What Ethical Hacking is All About

Cyber Security is a very vast field, and ethical hacking is one part of it. In this article, Varun Pathak discusses about the different types of ethical hacking. Pathak is a Cyber Security & Network Consultant and Trainer. He takes Cybersecurity courses at infyni.com

When we hear hacker most people assume it is to do with hacking into a partner’s personal Facebook, Instagram, or WhatsApp account. Ethical hacking is much more than hacking into social network accounts. It is about providing and testing the level of security for the organization you are working for.

Ethical hackers, therefore play a vital role in providing safety and security in this era of the internet where everything is connected to the internet. Ethical hackers find and patch vulnerabilities in different systems so that no unauthorized person can use that vulnerability to exploit the system.

What Ethical Hackers do

In an organization, you won’t find a designation titled Ethical Hacker. They are instead, known as cyber security consultants or cyber security analysts. And, depending on the projects they are assigned, they will have different missions to accomplish.

Generally, though, they are divided into two parts:

1. Defensive

2. Attacking

According to the EC-Council, an ethical hacker is “An individual who is usually employed with an organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.”

An ethical hacker uses the same tools and techniques a malicious hacker uses. Like two sides of a coin, the same method can be used to either protect or break the system. It will depend on the intention of the attacker.

To test the security, an ethical hacker performs the following steps:

1.      First, he uses Nmap to scan networks and ports

2.      Then he uses OSINT to gather information

3.      He then tries to exploit the vulnerability of a system

4.      Lastly, he will check if the attacker can continue to maintain access or not

5.     Fifth step is to clear the logs. This is not applicable if the ethical hacker has the consent of the organization he is hacking. However, if an unauthorized person is doing the hacking he will perform the fifth step.

Types of Hackers

There are many kinds of hackers depending on the intention and the technique they follow. They are:

1) White Hat Hackers

2) Black Hat Hackers

3) Grey Hat Hackers

4) Suicide Hacker

White Hat Hackers

White hat hackers are hackers with good intentions. And they always take consent or permission from the client to hack. White hat hackers are also known as ethical hackers.

These hackers are trustful, try to find the vulnerabilities, and provide security to the organizations. He or she is a specialist in the field and can perform penetration testing to secure an organization’s security and information, with the client’s permission of course.

I would any day recommend training as a White hat hacker.   

Black Hat Hackers

Criminals, we call them. These hackers intend to harm an individual or organization for money or revenge. They not only steal data but sometimes they destroy it. Also called Malicious hackers this hacking is illegal and done without consent which often leads to legal implications.  

A recent example of this is the Twitter attack on high personality accounts. Hackers used social engineering to access and change the email of these personalities, and then tweeted about “doubling the amount of money” they received from anyone.

Grey Hat Hackers

Hackers who work for an organization to protect their infrastructure while also working as an individual or freelance hacker for someone else with criminal intent is known as Grey hat hacker.

Grey hat hacker is a mixture of white and black hat hackers. Grey hat hackers’ main mission is to protect the client for whom they are working full-time but they also have a dubious secondary intention to break into others’ systems illegally.

These hackers work for any random client who is ready to pay them.

Suicide Hacker

These hackers are just like suicide bombers who will do whatever it takes to complete their illegal task knowing they may get caught. They generally don’t worry about the consequences of their crime.  

For example, Robert Tappan Morris created a worm by his name “Morris” which could re-infect computers. Each time a computer got infected, it got slower and slower. His worm did substantial damage to 6,000 computers (that was a lot of computers in 1988).

And as punishment, he was given an equally commiserate fine of USD 10,000 fine.

Script Kiddies

Script kiddies are basically beginners in hacking and try without really knowing how things work internally. These are not serious about hacking and invariably do it for fun, desiring good scripts to complete their work.

Script kiddies generally use pre-built tools to perform their attack and are not aware of the consequences of their attack.

Career Choices

As an Ethical Hacker these are the career choices you will have:

1.      In government or private firms

2.      Network security engineer

3.      Network security administrator

4.      Security consultant

5.      Penetration tester

With the increasing cyber threats, private as well as governments are desperately in need of ethical hackers to protect and help them fix vulnerabilities in their systems. You could work as a freelancer or consultant.

What you need to keep in mind is that you may NOT find a job designation like a Black hat or White hat hacker. Instead, you will be seeing jobs for Security Analyst, Security Consultant, or Security Architect. Finally, the jobs available on job portals are only for White hat “Ethical” hackers.

Infyni is an online learning portal where live classes are conducted with expert coaches. Browse through our curriculum on Cybersecurity and join a few trial sessions to see if you want to take a course. www.infyni.com

Author: Varun Pathak