Mention the word ‘hacking’ to the man or woman on the street, and they’ll probably have a pretty good idea of what you mean. They might imagine a mysterious online mischief-maker, stealing and selling on credit card numbers. Alternatively, they may dream up an image of a foreign agent breaking into IT systems crucial to national security.
Either way, they’ll think of something negative. And that’s because ‘hacking’ is a word with overwhelmingly negative connotations. As with everything in life, however, things aren’t quite so simple. There is such a thing as ethical hacking, and its position on the spectrum of good and evil isn’t as clear cut as you might imagine…
A question of ethics
Ethical hacking describes the process where a hacker is authorized to launch a cyber attack on an IT system for testing purposes. Companies and organizations can ask ethical hackers to try to exploit their IT infrastructure, in order to identify vulnerabilities. The hacker is then expected to report back any weakness or problems which they find.
The concept behind this strategy is that it takes a thief to catch a thief. It’s only by having a trustworthy hacker attacking your system that you can see how it might fall prey to a real cyber attack. Ethical hackers deploy all the same methods, tools and knowledge that actual cyber-attackers have at their disposal.
It’ll be all white on the night
Ethical hackers are often described as ‘white hat hackers’. Their malicious counterparts, by extension, are referred to as ‘black hat hackers’. The terms derive from spaghetti western films, where the good guys wore white hats and the baddies wore black. And there’s a fair argument to be made for suggesting that all ethical hackers are the good guys. Cybersecurity is vital for any company with an online presence, and the effects of a cyber-attack can be crippling, yet they’re becoming ever more common. The EC-Council – the world’s largest cybersecurity technical certification body – claims one in three Americans is affected by such an attack every year.
Ethical hacking has proved to be an effective way of guarding against cyber-attacks. White hat hackers have exceptional knowledge, as they have the best understanding of the methods employed by their black hat brethren. Even expert cyber-security consultants may not know all the backdoors and workarounds that might lead to an attack. Consequently, employing an ethical hacker can often lead to real improvements in the security of a system. What’s more, these improvements can be made before vulnerabilities are found by a hacker with malicious intent.
Good guys don’t always wear white
The theory is certainly sound, and employing a digital ‘poacher turned gamekeeper’ can be very beneficial. It offers a real boost to any organization’s cyber-security. Yet in practice,
ethical hacking can go wrong and cause firms no end of trouble. We’ve already talked about how ethical hackers have the same skills and talent as malicious ones. Unfortunately, this means they’re just as capable of putting their expertise to nefarious purposes if they choose to. In fact, they probably have the best chance of doing so as they’ve been invited into an organization’s IT systems. For that very reason, this is a potentially risky business. After all, hackers may not always wear white.
The issue of whether ethical hacking is a force for good is perhaps better considered as a gray area. In theory, it’s great for shoring up your systems against attacks. In practice, though, you might end up putting those very systems at even greater risk. It’s a practice best approached with caution, diligence and plenty of research on prospective white hat agencies.