Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and cybercrime. Cybercrime is using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data etc. Cybercrimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.
How can they protect themselves?
In this article, we will introduce you to ethical hacking.
Topics covered in this tutorial
- What is hacking?
- Common hacking terminologies
- What is cybercrime?
- Types of cybercrime
- What is ethical hacking?
- Why ethical hacking?
- Legality of ethical hacking
There are many definitions of hacking. In this article, we will define hacking as identifying weakness in computer systems and/or networks and exploiting the weaknesses to gain access. An example of hacking is using by passing the login algorithm to gain access to a system. A hacker is a person who finds and exploits weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
Before we go any further, let’s look at some of the most commonly used terminologies in the world of hacking.
Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.
|Ethical Hacker (White hat):A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration Testing and vulnerability assessments.|
|Cracker (Black hat):A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.|
|Grey hat:A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.|
|Script kiddies:A non-skilled person who gains access to computer systems using already made tools.|
|Hacktivist:A hacker who use hacking to send social, religious, and political etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.|
|Phreaker:A hacker who identifies and exploits weaknesses in telephones instead of computers.|
Cybercrime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers etc. Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using Mobile phones via SMS and online chatting applications.
- The following list presents the common types of cybercrimes:
- Computer fraud:Intentional deception for personal gain via the use of computer systems.
- Privacy violation:Exposing personal information such as email addresses, phone number, account details etc. on social media, websites etc.
- Identity Theft:Stealing personal information from somebody and impersonating that person.
- Sharing copyrighted files/information:This involves distributing copyright protected files such as eBooks and computer programs etc.
- Electronic funds transfer:This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
- Electronic money laundering:This involves the use of computer to launder money.
- ATM Fraud:This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
- Denial of Service Attacks:This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
- Spam:Sending unauthorized emails. These emails usually contain advertisements.
Ethical hacking is identifying weakness in computer systems and/or computer networks and coming with counter measures that protect the weaknesses. Ethical hackers must abide by the following rules.
- Get written permission from the owner of the computer system and/or computer network before hacking.
- Protect the privacy of the organization been hacked.
- Transparently report all the identified weaknesses in the computer system to the organization.
- Inform hardware and software vendors of the identified weaknesses.
- Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
- Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.
Ethical hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.
- Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
- Cybercrime is committing crime with the aid of computers and information technology infrastructure.
- Ethical hacking is about improving the security of computer systems and/or computer networks.
- Ethical hacking is legal.