The hacking world is no different than any other: it has its good guys and its bad guys. In hacking parlance, they’re known as the white hats and the black hats. The pair have been locked in mortal combat since the beginning of coding. Here’s how you can tell them apart.
In the media and in urban legend, there is a villain behind every hacker. But that’s not the reality and we need to unpack the simplistic stereotype projected by the media images. Not every hacker is a geek with bad intentions, pumped up on Red Bull, concocting schemes and malware in his basement.
If no one has managed to break into your bank account so far, it may be because of the ethical “white hat” hackers working to protect your personal info and the data of many businesses around the world. The same goes for your computer: if it has not been taken hostage by ransomware, that may also be because of the white hats, experts in computer security who have chosen to use their hacking powers for good rather than evil. These are all-round good guys who have accepted the mission of foiling the intrusive stratagems of their mischievous twins, the black hats who dream of constructing a new economic order.
Black hats and white hats both hack into computer systems. How to tell them apart?
Regardless of which side of the barricade they’re on, hackers spend their time trying to break through (virtual) barriers. The black hats try to gain unauthorized access to software, systems and servers in order to unlock data they’re not supposed to have, for fun or more often for profit. With ethical hackers, it’s a different story.
While there can be a grey area when white hats approach or step over the line, their break-ins are normally authorized in advance and carried out to help society, not undo it. Often they have been contracted by a business to find flaws in its systems but some white hats work for the greater good through bug bounty programs, fully supervised, fully legal hunts for software vulnerabilities through which companies such as Google, Yahoo! and Facebook crowdsource the search for bugs and sometimes pay handsome rewards, depending on the nature of the reported flaw.
Unlike the black hats, who operate on the wrong side of the law, the white hats are out to fight cybercriminals and to help the black hats’ targets secure their computer systems in order to prevent or at least minimize harm. Their M.O. is “offensive security,” a strategy based on the truism that the best defence is a good offense. They try to:
- locate flaws and weak points,
- and sometimes exploit them in order to see how they work,
- and help develop an effective fix.
Not just anyone can do the white hat!
However, to be accepted into the white hat community, a person needs to be mature, highly qualified and have hacking expertise. The ethical hacker’s methods and tactics require advanced computer skills and proficiency in specialized tools, including frameworks such as Metasploit, vulnerability scanners and denial of service attacks.
In some cases, white hats have to act as mediators within the organization or business that hired them and advise them on how to fend off social engineering attacks. In the context of computer security, social engineering means the use of psychological manipulation to get people to divulge sensitive or confidential information. For example, as fans of the Mr. Robot television series (available on Club illico) know, tools such as the Social Engineer Toolkit can be used to launch phishing attacks from fake email addresses, counterfeit websites or hacked hotspots, something that has become very common.
It is often said that humans are weak link in the chain when it comes to cybersecurity. The larger half of successful attacks do in fact use psychological techniques. Proceed with caution when you see sketchy emails in your inbox.
Never, ever enter your bank card number or other information without checking the source of the message to make sure it’s authentic, even if it says the fate of the world is in your hands. In 99.67% of cases, it’s a con job.