The phrase “ethical hacking” was first used in 1995 by IBM Vice President John Patrick, but the concept has been around for a lot longer. Many would argue that ethical hacking is the goal of the majority of hackers, but the current media perception is that hackers are criminals. To understand the truth a little better we need to look at the history of ethical hacking.
The origins of the hacker
The history of ethical hacking is actually just the history of hacking. Given the current portrayal of hackers as cybercriminals and thieves, it is hard to imagine the word “hacker” having anything other than negative connotations. But it wasn’t always a bad thing to be a hacker. In fact the word surfaced in its modern context at the renowned Massachusetts Institute of Technology (MIT).
Throughout the 1960s, hacking was a term used by engineering students that simply meant finding different ways to optimize systems and machines to make them run more efficiently. Hacking was a creative activity carried out by some of the brightest people in the world. And it’s interesting to note that the idea of the ethical hacker actually predates the criminal hacker.
Phreakers and tiger teams
It was during the 1970s that the waters begin to get muddied. With the growing popularity of computers, individuals who understood systems and programming languages were beginning to see the possibilities in testing those systems to understand their capabilities.
This was also the time that “phreaking” began to gain widespread notoriety. Phreaking refers to the practice of manipulating telecommunications systems. Phreakers began to understand the nature of telephone networks. Many individuals were able to use devices that mimicked the dialing tones in order to route their own calls, which allowed them to make calls for free – specifically, highly expensive long distance calls. Arguably, this was one of the first times that hacking was used for illegal purposes by a large number of people.
Simultaneously, however, governments and companies were beginning to see the benefit in having technical experts actively seek out the weaknesses in a system for them, thus allowing them to solve those problems before they could be exploited. These were known as “tiger teams” and the American government was especially keen on using them to reinforce their defences.
The rise of the black hat hacker
In the 1980s and 1990s, the term hacker began to be associated almost exclusively with criminal activity. The amazing popularity of the personal computer as tool for both businesses and individuals meant that a lot of important data and details were now stored not in physical form but in computer programs. Hackers began to see the possibilities of stealing information that could then be sold on or used to defraud companies.
Hacking was gaining a profile in the media – and not a positive one. Hackers were seen as criminals – digital trespassers – who were using their skills to gain access to private computers, steal data and even blackmail businesses into handing over large sums of money. These kinds of hackers are what we describe today as black hat hackers: they are purely interested in using their skills for malicious purposes and often connected to a range of different criminal activities. Black hat hackers get the vast majority of media attention, and there have been high-profile hacks on enormous companies like eBay and Sony in recent years.
Sophisticated modern cybercriminals
It is estimated that more than 30,000 websites are hacked every single day, which goes to show the scale of modern hacking and how it can affect businesses of all sizes. Hackers range from inexperienced “script kiddies” making use of hacking tools written by others to sophisticated modern cybercriminals who will stop at nothing to get what they want.
While we might think of hackers as operating exclusively from behind their computer screens, it’s also true that black hat hackers will look for alternative methods to break down systems. These methods could include everything from cracking passwords to using forms of social engineering in which victims could be tricked into handing over personal details or sensitive organizational information.
The renaissance of the ethical hacker
As hackers have become smarter and more persistent, it has become increasingly important for companies to have adequate defences against them. This is why we have seen the concept of ethical hacking increasingly used by cybersecurity firms as a way to combat the problem.
Ethical hacking is now commonplace – it’s even possible to become what is known as a Certified Ethical Hacker. The practice is also known as white hat hacking, and it involves using the same techniques that black hat hackers use in order to break down cyber defences. The difference is that when a white hat hacker has compromised those defences they inform the business of how they managed to do it so that the vulnerability can be fixed.
Some of the most skilled and successful ethical hackers started as black hat hackers. For example, Kevin Poulsen, who is now a respected journalist, was actually put in prison for hacking the telephone line of a radio station contest, allowing him to win a Porsche 944 S2. Since his release, he has used his skills to uncover illicit activities on the internet.
How ethical hackers can help businesses
It’s easy to see how businesses can benefit from using ethical hackers. A white hat hacker can mimic a genuine cyber attack that black hat hackers would attempt to carry out using all the same strategies that a real attack would use. If a business’s defences have a weakness, the ethical hacker will be able to expose it so that it can be fixed before a real hack occurs.
Ethical hacking techniques
Ethical hackers generally require a certain level of secrecy to carry out their jobs correctly, which means that they will usually be employed directly by businesses’ management without the knowledge of their staff or cybersecurity teams. This secrecy allows a white hat hacker to work in the same way that a black hat hacker would. They use a variety of techniques in an attempt to beat the system. Naturally this will involve penetration testing, in which they will use their knowledge of coding and well-known vulnerabilities to try to gain access. Just like black hat hackers, ethical hackers will attempt to use password cracking as well as social engineering.
Additional resources about hacking can be found here:
- Help Net Security: The History of Hacking
- InfoSec Institute: Social Engineering: A Hacking Story
- The Ethical Hacker Network: Social Engineering as a Technical Tool
About the author
Mike James is an independent content writer working together with cyber threat prevention specialists Redscan.