The terminology around ethical hacking is confusing as terms mean different things according to their disciplines, and often these terms are used interchangeably.
For instance, the technical world distinguishes between a hacker and a cracker, whereas the mainstream media lump both terms under the umbrella of hacker. Expressed differently, the distinction is sometimes made by refer- encing “black-hat,” “grey-hat,” and “white-hat” hackers. For clarity, these terms are defined below:
Hacker: “A person who delights in having an intimate under- standing of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where ‘cracker’ would be the correct term.”
Cracker: “A cracker is an individual who attempts to access computer systems without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system.”
Black-hat hacker: (also referred to as a cracker), is “someone who uses his computer knowledge in criminal activities in order to obtain personal benefits. A typical example is a person who exploits the weaknesses of the systems of a financial institution for making some money.”
White-hat hacker: “Although white hat hacking can be con- sidered similar to a black hacker, there is an important difference. A white hacker does it with no criminal intention in mind. Companies around the world, who want to test their systems, contract white hackers.”4 They will test the security of a system, and are often hired to make recommendations to improve such systems.
Grey-hat hacker: “A grey hat hacker is someone who is in between these two concepts. He may use his skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills in order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment they cross that boundary, they become black hat hackers.”
People who participate in ethical hacking do not fit neatly into set categories. The differentiation, however, between hackers, crackers, and hat colours plays little importance when looking at these concepts from a legal perspective. Any form of unauthorized access, modification, or impairment of data, network, or computer is a crime. There are no exemptions in most jurisdictions; hackers and crackers alike rely on the discretion of law enforcement as to whether to prosecute or turn a blind eye. Another fallacy in classifying hackers is that an individual falls solely into one definition. Each attack must be individually characterized, not the individual behind the attack.
For example, you might have a hacker who predominantly breaks into systems to learn, sometimes she might even fix a security flaw in a system. The same hacker might also break into a system to collect data on individuals who are actively engaged in child pornography, and then make this data publicly available to law enforcement and the public. Yet this same hacker might also accept a fee to break into a corporation’s (one they may view as unethical) database and steal a trade secret that is handed over to a competitor. Each of these examples involves unauthorized access. The difference with each attack goes to intent and motive, and involves the individual’s subjective notion of what is ethical or moral. Ethical hacking, therefore, is difficult to define.
Published on Tue 02 January 2018 by Bill Chambers in Security with tag(s): hacking ethical