The word ‘hacker’ used to mean an online criminal. Nowadays, it’s practically a job title.
We’ve all heard this one before: 18-year old hacker gets busted for virtual break-and-enter. A few years later, he’s travelling the world and making big bucks as an expert on network security.
Not too long ago, companies were pretty discreet about hiring former hackers. But things have changed. Once a few companies realized that hiring a reformed hacker could improve their security, many others had a different idea.
They went out and found people who could do the same thing, but didn’t come with the baggage of a shady past. This happened more and more over the years, and by now, with thousands of people hacking for the good guys, ‘hacker’ isn’t such a bad word anymore.
Pick a hat. You’ve got three choices.
Ever heard of “white hat” hackers and “black hat” hackers? As much as it sounds like good guys vs. bad guys, it’s not that simple. Especially when you throw “grey hats” into the mix.
Here’s a pretty generic look at the differences:
– White hat: Someone who will try to think like a hacker, probing a company’s network and software to find weak spots, for instance. Generally, it’s someone who looks for vulnerabilities in all sorts of systems and plays the part of malicious user.
– Grey hat: First of all, this doesn’t mean a person who’s an IT security expert by day, illegal hacker by night. In fact, the top grey hat hackers are like undercover police officers. They’ll pretend to be a member of the underground hacking community, giving them access to secret message boards, for example. Then they can identify emerging threats in advance.
– Black hat: This can be a fuzzy category. In the information security world, they’re normally seen as the bad guys, working underground and breaking into places they shouldn’t. Nevertheless, they’ll mingle with legitimate security pros from time to time. At conferences around the world, black hats will even share their experiences with the folks on the other side of the fence.
But keep in mind that we aren’t talking about phishers or credit card scammers in that case. The black hats who go to these conferences might be on the wrong side of the law, but you’re unlikely to run into serious profit-driven criminals. They do pretty much the same thing as their legitimate counterparts — probe for weaknesses and exploit them, only without authorization.
Ultimately, the three groups work towards the same goal, even if it’s unintentional. They help companies develop better software and more secure networks.
Get your hack on
If you work in IT security and want to learn more about breaking into a system from the other side’s perspective, here are a few ways to get started:
Sign up for a hacking contest: Symantec recently had a competition in Toronto that simulated a real network for participants to hack into. Check the Web for upcomign events.
Get certified as an ethical hacker: http://www.eccouncil.org/courses/certified_ethical_hacker.aspx
Mingle with security pros and black hat hackers: