White hat (computer security)

Part of a series on
Computer hacking
History
Hacker culture and ethic
Conferences
Computer crime
Hacking tools
Practice sites
Malware
Computer security
Groups
Publications

A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker.[1][2] Ethical hacking is a term meant to imply a broader category than just penetration testing.[3][4] Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has.[5] The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively.[6] There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.[7]

White-hat hackers may also work in teams called "sneakers and/or hacker clubs",[8] red teams, or tiger teams.[9]

History

One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation determined that while Multics was "significantly better than other conventional systems," it also had "... vulnerabilities in hardware security, software security and procedural security" that could be uncovered with "a relatively low level of effort."[10] The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve. They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience. There are several other now unclassified reports describing ethical hacking activities within the US military.

By 1981 The New York Times described white-hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated "The Company realizes the benefit to NCSS and encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".[11]

On October 20, 2016, the Department of Defense (DOD) announced "Hack The Pentagon."[12][13]

The idea to bring this tactic of ethical hacking to assess the security of systems and point out vulnerabilities was formulated by Dan Farmer and Wietse Venema. To raise the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program called Security Administrator Tool for Analyzing Networks, or SATAN, was met with a great amount of media attention around the world in 1992.[9]

Tactics

While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects in protocols and applications running on the system, and patch installations, for example – ethical hacking may include other things. A full-scale ethical hack might include emailing staff to ask for password details, rummaging through executive dustbins, usually without the knowledge and consent of the targets. Only the owners, CEOs, and Board Members (stakeholders) who asked for such a security review of this magnitude are aware. To try and replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.[14] In most recent cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

The methods identified exploit known security vulnerabilities and attempt to evade security to gain entry into secured areas. They can do this by hiding software and system 'back-doors' that can be used as a link to information or access that a non-ethical hacker, also known as 'black hat' or 'grey hat', may want to reach.

Legality

Belgium

Belgium legalized white hat hacking in February 2023.[15]

China

In July 2021, the Chinese government moved from a system of voluntary reporting to one of legally mandating that all white hat hackers first report any vulnerabilities to the government before taking any further steps to address the vulnerability or make it known to the public.[16] Commentators described the change as creating a "dual purpose" in which white hat activity also serves the country's intelligence agencies.[16]

United Kingdom

Struan Robertson, legal director at Pinsent Masons LLP, and editor of OUT-LAW.com says "Broadly speaking, if the access to a system is authorized, the hacking is ethical and legal. If it isn't, there's an offense under the Computer Misuse Act. The unauthorized access offense covers everything from guessing the password to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data". Unauthorized access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defense in our hacking laws that your behavior is for the greater good. Even if it's what you believe."[4]

Employment

The United States National Security Agency offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.[8] When the agency recruited at DEF CON in 2020, it promised applicants that "If you have a few, shall we say, indiscretions in your past, don't be alarmed. You shouldn't automatically assume you won't be hired".[17]

A good "white hat" is a competitive skillful employee for an enterprise since they can be a countermeasure to find the bugs to protect the enterprise network environment. Therefore, a good "white hat" could bring unexpected benefits in reducing the risk across systems, applications, and endpoints for an enterprise.[18]

Recent research has indicated that white-hat hackers are increasingly becoming an important aspect of a company's network security protection. Moving beyond just penetration testing, white hat hackers are building and changing their skill sets, since the threats are also changing. Their skills now involve social engineering, mobile tech, and social networking.[19]

Notable people

See also

References

  1. ^ "What is white hat? - a definition from Whatis.com". Searchsecurity.techtarget.com. Archived from the original on 2011-02-01. Retrieved 2012-06-06.
  2. ^ Okpa, John Thompson; Ugwuoke, Christopher Uchechukwu; Ajah, Benjamin Okorie; Eshioste, Emmanuel; Igbe, Joseph Egidi; Ajor, Ogar James; Okoi, Ofem, Nnana; Eteng, Mary Juachi; Nnamani, Rebecca Ginikanwa (2022-09-05). "Cyberspace, Black-Hat Hacking and Economic Sustainability of Corporate Organizations in Cross-River State, Nigeria". SAGE Open. 12 (3): 215824402211227. doi:10.1177/21582440221122739. ISSN 2158-2440. S2CID 252096635.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  3. ^ Ward, Mark (14 September 1996). "Sabotage in cyberspace". New Scientist. 151 (2047). Archived from the original on 13 January 2022. Retrieved 28 March 2018.
  4. ^ a b Knight, William (16 October 2009). "License to Hack". InfoSecurity. 6 (6): 38–41. doi:10.1016/s1742-6847(09)70019-9. Archived from the original on 9 January 2014. Retrieved 19 July 2014.
  5. ^ Filiol, Eric; Mercaldo, Francesco; Santone, Antonella (2021). "A Method for Automatic Penetration Testing and Mitigation: A Red Hat Approach". Procedia Computer Science. 192: 2039–2046. doi:10.1016/j.procs.2021.08.210. S2CID 244321685.
  6. ^ Wilhelm, Thomas; Andress, Jason (2010). Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques. Elsevier. pp. 26–7. ISBN 978-1-59749-589-9.
  7. ^ "What is the difference between black, white, and grey hackers". Norton.com. Norton Security. Archived from the original on 15 January 2018. Retrieved 2 October 2018.
  8. ^ a b "What is a White Hat?". Secpoint.com. 2012-03-20. Archived from the original on 2019-05-02. Retrieved 2012-06-06.
  9. ^ a b Palmer, C.C. (2001). "Ethical Hacking" (PDF). IBM Systems Journal. 40 (3): 769. doi:10.1147/sj.403.0769. Archived (PDF) from the original on 2019-05-02. Retrieved 2014-07-19.
  10. ^ Paul A. Karger; Roger R. Scherr (June 1974). MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS (PDF) (Report). Archived (PDF) from the original on 13 November 2017. Retrieved 12 Nov 2017.
  11. ^ McLellan, Vin (1981-07-26). "Case of the Purloined Password". The New York Times. Archived from the original on 2016-03-07. Retrieved 11 August 2015.
  12. ^ "DoD Announces 'Hack the Pentagon' Follow-Up Initiative". U.S. Department of Defense. Retrieved 2023-12-15.
  13. ^ Perez, Natasha Bertrand,Zachary Cohen,Alex Marquardt,Evan (2023-04-13). "Pentagon leak leads to limits on who gets access to military's top secrets | CNN Politics". CNN. Archived from the original on 2023-12-15. Retrieved 2023-12-15.{{cite web}}: CS1 maint: multiple names: authors list (link)
  14. ^ Justin Seitz, Tim Arnold (April 14, 2021). Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters. No Starch Press. ISBN 978-1-7185-0112-6. Archived from the original on August 26, 2021. Retrieved August 30, 2021.
  15. ^ Drechsler, Charlotte Somers, Koen Vranckaert, Laura (3 May 2023). "Belgium legalises ethical hacking: a threat or an opportunity for cybersecurity?". CITIP blog. Archived from the original on 17 May 2023. Retrieved 7 May 2023.{{cite web}}: CS1 maint: multiple names: authors list (link)
  16. ^ a b Brar, Aadil (18 January 2024). "China Raises Private Hacker Army To Probe Foreign Governments". Newsweek. Archived from the original on 20 January 2024. Retrieved 20 January 2024.
  17. ^ "Attention DEF CON® 20 attendees". National Security Agency. 2012. Archived from the original on 2012-07-30.
  18. ^ Caldwell, Tracey (2011). "Ethical hackers: putting on the white hat". Network Security. 2011 (7): 10–13. doi:10.1016/s1353-4858(11)70075-7. ISSN 1353-4858.
  19. ^ Caldwell, Tracey (2011-07-01). "Ethical hackers: putting on the white hat". Network Security. 2011 (7): 10–13. doi:10.1016/S1353-4858(11)70075-7. ISSN 1353-4858.

Read other articles:

Rafi Sudirman

Rafi SudirmanRafi pada tahun 2018LahirRafi Ramadhan Sudirman31 Oktober 2003 (umur 20)Jakarta, IndonesiaKebangsaanIndonesiaPendidikanUniversitas IndonesiaPekerjaanPenyanyi-penulis laguPenghargaanAnugerah Musik IndonesiaKarier musikGenreR&Bsoulurban popInstrumenVokalsaksofongitarpianoTahun aktif2015–sekarangLabelGUTWarnerArtis terkaitChaseiro All Stars Rafi Ramadhan Sudirman (lahir 31 Oktober 2003) adalah seorang penyanyi-penulis lagu berkebangsaan Indonesia. Rafi memulai karier di ...

 

 

Hari-Hari Juli

Artikel atau sebagian dari artikel ini mungkin diterjemahkan dari July Days di en.wikipedia.org. Isinya masih belum akurat, karena bagian yang diterjemahkan masih perlu diperhalus dan disempurnakan. Jika Anda menguasai bahasa aslinya, harap pertimbangkan untuk menelusuri referensinya dan menyempurnakan terjemahan ini. Anda juga dapat ikut bergotong royong pada ProyekWiki Perbaikan Terjemahan. (Pesan ini dapat dihapus jika terjemahan dirasa sudah cukup tepat. Lihat pula: panduan penerjemahan a...

 

 

منتخب المغرب لكرة القدم للمحليين

منتخب المغرب لكرة القدم للمحليين معلومات عامة بلد الرياضة المغرب الفئة كرة القدم للرجال  رمز الفيفا MAR  الاتحاد الجامعة الملكية المغربية لكرة القدم كونفدرالية الاتحاد الأفريقي لكرة القدم (الكاف) الملعب الرئيسي ملعب مراكش الدولي الطاقم واللاعبون المدرب الحسين عموتة ...

Rose Bowl (film)

1936 film by Charles Barton Rose BowlTheatrical release posterDirected byCharles BartonScreenplay byMarguerite RobertsProduced byA.M. BotsfordStarringEleanore WhitneyTom BrownBuster CrabbeWilliam FrawleyBenny BakerNydia WestmanCinematographyHenry SharpEdited byWilliam SheaMusic byJohn LeipoldProductioncompanyParamount PicturesDistributed byParamount PicturesRelease date October 30, 1936 (1936-10-30) Running time75 minutesCountryUnited StatesLanguageEnglish Rose Bowl is a 1936 A...

 

 

Kurindu Jiwaku

Kurindu JiwakuGenreDramaKomediFantasiSutradaraSharad SharanRonix SakaPemeranAngel KaramoyOkan CorneliusNafa UrbachShezy IdrisLenna TanDina MarianaLagu pembukaTemukan Aku, Nafa UrbachLagu penutupTemukan Aku, Nafa UrbachNegara asalIndonesiaJmlh. episode14 (daftar episode)ProduksiProduser eksekutifGobind PunjabiProduserRaam PunjabiLokasi produksiJakartaPengaturan kameraLuri GumilarDurasi1 JamRumah produksiTripar Multivision PlusDistributorMNC MediaMNC PicturesRilis asliJaringanRCTIFormat audioS...

 

 

Carbon-Blanc

Carbon-Blanc La mairie. Logo Administration Pays France Région Nouvelle-Aquitaine Département Gironde Arrondissement Bordeaux Intercommunalité Bordeaux Métropole Maire Mandat Patrick Labesse 2020-2026 Code postal 33560 Code commune 33096 Démographie Gentilé Carbonblannais Populationmunicipale 8 300 hab. (2021 ) Densité 2 150 hab./km2 Géographie Coordonnées 44° 53′ 45″ nord, 0° 30′ 19″ ouest Altitude Min. 10 mMax. 55...

Smultron

Artikel ini sebatang kara, artinya tidak ada artikel lain yang memiliki pranala balik ke halaman ini.Bantulah menambah pranala ke artikel ini dari artikel yang berhubungan atau coba peralatan pencari pranala.Tag ini diberikan pada April 2016. Smultron Tangkapan layar antarmuka pengguna SmultronTipePenyunting teks Versi stabil 12.0.6 (3 Januari 2020) GenreEditor teksLisensiProprietary (Mac App Store)BahasaDaftar bahasa Multi bahasa Karakteristik teknisSistem operasiOS XBahasa pemrogramanObject...

 

 

Îles Kouriles

Îles KourilesКурильские острова (ru) Carte des îles Kouriles. Géographie Pays Russie Revendication par Japon (voir le contentieux relatif aux îles Kouriles) Archipel Aucun Localisation Mer d'Okhotsk (océan Pacifique) Coordonnées 47° 08′ 53″ N, 152° 25′ 37″ E Superficie 10 355,61 km2 Nombre d'îles 40 Île(s) principale(s) Itouroup, Ouroup, Kounachir et Paramouchir Point culminant Alaid (2 339 m s...

 

 

Star Air (Indonesia)

Star Air IATA ICAO Kode panggil STA 5H STAR Didirikan1999Mulai beroperasi2001Berhenti beroperasi2005Pusat operasiJakarta IndonesiaPenghubungBandar Udara Internasional Soekarno-HattaSloganYou Are Our Star Boeing 737-200 milik Star Air Star Air adalah sebuah maskapai penerbangan yang berpusat di Indonesia. Maskapai ini berdiri tahun 2000, masa di mana maskapai swasta di Indonesia bermunculan setelah pemerintah mencanangkan deregulasi penerbangan di Indonesia. Namun, seperti beberapa maskapai sw...

Fausto Landini

Fausto Landini Landini al Bologna nel 1973 Nazionalità  Italia Calcio Ruolo Allenatore (ex attaccante) Termine carriera 1981 - giocatore Carriera Squadre di club1 1968-1970 Roma44 (6)1970-1971 Juventus5 (0)1971-1975 Bologna76 (13)1975-1978 Ascoli7 (0)1979-1980 Benevento23 (5)[1]1980-1981 Sangiovannese12 (0)[2] Nazionale 1969-1970 Italia U-214 (1) Carriera da allenatore 1994-1995 Colligiana2004-2005 SienaPrimavera2006-2007 San...

 

 

Человек прямоходящий

† Человек прямоходящий Научная классификация Домен:ЭукариотыЦарство:ЖивотныеПодцарство:ЭуметазоиБез ранга:Двусторонне-симметричныеБез ранга:ВторичноротыеТип:ХордовыеПодтип:ПозвоночныеИнфратип:ЧелюстноротыеНадкласс:ЧетвероногиеКлада:АмниотыКлада:Синапсиды�...

 

 

Logo sign

Road sign This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Logo sign – news · newspapers · books · scholar · JSTOR (March 2012) (Learn how and when to remove this template message) An example of a typical American logo sign Logo signs (also known as specific service signs or Logo service signs, or colloquial...

673d Air Base Wing

673d Air Base Wing An airman and military working dog of the 673d Security Forces SquadronActive2010–presentCountry United StatesBranch United States Air ForceRoleInstallation supportSizeOver 5000 military and civilianPart ofPacific Air CommandGarrison/HQJoint Base Elmendorf-RichardsonMotto(s)Cavete Ursum Arcticum Latin Beware the Arctic Bear[1]DecorationsAir Force Outstanding Unit AwardCommandersCurrentcommanderCol. David Wilson [2]Command Chief Master Serge...

 

 

Simone Lagrange

Pour les articles homonymes, voir Lagrange. Simone LagrangeBiographieNaissance 23 octobre 1930Saint-Fons (France)Décès 17 février 2016 (à 85 ans)La Tronche (France)Nom de naissance Simy KadoscheNationalité françaiseActivité JudaïsmeAutres informationsLieux de détention Prison Montluc, AuschwitzDistinctions Chevalier de la Légion d'honneur‎Chevalier des Palmes académiquesMédaille de la famillemodifier - modifier le code - modifier Wikidata Simone Lagrange, née Simy Kadosch...

 

 

Коты быстрого реагирования

Коты быстрого реагированияангл. Swat Kats: The Radical Squadron Кадр из вступления мультсериала Жанры Комедия, боевик, приключения, фантастика Техника анимации рисованная Режиссёры Роберт АльварезФрэнк АндринаКунио ШимамураАллен Уилзбах Сценаристы Кристиан Тремблэ Ивон Трембл�...

V (penyanyi)

Ini adalah nama Korea; marganya adalah Kim. VV untuk Samsung pada 2021LahirKim Tae-hyung30 Desember 1995 (umur 28)Distrik Seo, DaeguTempat tinggalHannam-dong, Seoul[1]Warga negara Korea SelatanPekerjaanPenyanyiPenulis laguProduser rekamanPemeranKota asalGeochang, Gyeongsang SelatanPenghargaan Hwagwan Order of Cultural Merit (2018)Karier musikGenrePop KoreaR&B kontemporerPopHip hopInstrumenVokalTahun aktif2013 (2013)–SekarangLabelBig HitArtis terkaitBTSNama Ko...

 

 

Gunfire (drink)

GunfireCocktailTypeMixed drinkServedstirredStandard drinkware MugCommonly used ingredients1 cup of black tea1 shot of rumPreparationPour the tea into a cup. Pour the rum in and stir. Gunfire (or gun-fire) is a British caffeinated alcoholic drink, a cocktail made of black tea and rum. It has its origins in the British Army and is also used as a name for early morning tea in the army.[1][2][3] History British Army It is unknown when gunfire was concocted, but it is know...

 

 

John Adolph Shafer

John Adolph Shafer(1863–1918) John Adolph Shafer (February 23, 1863 – February 1, 1918) was an American botanist. Life Born in Pittsburgh, Pennsylvania, Shafer graduated from the Pittsburgh School, of Pharmacy in 1881 and worked as a pharmacist until after his marriage to Martha Tischer in 1888. In 1897 Shafer was appointed Custodian in the Section of Botany at the Carnegie Museum of Natural History and in 1904 he became Museum Custodian at the New York Botanical Garden. He received t...

新罕布什尔州

坐标:43°11′38″N 71°34′21″W / 43.1938516°N 71.5723953°W / 43.1938516; -71.5723953 此條目需要补充更多来源。 (2017年5月21日)请协助補充多方面可靠来源以改善这篇条目,无法查证的内容可能會因為异议提出而被移除。致使用者:请搜索一下条目的标题(来源搜索:新罕布什尔州 — 网页、新闻、书籍、学术、图像),以检查网络上是否存在该主题的更多可靠来源...

 

 

Проросійські виступи у Харкові (2014)

Проросійські виступи у Харкові Дата: 22 лютого — 8 квітня 2014 року (активна фаза) Місце: Харків, Україна Методи: інформаційне протистояння, мітинги, масові заворушення, захоплення адміністративних будівель, теракти, силові протистояння між сторонами конфлікту, формування �...