So, what is ethical hacking and what is an ethical hacker and is hacking legal? I’m going to tell you so stay tuned:
I am sure we’ve all watched a movie or TV show or perhaps even an advert that portrays hackers as being perhaps a bit cool (but nerdy at the same time) and (maybe it’s the nerd in me) we picture ourselves hacking into something too. Although I’m sure we’d probably get caught! Hacking groups such as Anonymous, who recently took down the websites of the White House, FBI, Department of Justice and others associated with Warner Music and Universal Music in protest over the closure of MegaUpload seem to get by quite nicely. I used to watch Painkiller Jane, which featured a hacker called Riley Jensen (played by Sean Owen Roberts) who could pretty much hack into whatever he wanted to. As he worked for a government agency it could be seen as legal hacking. Some might disagree.
I’m a big fan of ethical hacking.”Ethical what…? Isn’t that an oxymoron?” you say… What is an ethical hacker? An ethical hacker is someone who legally hacks into something in order to improve it’s security or test it’s vulnerability to being hacked or both.
Some more information can be found here:
Essentially the difference between a stereotypical hacker and an ethical hacker is that the stereotypical hacker is a computer criminal and an ethical hacker is a computer security expert (unless of course someone inadvertently hires a regular hacker to do legitimate security testing).
So, is hacking legal?
Well according to the following sources, yes, ethical hacking can be:
How do I become an ethical hacker?
I’m inclined to think the best way to catch a hacker is to be one yourself, an ethical one of course. So how would you do this? You can become a certified ethical hacker by visiting http://www.ethicalhacker.net/content/section/1/3/ or https://www.eccouncil.org/certification/certified_ethical_hacker.aspx
What is BackTrack Linux?
It’s a penetration testing, security auditing, digital forensics linux distribution/operating system based on Ubuntu Linux Operating Sytem.
BackTrack Linux resources can be found at their official site, including the operating system itself, which can be downloaded as a VMWare virtual appliance or ISO in both 32-bit and 64-bit versions for GNOME and KDE desktops environments. You can install it, run it off a thumbdrive or as a Live DVD. The latest release is BackTrack 5 R1, which was released on Aug 18th, 2011 .
BackTrack Linux Resources:
- Homepage – http://www.backtrack-linux.org/
- Downloads - http://www.backtrack-linux.org/downloads/
- Tutorials - http://www.backtrack-linux.org/tutorials/
- Training- http://www.backtrack-linux.org/information-security-training/
- Wikipedia Page - http://en.wikipedia.org/wiki/BackTrack
- BackTrack on DistroWatch.com - http://distrowatch.com/table.php?distribution=backtrack
How popular is BackTrack Linux?
If you are wondering how popular BackTrack is, then read on:
- According to Alexa.com their website has a global rank of 19,490 (meaning it’s the 19490th most visited website in the world out of an estimated 366848492 websites as of December 2011).
- It has 3,802 websites linking back to it.
- The site has a PageRank of PR5 according to PR Checker.info and CheckPageRank.net
Who would hire an ethical hacker? Does such a thing affect me in anyway?
Probably a bit of a touchy subject as from my research into writing this article, a lot of them are ex-hackers or currently still hackers! TechRepublic has a good article on hiring hackers, which you can read at http://www.techrepublic.com/blog/security/hiring-hackers-the-good-the-bad-and-the-ugly/4209
Here’s a list of places I can think of may need services from an ethical hacker (if you think of more, let me know in the comments section below):
- Banks – especially ones that are networked to each other over the internet, even via secure VPNs and ones that offer online banking.
- Online payment systems – just imagine a world where PayPal gets hacked and your money, account details etc. are stolen
- E-stores – most sites offering online payments, bookings etc. need to ensure their sites are secure
- Governments – to protect sensitive information stored on their servers
- Schools, Colleges, Examination boards etc. – what would happen if someone got hold of exam papers before the exams were scheduled to be written
- Law-enforcement agencies – The Christian Science Monitor suggest the best way to stop hackers is to hire an ethical one
- Individuals – to protect your presence online. Just remember, if someone hacks your Facebook account and you have your address, telephone and/or cellphone numbers, they may be able to use that combined with other information from you to use your credit/debit card
- Generally any business, NGO, non-profit etc. – to protect company documents, financial statements etc.
I would say, we are all probably better off having ethical hackers testing the websites and services we use for vulnerabilities and security lapses.
Some resources on ethical hacking jobs in case you think I’m joking:
InfoSec Island suggests some ideas here - http://infosecisland.com/blogview/3880-Certified-Ethical-Hacker.html
The Christian Science Monitor article I mentioned earlier - http://www.csmonitor.com/2006/0621/p07s02-woeu.html
Can ethical hacking tools such as BackTrack be used for non-ethical purposes?
Yes they can. In fact, according to http://www.net-security.org/secworld.php?id=12264, who says , “Once again, Anonymous is using the low orbit ion canon (LOIC) to DDoS websites. This tool was developed by white hat hackers to stress test websites.”
At the end of the day the term “ethical” is rather ambiguous. To some, Anonymous’ take down of the FBI website for instance in reponse to the closure of MegaUpload can be considered ethical and warranted…I don’t think law enforcement would agree. The FBI managed to arrest some of Anonymous’ hackers back in July 2011 according to http://www.theatlanticwire.com/technology/2011/07/fbi-confirms-arrests-anonymous-hacking-case/40153/. Obviously Anonymous is still functioning in light of the recent attacks in January 2012.
Do you think the world will ever be able to stop hackers, legal or otherwise? No ways! So long as there are stereotypical hackers there’ll be ethical hackers too…The two are “symbionic” I would say.
p.s. In a later article, I’m going to show you how you can protect yourself from hackers by securing your PC or Mac, phone etc. as well as your website login details…Check back soon!