What is Ethical Hacking?
In this article we will take a look at what Ethical hacking is, the things pen-testers do, and the kind of people who do it.
Hacking
Ask most people what Hacking is, and they will tend to give you something along the lines of this dictionary definition.
Hacking: the activity of using a computer to access information stored on another computer system without permission, or to spread a computer virus 6
While this has some truth to it. An alternative (and I think a better) definition of Hacker is that in RFC1392
hacker
A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where "cracker" would be the correct term. See also: cracker.
The Jargon File
This is also a pretty close definition to that found in the original Jargon File
Its well worth a read if you are interested in how and where some of the terms we use come from.
So my definition is somewhere between the two:
A person that make use of advanced knowledge of computers and computer systems, to gain access to systems, information, or functionality that may not be directly available.
I suppose the key element of this is the advanced knowledge, Fatima may have a glittering career "In Cyber" (she just doesn't know it yet) from their previous job as a Ballet Dancer, but its going to be hard work. While a lot of systems are scarily insecure, you still need some knowledge of what's going on in the background to break into all but the most trivial problems.
Ethical Hacking
While its clear that the public perception of Hacking is an illegal activity. Ethical Hacking (or pen-testing) is legally breaking into computer systems to test an organisations defences.
While the pen-testing side gets a lot of focus when it comes to cyber-security, its just one of many sides to the security story. Other elements include incident response, digital forensics, cryptography and network security. (Personally, I think its the best part of "Cyber". You get paid to solve technical puzzles, and try to break into computer systems, without getting arrested).
It also gives you the chance to play with some pretty awesome Computer Science concepts. While its true that a lot of security flaws in systems are simple mistakes. Some require a deep understanding the many underlying technologies and process that make a computer system.
We can break a pen-test into several stages:
- Setting Scope and Rules of Engagement
- Intelligence Gathering and Reconnaissance
- Exploitation / Post Exploitation
- Documentation
- ...collect pay packet
We will go into these in more detail in the next week.
The Ethical Hacker
So now we have introduced Ethical Hacking as a concept, what about the people who do it. An ethical hacker can be described as:
A computing and networking expert who systematically attempts to penetrate a computer system on behalf of its owners for the purposes of finding security vulnerabilities that a malicious hacker could exploit. 1
A good ethical hacker will need to know about a wide range of technologies, from web development, through to OS fundamentals, and apply this knowledge to break into systems.
The kind of technical topics that a good ethical hacker would study include:
- Operating Systems
- Computer Architectures
- Network Protocols (TCP, UDP, HTTP)
- Web Development (HTML, JavaScript)
- Programming
- Social Engineering
As well as the technical aspects, there are also a set of "soft skills" that a hacker will have
- Problem Solving
- Patience / Persistence
- Thoroughness
- Communication skills
A lot of the time the success of an engagement will depend on the how through the initial information gathering stage is. Success may not depend on "technical genius", but instead identifying a potential flaw through a deep examination of the system, and making use of it5.
Equally, the customers view of the success of the engagement will be shaped by the way you explain the findings to them.
Note
This can be a bit of a problem, and can lead to a bit of a "jack of all trades" problem. Some attacks may need detailed, specialist knowlege on a topic to complete (or design), and keeping up to date with this knowlege can be hard.
However, having a good understanding of the theory behind how things work,
can help you deal with this.
For exmaple, we might not need to have the deep knowlege required to
develop a kernel exploit, but enough to understand how to make use of it.
(Think of this like cypto, the maths behind stuff like RSA is crazy hard to master, but we can get away with a understanding the core concepts behind it.)
The techniques and approaches used by Ethical Hackers tend to follow those used by our less ethical cousins. Part of the job is to be able to demonstrate that a site or service is secure against attack by a malicious hacker. Therefore, we need to use the same techniques and approaches (within reason).
However:
- We have Permission (its part of the Job).
- We document the processes involved3.
- We recommend solutions to improves security.
- We work with a Legal and ethical framework.
The Hacking "Hats"
Having talked about the Ethical and (Non Ethical) hackers, lets cover one more bit of terminology.
We tend to categorise hackers using the different coloured "Hats"4
- White Hat Hackers
-
Are the "good ones". These are the career penetration testers, assessing a systems security as part of the paid penetration test, or a formal bug bounty program. The financial reward for the white hat comes from the day job, payed by the company they work for, (or more recently through bug bounty programs)
A white hat hacker will help an organisation discover flaws in its software and systems, and provide advice on how to address the issues they find.
- Black Hat Hackers:
-
Are the opposite end of the spectrum. Your back hat hacker will attack systems without permission, and for personal fun or profit.
Your Black hat will tend to focus on making money from the systems they break into. For example, through Identity theft, or stealing and selling financial details.
- Grey Hat Hackers:
-
Obviously not everything is 100% good or bad. Grey hat hackers fit somewhere between the two extremes.
Perhaps they might attack a system without permission of the organisation. But rather than use a successful attack for profit, inform the organisation under responsible disclosure.
When it comes to getting paid, the grey hat may benefit from bug bounty programs, or could take a slightly more dubious stance of informaing an organisation of a problem the offering to fix it for a "fee".
- Script Kiddies:
-
Apparently these folks don't wear hats. Your typical script kiddie will attack systems, but without really understanding how (or what) they are doing.
Your typical script kiddie will use someone elses code to try to attack a system. Sometimes they are successful, sometimes not.
Question
So does using tools like Nmap, or Linpeas (its someone elses code right) make you a script kiddie? Is this a bad thing?
It all depends on the context, the scripts are excellent tools for helping, but if you can't do anything without them you are going to have a problem moving further in your career. The scripts are great to help push you in the right direction, but you will still need to apply some understanding.
- Blue, Red and Green Hats:
-
Depending on who you talk to there are also several other types of hat. Though quite what the hat colour represents can differ.
-
Blue Hats: The main definition of this term seems to be a more extreme version of a black hat. These folks are out for pure revenge or malicious intent against those they think have wronged them rather than any financial reward.
-
Red Hats: The flip side of the blue hat. These guys go actively targeting black hats, attacking and trying to damage their systems. Think of them like the hacking version of Batman (without the spandex, but with all the moral issues surrounding vigilante justice)
-
Green Hats: New hackers just starting out on their careers.
These folks are all about learning, spending time taking part in CTF, taking courses or reading and learning about security
-
Discuss: Grey Hat #greyhat
The whole Grey hat is a fascinating thing. We could argue that you could claim to be "Doing it for good" if you get caught?
Can you think of any cases where what seems like a reasonable attempt at responsible disclosure has ended in attempted (or actual) prosecution?
Also with the increase in organisations now offering bug bounty programs, are all the grey hats who do responsible disclosure now white hats?
Hacking as a Science
Unfortunately, your job wont be done after you break into the system. Just telling, the customer "Yeah I P0wnzd it using Death Whippet" isn't going to get you paid (or employed for very long).
You are going to have to provide a report and analysis of your findings. Explaining, the flaws you have found in the system, providing analysis of their impact and making suggestions for mitigation2
This is where "Ethical Hacking as a science", comes into play. Science is the systematic study or a system and its behaviour and forms a testable explanation of its behaviour.
One of key thing about science, is it should be repeatable. For this to happen we need good documentation of the methods used, and the details of the system under study. This is where note taking becomes important during the hacking process (even though it can be a pain at the time). This makes writing that final report on the attack much easier.
You also need to do a bit more than just report the results. You will be expected to show some analysis and discussion of the findings. How have the steps taken improved your understanding of a system> Why have you taken a certain approach?
Tip
Its really going to help in the coursework, if you get into the habit of keeping notes.
Personally, I like using a text-editor and GitHub to keep track of things. However, how you do it is up to you, I know some people who use a paper and pen, others make use of online platforms to record the details.
Summary
In this article we have introduced the topic of hacking, and defined some of the key terms we are going to use. We have also looked at Ethical Hacking, and discussed some of the skills that will be useful for this career. Finally, we introduced the main "types" of hacker and discussed the hacking Hats.
References
What is Ethical Hacking CS Online
-
What is an Ethical Hacker search security. ↩
-
Doesn't that sound just like Coursework 2? ↩
-
I am pretty sure that a black hat has to do a lot of documentation too. I know I couldn't keep track of what I do if I didn't keep notes. I imagine much less formalised though. ↩
-
The White Hat -> Black Hat thing comes from the old western films. Notice how John Wayne (who is obviously a good guy) always wears the big white hat, while the bad guys are all dressed in black. ↩
-
At times the "Try harder" response irritates me. But it does have some truth to it. If you cant find the flaw then you haven't looked properly and need to look again. However, this as a response to learning about problems its flawed, how does the newbie hacker know what to try harder at? ↩