When is hacking ethical?
Let’s start with a couple basic definitions. Hacking is using a computer to gain unauthorized access to data in a system. Therefore, a hacker is someone who uses computer technology to gain unauthorized access to data in a system.
There are several different types of hackers each with their own purpose – primarily White Hat Hackers and Black Hat Hackers. White Hat hackers are the good guys of the hacker world. They typically have a strong IT security background, and may even be certified as an ethical hacker. Black Hat hackers are the ones you hear about in the news. They gain access to information from banks or other businesses and typically steal money, credit card information or proprietary data.
The origin of the use of the word “hat” in both is mostly agreed upon to be from black and white western movies – where the good guy wore the white hat, and the bad guy wore the black hat. Like with most things tech related though, it’s not as simple as black and white.
In addition to white for the good guy, and black for the bad guy, there is “gray hat” for those who hack for their own purpose but don’t steal money or information, and typically don’t do it to help others, “green hat” for black hat hackers who are just starting out in the hacking world, and “red hat” for the vigilante hackers who go after the black hat hacker using aggressive hacking methods.
The term ethical hackers is actually frowned upon by some who see it as a contradiction in terms. Many times, the name “penetration tester” is adopted instead. So, what is ethical hacking?
Ethical hacking is hacking typically performed by White Hat hackers to help identify potential threats on a computer or network. Ethical hackers will attempt to bypass security to search for vulnerabilities that can be exploited by malicious hackers. They then take this information and report it to software and hardware vendors so that they then can address the vulnerability.
There are rules that must be obeyed for the hacking to be deemed ethical. Those rules include obtaining permission to gain access to the network to identify risks, respecting the company’s privacy, observing good security practices and finally notifying the software or hardware developer of any found vulnerabilities.
Ethical hackers can employ a number of modes to gain access. They can hack a system from the inside on the same network as the targeted data and systems, from the outside, use stolen equipment, gain physical entry, bypass authentication and use social engineering. All of this is commonly referred to as penetration testing – and is both needed and welcomed in the technology community.
When vendors are informed of the vulnerability they issue patches to correct the issue and improve the security of their product before its compromised. Think about Microsoft or Apple OS Updates and virus definition files that your computer downloads. Many times, these updates include patches to security vulnerabilities found by ethical hackers.
Ethical hacking is such a sought-after service, that many organizations will pay a bounty or award prizes for identifying and sharing these security vulnerabilities.
Some IT providers provide an ethical hacking service in the form of penetration testing. Typically, software that is designed to seek out exploits and find security vulnerabilities is run on a customer’s network. The results, in the form of a comprehensive report, are provided to the customer – along with recommendations to patch and correct those vulnerabilities. Often this is provided to the customer as an included service with their managed services agreement or it can often be purchased separately. Talk to your IT provider to find out more about penetration testing and how you can benefit from periodic tests.
“Ethical hacking is such a sought-after service, that many organizations will pay a bounty or award prizes dor identifying and sharing these security vulnerabilities.”
Michael Remer is founder and president of ComputerCare LLC, an IT services company providing a full spectrum of IT solutions and services to small and medium businesses.