Cyberattacks are becoming more frequent, with news about an attack now an everyday occurrence. This year alone, the FBI expressed utmost concern on the unprecedented growth in hacks that used ransomware attacks.
When Mark Litchfield received an unexpected email, he did what 99% of us will not do—he opened it. It was the first ‘hacking’ request in his career, which now amounts to more than $1.8 million in earnings.
The email he opened when he was a teenager was from the tech giant Yahoo requesting mail recipients to help them look for a bug within their system. After Litchfield found the bug and sent his documentation, he was sure that was the end of it. Instead, Yahoo mailed back with an offer and a career he helped pioneer—ethical hacking.
Litchfield became the first millionaire ethical hacker in history.
Cyberattacks are becoming more frequent, with news about an attack now an everyday occurrence. This year alone, the FBI expressed utmost concern on the unprecedented growth in hacks that used ransomware attacks. Numerous local governments were attacked and millions of dollars worth of data was held ransom.
While cybersecurity professionals and companies are keeping up with the latest means of securing their data, the fast-paced development of technology leaves many vulnerabilities that cybercriminals can exploit. This is where ethical hackers, or white hat hackers, come in.
What is ethical hacking?
In the past decade, more and more companies are investing in getting help from white hat hackers. These cybersecurity professionals, like Litchfield, explore the vulnerabilities of systems by attempting to gain access and documenting any found weaknesses. Just like a malicious hacker (black hat), they use the same methods to circumvent system securities, but they do it so organizations can fix them.
More than a tester, an ethical hacker has a broader range of duties to fulfill. By not being bound by established organizational protocols, white hat hackers can use an extensive range of strategies to find vulnerabilities.
How does it work?
Scanning ports and connections is just the tip of the iceberg for an ethical hacker. They can utilize patch installations, honeypots, and even brute force in order to detect possible attacks. White hat hackers can also employ methods of social engineering or dumpster diving to retrieve or gain information and access—looking through trash bins, notes, and even shredders.
Ethical hackers also serve to test the security measures already in place. They might find ways to evade intrusion detection and prevention systems or bypass encryptions by stress-testing them.
Is it legal?
Technically, it isn’t.
Ethical hacking operates under the principle that hacking in itself is a weapon and those who wield the weapon determine the outcome. The only thing that can stop a bad guy with a mouse is a good guy with a mouse, right? Not exactly.
While some of these white hat hackers are in-house talents, most of them are what people call a gray hat. These ethical hackers expose the vulnerabilities of systems without permission to do so from the organizations. This is why many private organizations sue these gray hats for going public with their cybersecurity flaws.
Experts believe, however, that the need for more white hats and the regulatory environment puts organizations at more risk. Initiatives like Discloseio offers boilerplate agreements to encourage gray and white hats to continue doing their work without the fear of litigation. In fact, most hackers don’t release their findings publicly to make the companies look bad. It’s typical for them to message organizations privately and wait for at least 90 days—a practice from Google Project Zero—to fix the issue.
A recent example of the gray area surrounding the matter of gray hats was when a hacked victim fought back and gained decryption keys from the notorious Muhstik gang. The gang had been using ransomware to force companies into paying out money in exchange for decrypting their locked data. But with the release of the keys, the user essentially ethically hacked the gang and released the stolen data. Even though he saved the companies a lot of money what he did was illegal in the eyes of the law.
A growing industry
While it might be a long time before ethical hacking becomes fully legal in the US, the industry is expected to grow. The unprecedented explosion of cyber attacks in the past few years pose a serious danger to every type of organization, and ethical hacking is becoming a real necessity. With such high demand and an expanding career outlook, many more are expected to pursue ethical hacking as a vocation. Udemy’s hands-on ethical hacking courses cover a wide range of opportunities now linked to this industry. These range from in-house white hat professionals to freelance cybersecurity specialists and are a clear indication of how much ethical hacking is needed in the modern world.
This is especially true with the ever-increasing demand for cybersecurity experts. A recent estimate published on CNBC highlights that around 3 million cybersecurity positions are left unfilled in the country. This shortfall and the surge in attacks remain the biggest threat to the modern economic and social landscape. With more interconnected devices and systems introduced every month, it’s not enough to just be defensive. With all these talents ready to don the white—or even gray—hat, why wait for the black ones to come?