It’s common knowledge today that anyone who gains unauthorized access to data in a computer system is called a hacker. But not all hackers are equal. In the world of cybersecurity, computer criminals are called black hat hackers and those who break into systems to expose vulnerabilities that need to be fixed are known as white hat hackers.
The terms are a nod to old-time Western movies, in which the villains wore black hats and the good guys wore white, explains Norton. And while black hat hackers get all the press, those engaged in ethical hacking get all the praise. Their role in cybersecurity is so critical, it’s going mainstream.
Fussing With Machines
Hacking didn’t always get such a bad rap. For centuries, it meant to chop or cut. But in 1955, members of the Tech Model Railroad Club at the Massachusetts Institute of Technology used the word “hack” to mean “fussing with machines.” The club meeting minutes from April of that year state that “Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing,” reports Slate. No malicious intent was inferred.
As computers became more common and people began to understand how these machines could be manipulated, fussing with machines took on dark undertones. Wrong-doers began manipulating telecommunications systems in ways that allowed them to make expensive long-distance phone calls for free. Called phreaking, this activity eventually gave way to black hat hacking in the 1980s and 1990s, as thieves saw money-making opportunities in stealing and selling information, according to National Cyber Security Alliance.
Kevin Mitnick became notorious during these years for penetrating the computer systems of Sun Microsystems, Digital Equipment Corporation, Motorola, Netcom and Nokia. He became the first hacker to make the FBI’s Most Wanted list, reports CISO Magazine, and was finally arrested in 1995. After spending five years in prison, Mitnick became a white hat hacker and started Mitnick Security, a computer security consulting business that deploys “Ghost Teams” of ethical hackers to test the cyberdefense systems of businesses.
Mitnick may have helped put ethical hacking on the map, but it was IBM Vice President John Patrick who coined the term in 1995. He said that ethical hacking was “the goal of the majority of hackers, but the current media perception is that hackers are criminals,” according to the Richmond Journal of Law & Technology. Today, that may be more accurate than ever before. About 30,000 websites are hacked every day, cybercriminals create 300,000 new pieces of malware daily and hackers steal 75 digital records per second, reports WebARX. Attacks can get expensive. Cybersecurity Ventures predicts that IT security spending worldwide will exceed $1 trillion by 2021.
Hacking for Good
As computers, including Internet of Things devices, become ubiquitous, a growing and urgent need has arisen for digital security experts that can wage a counterattack. And ethical hackers, who make an average salary of more than $70,000 a year according to InfoSec Institute, have a multitude of training options.
The International Council of E-Commerce Consultants (EC-Council) is one such group dedicated to growing the community of white hat hackers. The company was founded in 2003, and today is the world’s largest cybersecurity technical certification body, providing training as a Certified Ethical Hacker, Computer Hacking Forensics Investigator, Certified Security Analyst and more in 145 countries. In addition to InfoSec Institute and EC-Council, other reputable hacker academies include Cybrary, Offensive Security, SANS and Hacker House, according to VPNMentor.
Those trained in the art of ethical hacking will be tasked with assessing the security of a computer system and attempt to break in as a malicious hacker might — but in a legal manner. Indiana Tech notes that some job responsibilities might include:
- Scan computer systems for vulnerable open ports, understand the threats it could face and develop a plan to prevent future attacks.
- Dig into digital trash bins to locate deleted chats, passwords and other sensitive information that could be used against a company.
- Examine software patches to make sure they’re current.
- Attempt to dodge Intrusion Prevention Systems, Intrusion Detection Systems, firewalls and honeypots to ensure a computer system has protections in place.
- Check for malware, hijacked web servers or applications and other signs of malicious intent and fix them.
The need for white hat hackers is exploding. Small business, hospitals, large corporations and even local and state governments are being cyberattacked on a regular basis. Anyone from a tech-savvy high school student to a college-trained computer science engineer can make a career out of ethical hacking and keep the computer systems we rely on day in and day out safe.