The word "hacking" is often associated with illegal intrusions into military systems or digital heists. However, this is painting the picture in broad strokes and neglecting nuance that makes a world of difference.
Hacking is most concerned with finding security vulnerabilities. Yes, that can mean looking for loopholes to exploit the system. Nevertheless, intent matters, and even hacking can be ethical.
Ethical hacking means looking for the weak points in systems and informing the owners. The intent here is to disclose the findings to fix them before a less ethical counterpart comes around. So-called white-hat hackers often act with permission and give detailed reports on the level of risk. They are a comprehensive tool to test the defense measures of your organization.
Importance of ethical hacking
First of all, ethical hacking gives an outsider's perspective. When working on cybersecurity infrastructure, all the weak points may be invisible from the inside. However, coming from the outside, the hacker may offer a different point of view. It means that he can find a vulnerability where you or your teammates would never in a million years have thought to look, much less patch it up.
First and foremost, the ethical hacker doesn't rely on the organization to get intel on weak and strong points. As it would be in all conventional hacking attempts, the attacker gathers all the data on his own. He develops the plan to get in, which might involve social engineering, setting up phishing websites, and checking for the employees' social media accounts in past data breach dumps.
In essence, ethical hacking is field training for the cybersecurity measures that you have in place. Judging by your performance in these cases, you can evaluate whether the actions that you use work as intended and protect sensitive data from ending up in someone's hands.
What is a vulnerability disclosure policy?
Vulnerability disclosure policy is an agreement between the organization and the freelance agent, outlining the ways and methods for reporting discovered vulnerabilities and exploits.
It also creates a direct channel between organizations and ethical hackers to share information and fix the security holes. Plus, it limits the news to a smaller circle of people. Such an approach is much more efficient and safer than posting the found exploit on social media, where many people could take advantage. Besides, it creates a safe space for the organization and gives them time to resolve any of the issues found.
On the other end, it informs the ethical hacker that he shouldn't fear prosecution. Not all organizations welcome these testing methods. Some view this as a form of attack regardless of context.
Many leading companies like Alibaba, Apple, Intel, Oracle, Visa, and Western Union have implemented a vulnerability disclosure policy. The bounties they pay out to ethical hackers pale in comparison to the reputation and revenue losses that would haunt them should unethical hackers get their hands on the same exploits.
Bug bounty programs
Bug bounty programs are a method to compensate ethical hackers that report their vulnerability findings. They also prevent disruption of the service because the business has time to patch out the found exploits. This also makes black hat hacking less appealing because it can be more beneficial to cash in on the bounties rather than end up in jail if you get caught. Plus, individuals who want to be challenged by top-grade security systems get a constructive outlet for their hacking skills.
Such programs have quickly found their way into the private sector. But government institutions around the globe are also catching up. Even the United States Department of Defense is allowing their IT infrastructure to be tested with payouts for vulnerabilities found. There's a noticeable shift from threatening white hat hackers towards encouraging them. There are also different grades of exploits. The more extreme vulnerabilities will yield more significant rewards than smaller bugs. There are online communities that connect freelance penetration testers and hackers like HackerOne.
The difference between White Hat, Grey Hat, and Black Hat hackers
White, grey, and black hat colors are a way to distinguish between the different intents that a hacker might have. Usually, when we say hackers, we assume a shady individual with a hoodie that's after your banking information. That's a black hat hacker - he is malicious and probably a criminal. His efforts focus on personal gain, whether that's financial profit or pure pleasure. It could involve staging man-in-the-middle attacks, running botnets, or breaking passwords. In any case, black hat hackers don't warn about their attacks and don't explain their methods.
Grey Hat hackers don't necessarily announce their visit. Nor are they checking whether the company has a vulnerability disclosure policy. In most cases, they're just looking for exploits, which they might disclose to the company for a bug bounty. However, the company might see this as an unwelcome intrusion. The emphasis often falls on broken laws rather than the value in uncovered exploits. However, this type of hacker does not have the same level of malicious intent that a Black Hat would have.
White Hat hackers are the sort of hackers that the companies themselves welcome with open arms. Although it sounds counterintuitive, they're politely drawing a target icon on their backs. White hatters are just as capable as the Black Hats. However, they act under the organization's pre-published disclosure policy. It helps them not look like criminals. Playing their cards right, most white hat (ethical) hackers can even look at prospects of being employed by one of the organizations they've hacked into.
Do real ethical hackers exist?
There have been plenty of critics of ethical hacking. These critics question whether there is a clear line between the White Hats and Black Hats. They see the term "hacker" itself as problematic. By giving a sense of legitimacy, supporters of ethical hacking normalize the act of gaining forced entry to computer systems and networks.
What's more, while there are multiple cases of Black Hat criminals seeing the light, there are plenty who juggle both hats successfully. Often without telling their employers. It's fair to say that these IT professionals are a huge threat to businesses and government institutions. Encouraging them to assume the hacker identity seems to feed this risk.
On the other hand, the notion of White Hats, Grey Hats, and Black Hats doesn't have to be related to hackers only. Plenty of other workers that hold significant power or insider knowledge can use it as leverage against their employer. Therefore a Black Hat can be successfully worn by a medic or a priest – it's impossible to paint the reality in black and white.
What does ethical hacking involve?
The activities of ethical hackers have to satisfy specific criteria. Here's a checklist to make sure your efforts stay in line:
- Permission – the whole point of ethical hacking is to provide a service, not to take systems offline. While you can help out organizations by finding weaknesses without letting them know beforehand and getting their permission, this is usually frowned upon by ethical hackers.
- Limits – when ethical hackers gain access to the company's IT systems or databases, this gives them a vast (and tempting) amount of power. They could harvest personal details or map out the way servers are structured, among other things. But they don't do that. Instead, ethical hackers limit their actions to what is strictly necessary to provide valuable security insights.
- No loose ends – when ethical hackers gain access to a system, they take care not to cause any damage. More importantly, they do not leave any backdoors for other hackers to exploit in the future (including themselves). That's again another temptation to resist, and clearly, not all hackers are up to the task.
- Honest reporting – being an ethical hacker requires one to communicate about his or her findings. Ethical hackers must report whatever they find to their clients or managers, giving a clear, actionable account of what needs doing. Otherwise, there's no (ethical) point in doing the whole thing.
How to learn ethical hacking?
Learning ethical hacking simply means learning to hack. This essentially involves being able to find vulnerabilities and exploit them. Therefore, your first step would be learning the basics of computing and networking, then move on to how to tamper with these systems. Don't expect to find a course called Hacking 101. Just look for everything cybersecurity-related, and you'll find what you need.
The benefit for most ethical hackers isn't the money. A survey of over 1,600 White Hat hackers confirms this. Instead, they are more interested in expanding their knowledge and skills, not using them for personal gain.
However, there's no doubt that learning ethical hacking can be a lucrative career move. The same survey found that the salaries of ethical hackers is 2.7 times bigger on average than of conventional software engineers. Their skills are in huge demand, often ignoring any concerns about morality.
Certified ethical hackers
You'd be surprised to find out that there are certification programs for ethical hackers. Most likely, their official title will be that of information security professional. However, to apply for this certificate you need a minimum of two years of work experience in the cybersecurity field or official training.
It's awarded only to those candidates that pass a multiple-choice exam consisting of 125 questions. They also must compromise a system in a simulated environment. Whether it would count if you hacked into their database and added your name near the graduates' list is an open question.
Best ethical hacking courses and certifications
There are more ways in which you could expand your knowledge. Here are some of the courses that award certificates that should take you closer to the life of an ethical hacker.
Offensive Security Certified Professional
If you want to get serious, you should get on board the Penetration Testing with Kali Linux course available at Offensive Security. This course is online-only, and its goal is to not only give you a hands-on approach. It aims to provide you with a pretty good idea of how you should go about hacking in real and applicable cases. After the completion of a course, students who pass the exam get the Offensive Security Certified Professional (OSCP) certification.
Certified Information Systems Security Professional
International Information System Security Certification Consortium or (ISC)² is an independent organization that focuses on infosec training. They have one of the most extensive courses on cybersecurity – CISSP (Certified Information Systems Security Professional). This program covers a wide range of topics that should be useful to more IT security professionals and ethical hackers alike. Complete the course, pass the exam, and the certification is yours.
Don't forget that if you don't need a certificate to hang on a wall, there's nothing wrong with self-improvement courses. For example, you could try Udemy courses of Heath Adams. They cover a wide range of topics, including practical guides on ethical hacking. You can also fool around in sites like try2hack.nl. If you're wondering about the possible job prospects or are wondering about a career change, these tools will give you a demo version. It might be enough to find out if all this appeals to you.
White hat hackers you should follow
This guy is the Lead Software Security Engineer and the head of an Open Web Application Security Project (OWASP) chapter. If you haven't heard about them, they're a community of cybersecurity specialists that specialize in web applications. He also appears on The Beer Farmers podcast, where, despite the title, he discusses cybersecurity matters.
Daniel Miessler is a widely known cybersecurity expert. You can find his think pieces all around the web and on his cybersec blog at danielmiessler.com. He has almost 20 years of experience under his belt and focuses mostly on web applications and IT security programs. If you've ever visited a cybersecurity convention, it's very likely that you've seen him and didn't even stop to say hi (which is rude).
Alyssa is a well-known hacker who launched her career pretty much during her school years. This led her to penetration testing roles, and eventually to more general vulnerability management roles. It doesn't seem that she's planning to slow down. You can regularly find her at various conferences.
A hacker with a very cool looking Twitter profile photo is also the Head of Hacked Education at HackerOne. Yes, the same site connects hackers with businesses, awarding the most severe security vulnerabilities with payouts. He's single-handedly responsible for over 600 loopholes found across services like Airbnb, Snapchat, and Google. That's no small feat. He also live streams some of his hacking on Twitch. If you follow his updates on social media, you might learn a thing on two on ethical hacking.