What do you really know about the Security Analyst down the hall from you? Is he or she as upstanding as they appear to be, or are they a blackhat in disguise? One thing’s for certain: Those with the ability to hack into systems are formidable to the forces opposing them.
The world seems to be filling up with hackers who are crossing over to the dark side. Or is it the “white” side? These changelings are everywhere, and the line between good and bad is often blurred.
Take the fantasy world, for example. Remember Cat Woman, starring Halle Berry? Remember how she was part thief, part crime-fighter; part good girl, part vixen; part restorer of the peace, part hell-raiser?
Remember how she claimed to be neither good nor bad, but somewhere in-between? And remember how she went on to do whatever she wanted, whenever she wanted, with whomever she wanted—including fighting crime for the greater good, if it suited her?
Cat Woman was a blackhat. (Of course, being in-between technically makes her a “gray hat,” a person who sometimes violates laws or ethical standards but without the malicious intent of the typical black hat hacker. But that’s another story.)
There are other black hats out there in the fantasy world, too. Remember Hancock, the drunken crime fighter played by Will Smith who had a horrible public image, and who tore up streets and cost his city untold millions in damages?
If you watched either of these two movies you know that these bad guys did bad things in the beginning but were able to transition from black hat to white hat (née bad guy to good guy) and do good things in the end.
This path from black hat to white hat is not limited to the fantasy world of movies. It is a trend that appears to be spilling over into the real world, too, especially in the fields of Information Technology and Cyber Security.
What is a Blackhat?
First let’s determine just what a blackhat is. A blackhat is a programmer or hacker who steals from other people online. To “hack” means to find all possible doors (entry points) in a computer or network system and then to go through those doors and gain unauthorized access to files that were not meant to be accessed.
Once inside, the blackhat proceeds to steal source code, sensitive information, money from bank accounts, credit information, personal identities and much, much more. The blackhat may also write destructive viruses and worms that crumble networks and render computers virtually useless.
The blackhat and his imps have even been known to bring snooty mega companies like Equifax to their knees and leave them limping away in shame and humiliation. In other words, black hats are the bad guys.
In fact, that is where the name “black hat” comes from! Picture “the Wicked Witch of the West,” and what do you see? A crone with a grotesque wart and a crooked, weather-beaten black hat perched atop her head. The same is true for old Western movies. The ultimate bad guy wears a black hat!
Blackhats are considered lethal, lawless and unpredictable. He or she cannot be trusted at any cost. Or can they? We will answer this last question in a later section. For now, let’s move on to the white hat.
Blackhat vs. Whitehat
A white hat hacker is supposedly the exact opposite of a blackhat. The white hat hacker has the same skills, craftiness and expertise as a black hat hacker, but he or she also has scruples—something the black hat does not have.
Whitehats are considered “ethical” hackers whose job is to use various tests and techniques to determine an organization’s security level and possible vulnerabilities. In other words, just like the blackhat, the whitehat hacks into a computer or network system and pokes around to see what’s going on.
The only difference is that the whitehat hacks these systems to help identify any weaknesses or vulnerabilities in security so that they can be repaired and refortified to keep information safe and prying eyes out. Just as the blackhat is considered a crook, the whitehat is considered a “hero;” a morally good person who only has the public good in mind.
So can a Blackhat become an Ethical Hacker?
Sure. We just explained how Cat Woman and Hancock transitioned from being self-involved blackhats to whitehats who helped others. Though they are fictional characters, they exemplify how a former villain can use his or her skills, knowledge and expertise for the good of all.
But what would make a blackhat want to become a part of the greater good? One great reason might be when they get caught breaking the law and the judicial hammer is getting ready to come down on their head! Blackhats can often lighten or eliminate their punishment by helping the government or some other organization secure their networks by applying what they know to stop other intruders.
Another reason might be money! Cyber security is a cash cow, and a smart blackhat would take what he knows and start his own security company. Doing so would help rebuild his reputation as well as his bank account!
There are many things that drive a hacker to do what they do. The power to wreak havoc or create underbelly civilizations rests within a hacker’s fingertips! Be sure to check out our articles on the hacker state of mind and the world below our social sphere.
Ethical Hacking: It Takes a Thief (or Blackhat)
A blackhat who transitions into ethical hacking can be good for technology and industry as a whole. At the very least it makes for good ethical hacking. First of all, as reformed cyber criminals, they know the tricks of the trade and may be able to predict the techniques of their former peers and counterparts.
Also, if a system has already been compromised, they can help the company recover data, liberate hijacked files, take control of their emails, and restore other functions. A former blackhat knows the game backward and forward and can make a list of recommended steps a company can follow that should minimize or even eliminate the risks of being hacked.
One newer plus in the world of ethical hacking includes obtaining certification of some kind. The Certified Ethical Hacking Certification, provided by the International Council of E-Commerce Consultants (EC-Council), is an example of such qualifications. Ethical hacking certification ensures that a former blackhat not only understands the complexities of the software and technology they are charged to protect, but that they understand the responsibilities of their position.
Certifications also provide a modicum of comfort to employers, making them feel that at least they are getting a security expert who understands how crucial it is to protect their information systems. Certifications are a baseline for competency, especially since most employers know nothing about technology—because if they did their networks would not have been compromised in the first place.
All of this talk about ethical hacking leads to one concept: It takes a thief to catch a thief. This simply means that no one is better at finding and stopping a wrong-doer than another wrong-doer. In this case, who better to stop a blackhat than a reformed blackhat who knows all the tricks of the trade?
So all Ethical Hackers are Good, Right?
Great question! The answer would be…WRONG! All white hat hackers are not good. And we are not just talking about those who are reformed blackhats; we mean that even those who started out as whitehats aren’t all good, either.
There have been many cases of whitehats hired to protect and defend their companies who went on to pilfer information, sell secrets and otherwise break the law. They did these things for any number of reasons, including greed, temptation and for the simple fact that no one was watching them, so they could.
The bottom line is this: Anyone of any race and any background can go from bad to good at a moment’s notice, and that includes white hat hackers.
Black hat hackers can indeed turn over a new leaf that leads to ethical hacking, which is good for everyone. However, because hacking can lead to instant wealth and other massive rewards (illegal though they may be), it is still a good idea to keep an eye on whoever happens to be working for you or your company, and on whatever cause happens to be closest to their hearts.
In the words of the late U.S. President Ronald Reagan, “Trust, but verify.” This phrase is an old Russian proverb that, in general, means to always keep your eye on the one who has his or her eyes on your company’s most precious secrets. And that may go double for the blackhat who has transitioned to ethical hacking.