In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term “hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks.
Origins of Hacking
M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of hacking. Starting at the model train club and later in the mainframe computer rooms, the so-called “hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities.
Later, outside of M.I.T., others began applying the term to less honorable pursuits. Before the Internet became popular, for example, several hackers in the U.S. experimented with methods to modify telephones for making free long-distance calls over the phone network illegally.
As computer networking and the Internet exploded in popularity, data networks became by far the most common target of hackers and hacking.
Hacking vs. Cracking
Malicious attacks on computer networks are officially known as cracking, while hacking truly applies only to activities having good intentions. Most non-technical people fail to make this distinction, however. Outside of academia, its extremely common to see the term “hack” misused and be applied to cracks as well.
Types of Hacker
A hacker is basically someone who breaks into computer networks or standalone personal computer systems for the challenge of it or because they want to profit from their innate hacking capabilities. The hacker subculture that has developed among these new-age outlaws is often defined as the computer underground, although as of late it has evolved into a more open society of sorts. At any rate, here are the different types of hackers.
White Hat: A white hat hacker is someone who has non-malicious intent whenever he breaks into security systems and whatnot. In fact, a large number of white hat hackers are security experts themselves who want to push the boundaries of their own IT security ciphers and shields or even penetration testers specifically hired to test out how vulnerable or impenetrable (at the time) a present protective setup currently is. A white hat that does vulnerability assessments and penetration tests is also known as an ethical hacker.
Black Hat: A black hat hacker, also known as a cracker, is the type of hacker that has malicious intent whenever he goes about breaking into computer security systems with the use of technology such as a network, phone system, or computer and without authorization. His malevolent purposes can range from all sorts cybercrimes such as piracy, identity theft, credit card fraud, vandalism, and so forth. He may or may not utilize questionable tactics such as deploying worms and malicious sites to meet his ends.
Grey Hat: A grey hat hacker is someone who exhibits traits from both white hats and black hats. More to the point, this is the kind of hacker that isn\’t a penetration tester but will go ahead and surf the Internet for vulnerable systems he could exploit. Like a white hat, he\’ll inform the administrator of the website of the vulnerabilities he found after hacking through the site. Like a black hat and unlike a pen tester, he\’ll hack any site freely and without any prompting or authorization from owners whatsoever. He\’ll even offer to repair the vulnerable site he exposed in the first place for a small fee.
Elite Hacker: As with any society, better than average people are rewarded for their talent and treated as special. This social status among the hacker underground, the elite (or, according to the hacker language that eventually devolved into leetspeak, 31337) are the hackers among hackers in this subculture of sorts. They\’re the masters of deception that have a solid reputation among their peers as the cream of the hacker crop.
Script Kiddie: A script kiddie is basically an amateur or non-expert hacker wannabe who breaks into people’s computer systems not through his knowledge in IT security and the ins and outs of a given website, but through the prepackaged automated scripts (hence the name), tools, and software written by people who are real hackers, unlike him. He usually has little to know knowledge of the underlying concept behind how those scripts he has on hand works.
An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.
Ethical hacking and a ethical hacker are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers. The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate, any potential hacker attacks.
Ethical hacking is also known as penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the “good guy” wore a white hat and the “bad guy” wore a black hat.
Getting Started with ethical hacking
What you need to do to get started on the road to becoming an ethical hacker depends on where you are in the IT field. If you haven’t started your IT career yet, you might even consider military service. The military offers many IT opportunities, and you get paid to go to school, even if you enlist in a part-time branch such as the National Guard or Reserves. Military service also looks good to employers that require security clearances.
Start with the basics: Earn your A+ Certification and get a tech support position. After some experience and additional certification (Network+ or CCNA), move up to a network support or admin role, and then to network engineer after a few years. Next, put some time into earning security certifications (Security+, CISSP, or TICSA) and find an information security position. While you’re there, try to concentrate on penetration testing–and get some experience with the tools of the trade. Then work toward the Certified Ethical Hacker (CEH) certification offered by the International Council of Electronic Commerce Consultants (EC-Council for short). At that point, you can start marketing yourself as an ethical hacker.
Qualification for a CEH (a vendor-neutral certification) involves mastering penetration testing, footprinting and reconnaissance, and social engineering. The course of study covers creating Trojan horses, backdoors, viruses, and worms. It also covers denial of service (DoS) attacks, SQL injection, buffer overflow, session hijacking, and system hacking. You’ll discover how to hijack Web servers and Web applications. You’ll also find out how to scan and sniff networks, crack wireless encryption, and evade IDSs, firewalls, and honeypots.