Ethical Hacking and the Cyber Pros Securing our Networks
It is well known that our computer systems contain weaknesses and vulnerabilities—an inevitable side effect of the continuous advancements being made in computer science and technology.
The problem is that our personal files and the systems that run our world need to be kept private and secure.
There is a constant race between the cybercriminals hacking into our systems for nefarious purposes, and the cybersecurity professionals, ethically hacking into the same systems. A race to either exploit or fix the vulnerabilities that they find.
Ethical hacking is the process of penetrating an organization’s computer network, with official permission, in order to determine if vulnerabilities exist and to undertake preventive, corrective, and protective countermeasures so that an actual compromise to the system can be prevented.
Ethical hacking is typically done by experienced cybersecurity professionals who are recruited directly by organizations.
Organizations that hire ethical hackers give the hackers permission, in extensive legal agreements, to infiltrate their networks, systems, and software applications, in order to identify vulnerabilities. This kind of work is called “penetration testing”.
The goal of penetration testing is to simulate an attack against an organization’s systems to preempt a real attack that could cause harm to the organization and any stakeholders.
Ethical hacking is planned meticulously. The agreement between the organization and the white hat hacker, the colloquial name for ethical hackers, must detail the scope of the job, the timeframe, and the specific applications and networks to be targeted.
All ethical hacking activities must be carefully documented, and exploitable vulnerabilities must be disclosed in detailed reports.
What does an ethical hacker do?
The techniques used by ethical hackers are the same as those used by black hat hackers (the cybercriminals) attempting to penetrate an organization’s network or system from the outside.
When an ethical hacker begins a penetration testing assignment, he or she will spend time doing reconnaissance, observing and becoming familiar with the environment in which the system is located.
The ethical hacker will try to get an understanding of username, password, and email schema, see what normal office behavior looks like, see what programs and systems are in place, and figure out what type of traffic is going around the network.
Once the hacker has an idea of how the system operates, he or she will have a better idea of where vulnerabilities might lie and which attack vectors are most plausible.
Other tasks performed by an ethical hacker:
- Examining patch installations.
- Scanning ports using tools such as Nmap, Nessus or Wireshark.
- Evading intrusion detection algorithms.
- Socially engineering end users to manipulate them into divulging sensitive information and/or providing access to restricted locations.
The people working in an organization are often the weakest link in its security.
A phishing attack is a common social engineering technique, and despite ongoing education and awareness, it is still highly effective. Spear phishing is a targeted phishing attack on a specific person, preferably someone with escalated access privileges within the organization, such as an executive or someone from the IT department.
Persuading a person to reveal information over the phone by pretending to be from the IT department, is also an effective social engineering tool.
Ethical hackers will try to become a familiar face to members of the organization by spending time building rapport. This can pay off in unexpected ways. An ethical hacker can use their familiarity to manipulate someone into providing access to unauthorized areas of the building, such as by asking the person to hold open a locked door that they’d just gone through.
While most ethical hackers are recruited directly by organizations, some may work as freelancers earning bug bounties.
Bug bounties are financial rewards offered by organizations to independent security professionals who can identify and disclose bugs back to the organization.
Bug bounties offer freelance white hat hackers an opportunity to profit from their ethical hacking activities. Bounties can be significant, depending on their importance.
In February 2022, Jay Freeman, better known as hacker saurik, earned $2 million USD in bug bounty after finding a fatal vulnerability on Optimism, an Ethereum layer two solution.
The Ethereum Foundation is currently offering $250,000 USD bug bounties to anyone who can find protocol, client and Solidity bugs affecting the Ethereum blockchain and associated smart contracts within its software layer.
Rules of the game
For a white hat hacker engaged in a permissioned penetration testing assignment, rules will be detailed in a legal agreement. They will be expected to not cause any harm to the network or organization and to not leave persistent changes on the network.
Black hat hackers don’t need to comply by any such rules.
But ethical hacking can have gray areas, particularly for a freelance white hat hacker operating without a specific legal agreement with an organization.
- If a vulnerability is discovered, how far should one go to determine the scope of a potential exploit?
- If a database of compromised passwords is leaked, should any of the passwords be tested? Should they be tested on multiple sites?
- Is it possible to trespass responsibly?
Career prospects in ethical hacking
In the early days of the Internet, some software vendors would offer jobs to people who were reporting bugs to them.
HD Moore, creator of the ubiquitous hacking tool Metasploit, describes how Microsoft tried to recruit him—partly to get him to stop his reporting of hundreds of zero-day vulnerabilities in Internet Explorer. You can listen to his and many other true stories on Darknet Diaries, a podcast about hackers and cybercrime.
While job offers might not be as easy to come by as they were in the early days of the Internet, opportunities for ethical hackers still abound, and they are not limited to penetration testing assignments.
A person working as a site administrator, auditor, security officer, or anyone doing work that involves supporting the integrity of an organization’s network infrastructure may be considered an ethical hacker.
Common job titles related to ethical hacking include:
- Security analyst
- Security consultant
- Vulnerability analyst
- Penetration tester
- Cybersecurity engineer
Getting certified for ethical hacking
The path towards becoming a certified ethical hacker is unique to each person.
Many ethical hackers start with a computer science degree. Later, acquiring certified ethical hacking credentials can fortify a security professional’s application knowledge and make him or her a more valuable candidate for ethical hacking jobs.
CompTIA Security+ is considered one of the first security certifications one should earn in order to establish a foundation of knowledge in cybersecurity.
The EC-Council’s ethical hacking certification confers mastery of higher-level expertise. Their certification exams are provided by various training institutions which offer ethical hacking courses that incorporate training and examination.
Development of computer systems and networks will continue into the foreseeable future. As such, new vulnerabilities will always exist. Fortunately, the training and emergence of ever more skilled ethical hackers proceed apace. The race goes on.
About Ashley Buckwell: Ashley is a technology writer who is interested in computers and software development. He is also a fintech researcher and is fascinated with emerging trends in DeFi, blockchain, and bitcoin. He has been writing, editing, and creating content for the ESL industry in Asia for eight years, with a special focus on interactive, digital learning.