We need to talk - opening a discussion about ethics in infosec

Friday 4 October 14:00 - 14:30, Green room

Ivan Kwiatkowski (Kaspersky)

Infosec is not like other jobs. We handle personal data, sensitive information, vulnerabilities that can affect thousands of computers. Our skills are sought after by the most powerful companies and governments. Yet we like to see ourselves as technologists; morally agnostic technicians who focus on solving virtual-world problems.

Reuters' recent article about UAE's Project Raven evoked strong reactions in many members of the community, myself included. It showed how infosec skills can be used to make the world a worse place - that, we already knew. But it also revealed the thought processes and motivations of the people involved. Looking back at the discussions our community has been having on social media in recent years, we can see that these justifications were already echoing:

  • "Everything I do is legal."
  • "Exploits don't torture people. People torture people."
  • "Morality is relative."

I have witnessed several professionals defending the notion that technology and ethics have nothing to do with each other. I find this alarming as this vision might in fact be the reason why some of us, deprived of an established moral compass, end up getting lost. It doesn’t have to be this way: generations of thinkers such as Aristotle, Kant and Rawls have been studying the concepts of right and wrong for centuries. In this talk, I will present various schools of thought pertaining to the philosophy of justice, and explore how they could help us solve some of the dilemmas the infosec community is facing.


 Related links



Ivan Kwiatkowski

Ivan Kwiatkowski is an OSCP and OSCE-certified penetration tester and malware analyst working as a senior security researcher in the Global Research and Analysis Team (GReAT) at Kaspersky Lab. Ivan's day-to-day job occasionally involves incident response and delivering training. He maintains an open-source dissection tool for Windows executables and his research has been presented at several cybersecurity conferences in Europe. As a digital privacy activist, he also operates an exit node of the Tor network.

   Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Michael Raggi (Proofpoint)
Ghareeb Saad (Anomali)

Abusing third-party cloud services in targeted attacks

Daniel Lunghi (Trend Micro)
Jaromir Horejsi (Trend Micro)

Finding drive-by rookies using an automated active observation platform

Rintaro Koike (NTT Security)
Yosuke Chubachi (Active Defense Institute, Ltd / nao_sec)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.