The manufacturing company’s employees went to work every day under the watchful, protective eye of the security cameras placed throughout their offices. Most staff didn’t even know they were there. Unobtrusive black orbs secreted in corners, they were installed to protect the office after hours, a standard precaution to guard against thieves and vandals. But the cameras had a secret: they were no longer under the company’s control.
The off-the-shelf camera modules had been installed without updates to their system software, which had a default username and password that were freely available on the manufacturer’s website. Part of their basic installation included a web-based interface, where users could log in and control them. And now the hackers controlled them.
Panning and zooming, the hackers looked for angles that allowed them to see the keyboards of employees logging into their workstations and onto sensitive systems during the course of the work day. With freeze-frame and slow-motion, the hackers could see exactly what credentials the users were typing in.
With those credentials in hand, it was short work to log in to and compromise the network without ever setting foot inside the company offices.
Having completely taken over the company’s network, the hackers next did something a little odd: they wrote up the entire exploit in a report and handed it over to the company’s IT department, with recommendations on how to close the holes and improve system security. They were not, as it happened, ordinary hackers: they were ethical hackers, consultants hired to test and review the manufacturing company’s security systems.
Today, to distinguish the ethical hackers from the malicious, many in the industry use the term “white hat hacker” to refer to the good guys and “black hats” to refer to the bad guys.
Having done their job, the white hats rode off into the sunset, off to help the next client prepare to fend off the bad guys.
The Complicated History of Hacking for the Good Guys
The word “hacker” today conjures visions of shadowy figures hovering over keyboards in the dead of night, looking to steal credit card numbers or nuclear defense codes. But it wasn’t always so. The original hackers were computer scientists and students, exploring the forefront of modern technological innovation by finding ways to poke holes in it. Most such activities were more exploratory than malicious.
The idea of having hackers perform penetration tests to help secure networks originated with the National Security Agency and Department of Defense in the 1970s. Anticipating that malicious actors would attempt to penetrate government and defense industry systems to spy on them, groups of hackers called “tiger teams” hit those systems first, trying to find and fix the holes that others might later exploit.
Today’s ethical hackers are the spiritual descendants of those early tiger teams.
The Job of White Hat Hackers Begins at the Outer Limits of what Traditional Tools are Capable of
Automated scanners like Nessus and Metasploit can isolate most known vulnerabilities and common configuration problems that lead to security holes. Conducting such scans doesn’t require any special training or skill and thousands of cybersecurity engineers do so in the normal course of their duties each day.
But while white hat hackers might use some of those same scanning tools in their own role, doing so is merely a jumping off point for them. Ethical hacking involves more creativity and a deeper knowledge of both human psychology and hacking strategy than simply running a network scan.
In one instance, ethical hackers were charged with trying to penetrate a network with very few external services where there was virtually nothing to detect using a network scan. However, a web administration interface that the company’s web developer used to maintain the site was located there. A little judicious investigation of public company contact lists turned up the name and email address of the web developer. Some Googling pulled up his Facebook profile, where the hackers found a nickname used by the man’s friends. Further Googling of the nickname turned up a profile on a dating site called “Caucasian-Asian Love.” And from that profile, the hackers built up a word list of likely passwords and found one that the developer used for the web administration interface.
Making the sort of social and psychological connections required to tie all those profiles together is where white hat hackers excel.
Job Duties: A Day and Night in the Life of an Ethical Hacker
Working as an ethical hacker can be one of the most creative and fulfilling jobs available in cybersecurity. Few other industry professionals are allowed the same degree of latitude in their work or encouraged to break the constraints of the working environment like white hat hackers.
Broadly speaking, the job of a white hat hacker is to find vulnerabilities before the black hats can do so. The ethical hacker uses many of the same tools and goes through the same steps:
- Researching the intended target via both open-source and dark-web channels
- Scanning target networks and systems with commercial, open-source, or custom vulnerability scanners
- Designing a plan of attack that can include exploiting software vulnerabilities, systemic vulnerabilities, social manipulation, or any combination of those factors
Many of these activities may happen at odd hours, conforming to times when the target may be least monitored and most vulnerable. Sometimes work is performed on-site at the client company, and other times remotely via the Internet.
But it’s not all fun and games. Ethical hacking is a job, not a joy ride through other people’s networks. Ethical hackers are expected to carefully document the steps taken to uncover vulnerabilities and detail exactly how they were able to compromise client security systems. Long hours can be spent writing up reports in clear and concise language for corporate executives. And, after breaching a target, the ethical hacker might be expected to spend time with the hapless IT group that was just compromised, helping to advise and train them to avoid future penetrations.
Not all ethical hacking is strictly confined to penetration testing, however. Many ethical hackers spend a great deal of time either writing or examining computer code, to either look for or exploit flaws. They attempt to push systems and devices to accomplish tasks that the creators may not have envisioned. For instance, in 2011, an ethical hacker found an exploit in his own insulin pump that had the potential to allow attackers to command delivery of a fatal dose via wireless network.
How to Become an Ethical Hacker: Earning the Right Degree and Certification
There are a number of ways to land a job in ethical hacking, all of which are befitting to the unusual nature of the job. Some of the greatest hackers have been relatively weak in technical skills, instead relying on social engineering and common software tools to accomplish their feats.
Kevin Mitnick, now an ethical hacker and security consultant, was perhaps one of the best known black hat hackers in history. Mitnick had limited technical skills and primarily relied on talking people out of passwords or software to gain entry into secure systems.
If you are not a natural schmoozer, however, it’s more likely that a strong technical background and education would be the best way to prepare for a career in ethical hacking.
Most ethical hackers are able to find the flaws in systems because they are intimately familiar with the low-level operations of the hardware and software that comprises them. Consequently, most company’s hiring white hat hackers look for candidates who have in-depth coding or networking experience and advanced technical certifications, including:
A bachelor’s degree in computer science or computer engineering is typically viewed favorably, but graduate degrees in cybersecurity are increasingly coveted. Regardless of the degree, an in-depth, demonstrable familiarity with the basic building blocks of modern networks is mandatory. Candidates have to be knowledgeable at a deep level of Unix and Windows operating system fundamentals, the OSI (Open Systems Interconnection) model and TCP/IP (Transmission Control Protocol/Internet Protocol) stack.
There are also specialized ethical hacking certifications that carry considerable weight with hiring managers:
- EC-Council’s Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- GIAC’s Penetration Tester (GPEN)
Finally, a familiarity with computer security precepts and the hacker scene are viewed favorably. Successful candidates will probably know the OWASP (Open Web Application Security Project) Top Ten list by heart and they may have accounts on various shadowy darknet message boards frequented by thieves and black hat hackers.
Ethical hackers are natural puzzle solvers, and hiring managers often want to see a demonstration of this talent. Even candidates with the best qualifications on paper will be subject to elaborate challenges during the interview process as hiring managers try to get a look at how they approach difficult problems.