case study of ethical hacking

Top 5 Ethical Hacking: Real-World Case Studies and Techniques Overview

Explore ethical hacking with real-world case studies, uncover key techniques, strategies, and lessons learned in cybersecurity practices and defense mechanisms.

What is Ethical Hacking?

The importance of ethical hacking in cybersecurity, ethical hacking vs. malicious hacking, ethical responsibilities and legal aspects, skills required for ethical hacking, ethical hacking 1: penetration testing of a corporate network, ethical hacking 2: simulating a social engineering attack, ethical hacking 3: assessing web application vulnerabilities, ethical hacking 4: breaching wireless security, ethical hacking 5: detecting insider threats.

Ethical hacking is crucial in today's cybersecurity world , as it helps organizations identify and fix vulnerabilities before malicious hackers can exploit them. Organizations are expected to spend over $300 billion on cybersecurity by 2024, with a significant portion going to ethical hacking services and penetration testing.

These statistics prove that ethical hacking plays a substantial role in today's cybersecurity landscape. In this article, we explore the world of ethical hacking through real-life examples. Each example discusses individual elements of ethical hacking, from penetration testing to social engineering, as well as ethical hacking tools, approaches, and tactics used by professionals in the field. We will also talk about the lessons learned from these scenarios and how they can be applied to improve security measures.

Whether you are a cybersecurity professional or an enthusiast, this article offers a deep dive into the practical application of ethical hacking that will surely help give you a clear understanding of this practice of using hacker techniques and methods.

Understanding Ethical Hacking

In the following sections, we will introduce you to the concept of ethical hacking, why ethical hacking is a vital cybersecurity practice that helps organizations protect themselves from the ever-growing threat of cyberattacks , the difference between ethical and malicious hacking, the ethical and legal standards, and the necessary skills of ethical hackers that play a crucial role in protecting the digital world.

Ethical hacking , also known as white-hat hacking , involves the authorized use of hacking techniques to identify vulnerabilities in computer systems, networks vulnerabilities, and applications that malicious hackers can exploit. Ethical hackers use the same techniques and ethical hacking tools as their malicious counterparts, but do so with the permission and approval of the organization being audited.

Ethical hacking aims to improve an organization's network security by finding weaknesses, reporting them, and proposing appropriate solutions and remediation measures. Ethical hacking analysis can include various activities, including network penetration testing, application security vulnerability assessment, social engineering simulations, and more. We will talk about these and other types of ethical hacking studies later. For now, let's learn about the importance and benefits of ethical hacking in cybersecurity.

The ideal solution for large-scale projects. Impeccable protection, high performance and flexible settings.

In today’s interconnected digital world, the danger of cyberattacks is constantly growing. Cyberattacks are becoming more targeted and sophisticated, making ethical hacking analyses especially important as they allows organizations to avoid these threats. Ethical hackers help prevent data breaches , financial losses, and reputational damage by identifying and remediating security vulnerabilities before they are exploited. Regular ethical hacking assessments are also essential to maintaining a robust cybersecurity posture, as they ensure that defenses remain effective against new and emerging threats.

Renting our virtual private servers or virtual dedicated servers is a win-win option for creating a robust and secure digital infrastructure for your growing business .

While ethical and malicious hackers (commonly referred to as black-hat hackers) use similar methods, their goals are very different.

Certified ethical hackers operate under strict rules, have explicit permission from the organization, and are carefully monitored and documented to ensure that their actions comply with ethical and legal regulations, which we will discuss in the next section of the article.

Ethical hacking comes with a lot of responsibility. Ethical hackers or white-hat hackers must follow a strict code of conduct to ensure their actions do not cause harm or violate any laws. Ethical responsibilities include:

• Getting explicit permission before conducting any tests.
• Clearly defining the scope of their work.
• Reporting all results to the organization without using them for personal gain.

In addition, ethical hackers must be aware of and comply with the relevant legal frameworks:

• Data protection regulations
• Computer crime laws

Ethical hackers must act within the law because any unauthorized hacking, even with good intentions, can lead to serious legal consequences.

Ethical hacking requires a diverse set of skills, such as:

• Technical knowledge
• Analytical thinking
• Problem-solving skills

Essential skills include a deep understanding of operating systems (OS), networking, and various programming languages and familiarity with penetration testing ethical hacking tools and techniques such as Nmap , Metasploit , and Wireshark . Since cybersecurity constantly changes, true hackers must stay up-to-date with the latest trends and threats. In addition, good communication skills are essential, as honest ethical hackers must clearly explain their findings and advice to technical and non-technical stakeholders.

Scenario Overview

In this study, an ethical hacker was tasked with performing a penetration test on an extensive corporate network.

Objective : To assess the security vulnerability of its internal systems, discover potential vulnerabilities, and ensure compliance with industry standards.

The network consisted of many vital assets, such as servers, databases, and workstations, each of which needed to be tested to ensure that it did not interfere with day-to-day operations.

Ethical Hacking Tools and Techniques Used

Results and Lessons Learned

Using ethical hacking such as penetration testing, the following vulnerabilities were identified, and solutions were quickly provided to fix them.

Conclusion: Conducting regular penetration tests is critical to identifying hidden vulnerabilities, strengthening an organization's technical defenses, and increasing employee awareness.

In this case study, a company hired an ethical hacker to conduct a simulated social engineering attack to determine its employees' susceptibility to psychological manipulation techniques.

Objective : To determine how easy it was to trick employees into revealing sensitive data or taking actions that could jeopardize the organization's security. The test was conducted without prior warning to the staff to ensure adequate responses.

Psychological Manipulation Techniques

The ethical hacker used several social engineering tactics:

Results and Mitigation Strategies

The social engineering attack simulation showed that many employees were vulnerable to social engineering attacks. The results of the social engineering attack simulation and the corresponding mitigation strategies are listed below:

Conclusion : Social engineering attacks exploit human psychology rather than technical vulnerabilities. Therefore, ongoing employee training and awareness are essential to mitigate these threats and ensure that staff are the first line of defense against potential attacks.

In this example, an ethical hacker was hired to perform a vulnerability assessment of a web application used by a financial company. Given the critical nature of the data ( sensitive customer information : personal data and financial transactions) handled by the application, the company wanted to ensure that it was protected from potential cyberattacks.

Objective : Identify and exploit any vulnerabilities in the application and provide recommendations on how to secure it.

Identify and Exploit Common Vulnerabilities

During Ethical Hacking 3, the following automated ethical hacking tools were used to scan the vulnerability of web applications: OWASP ZAP and Burp Suite , several vulnerabilities and their exploitation options were identified:

Securing the Application After the Assessment

After identifying and exploiting these vulnerabilities, the ethical hacker gave the company a detailed report outlining the issues and their potential impact. The report also offered the following recommendations to secure the application:

• Use parameterized queries to prevent SQL injection.
• Validate and sanitize input data to mitigate XSS.
• Implement appropriate access controls to avoid IDOR.

Conclusion : Regular vulnerability assessments of web applications, especially those that handle personal data, are important. Promptly identifying and remediating vulnerabilities is critical to protecting against potential cyber threats and ensuring the network security and integrity of customer data.

In this case study, a large retail company hired an ethical hacker to assess the security of its wireless network after concerns about unauthorized access. The company relied heavily on its wireless network for point of sale (POS) systems and inventory management, making the network a critical component of its day-to-day operations.

Objective : To identify any vulnerabilities in the wireless network that attackers could exploit for network hacking, as well as provide recommendations for securing the wireless network.

Wireless Hacking Techniques

During the wireless security system assessment to discover accessible networks and identify any weaknesses in their configurations, the following ethical hacking tools were used: Kismet and Airodump-ng . The ethical hacker identified the following wireless security breaches:

• The company was using outdated encryption protocols (WEP) for some of its access points, which were easily hacked.
• By sniffing packets from a wireless network, it is possible to successfully crack WEP encryption and gain access to the network, intercepting data, including sensitive information, transmitted between POS systems and company servers.
• Poorly configured access points with weak passwords further undermine network security .

Steps to Secure Wireless Networks

After demonstrating the vulnerabilities, the ethical hacker gave the company a detailed report highlighting the risks associated with outdated encryption protocols and weak access point configurations. To secure the wireless network, the following steps were recommended:

• Upgrade encryption to WPA3: To prevent network traffic from being easily decrypted, r eplace WEP with WPA3 , the latest and most secure wireless encryption standard.
• Harden access point configurations: To minimize attack vectors, reconfigure all wireless access points with strong complex passwords and disable unused access points.
• Implement network segmentation: Segment critical systems such as POS devices into separate VLANs with strict access controls to limit potential damage in the event of a breach.
• Regular security audits: Conduct regular security audits and penetration tests to ensure the network is always secure and compliant with industry standards.

Conclusion : Modern encryption protocols and robust security practices are important for wireless networks. By addressing these vulnerabilities, a company can significantly reduce the risk of unauthorized access and ensure the security of sensitive data transmitted over its wireless infrastructure.

In this case, a financial institution engaged an ethical hacker to address its insider threat issues. The company was experiencing several suspicious activities, including unauthorized access to sensitive customer data and unexplained financial transactions.

Objective : Identify any insider threats or vulnerabilities in the organization’s internal security controls and recommend strategies to effectively monitor and respond to such threats.

Monitoring and Response Strategies

The ethical hacker began by implementing advanced monitoring ethical hacking tools and strategies to detect unusual activity on the network:

Using Security information and event management (SIEM) systems, the hacker set up real-time alerts for unauthorized access attempts, unusual file transfers, and abnormal behavior patterns. The SIEM system was configured to aggregate and analyze logs from multiple sources, including network devices, servers, and user workstations, to provide a comprehensive view of potential threats.

The ethical hacker also thoroughly audited user access controls, identifying instances where employees were accessing sensitive information outside their job descriptions. The audit identified multiple accounts with elevated privileges being misused to access sensitive data. The hacker then implemented strict Role Based Access Control (RBAC) to ensure that employees could only access the information required for their roles.

In response to the identified threats, the ethical hacker recommended implementing User and Entity Behavior Analytics (UEBA) tools to monitor user activity for deviations from normal behavior. This approach allowed the company to proactively detect and respond to potential insider threats.

Lessons Learned and Preventive Measures

The Insider Threat Detection Study highlighted several key points:

• Continuous monitoring and real-time alerting are essential to detect insider threats before they cause significant damage.
• Regular user privilege audits are needed to prevent unauthorized access to sensitive information.
• Implementing strong access controls and behavioral analytics to mitigate insider threats is essential.

As a preventive measure, the company has developed a robust insider threat program:

• Regularly training employees on security best practices and the implications of insider threats
• Instituting periodic audits of access control and monitoring systems to ensure their effectiveness over time.

Conclusion : Access monitoring and control are essential in detecting and preventing insider threats, which can be among the most challenging cybersecurity risks. By implementing these strategies, an organization can significantly reduce the risk of insider threat incidents and strengthen its overall security posture.

Get the most out of your budget with our affordable, efficient VPS solutions. Fast NVMe, 30+ countries, managed and unmanaged VPS.

In conclusion, ethical hacking is vital in today’s cybersecurity world, providing organizations with the tools and expertise needed to protect against increasingly sophisticated cyber threats. As cyber risks continue to evolve, the role of ethical hacking will only become more critical. We hope the real-life examples and case studies of ethical hacking in this article have helped you understand how ethical hackers discover vulnerabilities, strengthen defenses, and improve overall security. By staying up-to-date with the latest techniques and regularly testing your systems, you can better protect your digital assets and maintain a robust defense against potential attacks.

VPS for Ethical Hacking

Choose the suitable configuration and enjoy all the benefits of a virtual private server.

Related articles

Mastering Linux Server Security: Stats, Challenges, and Best Practices

Explore essential Linux server security recommendations to safeguard your system from threats. Enhance your server's...

Software and Security Audit on Server: How and Why

Explore the fundamental stages of a comprehensive server security audit with our detailed checklist. Whether you're an...

Web Fortress: Understanding Importance of Firewall

Get acquainted with firewalls and their role in network security. Discover the main types of firewalls and the...

The latest news, profitable discounts, and informative articles - subscribe to the is*hosting blog and be the first to receive a useful newsletter.

Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

Home Blog Security Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

Over the years, there has been a huge rise in cybercrime attacks due to the general public's lack of knowledge about hacking and internet-related crimes. Unfortunately, this goes for both common people as well as big companies. People generally think that having an antivirus that offers cyber security is enough for them to stay safe on the internet. The same goes for big corporations that do not use high-quality protection for their data. This is where ethical hackers come into play with some really impressive ethical hacking cases where they saved the day.

Ethical Hacking - An Overview

Bypassing or breaking through the security mechanisms of a system to search for vulnerabilities, data breaches, and other possible threats is an example of ethical hacking. It has to be done ethically to comply with the laws and regulations relevant to the area or the company. Because an individual must go through several procedures to get into a system and record it, this form of infiltration is referred to as "penetration testing" in the industry jargon. This is because an individual must record the system after entering it. 

You must be wondering what ethical hackers are? They are people who possess the same knowledge as hackers but use this knowledge to boost internet protection protocols and software. You, too, can learn how to be an ethical hacker using a CEH certification training course. They are the ones who protect us from actual hackers. There are multiple categories of ethical hackers, such as: 

• Black hat hackers: They use their knowledge for malicious intent, blackmail, etc. 
• White hat hackers: They possess the same knowledge as the black hat hackers but use their knowledge to help companies increase their defenses against the black hat hackers.

How Do White Hat Hackers Work?

With the growing rise in hackers on the internet, companies have begun using ethical hackers to scope out the flaws and vulnerabilities in their software and protection programs. But, how do these ethical hacking cases work? These people use the same techniques as Black hat hackers to penetrate a company's defenses. By doing so, they can understand the safety flaws. This gives them the inside edge to patch the flaws to ensure that hackers cannot get through the protection.

There have been multiple instances where ethical hackers have been able to spot cracks in a company's security and save them from having huge security leaks due to hackers, which would result in huge losses. The following ethical hacking case study is six instances where ethical hackers were able to save a company from dealing with data leaks and suffering huge financial losses.

Case Studies of Ethical Hacking

1. a crack in wordpress leaked user information.

Back in 2019, a new plugin was released for WordPress called Social Network Tabs. As you know, most people use WordPress to make their websites. This plugin got very popular, but none knew about the vulnerability. It basically helped users share their website content on social media.

Baptiste Robert was a French security researcher who was known online by his user handle, Elliot Alderson. He was the one who found the crack in the plugin, which was given the ID CVE-2018-20555 by MITRE. You can find this case and similar ones in a case study on ethical hacking PDF online.

You must be wondering what exactly did this flaw in the plugin do? The flaw in the plugin compromised the user's Twitter account. Since the plugin is connected to the user's social media account, the vulnerability leaked the user's social media details. Robert was the first to spot this leak and was fast to notify Twitter about it, which helped secure the user's accounts that got affected by it.

2. Oracle's vulnerability in their WebLogic servers

In 2019, Oracle released a security update without any prior notice. This took fans by surprise until they learned why this happened. The security patch was a very critical update that fixed a code vulnerability in the WebLogic Server.

The flaw was brought to light by a security firm known as KnownSec404. The vulnerability was labeled as CVE-2019-2729 which received a level of 9.8/10, which is pretty high. The vulnerability left it open to be attacked by hackers targeting two applications that the server left open to the internet.

3. Visa card vulnerability that allowed for a bypass in payment limits

This was one of the most famous ethical hacking cases brought to light on the internet. It took place on July 29th, 2019. Two security researchers from a company called Positive Technologies spotted a security weakness in Visa contactless cards that allowed hackers to bypass the payment limits. This flaw in their security would cost the company a huge loss. This one case boosted the interest in ethical hacking. As a result, multiple students began taking cyber security course certificates online to learn more.

Tim Yunusov, the Head of Banking security, and Leigh-Anne Galloway, the Cyber Security Resilience Lead, were the ones who discovered this. This was made public after five major UK banks were targeted. The contactless verification had a limit of £30 on Visa cards, but due to this weakness, hackers could bypass this limit.

4. Vulnerabilities allow for ransomware in Canon DSLR

In 2019, the DefCon27 was held, which was attended by Eyal Itkin. He was a vulnerability researcher at Check Point Software Technologies. He revealed that the Canon EOS 80D DSLR had a vulnerability that the PTP, which was the Picture Transfer Protocol, had an issue whereby ransomware could be transferred into the DSLR using the WiFi connection.

He went on to highlight that there were six vulnerabilities in the PTP that made it an easy target for hackers. They could easily get into the DSLR using this crack in the firmware. The objective of the hackers was simple. Infiltrate the DSLR and infect it with ransomware that would render the pictures useless to the user. The user would have to pay a ransom to get the pictures back to the hacker.

The team working with Eyal informed Canon about the security breach vulnerability. A few months later, Canon released a notice saying that the vulnerability was never exploited by hackers, which means that it was never discovered. However, they also announced that users should take safety precautions to keep themselves safe.

5. Zoom on the Mac could be hacked and expose the camera

On July 9th, 2019, Jonathan Leitschuh exposed a very critical vulnerability in Appel's Macs. This flaw in the security framework allowed hackers to take control of the user's front camera. As a result, many websites could force a user into a Zoom call without their knowledge or permission. This was something that invaded privacy, and millions of people who would conduct meetings or even use Zoom, in general, were at risk. This is an important ethical hacking case as it was broken on social media to make people aware. The very same day, Apple sent out a fix that was a simple patch that users could download and install to fix the issue. Zoom, too, didn't waste any time by issuing a quick-fix patch to stop the issue. 

6. A backdoor could allow hackers to execute root commands on servers

DefCon27 was where many ethical hacking cases came to light. Another one was the case of Özkan Mustafa Akkuş, who was a Turkish security researcher. They exposed a vulnerability in Webmin, a web-based system configuration in Unix-like systems.

The vulnerability was labeled CVE-2019-15107; it was a backdoor entry that allowed hackers to execute commands with root privileges. This left users exposed to hackers that could take control of their systems or hold it for ransom.

This is an important ethical hacking case study as Jamie Cameron, who is the author of Webmin, claimed that the backdoor was set by an employee. This was something that wasn't known to the company. They announced a new patch update to the new software version, which would be released to all the users.

A very important case study to know about that was featured in the case study of ethical hacking PDF was that of Zomato in India.

7. What happened to Zomato?

In 2017 a hacker broke into the security of Zomato, one of the biggest online restaurant guides and food ordering apps. The hacker was after five things. 

• Names 
• Emails 
• Numeric user IDs 
• User names 
• Passwords 

The amount of data lost was in the millions as 17 million users were targets. The hacker was able to put up this information on the darknet for anyone to buy before starting talks with the company. This was one of the most shocking ethical hacking cases in India. This also led people to question the cyber security of the country.

Once this case was exposed to the public, Zomato issued a few blogs where they spoke about the real person behind this breach. It was said that the work was done by an ethical hacker who wanted to bring the issue of national cyber security to light. It worked as the whole country began talking about cyber security. 

8. The bug bounty program

This was a reward program started to get talented individuals to use their hacking skills to expose the weaknesses in the company's security programs. Today, multiple companies use this program to find the issues in their security. Companies like Google, Microsoft, and Facebook have invested millions in this program to find the flaws in their system and make them stronger against cyber-attacks.

The individual can get cash awards or even recognize if they can point out and fix the issue. This has brought to light multiple numbers of issues as well as many talented, ethical hacker cases that we have ever seen. 

Many people are now interested in taking up ethical hacking as their career. You can get the KnowledgeHut’s CEH certification training to learn more about ethical hacking.

In conclusion, ethical hackers are essential to the cyber security field. They are the ones who can figure out the flaws in any system and the ones who can also provide quick fixes. They are important to know how to keep your data safe in these troubled times. If you wish to know more about ethical hacking, you can get the case study on ethical hacking PDF, which you can find online. These case studies are important as they highlight the weakness in online security firmware. These need to be fixed as they could mean a potential data leak which could result in a huge financial and reputation loss for the companies that suffer it. Employing White Hat hackers is one way of fighting against it.

Frequently Asked Questions (FAQs)

An example of ethical hacking done by White Hat hackers is simulating an attack on a system to see if there are any flaws in the system. They can also use the information found online about the company to find a way to infiltrate the company's security.

The role of an ethical hacker is simple. They possess the same knowledge as Black Hat hackers. But, the only difference is that they use their knowledge to spot the flaws in security systems so that they can fix them. They just want to make the security impenetrable to any attacks.

The five steps are: 

• Reconnaissance: This step is about understanding the network and security features. 
• Scanning: This is where they scan for the flaws in the system to see if there could be any entry.
• Gain Access: This is where they gain access to the system by any means necessary. 
• Maintain Access: This is where they keep their presence inside the security software or firmware without alarming anyone or losing access to the system.
• Cover Tracks: This is where they cover up any tracks they left while getting inside or leaving the system.

Vitesh Sharma

Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expertise in MPLS, Wi-Fi Planning & Designing, High Availability, QoS, IPv6, and IP KPIs. With a robust background in evaluating and optimizing MPLS security for telecom giants, Vitesh has been instrumental in driving large service provider engagements, emphasizing planning, designing, assessment, and optimization. His experience spans prestigious organizations like Barclays, Protiviti, EY, PwC India, Tata Consultancy Services, and more. With a unique blend of technical prowess and management acumen, Vitesh remains at the forefront of ensuring secure and efficient networking solutions, solidifying his position as a notable figure in the cybersecurity landscape.

Avail your free 1:1 mentorship session.

Something went wrong

Upcoming Cyber Security Batches & Dates

• About Amigo
• News Corner
• Our Ecosystem
• Become Partner
• Data Security Products
• File Security
• Email Security
• Siccura Guards
• Organization Security Testing
• Web app Penetration testing
• Mobile App Penetration Testing
• Network Penetration Testing
• Source Code Review
• Certification Course
• Certification in Ethical Hacking
• Certification in Network Security
• Certification in Digital Forensic
• Cyber Workshop
• Cyber Awarnress Program
• Cyber School Program
• Cyber Hygine Training
• Corporate Cyber Training
• Employer Security Training
• Employer Security Program
• Management Security Program
• Under Graduation Programs
• BSc Cyber Security & Cyber Forensics
• BCA in Cyber Security
• B.tech in Cyber Security
• B.tech in AI
• Post Graduation Programs
• MSc Cyber Security & Cyber Forensics
• MCA in Cyber Security
• PG Diploma in Cyber Security & Digital Forensics
• BSc MSc Cyber Security & Cyber Forensics
• M.tech in Cyber Security
• PG Diploma in Digital Marketing
• Case Studies
• Cyber Warrior
• Hall of Fame
• HK9 Community
• Under Attack
• Pre- Assesment
• Events Webniar

• Digital Forensic
• Ethical Hacking in Practice: Real-World Case Studies

Venkatalakshmi Madapati

Ethical hacking in practice Ethical hacking in practice involves the systematic process of identifying and exploiting vulnerabilities in computer systems, networks, or applications with the permission of the system owner or administrator. The primary goal is to assess the security posture of the target system and recommend measures to mitigate potential risks. Authorization and Consent Ethical hackers, also known as penetration testers or white-hat hackers, must obtain explicit authorization from the organization or individual responsible for the target system before conducting any security assessments. This authorization ensures that the hacking activities are conducted within legal and ethical boundaries. Methodologies Ethical hacking follows established methodologies to systematically evaluate the security of a target system. Common methodologies include reconnaissance, scanning, enumeration, exploitation, and post-exploitation. These steps involve gathering information about the target, identifying potential entry points, exploiting vulnerabilities, and maintaining access to assess the impact. Tools and Techniques Ethical hackers leverage a variety of tools and techniques to perform their assessments. These may include network scanners, vulnerability scanners, password cracking utilities, packet sniffers, and exploit frameworks. Additionally, they may employ social engineering tactics to manipulate users into divulging sensitive information or compromising security controls. Reconnaissance The first phase of ethical hacking involves gathering information about the target system, including its architecture, network topology, software versions, and potential entry points. This information is collected through passive reconnaissance techniques, such as public information gathering and network scanning. Vulnerability Assessment Ethical hackers use automated scanning tools and manual techniques to identify vulnerabilities in the target system. This includes software vulnerabilities, misconfiguration, weak passwords, and insecure network protocols. Vulnerability assessment helps prioritize security risks and potential attack vectors. Exploitation Once vulnerabilities are identified, ethical hackers attempt to exploit them to gain unauthorized access to the target system. This may involve using exploit code, social engineering tactics, or other techniques to bypass security controls and escalate privileges. The goal is to demonstrate the impact of the vulnerabilities and simulate real-world attack scenarios. Post-Exploitation After gaining access to the target system, ethical hackers conduct further analysis to determine the extent of the compromise and identify sensitive data or critical assets that may be at risk. This phase involves maintaining access, gathering additional information, and documenting the steps taken during the assessment. Reporting Ethical hackers document their findings and recommendations in a detailed report, which is provided to the organization or individual who authorized the assessment. This report typically includes an executive summary, technical details of vulnerabilities, risk assessment, and prioritized recommendations for remediation. The goal is to assist the organization in improving its security posture and mitigating potential risks effectively. Continuous Improvement Ethical hacking is an ongoing process that demands continuous learning and adaptation to keep pace with evolving threats and technologies. Ethical hackers stay informed about the latest security trends, tools, and techniques through training, certifications, and participation in the cybersecurity community. By continuously refining their skills, ethical hackers can effectively identify and address emerging vulnerabilities, contributing to the overall resilience of cybersecurity defenses. Real-World Case Studies we will analyze some notable ethical hacking case studies of this practice and how it has to securing our digital world. Case Study 1: The Target Breach In 2013, the retail giant Target fell victim to a massive data breach that the personal and financial of millions of . The breach was traced back to a malware that infiltrated the point-of-sale system.Ethical hackers were called in to investigate the incident and identify the security vulnerabilities that led to the breach.The analysis revealed that the gained initial access through a attack on one of the third-party vendors. Once inside the network, they exploited weak security controls and lack of to move laterally and access the payment system. This case study highlights the of security testing and continual to prevent such breaches. Case study 2: Stuxnet And Industrial Control S Stuxnet is arguably one of the most examples of cyber-attacks. in 2010, this sophisticated worm targeted industrial control systems (ICS)with a primary focus on Iran’s nuclear program. Ethical hackers played a crucial role in analyzing Stuxnet to its and mitigate its effects.The analysis of Stuxnet revealed that it unknown in Windows systems and Siemens control systems. It multiple , including exploits, rootkit installation, and worm-like , to target and manipulate specific logic (PLCs)The case study emphasizes the of robust security measures for critical and the need for continuous monitoring and response. Case Study 3: The Ashley Hack In 2015, the infamous Ashley Madison website, which facilitated affairs, a data breach. The breach exposed , including names, email addresses, and details, of millions of users. Ethical hackers were engaged to investigate the incident and assess the security practices of the website.The analysis several flaws, including weak password hashing , access controls, and poor data . , the lack of a robust incident plan and user data stored further the impact of the breach. This case study serves as a that even websites dealing with impact breach and information must prioritize security to protect user privacy. Conclusion Ethical hacking is a crucial practice for assessing and strengthening cybersecurity defenses in today’s digital world. Through explicit authorization, systematic methodologies, and the use of various tools and techniques, ethical hackers identify vulnerabilities and recommend measures to mitigate risks. Real-world case studies, such as the Target breach, Stuxnet attack, and Ashley Madison hack, highlight the importance of proactive security testing, continuous improvement, and robust incident response measures. These case studies underscore the ongoing need for organizations to prioritize security to safeguard against potential breaches and protect sensitive data. By learning from past incidents and embracing a culture of security, businesses can better defend against evolving cyber threats and enhance their overall resilience in the face of adversity.

Previous Post

Ethical Hacking Ethics

Ceh certification: what employers look for and how to stand out, post a comment cancel reply.

Your email address will not be published.

Leave a Reply

Email address

Website Url

Save my name, and email in this browser for the next time I comment.

Related Posts

IDS/IPS: Boosting Forensics for Proactive Threat Defense

Intrusion Detection Systems (IDS)An Intrusion Detection System (IDS) is a security tool designed to monitor…

Remote Work Revolution: Companies Embrace Digital Collaboration Tools for Seamless Operations

Remote Work Revolution: Companies Embrace Digital Collaboration Tools for Seamless Operations The remote work revolution…

Blockchain Innovation Sparks Surge in Decentralized Finance Projects

What is a Blockchain ? Blockchain is a decentralized digital ledger technology that enables the…

Securing the Connected World: Navigating IoT Security Challenges

Securing the Connected World: Navigating IoT Security Challenges Securing the connected world in the era…

Newsletter Sign Up!

For information Consult with our expert members

Our Company

• Our Echo System

Cyber Education

• Employee Security Program
• BSc Cyber Security & Cyber Forensics
• PG Diploma in Cyber Security & Digital Forensics
• BSc MSc Cyber Security & Cyber Forensics
• Terms of use
• Privacy and Cookies Policy

Your message (optional)

Denounce with righteous indignation and dislike men who are beguiled and demoralized by the charms pleasure moment so blinded desire that they cannot foresee the pain and trouble.

Latest Projects

Partner Overview

Join Us for Growth, Innovation and Cybersecurity Excellence.

Become a Channel Partner

Be a Valued Partner and Embark on a Journey of Profitability.

Partner Portal

Unified Security Platform

Latest Content and Resources

Threat Report 2023

NRGi Holding Case Study

The 15 Internet Crime Stories That Make Cybersecurity Measures Essential

Read the best, most fascinating tech stories that cover the risks of the digital landscape and find out how to stay safe

Last updated on February 28, 2024

Internet crime stories are dime a dozen but these examples will show you why online security is essential. From ethical hacking to blackmail and car hijacking, these true stories show how you must act now to secure your well-being in the digital landscape. We carefully curated the best, most fascinating tech stories that cover the risks involved in any digital activity of device, so use the links below to navigate them.

• The mom whose laptop was locked down by a ransomware attack
• Tom was blackmailed because of his hacked Ashley Madison account
• How ethical hackers took over her PC
• They remote hacked his car
• Ransomware deletes 2 years of academic papers
• His WoW account got hacked. Twice
• Your data has been breached
• Catfish isn’t dinner, it’s lies, manipulation, and theft
• Hillary Clinton’s Aides Got Phished And Lost Her The Election
• He fell prey to the same scam twice and lost $1,350
• Who would want to be you? Some can even become You.
• When your workplace, a gaming giant, gets hit
• The casual, public Wi-Fi hack
• Customer support falls prey to a social engineering hack
• Hotel managers and clients had nightmares due to one lock hack posted

Cyber security incidents and getting hacked seem like distant, fascinating things where other people get hurt, but you stay safe. Truth is, getting hacked or scammed can happen to anyone and it might even have happened to you in the past.

The average number of devices used by you and most people have increased exponentially in the recent years. We’re surrounded by IoT devices, wear smart bracelets, have friends who are betting their savings on cryptocurrency,  and we sign up to dozens of social media platforms.

This means cyber attacks have a lot of ways to get to you – either by targeting you specifically or by simply compromising your info in large-scale attacks. The best way to learn is through experience, so let’s do just that.

Here are the real stories of people who got hacked and what they learned, plus some actionable tips to enhance your security.

1. The mom whose laptop was locked down by a ransomware attack

Two days before Thanksgiving, Alina’s mother got hit by a ransomware attack. 5,726 files got locked by CryptoWall , an encryption malware so powerful it is almost impossible to recover the information.

Alina’s mom contacted the attacker through the ransomware’s communication feature.

As all ransomware creators, he told her she can either pay to get her files back or lose them forever.

The price to unlock her files was 500$ in the first week and 1000$ in the second one, after which the files would be deleted.

Payment was to be done in Bitcoin, a complicated process which she had to learn on the fly.

Because of a major snowstorm that closed down the banks, Alina’s mom couldn’t pay the ransom in the first week, and ended up having to plead with her attacker to not increase the price to 1,000$.

Surprisingly, he accepted and gave her the key to unlock her files. However, no one should ever pay a ransom, the risks far outweigh the benefits.

T he full story is here: How my mom got hacked & What I’ve learned after my mom got hacked (and her data held for ransom)

Find out what steps to take for your protection: WHAT IS RANSOMWARE AND 9 EASY STEPS TO KEEP YOUR SYSTEM PROTECTED

2. tom was blackmailed because of his hacked ashley madison account.

After the Ashley Madison hack, cyber criminals contacted him and demanded 500$ to remove his name from a publicly searchable registry.

If not, they would also send an email to his family, informing them of Tom’s affair. Tom refused, believing that if he paid them, they would know that he had something to lose and could be blackmailed further.

He was wise, but that didn’t mean he didn’t suffer. In the end, Tom had to live knowing his affairs on AM could be exposed at any time by the hackers.

Moreover, there were also people who took it up upon themselves to impart justice on people in circumstances they couldn’t, or wouldn’t, understand.

The story: In Ashley Madison’s wake, here’s one man’s story of sex, sorrow and extortion

Securing your pc doesn’t have to be expensive: 13 free pc security hacks to build your online protection, 3. how ethical hackers took over her pc.

Sophie is a technology reporter at the Daily Telegraph.

As part of an assignment, she accepted to be part of an ethical hacking experiment. Basically, a group of ethical hackers would try to compromise her system without her knowing how, when and where.

They pretended to be whistleblowers in control of sensitive government information and sent her an email with some of the files attached.

The malware infection occurred the moment she opened the file, and the attackers got access to everything, including email address and web cam. And it wasn’t even that difficult to do.

The story: How hackers took over my computer

This is how you can protect your email address: the complete guide to email security, 4. they remote hacked his car.

Andy Greenberg, a senior writer at Wired, once took part in a groundbreaking experiment which tested how car hacking could be done.

Next, the transmission was cut and finally, they remotely activated the breaks. And they did all of these things with Andy behind the wheel.

The experiment uncovered a massive flaw in Jeep’s cars which was later fixed. Today, this is even easier to achieve, due to the rise of electric cars and the huge push towards autonomous vehicles like trucks, taxis and more.

The story: Hackers Remotely Kill a Jeep on the Highway—With Me in It

Learn more about how software can expose you, something that works the same way whether we’re talking about computers or self-driving cars: 8 vulnerable software apps exposing your computer to cyber attacks, 5. ransomware deletes 2 years of academic papers.

What’s the first thing people do when they get hit by a malware attack? They panic and ask for help in a dedicated forum: “My PC is infected.

Please, can anyone help me? ”

For this user however, it was too little, too late. For 2 years he worked on his academic papers, and then they got encrypted by ransomware.

The timing was awful as well: it happened right before they were due. Antivirus didn’t help and he had no backup.

We hope he didn’t pay.

What we do know is that ransomware attacks are much more frequent that you can imagine and they target individuals and businesses alike.

The story: My PC got hacked by troldesh ransomware. please is there anyone who can help.

Find out how to backup your data so ransomware does not affect you: how to backup your computer – the best advice in one place, 6. his wow account got hacked. twice.

Gamers are favorite targets for cyber criminals, since they don’t want to lose the time and money invested in a character and are willing to pay the ransom.

As a result of a potential phishing attempt, this guy had his WoW account hacked and all his progress lost. And it happened to him not once, but twice!

The same type of attack happens in most popular online games.

League of Legends phishing volumes are truly legendary, so we talked to their security team to find out how to avoid getting your account stolen.

The story: So my WoW account got hacked… twice.

Learn more about security and gaming: gamers, time to take your cyber security to the next level, 7. your data has been breached.

The Office of Personnel Management, OPM for short, can be considered the US Government’s HR Department.

Among other things, it keeps records of employee personal information, such as height, weight, hair and eye color.

In 2014, the OPM got hacked, and the information of 22 million government employees leaked, most likely in the hands of a foreign government.

143 million US consumers had their sensitive personal information exposed. That’s 44% of the population and today we’re still seeing reports of more Equifax leaks.

Odds are, if you’re a US citizen, your info is floating around on the dark web , at the mercy of cyber criminals. What do you think the US government did to deal with the Equifax hack?

After less than one month since the incident, the IRS awarded Equifax a contract for fraud detection. Clearly, it’s up to you and you alone to protect your identity.

The story: OPM got hacked and all I got was this stupid e-mail

Learn how to stay as safe as possible from identity theft: how to prevent identity theft in 20 essential steps, 8. catfish isn’t dinner, it’s lies, manipulation and theft.

Some people hack you not with malware or suspicious links, but by gaining your trust and love.

This journalist’s mother started using the online dating site Match.com, and eventually formed a connection with a soldier on active duty in Afghanistan.

After a while, the soldier asked for a 30,000$ loan to help him clear a sizeable inheritance of gold and jewelry from US customs.

By now, the journalist and her brother intervened, suspecting the soldier was catfishing their mother.

In the Match.com case, the victims confronted the man with their suspicions and other evidence they had accumulated over time.

The supposed soldier revealed he was a man from Ghana trying to support his sisters, and scamming people online was the best way he knew how to do that.

The story: My mom fell for a scam artist on Match.com—and lived to tell the tale

Learn about the top online scams and how to avoid them: top 11 scams used by online criminals to trick you, 9. hillary clinton’s aides got phished and lost her the election.

Unless you’ve been living under a rock, you definitely know why Hillary Clinton lost the US Election to Donald Trump.

When forwarding the phishing email to a computer technician, he wrote “This is a legitimate email” instead of “illegitimate”.   This gave hackers from Russia access to about 60,000 emails from Podesta’s private Gmail account.

They stole all that data, gave it to Wikileaks, and the rest is actual history.

“The FBI’s laid-back approach meant that Russian hackers were able to roam inside the DNC’s computer systems for almost seven months before Democratic officials finally realised the gravity of the attack and brought in external cybersecurity experts.”

But it was too late, as the election results have shown.

The story: Top Democrat’s emails hacked by Russia after aide made typo, investigation finds

Learn why phishing is so effective and how you can avoid it: 15 steps to maximize your financial data protection, 10. he fell prey to the same scam twice and lost $1,350.

In 2007, Justin was at a difficult point in his life.

Unemployed, with a weak skill set and verging on alcoholism, Justin decided to turn his life around by moving to Italy.

Determined to find a cheap flight, Justin searched for sellers of frequent flyer miles.

He found two sellers and talked to them over the phone. One of them even sent him a photo of his driver’s license. In a twisted sequence of events, both of them scammed him for a total sum of 1350$.

Sounds unlikely?

Think again. Justin tried to find a cheap shortcut and get that ‘too good to be true’ deal and became blind to any potential scammers.

Plus, the phone conversations and photos helped dispel any suspicions he might have. This is how most scamming attempts succeed, by preying on people who give in to the fear of missing out.

The story: How I Lost $1,350 by Falling for the Same Internet Scam Twice in One Week

Learn more about how social scams work and how to avoid them: social scams – the full breakdown and protection plan, 11. who would want to be you some can even become you..

One day, Laura received a call from her credit card company, saying someone else had tried to obtain a credit card using her name, address and social security number.

Eventually, she guessed the answers and saw the extent of the damage.

The impersonator had created more than 50 accounts in Laura’s name, and got credit for utilities such as heat, cable, electricity and even a newspaper subscription.

What’s more, the companies went after Laura in order to get their money back.

After notifying the police and tracking down the impersonator, Laura got a court order and managed to fix a lot of the damage, but only after a lot of sweat and stress.

While her case was a fortunate one, few people share her luck and this story should act as a reminder to always safeguard your personal information.

Another stolen identity case created a buzz on Reddit . This user had an argument with an old roommate, who then decided to take revenge.

He created social media accounts using the victim’s name, photoshopping the person with an ISIS flag and posting questionable content The story: ‘Someone had taken over my life’

While a scary and multifaceted attack, it is possible to protect yourself against these types of threats. Here are 20 SECURITY STEPS YOU SHOULD TAKE TO PREVENT IDENTITY THEFT.

12. when your workplace, a gaming giant, gets hit.

In late 2014, one of the biggest and most expensive hacks ever recorded took place at Sony and one employee reveals the inside situation.

Half of the companies 6800 computers and servers were rendered dead and had ALL of their information stolen and deleted.

As a result, employees had to rewrite every single deleted file by hand. Paper became the main form of communication, used in written memos and to-do-lists, even their salaries were paid using hand-written checks.

The damage didn’t stop there.

The hackers got a hold of employee personal information. The source of the article had to change all her credit card passwords, Facebook, Amazon and eBay accounts, almost 30 accounts in total.

The story: I work at Sony Pictures. This is what it was like after we got hacked.

Because of their size and income, companies are frequent targets for hackers. here is a list of 10 critical corporate cybersecurity risks, 13. the casual, public wi-fi hack.

Maurits Martijn, a Dutch journalist at De Correspondent, entered a busy Amsterdam café with Wouter Slotboom, an ethical hacker.

Within a few minutes, Slotboom had set up his gear, consisting of a laptop and a small black device and connected to the coffeehouses Wi-Fi.

All you needed was around $80-90 worth of software and equipment, an average intelligence and that was it, a few minutes was all it took to get a hold of a few dozen users personal information.

Slotboom’s small, black device could fool a phone into connecting to his own Wi-Fi network, giving him control over the entire traffic coming and going from a device.

If Slotboom wanted to, he could wait until one user wrote in his email address and password and then take it over.

With it, he could control most of the services registered on that email.

While you don’t need to be paranoid every time you connect to a public Wi-Fi, it’s best if you know the risks of doing so.

The story: Don’t use public Wi-Fi when reading this article.

There are ways in which you can stay safe on public hotspots: 11 security steps to stay safe on public wi-fi networks, 14. customer support falls prey to a social engineering hack.

The impersonator then used Eric’s fake information in a conversation with an Amazon customer support representative and found out his real address and phone number.

Using Eric’s real information, the impersonator got in touch with various services and even managed to issue a new credit card in Eric’s name.

Eric got wind of his impersonator’s efforts by reading the customer support transcripts, and also found out his real purpose: to get the last 4 digits of his credit card.

Amazon didn’t do anything to protect Eric’s account, even though he repeatedly signaled the problem, so he finally decides to switch from Amazon to Google.

As a parting note, he gets an email from Amazon implying they have provided the impersonator with the last 4 digits of his credit card.

This story about this guy’s tumultuous experience with Amazon will make you think twice about storing confidential information in your online accounts.

The fact that Amazon failed to protect his account and look into the matter shows how a lack of cyber security education can endanger users

The story: Amazon’s customer service backdoor

Here is a guide on how to protect yourself against social engineering attacks, 15. hotel managers and clients had nightmares due to one lock hack.

In this Forbes story , reporters chronicles the chaos experienced by hotel managers and the panic felt by their customers after a burglar used online hacking tools to bypass the electronic locks on the doors.

He then used that Onity-lock hack to do a series of break-ins. How did this cautionary tale end?

On a bittersweet note.

The original burglar is serving a prison sentence, but the electronic locks in question can still be easily hacked.

A Wired reporter tried it himself, almost 6 years after the original Onity hack, and it still worked. He managed to break into a hotel room.

His story is amazing and it follows the birth of the original hacking method, how the burglar got to it and what came out of the entire publicized event.

The story: The Hotel Room Hacker

If you rely on electronic locks and other IoT devices to secure your belongings, this guide will be very useful:   IOT SECURITY – All You Need To Know And Apply

16. the moderna conundrum.

According to Reuters and other major publications , Moderna Inc, one of the three biotech companies developing an efficient COVID-19 vaccine, has come under attack in late July. US’s Justice Department and the FBI have accused two Chinese nationals in this case.

They have been charged with spying on the American biotech company and three other targets in a bid to slow down or effectively stop the development of the COVID-19 vaccine.

Source from inside the FBI has revealed that the two arrested Chinese citizens are part of a hacking group funded by the Chinese government.

The company has emerged unscathed from the incident. No data has left Moderna’s databanks and the network remains intact.

The story: China-backed hackers ‘targeted COVID-19 vaccine firm Moderna’

These stories may help you realize that not protecting your information and relying on other Internet users to be nice and play fair is not a viable strategy.

Cyber criminals don’t care about the consequences of their attacks.

They only want to reach their purpose, and sometimes that purpose may have nothing to do with you.

You could just be a collateral victim, but the aftermath would be all too real for you.

Ana Dascalescu

Cyber Security Enthusiast

The Atlantic wrote about cyberflâneur and I think that's the best way to describe myself. Or maybe a digital jack-of-all-trades with a long background in blogging, video production and streaming. I spend my waking hours snooping through online communities of all types, from Reddit to security forums, from gaming blogs to banal social media platforms like Instagram. Sometimes I even contribute to those communities.

Related Articles

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

• Cyber Resources And Beginners
• Cyber Security Glossary
• The Daily Security Tip
• Cyber Security For Small Business Owners
• Cybersecurity Webinars
• About Heimdal®
• Press Center
• Partner with us
• Affiliate Program

© 2024 Heimdal ®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V

Ethical and Unethical Hacking

• Open Access
• First Online: 11 February 2020

Cite this chapter

You have full access to this open access chapter

• David-Olivier Jaquet-Chiffelle 21 &
• Michele Loi 22 , 23  

Part of the book series: The International Library of Ethics, Law and Technology ((ELTE,volume 21))

63k Accesses

12 Citations

The goal of this chapter is to provide a conceptual analysis of ethical hacking, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normatively adequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones.

You have full access to this open access chapter,  Download chapter PDF

Similar content being viewed by others

An Ethical Framework for Hacking Operations

Basics for the Process and Requirements of Ethical Hackers: A Study

Hackers in hiding: a foucaultian analysis.

• Script kiddies
• True hackers

1 Introduction

The goal of this chapter is to provide a conceptual analysis of ethical hacking. The chapter begins (Sect. 9.2 ) with a historical introduction, describing how the term hacking and different denominations for different varieties of hacking have been introduced in everyday, journalistic and technical language. Section 9.3 introduces our proposal of a systematic classification, one that fulfils adequate descriptive purposes and that maps salient moral distinctions into the different denominations of hacker types. It does so by proposing an initial taxonomy (inspired by common usage) and subsequently revising it by adding further nuances, corresponding to further evaluative dimensions. Section 9.4 discusses the concept of ethical hacking, revealing a fundamental ambiguity in the meaning of ‘ethical’ as an attribution to hacking. It presents our main thesis, namely that ‘ethical hacking’ refers to a limited view of ethics which assumes the pre-eminence of business-friendly values and that hacking that is ethical, all things considered, may not be ‘ethical hacking’ according to the common usage of the term. We recognise, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense.

2 What Actually Is a ‘Hacker’?

Almost every week mass media communicates about hackers having stolen thousands of passwords and other sensitive private information. It is commonplace to read articles about hackers having taken advantage of system vulnerabilities to bypass security barriers in order to fraudulently access private and company networks. The current understanding of the term ‘hacker’ is influenced by the news, and this twists the original definition of what a hacker is (Fig. 9.1 ). Footnote 1

Word cloud around ‘hackers’

Today’s perception of the term ‘hacker’ tends to be reduced to ‘black hat’ and ‘cyber-criminal’. This has not always been the case, and the term ‘hacker’ conveys a much broader meaning.

2.1 Hackers in the Early Days

In the 1960s and 1970s, typical hackers were not really driven by malicious intent. They were often supportive of strong (ethical) values, broader than computer security issues, such as democracy or freedom of speech. At the same time, computers, not to mention networks, were still in an early stage of development. The economic weight of computer related business was trifling in comparison to today’s influence of GAFAMs Footnote 2 in the global market. Criminal opportunities were limited. Early hackers were often students with special programming skills. They were dreaming of a world where information would be free and openly shared, a world where hackers would belong to a fair community and would collaborate to build a better and more secure digital environment. They could be enthusiastic and appreciative about the aesthetic and the inherent beauty of an optimal programming code (e.g. using the least amount of memory). They were playing pranks and challenging each other, hoping for peer recognition. Cracking the passwords of their institution was not seen as an illegal activity (and usually was not illegal at that time), but as a playful challenge with no malicious intent. They were adept at the so-called hacker ethic— including sharing information, mistrusting centralised authorities, and using computers to make a better world—which is not to be confused with what is called ‘ethical hacking’ nowadays. We sometimes refer to these early hackers as adherent to the programming subculture, or as true hackers .

2.2 Hackers in the 2000s

With the development of computers, networks, the Internet and our modern information society, information has become one of the most valuable assets. Information is the raw resource that boosts Google and Facebook. Information leads to knowledge and new forms of identities, which, in turn, allow targeted advertisement. Such valuable assets create new criminal opportunities and incentives, and need to be protected. The time when computers were a safe playground for geeks with insignificant economic consequences at stake seems far away. Hacking has become a business; a very serious one at that.

From the 1960s to the 2010s, we can therefore observe a shift in the nature of hacking incentives: ideological incentives have been replaced by economic ones (Fig. 9.2 ).

Shift in the hackers’ incentives

Ethical values at stake have evolved accordingly. In the 1960s, they were essentially described by the so-called hacker ethic. With the development of the Internet, of e-commerce and the increasing economic weight of information, freely shared information as well as many early ideological ethical values entered into conflict with economic-related ethical values, in particular regarding the protection of information ownership.

2.3 Modern Hackers

Modern computer hackers are usually defined as skilled programmers and computer experts who focus on software, computer and network vulnerabilities. There is a plethora of terms available to distinguish them: white hats, black hats, grey hats, pen testers, ethical hackers, crackers and hacktivists, to mention the most important ones. Some categories of modern hackers do not even require significant expertise. Indeed, script kiddies are non-expert hackers who run programs and scripts developed by other, more expert hackers (Barber 2001 ). Modern hackers are categorised not only according to their expertise, but also according to the (ethical) values they adhere to or not. Legal values are often implicitly emphasised in this classification (see also Fig. 9.3 ).

White hats, black hats, grey hats and script kiddies (Note that the outer layer refers to one predominant motivation (not the exclusive one). For example, not only grey hats, but also white hats as well as black hats may have fun in doing their activities or enjoy taking a challenge. White hats might also look for peer recognition)

Early hackers were categorised according to their expertise through peer recognition, and were adherent to values described in the hacker ethic. Today, ‘hacktivists’ still consider IT vulnerabilities as opportunities to promote a cause, a political opinion or an ideology. The group Anonymous is a typical heterogeneous group of hacktivists. In her best-seller (Olson 2013 ), Parmy Olson shows a large variety of profiles and incentives within Anonymous . However, most modern hackers use IT vulnerabilities for malicious purposes to commit fraud and make money. Some modern hackers strictly conform to applicable laws, whereas the majority does not really care.

Modern hackers can have a broad spectrum of incentives for their activities. According to Richard Barber, white hats are “[s]ecurity analysts and intrusion detection specialists […] [who] spend their time—just as police or intelligence analysts do—researching the technologies, methodologies, techniques and practices of hackers, in an effort to defend information assets and also detect, prevent and track hackers” (Barber 2001 : 16). White hats do respect applicable laws. In a dichotomic world, they are the good guys. Their incentive is to protect software, computers, networks and the IT infrastructures from the bad guys, the so-called black hats or crackers.

According to Sergey Bratus, by contrast, black hats “act for personal gain and without regard for possible damage” ( 2007 : 72). According to Technopedia ( n.d. ), a black hat is “a person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons”. They might also have other motivations such as cyber vandalism for example. Their values lead to illegal activities.

Grey hats are hackers whose intentions are not fundamentally malicious, but who accept irregular compliance with the law to reach their objectives, which distinguishes them from white hats. Contrary to black hats, greed is not their typical main incentive.

Grey hats might also share some incentives with white hats and so-called true hackers: personal fun, peer recognition, intellectual challenges, etc. However, they do not really share the original hacker ethic.

To represent true hackers, as well as hacktivists, we need a third perpendicular dimension where the legal perspective only plays a secondary role (Fig. 9.4 ).

A third dimension to represent true hackers and hacktivists

Many different definitions are used for terms categorising modern hackers. These definitions are not always fully compatible. They bring different nuances. There is a need for a more systematic classification.

2.4 Today’s Hackers

We have already emphasised a shift in hackers’ incentives from the 1960s to the 2010s. Since the beginning of the 2000s, information grew as a valuable asset and created new economic incentives for cyber-criminals. In our modern interconnected society, we now observe a new shift: information tends to also increasingly become a societal asset too (Fig. 9.5 ).

A societal dimension in hackers’ incentives

Nowadays, our whole society heavily depends on information and information technologies: transport and communication systems, medical facilities, SCADA control systems, electrical grid, nuclear plants and other critical infrastructures, government activities and voting systems, commercial exchanges and payment infrastructures, security-oriented surveillance technologies, or even military control systems.

With the advent and the development of smart cars, autonomous drones, smart medical devices and the Internet of Things, our physical world is becoming even more intertwined with the virtual one. To mimic a famous slogan, Footnote 3 what happens on the Internet does not necessarily stay on the Internet anymore. Lives are at stake. The very functioning of our society now relies on the Internet. A disruption of Internet services and other information infrastructure can paralyse a whole country. This creates a new paradigm and extra incentives for hacking activities. As a direct consequence, we observe the emergence of new categories of hackers: state-sponsored hackers , spy hackers or even cyber-terrorists . The target can be an individual, a company, a facility, an infrastructure or even a state. Whereas black hats foster cyber-crime and cyber-security countermeasures, state-sponsored hackers or cyber-terrorists have given rise to new concepts such as cyber-war, cyber-defence and cyber-peace.

3 Towards a More Systematic Hackers’ Classification

As pointed out, different meanings of the term ‘hacker’ coexist in the context of computerised systems. The term seems to have evolved since the 60s and describes very different realities nowadays. True hackers, adept at the so-called hacker ethic, are disappointed by today’s mainstream usage of the term ‘hacker’. They do not want to be considered in the same category as security breakers and cyber-criminals.

However, in the earliest known appearance of the term ‘hacking’ in the context of computerised systems (Lichstein 1963 )—which appeared in the MIT student newspaper The Tech on 20 November 1963—the pejorative connotation is already present.

Traditional dictionaries are of limited assistance in refining the meaning of the term ‘hacker’ in the context of computerised systems. In fact, this word has numerous different meanings in the English language. The Merriam-Webster dictionary provides four definitions for a hacker (“Hacker | Definition of Hacker by Merriam-Webster” n.d. ):

: one that hacks Footnote 4

: a person who is inexperienced or unskilled at a particular activity (a tennis hacker)

: an expert at programming and solving problems with a computer

: a person who illegally gains access to and sometimes tampers with information in a computer system

Curiously, the second definition seems completely opposite to the typical common understanding as it emphasises the inexperience of the hacker at a particular activity.

The last two definitions better capture the main meanings in the context of this chapter. The third one is general and covers most of the modern categories of hackers, whereas the last one is close to what we call a black hat or a cracker.

The American Heritage dictionary gives similar definitions for a hacker (“American Heritage Dictionary Entry: Hacker” n.d. ):

One who is proficient at using or programming a computer; a computer buff.

One who uses programming skills to gain illegal access to a computer network or file.

One who demonstrates poor or mediocre ability, especially in a sport: a weekend tennis hacker.

Those definitions only describe large categories of hackers. We need to delve deeper into subtle differences to distinguish between the many terms used nowadays to characterise hackers in the context of computerised systems and eventually to precisely define what an ethical hacker is.

A more systematic classification requires, as a first step, a taxonomy , i.e. the creation and definition of classes with clear identities. A second stage of classification is ascription , i.e. placing each hacker into its class. Ascription corresponds to the identification of a hacker as belonging to a specific class. Identification itself is a “decision process attempting to establish sufficient confidence that some identity-related information describes a specific entity in a given context, at a certain time” (Pollitt et al. 2018 : 7). When the entity is a person, i.e. for people identification, the identification process relies on authentication technologies in order to corroborate (or to exclude) the fact that the given identity-related information describes this person in the given context, at the time of reference, with sufficient confidence.

Authentication technologies are classified themselves into four categories, namely:

Something you know

Something you are

Something you do

Something you have

A key aim of this paper is to develop a classification of (modern) hackers, related to categories of authentication technologies.

3.1 A First Taxonomy

In order to reach a new systematic classification of (modern) hackers, different perspectives can be chosen. A first approach consists in defining classes according to hacker’s expertise (its scope and its level) and to hacker’s values (his/her objectives and moral principles). Expertise can be seen as a collection of internal resources—something that the hacker knows— while values followed by the hacker can be seen as an internal attitude—something that the hacker is . Those classes are defined in compliance with the first two categories of authentication technologies (Table 9.1 ).

Hacker’s expertise is defined by both its scope and its level. It corresponds to what the hacker knows and is able to do. The scope considers the expertise environments (OS, protocols, network, etc.), the objects covered by this expertise—those being physical (computers, phones, medical devices, smart cars, drones, etc.) or virtual (websites)—as well as the tools and programming languages mastered. The level of expertise appears to be a decisive criterion within hackers’ communities to grant access to peer recognition. Next to their technical skills, some hackers might possess social engineering expertise. This might appear to be useful for black hats in order to bypass physical or logical security measures. Footnote 5 Social engineering can be used to gain a first internal access into a company computer network, for example. However, social engineering requires significant social skills, and not all hackers are social engineering experts. Hackers can be geeks. In his book (Marshall 2008 : 1), Angus Marschall humourously defines a geek as “a nerd with social skills, and an extrovert geek looks at your shoes when he/she is talking to you.” Conversely, most social engineering experts are not hackers. However, they can work together, typically under the direction of the same entity, a conductor.

Hacker’s values encompass both his/her objectives and his/her moral principles. Hacker’s objectives can be noble: make the digital realm a better and more secure place; they can be ideological: promote political views and ethical values (freedom of speech, democracy); they can be self-oriented (fun, personal intellectual challenge, peer recognition); and they can be malicious (information theft, money extortion, vandalism). Hacker’s moral principles define the limits, if any, that they respect while trying to reach their objectives. These limits can be legal and/or ethical. They can also be personal or related to a particular community.

To give an example based on this first classification, we only consider both the expertise level (high or low) and the legal nature of hacker’s goals. We use illegal to qualify a goal which is not legal— typically a value related to malicious intentions—and unlegal to qualify a goal which is neither legal, nor illegal in nature, for example ‘to have fun’ or ‘to make the world a better place’.

3.2 A Second Taxonomy

We can extend the first taxonomy to develop a finer classification (Table 9.2 ). In our attempt to determine a more systematic classification of modern hackers, a second approach consists in considering not only the internal resources (expertise) and the internal attitude (values), but also external attitudes, as well as the external resources hackers have access to. Following the analogy with authentication technologies, the external attitude corresponds to something the hacker does and the external resources to something that he or she has.

The external attitude describes the modus operandi. Hackers’ modi operandi are numerous. Actions can be potential or actual. Some hackers will act according to what they are able to do, as long as this is compatible with their goals. Others will stop as soon as their actions could become illegal or incompatible with some moral principles. Hackers’ targets belong either to the physical world (smart objects, computers, networks, critical infrastructures, banks) or to the virtual one (e-commerce, e-banking, websites, crypto-currencies). These targets span from individual properties, to companies or even to country-level assets. Hackers can work alone, in (criminal) networks or in state-sponsored groups. They can work for themselves or as mercenaries on behalf of a conductor.

In the economic paradigm, hackers can be classified according to three categories, namely what they know (their expertise, i.e. their internal resources), what they are (their values, i.e. their internal attitude) and what they do (their modi operandi, i.e. their external attitude). In the societal paradigm, hackers are also characterised by what they have (their tools), i.e. the external resources they have access to. Indeed, state-sponsored hackers can have access to classified information and weaponised zero-days, to sneaking, eavesdropping or deep packet inspection tools. More traditional hackers usually do not have access to these resources. Some state-sponsored hackers might even have privileged access to specific locations: Internet backbone or other key physical IT-infrastructures. State-sponsored hackers can work directly for a government, e.g. if they belong to a government agency. Alternatively, they might work for official companies selling hacking products and services to governments. Eventually, they might also belong to mercenary groups selling their services to governmental or non-governmental organisations.

In this second taxonomy (see also Fig. 9.6 ), a white hat is a skilled programmer and computer expert who looks for vulnerabilities in software, protocols, OS, computers and servers, in other physical or virtual devices, and in network systems in order to improve the IT-security of a system. As a principle, he or she abides by applicable laws. He or she will stop any action as soon as it has the possibility of becoming illegal. A white hat might work alone and disclose vulnerabilities to the legitimate owner of the targeted system, with or without a financial compensation. Most of the time, white hats are professional hackers employed by IT-security companies, the clients of whom are other companies that need their own IT-security to be assessed. Pen testers are white hats specialised in penetration tests using the client’s IT-infrastructure. All pen testers are white hats, but not all white hats are pen testers. Indeed, a white hat might decide to analyse the code of some specific open source software without being mandated by its developer or by any third party.

Crackers, pen testers and social engineering experts

Black hats are skilled programmers and computer experts who look for vulnerabilities in software, protocols, OS, computers and servers, in other physical or virtual devices, and in network systems in order to support their malicious intentions. They do not abide by ethical values and do not respect laws. Black hats typically use bugs and exploits to gain unauthorised access to a computer system or an IT-infrastructure with both malicious intent and, typically, illegal means. They aim to steal sensitive information, and personal or corporate data. They attempt to trick users or companies in order to get money transferred to accounts they have access to. They might work alone, belong to professional criminal networks or act as mercenaries by selling their services to such networks or a conductor (crime-as-a-service). All black hats are cyber-criminals, but not all cyber-criminals are black hats. Indeed, many cyber-criminals do not have much expertise. They are not hackers themselves; rather, they buy and use tools or services developed by black hats.

G rey hats are skilled programmers and computer experts who look for vulnerabilities in software, protocols, OS, computers and servers, in other physical or virtual devices, and in network systems in order to have fun, to play around, to solve a challenge, to be granted peer recognition, or to improve the IT-security of a system. Usually their intentions are not malicious and financial gain is not their main incentive. They might comply with their own moral principles that can differ from the original hacker ethic. They do not necessarily respect applicable laws, which distinguishes them from white hats.

Below we select the level of abstraction to describe the intentions and voluntary constraints of the different types of hackers at the right level of abstraction in order to distinguish them more analytically. For example, a hacktivist may share attributes with a black hat or a grey hat if he/she breaks the law, while pursuing ideological objectives (not personal gain). Grey hat hackers may also pursue apparently malicious goals, ideological or personal objectives (e.g. fun, etc.) while disregarding law altogether, but who, unlike black hats, do not aim at committing crimes. One possible way to distinguish white, grey and black hats is in terms of their relation to the law and organisations or individuals:

A white hat acts legally and tries to be trustworthy for companies or other organisations that (may) purchase his or her services.

A black hat acts both illegally and maliciously, e.g. against a victim (a company or another organisation or an individual), either alone or within a criminal network.

A grey hat does not attempt to be trustworthy for companies or organisations; he or she may act illegally when required to pursue his or her goal. However, he or she does not act maliciously and attempts to minimise harm and avoid unnecessary harm.

For example, a grey hacker motivated by ideological goals (e.g. the love of justice) may illegally break the security system of a political party to highlight inadequate privacy protections, but refrains from downloading data, publishing them and causing (serious) harm. Nonetheless, he acts illegally (in most jurisdictions) because he lacks the consent of the attacked party and may also cause some harm (e.g. reputational harm for the party), which is ‘offset’ by the broader benefit for the party members’ deriving from the awareness of the vulnerability, so the act could be seen as being prevalently benevolent.

Crackers Footnote 6 are black or grey hats who perform computer and system break-ins without permission. As a consequence, their activities are illegal. Phreakers are phone crackers.

Note that such descriptions correspond to hackers described as personae, or social roles, not to flesh and bone individuals. It is logically possible for the same individual to sometimes act as a white hat and sometimes as a grey hat hacker in incognito . However, such an individual would have to keep those identities—corresponding to the different persona, the white and the grey hat—completely separated for the public eye. Indeed, the reputation as a grey hat hacker undermines all grounds for trustworthiness that are essential to being employed as a white hat hacker. Of course, it is also theoretically possible for an individual to transact from one personae to another one: e.g. from being a black hat to becoming a white hat hacker. To be credible, however, such role changes would have to be understood as a ‘full conversion’ by others—a change in the overall motivational set of the individual. Moreover, the conversion may not be sufficient to make the individual trustworthy. Indeed, many security companies would not hire a former black hat. For example, at least until 2001, IBM had a policy to “not hire ex-[black hat]-hackers” (Palmer 2001 : 772). Footnote 7 The television series ‘Mr Robot’ (Mr. Robot n.d. ) tells the story of an individual who routinely switches between the roles of a white-, grey- and even black-hat hacker, even in the course of the same day. However, the character has an unstable personality and is schizophrenic.

3.3 Ethical Hacking

Ethical hackers Footnote 8 are white hats mandated by clients (companies) who want their own IT-security to be assessed. They abide by a formal set of rules that protect the client, in particular its commercial assets. All pen testers are ethical hackers, but ethical hackers do not limit themselves to penetration tests. They can use other tools or even social engineering skills to stress and evaluate their client’s IT-security (see also Fig. 9.7 ).

Ethical hackers

An ethical hacker will try to act similarly to a black hat but without causing any tort to the company. He will look for vulnerabilities that could be exploited by malicious hackers, both in the physical world and in the virtual one. In ethical hacking, the conductor of the attack is the target itself or, more precisely, the target’s representative who mandated the ethical hacker to stress and assess the target’s IT-security. In comparison, the conductor of a black hat’s attack is never the target itself, but either the black hat or a third party—different from the target—if the black hat acts as a mercenary.

Ethical hackers adopt a strict code of conduct that protects their relationship with their clients and their client’s interests. Such a code of conduct sets a frame for their attitude. It describes rules that the ethical hacker must abide by. These rules prevent the ethical hacker from taking any personal advantage of his relationship with his client. This fosters the creation of a trusted relationship similar to the special relationship between a medical doctor and his or her patients, or between a lawyer and his or her clients. The client’s trust is of utmost importance in order for the ethical hacker to get the contract and to be granted permission to maybe successfully penetrate the system. Indeed, during the course of such an attack, the ethical hacker might discover trade secrets or other very sensitive data about his or her client’s activities, as well as personal data about employees. The company needs to trust that the ethical hacker will not misuse his or her potential privileged access into its IT-infrastructure in order to introduce backdoors or to infringe privacy, neither during the mandate, nor after the contract is fulfilled.

The typical content of such a code of conduct contains rules which guarantee that the ethical hacker:

will get written permission prior to stressing and assessing his or her client’s IT-security

will act honestly and stay within the scope of his or her client’s expectations

will respect his or her client’s as well as its employees’ privacy

will use scientific , state-of-the-art and documented processes

will transparently communicate to his or her client all the findings as well as a transcript of all his or her actions

will remove his or her traces and will not introduce or keep any backdoor in the system

will inform software and hardware vendors about found vulnerabilities in their products

These rules also aim at protecting the ethical hacker and making his or her work legal de facto. Different curricula even propose training and certifications in order for a hacker to become a certified ethical hacker (CEH).

4 Is ‘Ethical Hacking’ Ethical?

Ethical issues are evaluated according to a collection of ethical values and moral principles in regards to objectives and behaviours in a specific context.

4.1 Inethical, Unethical and Ethical Hacking

Inethical hacking can be defined as hacking that does not abide by any ethical value. Inethical hacking does not imply unethical behaviour, but removes ethical barriers and in doing so increases the risk of actual unethical behaviour. Greed is not an ethical value or a moral principle. Black hats typically perform inethical hacking that leads to unethical behaviour. However, what is ethical hacking fundamentally? Is it hacking that respects at least an ethical value? Certainly not, as such a hacking might infringe other fundamental ethical values. Indeed, intuitively, in order for hacking to be deemed ethical it should respect at least the most important ethical values at stake, balanced in a reasonable way. Therefore, non-inethical hacking is not necessarily ethical.

Precisely defining ‘ethical hacking’ in a fundamental, context-independent way is not a trivial matter, if even possible. We could start to define prima facie unethical hacking as hacking that infringes at least one ethical value or moral principle in an actual context. Prima facie means that the hacking seems unethical, although it may cease to appear so after a thorough examination of the issue. By contrast, the ultima facie ethical or unethical choice considers all relevant reasons, also those pulling in opposite directions, and tries to determine what is best all things considered. The ‘all things considered’ best act is the choice that is supported by most reasons, or by the strongest ‘undefeated’ reason, including all moral reasons, if any, bearing on the matter (Scanlon 1998 ). Under this logic, non-prima facie unethical hacking would be hacking that respects all ethical values and moral principles in that context. It makes sense to consider that any non- prima facie unethical hacking is ethical . However, should we require hacking to be non- prima facie unethical in order to be deemed ethical? This would lead to an overly restrictive definition. Indeed, with such a restrictive definition of ethical hacking, almost no hacking could be deemed ethical. In practice, we often face competing ethical values. Not all ethical values can be respected simultaneously; they need to be prioritised in regards to objectives and behaviors in a specific context. Therefore, a general concept of ethical hacking should not be reduced to non- prima facie unethical hacking as it would lead to a useless definition.

The prima facie unethical category can be further sub-divided into three categories:

Morally problematic: when at least one value is violated; however, the action may be justified ‘all things considered’.

Non (ethically) optimal ( weakly unethical): when the action is not the best one, considering all ethical reasons bearing on the issue.

Ethically impermissible ( strongly unethical): when there is a strong moral reason not to perform the action; e.g. the action violates an important moral duty (what Immanuel Kant refers to as a ‘perfect duty’), e.g. the duty corresponding to another person’s moral right. Footnote 9

This distinction is mirrored in terms of a normative moral psychology, specifying the emotions that a morally decent person should feel in correspondence to each category of cases: hacking that is morally wrong in the strong sense (i.e. impermissible) should evoke feelings of blameworthiness by others and moral guilt by the moral agent. Morally problematic hacking may not even be unethical ultima facie , and may reasonably lead to no moral blame and no feelings of moral remorse; however, some have argued that it may lead to some kind of moral regret (Williams 1981 , 27–28). Non-ethically optimal hacking is unethical ( ultima facie ) but in a weaker sense compared to ethically impermissible hacking; it may then justifiably lead to moral remorse and regret.

We have mentioned the idea of the all things considered (morally) best choice. Note that in a case of value conflict, a pluralist society may not agree with a single way of balancing and resolving trade-offs between values in practice. As an example of disagreement on balancing, consider supporting trust in cybersecurity vs. achieving justice . Both values could be in conflict when a white hat hacker discovers proof of unethical behaviour, or possible signs of crimes by a company during pen testing. In order to be trustworthy, the hacker should not act in any way against the interest of the company and cannot, for example, blackmail the company, in order to induce it to stop a weakly unethical practice. Moreover, a white hat should avoid any investigation—even pursuing the signs of a possible crime—which is out of the scope of his or her mandate. Moreover, such an investigation might lead to discoveries that further reinforce the conflict between promoting justice and being trustworthy, e.g. the discovery of a strongly unethical practice by the company. We can assume that companies would have a counter-incentive to hire the services of penetration testers unless they trust them to promote their own interests in any circumstance, creating a trusted relationship similar to the relationship between a medical doctor and a patient, or between a lawyer and her client. We might also claim that widespread and protected trust in the services of white hat hackers is necessary to achieve good levels of cybersecurity for society at large, which is ethically desirable, in utilitarian terms.

It could be argued that this ‘favouring trust between white hat hackers and companies’ should include companies that do not have a perfectly blank sheet in terms of ethics and legal behaviour. This is in conflict with another strong value: the goal of achieving immediate justice and of protecting possible victims of a crime or of a strongly unethical treatment. Therefore, it is not clear if a penetration tester should always reveal strongly unethical behaviour or clues of crimes to the public, or if he or she should at least threaten to do it, in order to give the company an incentive to address the problem.

The way the term ‘ethical hacking’ is used appears to presuppose a clear and unilateral solution to the problem of value balancing: the solution that gives the highest priority to (a) refraining from acting against the interests of the company hiring the services of the hacker, (b) only acting within boundaries that have been explicitly consented to, and (c) fulfilling the expectations of the client in a way that preserves the white hat hacker’s reputation for trustworthiness. Footnote 10 It seems that these three conditions do not conflict in practice. A so-called ‘ethical hacker’ enjoys the contractual freedom to act in ways that would be illegal if they had taken place without the consent of the party hiring his or her services. He/she acts in a trustworthy way because, in addition to that, he or she acts conscientiously towards the party placing trust in him or her (Becker 1996 ). We may add to this ‘respecting the law’; respecting all law in the pertinent jurisdictions, not only the law of private property.

As mentioned above, an ‘ethical’ hacker could face situations involving a trade-off between, on the one hand, preserving trust in himself or herself and white hat hackers in general and, on the other hand, achieving justice or other ethical values directly, in the short term. Note that the trade-off between trustworthiness and other ethical values could be solved differently depending on the legal framework in which the white hat hacker operates. Suppose that the hacker operates in a jurisdiction with a law that mandates the white hacker to violate a confidentiality agreement should he or she establish proof of serious crimes. In this case, the individual choice of the hacker to act against the interest of the company hiring him or her, e.g. by revealing proof of strongly unethical behaviour (which happens to also be illegal), would not in itself undermine trust. Indeed, trust relies on rational expectations and we could claim that a company could not rationally expect a hacker to protect its interests when this is explicitly prohibited by the law. Note, however, that the legal framework itself would make some companies less likely to rely on white hat hackers to enhance their cybersecurity, since some companies may prefer to run cybersecurity risks rather than giving others legal opportunities to reveal their illegal and/or strongly unethical activities.

To maximise the incentive to rely on white hat hackers, society could pass laws allowing and requiring them, like lawyers, priests and medical doctors, to maintain confidentiality about all behaviours, including crimes, discovered in the course of their professional activities. In such a context, a hacker would undermine trust by revealing clues, or even proof of illegal activities by firms. Note, however, that this is not the same as acting strongly unethically : the severity of the unethical behaviour discovered could make it the case that all things considered, the choice involving a breach of trust is the most ethical (ethically optimal), or even the only ethical (morally required) choice. Nothing guarantees that the (most, or only) ethical way to act is always the legal way to act.

It should also be noted that in choosing between these two legal frameworks, society, or its elected representatives, have to choose a trade-off point between different, equally legitimate, social values. The choice involves a balance between, on the one hand, maximising incentives to rely on white hat hackers or, on the other hand, discovering some serious crimes in the short term. Societies may make this choice based on their understanding of where the utilitarian optimum lies, but some societies may also adopt legislation reflecting non-utilitarian considerations. For example, the public discussion of a case in which a white hat hacker had a legal duty to keep an ugly crime confidential may turn public opinion against confidentiality protection, irrespective of whether it is the utility-maximising solution. A society may be moved by moral indignation to adopt legislation less protective of companies, even if the rationally expected result is that unethical companies will not hire ethical hackers and thus expose their clients to more risks.

In the previous section, we presented the well-established concept of ethical hackers (white hats mandated by clients who want their own IT-security to be assessed, and who abide by a formal set of rules that protect the client, in particular its commercial assets.) Ethical assessment in this context prioritises honesty towards the client, as well as legal and commercially-oriented values. However, other ethical values could interfere with these prioritised values. If the company which IT-security is assessed has some ultima facie (weakly or strongly) unethical activities, is it ethical to reinforce its IT-security? What about if its core business is deemed to be ultima facie unethical, in the strong sense (morally impermissible)? This shows the limit of an automated analysis of ethical behaviour based on a standard set of rules. So-called ethical hackers might perform ethical hacking in the context of their trusted relationships with their clients, while this same ethical hacking appears unethical (weakly or strongly) if we take a broader perspective.

This ethical problem cannot be solved by simply prescribing absolute respect of the law of a country. As highlighted above, nothing in the world guarantees that the ‘all things considered’ best act is always compatible with the laws of the country in which the ethical hacker operates.

Legislation might prioritise trust relations between hackers and companies above all other values. Footnote 11 However, it is possible—at least logically—that considerations of trust and trustworthiness do not override, or defeat, any other consideration in every context. Footnote 12 Hence, the ‘all things considered’ best act may sacrifice trust and trustworthiness. Footnote 13 Therefore, a hacker who is ethical—in the sense of doing the best ‘all things considered’ act—is not necessarily an ‘ethical hacker’ according to the ordinary definition, which presupposes both actions to be lawful and acting in a way that proves trustworthiness to mandating firms .

Actually, the well-established concept of an ‘ethical hacker’ is misleading. In some ways, it is a misappropriation of the term ‘ethical’. The expression ‘trustworthy for business and lawful hacker’ would fit better. Indeed, the rules that the ethical hacker has to abide by are fundamentally business-oriented. They foster economic-compliant ethical behaviour, Footnote 14 and they create a clear trust-enabling distinction between ethical hackers and black hats. They also protect ethical hackers in making their activities legal de facto. However, these rules do not consider the possibility of ethical issues competing with the need of a trusted relationship and a protection of economic interests. Often, ethical hackers essentially agree to stay faithful to their client whatever the client’s activity is. This creates an inviolable trusted relationship similar to the relationship between a lawyer and his or her client, or between a priest and his faithful. Is it ethical to keep secret (and protect) the illegal activities of a client? In utilitarian terms, it depends on the existence or not of a greater public interest to improve companies’ IT-security even at the cost of covering critical non-ethical behaviours. Even if it were not a matter of public interest, covering critical non-ethical behaviour may simply be irreconcilable with reasonable individual moralities (e.g. of a more deontological type). Some ethical hacking companies introduce a provision allowing them to report observed illegal activities, at least if questioned by the police in the course of an investigation.

Any practical definition of ethical hacking should incorporate the existence of possible competing ethical values, even within a fixed context (see also Chap. 3 ). In other words, hacking could be deemed ethical when it sufficiently respects ethical values and moral principles at stake in regards to objectives and behaviours in a specific context. This provides a practical definition of ethical hacking. We are not suggesting that this definition should replace the ordinary one. The most important purpose fulfilled by having a new definition is to distinguish both concepts. One possibility would be to use ‘trustworthy for business and lawful hacker’ and ‘ethical hacker’ to distinguish both of them. An alternative would be to use ‘ethical hacker’ in the usual (business-oriented) way and invent some other label for the sufficiently ‘all things considered’ ethical hacker instead. This new definition—as well as ethical assessment actually—is intrinsically vague, subject to interpretation and context-dependent. This emphasises the fact that ethical evaluation cannot be reduced to an a priori assumption that business-oriented values should take priority, and the qualification of ethical should not be limited to a narrow definition of professional ethics.

4.2 Competing Ethical Values

Ethical evaluation, like any evaluation process, produces values that can be fed into a decision process (Pollitt et al. 2018 : 8). The values resulting from an evaluation process are not restricted to numbers. They can be impressions, feelings, opinions or judgments. In her axiological sociology essay (Heinich 2017 ), Nathalie Heinich identifies three ways to attribute a value: measurement, attachment, judgement. An ethical evaluation is typically of the third kind: some form of judgement. The decision process following an ethical evaluation usually allows or does not allow an action, an activity or a behaviour to be pursued.

A priori, the ethical assessment of relevant ethical values related to hacking could perform an ethical evaluation of all four criteria used to classify hackers (see also Table 9.2 ):

hacker’s expertise

hacker’s tools

hacker’s values

hacker’s modus operandi

However, a hacker’s expertise is knowledge. It is ethically neutral and does not carry out direct ethical issues. Tools available to the hacker are not relevant from an ethical standpoint either. This does not mean that hacking tools do not create ethical issues. Indeed, the creation or not of some hacking tools, e.g. weaponised zero-days, leads to important ethical issues at a societal level: on the one-hand, weaponised zero-days allow countries to develop cyber-weapons to dissuade potential enemies, on the other hand, unpatched vulnerabilities—if discovered by or made available to black hats—can endanger large scale IT-systems. The WannaCry worldwide ransomware attack that shut down UK hospitals and numerous systems in May 2017 shows the impact of such a weaponised zero-day falling into criminal hands (Mohurle and Patil 2017 ).

Eventually, only the hacker’s values and modus operandi need to be ethically assessed by the evaluator. Note that the evaluator can be either the hacker or another person.

The result of an ethical evaluation depends on the evaluator’s expertise, on the available information, and on his or her way of handling and processing this information, as well as on his or her own criteria and values’ prioritisation and interpretation. State-sponsored hackers, for example, might be deemed ethical if the evaluator prioritises values of the sponsoring state, whereas these same hackers might be considered simultaneously unethical by evaluators living in the targeted country. The interpretation of the facts (state-sponsored actors do not necessarily follow traditional white hats’ rules; they typically try to introduce and keep backdoors in the targeted system; they might use zero-days and not divulge them to the developers) really depends on the evaluator’s perspective, interpretation and prioritised values.

Ethical evaluation parameters also present similarities with the four classes of authentication technologies (Table 9.3 ).

The evaluator’s level of expertise allows a distinction to be made between an ethical opinion and an ethical expert evaluation (Heinich 2017 ). The information available to the evaluator might change over time, possibly resulting in new conclusions. This is in particular true when a so-called ethical hacker penetrates his or her client’s infrastructure and discovers ethically sensitive new information. The way the evaluator processes the information relates to quality procedures and best practices; it influences the confidence in the conclusion. The core of the evaluation resides in the evaluator’s own prioritisation of (competing) values at stake.

When addressing ethical hacking, we should consider at least three collections of possibly competing ethical values (see also Fig. 9.8 ): one at a personal level (hacker’s own perspective), one at a business level (company’s perspective) and one at a societal level (global perspective). Ethical conflicts can happen within one of these collections or between some of them.

Potential conflicts between collections of possibly competing ethical values

So-called ethical hackers can ethically evaluate their own attitude, i.e. their values and their modus operandi, and they probably will because they chose not to use their expertise for malicious purpose. The code of conduct that ethical hackers have to abide by strongly focuses on the collection of values at a business level. Therefore, these values must belong to the own hacker’s ethical values and moral principles. Already at this stage, competing ethical values can appear if, for example, protecting an employee’s privacy (whose emails reveal that he is blackmailed by a competitor’s board member) conflicts with transparently communicating all the findings to the mandating client. Generally speaking, it will be easier to assess if a hacker is ethical in the narrow (and usual) sense of the term, which assumes the priority of business-oriented moral values.

Ethical hackers also have their own values and moral principles at a personal level. They might share some of the original hacker ethic. If their ethical values conflict with those at a business level, their ethical evaluation of the situation will depend on the prioritisation of the values. A strong personal ethical value or a well-established important societal value might prevail on any other business-related value and lead to breaking the code of conduct. This is in particular true if the ethical hacker unveils critical non-ethical behaviours within the company. In this case, the evaluation of whether the hacker is ethical will be significantly more complex. It is likely to achieve reasonable disagreement, even between equally well-informed persons, concerning what is the ethically optimal act in a given context. There might be no pre-established harmony between values—e.g. no way to maximise fairness and aggregate well-being at the same time—(Berlin 1991 ; Nagel 1991 ; Raz 1986 ). Moreover, even individuals who rely on monistic moral views (e.g. utilitarianism, which recognises only utility, understood as well-being) and single-rule based moralities (e.g. again utilitarianism: maximise aggregate well-being in the long term) may disagree on what the actual best choice turns out to be (see also Chap. 4 for a discussion of ethical frameworks in cybersecurity).

Note that our argument does not rely on a rejection of ethical realism or cognitivism. Realism is entailed by the view that the question concerning ‘the all things considered best choice’ can be objective, because it is determined by moral objective facts existing independently of mental states (beliefs, attitudes, emotions) about the choice in question. Cognitivism is entailed by the view that these objective moral reasons, or facts, are not facts about what (all, or the majority) of people actually want to be the case. The key point is that, even conceding that morality is grounded in objective facts independent of will of any agent, it may be in fact extremely difficult to determine what the morally best choice is.

4.3 A Pragmatic Best Practice Approach

Pen-test companies and other IT-security hiring white hats face a competing values dilemma (see also Chap. 15 ). On the one hand, they need to create a trusted relationship with their clients. On the other hand, they need to respond and even anticipate their employees’ ethical expectations. There is certainly no perfect solution to solve this dilemma, as ethical evaluation has an intrinsic personal component, is subject to interpretation and is context-dependent.

As explained above, companies hiring ethical hackers develop a code of conduct that reinforces the business-related ethical behavior of their employees, guarantees that their hacking activities are compliant with applicable laws and fosters a trusted relationship with their clients.

As already mentioned, some ethical hacking companies have introduced a provision allowing them to report observed illegal activities, at least if questioned by the police in the course of an investigation.

To minimise the inherent risks related to the competing values dilemma, an active European pen-test company with about 40 employees created an internal ethical committee. This ethical committee is composed of three employees, freely elected by all employees. Company board members are not allowed to be elected in order to avoid business-related biases in the ethical evaluation. Any employee can submit his or her ethical concerns about an upcoming project if this employee fears that participating in such a project could create a conflict with his or her own values or moral principles, or with other societal ethical values. Members of the ethical committee are in a position to make an independent ethical evaluation. Their decision is binding and cannot be challenged, neither by the direction nor by the other employees. If the committee decides to block a project, the company will stop it independently from having financial consequences.

This example illustrates a possibility to anticipate potential competing ethical values in order to avoid employees breaking their code of conduct or leaving the company. Such an approach enriches and strengthens the concept of ethical hacking and goes beyond a rule-based definition. It promotes an ethical evaluation that is not reduced to an automated process or a checklist, and allows a fine interpretation of the context and a more subtle ethical evaluation, as well as context-dependent decisions.

5 Conclusion

The term ‘hacker’ has many different meanings, even within the context of computerised systems. It should not be amalgamated with that of a cybercriminal only. In this chapter, in order to capture a much broader perception of the term and to describe its nuances more faithfully, we developed a new systematic and neutral classification based on four categories: the hacker’s expertise (his or her internal resources), the hacker’s own values and moral principles (his or her internal attitude), the hacker’s modus operandi (his or her external attitude), and the tools and information that he or she has access to (his or her external resources). These four categories can be related to the four categories of authentication technologies: something that the hacker knows, something that the hacker is, something that the hacker does, and something that the hacker has.

The term ‘ethical hacker’ in its wide acceptance appears to be misleading and a misappropriation of the term ‘ethical’. Particular pluralist societies, those that recognise that different ethical values are valid and there is no single simple way of measuring or ranking them, are likely to disagree on what is the morally best behaviour for a hacker to adopt in every given circumstance. The expression ‘business-oriented ethical hacker’ would fit better. Moreover, it gives the false impression that it is sufficient for hacking activities to abide by a list of fixed rules in order to be deemed ethical. Ethical evaluation cannot and should not be reduced to a checklist of rules to abide by those rules that are legal and/or ethical. This is especially true in contexts where at-the-edge hacking opportunities are sometimes in a grey zone which is not covered by current laws, e.g. for spy and state-sponsored hacking activities.

The creation of a code-of-conduct with rules to abide by is a welcome and necessary step in order to support ethical hacking. However, it is not sufficient. Other mechanisms—such as internal ethical committees—have to be created within the pen-test companies or the Gov-CERT units in order to allow a finer interpretation of each context, a more subtle ethical evaluation, and context-dependent decisions.

As C.C. Palmer wrote: “Instead of using the more accurate term of ‘computer criminal’, the media began using the term ‘hacker’ to describe individuals who break into computers for fun, revenge or profit. Since calling someone a ‘hacker’ was originally meant as a compliment, computer security professionals prefer to use the term ‘cracker’ or ‘intruder’ for those hackers who turn to the dark side of hacking.” (Palmer 2001 : 770)

The GAFAM acronym stands for Web main players, namely, G oogle, A pple, F acebook, A mazon and M icrosoft.

What happens in Vegas stays in Vegas!

The verb ‘to hack’ has numerous meanings. According to the Merriam-Webster dictionary, the first definition is “ to cut or sever with repeated irregular or unskillful blows ” which has nothing to do with computer hacking.

Social skills may also be useful for white hats, when testing again the possibility of black hat hackers’ intrusions.

Some authors consider black hats and crackers as equivalent terms. We introduce here some distinctions. In particular, we consider that crackers might be grey hats acting for fun with no malicious intent.

This may have been the case up to 2001; the authors were not able to determine if a change of policy occurred since then.

Some authors consider white hats, pen testers and ethical hackers as equivalent terms. In this chapter, we introduce some slight distinctions.

An imperfect moral duty is a duty like the duty to do charity. Wheres—Kant maintained—we all have a duty to charity, the duty is not perfect in the sense that we have discretion concerning when, how, and to whom we act charitably. Act-utilitarianism rejects the distinction between perfect and imperfect duties, because according to act-utilitarianism the acts that maximise aggregate utility are both right and dutiful and all other acts are wrong and impermissible in the context.

For the link between trust, trustworthiness and reputation see (Pettit 1995 ).

Maybe, it (correctly) identifies this policy as the one promoting the utilitarian optimum—maximum aggregate utility—in the long term.

Even if preserving trustworthiness maximises long-term utility, for it may even be the case that the best moral view is not utilitarian.

If the ultimately right morality is not utilitarian morality, the morally right act can be one that violates a policy that has a rule-utilitarian justification (the policy that would optimise utility in the long run). It is even conceivable that the morally best/right act for social morality (the morality behind laws and public policies) and for individual morality are different acts, because the two moralities differ, due to constraints (e.g. of impartiality, objectivity, inter-subjectivity, integrity) that apply with different force in the two cases. If this unfortunate moral hypothesis is correct, individuals in high-stake roles are condemned to face hard-to-solve moral dilemmas occasionally. See Sect. 4.2 .

This behavior may, or may not, be optimal in utilitarian terms (it is often very difficult to determine what maximises utility in the long term and some economic behavior may be harmful, all things considered). Even if it is optimal in utilitarian terms, it may not be ethical, if, as many people think, utilitarianism is not the right ethical theory.

American Heritage Dictionary Entry: Hacker (n.d.) https://www.ahdictionary.com/word/search.html?q=hacker . Last access 7 July 2019

Barber R (2001) Hackers profiled—who are they and what are their motivations? Comput Fraud Secur 2001(2):14–17

Article   Google Scholar  

Becker LC (1996) Trust as noncognitive security about motives. Ethics 107(1):43–61

Berlin I (1991) The crooked timber of humanity: chapters in the history of ideas. In: Hardy H (ed) Knopf: distributed by Random House, New York

Google Scholar  

Bratus S (2007) What hackers learn that the rest of us don’t: notes on hacker curriculum. IEEE Secur Priv 5(4):72–75

Heinich N (2017) Des Valeurs. Une Approche Sociologique. Editions Gallimard, Paris

Lichstein H (1963) Telephone hackers active. The Tech, MIT. http://tech.mit.edu/V83/PDF/V83-N24.pdf . Last access 7 July 2019

Marshall AK (2008) Digital forensics: digital evidence in criminal investigations. Wiley-Blackwell, London

Mohurle S, Manisha Patil (2017) A brief study of Wannacry threat: Ransomware At-tack 2017. Int J Adv Res Com Sci Udaipur 8(5). https://search.proquest.com/docview/1912631307/abstract/DEF9AE2FF2924E35PQ/1 . Last access 7 July 2019

Mr. Robot (n.d.). http://www.imdb.com/title/tt4158110/ . Last access 7 July 2019

Nagel T (1991) Mortal questions. Cambridge University Press, Cambridge

Olson P (2013) We are anonymous: inside the hacker world of LulzSec, anonymous, and the global cyber insurgency. Back Bay Books, New York

Palmer CC (2001) Ethical hacking. IBM Syst J 40(3):769–780. https://doi.org/10.1147/sj.403.0769

Pettit P (1995) The cunning of trust. Philos Public Aff 24(3):202–225. https://doi.org/10.1111/j.1088-4963.1995.tb00029.x

Pollitt M, Casey E, Jaquet-Chiffelle D-O, Gladyshev P (2018) A framework for harmonizing forensic science practices and digital/multimedia evidence. OSAC.TS.0002. OSAC Task Group on Digital/Multimedia Science. OSAC/NIST. https://doi.org/10.29325/OSAC.TS.0002

Raz J (1986) The morality of freedom. Oxford University Press, Oxford

Scanlon T (1998) What we owe to each other. Belknap Press of Harvard University Press, Cambridge, MA

Techopedia.Com (n.d.) What is a black hat hacker? – definition from Techopedia. https://www.techopedia.com/definition/26342/black-hat-hacker . Last access 7 July 2019

Williams B (1981) Moral luck: philosophical papers 1973–1980, 1st edn. Cambridge University Press, Cambridge

Book   Google Scholar  

Download references

Acknowledgments

The authors would like to thank their colleagues Eoghan Casey and Olivier Ribaux, who reviewed a draft version of this document, for their fruitful comments. The chapter was created with funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 700540 and the Swiss State Secretariat for Education, Research and Innovation (SERI) under contract number 16.0052-1.

Author information

Authors and affiliations.

University of Lausanne, Lausanne, Switzerland

David-Olivier Jaquet-Chiffelle

Digital Society Initiative, University of Zurich, Zurich, Switzerland

Michele Loi

Institute of Biomedical Ethics and History of Medicine, Zurich, Switzerland

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to David-Olivier Jaquet-Chiffelle .

Editor information

Editors and affiliations.

UZH Digital Society Initiative, Zürich, Switzerland

Markus Christen

Dublin City University, Dublin, Ireland

Bert Gordijn

Digital Society Initiative University of Zurich, Zürich, Switzerland

Rights and permissions

This chapter is distributed under the terms of the Creative Commons Attribution 4.0 International License ( http://creativecommons.org/licenses/by/4.0/ ), which permits use, duplication, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, a link is provided to the Creative Commons license and any changes made are indicated. The images or other third party material in this chapter are included in the work’s Creative Commons license, unless indicated otherwise in the credit line; if such material is not included in the work’s Creative Commons license and the respective action is not permitted by statutory regulation, users will need to obtain permission from the license holder to duplicate, adapt or reproduce the material.

Reprints and permissions

Copyright information

© 2020 The Author(s)

About this chapter

Jaquet-Chiffelle, DO., Loi, M. (2020). Ethical and Unethical Hacking. In: Christen, M., Gordijn, B., Loi, M. (eds) The Ethics of Cybersecurity. The International Library of Ethics, Law and Technology, vol 21. Springer, Cham. https://doi.org/10.1007/978-3-030-29053-5_9

Download citation

DOI : https://doi.org/10.1007/978-3-030-29053-5_9

Published : 11 February 2020

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-29052-8

Online ISBN : 978-3-030-29053-5

eBook Packages : Religion and Philosophy Philosophy and Religion (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

• Hackers and cybercrime prevention

SolisImages - stock.adobe.com

Out of the shadows: The rise of ethical hackers in 2021

Ethical hackers working on the bugcrowd platform have saved organisations almost $30bn in risk during the covid-19 pandemic, as the community sheds old stereotypes.

• Alex Scroxton, Security Editor

The ethical hacking community is throwing off old stereotypes of hoodie-wearing basement dwellers to meet its true potential, and is now emerging as a highly professional, committed, self-aware and diverse trade that offers great opportunities for people keen to establish a cyber career .

This is according to the latest Inside the mind of a hacker report produced by crowdsourced cyber platform Bugcrowd , which reports on how ethical hackers have saved organisations around the world an estimated $27bn in cyber security costs such as incident investigation, remediation, recovery and even ransom during the course of the pandemic.

The firm’s deep dive into the activity and attitudes of the thousands of ethical hackers who work through Bugcrowd is intended to offer CISOs and security teams a valuable insight into how ethical hackers work, and the economics of security research.

“Hacking has long been maligned by stereotypical depictions of criminals in hoods, when in fact ethical hackers are highly trusted and industrious experts who empower organisations to release secure products to market faster,” said Ashish Gupta, CEO and president of Bugcrowd.

“With this report, we are proud to shine a light on the top ethical hackers that CrowdMatch – Bugcrowd’s proprietary recommendation engine – automatically curates for customer programmes based on skills, environment and use cases.”

The latest study covers the period from 1 May 2020 to 31 August 2021 and, among other things, contains some startling new insight into the threat landscape. Since the start of the pandemic , 79% of hackers who took part said vulnerabilities had increased, 80% saying they had found a vulnerability they had not encountered before, and 71% said they were earning much more now that most companies are working remotely.

More widely, the report paints a picture of a community that is very well aware of its value to its organisations, with 91% of respondents saying that traditional “point-in-time” penetration testing cannot adequately secure organisations all the time, and 96% saying they are helping end-user organisations to fill the cyber skills gap.

Pathways to a cyber career

The hacking game is also no longer seen as a side hustle, with 42% of Bugcrowd users saying they hack full-time and 26% part-time. Others are increasingly using hacking as a stepping-stone to a cyber security career.

Among them is 24-year-old, US-based Chris Inzinga, aka cinzinga_ , who transitioned into security research after struggling to find the right academic programme for his interests and goals

“A number of years back, I was going through a very uncertain and difficult period in my life,” he said. “Rather than succumb to indecision and inaction, I decided to focus all my attention on learning cyber security as a practical tradecraft.

“As a beginner, I found the Bugcrowd team to be incredibly supportive. They helped me understand why some of my earlier submissions were low-impact, and how I could improve in the future. I found this personalised feedback to be unparalleled among all the other platforms, and it truly helped me in the early days of my cyber security journey.”

Meanwhile, 27-year-old Ankit Singh, aka AnkitCuriosity , who comes from India, is a self-taught hacker who tried to work independently but struggled to get very far, before encountering Bugcrowd.

“I remember in my early days of ethical hacking, when I wasn’t aware of Bugcrowd, I had found some bugs in a few organisations’ production websites,” he said. “I tried really hard to find their contact information and even called them about the issue – but they just hung up the phone before I could even explain. Maybe they didn’t care, or maybe they had no idea what I was talking about.

“If someone told me about platforms like Bugcrowd – and ethical hacking education opportunities – earlier, it would have changed everything.”

Singh added: “I am helping to change the world’s perception of hackers. I want people to look at security research as a creative art form, rather than merely a subject or skill.”

Farah Hawa , who, like Singh, is largely self-taught, and is India-based, has used her learnings to become a hacking influencer with her own growing YouTube channel. “I have niched my channel down in a way that my videos only focus on breaking down complex technical vulnerabilities into more digestible bits,” she said. “I think my audience definitely appreciates that in my content because I try to explain everything in the simplest way possible and, believe it or not, this is a pain point for a huge chunk of the infosec community, especially beginners.

“I would recommend beginners start hunting on smaller programmes because they have less competition and will be more likely to learn, grow their skills, and also build their motivation.”

UK-based Katie Paxton-Fear, aka InsiderPhD , who besides being an ethical hacker is also a cyber lecturer and educator, said the critical skills that hackers need besides technical prowess include communication, attention to detail and curiosity. She said that although anyone can pick up a book or watch a YouTube video, it is more challenging to develop such soft skills.

“Most people can think of 10 uses for a paperclip, but people who are really good at what’s called lateral thinking don’t just stop at thinking of a paperclip as a small, metal thing,” she said. “They think, what if the paperclip was huge? What if the paperclip was made of glass? What if the paperclip was on your computer as an animated character telling you how to solve problems?

“We want people to be able to think outside the box, and that is the real value that things like crowdsourced security offers – a bunch of people that think in very different ways all hacking on one piece of software, because you’ll get so many answers to a question like, ‘How many uses can you think of for a paperclip?’”

Young and diverse

The report also paints a picture of a community that skews young and diverse, with 52% of Bugcrowd’s hackers aged 18 to 24, 35% 25-34, and just 2% over 45. The high number of Generation Z, or Zoomer, hackers born post-1996 reflects some of the generalised trends that are now said to characterise people aged 25 and under – ethnically diverse, digitally native, and establishing their careers at a time of intense job market insecurity.  

While ethical hackers currently lack gender diversity, 96% of those on the Bugcrowd platform are male, 3% female, and 1% agender, genderfluid, non-binary, pangender or of another identity, the community exhibits exceptional diversity in other areas, such as Neurodiversity.

Just over one-fifth of Bugcrowd hackers are neurodivergent, living with conditions such as attention deficit hyperactivity disorder (ADHD), autism, Asperger’s, dyscalculia, dysgraphia, dyslexia, dyspraxia, obsessive-compulsive disorder, sensory processing disorder, synaesthesia, and Tourette syndrome.

It is no secret that some attributes widely seen in neurodivergent individuals, such as memory skills, heightened perception and attention to detail, appear to make careers in ethical hacking – a fast-paced environment that rewards creativity and difference in thinking – ideal for them . Bugcrowd said this was probably reflected in increasing numbers of neurodiverse hackers – up 8% since the last report.

Paxton-Fear is herself on the autistic spectrum. She said: “Someone who is autistic can have hyper-focus moments where they are so invested in something, it is all they can focus on. They can focus for hours on one thing. And that is a real advantage because if you have somebody like that looking at your website, you have got the most dedicated security tester, right? You have got somebody who will go above and beyond, because it is something they really enjoy.”

Read more on Hackers and cybercrime prevention

Bugcrowd sees surge in vulnerability submissions, led by public sector

Top 12 online cybersecurity courses for 2024

Red Cross issues rules of engagement for hackers in conflicts

Yahoo picks Intigriti to run crowdsourced bug bounty programme

A strong AI strategy will help CIOs pick AI use cases and shed projects that aren't feasible at the moment.

As AI evolves, Forrester Research analysts believe agentic AI and automating complex business processes will be the next step ...

As AI adoption has increased, the concept of AI transparency has broadened in scope and grown in importance. Learn what it means ...

On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities ...

With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust ...

Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this ...

CI/CD processes help deploy code changes to networks. Integrating a CI/CD pipeline into automation makes networks more reliable, ...

Predictive analytics can project network traffic flows, predict future trends and reduce latency. However, tools continue to ...

Test scripts are the heart of any job in pyATS. Best practices for test scripts include proper structure, API integration and the...

Rocky Linux and AlmaLinux are new distributions created after Red Hat announced the discontinuation of CentOS. These ...

The Broadcom CEO says public cloud migration trauma can be cured by private cloud services like those from VMware, but VMware ...

New capabilities for VMware VCF can import and manage existing VMware services through a single console interface for a private ...

Data governance isn't plug and play: Organizations must select which data governance framework best fits their business goals and...

Updates to HeatWave and Database 23ai, along with the introduction of Intelligent Data Lake, are all aimed at better enabling ...

With more employees of organizations now using artificial intelligence tools to inform business decisions, guidelines that ensure...

Ethical Hacking: Understanding the Basics

Cybercrime continues to grow at an astounding and devastating rate; more than 93% of organizations in the healthcare field alone experienced a data breach in the past few years (Sobers, 2021).

While most people with any degree of tech acumen are familiar with criminal hackers, fewer are familiar with the field of ethical hacking. As cyberattack techniques evolve, an equally fast-growing (legal) hacking movement has sprung up to stop cybercriminals: ethical hacking.

What Is an Ethical Hacker?

In the more commonly known illegal counterpart to  ethical hacking , cybercriminals (also known as malicious hackers) seek vulnerabilities to exploit in an organization’s network. Ethical hackers, on the other hand, are security experts retained by organizations to proactively identify vulnerabilities before someone with ill intent discovers them. Ethical hackers improve a company’s security by finding weaknesses and providing remediation advice.

Understanding Hacking Roles

The field of cybersecurity is broad and complex, so it’s not surprising that there are several subsets of the hacking community. Ethical hackers may work for a cybersecurity firm, work in house at an organization, or find contract roles by working as independent consultants.

Red teamers are ethical hackers who focus on the offensive side of cybersecurity, explicitly attacking systems and breaking down defenses. After a series of simulated attacks, red teams will make recommendations to the organization regarding how to strengthen its network security.

Where red teams play the offensive in the cybersecurity game, the blue team focuses on defending networks against cyberattacks and threats. Cybersecurity employee training, network vulnerability scanning, risk management, and mitigation tactics all fall under the blue team umbrella.

Gray-Hat Hackers

We have ethical hackers, we have unethical hackers, and now we have gray-hat hackers. These hackers are like malicious hackers in that they don’t have explicit organizational permission to infiltrate systems, but they also don’t have bad intent. Instead, gray-hat hackers are usually interested in gaining hacking experience or recognition.

A gray-hat hacker will advise the breached organization of the vulnerabilities they uncover (and may request a small fee for doing so, although this isn’t their primary objective and they are not requesting such in a ransom capacity). However, gray-hat hacking is still illegal, given that the individual in question does not have permission to hack into the system.

How to Become an Ethical Hacker

For anyone interested in pursuing a career in ethical hacking, the following skills lend themselves well to the role:

• Knowledge of coding in relevant programming languages
• An understanding of computer networks, both wired and wireless
• Basic hardware knowledge
• Creative and analytical thinking abilities
• Database proficiency
• A solid foundation in information security principles

Most ethical hackers also have a degree in a technology-related field, such as computer science, information technology, or cybersecurity.

Beyond these basics, it’s important for ethical hackers to engage in ongoing education, as cybersecurity is continually evolving. Cybersecurity professionals often acquire certifications in relevant areas, including credentials specifically focused on ethical hacking like EC-Council’s  Certified Ethical Hacker (C|EH) . EC-Council also provides a wide range of other industry-recognized credentials, including the Certified Network Defender (C|ND), Licensed Penetration Tester (L|PT), and more.

Finally, it’s essential to gain firsthand hacking experience. There are several vulnerability testing tools that hackers in training can use, and the  C|EH course  provides a safe yet immersive practice environment through EC-Council’s iLabs. Cybersecurity professionals also acquire valuable practical experience in the workplace; typically, ethical hackers start out as members of a broader security or IT team and progress through the ranks as they gain experience and additional education.

The Ethical Hacking Process

Most ethical hackers follow this industry-standard six-step process.

1. Reconnaissance

Upon receiving explicit and contractual consent from the organization, the reconnaissance portion of the hacking process can begin. This involves collecting as much information as possible about the “target” using the various tools at the hacker’s disposal, including the company website, internet research, and even social engineering. These are all similar to the types of behaviors that a malicious hacker would engage in when attempting to breach an organization.

2. Environmental Scanning

During this second scanning phase, the hacker moves from passive to active information gathering by looking for ways to infiltrate the network and bypass any intrusion detection systems in place.

3. Gaining System Access

When the hacker is successful in step two, they shift to step three: attacking the network. During this phase, the hacker gains access to the target, determines where the various vulnerabilities lie, and assesses just how much damage could conceivably be dealt now that they have access.

4. Maintaining System Access

Given that it takes on average 228 days to identify a breach (Sobers, 2021), it is safe to assume that the average cybercriminal isn’t in and out. They stick around as long as possible once they have successfully breached a network. In this fourth stage, the hacker explores ways to maintain their access.

5. Clearing Evidence of the Breach

Just as a breaking-and-entering criminal might take the time to clear any evidence of their crime, cybercriminals are likely to do the same in a digital context. In this stage, the hacker will look for any traces of their activity and remove them.

6. Provision of a Final Report

For their final deliverable, the ethical hacker compiles all the lessons learned from their mission and reports them back to the organization, including recommendations for avoiding future security incidents.

The Advantages of Becoming an Ethical Hacker

There are several advantages to pursuing a  career as an ethical hacker . The typical ethical hacker’s salary ranges from approximately USD 91,000 to 117,000 (Salary.com, 2022). Given the exponential and ongoing growth of cybercrime—ransomware attacks alone increased by 148% last year (Zaharia, 2022)—the demand for ethical hackers is expected to remain strong in the coming decades. Furthermore, ethical hackers can take pride in knowing that they contribute to keeping integral networks and systems as secure and high functioning as possible. Enroll to Ethical Hacking course to master skills as a Ethical Hacker.

While the compensation and availability of ethical hacking jobs are expected to remain high for those considering entering the field, becoming a competitive candidate requires a considerable degree of ongoing education and continual upskilling by learning from the available  best ethical hacking courses  and enroll to a  certified ethical hacker course . Fortunately, EC-Council’s  C|EH course  provides a solid and well-rounded education in ethical hacking, from learning about emerging attack vectors to malware analysis to real-world case studies.

EC-Council is the leading provider of cybersecurity and ethical hacking credentials, having graduated 220,000 certified cybersecurity professionals in 145 countries. With flexible, hands-on learning opportunities and career progression support,  EC-Council certifications  will give you a competitive advantage as you navigate the exciting field of ethical hacking.

Salary.com. (2022, March 29). Ethical hacker salary in the United States.  https://www.salary.com/research/salary/posting/ethical-hacker-salary

Sobers, R. (2021, April 16). 98 must-know data breach statistics for 2021. Varonis. https://www.varonis.com/blog/data-breach-statistics

Zaharia, A. (2022, February 22). 300+ terrifying cybercrime and cybersecurity statistics. Comparitech. https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/

Share this Article

You may also like

EC-Council Supports White House Initiative to Create Cybersecurity Job Opportunities for Veterans

The Rise of IoT Attacks: Endpoint Protection Via Trending Technologies

Master ChatGPT in Cybersecurity: ChatGPT hacking Courses for Ethical hackers

Recent articles.

From Drowning to Thriving: The Evolution of Vulnerability…

Reassessing Incident Response Strategies in Light of CrowdStrike…

Navigating the Digital Crime Scene: Tools & Techniques…

Proactive Protection: Applying Threat Intelligence to Emerging Tech…

" * " indicates required fields

• Making Vulnerabilities Visible: A Cybersecurity Ethics Case Study
• Markkula Center for Applied Ethics
• Focus Areas
• Internet Ethics
• Internet Ethics Resources

Making Vulnerabilities Visible

A cybersecurity ethics case study.

As PunkSpider is pending re-release, ethical issues are considered about a tool that is able to spot and share vulnerabilities on the web, opening those results to the public.

"Cybersecurity" text over a background of computer code.

A recent article in Wired magazine details the anticipated re-release of a tool called PunkSpider. While constantly scanning the web, PunkSpider “automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results”—by URL keywords, or type or severity of vulnerability.

PunkSpider collects a catalog of unpatched vulnerabilities and makes them public. Its developers hope that the tool will force website administrators to fix those vulnerabilities. However, malevolent actors might exploit the disclosed vulnerabilities first. The tool’s creators are aware of this risk. One of the creators, Alejandro Carceres, pointed out to Wired that “scanners that find web vulnerabilities have always existed. This one just makes the results public.” He added, “You know your customers can see [the publicly disclosed vulnerability], your investors can see it, so you’re going to fix that…fast.”

According to Wired , an earlier version of PunkSpider had been repeatedly kicked off Amazon Web Services in response to “abuse reports from angry Web administrators.” In its new incarnation, the tool now includes “a feature that allows web administrators to spot PunkSpider's probing based on the user agent that helps identify visitors to a website, and… an opt-out feature that lets websites remove themselves from the tool's searches.”

When asked about the ethics of creating and deploying PunkSpider, cybersecurity expert Katie Moussouris argued that “[v]ulnerabilities themselves are what would lead to the hacking of websites”; she added, “A tool like this just makes those vulnerabilities visible.”

After years of warnings about vulnerabilities that continue to be ignored, Alejandro Carceres says, “we need to try something new.”

Discussion questions

Before answering these questions, please review the Markkula Center for Applied Ethics’ Framework for Ethical Decision-Making , which details the ethical lenses discussed below.

• Who are the stakeholders involved in this case?
• What ethical issues do you spot in this scenario?
• Consider the case through the ethical lenses of rights, justice, utilitarianism, virtue, and the common good; what aspects of the ethical landscape do they highlight?
• Does the inclusion of an opt-out feature change your ethical analysis of the project? If so, how?

Ann Skeet, senior director, leadership ethics, interviewed by KTVU Fox 2.

A fitness tracker aimed at children raises issues of design ethics, incentives, and more.

Irina Raicu, director, internet ethics, quoted by NBC Bay Area.

This week: the arXiv Accessibility Forum

Help | Advanced Search

Computer Science > Cryptography and Security

Title: a survey on ethical hacking: issues and challenges.

Abstract: Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences. However, in order to reduce the effect of these attacks, penetration tests are highly required, and can be considered as a suitable solution for this task. Therefore, the main focus of this paper is to explain the technical and non-technical steps of penetration tests. The objective of penetration tests is to make existing systems and their corresponding data more secure, efficient and resilient. In other terms, pen testing is a simulated attack with the goal of identifying any exploitable vulnerability or/and a security gap. In fact, any identified exploitable vulnerability will be used to conduct attacks on systems, devices, or personnel. This growing problem should be solved and mitigated to reach better resistance against these attacks. Moreover, the advantages and limitations of penetration tests are also listed. The main issue of penetration tests that it is efficient to detect known vulnerabilities. Therefore, in order to resist unknown vulnerabilities, a new kind of modern penetration tests is required, in addition to reinforcing the use of shadows honeypots. This can also be done by reinforcing the anomaly detection of intrusion detection/prevention system. In fact, security is increased by designing an efficient cooperation between the different security elements and penetration tests.

Submission history

Access paper:.

• Other Formats

References & Citations

• Google Scholar
• Semantic Scholar

DBLP - CS Bibliography

Bibtex formatted citation.

Bibliographic and Citation Tools

Code, data and media associated with this article, recommenders and search tools.

• Institution

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs .

• Artificial Intelligence
• Generative AI
• Business Operations
• IT Leadership
• Application Security
• Business Continuity
• Cloud Security
• Critical Infrastructure
• Identity and Access Management
• Network Security
• Physical Security
• Risk Management
• Security Infrastructure
• Vulnerabilities
• Software Development
• Enterprise Buyer’s Guides
• United States
• United Kingdom
• Newsletters
• Foundry Careers
• Terms of Service
• Privacy Policy
• Cookie Policy
• Member Preferences
• About AdChoices
• E-commerce Links
• Your California Privacy Rights

Our Network

• Computerworld
• Network World

Penetration testing explained: How ethical hackers simulate attacks

The tools, steps, and methods for finding vulnerabilities before the bad guys do., what is penetration testing.

Definition: Penetration testing is a process in which a security professional simulates an attack on a network or computer system to evaluate its security—with the permission of that system’s owners.

Don’t let the word “simulates” fool you: A penetration tester (or pen tester, for short) will bring all the tools and techniques of real-world attackers to bear on the target system. But instead of using the information they uncover or the control they gain for their own personal enrichment, they report their findings to the target systems’ owners so that their security can be improved.

Because a pen tester follows the same playbook as a malicious hacker, penetration testing is sometimes referred to as ethical hacking or white hat hacking; in the early days of penetration testing, many of its practitioners got their start as malicious hackers before going legit, though that is somewhat less common today . You might also encounter the term red team or red teaming, derived from the name given to the team playing the “enemy” in war game scenarios played out by the military. Penetration testing can be carried out by teams or individual hackers, who might be in-house employees at the target company, or may work independently or for security firms that provide specialized penetration testing services.

How does a penetration test work?

In a broad sense, a penetration test works in exactly the same way that a real attempt to breach an organization’s systems would. The pen testers begin by examining and fingerprinting the hosts, ports, and network services associated with the target organization. They will then research potential vulnerabilities in this attack surface, and that research might suggest further, more detailed probes into the target system. Eventually, they’ll attempt to breach their target’s perimeter and get access to protected data or gain control of their systems.

The details, of course, can vary a lot; there are different types of penetration tests, and we’ll discuss the variations in the next section. But it’s important to note first that the exact type of test conducted and the scope of the simulated attack needs to be agreed upon in advance between the testers and the target organization. A penetration test that successfully breaches an organization’s important systems or data can cause a great deal of resentment or embarrassment among that organization’s IT or security leadership, and it’s not unheard of for target organizations to claim that pen testers overstepped their bounds or broke into systems with high-value data they weren’t authorized to test—and threaten legal action as a result. Establishing in advance the ground rules of what a particular penetration test is going to cover is an important part of determining how the test is going to work.

Types of penetration testing

There are several key decisions that will determine the shape of your penetration test. App security firm Contrast Security breaks test types down into a number of categories :

• An external penetration test simulates what you might imagine as a typical hacker scenario, with an outsider probing into the target organization’s perimeter defenses to try to find weaknesses to exploit.
• An internal test, by contrast, shows what an attacker who’s already inside the network—a disgruntled employee, a contractor with nefarious intentions, or a superstar hacker who gets past the perimeter—would be capable of doing.
• A blind test simulates a “real” attack from the attacker’s end. The pen tester is not given any information about the organization’s network or systems, forcing them to rely on information that is either publicly available or that they can glean with their own skills.
• A double-blind test also simulates a real attack at the target organization’s end, but in this type of engagement the fact that a penetration test is being conducted is kept secret from IT and security staff to ensure that the company’s typical security posture is tested.
• A targeted test, sometimes called a lights-turned-on test, involves both the pen testers and the target’s IT playing out a simulated “war game” in a specific scenario focusing on a specific aspect of the network infrastructure. A targeted test generally requires less time or effort than the other options but doesn’t provide as complete a picture.

App security firm Synopsis lays out another way to think about varying test types , based on how much preliminary knowledge about the target organization the testers have before beginning their work. In a black box test, the ethical hacking team won’t know anything about their targets, with the relative ease or difficulty in learning more about the target org’s systems being one of the things tested. In a white box test, the pen testers will have access to all sorts of system artifacts, including source code, binaries, containers, and sometimes even the servers running the system; the goal is to determine how hardened the target systems are in the face of a truly knowledgeable insider looking to escalate their permissions to get at valuable data. Of course, a real-world attacker’s preliminary knowledge might lie somewhere between these two poles, and so you might also conduct a gray box test that reflects that scenario.

Penetration testing steps

While each of these different kinds of penetration tests will have unique aspects, the Penetration Test Executing Standard (PTES), developed by a group of industry experts , lays out seven broad steps will be part of most pen testing scenarios:

• Pre-engagement interactions : As we’ve noted, any pen test should be preceded by the testers and target organization establishing the scope and goals of the test, preferably in writing.
• Intelligence gathering : The tester should begin by performing reconnaissance against a target to gather as much information as possible, a process that may include gathering so-called open source intelligence , or publicly available information, about the target organization.
• Threat modeling : In this phase, the pen tester should model the capabilities and motivations behind a potential real attacker, and try to determine what targets within the target organization might attract that attacker’s attention.
• Vulnerability analysis : This is probably the core of what most people think about when it comes to penetration testing: analyzing the target organization’s infrastructure for security flaws that will allow a hack.
• Exploitation : In this phase, the pen tester uses the vulnerabilities they’ve discovered to enter the target organization’s systems and exfiltrate data. The goal here is not just to breach their perimeter, but to bypass active countermeasures and remain undetected for as long as possible.
• Post exploitation : In this phase, the pen tester attempts to maintain control of the systems they’ve breached and ascertain their value. This can be a particularly delicate phase in regard to the relationship between the pen testers and their clients; it is important here that the pre-engagement interactions in the first phase produced a well-defined set of ground rules that will protect the client and ensure that no essential client services are negatively affected by the test.
• Reporting : Finally, the tester must be able to deliver a comprehensive and informative report to their client about the risks and vulnerabilities they discovered. CSO spoke to a number of security pros about the traits and skills an ethical hacker should have , and many of them said that the communication skills necessary to clearly convey this information is close to the top of the list.

Penetration testing tools

The penetration tester’s suite of tools is pretty much identical to what a malicious hacker would use. Probably the most important tool in their box will be Kali Linux , an operating system specifically optimized for use in penetration testing. Kali (which most pen testers are more likely to deploy in a virtual machine rather than natively on their own hardware) comes equipped with a whole suite of useful programs, including:

• John the Ripper

For more details on how all these weapons work together in the pen tester’s arsenal, read about the top penetration testing tools the pros use .

Penetration testing services and companies

Pen testing is an area of specialization in the tech industry that has so far resisted consolidation. To put it another way, there are a lot of companies out there that offer penetration testing services, some of them as part of a larger suite of offerings and some of them specializing in ethical hacking. Research and advisory company Explority put together a list of the top 30 pen testing companies in Hacker Noon, and outline their criteria for inclusion and ranking. It’s a fairly comprehensive list, and the fact that there’s almost no overlap with Clutch’s list of top-rated penetration testing companies or Cybercrime Magazine’ s penetration companies to watch in 2021 goes to show how diversified this field really is.

Penetration testing jobs

The fact that there are so many pen testing firms should be a clue that pen testers are in high demand and there are good jobs out there for qualified candidates. And the jobs aren’t just at standalone security firms: Many big tech companies like Microsoft have entire in-house penetration testing teams .

North Carolina State University’s IT Careers department has a good outline what the outlook is in this career category . They tracked over 16,000 open jobs in 2020 alone. One caveat, though, is that NC State combines penetration testing and vulnerability analyst careers in that overview. The two career tracks have many skills in common, but vulnerability analysts focus on finding holes in the security of applications and systems while they’re still in development or before they’re deployed, while pen testers probe active systems as we’ve described here.     

Penetration testing training and certification

The ethical hacking industry was founded by hackers who had once been less than ethical looking for a path to a mainstream and legal way for them to make money from their skills. As is true in many areas of tech, this first generation of pen testers were largely self-taught. While there’s still room for those who’ve developed their skills in this way, penetration testing is now a common subject in computer science or IT college curricula and online courses alike, and many hiring managers will expect some formal training when considering a candidate.

One of the best ways to show that you’ve been cultivating pen testing skills is to get one of several widely accepted certifications in the field. The licensed training offerings that accompany these certs are a great way to acquire or bone up on the relevant skills:

• EC-Council’s Certified Ethical Hacker (CEH) and Licensed Penetration Tester (Master) (LPT)
• IACRB’s Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), Certified Mobile and Web Application Penetration Tester (CMWAPT), and Certified Red Team Operations Professional (CRTOP)
• CompTIA’s PenTest+
• GIAC’s Penetration Tester (GPEN) and Exploit Researcher and Advanced Penetration Tester (GXPN)
• Offensive Security’s Certified Professional , Wireless Professional , and Experienced Penetration Tester

Penetration testing salary

As with many in-demand tech security jobs, pen testers can command healthy salaries. The Infosec Institute has a good overview of compensation across geographical regions in the US and job titles , with the big picture being that most pen testers can expect salaries in the low six figures. As of December 2021, Indeed.com pegs the average base salary for a penetration tester in the United States at about $111,000 , while Glassdoor puts it at just over $102,000 . Either way, this is clearly a job with potential, so don’t be afraid to pursue it if you find the world of ethical hacking intriguing.

Related content

The 18 biggest data breaches of the 21st century, boost security and control at every stage of the cloud application lifecycle, ciso budget survey: modest increases in 2024, white house brands bgp routing a ‘national security concern’ as it unveils reform roadmap, from our editors straight to your inbox.

Josh Fruhlinger is a writer and editor who lives in Los Angeles.

More from this author

15 infamous malware attacks: the first and the worst, was ist social engineering, so geht tabletop exercise, what is the cia triad a principled framework for defining infosec policies, sbom erklärt: was ist eine software bill of materials, crisc certification: exam, requirements, training, potential salary, tabletop exercise scenarios: 10 tips, 6 examples, what is swatting criminal harassment falsely involving armed police, show me more, transport for london continues to struggle with cyber attack.

Application detection and response is the gap-bridging technology we need

5G and SASE: Reimagining WAN Infrastructure

CSO Executive Sessions: Guardians of the Games - How to keep the Olympics and other major events cyber safe

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands

CSO Executive Sessions: DocDoc’s Rubaiyyaat Aakbar on security technology

CSO Executive Sessions: Hong Kong Baptist University’s Allan Wong on security leadership

CSO Executive Sessions: EDOTCO’s Mohammad Firdaus Juhari on safeguarding critical infrastructure in the telecommunications industry

Sponsored Links

• OpenText Financial Services Summit 2024 in New York City!
• Visibility, monitoring, analytics. See Cisco SD-WAN in a live demo.

McCombs School of Business

• Español ( Spanish )

Videos Concepts Unwrapped View All 36 short illustrated videos explain behavioral ethics concepts and basic ethics principles. Concepts Unwrapped: Sports Edition View All 10 short videos introduce athletes to behavioral ethics concepts. Ethics Defined (Glossary) View All 58 animated videos - 1 to 2 minutes each - define key ethics terms and concepts. Ethics in Focus View All One-of-a-kind videos highlight the ethical aspects of current and historical subjects. Giving Voice To Values View All Eight short videos present the 7 principles of values-driven leadership from Gentile's Giving Voice to Values. In It To Win View All A documentary and six short videos reveal the behavioral ethics biases in super-lobbyist Jack Abramoff's story. Scandals Illustrated View All 30 videos - one minute each - introduce newsworthy scandals with ethical insights and case studies. Video Series

Case Study UT Star Icon

Cardinals’ Computer Hacking

St. Louis Cardinals scouting director Chris Correa hacked into the Houston Astros’ webmail system, leading to legal repercussions and a lifetime ban from MLB.

Chris Correa was a computer whiz who loved sports and worked in the scouting department of the St. Louis Cardinals. His skills and judgment led him to be promoted, and he became the Cardinals’ scouting director in charge of the amateur draft.

In 2011, two of Correa’s colleagues, who were higher up in the Cardinal’s management, left the team to take top jobs with a rival team – the Houston Astros. Jeff Luhnow became the Astros’ general manager and Sig Mejdal took the job of director of decisions sciences. Correa now says that he was worried that these men might have taken important information, including data and algorithms that the Cardinals had spent a lot of time and money to develop, to the Astros. And he thought they might be using the information against the Cardinals.

One day, Correa guessed Mejdal’s password and used it to hack into the Astros’ webmail system. He accessed the Astros’ webmail at least 48 times (sometimes for as long as two hours at a time) over the next few years. He stole information, such as the Astros’ scouting reports, draft rankings, and trade discussions. Correa also took steps to cover up his actions. But eventually, he was discovered. In 2014, it appears that Correa leaked internal Astros’ trade talk notes to the prominent sports blog Deadspin, which caused the Astros to realize that their system had been compromised.

The FBI was called in. After some investigation, the U.S. Department of Justice charged Correa with five violations of the Computer Fraud and Abuse Act. Correa pled guilty in early 2016 and was sentenced to 46 months in prison. He was ordered to pay the Astros $279,038 in restitution.  Later, the Major League Baseball (MLB) Commissioner, Rob Manfred, imposed a lifetime ban on Correa from working in MLB. Manfred also fined the Cardinals $2 million, although there is no solid evidence that anyone other than Correa was involved in the hacking.

At his sentencing, Correa signed a document admitting that he had caused $1.7 million worth of losses to the Astros. However, whatever damage Correa did failed to prevent the Astros from being one of MLB’s best teams from (at least) 2016 to 2022. The Astros won the World Series in 2017 and returned to the Series, but lost, in 2019 and 2021.

When Correa was interviewed in prison, he could not remember where he had been (at home? in his Cardinals’ office?) when he had first hacked into the Astros’ internal database. And when interviewed in prison by sportswriter Ben Reiter, Correa later tried to reconstruct his crime, asking: “Why am I here?”

Discussion Questions

• Reiter writes: “While [Correa] knew what he was doing wasn’t right, he never thought that it could be a crime. ‘It was all in the context of a game, to me,’ he says. ‘When a pitcher throws at a batter’s chest, nobody runs to the local authorities and tries to file an assault charge. I’m not making excuses. I’m trying to explain where my head was at, as I now understand it. If another team does something wrong, you retaliate. That’s the lens through which I mistakenly viewed it, and I used that to give myself permission. It was wrong.’” It appears that Correa did not have ethics in his frame of reference when he launched his hacking scheme. Does it appear to you that he had a framing problem? Explain.
• If you suspect that someone has broken into your house and stolen something, are you morally and/or legally justified in breaking into their house to see if you can locate your stuff there? The judge who sentenced Correa didn’t think so. Do you? Why or why not?
• Reiter also writes: “There is another theory to explain Correa’s actions. It is that even if his intrusions came from a feeling that the Cardinals had themselves been violated, he used that to justify behavior that turned into something like a compulsion, rooted in both voyeurism and the fact that the information acquired by illicitly peering into a chief rival’s brain—and seeing the basis for every decision it made—provided an undeniable advantage to both the Cardinals and his own career.” If you have viewed the video on the self-serving bias , would you think that it might sometimes provide subconscious motivation for people to downplay ethics—to drop it out of their frame of reference– when they make decisions? Explain why or why not.
• Later, Correa had a realization: “What was really surreal to me was when I stood back and recognized how essentially disrespectful my behavior was of the people whose privacy I violated.” If you are blind to the impact that your actions have on others, do you automatically have a framing problem? Explain.
• At the end of the day, Correa seems to be another good person who did a bad thing and has paid a serious price.  At sentencing, he said that this was “the worst thing I’ve done in my life by far, and I am overwhelmed with remorse and regret.” Famed player and coach Leo Durocher once said: “Winning isn’t everything.  It’s the only thing.”  Did Durocher also have a framing problem? Was he right, or should winning  with honor be the only thing? What is your view? Explain.

Related Videos

Framing: Sports Edition

Our frame of reference can impact our understanding of the facts and influence our moral decisions. In sports, maintaining ethics in our frame of reference can be challenging, especially when winning is the goal.

Bibliography

Associated Press, “ Christopher Correa, Former Cardinals Executive, Sentenced to Four Years for Hacking Astros’ Database,”   New York Times , July 18, 2016.

Robert Patrick, “ Cardinals Hacker Tells judge ‘Scrawny’ Player’s Name was Key to Unlocking Astros’ Data ,”  St. Louis Post Dispatch , Jan. 24, 2016.

Ben Reiter, “ What Happened to the Houston Astros’ Hacker? ,”  Sports Illustrated , Oct. 4, 2018.

U.S. v. Christopher Correa, Criminal No. H15-679 (S.D.Tex. Dec. 22, 2015) (indictment), available at  https://www.documentcloud.org/documents/2680399-ChrisCorreaIndictment.html .

Stay Informed

Support our work.

Ethical hacking is the use of hacking techniques by friendly parties in an attempt to uncover, understand and fix security vulnerabilities in a network or computer system. 

Ethical hackers have the same skills and use the same tools and tactics as malicious hackers, but their goal is always to improve network security without harming the network or its users.

In many ways, ethical hacking is like a rehearsal for real-world cyberattacks . Organizations hire ethical hackers to launch simulated attacks on their computer networks. During these attacks, the ethical hackers demonstrate how actual cybercriminals break into a network and the damage they could do once inside.

The organization’s security analysts can use this information to eliminate vulnerabilities, strengthen security systems and protect sensitive data.

The terms "ethical hacking" and " penetration testing " are sometimes used interchangeably. However, penetration tests are only one of the methods that ethical hackers use. Ethical hackers can also conduct vulnerability assessments, malware analysis and other information security services.

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM X-Force Threat Intelligence Index.

Register for the Cost of a Data Breach report

Ethical hackers follow a strict code of ethics to make sure their actions help rather than harm companies. Many organizations that train or certify ethical hackers, such as the International Council of E-Commerce Consultants (EC Council), publish their own formal written code of ethics. While stated ethics can vary among hackers or organizations,  the general guidelines are:

• Ethical hackers get permission from the companies they hack:  Ethical hackers are employed by or partnered with the organizations they hack. They work with companies to define a scope for their activities including hacking timelines, methods used and systems and assets tested. 
• Ethical hackers don't cause any harm:   Ethical hackers don't do any actual damage to the systems they hack, nor do they steal any sensitive data they find. When white hats hack a network, they're only doing it to demonstrate what real cybercriminals might do. 
• Ethical hackers keep their findings confidential:   Ethical hackers share the information they gather on vulnerabilities and security systems with the company—and only the company. They also assist the company in using these findings to improve network defenses.
• Ethical hackers work within the confines of the law:   Ethical hackers use only legal methods to assess information security. They don't associate with black hats or participate in malicious hacks.

Relative to this code of ethics, there two other types of hackers.

Outright malicious hackers Sometimes called ‘black hat hackers,’ malicious hackers commit cybercrimes with for personal gain, cyberterrorism or some other cause. They hack computer systems to steal sensitive information, steal funds, or disrupt operations.

Unethical ethical hackers Sometimes called ‘gray hat hackers’ (or misspelled as ‘grey hat hackers’) these hackers use unethical methods or even work outside the law toward ethical ends. Examples include attacking a network or information system without permission to test an exploit, or publicly exploiting a software vulnerability that vendors will work on a fix. While these hackers have good intentions, their actions can also tip off malicious attackers to new attack vectors.

Ethical hacking is a legitimate career path. Most ethical hackers have a bachelor's degree in computer science, information security, or a related field. They tend to know common programming and scripting languages like python and SQL.

They’re skilled—and continue to build their skills—in the same hacking tools and methodologies as malicious hackers, including network scanning tools like Nmap, penetration testing platforms like Metasploit and specialized hacking operating systems like Kali Linux.

Like other cybersecurity professionals, ethical hackers typically earn credentials to demonstrate their skills and their commitment to ethics. Many take ethical hacking courses or enroll in certification programs specific to the field. Some of the most common ethical hacking certifications include:

Certified Ethical Hacker (CEH): Offered by EC-Council, an international cybersecurity certification body, CEH is one of the most widely recognized ethical hacking certifications.

CompTIA PenTest+: This certification focuses on penetration testing and vulnerability assessment.

SANS GIAC Penetration Tester (GPEN): Like PenTest+, the SANS Institute's GPEN certification validates an ethical hacker's pen testing skills.

Ethical hackers offer a range of services.

Penetration testing

Penetration tests, or "pen tests," are simulated security breaches. Pen testers imitate malicious hackers that gain unauthorized access to company systems. Of course, pen testers don't cause any actual harm. They use the results of their tests to help defend the company against real cybercriminals.

Pen tests occur in three stages:

1. Reconnaissance

During the recon stage, pen testers gather information on the computers, mobile devices, web applications, web servers and other assets on the company's network. This stage is sometimes called "footprinting" because pen testers map the network's entire footprint. 

Pen testers use manual and automated methods to do recon. They may scour employees' social media profiles and GitHub pages for hints. They may use tools like Nmap to scan for open ports and tools like Wireshark to inspect network traffic. If permitted by the company, they may use social engineering tactics to trick employees into sharing sensitive information.

2. Staging the attack

Once the pen testers understand the contours of the network—and the vulnerabilities they can exploit—they hack the system. Pen testers may try a variety of attacks depending on the scope of the test. Some of the most commonly tested attacks include:   

– SQL injections: Pen testers try to get a webpage or app to disclose sensitive data by entering malicious code into input fields.

– Cross-site scripting: Pen testers try planting malicious code in a company's website.

– Denial-of-service attacks: Pen testers try to take servers, apps and other network resources offline by flooding them with traffic.

– Social engineering: Pen testers use phishing, baiting, pretexting, or other tactics to trick employees into compromising network security. 

During the attack, pen testers explore how malicious hackers can exploit existing vulnerabilities and how they can move through the network once inside. They find out what kinds of data and assets hackers can access. They also test whether existing security measures can detect or prevent their activities.

At the end of the attack, pen testers cover their tracks. This serves two purposes. First, it demonstrates how cybercriminals can hide in a network. Second, it keeps malicious hackers from secretly following the ethical hackers into the system.

3. Reporting

Pen testers document all their activities during the hack. Then, they present a report to the information security team that outlines the vulnerabilities they exploited, the assets and data they accessed and how they evaded security systems. Ethical hackers make recommendations for prioritizing and fixing these issues as well. 

Vulnerability assessments

Vulnerability assessment is like pen testing, but it doesn't go as far as exploiting the vulnerabilities. Instead, ethical hackers use manual and automated methods to find, categorize and prioritize vulnerabilities in a system. Then they share their findings with the company. 

Malware analysis

Some ethical hackers specialize in analyzing ransomware and malware strains. They study new malware releases to understand how they work and share their conclusions with companies and the broader information security community. 

Risk management

Ethical hackers may also assist with high-level strategic risk management . They can identify new and emerging threats, analyze how these threats impact the company’s security posture and help the company develop countermeasures.  

While there are many ways to assess cybersecurity, ethical hacking can help companies understand network vulnerabilities from an attacker's perspective. By hacking networks with permission, ethical hackers can show how malicious hackers exploit various vulnerabilities and help the company discover and close the most critical ones.

An ethical hacker's perspective may also turn up things that internal security analysts might miss. For example, ethical hackers go toe-to-toe with firewalls, cryptography algorithms, intrusion detection systems (IDSs) , extended detection systems (XDRs)  and other countermeasures. As a result, they know exactly how these defenses work in practice—and where they fall short—without the company suffering an actual data breach . 

IBM® X-Force® Red provides penetration testing for your applications, networks, hardware and personnel to uncover and fix vulnerabilities that expose your most important assets to attacks.

Offensive security services include penetration testing, vulnerability management and adversary simulation to help identify, prioritize and remediate security flaws that cover your entire digital and physical ecosystem.

Adopt a vulnerability management program that identifies, prioritizes and manages the remediation of flaws that could expose your most-critical assets.

The X-Force Threat Intelligence Index offers CISOs, security teams and business leaders actionable insights to help understand how threat actors wage attacks and how they can proactively protect organizations.

This report provides valuable insights into the threats that you face, along with practical recommendations to upgrade your cybersecurity and minimize losses.

A security operations center improves an organization's threat detection, response and prevention capabilities by unifying and coordinating all cybersecurity technologies and operations.

IBM Researchers have discovered new threats and developed actionable defenses for a different type of AI model called deep generative models (DGMs). DGMs are an emerging AI tech capable of synthesizing data from complex, high-dimensional manifolds.

Network security is the field of cybersecurity focused on protecting computer networks from cyber threats. Network security safeguards the integrity of network infrastructure, resources and traffic to thwart attacks and minimize their financial and operational impact.

Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface.

The IBM X-Force Red global team offers a full range of offensive security services—including penetration testing, vulnerability management and adversary simulation—to help identify, prioritize and remediate security flaws covering your entire digital and physical ecosystem.

• Resource Center
• Ethical hacking: Wireless hacking with Kismet

To continue our ethical hacking series, we are now going to dive deeper into the process of wardriving, wireless hacking and the roles that the Linux tool Kismet plays in an ethical hacker’s toolbox. 

We have all heard that it is important to secure your wireless network with WPA2 encryption, channel control and a strong, non-default password. But why? What sort of attacks are organizations and individuals actually protecting themselves against?

FREE role-guided training plans

In short, whether a hacker has a target in mind or they are on the lookout for any vulnerable device worth attacking, wireless networks are a common vector to exploit. In either case, hackers — both black- and white-hat hackers — can use a powerful and highly configurable tool called Kismet to identify potential target wireless networks, capture specific information about that network to use with other tools and develop a plan to further penetrate that network.

Because wireless networks are meant for convenience and flexibility, hackers are able to turn these advantages for users into potential vulnerabilities for their own use. For example: Without prior knowledge of a target’s network or user credentials, a penetration tester can “sniff” out a network, watch its packet traffic, identify specific routers and then utilize a variety of different techniques to gain access to them to further their goals.

So just how can an ethical hacker use Kismet? Let’s dive right in.

Overview of Kismet

In short, Kismet is a very powerful wireless sniffing tool that is found in Kali Linux. This is an open-source tool very familiar to ethical hackers, computer network security professionals and penetration testers. While it can run on Windows and macOS, most users prefer to run Kismet on Linux because of a bigger range of configurations and drivers available. Wirelessly, Kismet is able to sniff 802.11a/b/g/n traffic. 

Of course, Kismet can be used for more benign purposes, such as for wireless network scanning and even intrusion detection. It is most often used for its “RFMON” or ”radio frequency monitoring” mode. Kismet’s ability to facilitate RFMON means that a user is able to monitor traffic and identify wireless networks without having to associate with an access point, which is common for Wireshark, NetScout or Aircrack packet-sniffing tools. In other words, Kismet is able to display all of the packets it captures and not just those specific to one access point broadcasting under one Service Set Identifier (SSID).

In addition to its configurability and broad packet capture ability, Kismet’s ability to capture packets without leaving any signs that it is in use makes it a popular ethical hacking tool.

Wireless network identification

A wireless access point (WAP) broadcasting its signal and SSID is easy for any device with a wireless card to detect. On the other hand, some individuals and organizations choose to attempt to hide or not broadcast their SSID in an effort to be more secure. 

In either case, Kismet is able to identify wireless network traffic as packets are traversing its antennae, giving hackers the ability to identify potential targets as they move. This is a technique called wardriving and is possible because Kismet is limited solely by the ability of the wireless network interface controller (WNIC) to catch packets based on the range and strength of the WAP(s) broadcasting. 

Of course, there is a downside to this ability: a hacker will have to know what they are looking for and potentially wade through a lot of network traffic to find the information that they need.

Kismet and penetration testing

Kismet is also a powerful tool for penetration testers that need to better understand their target and perform wireless LAN discovery. Although it should not be the only tool and technique employed, Kismet is able to identify WAPs in use, SSIDs and the type of encryption used on a network. With this information, penetration testers can use additional open-source tools to gain additional access and privileges into the network. 

To facilitate this, Kismet has built-in reporting and network summarizing features which a penetration tester or hacker can use to evaluate for common trends in network usage, network strength and WAP configuration. Additionally, users can set Kismet to trigger an audio or pop-up alert if a certain condition is met, so further action — defensive or offensive — can be taken. 

Taking the Next Step

So how do ethical hackers and penetration testers make use of the data they have captured in Kismet? While there is no one way to move forward, there are three common paths: MAC address spoofing, packet injection and wireless encryption protection (WEP) cracking.

The first path is simple. As Kismet is operating, it is capturing network traffic and the devices that are connected to the WAP (including their MAC address) as packets are flying through the air. From here, hackers can change their own Wi-Fi router hardware to mimic a target network device and wait for a target WAP to reestablish a connection with that device, effectively connecting the hacker to the Wi-Fi network under certain conditions. This MAC address “spoofing” effectively tricks the router into believing the hacker’s device is legitimate, bypassing any MAC address-based filtering access controls that may be in place.

Another way for an ethical hacker to build off of Kismet’s functionality is to use it to facilitate packet injection. Packet injection, or spoofing packets, is when a hacker interferes with a network or server connection by first collecting legitimate packet traffic and then either intercepting packets that may contain useful data, such as handshakes or content, or by inserting additional traffic for man-in-the-middle, denial-of-service or distributed-denial-of-service attacks.

A third potential Kismet-enabled hacker tool is WEP password cracking. With the information obtained by Kismet (namely the type of encryption, SSID, signal strength, devices connected and WAPs), a hacker can then use other open source tools like BackTrack or Reaver. Each of these tools will capture network traffic in a way similar to Kismet, but the information gained by Kismet will allow a tool like BackTrack to narrow its collection and, over time, potentially collect enough information to attempt to crack the WEP password.

Other Kismet deployments

Finally, Kismet has also been deployed by hackers and information security professionals in other capacities, including as an individual or series of drones, passive sensors or in coordination with geographic network mapping. 

Because of its open-source availability and configurability, Kismet has also been installed to serve as a drone, either on its own or within a network of several machines. These drones continuously collect data from WAPs in the area and send it back to a central server for logging and even alerting, based on established criteria. This can allow network security professionals to evaluate the footprint of their WAPs or be used to monitor for the presence of specific devices, WAPs or other packets that a hacker may be interested in.

Another way that ethical hackers and information security professionals can use Kismet is in coordination with the tool’s native mapping capability. As it is capturing data, the Kismet native data format allows it to integrate nicely with mapping applications, especially Kismet’s own GPSMap feature. GPSMap uses its own WAP and network data as well as online repositories to overlay Kismet data onto them. Other repositories, such as WiGLE, can be used to identify other SSIDs and networks of interest, which can be used in coordination with a user’s own packet capture. 

Armed with this information, a hacker can continue their wardriving, better understand their network environment or use openly available data to find potential vulnerabilities. 

Whether you are in the penetration testing or ethical hacking business, Kismet is a must-have tool to understand and have in your toolbox. It can enable techniques such as wardriving, GPS mapping, network reporting and alerts, and more advanced actions such as packet injection and DOS. 

By understanding Kismet and its strengths, any cybersecurity professional can go a long way toward understanding their target, its vulnerabilities and what a potential attacker may see if they have more dangerous intentions. 

• An Introduction To The Kismet Packet Sniffer , Linux.com
• Check and Enable Monitor Mode Packet Injection in Kali Linux , Kali4Hacking

Patrick’s background includes cyber risk services consulting experience with Deloitte Consulting and time as an Assistant IT Director for the City of Raleigh. Patrick also has earned the OSCP, CISSP, CISM, and Security+ certifications, holds Master's Degrees in Information Security and Public Management from Carnegie Mellon University, and assists with graduate level teaching in an information security program.

Patrick enjoys staying on top of the latest in IT and cybersecurity news and sharing these updates to help others reach their business and public service goals.

In this Series

How to become a hacker? Step-by-step guide to do it right

The rise of ethical hacking: Protecting businesses in 2024

How to crack a password: Demo and video walkthrough

Inside Equifax's massive breach: Demo of the exploit

• Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
• How to hack mobile communications via Unisoc baseband vulnerability
• How to build a hook syscall detector
• Top tools for password-spraying attacks in active directory networks
• NPK: Free tool to crack password hashes with AWS
• Tutorial: How to exfiltrate or execute files in compromised machines with DNS
• Top 19 tools for hardware hacking with Kali Linux
• 20 popular wireless hacking tools [updated 2021]
• 13 popular wireless hacking tools [updated 2021]
• Man-in-the-middle attack: Real-life example and video walkthrough
• Decrypting SSL/TLS traffic with Wireshark [updated 2021]
• Dumping a complete database using SQL injection [updated 2021]
• Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
• Hacking communities in the deep web [updated 2021]
• How to hack Android devices using the StageFright vulnerability [updated 2021]
• Hashcat tutorial for beginners [updated 2021]
• How to hack a phone charger
• What is a side-channel attack?
• Copy-paste compromises
• Hacking Microsoft teams vulnerabilities: A step-by-step guide
• PDF file format: Basic structure [updated 2020]
• 10 most popular password cracking tools [updated 2020]
• Popular tools for brute-force attacks [updated for 2020]
• Top 7 cybersecurity books for ethical hackers in 2020
• How quickly can hackers find exposed data online? Faster than you think …
• Hacking the Tor network: Follow up [updated 2020]
• Podcast/webinar recap: What's new in ethical hacking?
• Ethical hacking: TCP/IP for hackers
• Ethical hacking: SNMP recon
• How hackers check to see if your website is hackable
• Ethical hacking: Stealthy network recon techniques
• Getting started in Red Teaming
• Ethical hacking: IoT hacking tools
• Ethical hacking: BYOD vulnerabilities
• Ethical hacking: How to hack a web server
• Ethical hacking: Top 6 techniques for attacking two-factor authentication
• Ethical hacking: Port interrogation tools and techniques
• Ethical hacking: Top 10 browser extensions for hacking
• Ethical hacking: Social engineering basics
• Ethical hacking: Breaking windows passwords
• Ethical hacking: Basic malware analysis tools
• Ethical hacking: How to crack long passwords
• Ethical hacking: Passive information gathering with Maltego
• Ethical hacking: Log tampering 101
• Ethical hacking: What is vulnerability identification?
• Ethical hacking: Breaking cryptography (for hackers)
• Certified Ethical Hacking Course: CEH Certification Boot Camp
• Advanced Ethical Hacking Training Boot Camp
• Cloud Penetration Testing Training Boot Camp
• Mobile and Web Application Penetration Testing Training Boot Camp

Get certified and advance your career

• Exam Pass Guarantee
• Live instruction
• CompTIA, ISACA, ISC2, Cisco, Microsoft and more!

Ethical hackers handed lifeline in controversial US cyber crime review

The DoJ's latest ruling is a boon to "good-faith security research" but some argue that white hats are still not protected

The US Department of Justice (DoJ) has announced that it will no longer prosecute ethical hackers under its anti-cyber crime law, the Computer Fraud and Abuse Act (CFAA).

The landmark change comes after a policy revision, stipulating that cyber security research conducted in “good faith” should not be prosecutable, came into force on Thursday.

What is ethical hacking? White hat hackers explained What is the Computer Misuse Act? 80% of cyber professionals say the Computer Misuse Act is working against them

There is no concrete guidance on what type of activity falling under the umbrella of ‘cyber security research’ is protected or unprotected under the new policy revision, but security researchers acting in a way that intentionally avoids harm will not be charged under the CFAA.

Cyber security researchers have previously been fearful of reporting security vulnerabilities in the past out of fear of being charged under the Act, but the US is now adopting a fresh perspective, saying vulnerabilities that are discovered responsibly benefit “the common good”.

“Computer security research is a key driver of improved cybersecurity,” said Lisa O. Monaco, deputy attorney general. “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cyber security by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The majority of security researchers (60%) speaking to Bugcrowd in 2020 said they had not reported security vulnerabilities they found in the past due to fear of being prosecuted under the CFAA.

The law has also threatened other areas of cyber security such as legitimate penetration testing . Security professionals working for Coalfire in 2019, for example, were handed criminal charges for breaking into Iowa’s Dallas County courthouse after being contracted by the state of Iowa.

Get the ITPro. daily newsletter

Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.

The charges were ultimately dropped but the CFAA, which was drafted in 1986, well before the modern internet , has always threatened ethical security research.

The UK’s equivalent legislation, the Computer Misuse Act (CMA), has been criticised in the past for also not legally accepting ethical hacking as a benefit to society and industry.

Drafted in 1990 but currently under review, the CMA has been labelled an outdated piece of legislation and like the CFAA up until this week, it too outlaws good-faith ethical hacking.

The state of email security 2022

Confronting the new wave of cyber attacks

FREE DOWNLOAD

A recent report from the CyberUp campaign, in partnership with techUK, showed that 80% of legitimate cyber security researchers have worried about being punished under the CMA while defending cyber attacks.

Ethical hacking’s protection from the CFAA received a boost last year in a significant ruling in the Van Buren vs United States case.

In it, the US Supreme Court ruled that a law enforcement officer, bribed by an outside individual, did not break any laws under the CFAA in accessing information from a computer for unsanctioned reasons.

Although Van Buren was authorised to access a police database, he was not authorised to hand over confidential information to an outside party in exchange for money, but the ruling meant he could not be prosecuted under the CFAA, leading onlookers to believe this could lead to positive implications for ethical hackers.

The latest policy revision to the CFAA has been greeted warmly by the cyber security community. Brian Higgins, security specialist at Comparitech, told IT Pro that “this is definitely a step in the right direction by the US authorities”.

“It’s unreasonable to place such disproportionate restrictions on a vital community of professionals, the majority of whom operate to high standards of ethics and integrity,” he said.

“Taking the gloves off, even to this extent, will allow a better understanding of the threats we face and the best way to defend against them. This proactive development in the United States will undoubtedly attract a lot of scrutiny from the international community, the majority of whom will be seeking to follow suit in some fashion.”

The DoJ said that individuals claiming to be conducting security research “is not a free pass for those acting in bad faith”. It used an example of extorting other people after discovering a vulnerability, all in the name of research, which would not be protected under the policy revision.

“Hacking itself, using its current common definition rather than the original, isn't inherently good or evil. Using it for profit and abuse is evil,” said Sam Curry, chief security officer at Cybereason to IT Pro . “Breaking the law is evil. But using it to improve security is a vital function without which we really can't resist the darker kind. In the world of cyber, this is great news for white hats and gives a ray of hope to some grey hats too.”

Although greeted warmly by many, other corners of the industry have criticised the DoJ for not making more allowances in its policy review.

Not setting a clear line as to what constitutes an offence in the process of ethical hacking, and what doesn’t, is the main point of contention for the Electronic Frontier Foundation (EFF), which said that it would be better if there was a technological restriction defendants would have to defeat in order to be charged under the CFAA.

“Instead of this clear line, the new policy explicitly names scenarios in which written policies may give rise to a criminal CFAA charge, such as when an employee violates a contract that puts certain files off limits in all situations, or when an outsider receives a cease-and-desist letter informing them that their access is now unauthorised,” it said .

The EFF also criticised the DoJ for saying that security research should be conducted “solely” in good faith, and it excludes “a lot of how research happens in the real world”.

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.

Compliance: How the channel can deliver optimal enterprise solutions tailored to evolving regulations

British SMBs are glaringly unprotected – will the new Cyber Security and Resilience Bill be enough to raise the bar?

Microsoft patches rollback flaw in Windows 10

Most Popular

AMD EPYC™ 9004 and 8004 series CPUpower management

Embracing the future of financial services

The human factor report 2023

Cloud in the crosshairs

• 2 Object First names Pete Hannah as sales chief for Western Europe
• 3 Sovereign cloud demand is “truly global” according to Oracle — and the company is well placed to capitalize on it
• 4 Data centers will now be classed as critical national infrastructure in the UK
• 5 Supporting scalability

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

Active Defense and “Hacking Back”: A Primer

• Scott Berinato

If we can’t stop the bad guys on the internet, should we take the fight to them?

In the lead piece in this package, Idaho National Lab’s Andy Bochman puts forth a provocative idea: that no amount of spending on technology defenses can secure your critical systems or help you keep pace with hackers. To protect your most valuable information, he argues, you need to move beyond so-called cyber hygiene, the necessary but insufficient deployment of security software and network-monitoring processes.

The good news: Companies are stopping more attacks than ever before. We bet you can guess the bad news.

• Scott Berinato is a senior editor at Harvard Business Review and the author of Good Charts Workbook: Tips Tools, and Exercises for Making Better Data Visualizations and Good Charts: The HBR Guide to Making Smarter, More Persuasive Data Visualizations .

Partner Center

Ethical Hacking - Science topic

• Recruit researchers
• Join for free
• Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

We Value Your Privacy

We use technology such as cookies on our website, and through our partners, to personalize content and ads, provide social media features, and analyse our traffic. To find out more, read our privacy policy and Cookie Policy . Please also see our Terms and Conditions of Use . By accepting these terms you agree to your information being processed by Inbox Insight, its Partners or future partners, that you are over 18, and may receive relevant communications through this website, phone, email and digital marketing. For more information on how we process your data, or to opt out, please read our privacy policy . Our policies and partners are subject to change so please check back regularly to stay up to date with our terms of use and processing.

Authors and brands

Featured content.

• Ethical Hacking 101: 5 Times They Saved the Day

Tech Insights for Professionals The latest thought leadership for IT pros

Ethical hacking can be instrumental in helping businesses discover where their vulnerabilities lie. Here are five occasions when they've proven essential.

Cyber security incidents continue to be a major risk for companies of all sizes. According to a recent survey from IFP , around seven in ten businesses (76%) recorded up to 100 attacks between 2021 and 2022, while research from IBM suggests the typical cost of these incidents has reached $4.24 million - the highest figure on record.

Yet despite this, many businesses remain poorly prepared to face such an incident.

While the popular image of a hack is of a large-scale, multifaceted attack that uses complex code and requires significant expertise, the truth for many businesses is far more mundane. Most data security breaches can be traced to a few easily solvable issues that, if identified and fixed quickly, can shut down many potential avenues of attack.

However, finding these problems is often easier said than done. So how do you know where your potential vulnerabilities lie ? The answer is to turn to an ethical hacker.

What is ethical hacking?

Ethical hacking involves an outside party attempting to hack into a business' network in much the same way as a malicious hacker would. While they’ll have permission from the company to do this, they’re free to choose their own methods and targets to simulate a real-world attack as closely as possible.

It's sometimes used interchangeably with penetration testing, but there are a few key differences . The main one is that penetration testers usually have a specific brief to work to. For instance, they may be asked to examine a certain system or network to determine the effectiveness of its defenses.

Learn more: 9 Penetration Testing Tools The Pros Use

An ethical hacker , on the other hand, has a much broader remit, and will use any and all techniques at their disposal to bypass defenses. This makes it a much more valuable real-world test, as there are no artificial constraints holding them back.

The 3 types of hacker

There are a few different kinds of hacker , generally classified by how malicious their intentions are. In IT parlance, they're described in reference to the old Western movie tradition of the color of characters' hats identifying who are the good guys and the bad guys. They are:

• White hat hackers: White hat hackers are experienced hackers who have no intent to harm the organization they target, and are instead looking to find weaknesses and security flaws and inform them of any issues. They’re often hired directly by an organization for their hacking skills, and so are not breaking the law as they have permission to hack into a network.
• Black hat hackers : Black hat hackers are malicious individuals looking to break into networks for personal gain, such as stealing financial details or other valuable data they can profit from. These are the malicious hackers your security teams need to stop.
• Gray hat hackers: The middle ground, gray hat hackers are often motivated by curiosity or fun rather than profit. They don't usually have malicious intentions, but work without the approval of organizations, so their activities are illegal. Some may take advantage of bug bounty programs if they find anything, while others may turn towards black hat methods or public disclosure if any warnings go ignored.
• Blue hat hackers : Blue hat hackers, much like green hat hackers are skilled individuals are often employed by companies to perform penetration testing, which involves intentionally attempting to exploit a weak spot or critical vulnerability within the security system. Interestingly, the term 'blue hat' is also used in some circles to denote malicious hackers seeking revenge.
• Green hat hackers: Finally, green hat hackers are individuals who use their hacking skills primarily to enhance their knowledge and expertise in the field of cyber security. Unlike malicious hackers who seek financial gain or aim to cause damage, green hat hackers aspire to become experienced professionals in the industry. They are often newcomers, eager to learn and develop their abilities.

How does ethical hacking work?

Many ethical hackers work as contractors, and there are a number of qualifications and certifications to prove their credentials, with one of the most well-recognized being the EC-Council's Certified Ethical Hacker .

Because they’re independent of the organization, they’ll have no preconceived notions of its strengths and weaknesses, allowing them to take a more objective approach and review the entirety of a firm's defenses for vulnerabilities.

Once engaged to attack a business, an ethical hacker will usually follow a common procedure when looking to break into a network. This will involve a range of tactics, from passive reconnaissance of a system in order to identify any weaknesses, to a range of direct attacks.

4 key ethical hacking techniques

Ethical hackers use a wide range of techniques to conduct their work and find security vulnerabilities. Among the most common are:

• Web application hacking: This seeks to exploit security vulnerabilities within web apps, using techniques such as SQL Injection attacks , Cross Site Scripting (XSS) and Cross Site Request Forgeries (CSRF).
• Wireless hacking: Taking advantage of insecure networks such as Wi-Fi can offer a useful entry point for hackers, especially as remote working and the use of mobile devices becomes more popular.
• Social engineering : Employees remain the number one weakness in many firms, and ethical hackers can look to exploit this in ways security teams may not think of, from traditional tactics such as phishing to physically 'tailgating' them to gain unauthorized access to secure server rooms.
• System hacking : Hacking directly into critical business systems, for instance by stealing passwords, can give hackers access to some of a firm's most valuable and confidential material.

Why you need ethical hackers

Ethical hackers use the same techniques as criminals to try and gain access to your operating systems - except they won't steal any data and they'll tell you what you're doing wrong.

Many firms commission ethical hackers directly, but they can also be recruited via 'bug bounty' programs that incentivize independent hackers and security researchers to look for weaknesses.

The major benefit of ethical hacking is that it subjects your system to the same kind of attack that a genuine criminal would employ. Black hat hackers are always looking for new techniques and think outside the box in order to bypass defenses, and they’ll more than likely come up with ideas that internal security teams haven't thought of.

Indeed, because the people building the defenses are often too close to the project, it can be difficult to get a complete picture of how it functions in the real world. They may make assumptions about what paths criminals will take to gain unauthorized access that can be completely disproven by an ethical hacker. Taking an attacker's point of view gives great perspective on where security vulnerabilities lie, as what may be an immediately obvious weakness to an outsider can be easily overlooked by those within the business.

There are a number of common vulnerabilities that can be detected by ethical hackers, including:

• Poorly configured services
• Broken or weak authentication processes
• Input validation errors that can be used for injection attacks or even social engineering weaknesses, where employees are tricked into giving up access credentials

Their findings can then be used to close any security holes and avoid potentially costly data breaches.

5 times ethical hackers have saved the day

If you're still unsure, take a look at these real-world cases, where ethical hackers have uncovered security vulnerabilities and saved businesses from potentially serious repercussions.

1. Taking over social accounts

Vulnerabilities that can leak personal info need to be treated with the utmost seriousness - but they're not always where you might expect. For example, in 2019 a security researcher discovered a vulnerability in a popular WordPress plugin that shares content on social media. The hacker found it stored access tokens, allowing anyone to take over a user's Twitter feed and view their personal details.

2. Accessing cameras

Video services have become increasingly popular in recent years, and one of the most popular offerings is Zoom. However, it's had its share of security issues, including one vulnerability reported by an ethical hacker in 2019 that meant the service's Mac client could be used to initiate a user's camera and forcibly join a call without their permission.

At the time, around 750,000 companies used Zoom to manage meetings, though its popularity has risen amid the coronavirus pandemic and the need to work from home. Fortunately, Apple was able to quickly patch the issue once alerted.

3. Hacking the air force

Military organizations possess some of the world's most sensitive digital assets, but they don't take kindly to hackers poking about uninvited, so they regularly host sanctioned bug bounty events where hackers can search for weaknesses in a controlled environment.

In one of their most recent events, the United States Air Force handed out a total of $290,000 to security researchers who had uncovered more than 460 vulnerabilities in one of its platforms.

4. Bypassing payment limits

According to Mastercard more than half of all people in the US now use contactless payments. To ensure its security when authentication isn't required, these systems typically have spending limits, but two security researchers from Positive Technologies have identified how these can be bypassed.

They explained how flaws in Visa cards can allow users to go over the UK's spending limit without the need for further verification, regardless of the terminal or issuer. Given that £8.4 million was lost to contactless fraud in the UK in the first half of 2018 alone, any weaknesses in the safeguards for these solutions need to be fixed quickly.

5. Keeping connected cars secure

Internet of Things (IoT) technologies now control many parts of our lives, and one of the most common uses for the technology is in connected cars. Hackers have demonstrated on numerous occasions how it's possible for these systems to be taken over. One of the most notable was the vulnerability in Jeep's Uconnect onboard entertainment system , which hackers Charlie Miller and Chris Valasek used to access the car's central computer and take control of its steering, brakes and engine.

Clearly, the potential for danger in these settings is high, so Jeep's owner Fiat Chrysler had to recall 1.4 million Cherokees and issue a patch to close the vulnerability; the first time any company has made a major recall of a physical product due to a software issue.

Further reading:

• Endpoint Security: Eliminate Threats & Improve Visibility & Protection
• A Guide to Replacing Antivirus with Advanced Endpoint Security
• How to Create a Successful Cybersecurity Plan

Access the latest business knowledge in IT

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Join the conversation...

Further Reading

How to Prevent Ransomware from Becoming a Cyber Disaster

12 Types of Malware Threat and How to Prevent Them

How to Deal with a Ransomware Attack

The State of Enterprise Security in 2022/23 [Infographic]