In reality, hackers come in all shapes and sizes and swap hoodies for different coloured hats, the white hackers are the good guys.
The process of an ethical hacker is very similar to the process of a malicious one. Both look at a subject, be it software, hardware or a network, and try to use their knowledge and creativity to find new ways to break the defences.
The ethical hacker, known as a white hat, does the same thing as their malicious counterpart, only instead of exploiting vulnerabilities for the purpose of spreading code, they work with network operators to help fix the issue before it is discovered by others.
Both types of hackers get the same thrill of breaking something that wasn't supposed to ever break, they just have different motives. For many white hat hackers, the process is gamified in the form of bug bounty programs - competitions that reward hackers with cash prizes for reporting vulnerabilities.
Who better to fight a hacker than another hacker?
Black hats, grey hats and white hats
Within the cyber security community, hackers are divided into three camps - 'black hat' hackers, 'grey hat' hackers and 'white hat' hackers. Black hats hack their targets for self-serving reasons, such as financial gain, for revenge or simply to spread havoc.
White hat hackers, by contrast, actually aim to improve security, finding security holes and notifying the victim so they have an opportunity to fix it before a less-scrupulous hacker exploits it. Grey hats sit somewhere between the two camps, often conducting slightly more morally questionable operations, such as hacking groups that they are ideologically opposed to, or launching hacktivist protests. White hat and grey hat hackers can both be defined as 'ethical' hackers.
How do ethical hackers make money?
Black hat hackers generally earn their money through theft, fraud, extortion and other nefarious means. Ethical hackers, on the other hand, are quite often employed by cyber security companies, or within the security departments of larger organisations. The fact that they know how attackers operate often gives them valuable insight into how to prevent attacks.
Another way that ethical hackers can earn a living is through collecting 'bug bounties'. Large companies, particularly tech firms like Facebook, Microsoft and Google, offer a reward to researchers or hackers who discover security holes within their networks or services. This encourages them to report these holes, allowing them to be fixed before they can be found by criminals.
What motivates ethical hackers?
Most hackers are motivated by curiosity, and ethical hackers are no exception. They're often motivated by a desire to see what makes things tick, poking around in security systems just for the challenge of finding a way around them. Responsibly reporting their findings is the best way to indulge this desire whilst also staying on the right side of the law.
Many are also driven by a genuine desire to make the world more private and more secure. Exposing flaws in widely-used services and applications means that they're less likely to be used to harm innocent people.
Another big motivating factor for ethical hackers is, of course, cash. A career in pen-testing or red-teaming can be extremely lucrative, and often allows hackers to make a great deal more money than they would as a cyber criminal without fear of reprisals. Similarly, bug bounty programmes can provide incredibly generous payouts for discovering major flaws – the current record-holder for the highest-value bug bounty is Google's $112,500 payment to a Chinese researcher who discovered a remote exploit vulnerability in Android.
How do I become an ethical hacker?
If you're a hacker that wants to become a white hat, the good news is that you're already halfway there. Ethical hacking is more a state of mind than anything else; a desire to use talents for good, as opposed to evil. If you'd rather use your hacking talents to improve the world's security than to line your own pockets, you're well on your way to becoming an ethical hacker.
In terms of practical steps, there are numerous courses you can take that promise to give you all the skills needed to become an ethical hacker. However, while these can definitely be useful, either as a starting point or as a way to refine your knowledge, the best way to become an ethical hacker is to simply immerse yourself in the world of cyber security.
Read as much you can on the technical elements of hacking and cyber defence, keep up to date with developments in the field, and generally learn as much as possible about the theory and practice of cyber security.
Why not follow our Certified Ethical Hacker v10 questions of the day to help you to learn a worthwhile and potentially lucrative career in IT security the most popular exam for erhical hacking today. Or if you want to up the ante and aim for a very high level qualification you can follow our (ISC)2 CISSP questions of the day with detailed explanations to help to make your studying truly comprehensive.
It's also a good idea to learn a couple of programming languages, if you don't already. While it's not absolutely essential for hackers (ethical or otherwise) to have an in-depth knowledge of coding, it can be incredibly useful, and will pay dividends throughout your career.