To most people hacking has a bad reputation. However, not all hacking is a bad thing. In order to understand vulnerabilities, the manufacturers of cyber security solutions must understand how hackers go about their business.
The hacking community is broadly divided into two groups, white hat, and black hat hackers. Just like Western movies, the white hats are the goodies and the black hats the baddies.
There are other categories, but they are by and large subsets of the white and black categories and members could be just as easily classified as White or Black. These other categories include:
- Script kiddies. These are people, usual teenagers with poor coding skills who download malware kits from the Internet and make a nuisance of themselves developing ineffective malware.
- Nuisances. These are enthusiastic amateurs who infest chat groups seeking out information on hacking and hacking techniques. They rarely develop any malware or hack.
- Zealots. These are embittered individuals who make it their life’s mission to attack specific individuals or groups.
One other group that is worth noting are the Grey Hats. These are hackers, who in some circumstances act as White Hats, but in others as Black Hats. For example, they might uncover a vulnerability in an organisation’s network security. They let the organisation know and ask for a payment for letting them know. If the payment is denied, they post details of the vulnerability on hacking chat groups for others to exploit.
Before considering the difference between White and Black Hats, consider a definition of hackers and hacking:
A hacker is someone who uses their skills and knowledge to gain unauthorised access to a network or computer system by breaking down or bypassing security measures.
Hacking is the activity carried out by hackers to gain unauthorised access to network and systems. Hacking is not necessarily unlawful unless the hacker steals information or compromises the network or system without the owner’s permission.
White Hat hackers, also known as ethical hackers are often employees or paid contractors who test the cyber security solutions protecting an organisation’s network and systems for vulnerabilities using hacking techniques.
They employ the same techniques as black hat hackers, but with the permission of the system owners.
White Hats are usually employed by organisations to identify vulnerabilities in the security systems around their systems and networks. They apply tests to try to identify where the systems can be penetrated and compromised and recommend how these holes can be plugged. There can be a cross‑over with other security aspects involving user behaviour and non-electronic activities.
The kind of tests they carry out include penetration testing, simulating attacks on in-place security systems and vulnerability assessments.
Ethical hackers are employed by hardware manufacturers, particularly network equipment manufacturers, to test their equipment and software for vulnerabilities.
Another employer is anti-malware software companies. In this situation their role is to identify new and variants of existing malware and investigate Internet sites hosting malware. They also look for new malware delivery vectors. Thereafter they develop countermeasures.
Ethical hackers can attend conferences on ethical hacking and take training courses leading to certification.
Black Hat hackers also use hacking techniques to gain access to networks and systems, but this time without the owner’s knowledge or permission. They often also write malware.
Black Hats can be amateurs starting out in hacking to full time professional making a living from stealing information and selling it on or using it for malware exploits. A common target is personal credit card and banking information.
Black Hats by and large are not benevolent. From the newbie trying to drop a malevolent payload on your PC with a bit of home-coded malware to the State-Sponsored hacker trying to manipulate another country’s election results, they are up to no good.
Most people who use the Internet and email are painfully aware of their activities and are paying for it in hard cash. If Black Hats didn’t exist, we wouldn’t need to buy anti-malware software, ISP’s wouldn’t need to include the costs of their security measures in access fees, and organisations like banks perhaps would have lower fees for electronic transactions.
Our Internet and email lives would be much easier. No more worrying about making an e-commerce online payment for example.
They do it for personal satisfaction (“Because I Can”), or for personal or financial gain. They can also be involved with industrial and state espionage, with protest groups or just get a buzz from doing it. Some are out for revenge against an organisation they feel has wronged them, an embittered ex-employee perhaps.
On a ore positive note, many of the advances we see in Internet technologies are as a result of anti-hacking research and development. So it’s not all bad out there.