being tarnished due to the incident that happened.  


5 Things I’ve learned:   

  1. The amount of information that is stolen at a certain point in time. 
  2. The ethical issues surrounding the people who enter into the forums of black hat hackers. 
  3. The erroneous ways that the companies are taking when a person discloses an issue with their system. 
  4. The amount of concern that the companies have over the security of the information they are handling. 
  5. The issue on whether or not the companies should ask for the help of the government. 


5 Integrative Questions:      

  1. After seeing the amount of information being stolen, should we continue to ignore it or should we do something about it? 
  2. Is it safe to generalize that if a person enters a black hat forum he or she is a black hat hacker? 
  3. In the third person perspective, is it odd that a company files a lawsuit to a person who has seen loopholes to their system and told them about it? 
  4. Do we need to wait for something to happen or do we need to be prepared for something that has not happened yet? 
  5. Should we let the government police access to corporate files to hinder cybercriminals from getting in?  


There are 807 words in this article.





Comments (0)

You don't have permission to comment on this page.