What Is White Hat Hacking

White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field. White hat hackers employ the same methods of hacking as black hats, with one exception- they do it with permission from the owner of the system first, which makes the process completely legal. White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies. Black hats, grey hats and white hats Within the cyber security community, hackers are divided into three camps - 'black hat' hackers, 'grey hat' hackers and 'white hat' hackers. 12 'White Hat' Hackers You Should Know These information technology security experts go looking for trouble and find it -- but they're on your side. This co-author of 'Hacking Exposed.

  1. What Is White Hat Hacking
  2. Black Hat Hacking
  3. How To Become A White Hat Hacker
  4. White Hat Hacker Requirements
  5. Ethical Hacking
  6. What Is A White Hat Hacker Virus
(Redirected from Hacker (computer security))
This article is part of a series on
Computer hacking
History
Hacker culture & ethic
Conferences
Computer crime
Hacking tools
Practice sites
Malware
Computer security
Groups
  • Homebrew Computer Club (defunct)
  • Legion of Doom (defunct)
  • Masters of Deception (defunct)
Publications

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network.[citation needed] Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering,[1] challenge, recreation,[2] or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the 'computer underground'.[3]

Longstanding controversy surrounds the meaning of the term 'hacker'. In this controversy, computer programmers reclaim the term hacker, arguing that it refers simply to someone with an advanced understanding of computers and computer networks,[4]and that cracker is the more appropriate term for those who break into computers, whether computer criminals (black hats) or computer security experts (white hats).[5][6] A 2014 article noted that '... the black-hat meaning still prevails among the general public'.[7]

  • 2Classifications
  • 3Attacks
  • 6Customs
  • 7Consequences for malicious hacking
  • 8Hacking and the media
    • 8.2Hackers in fiction
Hacker

History

Bruce Sterling, author of The Hacker Crackdown

In computer security, a hacker is someone who focuses on security mechanisms of computer and network systems. While including those who endeavor to strengthen such mechanisms, it is more often used by the mass media and popular culture to refer to those who seek access despite these security measures. That is, the media portrays the 'hacker' as a villain. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field.[8] They operate under a code, which acknowledges that breaking into other people's computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is still an interesting activity that can be done ethically and legally. Accordingly, the term bears strong connotations that are favorable or pejorative, depending on the context.

The subculture around such hackers is termed network hacker subculture, hacker scene, or computer underground. It initially developed in the context of phreaking during the 1960s and the microcomputer BBS scene of the 1980s. It is implicated with 2600: The Hacker Quarterly and the alt.2600 newsgroup.

In 1980, an article in the August issue of Psychology Today (with commentary by Philip Zimbardo) used the term 'hacker' in its title: 'The Hacker Papers'. It was an excerpt from a Stanford Bulletin Board discussion on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn (Jeff Bridges) describes his intentions to break into ENCOM's computer system, saying 'I've been doing a little hacking here'. CLU is the software he uses for this. By 1983, hacking in the sense of breaking computer security had already been in use as computer jargon,[9] but there was no public awareness about such activities.[10] However, the release of the film WarGames that year, featuring a computer intrusion into NORAD, raised the public belief that computer security hackers (especially teenagers) could be a threat to national security. This concern became real when, in the same year, a gang of teenage hackers in Milwaukee, Wisconsin, known as The 414s, broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank.[11] The case quickly grew media attention,[11][12] and 17-year-old Neal Patrick emerged as the spokesman for the gang, including a cover story in Newsweek entitled 'Beware: Hackers at play', with Patrick's photograph on the cover.[13] The Newsweek article appears to be the first use of the word hacker by the mainstream media in the pejorative sense.

Pressured by media coverage, congressman Dan Glickman called for an investigation and began work on new laws against computer hacking.[14][15]Neal Patrick testified before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and six bills concerning computer crime were introduced in the House that year.[15] As a result of these laws against computer criminality, white hat, grey hat and black hat hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral conflicts are expressed in The Mentor's 'The Hacker Manifesto', published 1986 in Phrack.

Use of the term hacker meaning computer criminal was also advanced by the title 'Stalking the Wily Hacker', an article by Clifford Stoll in the May 1988 issue of the Communications of the ACM. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage. The popularity of Stoll's book The Cuckoo's Egg, published one year later, further entrenched the term in the public's consciousness.

Classifications

Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with whom they do not agree.

Cracker

Eric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected. Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker for more malicious activity.

According to Ralph D. Clifford, a cracker or cracking is to 'gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system'.[16] These subgroups may also be defined by the legal status of their activities.[17]

White hat

A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests, or vulnerability assessments for a client - or while working for a security company which makes security software. The term is generally synonymous with ethical hacker, and the EC-Council,[18] among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.[17]

Black hat

A 'black hat' hacker is a hacker who 'violates computer security for little reason beyond maliciousness or for personal gain' (Moore, 2005).[19] The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment.[20] Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are 'the epitome of all that the public fears in a computer criminal'.[21]

Grey hat

A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.[21] Grey hat hackers sometimes find the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.

Elite hacker

A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.[22]

Script kiddie

A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a computer script that automates the hacking) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature),[23] usually with little understanding of the underlying concept.

Neophyte

A neophyte ('newbie', or 'noob') is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.[21]

Blue hat

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.[24][25][26]

Hacktivist

A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.

Hacktivism can be divided into two main groups:

  • Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,
  • Freedom of information — Making information that is not public, or is public in non-machine-readable formats, accessible to the public.

Nation state

Intelligence agencies and cyberwarfare operatives of nation states.[27]

Organized criminal gangs

Groups of hackers that carry out organized criminal activities for profit.[27]

Attacks

This article is part of a series on
Information security
Related security categories
Threats
Defenses
  • Application security
  • Authentication

A typical approach in an attack on Internet-connected system is:

  1. Network enumeration: Discovering information about the intended target.
  2. Vulnerability analysis: Identifying potential ways of attack.
  3. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.[28]

In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploits

A security exploit is a prepared application that takes advantage of a known weakness.[29] Common examples of security exploits are SQL injection, cross-site scripting and cross-site request forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), PHP, SSH, Telnet and some Web pages. These are very common in Web site and Web domain hacking.

Techniques

What Is White Hat Hacking

Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are 'open' or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Firewalls defend computers from intruders by limiting access to ports and machines, but they can still be circumvented.)
Finding vulnerabilities
Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test them, sometimes reverse engineering the software if the code is not provided. Experienced hackers can easily find patterns in code to find common vulnerabilities.
Brute-force attack
Password guessing. This method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used, because of the time a brute-force search takes.[30]
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a 'dictionary', or a text file with many passwords.
Packet analyzer
A packet analyzer ('packet sniffer') is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.
Spoofing attack (phishing)
A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program — usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.
Rootkit
A rootkit is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making it virtually impossible for them to be detected by checking process tables.
Social engineering
In the second stage of the targeting process, hackers often use Social engineering tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film Hackers, when protagonist Dade 'Zero Cool' Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company, Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company's computer system.
Hackers who use this technique must have cool personalities, and be familiar with their target's security practices, in order to trick the system administrator into giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a password to an unauthorized person.
Social engineering can be broken down into four sub-groups:
  • Intimidation As in the 'angry supervisor' technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
  • Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.[31]
  • Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents ('dumpster diving').
  • Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes.
Trojan horses
A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later. (The name refers to the horse from the Trojan War, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.)
Computer virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
Computer worm
Like a virus, a worm is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms 'virus' and 'worm' interchangeably to describe any self-propagating program.
Keystroke logging
A keylogger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a point of sale to detect evidence of employee fraud.
Attack patterns
Attack patterns are defined as series of repeatable steps that can be applied to simulate an attack against the security of a system. They can be used for testing purposes or locating potential vulnerabilities. They also provide, either physically or in reference, a common solution pattern for preventing a given attack.

Tools and Procedures

A thorough examination of hacker tools and procedures may be found in Cengage Learning's E|CSA certification workbook.[32]

Notable intruders and criminal hackers

Notable security hackers

  • Andrew Auernheimer, sentenced to 3 years in prison, is a grey hat hacker whose security group Goatse Security exposed a flaw in AT&T's iPad security.
  • Dan Kaminsky is a DNS expert who exposed multiple flaws in the protocol and investigated Sony's rootkit security issues in 2005. He has spoken in front of the United States Senate on technology issues.
  • Ed Cummings (also known as Bernie S) is a longstanding writer for 2600: The Hacker Quarterly. In 1995, he was arrested and charged with possession of technology that could be used for fraudulent purposes, and set legal precedents after being denied both a bail hearing and a speedy trial.
  • Eric Corley (also known as Emmanuel Goldstein) is the longstanding publisher of 2600: The Hacker Quarterly. He is also the founder of the Hackers on Planet Earth (HOPE) conferences. He has been part of the hacker community since the late 1970s.
  • Susan Headley (also known as Susan Thunder), was an American hacker active during the late 1970s and early 1980s widely respected for her expertise in social engineering, pretexting, and psychological subversion.[33] She became heavily involved in phreaking with Kevin Mitnick and Lewis de Payne in Los Angeles, but later framed them for erasing the system files at US Leasing after a falling out, leading to Mitnick's first conviction.[34]
  • Gary McKinnon is a Scottish hacker who was facing extradition to the United States to face criminal charges. Many people in the UK called on the authorities to be lenient with McKinnon, who has Asperger syndrome. The extradition has now been dropped.[35]
  • Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many network security books and web sites. He is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
  • Guccifer 2.0, who claimed that he hacked into the Democratic National Committee (DNC) computer network
  • Jacob Appelbaum is an advocate, security researcher, and developer for the Tor project. He speaks internationally for usage of Tor by human rights groups and others concerned about Internet anonymity and censorship.
  • Joanna Rutkowska is a Polish computer security researcher who developed the Blue Pillrootkit and Qubes OS.
  • Jude Milhon (known as St. Jude) was an American hacker and activist, founding member of the cypherpunk movement, and one of the creators of Community Memory, the first public computerized bulletin board system.[36]
  • Kevin Mitnick is a computer security consultant and author, formerly the most wanted computer criminal in United States history.[37]
  • Len Sassaman was a Belgian computer programmer and technologist who was also a privacy advocate.
  • Meredith L. Patterson is a well-known technologist and biohacker who has presented research with Dan Kaminsky and Len Sassaman at many international security and hacker conferences.
  • Kimberley Vanvaeck (known as Gigabyte) is a Belgian hacker recognized for writing the first virus in C#.[38]
  • Michał Zalewski (lcamtuf) is a prominent security researcher.
  • Rafael Núñez, a.k.a. RaFa, was a notorious hacker who was sought by the Federal Bureau of Investigation in 2001. He has since become a respected computer security consultant and an advocate of children's online safety.
  • Solar Designer is the pseudonym of the founder of the Openwall Project.
  • Kane Gamble, sentenced to 2 years in youth detention, who is autistic, gained access to highly sensitive information and 'cyber-terrorised' high profile U.S. intelligence officials such as then CIA chief John Brennan or Director of National Intelligence James Clapper.[39][40][41]

Customs

The computer underground[2] has produced its own specialized slang, such as 1337speak. Its members often advocate freedom of information, strongly opposing the principles of copyright, as well as the rights of free speech and privacy.[citation needed] Writing software and performing other activities to support these views is referred to as hacktivism. Some consider illegal cracking ethically justified for these goals; a common form is website defacement. The computer underground is frequently compared to the Wild West.[42] It is common for hackers to use aliases to conceal their identities.

Hacker groups and conventions

The computer underground is supported by regular real-world gatherings called hacker conventions or 'hacker cons'. These events include SummerCon (Summer), DEF CON, HoHoCon (Christmas), ShmooCon (February), BlackHat, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE.[citation needed] Local Hackfest groups organize and compete to develop their skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker groups became popular in the early 1980s, providing access to hacking information and resources and a place to learn from other members. Computer bulletin board systems (BBSs), such as the Utopias, provided platforms for information-sharing via dial-up modem. Hackers could also gain credibility by being affiliated with elite groups.[43]

Consequences for malicious hacking

India

SectionOffencePunishment
65Tampering with computer source documents – Intentional concealment, destruction or alteration of source code when the computer source code is required to be kept or maintained by law for the time being in forceImprisonment up to three years, or/and with fine up to 20000 rupees
66HackingImprisonment up to three years, or/and with fine up to 50000 rupees

Netherlands

  • Article 138ab of Wetboek van Strafrecht prohibits computervredebreuk, which is defined as intruding an automated work or a part thereof with intention and against the law. Intrusion is defined as access by means of:
    • Defeating security measures
    • By technical means
    • By false signals or a false cryptographic key
    • By the use of stolen usernames and passwords.

Black Hat Hacking

Maximum imprisonment is one year or a fine of the fourth category.[44]

United States

18 U.S.C.§ 1030, more commonly known as the Computer Fraud and Abuse Act, prohibits unauthorized access or damage of 'protected computers'. 'Protected computers' are defined in 18 U.S.C.§ 1030(e)(2) as:

  • A computer exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government.
  • A computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

The maximum imprisonment or fine for violations of the Computer Fraud and Abuse Act depends on the severity of the violation and the offender's history of violations under the Act.

Hacking and the media

Hacker magazines

The most notable hacker-oriented print publications are Phrack, Hakin9 and 2600: The Hacker Quarterly. While the information contained in hacker magazines and ezines was often outdated by the time they were published, they enhanced their contributors' reputations by documenting their successes.[43]

Hackers in fiction

Hackers often show an interest in fictional cyberpunk and cyberculture literature and movies. The adoption of fictionalpseudonyms,[45] symbols, values and metaphors from these works is very common.[46]

Books

  • The cyberpunk novels of William Gibson—especially the Sprawl trilogy—are very popular with hackers.[47]
  • Helba from the .hack manga and anime series
  • Merlin of Amber, the protagonist of the second series in The Chronicles of Amber by Roger Zelazny, is a young immortal hacker-mage prince who has the ability to traverse shadow dimensions.
  • Lisbeth Salander in The Girl with the Dragon Tattoo by Stieg Larsson
  • Alice from Heaven's Memo Pad
  • Ender's Game by Orson Scott Card
  • Evil Genius by Catherine Jinks
  • Hackers (anthology) by Jack Dann and Gardner Dozois
  • Little Brother by Cory Doctorow
  • Neuromancer by William Gibson
  • Snow Crash by Neal Stephenson

Films

Non-fiction books

  • The Art of Deception by Kevin Mitnick
  • The Art of Intrusion by Kevin Mitnick
  • The Cuckoo's Egg by Clifford Stoll
  • Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick
  • The Hacker Crackdown by Bruce Sterling
  • The Hacker's Handbook by Hugo Cornwall (Peter Sommer)
  • Hacking: The Art of Exploitation Second Edition by Jon Erickson
  • Out of the Inner Circle by Bill Landreth and Howard Rheingold
  • Underground by Suelette Dreyfus

How To Become A White Hat Hacker

See also

References

  1. ^Winkler, Ira. Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. John Wiley & Sons. 2005. pg. 92. ISBN9780764589904.
  2. ^ abSterling, Bruce (1993). 'Part 2(d)'. The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN1-4043-0641-2.
  3. ^Blomquist, Brian (May 29, 1999). 'FBI's Web Site Socked as Hackers Target Feds'. New York Post.[permanent dead link]
  4. ^'The Hacker's Dictionary'. Retrieved May 23, 2013.
  5. ^Political notes from 2012: September–December. stallman.org
  6. ^Raymond, Eric S. 'Jargon File: Cracker'. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker
  7. ^Yagoda, Ben (March 6, 2014). 'A Short History of 'Hack''. The New Yorker. Retrieved June 21, 2019. Although Lifehacker and other neutral or positive applications of the word [hack] are increasingly prominent, the black-hat meaning still prevails among the general public.
  8. ^Caldwell, Tracey (July 22, 2011). 'Ethical hackers: putting on the white hat'. Network Security. 2011 (7): 10–13. doi:10.1016/s1353-4858(11)70075-7.
  9. ^See the 1981 version of the Jargon File, entry 'hacker', last meaning.
  10. ^'Computer hacking: Where did it begin and how did it grow?'. WindowSecurity.com. October 16, 2002.
  11. ^ abElmer-DeWitt, Philip (August 29, 1983). 'The 414 Gang Strikes Again'. Time. p. 75.
  12. ^Detroit Free Press. September 27, 1983.Missing or empty |title= (help)
  13. ^'Beware: Hackers at play'. Newsweek. September 5, 1983. pp. 42–46, 48.
  14. ^'Timeline: The U.S. Government and Cybersecurity'. Washington Post. May 16, 2003. Retrieved April 14, 2006.
  15. ^ abDavid Bailey, 'Attacks on Computers: Congressional Hearings and Pending Legislation,' sp, p. 180, 1984 IEEE Symposium on Security and Privacy, 1984.
  16. ^Clifford, D. (2011). Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime. Durham, North Carolina: Carolina Academic Press. ISBN1594608539.
  17. ^ abWilhelm, Douglas (2010). '2'. Professional Penetration Testing. Syngress Press. p. 503. ISBN978-1-59749-425-0.
  18. ^EC-Council. eccouncil.org
  19. ^Moore, Robert (2005). Cybercrime: Investigating High Technology Computer Crime. Matthew Bender & Company. p. 258. ISBN1-59345-303-5.Robert Moore
  20. ^O'Brien, Marakas, James, George (2011). Management Information Systems. New York, NY: McGraw-Hill/ Irwin. pp. 536–537. ISBN978-0-07-752217-9.
  21. ^ abcMoore, Robert (2006). Cybercrime: Investigating High-Technology Computer Crime (1st ed.). Cincinnati, Ohio: Anderson Publishing. ISBN978-1-59345-303-9.
  22. ^Thomas, Douglas (2002). Hacker Culture. University of Minnesota Press. ISBN978-0-8166-3346-3.
  23. ^Andress, Mandy; Cox, Phil; Tittel, Ed (2001). CIW Security Professional. New York, NY: Wiley. p. 638. ISBN0-7645-4822-0.
  24. ^'Blue hat hacker Definition'. PC Magazine Encyclopedia. Retrieved May 31, 2010. A security professional invited by Microsoft to find vulnerabilities in Windows.
  25. ^Fried, Ina (June 15, 2005). 'Blue Hat summit meant to reveal ways of the other side'. Microsoft meets the hackers. CNET News. Retrieved May 31, 2010.
  26. ^Markoff, John (October 17, 2005). 'At Microsoft, Interlopers Sound Off on Security'. The New York Times. Retrieved May 31, 2010.
  27. ^ abChabrow, Eric (February 25, 2012). '7 Levels of Hackers: Applying An Ancient Chinese Lesson: Know Your Enemies'. GovInfo Security. Retrieved February 27, 2012.
  28. ^Gupta, Ajay; Klavinsky, Thomas and Laliberte, Scott(March 15, 2002) Security Through Penetration Testing: Internet Penetration. informit.com
  29. ^Rodriguez, Chris; Martinez, Richard. 'The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security'(PDF). Frost & Sullivan. Retrieved August 13, 2013.
  30. ^Kerner, Sean Michael. 'Sentry MBA Uses Credential Stuffing To Hack Sites.' Eweek (2016): 8. Academic Search Complete. Web. 7 Feb. 2017.
  31. ^Thompson, Samuel T. C. 'Helping The Hacker? Library Information, Security, And Social Engineering.' Information Technology & Libraries 25.4 (2006): 222-225. Academic Search Complete. Web. 7 Feb. 2017.
  32. ^Press, EC-Council (2011). Penetration Testing: Procedures & Methodologies. Clifton, NY: CENGAGE Learning. ISBN1435483677.
  33. ^'DEF CON III Archives - Susan Thunder Keynote'. DEF CON. Retrieved August 12, 2017.
  34. ^Hafner, Katie (August 1995). 'Kevin Mitnick, unplugged'. Esquire. 124 (2): 80.
  35. ^'Gary McKinnon extradition ruling due by 16 October'. BBC News. September 6, 2012. Retrieved September 25, 2012.
  36. ^'Community Memory: Precedents in Social Media and Movements'. Computer History Museum. Retrieved August 13, 2017.
  37. ^'Kevin Mitnick sentenced to nearly four years in prison; computer hacker ordered to pay restitution ...' (Press release). United States Attorney's Office, Central District of California. August 9, 1999. Archived from the original on September 26, 2009. Retrieved April 10, 2010.
  38. ^Holt, Thomas J.; Schel, Bernadette Hlubik (2010). Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. IGI Global. p. 146.
  39. ^'British teenager who 'cyber-terrorised' US intelligence officials gets two years detention'. The Independent. 21 April 2018.
  40. ^'British teen Kane Gamble accessed accounts of top US intelligence and security officials'. Deutsche Welle. 21 January 2018.
  41. ^'Kane Gamble: Teenager with autism on Leicestershire housing estate took classified information by fooling people into thinking he was FBI boss'. The Independent. 21 January 2018.
  42. ^Jordan, Tim; Taylor, Paul A. (2004). Hacktivism and Cyberwars. Routledge. pp. 133–134. ISBN978-0-415-26003-9. Wild West imagery has permeated discussions of cybercultures.
  43. ^ abThomas, Douglas (2003). Hacker Culture. University of Minnesota Press. p. 90. ISBN978-0-8166-3346-3.
  44. ^Artikel 138ab. Wetboek van Strafrecht, December 27, 2012
  45. ^Swabey, Pete (February 27, 2013). 'Data leaked by Anonymous appears to reveal Bank of America's hacker profiling operation'. Information Age. Retrieved February 21, 2014.
  46. ^'Hackers and Viruses: Questions and Answers'. Scienzagiovane. University of Bologna. November 12, 2012. Retrieved February 21, 2014.
  47. ^Staples, Brent (May 11, 2003). 'A Prince of Cyberpunk Fiction Moves Into the Mainstream'. The New York Times. Mr. Gibson's novels and short stories are worshiped by hackers

Further reading

  • Apro, Bill; Hammond, Graeme (2005). Hackers: The Hunt for Australia's Most Infamous Computer Cracker. Rowville, Vic: Five Mile Press. ISBN1-74124-722-5.
  • Beaver, Kevin (2010). Hacking for Dummies. Hoboken, NJ: Wiley Pub. ISBN978-0-7645-5784-2.
  • Conway, Richard; Cordingley, Julian (2004). Code Hacking: A Developer's Guide to Network Security. Hingham, Mass: Charles River Media. ISBN978-1-58450-314-9.
  • Freeman, David H.; Mann, Charles C. (1997). At Large: The Strange Case of the World's Biggest Internet Invasion. New York: Simon & Schuster. ISBN0-684-82464-7.
  • Granville, Johanna (Winter 2003). 'Dot.Con: The Dangers of Cyber Crime and a Call for Proactive Solutions'. Australian Journal of Politics and History. 49 (1): 102–109. doi:10.1111/1467-8497.00284. Retrieved February 20, 2014.
  • Gregg, Michael (2006). Certified Ethical Hacker. Indianapolis, Ind: Que Certification. ISBN978-0-7897-3531-7.
  • Hafner, Katie; Markoff, John (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon & Schuster. ISBN0-671-68322-5.
  • Harper, Allen; Harris, Shon; Ness, Jonathan (2011). Gray Hat Hacking: The Ethical Hacker's Handbook (3rd ed.). New York: McGraw-Hill. ISBN978-0-07-174255-9.
  • McClure, Stuart; Scambray, Joel; Kurtz, George (1999). Hacking Exposed: Network Security Secrets and Solutions. Berkeley, Calif: Mcgraw-Hill. ISBN0-07-212127-0.
  • Russell, Ryan (2004). Stealing the Network: How to Own a Continent. Rockland, Mass: Syngress Media. ISBN978-1-931836-05-0.
  • Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. London: Routledge. ISBN978-0-415-18072-6.

External links

Wikibooks has a book on the topic of: Hacking

White Hat Hacker Requirements

Wikimedia Commons has media related to Hackers.
  • Can Hackers Be Heroes? Video produced by Off Book (web series)
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Security_hacker&oldid=911308246'

Since 2015, almost all healthcare organizations have reported at least one cyberattack. The largest U.S. hospital attacked in the U.S. 2017 was Erie County Medical Center in Buffalo, New York, and they're still feeling the effects.

Dr. Jennifer Pugh runs their emergency room and she was on staff the morning the hackers infiltrated their system, sending a ransomware note demanding bitcoin equivalent to $44,000. They froze staff out of their machines, rendering patient files inaccessible in a now-familiar M.O. for hackers. 'Honestly, I think it's disgusting … they're attacking some of the most vulnerable members in society by coming after a hospital,' Pugh says.

  • Explore more stories from 'CBSN: On Assignment'
Hat

The hospital's CEO, Thomas Quatroche, decided not to pay the ransom, but the hack will cost them a lot of money. 'This is a form of terrorism… we decided not to pay that ransom but make no mistake about it this ... it's going to cost us a lot of money in the long run,' he says.

Thousands of these attacks, of all scales, take place every day. So who can protect against these attacks? 'White-hat hackers' are the good guys -- paid by companies to hack their systems and find flaws before they are exploited by cyber criminals, or 'black-hat hackers'.

CBS News traveled to Mumbai, India to meet one of the world's best white-hat hackers, Sandeep Singh, better known by his online moniker 'Geekboy.'

India has emerged as a leading nation in the cyber war. White-hat hackers report more vulnerabilities to companies from here than hackers anywhere else in the world. 'Geekboy' has hacked companies like Microsoft, Facebook, Twitter, Uber and AirBnb -- with good intentions. And he is paid well for it -- companies offer 'bug bounties' to people who find vulnerabilities in their systems which they can then patch. 'How much I make in one day, my friends make in one year,' Singh says.

Despite being on the front lines of this cyber war, hackers like 'Geekboy' tend to keep a low profile. 'So do you think people in this neighborhood know you're a hacker?' Reena Ninan asked Sandeep. 'No actually… when they ask what I am doing, I tell them I'm doing my masters,' he says.

Geekboy hopes he can stop the hackers who are exploiting people for money. 'I feel disgusted - what they are doing is very bad,' Sandeep says. 'From this side I will always try to oppose [them]... everyone and every company should hire good guys.'

But some people question if white-hat hackers only have good intentions. 'Basically anyone can say that about any hackers… but about me - that's not something you can say,' Geekboy says. From person to person, it can be difficult to divine their motives, and experts admit that relying on white-hat hacking is often a gamble.

If anyone knows how the world of white-hat hacking and black-hat hacking intersect, it's Hector Monsegur and Christopher Tarbell. Hector Monsegur, known as 'Sabu' in the hacking world, founded LulzSec -- a black-hat group that hacked the CIA and Sony pictures in 2011 (Sony would be hacked again, in much more dramatic fashion, in 2014). Chris Tarbell, the former FBI agent who arrested him, convinced Sabu to help his country and defend against these attacks.

'There's a lot of different personalities involved, there's a lot of different reasons for hacking,' Monsegur says. 'A person like me got into hacking as a form of escape. There are guys who get into it for the profit… it's hard to really pinpoint one specific motive for a hacker… but what I can say is it's very isolated.'

But what's stopping these white-hats from being lured to the dark side? 'What if it's more valuable to me to keep information from you?' Tarbell says. 'You're raising your risk by allowing people to come into your system… you better hope your incentive is good enough to turn over what they find.'

Ethical Hacking

But despite the risk, companies and the U.S. government might not have a choice. 'Right now in the current state of affairs hacking is growing, the threat is growing, and the FBI is going to need help to fight this cyber war,' Tarbell says.

Become

What Is A White Hat Hacker Virus

And companies like Uber are recruiting that help. Sandeep traveled from India to Las Vegas to compete against the best hackers in the world for HackerOne, a hackathon where white-hat hackers look for vulnerabilities in cooperating companies. Uber was one of the companies that opened themselves up to hackers in the competition.

Melanie Ensign, who handles cybersecurity for Uber says these programs incentivize white-hat hackers. 'The most important thing to remember is that somebody is always trying to hack your product whether you know it or not … it is actually the next generation of security protection.'

Even though Sandeep didn't win the most valuable hacker trophy in the three-day long competition, it was still a very emotional experience for him.

'I can go happily back home and share my experience,' Sandeep said. 'We have more options to hack thing legally and make them more secure …'

So is white-hat hacking necessary in the fight against cyber crime? Chris Tarbell doesn't think cyberattacks are ending anytime soon. 'It's going to start the next world war if there ever is one. Hacking is going to be the first shot. It's going to happen six months before any military person steps on the shore.'