Cybersecurity is a huge opportunity for aspiring coders to break into an exciting new field. One of the most interesting fields in cybersecurity is known as “ethical hacking”. What is it, and how is it used to protect computers and networks? Keep reading to find out.
The History of Ethical Hacking
Once upon a time, “hacker” was not just another word for “cybercriminal”. Hackers were simply people who were interested in things like electronics, phone systems, and eventually computers. They wanted to explore and learn more about technology, and they usually did so by testing the limits of electronic devices and systems.
Huge, interconnected systems, like the telephone network and the Internet, were irresistible to these original hackers. They asked “What would happen if…?” and then tried out techniques to probe and explore these systems -- not all of which were strictly legal, but were generally harmless and not done with bad intentions.
Eventually, cybercriminals adopted similar techniques -- probing systems for weaknesses, backdoors, and loopholes -- but then exploited those weaknesses to cause damage or to make a profit. This caused the term “hacker” to come to mean someone who breaks into computers or networks for criminal purposes.
But this is where ethical hacking comes in. If someone is probing systems for the same vulnerabilities that cybercriminals could use to break in, but instead reporting or fixing those problems, that could protect those systems from attack. So, that’s exactly what ethical hackers do -- they check for weaknesses in networks, software, and systems, and make sure they get fixed before they can be used to cause damage.
Ethical hacking is also known as “white hat hacking”, while hacking associated with cybercriminal activity is called “black hat hacking”. This refers to the colors that the “good guys” and “bad guys” would wear in old Western movies. A third type of hacking is called “grey hat”, referring to hacking done with good intentions but without permission of the system’s owner.
What Do Ethical Hackers Do?
Ethical hacking covers a wide range of activities that involve breaking into, gaining access to, or exploiting computers, networks, and software, with the intention of revealing flaws before they can be used by cybercriminals. Below are a few examples of the types of things an ethical hacker may be asked to do -- or may participate in just for fun.
Penetration testing refers to gaining access to a system remotely, usually over the Internet. This may be the first thing you think of when you picture ethical hacking -- sitting at a computer and trying to break into a computer located on the other side of the country or the world.
However, penetration testing could take many different forms. It could involve scanning a system for open ports, and then attempting to take control of the software that’s listening for connections. It can also involve trying to break into web applications, especially those that are secured by a password, looking for ways to gain access to private information using a public-facing interface.
Software Vulnerability Testing
Another common task for ethical hackers is to try to find vulnerabilities in software, either before or after it has been released. Software vulnerabilities can take many forms, and can be used to gain access to a computer or network if not fixed.
An ethical hacker would spend time trying to get the software to crash in different ways, and then testing to see whether those crashes can be used to conduct a privilege escalation, arbitrary code execution, or other common exploit. If vulnerabilities are found, they can be reported to the development team and fixed before they can be used by cybercriminals.
Ethical hackers can also conduct social engineering tests against companies. “Social engineering” means manipulating someone into revealing private information or giving access to a system or even a building.
For example, an ethical hacker may call a telephone company’s support line to determine whether it’s possible to gain access to someone else’s account information. Or they may contact a company’s support desk and try to get a password reset for another user. If the company has good procedures in place -- and the employees follow those procedures -- they will pass the social engineering test. If not, the hacker can give suggestions to the company on how to improve.
Some ethical hackers try to find copies of new types of computer viruses or malware. They then try to analyze the malware to see how it behaves, what it’s designed to do, and even who wrote it. This analysis can give clues as to where the malware came from, who or what it is targeting, and how to protect against it. Some hackers have been able to slow down or prevent major malware outbreaks, while others have assisted in taking down the command-and-control (C&C) servers that command botnets made up of compromised computers.
Some companies invite ethical hackers to try to break into their software through bug bounty programs. If a hacker can demonstrate a flaw in the company’s software or platform, they will receive a payment -- in some cases up to $10,000, depending on the size of the company and the severity of the bug.
Bug bounties effectively crowdsource ethical hacking to many thousands of people across the world, who are incentivized by the prospect of a reward to look for exploits and then reveal them privately to the company, rather than exposing them publicly or using them for malicious activity. This is a great way for ethical hackers to practice their skills without fear of straying into legal grey areas too.
Another popular activity among ethical hackers is what’s called a capture-the-flag (CTF) competition. These are often held in connection with a major hacker or cybersecurity conference, such as DEFCON.
In a CTF competition, teams of hackers try to break into another team’s network while simultaneously defending their own network against the other teams. Winning a CTF competition is seen as a major badge of honor among hackers, and can even lead to business or career opportunities.
Where Ethical Hackers Work
While some ethical hackers are simply coders, IT professionals, or cybersecurity experts who take part in hacking for fun, others are employed by companies that want to build secure products or keep their networks protected.
Corporate Cybersecurity Teams
Larger corporations may employ ethical hackers to test their products or their internal systems for security problems. This is sometimes called a “red team”, while the developers or IT engineers responsible for defending the systems are called the “blue team”.
A red team will use penetration testing, vulnerability testing, and other techniques to probe the security of the company’s products and network. Any vulnerabilities found will be reported to the appropriate team so that they can be fixed before cybercriminals can exploit them.
Private Cybersecurity Companies
Ethical hackers can also find employment at various companies that offer cybersecurity products and services. These companies may act as an external “red team”, hired under contract to check a particular system for vulnerabilities. Or they may produce cybersecurity software, such as antivirus or intrusion detection systems. Other companies offer cybersecurity investigation and incident response services, helping companies who have suffered a breach to find out what went wrong and how things can be improved in the future.
Government and Military
Many countries have started to assemble cybersecurity defense agencies, as well as entire cyberwarfare operations. In the United States, the National Security Agency was traditionally responsible for “signals intelligence”, or breaking into other nations’ systems to spy on them.
But now, each branch of the military has at least one cyber warfare unit, unified under the U.S. Cyber Command. In addition, the civilian Computer and Infrastructure Security Agency (CISA) aims to protect government organizations from hackers and cyber threats. Many other countries have similar agencies and organizations that are actively recruiting hackers, coders, and people with IT experience for cyber operations.
Next Steps: Ethical Hacking
If you’re interested in becoming an ethical hacker, you can get started by brushing up on your coding skills. Sololearn’s free Python and C++ courses are a great way to get started learning coding skills that you can put to use in a cybersecurity career. Download the Sololearn mobile app to take your learning on the go. You can start working toward your new career anywhere and anytime with Sololearn.