What Is Ethical Hacking and How Can It Protect You Against Threats?
Table of Contents
- By Alison OLeary
- Apr 22, 2022
Hackers have a bad name, and for good reason. Hacking is unauthorized entry into computer systems and software, often by breaking in through system vulnerabilities. By comparison, ethical hacking is authorized access using the same methods. Some companies and organizations welcome ethical hackers who help improve security without doing damage.
Hacking has become such a serious problem that the FBI has created a separate Most Wanted category strictly for computer criminals. Computer hacking is a significant problem. Opportunities for hacking have multiplied since many companies are migrating their businesses to cloud computing to make the most of advanced technology. One report says that hacking cost businesses $1 trillion in 2020. Reports say the widespread malware attack called SolarWinds that was attached to business computers cost the host software company $25 million. Even small businesses lost an average of $24,000 to hackers. This is why ethical hacking has become popular.
What is Ethical Hacking?
Ethical hackers figure out flaws in computer code and how they can be exploited for malicious purposes. Flaws may:
- Allow access across platforms, letting a hacker steal data.
- Allow ransomware that freezes the company's assets until the hackers' demands are met with cryptocurrency payments.
- Provide an opportunity to implant malware that is sent to all client computers.
- Be human: employees who can be tricked into providing proprietary information or access to data.
- Be exposed through scans that search for vulnerable code.
Key Concepts of Ethical Hacking
In addition to looking for ways to breach poorly secured software, data, and code, ethical hackers may exploit flaws in employee training to gain access to systems and data. These methods can include:
- Phishing – sending an email that entices the individual to click on a fake link. This link can launch malware or trick the employee into using a PIN or password collected by the hacker and later break into company data.
- Waterholing – A process of guessing which websites employees use and lacing the website with malware. The malware allows the hackers access to company computers.
- Smishing – Sending text messages to employees hoping to get them to click on a link that will provide crucial information that allows hackers entry into a system or database.
Who Are Ethical Hackers?
The National Security Agency (NSA) teaches courses in ethical hacking to train individuals on methods that malicious actors use to attack systems. These practices are designed to strengthen defenses against real hackers. Those interested in solving puzzles and computer security can earn an ethical hacking certification from Security University. This program may be a step in becoming an IT professional or a software developer.
How Do Ethical Hackers Differ from Malicious Hackers?
One computer security company calls ethical hackers the white hats and malicious hackers the black hats. There is a third category, gray hats, who are hackers that are not invited to test the security of systems and do not hack to do damage. Gray hats hack for fun, to test systems, and often leave notes about the vulnerabilities they find. In a recent gray hat hack, systems administrators of Amazon cloud services were left notes about exposed data that hackers found easily. Gray hats are more likely to leave such anonymous messages than to approach system administrators directly because they could face legal penalties for hacking if they were caught.
Famous Hackers Who Claim to be Ethical
One of the most infamous hackers of all time is Anonymous, which is not one person but a group ("hacktivist collective") that started on the message site 4chan in 2008. While Anonymous clearly operates as an illegal hacking organization, some say its motives are ethical. Anonymous has partnered with WikiLeaks to release classified government information that allows people to understand better what governments are doing. Anonymous has also participated in many hacks against specific groups whose motives run counter to what Anonymous sees as in the interest of humankind, such as DDoS (Distributed Denial of Service) attacks on MasterCard and PayPal for stopping payments to WikiLeaks founder Julien Assange. The group has also attacked the Church of Scientology, anti-abortion groups, Sony, and child pornography sites. In the fall of 2021, Anonymous hacked into the membership rolls of Neo-Nazi and white supremacist groups, collecting the information and distributing it to journalists who revealed the identities of some. Members of Anonymous may wear masks of a historical figure, Guy Fawkes.
An American man named Kevin Mitnick has made a career in computer hacking. When he was 16 years old, during the infancy of computer companies, Mitnick wreaked havoc on computer networks and phone companies by hacking into their systems and copying code. He has been arrested and jailed for his crimes. In recent years Mitnick turned his talent for breaking into computer systems into a security consulting business. In his business, he ethically hacks clients’ networks to reveal vulnerabilities. The techniques were learned during his criminal exploits.