Hackers are usually considered mischievous souls trying to penetrate a computer system while exploiting loop-holes in the system. As a matter of fact, this perception is true to some extent. A hacker identifies the vulnerabilities in a system and by exploiting those vulnerabilities accesses the whole PC or a software application that he was otherwise not authorize to access. However, hacking can be categorized into two broader classes based on the purpose and intent of the hacking attack.
Black Hat Hacking
Black hat hacking is the type of hacking where a malicious hacker hacks a computer system for the sake of accessing secret information, damaging the software application or inflicting any other damage to the system. The intent of the black hat hacker is malicious and unethical. Many major websites have faced such black hat hacking attacks in the near past. A typical example of black hat hacking attack is the DDOS (Double Denial of Service) attacks where huge numbers of simultaneous requests put a huge load on the server and eventually the server stops responding. In short, the purpose of black hat hacking is negative and malicious and used to inflict financial or reputation loss to the owner of the system being hacked.
White Hat Hacking: Where things get interesting!
However, to your surprise or rather amusement, there exists another type of hacking that is totally legal and ethical. This type of hacking is called white hat hacking. The term black hat hacking and white hat hacking have evolved from the idea of good guys and bad guys. Back in the early 19th century, the guys who used to wear black hat were considered suspicious and those who wore white hats were deemed good and decent. That was a mere perception but the idea of black and white hat hacking has evolved from this perception.
White hat hacking is no different to black hat hacking in terms of exploiting vulnerabilities in the system. But as aforementioned, the intent is different. White hat hacking is done with the intent of identifying vulnerabilities and potential threats in a system with the aim to eliminate those threats.
Why hack your own System?
An important and interesting consideration here is that why one should hack his/her own system? The answer is simple and straightforward; to identify loop-holes in a computer system that can be exploited by a malicious hacker, one should act as a hacker himself. While hacking your own system, one thing should be kept in mind that a computer or software cannot be scanned to identify a hundred percent vulnerabilities in the system. As a matter of fact, a system needs not to be tested for all sorts of vulnerabilities. For instance, a web based system that do not serve much of the network traffic needs not to be tested for high traffic. A good ethical hacker must know what some of the most critical areas of the system are that a bad hacker can exploit. Enlisted are some of the steps that a good hacker can follow in order to test a system.
- Identify potential threats to the system and then prioritize those threats. Most of the time and effort should be spent on high priority threats. If time and resources allow, threats with low priority can also be identified and tested.
- The white hat hacker’s job is not to destroy the system, therefore while planning an attack, the severity of attack should only be high enough to identify vulnerability, not to crash or damage the system, unlike what the bad guys do.
- Once vulnerabilities have been identified, report the vulnerabilities to the top management, and if possible, present the solution as well.
- Remove vulnerabilities, once approved by the top management.
Types of Attack that a White Hat Hacker Identifies
Ideally, a white hat hacker should identify each and every successful attack on a system. However, the types of vulnerabilities that should be identified by a white hat hacker can be broadly classified into three categories.
- Social Engineering Attacks
Social engineering attacks are attacks that exploit the human trust. Human beings by nature trust each other. However, too much trust can result in loss of financial assets, reputation and a huge amount of precious data. Social engineering attacks including sending spyware and keyloggers to the system and phishing etc. Physical social engineering attacks include shoulder surfing, dumpster diving and rummaging.
- Network Attacks
These types of attacks include unauthorized access to the network, accessing important information over a remote computer, installing viruses and other malicious applications on other computers, putting too much traffic on a computer, and DOS attacks.
- Application/ OS Attacks
The third type of attack is the attack on operating systems and the applications. These attacks are executed via Internet websites or DVDs where a virus exploits a loop-hole in a software application and makes it work in an abnormal way.
Ethical Obligations of a White Hat Hacker
As aforementioned, white hat hackers are good hackers and to be a good hacker, some ethical obligations must be followed while executing white hat hacking attacks. These obligations are enlisted below:
- The information and data that is accessed during a white hat hacking attack must not be leaked and used for vested interests.
- The privacy of the system under attack and of all those associated with that system must be respected.
- The intention of white hat hacking attacks should be solely to identify threats, not to damage or crash the system.
- Honesty is the prerequisite to white hat hacking. All the vulnerabilities and threats identified in the system must be reported to higher management without concealing the slightest of the critical information that is obtained as result of the attack.
White hat hacking, if practiced following the ethical obligations is not only fun but it also helps identify the threats in a system. Having a good understanding of white hat hacking can not only help individual secure his system but it can also land him a decent job. Udemy.com contains several white hat hacking tutorials that can help individuals learn white hat hacking. One such white hat hacking tutorial can be found here.