Before I answer that question, let me ask another one...
What is hacking?
Hacking can be described as the process of making something do something its creator/inventor/manufacturer never thought it could do.
Hacking is nothing new, and it is not the sole domain of the IT world.
Take the very popular term Life Hack. A life hack is a way of utilising an everyday object in a new manner, often to make things easier or quicker. I’m sure you’ve all seen YouTube videos of different life hacks.
Petrolheads have, for decades, customised their cars internally, externally or under the bonnet to make them faster, louder, lower, better looking or just different. This is another form of hacking.
These examples are for the most part completely legal things to do, although maybe some of the petrolhead examples blur the boundaries somewhat, but you get the idea.
I.T. hacking, however, often isn't legal.
In 1990, the UK Government enshrined into law the Computer Misuse Act making the following behaviours illegal:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate the commission of further offences.
- Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer, etc.
-
- 3ZA. Unauthorised acts causing, or creating risk of, serious damage.
- 3A. Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA.
As you can see, computer or IT hacking could often see the instigator cross the boundary of the law.
However, in order to find out if your IT estate has any weaknesses that a threat actor could utilise to gain illegal entry to your systems, you often have to carry out those very same illegal acts in a controlled manner.
This is ethical hacking.
Ethical hacking utilises the very same knowledge, tools and processes as illegal hacking but it has one major difference – authorisation.
An ethical hacker or pentester (penetration tester) will have the authorisation of the system owner to try to subvert or break the system in order to find its weaknesses so that remedial work can be done to fix those issues to stop illegal hackers from getting unauthorised access.
Ethical hackers follow a code of ethics.
Ethical hackers have a moral compass which points in the right direction.

Mark Amory
Mark Amory has been specialising in cyber security training for 15 years and is the author of several of QA's cyber security courses, as well as the 2017 NCSC CyberFirst Academy.More articles by Mark
What is a DDos attack? And how can I protect my devices against botnets?
Mark Amory, QA Cyber Security Training Delivery Manager, explains exactly what a DDoS attack is, how botnets can use compromi…
10 March 2021Massive cyber attack on US government and companies underway
Mark Amory, Cyber Security Technical Learning Consultant at QA, reports on a major cyber incident unfolding this weekend agai…
14 December 2020Pi-Hole: The DIY ad-blocker & malware defender all in one box
Mark Amory explains the Pi-Hole DNS proxy that provides a nearly ad-free web surfing experience.
09 December 2020Mac attack! Apple malware on the rise
QA Cyber Training Delivery Manager, Mark Amory, explains that while Mac users used to be relatively safe from viruses and mal…
19 February 2020How random is random?
How random something is relies on more than just thinking of a number, it relies on a multitude of tiny, imperceptible variab…
15 November 2017Sometimes an attack might be right in front of your eyes!
QA Cyber Training Delivery Manager, Mark Amory, discusses a new exploit in X.509 certificates that allows malicious code to b…
14 March 2018Weaponising GDPR
QA Cyber Training Delivery Manager, Mark Amory, discusses how GDPR regulations can make data breaches a valuable weapon to da…
19 September 2018Who you gonna call?
QA Cyber Training Delivery Manager, Mark Amory, looks at the behind-the-scenes organisations working tirelessly to help stop…
20 November 2018Denial of Service attack for iOS devices
QA Cyber Training Delivery Manager, Mark Amory, looks at a new raft of Denial of Service attacks that use little more than a…
27 November 2018Christmas Phishing
QA Cyber Training Delivery Manager, Mark Amory, looks at why phishing attacks are particularly effective over the festive per…
09 January 2019