Skip to main content

Recognising the good guys – ethical hacking in an unethical world

Working in cybersecurity PR, I start my day by scouring the internet for news stories. This can be a depressing task – as with most news cycles, the stories are overwhelmingly negative. Opportunistic cybercriminals capitalise on tragedies, ransomware attacks cripple small businesses, healthcare services are disrupted. Legitimate cybersecurity professionals aside, it’s upsetting that so many talented individuals decide to use their abilities exclusively to accumulate wealth, power, or infamy. 

With this in mind, I think it’s important that we recognise when cyber-savants use their talents for good. I’m not referring to traditional “ethical hacking”, I’m talking about cyber-vigilantes, operating outside of traditional avenues to bring about positive change. 

Hacking can be a powerful tool for uncovering truth. Just this week, anonymous hackers leaked documents detailing the systematic mistreatment of Uyghur Muslims by the Chinese state. The leak has thwarted the Chinese government’s repeated attempts to deny wrongdoing, and provided many families with answers as to the whereabouts of their missing loved ones. While this is by no means a heart-warming story, it is refreshing to see hackers employing their skills in the fight against injustice. 

The conflict in Ukraine has also brought about a rise in “hacktivism” – as part of Ukraine’s newly formed “IT Army”, the hacking collective “Anonymous”, or lone actors fighting a guerilla-style cyber-war. Hacktivists have had a considerable impact on the conflict, bringing down the Moscow Stock Exchange, the Kremlin website, and leaking vast swathes of data – including 200GB of emails belonging to the Belarusian arms manufacturer Tetraedr. Granted, experts are divided on the efficacy of hacktivism amidst the Russo-Ukrainian conflict, but it is at least admirable that thousands of hackers have decided to focus on humanitarian efforts, rather than more nefarious and profitable campaigns. 

A lighter example of cyber-vigilantism is the recently identified ransomware known as GoodWill. Traditional ransomware groups demand money to decrypt an organisation’s data, or to prevent the release of sensitive information – GoodWill takes a different approach. Before offering the decryption key, GoodWill demands that their victims either take underprivileged children out for a meal, or provide medical assistance to someone that can’t afford it. This is obviously not a new idea, but it is interesting that the ancient practice of Robin Hood style vigilantism has made its way into the cybersphere. 

I do, however, want to make clear that I am not condoning illegitimate“ethical” hacking. I just want to remind PR professionals, or anyone else for that matter, that it isn’t all doom and gloom. Try not to let the torrent of bad news get you down – keep an eye out for those rare roses among the thorns.