When your business is just getting started online, hacking seems like a purely bad thing: catastrophic at worst, and a nuisance at best. But is there ever an ethical use-case for hacking? And if so, where is the line between being hacked, and using hacking?
Someone defaced your website, posted a rude or lewd image, and called you the adult equivalent of a doodyhead? Ah well, time to grab the backups, and maybe switch hosts.
You can’t really be faulted for thinking that. In popular culture, hackers are either nefarious, villainous, and often very good-looking nerds, or else they’re helpful nerds of varying appearance who are there to provide comic relief, and tell the world what a horrible evil bad person the villain is by leaking their stuff. And since you’re not trying to nuke anybody, why would you have anything to do with an “ethical” hacker?
“hacker” used to be a term for someone who studied tech, broke it down, and put it back together
As usual, Hollywood is wrong, and silly. Here’s a story I’ve told before on WDD: “hacker” used to be a term for someone who studied tech, broke it down, and put it back together in order to understand and learn from it. Malicious hackers were called “crackers” (now there’s a name that didn’t stick for so many different reasons…).
But the word “hacker” has been co-opted, so now those curious nerd types are called “ethical hackers” or “white hat” hackers, and they’re an important part of the tech ecosystem. Here’s why:
Gaining Knowledge and Understanding
That basic premise I mentioned above? Break it apart and put it back together? It’s a defining trait of the entire Open Source software (and hardware) industry. It’s how people learn and grow as developers (or hardware designers).
People do it with proprietary tech, too, but the proprietors (and sometimes law enforcement) tend to be less than happy about it. Even then, it’s not necessarily a bad thing, in my opinion. If you’ve ever had an Apple product repaired for less than the cost of the original item, or even just had a jailbroken phone, you have ethical hackers to thank.
As for web designers, where would we even be without “View Source”?
Testing Your Security
This is one of the big money-makers in the ethical hacking community: having hackers break into your system to help you find out where the problems are. It’s a practice that’s also known as “penetration testing”, which is usually shortened to “pen testing” because (and you can quote me on this) all programmers are basically twelve years old.
Sometimes businesses hire ethical hackers to do this, but more than a few hackers work freelance, submitting issues they find in exchange for bounties paid by the companies they “hack”. Companies with larger budgets and smart recruiters often make a point of hiring the better hackers who try their skills against the company’s systems.
Finding the Other Kind of Hackers
When there’s something strange in your network, who you gonna call? The saying “it takes one to know one” applies here, maybe more than it does in the rest of…well…life. Hiring hackers not only to help you test your defenses, but to help you build them in the first place, and track down attackers is another big money maker.
Of course, their official title will probably be something more along the lines of “Information Security Expert”, or possibly “Taylor Swift”. But make no mistake, they use many of the same skills and tools as “hackers”.
Okay fine, I’ll explain this one again, too: Taylor Swift is, in this case, the pseudonym of a Twitter-famous IT person who does a great job of breaking down basic “infosec” best practices for everyone. They do this while sort of roleplaying as the actual Taylor Swift, and writing short science fiction stories / Cortana fan-fiction. Is that Cortana the AI in Halo or the Microsoft-made virtual assistant? Yes.
Dealing With Catastrophes
Have you ever been locked out of your house, and had to send a kid climbing through one of the second-story windows? (I remember being that kid. It was fun.) Or just called a locksmith? On rare occasions, things might go very, incredibly wrong, and leave you locked out of your own IT systems.
Assuming you can’t just pull the plug and reboot things manually, or ask your service providers very nicely to let you back in, you might end up hiring a hacker. Now, I did say this was a rare thing. Most software designers are smarter than that.
But what if you get hacked by someone you didn’t pay to do it, and you’re locked out of all your accounts on social media, for example, and customer support is taking a very long coffee break? There have been times when people have hired hackers to give them back what is rightfully theirs. This sort of action is in a grey area at best (Twitter won’t be happy to get hacked no matter what the reason), but…it’s a thing that happens.
Increased Connectivity Means We Need Ethical Hackers Now More Than Ever
The more of your business that you do online, the more you need to beef up your security. It might seem like ethical hackers are mostly just solving a problem created by other hackers and…that’s not entirely wrong. But it’s not their fault, either. People are just people, and people sometimes do bad things.
It’s like how people rob stores, and that’s why stores hire security. Ethical hackers are part of the ecosystem because we need them. We need them to find out how our tech works, to keep big data-driven, profit-focused companies honest. We need them to fend off attackers, and develop our anti-virus and firewall software.
And most of all, we need them to run their penetration testing deep into our networks, and tell us how hard it is to get in. (I may not be a programmer, but I’m twelve years old too.)