The mainstream media has depicted the art and act of hacking in such a way that seems universally negative. Tell someone that you're a hacker, and they'll assume you're a criminal of some sort. Of course, this is not unreasonable. There have been some pretty major hackers who perpetrated computer crimes that will go down in history.
The truth about hacking is that, like anything else, it's a tool. The body of knowledge and practices that make up the art of hacking can be used to harm or help. To differentiate themselves from malicious hackers, those who want to use their hacker powers for good refer to themselves as "ethical" hackers, "white hats" or "professional penetration testers".
So can you be an ethical hacker? If you've got the urge to hack as no one has before, but don't want to be on the wrong side of the law, what should you do? Let's have a look at what's involved.
What Are Ethics Anyway?
What does the "ethical" in ethical hacker refer to anyway? Ethics are all about the principles of what's right and what isn't. Moral principles deal with harm. As in, what causes harm, what causes good, and what causes neither.
Ethical hackers are therefore concerned with the morality of their hacking. They think carefully about the consequences a hack will have, weighed up against not performing the hack. These hackers don't do things for their own sake but within a moral framework. When we talk about ethical hackers, we are really talking about hackers who want to practice good ethics that cause no harm or actively mitigate, on balance, against harms.
Wearing the White Hat
Another name for an ethical hacker is a "white hat" hacker, which refers to the white, grey and black ethical classes of hacking. Black hat hackers are generally computer criminals, although they are not all motivated by the same thing. Some are just curious, others are anarchist and quite a few are trying to get rich by using their technological knowledge.
Grey hats aren't actively malicious like black hats, but at the same time, they don't adhere to any sort of strong ethical code.
Ethical hackers wear the metaphorical white hat as a symbol of their commitment to hacking with a purpose. They want to improve security and safety and always proceed with the consent of the one they are trying to help. Where a grey hat might penetrate a system and then let the owner know later, white hats arrange for security tests and have the full support of what's usually a client. They always consider the consequences of their actions carefully and hack with their heads rather than their gut.
Formal Ethical Hacking Study
As the need for cybersecurity consultants and professionals becomes more intense, being a white hacker may seem like a good career choice. So it makes sense that there are formal courses in ethical hacking offered all over the world.
These courses are pretty useful in terms of the technical knowledge they impart. They can also help you get a job as a penetration tester or other type of cybersecurity professionals. What they can't do is actually make you a white hat hacker. Being a white hat hacker goes beyond just passing some courses. It's about understanding the online world and the dynamics of information. It's also about understanding human psychology and how it interacts with all these new technologies. You also need a certain sort of dogged curiosity and a worldview that's at right angles from most people. There are proper ethical hacking certifications out there though, but we'll touch on that a little later.
The Hacker Manifesto and a Higher Sense of Ethics
One of the earliest pieces of writing on the ethics of hacking came from a famous hacker by the name of Loyd Blankenship. After being arrested, Loyd wrote The Conscience of a Hacker, explaining the way that he sees the world and what values drive him.
This short piece of text was published in underground hacker magazines and even t-shirts. It's a powerful piece that tells the world that the hacker plays to a set of rules that are purer. That goes beyond the "right and wrong" of mere pedestrian mortals. Of course, it also speaks to an anarchist, lawless and extremely liberal world view with no responsibility for one's actions. Which makes sense given that the person who wrote it was a little miffed at having to be accountable, perhaps. Still, as a prospective ethical hacker you can see that no matter which form of hacking is perpetrated, the hacker in question undoubtedly has some core beliefs that drive their actions.
Spreading the Word
Ethical hacking is about sharing knowledge in a way that makes the net and technology safer for us all. To be an ethical hacker, you have to be part of a community that shares the same values as you do. You also need to work together in order to be effective. Hackers who aren't bound by the same sort of moral code often have pretty tightly-knit communities. Although no one in those communities knows each other's real identities.
Their ethos may differ from the ethical hacker way, but their methods of sharing knowledge and building powerful networks of operators are worth learning from. So an ethical hacker is also a community hacker. Willing to teach as well as learn as needed, for the greater good.
Most importantly, according to a certain hacker luminary, the most important thing we can do to create white hat hackers is to teach ethics from childhood. Although it's never too late to start with yourself!
After all, is said and done, the one thing you need to do in order to be a white hat hacker is transparent. You need to be upfront and truthful about what your aims are. Share critical knowledge with those who need it. You never mislead or withhold anything to increase your own profits. Yes, being a white hat hacker and selling yourself as "ethical" can be lucrative, but if you want to be an ethical hacker simply because you can make a buck, well then you aren't all that ethical after all.
The Practical Path to Ethical Hacking
That's probably enough philosophy for anyone, so what are the practical steps to becoming an ethical hacker? It turns out that there isn't anyone path that ends with you working as an ethical hacker. However, there are some common areas that can't hurt to cover.
Get IT Knowledge!
It should seem obvious, but you need a pretty good understanding of information technology. To be an ethical hacker, you need to understand something about almost every aspect of modern computer technology. A good place to start is at the basic level. A+ certification will give you a good rounding in everything from computer hardware to networks and operating systems. It's the minimum requirement to be a computer technician and so also part of the knowledge you need to be a hacker.
From there you can pursue more advanced IT qualifications, especially ones that put you on track to become a network security specialist. Being able to code in one of the popular contemporary languages (e.g. Python or Java) is also immensely useful.
You can take a more hardcore (and perhaps more lucrative) career route and start off with a degree in computer science. That qualification covers the theory of computation itself but will give you deep insight into the fundamental principles that digital systems and networks operate on. Not to mention some pretty elite skills in math, statistics, coding, and algorithm design.
A Firm Psychology Background
While you don't need formal education in psychology, a substantial part of hacking centers around attacking the human element within systems. Using knowledge of persuasion and other psychological factors, a digitally secure system can be compromised by fooling or coercing a person who has legitimate access to it. Reading up on persuasion, cognition and decision making will help you understand where the weak points in the human mind are. Of course, you should also be familiar with all the social engineering methods that hackers have used in the past.
Know the Law
As an ethical hacker, you can only operate within a legal framework. No matter the moral justification, everything you do must comply with the law of the nation you operate in. If you don't know the law, how can you stay within its bounds? So as an ethical hacker you'll need to know the applicable laws and regulations. Ensuring that neither you nor your clients ever run afoul of the authorities.
Pursue an Ethical Hacker Certification
After you've spent some time in the cybersecurity industry, working on the knowledge domains that underscore ethical hacking, you will become ready to pursue a certificate in ethical hacking. The Certified Ethical Hacker or CEH qualification is backed by the EC-Council. The International Council of Electronic Commerce Consultants. This is a certification that has to be renewed every three years, costs just over a thousand dollars to be examined for and then around $80 per year.
The test itself is a multiple-choice paper. However, you can't just sign up and write the exam. You either have to attend training at an accredited center or you need to get the same content through the Council's online learning portal. You can find a detailed list of requirements to pursue the certification here.
The training and testing will cover:
- penetration testing
- social engineering
- denial of service
- encryption cracking
As you can see, you'll need quite an extensive background in multiple domains to get this sought after recognition.
Never Stop Learning!
Regardless of what paperwork you accumulate, being an ethical hacker is not the end of the journey. It's a role you have to maintain. Technology and the people who exploit it are evolving rapidly. This means you need to stay on top of the latest trends, keep a finger on the hacking community pulse and actively take part in white hat conferences. An ethical hacker must be ever vigilant and that means lifelong learning.
It's a long and tough path to reach the point where you can be a recognized, active and contributing ethical hacker. However, for the right type of person, it's hard to imagine a more rewarding job.
What do you think it takes to be an ethical hacker? Let us know in the comments. Lastly, we’d like to ask you to share this article online. And don’t forget that you can follow TechNadu on Facebook and Twitter. Thanks!