Connect with our experts for counseling on your next step to succeed in your career. Enroll in our Cybersecurity Bootcamp Program to launch your cybersecurity career.
What Is an Ethical Hacker?
Hackers have been part of the popular imagination for decades, practically since personal computers have existed. They have evolved in the same way as computing, giving rise to different types according to their objective. Becoming a hacker is a dream of many people.
Ethical Hacker Objective
The ethical hacker culture's objective is to keep open-source systems running, expand the limits of computer knowledge and keep the technological world completely secure. Most of them are idealists who only want “freedom.” But of course, there is always a limit to every freedom, and this is the major reason for the conflict with hackers and the negative perceptions about them.
What Is an Ethical Hacker?
The word hacker has been so misused in the media that we confuse it with crackers. In general, a typical hacker is someone who illegally accesses other people's computer systems to obtain secret information and take advantage of the victim’s expense. However, that is just a cracker, according to experts in cyber defense and the world of computer security.
Types of Hacker
There are two types of hackers:
- Black hat hacker
- White hat hacker
In the collective ideology, a hacker is “the bad guy.” That is why it has become necessary to add the "ethical" tag when we talk about what was traditionally a white hat hacker, another way of referring to his ability to operate ethically.
Enroll in our Cybersecurity Bootcamp program to launch your career in cybersecurity. Connect with our experts to learn more about our cybersecurity bootcamp.
Responsibilities of Ethical Hacker
An ethical hacker is a person who uses advanced computer skills to do good, such as penetration testing actions like a network services test, remote access security test, social engineering test, and physical security test. Their job or hobby (it depends on who we ask) is to test networks and systems and find vulnerabilities. Once detected, they are reported so that measures can be taken and loopholes can be mended. Damage to the system or its users is never an option. They are white hat hackers, the 'good guys' from the movies. Although, as we will see later, they do not always act altruistically.
They have some knowledge and seek to take advantage of it by doing good, like most professionals. They work against black hat hackers, who seek security flaws in systems to which they have not been invited for their own enrichment, and gray hat hackers, who have their own ethical code but seek profit (report vulnerabilities to the CNI, FBI, Interpol, etc.), those in white hats seek to make the network and systems more secure.
The best way to find out if there are vulnerabilities in your system is to attack it. This means to test it to see where it fails. These coordinated, targeted and often authorized attacks are known as penetration tests or pen tests. Companies often hire them on a voluntary basis to improve their systems. They have been working with different ethical hackers for a long time in order to improve their systems.
We can think of a computer system as a barrier or wall full of holes. Only when someone tries to enter can we see where they have entered and close it. It’s like looking through a thermal camera where thieves enter your fence. The more ethical hacker attacks, the more security. This type of resilience, based on the number of eyes that look, has its maximum exponent in open source.
As an example, think of "the best video player." The URL above leads to a Google search, and VLC Media Player always comes up. VLC has all its code available to everyone, so anyone can point out its flaws and improve it. Open source is a haven for ethical hackers, although most companies use closed solutions for different reasons of added security, and hire these professionals to make their “walls” more resistant.
Too often ethical hackers do not ask for permission when entering a system. They just do it and, when they get it, they notify the person in charge. The attack does not seek to steal information, but to make the person responsible for its security awareness that there is an open penetration point that will have to be closed. Although not all companies understand the free help that these hackers offer. Even, some companies have taken legal measures against the engineer who has altruistically helped them to improve.
As Deepak Daswani explains in his book “The Hacker Threat,” when a hacker discovers a vulnerability and his exploit (the way to exploit it), a countdown usually begins. Upon reaching zero, the exploit is published. It is a way of forcing the owner of the system to keep it updated. Let's think of a social network. Users keep a lot of personal data there, and they are the most affected if there are thefts. The threat of public publication of exploits is a way to align the needs of these users to the operational business strategy of the social network.
Collaboration with other users in the community is also important. To debug problems that arise in Open Source programs and systems, it is necessary that users, hackers, and others collaborate with each other. This makes it easier to identify and fix bugs and programming errors.