September is a month filled with internationally celebrated technical-based days, considering this, we thought we should go back to basics on some of these topics.
One of these upcoming days is: The Civic Day of Hacking #HackForChange (18th September 2022).
Hacking, hackers, and being hacked are terms that are widely used however not everyone is aware of the meaning of these terminologies or how they work, in this article we will cover the fundamental basics of hacking and the different types.
Hacking
Hacking in the technological and computer-based world can be defined as “Playful solving of technical work that requires deep understanding, especially of a computer system.“ and “Unauthorized attempts to bypass the security mechanisms of an information system or network.“–
Wiktionary (Wikipedia)
Hackers have been around for decades, however as previously discussed in several of our blog articles with the ever-increasing use of technology and the reliance on technology to hold, store and manage data, hacking has become an increasingly significant threat and issue to those using it.
As with most things, there are negative and positive aspects of hacking and there are three main types of Hacking, categorized into ‘Hat Colours’.
Black Hat – The Dark/Bad Hacker
Black hat hackers are the hackers who infiltrate systems without asking for permission, and they do it for personal gain, financial gain or to sabotage a system, these are the types of hacks that make headlines across mainstream news networks, and organizations fear.
Typically, hackers would hack with the intention to impress other hackers within their community when not motivated by monetary reasons. When a hacker infiltrates a system known to have strong levels of security systems/ defenses, they gain the praise and respect of other hackers. On occasion, however, such impressive skill sets can attract the attention of individuals/groups who use want to use such skills to exploit vulnerabilities to steal information for profit, known as Black Hat Hackers.
Black Hat Hackers commonly programs malware, viruses, and ransomware attacks to:
• Gain/steal sensitive data and information and give/ sell it to another party
• Steal identities/credit card information
• Steal money from bank accounts
• Leak sensitive information to the public
• Disarm an organization or company’s IT system by taking control of it and then demanding money in exchange for giving them control again.
White Hat – The Good Hacker
White Hat Hackers hack for defence, and for the benefit of others. They hack for organizations with the intention of finding and solving security vulnerabilities within organizations’ systems. This form of hacking and white hat hackers provides crucial cybersecurity services to defend companies from the types of attacks listed above.
White Hat Hackers always obtains permissions before infiltrating when a Black hat hacker invades without ever asking, white hat hackers typically hack in order to:
• Find vulnerabilities within an organisation’s security and IT infrastructure including coding of web applications.
• Discover weaknesses in databases that could leave a company vulnerable to SQL attacks.
• Test if an organization is strong against distributed denial of service (DDoS) attacks
• Test the strength of firewalls and backup systems.
• Test how well an organisation can recover from a ransomware attack.
Grey Hat – The Grey Area
Grey hat hackers may not have malicious intentions, however, many consider their practices to be less than ethical depending on the intention of the hack. The typical gray hat hacker hacks for respect but it has been said that the grey hat hackers are activists who are passionate about hacking with neither a good nor a bad intention.
Grey hat hackers do not usually obtain permissions before infiltrating a system and usually hack for the following reasons:
- The hacker attacks your system and finds a vulnerability, then brings this vulnerability to the organization’s attention and offers to fix the issues for a financial price.
- Grey hackers can hack specific organizations to gain information to then release to the public in the form of activism.
A famous example of Grey Hat Hacking is how Grey Hat Hacking gained its name. In 1996 Hacking group Lopht gained access to Tech Giant Microsoft systems and showed them various cracks they were not aware of; these were then resolved, and Microsoft securities improved.
Grey Hat hackers create pose a series of difficult questions regarding the morality and ethics of their type of hacking and pose several questions:
- Do you reward the hacker’s deceitful tactic by paying them to fix the problem?
- Do you reject their offer on principle but leave the vulnerability in place?
- What other vulnerabilities exist in your system?
- Do you disregard the information made public due to the way the information was obtained, even if the information could be true?
Hacking has become a huge aspect of the technology world in both a positive and negative manner, whilst hacking is a major threat to technology it is also a positive tool used to strengthen and enhance cyber securities and cyber defences worldwide.
Due to living in such a technologically driven world, more than ever people are being encouraged to look at technological-based career choices and there is a demand for ethical “White Hat Hackers” within this industry, and with more data and information being managed, stored and cloud based these securities are more important than ever
In our next article, we will discuss the fundamentals and basics of programming and programming language, code.