Cyber Security

What is ethical hacking?

Mark Amory explains what ethical hacking is and why it's important that every company uses pentesting to safeguard their IT systems.

Before I answer that question, let me ask another one...

What is hacking?

Hacking can be described as the process of making something do something its creator/inventor/manufacturer never thought it could do.

Hacking is nothing new, and it is not the sole domain of the IT world.

Take the very popular term Life Hack. A life hack is a way of utilising an everyday object in a new manner, often to make things easier or quicker. I’m sure you’ve all seen YouTube videos of different life hacks.

Petrolheads have, for decades, customised their cars internally, externally or under the bonnet to make them faster, louder, lower, better looking or just different. This is another form of hacking.

These examples are for the most part completely legal things to do, although maybe some of the petrolhead examples blur the boundaries somewhat, but you get the idea.

I.T. hacking, however, often isn't legal.

In 1990, the UK Government enshrined into law the Computer Misuse Act making the following behaviours illegal:

  1. Unauthorised access to computer material.
  2. Unauthorised access with intent to commit or facilitate the commission of further offences.
  3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer, etc.
    • 3ZA. Unauthorised acts causing, or creating risk of, serious damage.
    • 3A. Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA.

As you can see, computer or IT hacking could often see the instigator cross the boundary of the law.

However, in order to find out if your IT estate has any weaknesses that a threat actor could utilise to gain illegal entry to your systems, you often have to carry out those very same illegal acts in a controlled manner.

This is ethical hacking.

Ethical hacking utilises the very same knowledge, tools and processes as illegal hacking but it has one major difference – authorisation.

An ethical hacker or pentester (penetration tester) will have the authorisation of the system owner to try to subvert or break the system in order to find its weaknesses so that remedial work can be done to fix those issues to stop illegal hackers from getting unauthorised access.

Ethical hackers follow a code of ethics.

Ethical hackers have a moral compass which points in the right direction.

Related Articles