4 Questions about Ethical Hacking

by Josh Biggs in Tech on 26th October 2019

An ethical hacker, also called a White Hat hacker and a penetration tester, does what hackers do best. They find ways to gain access to computers, devices, and networks. What distinguishes them from other types of hackers, however, is that they do not do this with malicious intent. They expose potential security issues so that the owners of the compromised systems can fix them.

What Other Types of Hackers Are There?

There are essentially three types of hackers. Each type is characterized by the motivation for why they hack into other computers.

The first type is the Black Hat hacker. This person searches for vulnerabilities in their targets and hacks into these for financial gain, or to perform malicious actions that range from deleting important files to taking the system out of action.

The next type is the ethical White Hat hacker. This person does pretty much the same thing as the Black Hat. But they do so with the knowledge and permission of the owners of the target systems. Their intention is to expose the system’s weaknesses so that these may eventually be addressed.

Then there are the complicated Grey Hat hackers. They, too, hack into systems. Like Black Hats, they do so without the knowledge of the targets. But like White Hats, they may do so to inform the system’s owners and collect a reward for helping point out potential problem areas.

Is Ethical Hacking Illegal?

Since this type of hacking is done with the permission of the system’s owners, and because its intention is to eventually improve security measures, ethical hacking is seen as a legal activity. The same cannot be said, however, for Black Hat and Grey Hat hacking.

What do Ethical Hackers Hack? How Do They Do It?

Like other hackers, ethical hackers try to get into and gain control of computers and systems, often to show how easy it is to get to access sensitive data such as credentials, passwords, credit card details, etc. They may also attempt to disrupt networks and systems to test their resilience. The ethical hacker’s work consists of a few distinct phases.

  • Reconnaissance involves learning all there is to know about the target system.
  • Next, the hacker probes the target, scanning it for any weaknesses they can exploit.
  • Armed with all the necessary information, the hacker may then proceed to the phase that we normally associate with hacking.
  • Of course, once in the target system, the hacker must evade any protective countermeasures and maintain access to the system.
  • Technically, the ethical hacker does not need to clear tracks because they have permission to penetrate the system. But they must do so to demonstrate what a Black Hat may do to throw off any cybersecurity measures.
  • This last phase is probably what distinguishes the ethical hacker from the Black Hat. The White Hat will report the findings back to the system owners, and may recommend courses of action to correct any issues found during the penetration test. This phase, for a Black Hat, will involve profiting from the exploit.

Can a Career in Ethical Hacking Pay Off?

The ability to locate weaknesses in company computer systems is certainly a valuable skill set that many organizations would willingly pay for if it can help them improve their security. Also, to become an ethical hacker, one would need to have a sound knowledge of operating systems, computer networks, databases, and computer software. In other words, an ethical hacker should at least be as good as a competent specialist in Information Technology, and should, therefore, be paid at least as much.

Categories: Tech