The term “hacking” often conjures up negative images—data breaches, compromised networks, defaced websites, and distributed denial-of-service (DDoS) attacks. Recently, the Philippines has been plagued by such incidents, further embedding the perception of hacking as a threat.

Oh Recent event has muddied the waters between malicious hacking and ethical hacking. A newspaper editor’s alleged directive to hack both public and private institutions has sparked confusion. This phenomenon blurs the lines between illegal hacking and consensual hacking—often called ethical hacking.

The National Bureau of Investigation (NBI) arrested three people for allegedly hacking government websites, Facebook accounts and banks. These activities were ordered by Art Samaniego Jr., editor of the Manila Bulletin’s tech section and the paper’s technology officer. One of the suspects claimed that Samaniego directed them to hack websites to expose the content of his stories.

A suspect insisted. Never sold or leaked Compromised data. However, does this lessen the severity of their actions?

To clarify the intricacies of hacking, consult Backend News. Crowd strikeA cybersecurity solutions company. According to Mark GowdyDirector of Services for Asia Pacific and Japan at CrowdStrike, Ethical hacking is the legitimate practice of testing the security of systems using techniques similar to those used by malicious hackers.

Understanding Hacking: Ethical vs Harmful

Malicious hacking, often highlighted in the media, involves unauthorized access to networks to commit crimes such as data theft. This form of hacking is illegal and has serious legal, financial and reputational consequences. Under the Philippines Cybercrime Prevention Act of 2012 (Republic Act No. 10175)“unlawful access” is a punishable offence.

In contrast, ethical hacking, or white hat hacking, involves security testing with permission. Ethical hackers work within legal boundaries and are often employed by organizations to identify and fix vulnerabilities.

Goody explains that ethical hackers object to the term “ethical,” as it suggests that hacking is inherently unethical. Instead, they prefer to be recognized as professionals who help secure systems against threats.

The Role of White Hat Hackers

Many companies hire ethical hackers, also known as penetration testers or raid tamers, to test the defenses of their systems. This practice is similar to quality control in other industries. Penetration testers use the same techniques as attackers to find and fix vulnerabilities before malicious hackers can exploit them.

Penetration testing involves chaining threats into attack paths to achieve specific results, while vulnerability scanning focuses on identifying individual vulnerabilities using automated tools.

“With the rise of advanced threats such as APTs and ransomware, penetration testers have had to specialize in areas such as web application testing, cloud platforms, exploit development, or reverse engineering,” Gowdy explained. “These experts provide actionable recommendations to strengthen security based on their findings.”

Ethical hackers don’t necessarily come from a malicious background. “Anyone with the necessary skills and commitment to ethical standards can become an ethical hacker,” emphasized Gowdy.

Tools and Techniques of Ethical Hackers

According to Goody, white-hat hackers often use tools like BurpSuite and NMap.

“Burp Suite allows them to analyze and modify web applications to uncover vulnerabilities in applications,” he said. “Nmap helps identify services running on IP addresses, which is critical to finding potential entry points. They are used for command and control (C2) frameworks such as Cobalt Strike, Sliver, or Mythic for Red Team exercises. These tools can create and remotely control malware implants, which can provide a foothold for further attacks in simulated environments.

Legal Limitations and Ethical Considerations

Consent is the foundation of ethical hacking. Gowdy emphasized that penetration testing and red-teaming must be accompanied. Express permission From system owners. Ethical hackers must adhere to all agreed upon guidelines and legal boundaries.

The main goal of ethical hacking is to expose security flaws in a controlled manner to prevent unnecessary damage. Transparency is important; Ethical hackers must provide clear reports to system owners, ensuring that identified vulnerabilities are understood and addressed.

The importance of responsible disclosure

Responsible disclosure includes notifying vendors of vulnerabilities and giving them time to fix problems before making the details public. This process reduces the risk of exploitation by malicious actors.

Gowdy outlines steps for responsible disclosure:

  1. discovery: Ethical hackers see a weakness.
  2. Reporting: They securely report it to an arbiter like the affected organization or bug bounty platform.
  3. affirm: The organization verifies the threat.
  4. Remedy: A fix is ​​generated and applied.
  5. Disclosure: The risk is publicly disclosed to the creditor.

It is important to note that ethical hackers play an important role in securing systems, especially those that handle sensitive data. Their expertise is critical in testing for vulnerabilities that can be exploited by malicious actors. Hacking without consent is just malicious hacking.

CrowdStrike, a global cybersecurity provider, has redefined advanced security with the world’s most advanced cloud-native platform for protecting key enterprise risk areas – endpoint and cloud workloads, identity and data.

Source link