This isnt true, though.
There are plenty of bad-guy hackers out there.
Some hackers use their skills ethically and legally.
The core of this is an understanding of what makes hacking illegal.
The concept is simple.
The actual hacking actions arent illegal; its just doing so without permission.
But that means that permission can be granted to allow you to do something that would otherwise be illegal.
This permission cant just come from any random person on the street or online.
It cant even come from the government (though intelligence agencies operate under slightly different rules).
Permission needs to be granted by the legitimate system owner.
Tip:To be clear, legitimate system owner doesnt necessarily refer to the person that bought the system.
It refers to someone who legitimately has the legal responsibility to say; this is ok for you.
While permission could simply be given verbally, this is never done.
Contents
Scope of Actions
The importance of the contract cannot be overstated.
It is the only thing granting the hacking actions of the ethical hacker legality.
The contract grant gives indemnity for the actions specified and against the targets specified.
If an ethical hacker strays outside the contracts scope, they are running a legal tightrope.
Anything they do is technically illegal.
In many cases, such a step would be accidental and quickly self-caught.
The contract offered doesnt necessarily need to be specifically tailored.
Some companies offer a bug bounty scheme.
Reporting issues, in this case, are typically rewarded financially.
Types of Ethical Hacking
The standard form of ethical hacking is the penetration test, or pentest.
The client can use the details in the report to fix the identified vulnerabilities.
Tip:Its pentesting not pen testing.
A penetration tester doesnt test pens.
In some cases, testing if one or more applications or networks are secure isnt enough.
In this case, more in-depth tests may be performed.
A red-team engagement typically involves testing a much broader range of security measures.
While each red-team exercise varies, the concept is typically much more of a worst-case so what if test.
Giving Things to the Bad Guys?
Ethical hackers write, use, and share hacking tools to make their lives easier.
Not having tools and trying to make it harder for black hats is relying on security through obscurity.
This concept is deeply frowned upon in cryptography and most of the security world in general.
In this case, they typically have a go at report it responsibly to the legitimate system owner.
The key thing after that is how the situation is handled.
While extensions can be granted if a little more time is needed, this isnt necessarily done.
Even if a fix isnt available, itcanbe ethical to detail the issue publicly.
Though this may not sound completely ethical, ultimately, it benefits the user.
In one scenario, the company is under enough pressure to deliver a timely fix.
Users can update to a fixed version or at least implement a workaround.
The alternative is that the company cant deploy a fix for a severe security issue promptly.
In this case, the user can make an informed decision about continuing to use the product.
Conclusion
An ethical hacker is a hacker that acts within the constraints of the law.
Typically they are contracted or otherwise granted permission by the legitimate system owner to hack a system.
Ethical hacking is built on set a thief to catch a thief.
Ethical hackers are also referred to as white hat hackers.
Other terms may also be used in certain circumstances, such as pentesters for hiring professionals.
