An ethical or "white hat" hacker is an expert in information technology security who does not use skills to access systems for personal gain, but instead uses knowledge and experience to test systems for exploits and vulnerabilities to protect these systems. These terms contrast with those of a "black hat" or non-ethical hacker.
History of the ethical hacker
Ethical hacking began as early as the 1970s when the US government attempted to hack its own system. Later, in the 1980s, ethical hacking moved into the telecommunications business, which had been the target of “cybervandals” trying to damage local telephone companies. In the 1990s, as banks became more available online, they too began to make use of ethical hacking to protect themselves. Following shortly behind the banks came e-commerce websites (think Amazon) who also made use of ethical hacking to protect themselves.
What an ethical hacker looks for
A white hat will use ethical hacking methods to answer three basic questions:
- What can an intruder see on the target systems?
- What data is available to a hacker should he/she gain access to the systems? This could be anything from pictures to business documents to information databases.
- What can an intruder do with that information?
- Can the intruder read the data, copy the data or even delete the data? Can they modify the data they gain access to in any way?
- Does anyone at the target notice the intruder’s attempts or successes?
- Are there any alerts should a hacker gain access to the target system? This is probably the most important question that an ethical hacker will answer because it indicates how long an attacker may attempt to gain access to a system before they succeed fully (and they will eventually, given enough time).
Methods an ethical hacker will use to obtain data
Ethical hackers will make use of both technological and non-technological methods to reach their goals.
Penetration testing is the simulation of an attack by a true “black hat” hacker. Penetration is the use of different methods, techniques and tools to test and evaluate the strength of an organization’s security and to detect if any vulnerabilities exist. Penetration testing, unlike other forms which theorize a system's vulnerability, will actively test an organization’s security system by using real "system hacking" techniques to try and break through. A penetration test will attempt to use the same methods that a hostile attacker will employ to gain access through an organization's security. A penetration test will take one of two possible approaches:
- Black box – As used in other circumstances, "black box" implies no knowledge of the inner workings of what one is assessing/testing/viewing. In the case of penetration testing, "black box" means that the testers have no working knowledge of the target other than the target’s name prior to the start of the test. The testers must use different methods to obtain the information themselves that will allow them to access the target’s systems.
- White box – As with black box, the definition of white box in penetration testing follows the same lines as other areas of IT. It means the testers know the inner workings of the target right down to the hardware being used. They know the infrastructure of the network and the security configurations, allowing them to find vulnerabilities before they even attempt a penetration test.
Whereas penetration testing uses technology to gain access to a system, social engineering is noticeably lacking in technology. Social engineering is the act of manipulating a person to accomplish goals that may or may not be in the best interest of the target. Like penetration testing, the goal is to gain information, gain access to a system(s); unlike penetration testing, social engineering has the added goal of having the targets themselves perform a certain action.Social engineering can make use of the following approaches:
- Pretexting - Lying to the target in order to obtain privileged information. The pretext is the hacker’s motive.
- Diversion theft - Used mostly with theft, but still considered a Social Engineering method. The purpose is to convince a legitimate delivery person who is bringing a delivery to an address, that the package is requested some where else.
- Phishing - The use of email or websites to gather personal information by pretending to be a trustworthy organization. For example, an ethical hacker may send an email, pretending to be a member of the organizations IT support team in order to have the user provide them with login credentials. They could go further by creating a custom website to pose as a password reset application for the company in order to get passwords and login information.
- IVR or phone phishing (aka. vishing) - The use of an interactive voice response (IVR) system to create an official-sounding bank IVR system to trick people into providing their personal information. An example is where a hacker will pose as a bank employee or even use another IVR message to advise the target they have to call into the bank to correct an issue. They provide a number (not the bank's) for the target to call in on and when he/she does, they record their account information as it is entered into the phone. A hacker could even perform something similar in that they use the same method, but instead attack a company employee in order to have them attempt to enter their password via the telephone.
- Baiting - A hacker will leave a CD-Rom or USB flash drive where it is sure to be found. When a person places the unit into their system it installs malware (possibly viruses). This malware could simply cause issues on a target’s system or could even be used to pass personal information back to the hacker. Baiting is one of the only social engineering methods that will use technology to attain its goals.
- Quid pro quo - The term quid pro quo basically means something for something. In this case, a hacker will attempt to gain information by giving something in return. An example would be a hacker calling a company employees one at a time, posing as a member of IT and stating they are calling to help them with their computer problem. Eventually, they are going to get to someone who actually made a call to get support and now they have an easy way to gain that employee’s passwords.
- Tailgating - An attacker can gain access to a restricted, locked down area by following someone into the restricted area who does have access and acting like they belong.
Tools of the ethical hacker
Although ethical hacking based on social engineering uses very little technology, penetration testing uses it extensively. Here are some of the tools that are used by ethical hackers to protect systems:
- Nmap - Creates a map of a network by discovering hosts and services in the computer network. It further aids by detecting the OS that is running on a system. This will allow for OS-specific penetration tests (are the systems patched to protect from known vulnerabilities?)
- Nessus- Scans for vulnerabilities in a computer system and network. It can scan for known remote vulnerabilities (unpatched), poor configuration of systems (bad email relays), checks to see if common default passwords are still in use and it can also attempt to perform denial of service attacks
- THC Hydra - Is a brute force password cracking tool. It has ability to access data from a website and attempt logins that way. It is not limited to website logins, but can access a number of protocols including ftp.
- Cain & Abel - A password recovery tool that uses a multitude of methods to determine user passwords. It can scan networks, use brute-force and dictionary methods of checking passwords and it can even scan VoIP conversations to find passwords.
Notable ethical hackers
- Robert Hansen - CEO and Founder of Sectheory LTD. Designed an application “Fierce” that determines IP addresses that will allow for easier attacking of a target (used to protect, not attack companies).
- Greg Hoglund - Specializes in rootkits and buffer overflows. Found many vulnerabilities to World of Warcraft.
- Dan Kaminsky - Discovered and developed a resolution for a severe DNS protocol issue that could have caused mass Internet disruption.
- Marc Maiffret - Once a black hat hacker himself, he instead became a protector of Windows based computers. Discovering many vulnerabilities. He even played a role in discovering and researching the “Code Red” virus.
- wiseGeek. What Is Ethical Hacking?. Retrieved on 2012-03-10.
- Marilyn Leathers. A Closer Look at Ethical Hacking and Hackers. Retrieved on 2012-03-10.
- Bill Coffin. It Takes a Thief: Ethical Hackers Test Your Defenses. Retrieved on 2012-03-10.
- C.C.Palmer. Ethical hacking. Retrieved on 2012-03-10.
- SANS Institute. Conducting a Penetration Test on an Organization. Retrieved on 2012-03-10.
- United States Computer Emergency Readiness Team. Cyber Security Tip ST04-014. Retrieved on 2012-03-10.
- DocDroppers. Social Engineering. Retrieved on 2012-03-10.
- Cyber War Zone. Social Engineering. Retrieved on 2012-03-10.
- Tech Radar. How social engineering works. Retrieved on 2012-03-10.
- Best of Network Penetration Testing Tools. Retrieved on 2012-03-10.
- Anderson, Harry (2 November 2010). Introduction to Nessus. Symantec. Retrieved on 5 November 2013.