Ethical hacking is known by different names: Some of them are– intrusion testing, penetration testing and red teaming. It is not a clandestine operation from the point of view of the organization to which the ethical hacker belongs. It is done with appropriate directions and it is meant to serve the desired objective and/or to test the working of the system and the possible problems that it may encounter. Those entrusted with the responsibility of ethical hacking are known as white hats. They are skilled computer experts who are in a position to gauge the vulnerabilities in the computer systems from every angle and will suggest procedures to plug the loopholes. These loopholes, if not tackled well in time, may be exploited by those working within the organization or by outside agencies— the competitors of the company possibly. Such individuals are termed as black hats. The white hats devise methods to counter black hats to keep the secrets of the company secure and to protect its business interests. White hats may be in direct employment of the company on full time basis or they may be the consulting agencies hired for a specific purpose.
The technical difference between ethical hacking and hacking is zero but the moral difference is substantive. The fact that the ethical hacker is able to protect the system implies that he has the skills to penetrate or crash other systems and check moves by the prospective hacker to create mischief to the organization for which the ethical hacker is working for. So, the difference between a white hat and a black hat is one of perspective. A black hat in an organization can be the white hat for other organizations if he switches employment.
Let us try to understand the difference between a hacker and an ethical hacker through an analogy. Suppose a criminal who has served the jail sentence is reformed and upon release, joins the police force. He is the best candidate to understand the modus operandi of the criminals, who carry out the nefarious activities. It is not uncommon for a black hat, who in the past was convicted and served jail sentence for hacking, to resume career as a white hat, upon release.
Concerns about information theft:
Internet revolution and expertise in computer operations has created grave problems relating to confidentiality of the data. Government organizations dealing with defense of the country and security are at special risks. For business establishments, details related to market strategy and other consumer information are of supreme importance for chalking out future strategies. If the enemy countries or business competitors are able to lay hands on the classified information, serious troubles can be in store. So the establishments constantly review the systems and plug the loopholes to make it impenetrable. White hats have a tremendous responsibility and the top management looks forward to them with high hopes.
An ideal ethical hacker:
Apart from the formal knowledge about the working of computers, an ethical hacker creates his own syllabus. For some computer-savvy individuals, this area interests a lot and their creative genius finds an outlet. He is an original thinker, who evaluates the issues outside the box and gives original solutions to prevent encroachment by black hats. He is well versed in multiple computer codes and strong in mathematics. They need to train the mind to experiment with the destructive ideas, to enable to cause damage to the property of the intended target by creating viruses etc.
The same objective but different perspective:
The ethical hackers and non-ethical hackers, both are doing well in their businesses. Viruses are designed and new anti-virus software is created. Just as the police force exists on account of criminals—the ethical and non-ethical computer experts exist in that type of relationships. The ethical hacker works with the eye of an illegal hacker. Since the ethical hacker has access to highly sensitive information, he has to be ethical and loyal to the company in the real sense and whose integrity needs to be unquestionable.