The job of an ethical hacker is to uncover weaknesses or vulnerabilities in a computer network to help that company to protect itself from less ethical hackers. The so-called black hat hackers may be looking to steal data such as credit card numbers, damage or destroy the network system, or otherwise disrupt the inner workings of a network. It may seem like an impossible task, but there are some high profile examples that reveal how it can happen, and that it is not a new phenomenon.
Wikipedia gives an example, dating back to 1903 when an early demonstration of a wireless telegraph system was disrupted by a hacker who sent apparently offensive Morse code messages through the projector instead of the intended message. We might laugh at the stunt today, but at the time it was a scandalous incident. Hackers can have different agendas, some as simple as seeing whether they can achieve their task of interfering or disrupting a system without necessarily intending to harm or destroy the data they are trying to access. Some early hacker stunts were carried out by now famous computer designers including Steve Jobs and Steve Wozniak. Their now well-known exploit was to develop a blue box that could reproduce the signal sent along phone lines to connect calls. The blue box fooled the system into believing it was a legitimate telephone line connection. In this way, the hackers could bypass the routers and make their phone calls for free. Jobs and Wozniak were successful in their black hat venture, and even ran a small business building and selling blue boxes to students at the college they briefly attended.
Some ethical hackers have helped to alter how we manage and navigate our computer systems dramatically. For example, as frustrating as many of us become with using minimum six character passwords that include upper and lower case, numbers and special characters, these small changes help to ensure that our personal data remains personal. Ethical hackers have helped in other areas, too. One famous hacker, known as Barnaby Jack, worked on devising security around insulin pumps and pacemakers. The vulnerability of the system was first revealed by another white hat hacker, Jay Radcliffe. His revelation and the work of Barnaby Jack prompted the Food and Drug Administration to improve its security around electronic medical equipment. And as our very homes become increasingly managed and monitored by electronic gadgets, the work of ethical hackers will become an increasing imperative to keep them―and so us―safe.
Dan Kaminsky is another white hat hero. He discovered that the domain naming system used for the entire Internet contained a flaw that could allow fake domain names to be created, allowing their creators to wreak havoc across the World Wide Web potentially. His work has made him famous; today he works for White Ops, a private company that specializes in javascript malware activity.
Ethical Hacking Training Resources (InfoSec)
One of the main challenges that come up when security issues are revealed through penetration testing, whether by white or black hats, is that the vulnerabilities are now exposed to any person tempted to exploit them. One example is when a vulnerability in the subway transit system in Boston was discovered by three MIT students. The flaw showed people how they could top up their fare cards for free, potentially causing hundreds of dollars in losses on each fare in the transit system. The students published their results, but transit officials were not pleased. The MIT students who revealed the flaw were sued by transit authorities but eventually settled their dispute out of court. And the paper was published.
As we move to automated vehicles, homes entirely run by computers, and human bodies depending on miniature computer chips to keep them alive the issues and challenges of hackers become more visible. Penetration testing and even the software that facilitates its use help to reveal potential vulnerabilities in all kinds of computer systems, but they also show those same issues to the people who would exploit the weaknesses to their own, sometimes diabolical, the end. The fact remains that as we go digital ethical hackers will be needed to help detect and deter what black hatters want to uncover and exploit. Who will win may be up for debate.