I would imagine that if I asked the average person what an ethical hacker was then they would probably suffer from selective hearing and just hear the word “hacker”. Furthermore, they’d probably give me strange looks if I then went on to mention what colour hat the guy was wearing.
Non-computer security people don’t tend to know that the world of hacking is divided into various groups such as black hat, white hat, grey hat and others. And they probably don’t care either.
Incidentally, an ethical hacker falls loosely into the category of white hat hacker, though many would probably prefer to simply be known as a computer expert.
Not for profit
An ethical hacker will take their set of advanced computer and programming skills and will apply them in order to discover vulnerabilities in computer systems. Unlike a black hat hacker, the ethical hacker will not be looking to make money or otherwise profit from the vulnerabilities that they describe. Instead, they will evaluate them, and look for ways that companies can overcome them so that they will have a more secure system when a black hat hacker does come along.
Even though there is a growing trend in companies hiring ethical hackers to test their computer system security it is a discipline that is still considered to be hacking nonetheless due to the fact that it still utilises computer knowledge to penetrate systems.
However, the “ethical” tag is appended because the ‘hacking’ takes place at a company’s behest and is designed to benefit them. An ethical hacker will look to break into a company’s computer systems in much the same way that a black hat hacker would. Once they have found one or more weaknesses they will report back to the company, possibly adding a list of suggestions as to how they can make their systems more secure in the future.
The thinking here is that an ethical hacker should be able to find all the same vulnerabilities that a potential attacker could and it is quite possible that they will. Whilst many ethical hackers will have come through a computer science education there are also many others who will have learned all about black hat hackers through having been part of that very community in the past.
Whilst it is quite possible for a black hat hacker to become an ethical hacker who stays on the right path, I’m sure the temptation to stray back to old ways must be great, so be careful who you employ to penetrate your computer systems!