What is ethical hacking? White hat hackers explained

Not all hackers are motivated by greed - some of them use their powers for good

A graphic displaying an ethical hacker
Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

Hackers are usually portrayed as nefarious figures capable of wreaking havoc from the other side of the world, as they sit in a dark room and plot the demise of governments and corporations alike, making life difficult for IT teams. If you read some recent cyber security news, the stereotype isn’t entirely false: in the last week alone, hackers have targeted everyone from jobseekers and security researchers to Facebook and even the European Commission – and that’s the tip of the iceberg when it comes to recent hacking incidents.

Hackers have often been criticised for acting not only illegally, as hacking is considered a cyber crime, but also immorally, especially when targeting organisations working for the greater good, such as the education sector institutions, non-profits, and even laboratories working on the coronavirus vaccine. They have also been known to brag about the financial gains of their operations, one example being the REvil ransomware gang, which in October 2020 claimed to have made more than $100 million in one year from extorting large businesses. Not satisfied with their ill-gotten wealth, the group also revealed plans to make $2 billion with its ransomware as a service business.

However, this doesn’t mean that all hackers are automatically considered cyber criminals. In fact, many of them work to help organisations bolster their cyber security practices through detecting and reporting potential exploits. As their hacking is considered to be for the “greater good”, they are usually known as “ethical hackers” – hackers who use their skills for morally sound measures.

The ethical hacker, also known as a white hat, does the same thing as their malicious counterpart, only instead of exploiting vulnerabilities for the purpose of spreading code, they work with network operators to help fix the issue before it is discovered by others.

Both types of hackers get the same thrill of breaking something that wasn't supposed to ever break, they just have different motives. For many white hat hackers, the process is gamified in the form of bug bounty programmes - competitions that reward hackers with cash prizes for reporting vulnerabilities.

After all, who better to fight a hacker than another hacker?

Black hats, grey hats, and white hats

Within the cyber security community, hackers are divided into three camps - 'black hat' hackers, 'grey hat' hackers and 'white hat' hackers. Black hats hack their targets for self-serving reasons, such as financial gain, for revenge or simply to spread havoc.

White hat hackers, by contrast, actually aim to improve security, finding security holes and notifying the victim so they have an opportunity to fix it before a less-scrupulous hacker exploits it. Grey hats sit somewhere between the two camps, often conducting slightly more morally questionable operations, such as hacking groups that they are ideologically opposed to, or launching hacktivist protests. White hat and grey hat hackers can both be defined as 'ethical' hackers.

How do ethical hackers make money?

Black hat hackers generally earn their money through theft, fraud, extortion and other nefarious means. Ethical hackers, on the other hand, are quite often employed by cyber security companies, or within the security departments of larger organisations. The fact that they know how attackers operate often gives them valuable insight into how to prevent attacks.

Another way that ethical hackers can earn a living is through collecting 'bug bounties'. Large companies, particularly tech firms like Facebook, Microsoft and Google, offer a reward to researchers or hackers who discover security holes within their networks or services. This encourages them to report these holes, allowing them to be fixed before they can be found by criminals.

What motivates ethical hackers?

Most hackers are motivated by curiosity, and ethical hackers are no exception. They're often motivated by a desire to see what makes things tick, poking around in security systems just for the challenge of finding a way around them. Responsibly reporting their findings is the best way to indulge this desire whilst also staying on the right side of the law.

Many are also driven by a genuine desire to make the world more private and more secure. Exposing flaws in widely-used services and applications means that they're less likely to be used to harm innocent people.

Another big motivating factor for ethical hackers is, of course, cash. A career in pen-testing or red-teaming can be extremely lucrative, and often allows hackers to make a great deal more money than they would as a cyber criminal without fear of reprisals. Similarly, bug bounty programmes can provide incredibly generous payouts for discovering major flaws the current record-holder for the highest-value bug bounty is Google's $112,500 payment to a Chinese researcher who discovered a remote exploit vulnerability in Android.

How do I become an ethical hacker?

A graphic depiction of an ethical hacker certificate

Shutterstock

If you're a hacker that wants to become a white hat, the good news is that you're already halfway there. Ethical hacking is more a state of mind than anything else; a desire to use talents for good, as opposed to evil. If you'd rather use your hacking talents to improve the world's security than to line your own pockets, you're well on your way to becoming an ethical hacker.

In terms of practical steps, there are numerous courses you can take that promise to give you all the skills needed to become an ethical hacker. However, while these can definitely be useful, either as a starting point or as a way to refine your knowledge, the best way to become an ethical hacker is to simply immerse yourself in the world of cyber security.

Read as much you can on the technical elements of hacking and cyber defence, keep up to date with developments in the field, and generally learn as much as possible about the theory and practice of cyber security.

It's also a good idea to learn a couple of programming languages, if you haven't already. While it's not absolutely essential for hackers (ethical or otherwise) to have an in-depth knowledge of coding, it can be incredibly useful, and will pay dividends throughout your career.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022