Ethical hacking is getting more and more popular in the 21st century. As opposed to “black hat” hacking, ethical (or “white hat”) hacking is about using computer hacking skills in order to identify network security vulnerabilities and patch security holes before anyone can abuse them. Basically, this is why ethical hackers are employed.
Learning how to hack helps information security professionals implement the strongest possible security practices. It’s as much about finding and fixing security vulnerabilities as it is anticipating them. As you learn more about the methods hackers use to infiltrate systems, you’ll be able to preemptively resolve issues; if you don’t understand how black hat hackers could get into your systems, you’re going to have a hard time securing them.
Think of it this way: a computer network is like a yard with a fence to keep people out. If you’ve put something valuable inside the yard, someone may want to hop the fence and steal it. Ethical hacking is like regularly checking for vulnerabilities in and around the fence, so you can reinforce weak areas before anyone tries to get in.
Famous “black hat” hackers
Vladimir Levin is a Russian-born Jewish individual famed for his involvement in the attempt to fraudulently transfer US$10.7 million via Citibank’s computers. However, his career as a hacker was only short lived, with a capture, imprisonment and recovery of all but $400,000 of the original $10 million. During Levin’s 1997 trial in the United States, he was said to have coordinated the first ever internet bank raid. The truth is Levin’s ability to transfer Citibank client funds to his own accounts was possible through stolen account numbers and PINs. Levin’s scam was a simple interception of clients’ calls while recording the punched in account numbers.
Albert Gonzalez is a computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007—the biggest such fraud in history. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, allowing him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million found in plastic bags placed in a three-foot drum which had been buried in his parents’ backyard. On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.
16-year-old black hat hacker Jonathan James, became the first juvenile imprisoned for cybercrime. James gained his notoriety by implementing a series of successful intrusions into various systems. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.”
James’ major intrusions targeted high-profile organizations such as NASA and the Department of Defense. He cracked into NASA computers, stealing software worth approximately $1.7 million. He also hacked into the Defense Threat Reduction Agency and intercepted over 3,000 highly secretive messages passing to and from the DTRA employees, while collecting many usernames and passwords. Also known as “c0mrade,” James committed suicide using a gun, On May 18, 2008, at the age of 25. His suicide was apparently motivated by the belief that he would be prosecuted for crimes he had not committed. “I honestly, honestly had nothing to do with TJX,” James wrote in his suicide note, “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
Ethical hackers’ job is to make sure there are no vulnerabilities in a given computer network. There are more and more demand for “white hat” hackers. What about the average salary? The average payout to a Certified Ethical Hacker is $71,331 per annum. The salary ranges from $24,760 to $111,502, with a bonus payout between $0.00 and $17,500. Thus the total salary is approximately between $24,760 – $132,322.
Check out the fantastic TAD talk on ethical hacking presented by Jennifer Arcuri ‘Why Ethical Hacking is so important in the 21st century economy’