In a one fell swoop of your mental faculty upon reading the title, if you do, is actually a contradiction of terms. Per se hacking itself is a crime. But there’s way more to take it to the surface and give it an ethical color, that is – Ethical Hacking.
Hacking has been crazily stirring digital as well as even those old school days since the advent of telephone lines. Hacking has been here since 18th century. It started as “Phone Phreaking” where telephone lines are hacked to make a free call, especially long distance call.
Hacking is the act of illegally gaining access or cutting through a (usually) computer system without administrative permission. Illegal hackers usually use brute method to infiltrate a system including servers, Internet sites, e-mails, software, national defense, banks and the likes. Hacking has lots of attitudes, one of which we will be forging a little later.
Undoubtedly, hacking is an offensive act to those unguarded victims but for the savvy, it’s an art, a skill and a talent to spell software codes, and to decode the other way around. Nonetheless, no matter how dexterous you are, just like Kevin Mitnick, one of the world’s brilliant hacker, in front of a lawsuit and federal offense there’s no way you can decode jail pod locks and hinges.
Ethical Hacking has been minted to give light to other side of the same coin – good hacking and bad hacking. Because there are those who hack maliciously for spying security and financial activities, and there are those who hack to foil-out naughty guys of the digital world. They have been given color code according to their hacking preferences; Ethical Hackers are also called “White Hat Hackers,” while Malicious Hackers are called “Black Hat Hackers.” This is a throwback of the Western cowboys, where the good ones wear white hats.
In brief an Ethical Hacker is an expert hired by certain company to intentionally “hack” into their system the way “bad guys” or hackers would do. Ethical hackers don’t have much technical differences with the illegal hackers. They have to see it through the eyes of a real black hat hacker for maximum effectiveness, so they have act like one too. Ethical hackers do the same fashion in breaching corporate systems with which the end result is an added awareness of the company’s vulnerabilities to malicious hackers. Thus, security holes will then be patched up.
Ethical hackers don’t have to worry much of lawsuit or felony with the term hacker append into their badge. They have this immunity to those suits once they are into a legal contract to perform their job. They bring with them a “get out of jail free card,” and the terms of agreement transform their act into legal and of course a high paying legitimate occupation.
On the process, once the hacker has done much of his job and exhausted his attempts to uncover vulnerabilities, he reports back to company the list of them. Nonetheless, it doesn’t seem to be more important but the way of how and the instructions for eliminating those holes the ethical hacker himself provides.
The ethical hacker’s pursuit is to uncover three key areas of the job. He first determines what sort of information a “black hat hacker” will gain access to, then what the illegal hacker could do with the information and finally alerts back corporate employees or staff if the intrusion is successful or not.
If we have to think back, it seems self-defeating that a company would hire someone to sink-in to the heart of their corporate system. Nevertheless, ethical hacking makes a deeper sense. In fact it has been used by lots of companies for years to test the integrity of their products. Car manufacturers subject their products to a third party testing to make sure their products are by itself safe, meets the quality standards and thus, worth the market.
Computer Science Corp. (CSC) provides and trains most of the Ethical Hackers in the United States as well as other places. Their hacking entails few dollars to considerable $100,000 for a couple of days work or weeks.
Now the discussion turns the scope into the mental mainframe of the hackers themselves rather than the corporate security systems. Corporate information surety is just an afterthought, what is really in the forefront are the subjects themselves. We call them “ethical,” are they really ethical? Jim Chapple, head of the CSC Ethical Hacker Team, asserts, “many companies have what we call a candy type of security – a hard, crunchy shell and a soft, chewy center,” he says. “The mentality is, ‘We trust our employees.’ What happens is security becomes lax on the inside.”
Mr. Chapple is amenable that enemy from the inside is more outrageous than those from the outside. External hacks may gain access into the database bit by bit and you’re aware of them most of the time. But threats from the inside, such as from disgruntled employees may permeate into the system and wipe out all your information mercilessly without you being aware despite brushing skin to skin with them everyday.
The film X-Men Origins has its “premature release” on the Internet and pirated DVDs because of the leakage of data. Few speculations surfaced, but one of the spearheading is that leakage was brought about by a dissatisfied employee in the production team.
One industrial company who refuses to be named conceded to be assessed by a CSC Ethical Hacker and the result was alarming. The ethical hacker himself can even able to take total arrest of the administrative privileges of the company’s information system and can enable himself to do wreckage (not done though) on the database.
One of the Ethical Hackers states that bad guys have a nice time with what they are doing because it’s like a pastime or a hobby for them. If you are paying for an Ethical Hacker for a quarterly check on your corporate system, illegal hackers are doing it every day!
The last line, is that companies and those individuals hiring an ethical hacker must know that a hacker will be at front to some sensitive information about your business, and the first things first is honesty and integrity on the part of the person – that sometimes you can’t even pay for.
One more thing, you might as well wish to hire security assessment for disgruntled or dissatisfied employees for maximum peace in your business, they could be more dangerous after all.