Hacking and cyberattacks costs organizations across the world millions of dollars every year. Information and data are most valuable assets of an organization in digital era. Keeping information secure and safe is essential for an organization to protect the image and prevent losses from legal actions. With the technology boom, cyberattacks also increased. Organizations engage ethical hackers as part of cyber security measures to ensure that they are ahead of cyber criminals and illegal hackers.
What is hacking? Who is a hacker?
Hacking is the process of intruding into a computer system or network by identifying and exploiting vulnerability. Hacking is an unauthorized illegal activity. A person carrying out hacking activity is known as hacker. In order to identify the weakness in a computer system, break the computer security and penetrate the system, a hacker needs computer program skill and cyber security expertise.
How can hacking be classified?
Basically, hacking is an illegal activity. However, based on the intent of the hacker said activity can be broadly classified as follows:
White hat (Ethical hacker): A hacker who identifies the inherent weakness of a computer system to rectify the same is known as white hat. As party of cyber security, organizations began to use the service of persons to identify the weakness in their own system and the hackers involved in such authorized hacking is known as ethical hackers. Ethical hacking is normally done as part of Vulnerability Assessment and Penetration Testing (VAPT) exercise. They are professionals engaged by the organization itself to strengthen cyber security features. External teams that carries out ethical hacking are known as Red Team.
Black hat (Cracker): Black hat is hacker who attempts illegal access to computer systems for individual gain. The motives behind such unauthorized access involve stealing organizational data and secret information, gaining access to intellectual property rights, unauthorized transfer of funds, damaging reputation of organization, damaging computer system, harming business prospectus, monitory gains etc. Due to the destroying nature of activities being performed, black hats are called crackers too. They gain illegal access, damage computer network, steal data and even deny access to authorized persons for monitory gain or other willful purposes.
Grey hat: A hacker who gains illegal access but with the intention of identifying the weakness and reporting to the owner is known as grey hacker .They are not engaged by the organization and hence do not classify as white hats. They do not damage the system or steal information as in the case of black hats. Hence grey hats position themselves between ethical hackers and crackers. Curiosity to identify weakness in computer program and urge to test their computer language skills guide the grey hats. They notify the admin of the network system about the vulnerabilities in the computer system.
Less skilled persons gaining access of computer system using already available hacking tools is known as script kiddies. A hacker who uses the stolen data for sending out social, political and religious messages or uses the hijacked websites for displaying messages is known as a hacktivist. Vishing is a crime carried out using land phone lines. Similarly, a hacker who identifies and exploits weakness in telephones instead of computers is known as phreaker.
What are the preconditions for an ethical hacking?
All kinds of hacking are considered illegal barring the work done by white hat hackers. However, for a hacking to be considered as ethical, the hacker should follow certain rules.
• Ethical hacker should obtain written permission from the organization before hacking.
• Should ensure secrecy of data and privacy of organization.
• Identified weakness should be reported to the organization and hardware and software vendors.
How does an ethical hacker perform his duties?
Ethical hackers perform their duties by scanning ports and seeking vulnerabilities by publically available port scanning tools or own developed methods. They engage social engineering to initiate controlled an attacks. They may also adopt other social engineering techniques or play the kindness card to trick employees to reveal passwords or gain access to vital data. Ethical hackers will try to breach Intrusion Detection systems(IDS), Intrusion Prevention systems (IPS), honeypots, and firewalls to penetrate systems. A report on the attempts made along with the observed vulnerabilities is then submitted to the organization to rectify shortfalls and strengthen cyber security aspects. Cyberattack: Techniques, Consequences and Prevention
Hacking and Ethical Hacking
Hacking is the process of illegally intruding into a computer system and the person who performs it is a hacker. Ethical hacking is done with the permission of an organization.