Ethical hacking is a term used to refer to legal, authorized efforts by hackers to find security vulnerabilities within computer systems. It is sometimes also referred to as “penetration testing” or “pen testing.” Ethical hackers are security experts who attempt to break through cybersecurity in the same ways that a malicious hacker might. They are sometimes called “White Hats,” a reference to old Western movies in which the good guys could always be easily identified by the white cowboy hats they wore.
Ethical hacking allows companies to stay ahead of potential threats by thinking like a criminal might. By employing an ethical hacker to reveal cybersecurity holes that they may have missed, developers can address issues before malicious hackers have a chance to exploit them.
Ethical hacking vs. malicious hacking
Hackers of all kinds use the same set of skills. However, there are fundamental differences between ethical hackers and those who wish to do harm:
Ethical hackers:
- Take the legality of their work very seriously.
- Generally work within an outlined scope and do not deviate into areas of software or networks that they are not approved for.
- Report and log their findings so that their clients can assess results.
- Respect the privacy of their clients and do not collect data that is sensitive.
Malicious hackers:
- Try to gain unauthorized access from unsuspecting victims using hidden or destructive means.
- Work only for personal, financial, or political gain.
- Do not report their findings and may in fact sell them to other hackers.
- Seek out private information in order to sell it online or hold it for ransom.
Examples of ethical hacking preventing disaster
Ethical hacking is not just theoretical. Here are five examples of instances in which potential crisis was averted thanks to the skills of an ethical hacker:
- A WordPress plugin called Social Network Tabs was found to leak login information associated with users’ Twitter accounts. An ethical hacker discovered the vulnerability and reported the breach, resulting in Twitter disabling the vulnerability.
- An ethical hacker discovered that security flaws in a crew information system used on Boeing 787 aircrafts could be misused if its code was grabbed by cybercriminals.
- A flaw was discovered in Visa’s contactless payment system that could allow those with stolen credit cards to bypass payment limits.
- An ethical hacker discovered that a vulnerability in one of Canon’s high end cameras could be used by an attacker to lock up the device and then demand a ransom in order to use it again.
- A vulnerability was discovered in Zoom that would allow malicious websites to initiate Mac users’ webcams and even forcibly join Zoom calls.
Do all companies use ethical hackers?
The term “hacker” in general still carries some negative connotations. As a result, not all companies are eager to expose themselves to people who are generally freelancers or affiliated with third party security research outside of the company.
However, cybercrime continues to make headlines as it grows in both scope and frequency. The tide is changing and more institutions are seeing the benefits of ethical hacking.
In some cases, forward-thinking companies will hire an “in-office” hacker, although many opt to instead offer payment to outsiders who are able to circumvent their security and detect vulnerabilities in unexpected ways.
Apple, in particular, is well known for its “bug bounty” program in which it rewards ethical hackers for discovering flaws in its products.
How do you become an ethical hacker?
The image perpetuated by crime dramas and movies of a computer whiz typing away in a dark room is hardly relevant. Hacking has reached the mainstream. From changes in pop culture references to hacking conventions such as DEF CON, computer and security enthusiasts the world over are not only coming out of the shadows but also showing themselves to be an integral part of our future’s cybersecurity.
Becoming an ethical hacker is a valid career path for those with an interest in computer engineering and a desire to stop crime. There are a variety of courses available for those eager to learn how to use the tools required for the job.
In addition to the necessary education and skills, white hat hackers are to follow a code of ethics. The EC Council, an organization that created the Certificated Ethical Hacker (CEH) exam, has a 19 point Code of Ethics that is meant to guide ethical hackers in their work and philosophy.
You don’t have to be a hacker to maintain cybersecurity
The complexities required to be an ethical hacker or cybersecurity expert are many. Thankfully, it’s not necessary to be a computer engineer to do your best to stay safe and remain vigilant when it comes to your own cybersecurity. Follow these best practices, some from white hat hackers themselves, to maintain tight security and keep your network safe from malicious hackers:
- Maintain good password security by creating randomized, impossible-to-guess login credentials across all your platforms.
- Do not allow your web browser to save your passwords.
- Do not click links in suspicious emails attempting to scare you into doing something urgently.
- Set up multi-factor identification wherever the option exists.
- Set up and use a Virtual Private Network to keep your web use out of sight.
- Use a firewall to protect your network from unauthorized access.
- Keep your apps, operating systems, and anti-virus software up to date.
