When people hear the word “hacker”, what immediately comes to their mind is a “computer criminal” or “specialist in illegal computer intrusion”.
This misconception has made many people believe that hacking is only for criminals, thus stigmatizing the entire noble hacking profession.
In this study, I will shed some light on hacking and hackers. You will learn who a hacker is, types of hackers, what hackers do, and how to learn hacking.
Now let’s kick off with the definition of the terms.
What is Hacking?
Hacking is the art of finding and exploiting the vulnerabilities in computer devices and/or connected computer systems (a.k.a networks) to gain access. It refers to all activities, processes, and techniques to gain access in order to manipulate or compromise computers, websites, social media accounts, smartphones, and even internet-connected devices.
A good example of hacking is a savvy user that can bypass the login screen of his locked Windows 7 computer when he forgets his login password.
That user just got access to his computer again and knowledge of hacking made that possible.
You can see, hacking by itself is not “the evil” here. But the intentions and motives of gaining that access could be, and that’s what really matters.
Who is a Hacker?
A hacker is a person who has the technical skills to find and exploit misconfigurations or weaknesses in computer systems and networks in order to gain access.
He is specially armed with techniques and processes to bypass security measures in place and take control of any computer system or device to make it do his bidding.
Hackers usually have a vast knowledge of the inner workings of computers, networks and web technologies. And most hackers are also computer programmers with knowledge of computer security.
However, some hackers specialize in hacking humans instead of computers. This aspect of hacking is called social engineering.
In a social engineering attack, the hacker manipulates the individual to gain access rather than trying to beat the computer system. And it’s largely successful because it’s human nature to make errors that will get hackers in.
Alright, with those two vivid definitions out of the way, we are now ready to dig into who an “ethical hacker” is and how he differs from the “criminal hacker” that the society has unfairly labeled every other hacker.
Types of Hackers
Hacking is a collection of technical skills. As with other technical skills in the world you cannot really control what people who have acquired these skills choose to do with it. Hence we have different types of hackers.
The three well-known types of hackers the Information Security industry recognizes today are the white hat, black hat, and grey hat hackers.
These colored hat descriptions started when the good hackers (white hats) sought to distinguish themselves from their criminal or malicious (black hats) hackers counterparts.
Other hat colors have sprung up over the years such as the green, blue and red hats to describe different types of hackers.
But what distinguishes the different types of hackers boils down to two main factors: the motivation of the hacker, and the legality of his actions.
1. White Hat (or Ethical) Hackers
White hat or ethical hackers refer to cybersecurity experts who conduct security assessments on a company’s system and identify any hole or weaknesses in their security setup in order to improve it.
They are so-called ethical hackers because they act within legal boundaries. Meaning they have permission or authorization to carry out whatever hacking activity it is.
Most white hat hackers have paying jobs where they work as regular employees. While others get hired by companies or the government to find security flaws in their computer or people networks.
Note that the hacking techniques and methods the white hats use are the exact same that their black hat counterparts may also use.
But the main difference is that white hats have permission by the individual or company they are attacking. And their motive is to evaluate, improve, protect or maintain the security of their systems.
2. Black Hat (or Criminal) Hackers
Black hat hackers are the type of hackers the media is well acquainted with, a.k.a the malicious or criminal hackers.
These are faceless individuals who attempt to gain unauthorized access into computer systems and networks to exploit them for malicious reasons or personal gain.
Black hat hackers have no permission whatsoever to intrude nor compromise their targets.
Their core motive is usually for financial benefits hence they often steal financial information such as credit card data, or gain access to financial passwords and other personal data.
Some black hats specialize in inflicting damage to security systems, infecting systems with ransomware, compromising and defacing websites, tapping into security camera feeds for illegal surveillance, shutting down critical infrastructure such as SCADA systems, etc.
3. Grey Hat Hackers
Grey hat hackers are somewhat in the middle between the white hat and black hat hackers.
They exploit computers and networks without permission or authorization in the same way the black hats do, but often with the intention of notifying the law enforcement agencies or the owners of the system of all the vulnerabilities they’ve found.
A grey hat may extort the owners or administrators of the compromised system for money to get their system back up or offer to fix their vulnerability for a nominal fee.
Typically, grey hats just go about surfing the net for vulnerable systems that they can compromise, notify the owners afterward, and offer a fix in exchange for money.
What Ethical Hackers Do
You are already familiar with the evil work of black hat or criminal hackers. You hear it in the news all the time. From how they struck an organization and stole sensitive data like credit card info, to how they encrypted millions of users PCs with ransomware.
We will take a look at what ethical hackers do instead to combat criminal hackers. Thus making the internet a safer place for everyone to use and enjoy.
Ethical hackers conduct security assessments to expose vulnerabilities in the software or products of a business to help them improve their security posture.
The most notable of the different security assessment types ethical hackers conduct include:
- Vulnerability Assessments
- Penetration Testing
- Bug Bounty
- Red Team vs. Blue Team
1. Vulnerability Assessments
In a vulnerability assessment an ethical hacker fires on all cylinders to find as many vulnerabilities/flaws as possible in a customer’s environment, and thereafter makes a list of all items found for remediation, starting with the most severe.
2. Penetration Tests
A Penetration test (commonly referred to as pentest) is a more refined or directed security assessment.
In a pentest, an ethical hacker tries within a stipulated time whether he can break through a company’s security defenses to achieve a specific goal. E.g to steal credit card information, hijack domain administrator, or to find/steal any other company’s crown jewels.
3. Bug Bounty Hunting
A bug bounty is interesting in that it leverages the use of a crowdsource for security assessments.
The floor is thrown open to a diverse crowd of security testers, irrespective of their expertise or experience, to find as many vulnerabilities as possible in a system.
4. Red Team vs. Blue Team
In a red team security assessment, an ethical hacker goes all out against a company and attacks the company’s infrastructure just like an external adversary would.
While this is ongoing, there is a blue (or defensive team) actively trying to detect and ultimately stop the attacks coming from the red team side.
The arch goal of both the red and blue teams is to strengthen the overall defenses of the organization and make them more resilient to cyber attacks.
Note that all of the above assessments are with the express permission of the organization that is being tested. Without permission, that is black hat hacking and you can get into trouble depending on the laws where you live.
Veteran cybersecurity expert and writer, Daniel Miessler has more to say on information security assessment types.
How to Learn Hacking
Hacking is a collection of technical skills (and a little bit of innate talent in my opinion). Therefore anyone can learn to hack if they have the passion and are ready to invest ENOUGH time into mastering it.
But before you ever begin to hack, you need to, first of all, have a solid background in general information technology. This is very key because it will ensure you don’t eventually give up frustrated.
So here are the technical skills you have to level up on—remember you need just the basics for now.
- General computing
- Computer networking
- Linux (or MacOS)
- Coding or Scripting
If you are a complete beginner to hacking, this looks like a lot and it actually is. But with proper guidance and quality time investment, you can quickly come up to speed on these basics and begin to learn to hack going forward.
To know more about how you can learn how to hack, I invite you to follow my How to Become A Hacker Series. The series is designed to give focused guidance to help anyone level up a career in ethical hacking, fast!
That’s all! Please leave me your comments below and consider sharing this post if you enjoyed it.