بررسی اخلاقی آموزشِ نوشتن بدافزارها و مهارتِ هک و نفوذ به سیستم‌ها

نوع مقاله : مقاله علمی پژوهشی

نویسندگان

1 کارشناسی ارشد مهندسی کامپیوتر (نرم‌افزار)، پژوهشگر جامعه الزهرا

2 استادیار پژوهشگاه علوم و فرهنگ اسلامی

چکیده

امروزه برگزاری دوره‌های آموزشیِ مهارتِ هک کردن رو به افزایش بوده و با استقبال زیادی مواجه شده است. در برخی کشورها آموزش هک و نوشتن بدافزارها جزء واحدهای درسی دانشجویان رشته‌های کامپیوتر و فناوری اطلاعات در نظر گرفته شده است. به اعتقاد برخی، از آنجا که آموزشِ مهارت هک و بدافزارنویسی ممکن است افراد را به سمت‌ فعالیت‌های مجرمانه سوق دهد و افراد از این مهارت سوء‌استفاده کنند، به ضرر جامعه است و بر همین اساس، غیراخلاقی است، اما برخی دیگر با این آموزش‌ها موافق‌اند و بر این باور‌اند که برای این‌که بتوانیم با مجرمان سایبری مقابله کنیم، باید بتوانیم مانند آن‌ها فکر کنیم. به اعتقاد این افراد، کارشناسان امنیتی برای فهم بهترِ نقاط ضعف امنیتی سیستم‌ها و مقابله با بدافزارها نیازمند یادگیری مهارت هک کردن و نوشتن بدافزارها هستند و از همین رو، آن را اخلاقی می‌دانند. بنابراین، با توجه به افزایش برگزاری دوره‌های آموزشی بدافزارنویسی و مهارت هک کردن و همچنین اهمیت امنیت رایانه‌ها، در این مقاله به تبیین، تحلیل و نقد و بررسی استدلال‌های موافق و مخالف اخلاقی بودن آموزش نوشتن بدافزارها و مهارت هک کردن پرداخته می‌شود و راه‌کارهایی برای استفاده اخلاقی از آموزش این مهارت‌ها ارائه می‌شود.

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

An Ethical Study of Teaching Malware Writing, Hacking Skills and System Infiltration

نویسندگان [English]

  • Zaynab Ᾱlebūyeh 1
  • Alī Rezā Ᾱlebūyeh Ᾱlebūyeh 2
1 * Master's student of Computer Engineering (software), researcher at Jāmi‘at al-Zahrāʼ
2 Assistant professor, Islamic Culture and Science Research Center |
چکیده [English]

Nowadays, the number of courses teaching hacking skills is increasing and has encountered a very warm reception. In some countries, teaching hacking and writing malware has been considered as part of course credits for students of the fields of computer and information technology. According to some, since teaching hacking and malware writing may lead people to criminal activities and people may misuse this expertise, it is in detriment to the society and based on this, it is unethical; but some others agree with this instruction and believe that in order to confront cyber criminals, we must be able to think like them. According to this group, security experts need to learn hacking skills and malware writing in order to better understand the weakness in the security of systems and to deal with malware and therefore, they consider it ethical. Thus, considering the increase in the number of malware and hacking courses being held, and also the importance of the security of computers, this article delves into the explanation, analysis, critique and study of the ethical arguments for and against malware writing and hacking skills education and some measures for the ethical use of these skills will also be presented.

کلیدواژه‌ها [English]

  • hacking instruction
  • career ethics
  • information technology ethics
  • malware
  • hacker
  • infiltration test
آل‌بویه، علیرضا؛ آل‌بویه، زینب. (1394). هک کردن و نفوذ به سیستم‌های رایانه‌ای از منظر اخلاقی، فصلنامه علمی- پژوهشی نقد و نظر. 2(20)، 128-104.
-  Applegate, S. D. (2013). The Dawn of Kinetic Cyber. 5th International Conference on Cyber Conflict.
-  Aycock, J. ;Barker, K. (2005). Viruses 101. In Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education, 152–156.
-  Aycock, J. (2006). Teaching spam and spyware at the University of Ca1gery. Third Conference on Email and Anti- Spam (CEAS), 137-141.
-  Clarke, zuley; clawson, james; cordell, maria. (2003). A brief history of hacking. http://steel. lcc. gatech. edu/~mcordell/lcc6316/Hacker%20Group%20Project%20FINAL. pdf. 2016/10/5.
-  Cook, T.; Conti, G. & Raymond, D. (2012), When Good Ninjas Turn Bad: Preventing Your Students from Becoming the Threat. Proceedings of the 16th Colloquium for Information Systems Security Education Orlando, 11-13.
-  Curbelo, A. M. ; Cruz, A. (2013). Faculty Attitudes Toward Teaching Ethical Hacking to Computer and Information Systems Undergraduates Students. Eleventh LACCEI Latin American and Caribbean Conference for Engineering and Technology.
-  Denning, D. E. . (2012). Stuxnet: What Has Changed?. future internet , 4, 672-687.
-  Faily, S. (2014). Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. Processing of the BCS 19th Annual INSPIRE Conference.
-  Farwell, J. P. & Rohozinski, R. (2011). Stuxnet and the Future of Cyber War. Survival, 53(1), 23-40.
-  Grobert, F.; Kornau, T. & Pimenidis, L. (2008). Is Teaching Hacking in Academia Ethical?. https://events. ccc. de/sigint/2009/Fahrplan/attachments/1275_main. pdf. 2016/9/20.
-  Kaspersky Security Bulletin (2015), https://securelist. com/files/2015/. . . /Kaspersky-Security-Bulletin-2015_FINAL_EN. pdf. 2016/7/2.
-  Ledin, G. . (2005). Not teaching viruses and worms is harmful. Communications of the ACM, 48 (1), 144.
-  Ledin, G. . (2011). The growing harm of not teaching malware. Communications of the ACM, 54 (2), 32-34.
-  Livermore. (2007). What are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing?. Procedings of the 11th Colloquim for Information System Security Education, Boston, MA.
-  Logan, P. & Clarkson, A. . (2005). Teaching students to hack: Curriculum issues in information security. Proceedings of the 36th SIGSE Technical Symposium on Computer Science Education. 157-161.
-  Mariotti, J. (2014). An introduction to malware. https://www. ncsc. gov. uk/content/files/protected_files/guidance_files/An-introduction-to-malware. pdf. 2016/7/14.
-  Milošević, N. (2013). History of malware. Digital forensics magazine, 16(1), 58-66.
-  Pashel, B. A. . (2006). Teaching Students to Hack: Ethical Implications in Teaching Students to Hack at the University Level. InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development, 197-200.
-  Pike, R. E. . (2013). The “ethics” of teaching ethical hacking. Journal of International Technology and Information Management, 22, 67-76.
-  Sullins, J. P. . (2014). A Case Study in Malware Research Ethics Education, When teaching bad is good. 2014 IEEE Security and Privacy Workshops,www. ieee-security. org/TC/SPW2014/papers/5103a001. PDF. 2016/8/6.
-  Trabelsi, Z. & Ibrahim, W. (2013). Teaching ethical hacking in information security curriculum: A case study. 2013 IEEE Global Engineering Education Conference. ieeexplore. ieee. org/iel7/6522574/6530074/06530097. pdf. 2016/7/23.
-  Zeltser, L. (2014). What is malware. https://securingthehuman. sans. org/newsletters/ouch/issues/OUCH-201402_en. pdf. 2016/5/1.
-  Lachow, I. (2011). The Stuxnet Enigma Implications for the Future of Cybersecurity. Georgetown Journal of International Affairs. 118-126.
 
-  http://panmore. com/ethical-hacking-code-of-ethics-security-risk-issues.
-  http://www. mashreghnews. ir/fa/news/36007, 1395/6/15
-  https://cert. eccouncil. org/images/doc/Ethics-Violation-Report-Form-v1. 1-03012012. pdf, 2016/9/14.
-  https://www. eccouncil. org/code-of-ethics/,2016/9/14.
-  https://www. helpnetsecurity. com/2002/04/08/the-history-of-hacking,2016/7/2.
-  www. isna. ir/news/92102514875, 1395/6/19.
-    
Resources written in Arabic / Persian
CAPTCHA Image