When you think of hackers, you probably imagine someone with a mask on in a dark room plotting to overthrow major corporations, break into bank accounts, and generally control the internet. You know, Mr. Robot style.
There are actually three types of hackers. There are black hat hackers, who infiltrate systems to plant malware and exploit system vulnerabilities for their own personal reasons. Then you have the opposite, and they are the white-hat hackers. They seek out vulnerabilities in systems to fix them. Finally there are gray hat hackers, who may dabble a little in both. There are also a few other hats hackers can wear, which we’ll get into here.
Let’s dig into ethical hacking
Have you ever heard of white hat hackers? They’re pretty much cyber super-heroes, fighting cyber pirates and cyber attacks 24/7. They engage in ethical hacking, which is super important for the security of all the online systems we use in our everyday lives.
Ethical hackers are hired to hack systems and figure out the holes that evil hackers - i.e., pirates trying to steal data or bring down a system - could use. They find the flaws and fix possible weak points to prevent system break-ins.
Think of it like trying to break into your own house before going on a long vacation. You’ll want to be sure that there aren’t any windows left open, and that the doors are all locked. That’s basically what ethical hackers do for technology systems. And they’re extremely valuable!
Types of ethical hackers.
The internet is a massive space, with many specific networks and systems. That means there are a number of paths you can follow if you’re interested in becoming an ethical hacker (remember, they are very valuable!).
Blue-hat hackers are hired by organizations to bug-test new software system networks before they are released. They find the loopholes and weaknesses, and fix them to keep criminals out.
Red-hat hackers work for government agencies to test security systems. If you’ve ever had to login to pay your taxes or use a pin to access a government account, you know red-hat hackers have vetted that system intensely. These guys and girls even use black hat tactics to take down cyber criminals.
Both of these types of hacker fall under the umbrella of white-hat. The main difference is that the Blue-hats work for private companies and the Red-hats are government contractors. The good news is that if you want to be a White-hat hacker, either path you take will be very lucrative (show me the money!).
There are some rules to staying ethical…
To stay White-hat and not go gray , ethical hackers need to follow a few general guidelines. First, they must explain their plan to the organization or government they are working for, and obtain complete authorization to do the work.
Once they get started, they must report all security breaches or vulnerabilities found. You can’t find a breach and then save it for yourself for later! Similarly, everything you find needs to stay confidential. Non-disclosure agreements are key. Finally, they have to leave the system cleaner than they found it, with no traces they were ever there.
So what kinds of things do ethical hackers look for?
Like we said, the internet is a vast space, so the needs that each organization or governments have can be totally different. As an ethical hacker you’ll need to ask yourself a few questions:
What is the security situation like? Why were you called?
What tech stack are the teams working with? Which programs and platforms are they using?
What technology is in place? You’ll need to know about any applications, operating systems, software, etc.
Once you have a good understanding of the situation, you can start looking for vulnerabilities. In general you’ll start by trying to get through any security solutions that are in place. Be sure to make sure you are hacking the most up-to-date version of any solution.
Then, just start breaking into everything! There are so many different systems out there that the process can be complicated and may force you to learn new skills to break systems that have upgraded their security and privacy systems. You may have to work with internal teams to understand where they perceive possible vulnerabilities, and read up on past breaks. Ethical hacking means constant learning both on and off the job.
The five steps of ethical hacking
There are five stages that ethical hackers go through when they do their daily work. Unsurprisingly, they are the same steps that black hat hackers use, since they have to be on the same wavelength! White hat hackers need to follow the same mindset that black hat hackers use to protect the organizations they are working for.
The first step is usually research or reconnaissance. This is the first phase, as mentioned before, where the hacker needs to gather information about the target organization and identify areas that might be vulnerable. The first part of this phase is dumpster diving, which is when the hacker finds important information like old passwords that are stored in the system, identifies important employees within the networks and gets a deep idea of how all the systems function. Then, the hacker engages in footprinting to gather data on the security situation, and minimizes the scope of work by identifying the most important IP addresses and drawing a network map. This may involve mirroring a website and using search engines to find out about the organization, and investigating current employees in case of impersonation.
Then, step two involves scanning. There are three methods to engage in scanning: pre-attack, port scanning or sniffing, and information extraction. During pre-attack, the hacker scans the network for details they found during the reconnaissance phase. The port scanning or sniffing phase involves using dialers, port scanners, and vulnerability scanners to gather data. Then the hacker collects information about ports, live machines and operating system details to launch an attack.
Steps three and four are simple. First, the hacker gains access to the system, applications and networks and gains control of the systems. Then, they secure access and launch an attack targeting specific system vulnerabilities. The last step as mentioned before is covering their tracks. The hacker must hide their access from system administrators by clearing the cache and cookies, adjusting log files and closing open ports.
The value of ethical hacking
As we’ve mentioned more than a few times, ethical hacking is an extremely lucrative profession. Companies invest millions of dollars per year to secure their systems from Black and Gray-hat hackers.
Companies like Google, Meta and Microsoft hold events that are called “bug bounties” where they invite hackers to try and get into their systems. The hackers that find bugs and infiltrate systems are given rewards. Governments and states have used the same tactic.
It’s kind of a weird concept to pay people to break into your house. But that just shows you the value that companies with major budgets place on their security. Sometimes they actually hire the hackers on the spot. Hackers are basically being crowdsourced. But can they be trusted?
How do you become an ethical hacker?
Start with the obvious. Check your ethical track record. If you have a history of cybercrime, it’s not going to work well for you. Make sure your resume is squeaky clean. Then, you’ve got to get hacking!
You need to gain an understanding of both wireless and wired networks, and learn operating systems like Windows and Linux. Study firewalls and different filing systems and permissions. Of course, strong coding skills are also critical. Plus creativity and a spidey-sense. You’ll need to be steps ahead of the bad guys, and anticipate how they think!
You’ll also need to consider what it is you want to achieve, and why cybersecurity is the path you want to take in your professional technical development. Think about where your strengths are now, and what aspects you will need to hone to achieve your goals and stay ahead of the bad guys. While a college degree may be helpful as you get into ethical hacking, this is a career that is going to require constant knowledge innovation. Short courses to plug the gaps in your current knowledge will always be important so that you are a few steps ahead of the black hat hackers who are learning as they go. Invest in your professional development and you’ll stay competitive within the hacker pool.
Where do I sign up?
A great way to get started is with a Cybersecurity Bootcamp! It will give you the skills you’ll need to land a job in the growing cybersecurity industry. You’ll gain knowledge in one of the fastest growing areas in technology. And you will definitely get a massive return on your slight investment! The bootcamp lasts either 12 or 26 weeks, depending on your schedule, and you can choose to learn online or visit one of our amazing campuses. We’d love to have you on campus in Barcelona, Madrid, São Paulo, Mexico City, Lisbon, Berlin, and Paris!
When you invest in your professional development and education with an Ironhack bootcamp, you get so much more than just a certificate saying you are a cybersecurity expert. You’ll get access to an engaging community, you’ll also get super helpful career services and invitations to exclusive tech events that will catapult you as a cybersecurity expert.
You will literally become a cyber super-hero, and work your creative muscles as you stay steps ahead of black hat hackers to protect governments, institutions, and private citizens’ data and money. This is such an exciting career path to choose, and there is definitely a lack of trained professionals. Which means you are going to bring incredible value with your cybersecurity skills. Power-up with a cybersecurity bootcamp now!