Modern technology is always advancing, which means that the tools used to hack systems are always advancing as well. Because of this, ethical hacking, or white hat hacking, is quickly becoming one of the more important tools to defend against this ever-prevalent threat of hackers. The difference between white hat hacking and hacking for nefarious purposes, is that white hat hackers do it to help companies and individuals boost the security in their systems. Becoming an ethical hacker can take time, but the payoffs from their line of work can make it all worth it.
White hat hackers are an integral part of keeping the security of systems up to date. Through a process called penetration testing, white hat hackers work on hardware and software to find and patch vulnerabilities that hackers could exploit for nefarious purposes. Penetration tests happen all the time, as companies and organizations often try to stay one step ahead of hackers. Sometimes, these companies and organizations open up their systems to the public, allowing freelance ethical hackers to test their systems for flaws. The article “Hack Us, Please: DoD Opens Websites To ‘White Hat’ Hackers” describes the challenge that the United States Department of Defense publicly issued out to any white hat hacker. The challenge, which is also called a bug bounty, was for any white hat hacker that registered with a specific private sector firm, which was done to ensure that any potential leak of sensitive information would not happen (“Hack Us, Please”,) On top of registering with the private sector firm, any participant who wanted to claim a reward for finding a bug had to pass a background check as well (“Hack Us, please”). The payout for finding a bug in the Department of Defense’s websites could reach “as high as $15,000,” and later government bug bounties, such as a forthcoming bug bounty involving the United States Army and their recruiting websites, could reach higher numbers (“Hack Us, Please”). Bug bounties are one of the most common jobs a white hat hacker can find. The reasoning behind opening up government systems to ethical hackers is a fairly logical one: Charley Snyder, a senior cyber policy adviser in the Office of the Secretary of Defense, points out that “the bad guys are certainly not waiting for an invitation,” (“Hack Us, Please”). It’s important for white hat hackers to keep up with technology, so the proper training and qualifications are becoming all that more important in the cyber security industry.
Since the demand for white hat hackers has risen and continues to rise, training for white hat hackers has become very important. Journalist Tracy Caldwell’s article “Ethical hackers: putting on the white hat” covers how people can become white hat hackers. It is a common belief in the cyber security industry that “great ethical hackers are born and not made is prevalent in the industry,” (Caldwell). Skills necessary to be a white hat hacker, such as hardware and software manipulation, can be taught to almost anyone, but someone’s attitude and mindset are very important to withstand a training program that can be half a decade long. However, before going through any training programs, one must start with the basics. Chris Larsen, a senior malware researcher, says that “buying or building a cheap computer and putting Linux . . . on it will get you started,” (Caldwell). People looking into entering the white hat hacking profession need more than just a cheap computer and software, though. Quite a few companies have bought into the belief that “the only way to become a professional ethical hacker is through an apprenticeship model and it takes more time than most people expect, at least five years,” (Caldwell). Elsewhere, there are several universities that are offering courses in ethical hacking to help people learn the skills that are necessary to know in order to be successful in the cyber security industry. However, what is arguably the most important step to establishing credibility in the cyber security industry is becoming a certified ethical hacker. These certifications are handed out by select boards and councils, such as the EC-Council, which hands out the Certified Ethical Hacker (CEH) certification, which is widely recognized throughout the industry. There are many other qualifications, and they all have different requirements: some are limited to a certain nationality, while others may require written exams.
In journalist Amanda Paulson’s article, “New academy teaches ‘ethical hacking’”, she reviews a new academy in Chicago that specializes in teaching hacking skills and techniques such as different kinds scams, malware, firewall breaches, and so on. However, the brand-new Hacker Academy teaches these skills in an effort to teach people not how to be a hacker, but how to “think like hackers,” and how to hopefully remain one step ahead of any attacks (Paulson). The attacks that the Hacker Academy are trying to help prevent can range from “lone gunman hackers . . . doing it for more explicit monetary reasons” to “more organized criminal groups,” says Chris Painter, a deputy chief of the Department of Justice’s Computer Crime and Intellectual Property section. It is important to for white hat hackers to patch up any vulnerabilities in order to prevent as many attacks as possible, as these attacks are always happening. For example, a common type of attack in a phishing scam, where scammers pose as legitimate companies to solicit sensitive information from people. In the first half of 2016, Symantec, an Internet security company, “documented more than 150,000 unique phishing messages, an increase of 81 percent over the prior six months,” (Paulson). According to Computer Economics, a firm which estimates damage from cyber attacks, estimated that the damage in 2005 was about $14.2 billion, with the number in 2006 “likely to be similar,” (Paulson). The severity of these attacks are the reason why courses and opportunities, such as the Hacker Academy, are becoming more prevalent in the cyber security industry. With the monetary value of the damages in the billions, and an unknown amount of people vulnerable to these attacks, it’s becoming even more important for white hat hackers to be well equipped to protect against these attacks.
While the threat and amount of dangerous cyber attacks increase every day, it is becoming just as increasingly important for the cyber security industry to stay up to date. The training and qualifications of white hat hackers are becoming increasingly necessary in the cyber security industry, which help companies and businesses know that they are getting they best help possible. White hat hackers are an integral part within the cyber security industry, as the perspective they provide—from the eyes of a hacker—can be the difference between a company’s system working normally and a company losing potentially thousands, or even millions of dollars, from a cyber attack.
Works Cited
Caldwell, Tracey. “Ethical Hackers: Putting on the White Hat.” Network Security, vol. 2011, no. 7, 2011, pp. 10–13.
“Hack the NHS.” New Scientist, vol. 236, no. 3154, Dec. 2017, p. 6. EBSCOhost, ccny-proxy1.libr.ccny.cuny.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=126484135&site=ehost-live.
Sydney J. Freedberg Jr. “Hack Us, Please: DoD Opens Websites To ‘White Hat’ Hackers.” Breaking Defense, 2016, pp. Breaking Defense, Nov 21, 2016.
