Most of the times, the word ‘hacker’ is labelled with a negative connotation. Movies and TV shows have cemented the image of a hacker as a person with glasses typing away at a screen with green text. However, the world of hacking has much more to it than what we see in mainstream pop culture.
Hacking is characterised as being a cat-and-mouse game, where the big companies with lots of financial backing go up against an individual or group of hackers. Companies struggle to fix the security holes that are pointed out by hackers, while the latter try to find the next big exploit. However, there is a group of people standing in the middle of both these groups; white hat hackers.
The State Of Hacking Today
Contrary to popular belief, hackers are not all evil cybercriminals out to get your data. The term ‘hacker’ is a general umbrella for individuals who gain access to a computer system through exploits. Owing to the open-ended nature of code and many programming languages, it is possible to find a way into a complex system through one way or another.
Finding exploits and using them to gain access to an otherwise inaccessible system is known as hacking. Hacking can be used for either good or malicious purposes, leading to the bifurcation of the field into white hat hackers and black hat hackers.
In theory, the only difference between these two parties is that white hat hackers are given permission to access secured systems. Black hat hackers are not allowed access into these systems, but still get in anyway. In reality, the difference between them is separated by a thin ideological line.
Crossing The Line
White hat hackers usually start off as bug bounty hunters, who find exploits in prominent systems and websites for a bounty from the company operating them. While many bounty hunters continue with solving these solutions for bugs, most of them get picked up by an Internet company to work as a ‘security consultants’.
There exist individuals who have ‘crossed the line’ and have become black hat hackers. These individuals are the main turning force of the reactive method used to patch systems after attacks. Usually, a security cycle proceeds in this fashion.
The company releases a new product or update after extensive penetration testing by in-house hackers. Then, dedicated black hats find exploits in the software. Once notified of this, either by an attack, an attempt to attack or public disclosure, the exploit is patched by the company. Usually, black hat hackers go after the bugs that have the largest amount of potential bounty, leaving the company to take reactive measures after attacks.
White hat hackers are tasked with a practice known as penetration testing, which is the act of testing all possible attack vectors for a system. This not only gives a deeper look of the system itself, but also possible ways to exploit limitations in its architecture. This is a proactive method of protecting against cyberattacks, with the other being a reactive method.
The back-and-forth creates an interesting dynamic between white hats and black hats, one that is more than just action and reaction; an ideological barrier.
Black vs. White vs. Black vs…
This barrier comes from the attitude of hackers on either side of the spectrum. In a never-ending battle, white hat hackers fight against vulnerabilities exposed by black hats, while black hats fight for malicious purposes and monetary gain. In the case of finding an exploit, black hats will most likely use it as a foothold to launch an even more dangerous attack against the system. White hats will simply report it and fix it, making the system stronger against malicious entry.
Data breaches, Distributed Denial of Service attacks and theft of financial information are the mainstays of black hat hacking. This is mainly due to the monetary gain associated with them, as data can be sold on the dark web for money, while DDoS attacks can be performed as a paid attack for competitors of the target. However, one characteristic of black hats make them very different; bragging.
Black hat hackers have specialised forums on the dark web such as FreeHacks, which enable a transfer of information and sharing new methods to exploit systems. More than these purposes, such forums are used to announce when a big hack has been conducted, suggesting that many black hats do it for fame.
White hats, instead, stand for the protection of personal information and systems that contain them. They are the first line of defence against any malicious attack by black hats, and are against the ideas of malicious entry and data theft. Thus, this David and Goliath game continues, with the underdogs scoring ‘wins’ now and then while the giants continue to defend their fortresses.
One cannot exist without the other, and both parties are locked in an ever-growing battle with bigger stakes. Hackers on both sides continue to fight against each other, each side for their own ideas and goals, leaving a battle largely unseen by anyone else.