Before I answer that question, let me ask another one...
What is hacking?
Hacking can be described as the process of making something do something its creator/inventor/manufacturer never thought it could do.
Hacking is nothing new, and it is not the sole domain of the IT world.
Take the very popular term Life Hack. A life hack is a way of utilising an everyday object in a new manner, often to make things easier or quicker. I’m sure you’ve all seen YouTube videos of different life hacks.
Petrolheads have, for decades, customised their cars internally, externally or under the bonnet to make them faster, louder, lower, better looking or just different. This is another form of hacking.
These examples are for the most part completely legal things to do, although maybe some of the petrolhead examples blur the boundaries somewhat, but you get the idea.
I.T. hacking, however, often isn't legal.
In 1990, the UK Government enshrined into law the Computer Misuse Act making the following behaviours illegal:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate the commission of further offences.
- Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer, etc.
- 3ZA. Unauthorised acts causing, or creating risk of, serious damage.
- 3A. Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA.
As you can see, computer or IT hacking could often see the instigator cross the boundary of the law.
However, in order to find out if your IT estate has any weaknesses that a threat actor could utilise to gain illegal entry to your systems, you often have to carry out those very same illegal acts in a controlled manner.
This is ethical hacking.
Ethical hacking utilises the very same knowledge, tools and processes as illegal hacking but it has one major difference – authorisation.
An ethical hacker or pentester (penetration tester) will have the authorisation of the system owner to try to subvert or break the system in order to find its weaknesses so that remedial work can be done to fix those issues to stop illegal hackers from getting unauthorised access.
Ethical hackers follow a code of ethics.
Ethical hackers have a moral compass which points in the right direction.
After leaving a career as a mechanical and electrical engineer in 1998, Mark started out with a fresh career as an IT trainer. Spending the first few years as an applications trainer, Mark excelled in delivering Microsoft Office and Adobe products. In line with his background as an engineer, Mark soon shifted focus to more technical deliveries, including hardware and networking topics, a field he has remained in ever since.
As a natural progression of his career, Mark started to explore the security aspect of his existing competencies and since 2005 has specialised in the cyber security domain. Mark has been the author of a number of QA cyber security courses and was the design authority and author of the 2017 NCSC Cyber First Academy. Mark is a C|EH, a Certified EC-Council Instructor, and a CISSP.
More articles by Mark
Massive cyber attack on US government and companies underway
Pi-Hole: The DIY ad-blocker & malware defender all in one box
Mac attack! Apple malware on the rise
How random is random?
Sometimes an attack might be right in front of your eyes!
Who you gonna call?
Denial of Service attack for iOS devices
Safer Internet Day 2019