AQA Computer Science GCSE
Ethics – h***ing
I've had to use h***ing because otherwise my school network filters out this page... Just in case you were wondering.
H***ing is the unauthorised access to computer systems and the data they contain. This is sometimes done deliberately to disrupt a system or to steal data and is illegal – it is covered by the Computer Misuse Act 1990. This is called "black-hat h***ng".
Other h***ers do so out of intellectual curiosity ("grey-hat h***ers") or in order to help protect systems by showing they are vulnerable ("white-hat h***ers"). Deliberate h***ing to check a system is secure is a form of penetration testing (see this video from the BBC for a real-world example).
The use of NSO software, probably by the United Arab Emirates government, to infect phones in Downing Street in the first place is, of course, an example of black hat h***ing.
BBC article - April 2022 - The Week article – April 2022Another group of h***ers do so in order to highlight a social or political cause of some kind. Known as h***tavism, the aim of this is to target a government or company website in order to highlight a particular issue – perhaps a human rights or environmental issue.
Cracking is essentially the same thing as h***ing. Some computer security experts ("white-hat h***ers") think that their work would be better termed cracking in order to distinguish their activities from criminal h***ers.
Research Links
In 2023 there was a ransomeware attack on the Royal Mail. It's quite an interesting example.
2023 Royal Mail ransomware attack
- BBC report on the 2023 Royal Mail ransomware attack
- What is Ransomeware – from The Guardian
It's useful to read more about h***ing examples. There is more on this in the Unit 6 – Security section.
- Anonymous, h***tivism and the rise of the cyber protester – November 2012
- Cyber-attacks 'damage' national infrastructure – 5 April 2019. Useful summary of the potential problems caused by h***ing
- TalkTalk h***er – 2 April 2019
- The teenage h***ers who've been given a second chance – 4 April 2019. Shows that h***ing can be a useful tool in the battle for cyber-security
- Students blamed for university and college cyber-attacks – 14 September 2018
- Cyber-attack: Is my computer at risk? – 14 May 2017. Focuses on the ransomware attack of May/June 2017. There are more links to information about this attack on the Unit 6 – Malware page.
- Briton who knocked Liberia offline with cyber attack jailed (BBC, 11 January 2019) – that's the whole of Liberia's internet (Liberia is a country in West Africa)
- WhatsApp discovers 'targeted' surveillance attack (BBC, 14 May 2019) – interesting that it mentions a group which it calls a "cyber arms dealer" which licenses some of its software to governments "for the sole purpose of fighting crime and terror".
- Baltimore government held hostage by h***ers' ransomware – BBC, 23 May 2019 - really interesting ransomeware example
- 'H***ers helped me find my lost Bitcoin fortune' – BBC, 10 February 2022 – interesting example of ethical h***ing
In terms of vulnerabilities to cyber-attack, the video at Huawei's 'shoddy' work prompts talk of a Westminster ban (BBC, 8 April 2019) is well worth a look.
The ways in which h***ing can be used in postive ways include:
- Inside GCHQ: the art of spying in the digital age – Financial Times: subscription site, but you can probably read one article free at home
- Inside the British military base where young h***ers learn to stop cybercrime – The Guardian
But surveillance is a tricky thing to get right:
- UK surveillance powers explained – BBC, 2015
- UK mass digital surveillance regime ruled unlawful – The Guardian, 2018
An example of a grey area is: Inside the printer-h***ing army spreading PewDiePie propaganda – Wired
The 2017 NHS ransomware attack
This is an interesting example which has a number of levels in it. So I thought a new section was needed.
- What is ransomware – BBC
- The attack – Wikipedia (well sourced article)
- NHS 'could have prevented' WannaCry ransomware attack – BBC
- NHS ransomware attack response criticised – BBC
The "h***er" who helped stop the attack, Marcus Hutchins, demonstrates why the question of "h***ing" is less straightforward:
- h***ing hero who saved UK from cyber attack – BBC
- NHS ransomware hero: I was panicking – BBC
- h***ing 'hero' Marcus Hutchins faces more malware charges – BBC
- h***ing 'hero' Marcus Hutchins pleads guilty to US malware charges – BBC
There are some really interesting videos about ransomware in general on the BBC site. Worth a look.
- Cyber-attack forces company to use pen and paper – a 2019 attack on a Norwegian company
- Easy-to-find ransomware fuels attacks – from 2017. Shows how easy it is to set up a ransomware attack