Ethical Hacking -Which Hat Are They Wearing?
Article by Rick Leinecker, March 3, 2008

All hackers are bad, right? I guess it depends on who you talk to. But a group of ethical hackers has arisen in response to the monumental task of keeping the Internet safe. Yes, they are hackers. But their purpose is ethical.

Ethical hackers roughly fall into three groups: lone wolfs who identify vulnerabilities, specialists who are hired to find vulnerabilities, and computer security professionals who need to learn hacking so that they can effectively defend against it. There is some overlap between these groups.

The lone wolfs spend time identifying vulnerabilities in network and Internet resources. They use the standard tools such as port scanners to identify the vulnerabilities. Once they find problems, they carefully document them and understand all of the ramifications. They then notify the appropriate authorities and report the issues. This group spends time doing this for various reasons. Many of them enjoy the bragging rights, many feel a moral responsibility, and many just want to learn more about computer security.

The professional specialists are hired by entities to find the holes in their system before the bad guys find them. If you can hire ethical hackers to find where the problems are and report them to you, then you won't have to suffer the consequences of an attack. There are schools that teach ethical hacking, and there are quite a few books that teach ethical hacking. You can learn the skill if you are willing to put forth the effort.

The last group includes network administrators and everyone whose responsibility includes keeping a network safe. This group stands the most to lose if their network is compromised - their job. So they make sure they understand how to hack in order to better protect their network.

But there is a real dilemma in teaching ethical hacking. What happens if a skilled ethical hacker decides it's more lucrative to be on the other side? What happens if an ethical hacker stumbles into an area that contains proprietary information that can be sold? All of these temptations are real. And it's for this reason that most ethical hacking courses carefully vet the attendees. They want to make sure that they aren't teaching people how to hack who have previous records.

I face the same issue in my computer security classes. I have to teach them the basics of hacking as part of their education. But there is always a danger that they'll take the information and run with it and get into trouble. I stress the ethics of computer security in my classes, and hope that this keeps them honest.

Ethical hackers help keep the Internet safe - let's hope they keep their white hats on.