Dr. Roberto Di Pietro, a full professor of cybersecurity at Hamad Bin Khalifa University’s College of Science and Engineering, explains why there is a misconception about the term ‘hackers’.
The term ‘hacking’ generally has a negative connotation as many people assume that all hackers are bad, and they treat them with suspicion in the belief they have criminal intentions.
It is important to understand, though, that not all hackers are bad. Indeed, many hackers are helping to protect us from the untrustworthy ones.
In our context, a hacker is simply someone who enjoys the intellectual challenge of using computers, networking or other skills to overcome a technical problem. For example, if you have turned your vegetable mixer into a fan, or used your Arduino platform to control the watering of your garden, you could be described as a hacker.
To most people, though, the term ‘hacker’ is associated with just one thing: cybercriminals who gain unauthorized access to a computer system, or elements of it, for malicious purposes.
These hackers are known as black hat hackers. They look to exploit companies or individuals by bypassing security protocols to break into computer networks, generally for financial gain. These are the ones who make the news and give hackers a bad name, notably by gaining unlawful access to information from banks (such as that experienced by Qatar National Bank in 2016, when they suffered a serious breach) or other businesses.
Typically, black hat hackers steal personal data to be used for identity theft, or credit card information or IP data, such as industrial secrets.
Their actions are, of course, illegal but there is undoubtedly a black market for such data that makes their efforts hugely rewarding, and some believe the bad guys are winning the war against the good guys.
The trustworthy guys in this instance are known as white hat hackers, and they engage in what is known as ethical hacking. White hat hackers seek to identify vulnerabilities in current systems (be they computers, networks, or even Internet of Things elements), and possibly proposing fixes.
These names come from the old western movies of the 1960s, where the bad guys traditionally wore a black cowboy hat while the good guys tended to wear a white hat.
Although white hat hackers use many of the same skills as black hat hackers, they have to abide by several rules, such as obtaining preventive permission to force an access to a network; respecting a signed Statement of Work; observing good security practices; and following responsible disclosure; that is, reporting the identified vulnerabilities to software and hardware vendors first.
White hackers play a major role in both society and industry since they enable organizations to address the vulnerability in current and future products released to the public. For instance, a few of the Microsoft or Apple iOS security updates available to install include patches that are developed based on the security vulnerabilities found by ethical hackers.
Some will argue that hacking is hacking and that there is no such thing as ethical hacking, but reality tells a different story. Moreover, white hat hacking is growing in importance due to the increase in phishing and cybercrime.
The cost of being a victim of cybercrime is so high that a growing number of organizations are now paying big money to hackers who can identify and exclusively share with them security vulnerabilities. It was recently reported that six ethical hackers, one of whom were just a teenager from South America, each received $1 million for their security-critical findings.
Many ethical hackers claim they do so as a hobby, rather than for financial gain, but for those who do want to make a career of out this, there is an increasing number of companies employing the skills of such people. Therefore, the rewards can be huge, as Santiago Lopez – a 19-year-old from Argentina who became the world’s first ethical hacker to earn $1 million – will testify.
Hamad Bin Khalifa University’s College of Science and Engineering offers an MS in Cybersecurity and also one in Data Science. The former is conceived to allow our students to be able to reason about the fundamental properties of security, to design security solutions, and to improve the security of complex critical systems, just to cite some of the high qualifying learning objectives of our MS.
A lateral pay-off of this two-year process is for some students to discover the white hat hacker within them, while others already at that level can refine their skills and move to a superior level of knowledge and ability.
About the Author
Dr. Roberto Di Pietro, ACM Distinguished Scientist, is a full professor of cybersecurity at Hamad Bin Khalifa University’s College of Science and Engineering, leading the effort to establish a world-class research and innovation center in cybersecurity. He is an expert on FinTech services such as bitcoin and holds eight patents/provisional patents on security topics, such as blockchain technology.
The Communications Directorate at Hamad Bin Khalifa University (HBKU) submitted this article on behalf of Dr. Roberto Di Pietro. The views expressed are that of the authors and do not necessarily reflect the university’s official stance.
First Name can be reached online at (EMAIL, TWITTER, etc..) and at our company website www.HBKU.edu.qa