Ethical Hacking: A Guide to White Hat Digital Snooping
How would you define a “hacker”? When asked, most people immediately think: Criminal! Bad Guy! Thief!
But in reality, a lot of hackers aren’t looking to steal, cheat, or scam. They’re not shadowy figures prowling for mischief. They’re “white-hat hackers,” — aka, ethical hackers — who use their skills to thwart cyber criminals, track down felons, and serve on the digital front lines of national security efforts.
What is Ethical Hacking?
Ethical hackers fall into three main categories: exploit hunters, law enforcement helpers, and activists.
Exploit hunters search for security holes to patch them. Without them, authorities probably would’ve pulled the Internet’s plug years ago on account of rampant criminality, and we’d still be living like its 1978. Law enforcement hackers assist police efforts to find wanted people and track missing ones. Hacker activists, aka Hacktivists, use their skills to bring attention to government overreach and other matters that need public exposure.
Hacker Defined
The term “hacker” originated at MIT in the 1960s. Back then, the word had a positive connotation and was synonymous with “computer geek.”
Need for Ethical Hackers
Did you know it takes nearly half a year for a data breach to be discovered? According to an IBM study, on average, exploit bugs typically remain vulnerable for 196 days. And in those 196 days, breached information usually filters through the black market. All things considered, we should probably start heeding the words of Colonel Nathan R. Jessup: “We want them on that wall! We need them on that wall!”
Famous Ethical Hackers
Like any industry, the ethical hacking community has its superstars.
Kevin Mitnick
At one point, Kevin Mitnick was the most wanted cybercriminal in North America, and the feds got their man. Mitnick spent five years behind bars for wire fraud and unauthorized computer access. Since his release, however, the reformed black hat has written five books and opened a white hat digital security firm that’s become a preeminent pentesting firm. These days, Mitnick is best known for his company’s inventive business card, which includes a functional set of lock picks, a talisman of hacking culture.
Charlie Miller
Several years back, Wired writer Andy Greenberg wrote a now-infamous feature about having his car hacked while on the freeway. Charlie Miller was one of the two hackers who participated in the project. A former NSA employee, Miller was also the first person to hack an iPhone remotely and unearth major Mac bugs. He falls into the ethical hacker category because he shares findings with manufacturers to fix them.
What is Pentesting?
Penetration testing — or pentesting — is the act of purposefully trying to infiltrate a given network, piece of software, database, or app to find a data-exposing loophole in the code. These days, most corporations have a pentester or pentesting team.
Kevin Poulson
Another reformed hacker, Kevin Poulson also spent five years in jail for computer fraud after evading authorities. After release, Poulson coded a program that identified potential sex offenders on MySpace. These days, he sticks to the journalistic side of things and once saliently warned that “information is secure when it costs more to get it than its worth.”
Dan Kaminsky
Without Dan Kaminsky, the Internet may have died a violent death years ago. In 2008, Kaminsky uncovered a flaw in the Web’s DNS architecture. If he hadn’t alerted authorities, the Internet would have quickly devolved into a quagmire of unfixable mayhem and probably shut down.
Edward Snowden
Granted, the infamous programmer who exposed military secrets is a controversial addition to an “ethical hackers” list. But we think it’s fair to note that hacktivist Snowden forced the world to think about government transparency and personal privacy in the 21st century — and thinking is rarely a bad thing.
Ethical Hacking Examples
Ethical hacking events are gaining traction around the world. White hat companies — like Trace Labs, which specialize in law enforcement assistance — are also on the rise.
Ethical Hacking IRL: Missing Persons Hackathons
Increasingly, law enforcement agencies around the world are turning to crowdsourced intelligence and OSINT to solve missing person cases.
Recently, 354 hackers gathered in Australia for the country’s first-ever National Missing Persons Hackathon. The AustCyber Canberra Cyber Security Innovation Node partnered with authorities and private tech companies to find new leads in missing person cases. Participants showed each other innovative ways to use technology while respecting legal parameters.
What is a Bug Bounty?
Many businesses have “bug bounty” programs that reward freelance ethical hackers who find and alert the company about problem holes in their code. To earn the reward money, the hackers must prove that they didn’t download data or do anything nefarious.
The Innocent Lives Foundation is another digital information collective that tracks predators who traffic and exploit children. Founded by security specialist Chris Hadnagy, the group has a dedicated team of volunteers, who use OSINT information, to help law enforcement save lives. To donate to the worthwhile organization, click here. (https://www.innocentlivesfoundation.org/donate/)
What is OSINT?
OSINT stands for open-source intelligence, or publically available information gathered from the Internet.
Ethical Hacking IRL: Hacktivism
Arguably, another type of ethical hacking is “hacktivism” — the use of technology to further a political or social agenda. Now, not everyone may agree on what issues need exposure to serve the greater good. Still, the intentions behind most hacktivist events are good.
Take, for example, a recent website takeover in Kerala, India.
The Kerala Cyber Warriors — a 17-member group of teachers, students, and professionals from Kerala who claim to be the “the voice of the voiceless and the eyes of the blind” — recently took over an Indian law enforcement website to protest a controversial case that allegedly saw four accused abusers acquitted.
If you have questions about ethical hacking, feel free to contact us at secure@torvul.com. If you’d like to read more about digital security matters, check out our blog.