Can you hack it? Ethical Hacking skills in demand

Archive for Information Security Analyst

Can you hack it? Ethical Hacking skills in demand

Turn on the news and you will undoubtedly hear about some new cyber-attack. They happen to individuals, large organizations, financial institutions, retailers, and even government agencies. The latest and now very public issue regarding our nation’s security is the persistent computer-hacking problems the US has been having with China, spanning a decade! These cyber-attacks are quite disturbing because hackers can steal intellectual property, weapons, financial data and other corporate IT-Security-300x261secrets. You may have also heard claims that the US government could be the biggest hacker in the world, investing millions of dollars in offensive hacking operations. Hmmm, that will get you thinking. The point is, Cybersecurity is crucial in this age of advancing technologies, and hacking is one skill that can provide insight and solutions to the rampant stream of cybercrime. President Obama recently stated, “Cyber threat is one of the most serious economic and national security challenges we face as a nation” and “America’s economic prosperity in the 21st century will depend on cybersecurity.” With cyber-attacks on the rise with no sign of slowing, the demand for hackers is higher than ever.

White Hats off for Ethical Hackers
Although there are those who will not support hacking in any way, shape, or form, the growing threat on information systems is evident, and we need to be able to counteract, or even better, prevent these attacks. The terms hacker and hacking typically carry a negative connotation as they are commonly associated with the skill of unlawfully breaking into computer systems. But not all hackers are bad. In fact, through ethical hacking, these ridiculously skilled people have the ability and knowledge to navigate computer systems, diagnose security flaws, and provide insight and solutions to the problems created by “crackers”. An ethical computer hacker, or a computer security expert, aka White Hat hacker, specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. Their job is not to break-in and cause damage, but to determine how to break-in current systems, point out vulnerabilities, and provide suggestions on how to make penetration of the system less likely by Black Hat hackers. Ethical hacking jobs are done with consent from the target.

Although hackers are constantly teetering the gray area, by following certain guidelines hackers can stay within the legal boundaries and out of trouble. Unfortunately, not all do, and eventually some cross over to the dark-side of “cracking” aka Black Hat hacking. On the flip-side, some Black Hat hackers have found the light (mostly after being busted and serving time) and are now White Hat hackers working for government agencies, or running their own consulting firms. (We dive into the famous and infamous hackers in our “Cracker busting Hackers” blog.)

Avoid the underground – the dark side of “cracking”
Although Black Hat hacking can create an exciting big screen drama, the damage it can create in real life can be devastating, costing large amounts of resources and money. Black Hat hackers are those who unlawfully break into computer systems for malicious reasons or personal gain. They can be motivated by profit, protest, or challenge. These are the ones that give hackers the bad rap. These are the bad guys you hear about on the news – the ones that steal confidential information from credit card companies, or money from financial institutions. They cause major damage, comprising security and functionality of websites and networks. They steal:

Client or customer information or other business data
Credit card details and social security numbers, for identity fraud or theft
Passwords for access to our online bank, ISP or web services
Email addresses, which may be used for spamming
Children’s names, photographs, ages or other of their personal details held on the computer
DDoS (Distribution Denial of Service) attacks

Andrew Auernheimer, a 26-year-old independent security researcher, was sentenced to 41 months in prison for programmatically scraping user information from a public AT&T website and sharing it with Gawker.com. Auernheimer was charged under the Computer Fraud & Abuse Act, which many feel is too broad. After he was convicted, Auernheimer wrote for Wired that the selective prosecution of some security researchers will deter future hackers from ever disclosing exploits, even critical ones that effect national security. Do you think Auernheimer has a point?

Certified Ethical Hacker Training & Certification
With so many types of cyber-attacks, protection is vital and many people rely on the ethical hackers to help with their protection strategies. People who enter into this particular field are typically computer savvy, and have acquired much of their computer knowledge through self-teaching methods. They likely have a solid understanding in computer programming, and possess creativity skills. In addition to computer programming courses, those interested in ethical hacking should explore certified ethical hacking training, and certifications. The International Council of E- Commerce Consultants offers a professional certification – Certified Ethical Hacker (CEH). CEH training courses provide students with interactive environments where they learn to scan, test, and penetrate their own systems, through various techniques and tools used by black hat hackers. They learn all about ethical hacking and countermeasures. Students are typically required to provide signed documentation that they will not use this knowledge for malicious purposes.

Some of the techniques that hackers use to penetrate the systems include:

Vulnerability Scanner
Password Cracking
Packer Sniffer
Spoofing Attack (Phishing)
Rootkit
Social Engineering
Trojan Horse, Viruses, & Worms
Key Loggers
In addition to CEH training, inspiring hackers should explore these other IT Security courses:

CISSP: Certified Information System Security Professional
Certified Penetration Testing Engineer
Certified Forensics Examiner
Job opportunities and salaries for Ethical Hackers
With the majority, if not all, important business information being stored on computer networks, IT security is more important today than ever before. Both public and private organizations face cyber threats, and take security of confidential information very seriously. A CEH is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems for the purpose of finding and fixing computer security vulnerabilities. Who better protect your information than a Hacker? Because of this way of thinking there are plenty of job opportunities available for Certified Ethical Hackers (CEH). Here are some of the job positions that CEHs in the US currently hold along with their associated salaries:

Median Salary by Job – Certification: Certified Ethical Hacker (CEH) (United States)Median Salary by Job

Choose the life of a hacker, not a cracker
If you’re going to lead the life of a hacker, you need to be conscientious and responsible as some areas start to look gray, and less black and white. Becoming certified and knowing the law will help you stay out of trouble. White Hat hackers often become Black Hat hackers, and vise-versa. If you are a hacker, we highly encourage you to use your powers for good versus evil. We get it! Hackers enjoy cracking codes. It’s fun! So why not get paid to do it? Get certified and get paid to do what you love. The outlook on finding a job and keeping a job in this field is very promising, as cybercrime increased 8.3% from 2011 to 2012. Ethical hackers have the opportunity to save people, organizations, and agencies from falling victim to costly cyber-attacks. Avoid crossing over to the dark-side, or be prepared to spend life on the other side of steel bars. Go down in history as a famous Hacker, not an infamous Cracker. Read about the most notorious Hackers & Crackers on our next blog.