When you say “hacker”, most people imagine the kind of criminal that, through their sheer Internet skills, break into business’ websites, steal data, and otherwise create havoc. This is certainly a kind of hacker, but there are “good guy” hackers too. These ethical hackers, or “white hat” hackers form a critical line of defence against the malicious actors.
For this reason, many people would rather term the “black hat” or malicious hackers “cybercriminals,” to help clarify that there’s nothing inherently evil or criminal about hacking.
What does an ethical hacker do?
Essentially, an ethical, “white hat” hacker does the same thing as their criminal counterparts. They’ll test the defences of a company’s software, IT infrastructure, and network, looking for vulnerabilities, and trying to break in.
The difference is the intent.
A white hat hacker isn’t trying to cause harm. In fact, they’re either hired by or contracted to the company they’re trying to break into! The purpose of the hacking is to highlight the weaknesses in the company’s defence, and allow them to patch and resolve those issues before the black hat hackers come knocking.
As such, the work that the white hat hackers do is sanctioned and legal. Then there’s the third kind of hacker to consider, the “grey hat” hacker. Unlike the white hat hacker, the grey hat hacker isn’t directly hired by or employed by the company that they’re trying to break into.
However, unlike the black hat hacker, they’re not trying to steal information, install malware, or otherwise cause harm. Most of the time, a grey hat hacker will find a weakness, alert the company to it, and then move on.
Why do they do this? Often it’s for prizes. Many modern companies offer a “bounty” if a member of the ethical hacking community is able to find a bug or vulnerability and reports it. Grey hat hackers can make some good money but hunting around for these exploits across several companies. The really good grey hat hackers can even be subsequently headhunted and find permanent (well paying) employment as white hat hackers.
How an ethical hacker will work
For white hat hackers, the work process will be as following:
1) First, they’ll seek authorisation from the organisation with the system. If they’re an employee, this is straightforward enough. If they’re a contractor, there might be meetings involved.
2) They’ll then sign an NDA, guaranteeing that they will keep their findings and work confidential.
3) They’ll then determine the scope of the assessment so they can explain to the organisation exactly what they’ll be doing.
4) They’ll then report any security openings that they were able to exploit to breach their customer.
5) Finally, they’ll erase their footprint, and any evidence of a hack after they have finished exposing the vulnerabilities. That footprint can provide black hat hackers with a guide and beacon, so it’s important to scrub their presence clean after their work.
Ethical grey hat hackers, on the other hand, will follow the above, but it will be more a case of an internal moral guidance than formal process. For example, a grey hat hacker isn’t going to seek permission, nor sign an NDA. However, they’re also going to make the company aware of the vulnerabilities they find, and still scrub the data they retrieve at the end, as they aren’t going to do anything with it.
How do I become an ethical hacker?
You don’t need much to become an ethical hacker. A good, fast Internet connection is essential, since you’re be doing a lot of work online (and sometimes with large amounts of data), but otherwise many ethical hackers are self-taught. Some of the key skills you’ll need to brush up on include:
1) Knowledge of programming – naturally, you’ll need to know how software is made and have some basic coding skills to help you break through defences/write small programs of your own.
2) Scripting knowledge – this is important for you to test the defences of networks.
3) Database knowledge – in most cases you’ll find the vulnerabilities that you’re looking for by targeting the SQL database management systems. It’s one of the most critical security vulnerabilities for a lot of organisations.
4) Operating systems – you’ll need to be comfortable with Windows, Linux, and Unix in particular, as most organisations operate on these platforms.
5) Cloud systems and structures – with most organisations now utilising containeriasation technology (Kubernetes etc) on
6) Datacentres – you’ll also need to know how datacentres are physically constructed and all the components that go into them.
The benefit to being an ethical hacker is that you’re in great demand. Especially with the wave of high-profile security breaches that is sweeping the globe, people who can assist organisations with locking their IT environments down can command high wages and strong career growth potential.
It’s also a thrilling job and, as a white hat hacker, there’s no risk of going to jail as both black and grey hat hackers face.