If you ask me, What is Hacking...
I would say that it is possibly an act of 'compromising' networks and digital devices though UNAUTHORIZED access to a computer system or an user account. But it does not necessarily need to be malicious only.
The general impression of the word is that it is illegal activity and results in data theft by cyber criminals, as they misuse devices, e.g., computers, smartphones, tablets and networks to cause damage to organisations, or to corrupt systems, gather users information, steal data and documents, or to disrupt data-related activities. This makes people imagine that there is a lone rouge programmer who is highly skilled in coding and modifying computer hardware/software.
However, this view is too narrow. Because it does not let them think of the true technical nature of hacking as a SKILL. There is a very high degree of skills involved into it, as hackers are capable of launching highly sophisticated attacks using various stealthy methods which are designed to go completely unnoticed by network security software and IT professionals. Hacking by it very nature, is a multibillion-dollar industry with extremely sophisticated and successful techniques.
Sometimes, there are politically motivated hackers—or hacktivists too, who aim to raise public attention by leaking sensitive information, such as Anonymous, LulzSec, and WikiLeaks.
Here are 2-strange facts about illegal hacking (Source: Fortinet):
1. That the biggest hack in history is thought to be the data breach against Yahoo! The 2013 attack compromised around 3 billion people, and the company revealed that every Yahoo! customer was affected by it.
2. China is believed to be the country with the highest number of dangerous hackers. Most of the major cyberattacks that occurred around the world can be traced back to China.
Yeh, there is distinction among types of hackers out there:
1. Black Hat Hackers.
They are the guys who come very close to the general perception of 'what they do is hacking.' They are the BAD GUYS of the hacking scene. They do everything possible to find out the vulnerabilities in your computer systems and networks and then they exploit those vulnerabilities, usually for monetary gains or other malicious purposes. Most of their actions results in inflicting serious damages on people's and organizations' computers/networks. They are famously known for stealing information, compromising financial systems, and altering or taking down the websites or critical networks.
They have been responsible for everything from the sophisticated take down of nuclear enrichment facilities to the humiliation of major media organizations. It all sounds terrifying, I know.
2. White Hat Hackers
They are viewed as the GOOD GUYS of the hacking scene. They whole time agenda is to try to PREVENT the black hat hackers from succeeding. They also carry out hacking activities proactively, with the good intentions of helping organizations not to become victim of black hat hacking. They also use very high-level of sophisticated, technical skills to break into systems of organisations to 'assess' and 'test' the level and effectiveness of cybersecurity defense mechanism deployed by these organisations. You need to know that the techniques used by these hackers, are very much similar to or even identical to those of black hat hackers. But there is a crucial difference in intent, as white hat hackers are hired by these organizations to test and discover potential holes in their security defenses. That's why their work is endorsed as 'Ethical Hacking.'
3. Gray Hat Hackers
They are somewhere at the middle intersection of the good and the bad guys. They also carry out cyber attacks like a black hat hacker would do, but Gray Hat hackers won't do that to cause harm to organisations, or to make money. Their actions are typically carried out for the 'Common Good' of people. For example, if a gray hat hacker finds a vulnerability, he will go ahead and exploit it, and then eventually announce it to general public with the intention of raising general public's awareness to that vulnerability. He may prefer to disclose it to the organisation first, whose system or software or network, he was able to exploit, giving them a time period to patch the vulnerability. Then the whole exploit would be made public to all.
One hacker has mentioned that--
A hacker is someone who breaks into things. This definition has both a positive and negative side. People naturally like to see people breaking the system, but the line between what is good and what is bad is not always very clear. Take Mark Zuckerberg as an example. He broke into all kind of systems at Harvard and was penalized for those actions. Of course, he has now created something great that benefits a lot of people, i.e., Facebook.
The issue is what the media publishes as soon as something wrong happens. There is no media about the real hackers and security experts that are breaking things for good, through penetration testing, red team exercises, etc. These activities are protected under NDA (in US) and so are never written about. It becomes really hard to understand the FULL PICTURE of a profession in this field when all you see in the media is the negative side of hacking. "It is not so easy to see how these skills can be used for good." There is actually a separate word for people using these skills for bad, “crackers,” but it is mostly unknown.
Another hacker said it once --
"To me, a hacker is more accurately someone who creates things. The term is much bigger than computers. For example, a doctor or medical researcher who is able to create a cure for a disease, is able to do so only by REVERSE ENGINEERING some aspect of biology. Doctors are hacking, creating patches and workarounds, etc. This is exactly the same thing that what we are doing to malware on computers. To me, hacking is a mindset. It’s an approach to problem solving."
White Hat Hacking vs Ethical Hacking
Well, there is no difference. They are same...
In other words, you can say that Ethical Hacking is nothing but the actions carried out by white hat security hackers. It involves gaining access to computer systems and networks to test for potential vulnerabilities, and then fixing any identified weaknesses. It is about using same technical skills for 'ethical' hacking purposes and IT IS LEGAL, provided that individual or you have a 'written permission' from the system or network owner (read, organisation). Since it is ethical, you have the responsibility to protect the organization’s privacy, and to reports ALL weaknesses you find to the client organization and its vendors.
White hat hackers engage in 'Ethical Hacking' because they use their skills to help improve cybersecurity. That's why they are the most indispensable part of cybersecurity paradigm. Not only they are in great demand, but also operate as 'Security Researchers' and help their client-organisations to tighten the cybersecurity.
They also play the role of 'Penetration Testers' as they 'test' -- how easily a system can be infiltrated by black hat hackers. When they test, they may involve all sorts of backdoors, e.g., encryption backdoors that hackers could use to bypass encryption meant to protect the network or its communications. I have seen pentesters evolving into Security Researchers, because of their ability to deal with and attack the 'Malware' directly.
However, most big organisations prefer to employ their own internal team of white hat hackers, and they are using called 'RED TEAM.' They constantly try to hack their system, exposing vulnerabilities and preventing more dangerous attacks. They do it solely for the purposes of benefiting the organization for which they work.
In all practical terms, White Hat Hackers are actually Ethical Hackers.
Importance of White Hat Security
White Hat Security is also known as 'Offensive Security' and it is a very very important skill set in its own right for every upcoming cybersecurity professional who desires to make it big in the arena. There are many reasons to it.
For example, it gives you a more comprehensive 'Web Security' program, because white hat hackers can 'test' so many aspects of your cybersecurity solutions. Next Generation Firewalls (NGFWs) are not a cure for all, you also need the services of white hat hackers. If you don't, you may miss some important vulnerabilities. Remember that experienced white hat hackers have such a wide assortment of tools, skills and knowledge of Network, Web Application, System, Memory, Scada, Digital Forensics, Malware, etc that they can easily 'test' systems regardless of their size or scope.
They actively seek out vulnerabilities and tell you both -- where they are and how they could be exploited. This allows you to address the concerns before you get attacked. Since they are testing your systems/networks on a continuous basis, they can assess your 'RISK' on an ongoing basis too, revealing the issues as they arise.
Offensive Security experts usually have an unmatched accuracy in the industry. They provide the most accurate assessment of your system’s vulnerabilities because they can BOMBARD it with a variety of different kinds of attacks. You may have already seen that organizations such as Microsoft, Google, Facebook, Apple, Govt. agencies such as Pentagon, etc often engage in bug bounty programs that reward white hat hackers with money or recognition whenever they successfully discover a bug in their company’s system. These kinds of issues may not have been revealed if they had not been discovered by the white hat.
Trust me, human mind is the far superior than machines and security software!
How To Learn White Hat Hacking?
Security and hacking is something you can never learn unless you get your hands a little dirty. You need to learn it right way and then use it for right purpose. You just need to know where to draw the line.
There is a hacker named Reginaldo Silva. He gained notoriety for pulling passwords directly off of Facebook servers. Once he discovered how to do this, he could have very easily explored the Facebook servers and found much more. But, he did not. He reported the issue as soon as he found it and went no further. He was responsible about his discovery. Right?
Like I said, you can’t be a hacker without getting your hands dirty. That means you need to learn it right way, through practice. Being a hacker means failing more than you succeed. In cybersecurity and White Hat Security, you need to consider yourself a life-long learner. The day you become an expert is the day you stop learning.
You have to be very passionate about what you do. It is about developing something new with the experience and knowledge you have. It is better to be the person who can solve the problem than the person who hold 15 certifications.
All in all, it is a highly cherishable skill, go for it if you truly wish to become a successful cybersecurity professional!
Kindly write your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM