Ethics involves systematizing, defending, and recommending concepts of right and wrong behavior. Ethics is defined as ‘the discipline dealing with what is good and bad and with moral duty and obligation ’. More simply, one could say it is the study of what is right to do in a given situation. Ethical hacking is about performing a security assessment – on one’s own systems, as ’the right thing to do ’, i.e. as an essential part of good security practice.
Compare a group of adolescents breaking into a computer system with another hot-wiring a car for a joyride. The latter would probably argue that they were doing no harm, because the owner of the car recovered his property afterward. They didn’t keep or sell it. It’s a naughty prank to borrow someone’s property in that way, but not really serious. These hypothetical car thieves lack the sensitivity to the victim’s feelings of fear, anger and a profound loss of order and safety.
The computer raises no new issue, ethical or pragmatic. The password hacker who says “we aren’t hurting anything by looking around” is exactly analogous to the joy rider saying “we aren’t stealing the car permanently”. The professional car thief and the teenaged joy rider are both social problems, but they’re different problems. To confuse the two–to treat the teenager like a career criminal–would be a disastrously self-fulfilling prophecy. There is also a middle ground between the young person who happens to break unimportant rules in the innocent exercise of intellectual curiosity and the hardened criminal.