Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

What is ethical hacking exactly?

Written by  Aug 01, 2019

Media reports often refer to the shady side of hacking, what most people usually assume as hoodie-wearing recluses that go out of their way to cause havoc on businesses, healthcare systems and governments.

In reality, hackers come in all shapes and sizes and certainly don't follow this stereotype.

The process of an ethical hacker mirrors closely the process of a malicious one. Both look at a subject, be it software, hardware or a network, and try to use their knowledge and creativity to find new ways to break the defences.

The ethical hacker, (White hat hacker), does the same thing as their malicious counterpart, only instead of exploiting vulnerabilities for the purpose of spreading code, they work with network operators to help fix the issue before it is discovered by others.

Both types of hackers get the same thrill of breaking something that wasn't supposed to ever break, they just have different motives. For many white hat hackers, the process is gamified in the form of bug bounty programs - competitions that reward hackers with cash prizes for reporting vulnerabilities.

Who better to fight a hacker than another hacker?

Black hats, grey hats and white hats

Within the cyber security community, hackers are divided into three camps - 'black hat' hackers, 'grey hat' hackers and 'white hat' hackers. Black hats hack their targets for self-serving reasons, such as financial gain, for revenge or simply to spread havoc.

White hat hackers, by contrast, actually aim to improve security, finding security holes and notifying the victim so they have an opportunity to fix it before a less-scrupulous hacker exploits it. Grey hats sit somewhere between the two camps, often conducting slightly more morally questionable operations, such as hacking groups that they are ideologically opposed to, or launching hacktivist protests. White hat and grey hat hackers can both be defined as 'ethical' hackers.

How do ethical hackers make money?

Black hat hackers generally earn their money through theft, fraud, extortion and other nefarious means. Ethical hackers, on the other hand, are quite often employed by cyber security companies, or within the security departments of larger organisations. The fact that they know how attackers operate often gives them valuable insight into how to prevent attacks.

Another way that ethical hackers can earn a living is through collecting 'bug bounties'. Large companies, particularly tech firms like Facebook, Microsoft and Google, offer a reward to researchers or hackers who discover security holes within their networks or services. This encourages them to report these holes, allowing them to be fixed before they can be found by criminals.

 The following books are highly recommended to progress your CEH v10 studies.

CEH v10 Certified Ethical Hacker Study Guideamazon uk

CEH Certified Ethical Hacker All-in-One Exam Guide, Fourth Editionamazon uk

What motivates ethical hackers?

Most hackers are motivated by curiosity, and ethical hackers are no exception. They're often motivated by a desire to see what makes things tick, poking around in security systems just for the challenge of finding a way around them. Responsibly reporting their findings is the best way to indulge this desire whilst also staying on the right side of the law.

Many are also driven by a genuine desire to make the world more private and more secure. Exposing flaws in widely-used services and applications means that they're less likely to be used to harm innocent people.

Another big motivating factor for ethical hackers is, of course, cash. A career in pen-testing or red-teaming can be extremely lucrative, and often allows hackers to make a great deal more money than they would as a cyber criminal without fear of reprisals. Similarly, bug bounty programmes can provide incredibly generous payouts for discovering major flaws – the current record-holder for the highest-value bug bounty is Google's $112,500 payment to a Chinese researcher who discovered a remote exploit vulnerability in Android.

How do I become an ethical hacker?

If you're a hacker that wants to become a white hat, the good news is that you're already halfway there. Ethical hacking is more a state of mind than anything else; a desire to use talents for good, as opposed to evil. If you'd rather use your hacking talents to improve the world's security than to line your own pockets, you're well on your way to becoming an ethical hacker. See our guide on how to become an ethical hacker.

Advertisement
Norton360 by Symantec 300x600

In terms of practical steps, there are numerous courses you can take that promise to give you all the skills needed to become an ethical hacker. However, while these can definitely be useful, either as a starting point or as a way to refine your knowledge, the best way to become an ethical hacker is to simply immerse yourself in the world of cyber security.

Read as much you can on the technical elements of hacking and cyber defence, keep up to date with developments in the field, and generally learn as much as possible about the theory and practise of cyber security.

It's also a good idea to learn a couple of programming languages, if you don't already. While it's not absolutely essential for hackers (ethical or otherwise) to have an in-depth knowledge of coding, it can be incredibly useful, and will pay dividends throughout your career.

Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

May 28, 2020 IT Security News

Defence tips to stop a trojan invasion

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to preventing...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 22, 2020 Cloud Security News

Overwhelming majority of UK organisations now confident in public cloud security

UK businesses are extremely confident in the security measures offered by public cloud service providers.

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Advertisement
Symantec Home 120x60

Advertisement