Ethical hackers use their skills to scan systems and networks and protect them against cyberattacks. They use many methods, which criminal hackers also take advantage of.
What is an ethical hacker?¶
When it comes to « hacking, » most laypersons immediately think of people who gain access to the systems and networks of individuals, organizations, government agencies, and businesses from their personal computers and destroy or steal confidential data. This view of things is not entirely wrong, because after all, criminal hackers do exist. But it also leaves out a lot of people who put their hacking skills to work for a good cause. These hackers, who break into a system without bad intentions and with the consent of its owners, are called ethical or “White Hat” hackers. They play a major role in the fight for a safer digital space.
There are also female ethical hackers. For the sake of readability, however, we will content ourselves with using the neutral form of the Anglicism “hacker” in this text.
White Hat hackers owe their name to the classic filmography of westerns. In these westerns, the heroes were often recognizable by their pristine white hats and fought tirelessly against evil. In the context of hacking, this role is assigned to the ethical hacker. They make their tactics, often referred to as ethical hacking, available to their victims. The « white hats » also exploit security leaks to access networks and systems. The intrusion having succeeded, they however inform the persons in charge so that they can close this front door. This helps prevent downtime and data theft, and cybercriminals have fewer opportunities to cause damage.
What types of ethical hackers exist?¶
The intent and approach of white hat hackers may differ. While some put themselves at the service of Internet security and offer their knowledge and skills for a good cause for free, others have hacking their livelihood. Companies and organizations hire ethical hackers to test their systems from top to bottom. When hackers encounter problems within the security architecture, they are able to correct them in time. If it proves impossible to gain access to confidential data, it is highly likely that it will also be protected against criminals who implement comparable methods to circumvent security systems.
What are the methods used by ethical hackers?¶
These methods are multiple and can vary depending on the client and the security architecture. The best-known practices that ethical hackers use with the consent of their customers or system operators are:
Penetration tests¶
Penetration tests check vulnerabilities in networks or individual computers. White Hat hackers are looking for a way to access the entire system through a front door.
Social engineering¶
The security of data centers does not only depend on the machines installed there. Human errors can also cause significant damage to the security architecture. White hat hackers test employees through social engineering, such as sending them malware or tricking them into releasing sensitive data. Employee reaction can then be analyzed, which builds awareness of the issue.
Software¶
Thanks to numerous programs and tools, ethical hackers can attack systems with the authorization of operators and thus locate vulnerabilities. In some cases, companies go so far as to call for attacks on their networks and reward ethical hackers who, for example, will be able to bypass cloud security systems.
Honeypots¶
Honeypots are nothing more than bait designed by ethical hackers to attract criminal hackers. This makes it possible to unmask them or at least to distract them. This tactic is also well suited if one wishes to study the modus operandi of intruders thus prevented and to draw conclusions about one’s own precautionary measures.
White Hat, Black Hat and Gray Hat Hackers¶
If we see things in a Manichean way, we can say that “where there are heroes, there are also villains”. But it is enough to take an interest in the famous group of hackers Anonymous to see that the borders are not always so well demarcated. Although many people see the collective primarily as an activist group, others also see them as criminals due to their methods. Apart from ethical hackers, hackers are categorized into two other groups.
Black Hats¶
The opposite of the white hat hacker is the black hat hacker. Named after the black-clad protagonists of old Western films, the « Black Hats » exploit the holes in a safety net. to access sensitive data or destroy a system. Their actions are criminal and focused on their own unique advantage. The « black hats » blackmail operators, steal and sell data or paralyze infrastructure. They therefore correspond to the negative image that many people have of hackers. Some Black Hat hackers also act for ideological reasons, but use reprehensible methods. White Hat hackers primarily protect systems against Black Hats.
Gray Hats¶
The world is no black and white, and piracy is no exception. Gray Hat hackers are a mix of White Hat and Black Hat hackers. Although they also exploit illegal methods to infiltrate systems without being prompted, they do not steal, but report leaks to operators. While some “grey hats” certainly also feel concerned about the good cause, others act simply to prove their skills or to attract attention. Affected companies and White Hat hackers generally consider Gray Hats to be critical because they are unsolicited and illegal.
Famous ethical hackers¶
There are many ethical hackers all over the world, in part because legal network attacks have become a lucrative profession. Among the ethical hackers who have made a name for themselves, we find:
Sir Timothy Berners-Lee¶
Timothy Berners-Lee is the inventor of the World Wide Web and today teaches at MIT and Oxford University. He is considered an internet safety advocate and a leading figure in ethical hacking.
Dan Kaminsky¶
Dan Kaminsky was a renowned American security researcher who, among other feats, uncovered a gateway within the DNS protocol. Kaminsky was a co-founder of Human Security (formerly White Ops) and has lectured extensively on ethical hacking. He died in 2021 due to diabetes.
Charlie Miller¶
Charlie Miller found great popularity when he won the hacking contest at the Pwn2Own conference and later uncovered other vulnerabilities in Apple products. He worked for the NSA and managed to crack the electronics of a Jeep Cherokee in 2014.