An Ethical Study of Teaching Malware Writing, Hacking Skills and System Infiltration

Document Type : Research Paper


1 * Master's student of Computer Engineering (software), researcher at Jāmi‘at al-Zahrāʼ

2 Assistant professor, Islamic Culture and Science Research Center


Nowadays, the number of courses teaching hacking skills is increasing and has encountered a very warm reception. In some countries, teaching hacking and writing malware has been considered as part of course credits for students of the fields of computer and information technology. According to some, since teaching hacking and malware writing may lead people to criminal activities and people may misuse this expertise, it is in detriment to the society and based on this, it is unethical; but some others agree with this instruction and believe that in order to confront cyber criminals, we must be able to think like them. According to this group, security experts need to learn hacking skills and malware writing in order to better understand the weakness in the security of systems and to deal with malware and therefore, they consider it ethical. Thus, considering the increase in the number of malware and hacking courses being held, and also the importance of the security of computers, this article delves into the explanation, analysis, critique and study of the ethical arguments for and against malware writing and hacking skills education and some measures for the ethical use of these skills will also be presented.


Main Subjects

-  Applegate, S. D. (2013). The Dawn of Kinetic Cyber. 5th International Conference on Cyber Conflict.
-  Aycock, J. ;Barker, K. (2005). Viruses 101. In Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education, 152–156.
-  Aycock, J. (2006). Teaching spam and spyware at the University of Ca1gery. Third Conference on Email and Anti- Spam (CEAS), 137-141.
-  Clarke, zuley; clawson, james; cordell, maria. (2003). A brief history of hacking. http://steel. lcc. gatech. edu/~mcordell/lcc6316/Hacker%20Group%20Project%20FINAL. pdf. 2016/10/5.
-  Cook, T.; Conti, G. & Raymond, D. (2012), When Good Ninjas Turn Bad: Preventing Your Students from Becoming the Threat. Proceedings of the 16th Colloquium for Information Systems Security Education Orlando, 11-13.
-  Curbelo, A. M. ; Cruz, A. (2013). Faculty Attitudes Toward Teaching Ethical Hacking to Computer and Information Systems Undergraduates Students. Eleventh LACCEI Latin American and Caribbean Conference for Engineering and Technology.
-  Denning, D. E. . (2012). Stuxnet: What Has Changed?. future internet , 4, 672-687.
-  Faily, S. (2014). Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. Processing of the BCS 19th Annual INSPIRE Conference.
-  Farwell, J. P. & Rohozinski, R. (2011). Stuxnet and the Future of Cyber War. Survival, 53(1), 23-40.
-  Grobert, F.; Kornau, T. & Pimenidis, L. (2008). Is Teaching Hacking in Academia Ethical?. https://events. ccc. de/sigint/2009/Fahrplan/attachments/1275_main. pdf. 2016/9/20.
-  Kaspersky Security Bulletin (2015), https://securelist. com/files/2015/. . . /Kaspersky-Security-Bulletin-2015_FINAL_EN. pdf. 2016/7/2.
-  Ledin, G. . (2005). Not teaching viruses and worms is harmful. Communications of the ACM, 48 (1), 144.
-  Ledin, G. . (2011). The growing harm of not teaching malware. Communications of the ACM, 54 (2), 32-34.
-  Livermore. (2007). What are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing?. Procedings of the 11th Colloquim for Information System Security Education, Boston, MA.
-  Logan, P. & Clarkson, A. . (2005). Teaching students to hack: Curriculum issues in information security. Proceedings of the 36th SIGSE Technical Symposium on Computer Science Education. 157-161.
-  Mariotti, J. (2014). An introduction to malware. https://www. ncsc. gov. uk/content/files/protected_files/guidance_files/An-introduction-to-malware. pdf. 2016/7/14.
-  Milošević, N. (2013). History of malware. Digital forensics magazine, 16(1), 58-66.
-  Pashel, B. A. . (2006). Teaching Students to Hack: Ethical Implications in Teaching Students to Hack at the University Level. InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development, 197-200.
-  Pike, R. E. . (2013). The “ethics” of teaching ethical hacking. Journal of International Technology and Information Management, 22, 67-76.
-  Sullins, J. P. . (2014). A Case Study in Malware Research Ethics Education, When teaching bad is good. 2014 IEEE Security and Privacy Workshops,www. ieee-security. org/TC/SPW2014/papers/5103a001. PDF. 2016/8/6.
-  Trabelsi, Z. & Ibrahim, W. (2013). Teaching ethical hacking in information security curriculum: A case study. 2013 IEEE Global Engineering Education Conference. ieeexplore. ieee. org/iel7/6522574/6530074/06530097. pdf. 2016/7/23.
-  Zeltser, L. (2014). What is malware. https://securingthehuman. sans. org/newsletters/ouch/issues/OUCH-201402_en. pdf. 2016/5/1.
-  Lachow, I. (2011). The Stuxnet Enigma Implications for the Future of Cybersecurity. Georgetown Journal of International Affairs. 118-126.
-  http://panmore. com/ethical-hacking-code-of-ethics-security-risk-issues.
-  http://www. mashreghnews. ir/fa/news/36007, 1395/6/15
-  https://cert. eccouncil. org/images/doc/Ethics-Violation-Report-Form-v1. 1-03012012. pdf, 2016/9/14.
-  https://www. eccouncil. org/code-of-ethics/,2016/9/14.
-  https://www. helpnetsecurity. com/2002/04/08/the-history-of-hacking,2016/7/2.
-  www. isna. ir/news/92102514875, 1395/6/19.
Resources written in Arabic / Persian
-  Alebouyeh, A.; Alebouyeh, Zeinab. (2015). «Hacking and Intrusion into Computers Systems of Moral Perspective». The Quarterly Journal of Philosophy & Theology. Vol. 20, Issue 78, p. 104-128.