Professor Julie Gay
25 April 2016
Cyber Lights and Digital Darks
Music, books, education, banking, and the stock market: These are things that are being increasingly put online rather than being something physical and visible for the sake of convenience. Day by day, year by year, gradually more ideas and practices are being thrown onto cyberspace. As this growth continues, the increasing importance of the World Wide Web leaves itself vulnerable to blind spots in its own structure. Humans being what they are, there are always those of us that seek to take advantage of these blind spots, and in the case of the web, these are known as hackers in the connotative sense. There is far more to it than that, though. Hackers, denotatively, are categorized into two main groups: Black Hat Hackers, and White Hat Hackers. This piece will focus on the differences between them, as well as the profound effects that each may have.
While the origin of said names dates back to spaghetti westerns, the only similarity between the cowboys of those movies and the hackers of today are the motives. Black-hats, aka Outlaws, have no one single reason for perniciousness that encompasses the group as a whole, but a plethora of motives that usually leads to malicious acts. White-hats (aka Sheriffs) on the other hand, seek to correct and prevent these nasty deeds; though compared to the cowboys of old that often used very different methodology than their counterparts, modern day White-hats use the somewhat similar methods of their malevolent colleagues to fix and/or prevent the actions of said adversaries.
Before getting into the differences between White-Hats and Black-hats, it is important to understand the basic method of hacking that both use, albeit to varying degrees and purposes. The five-step method starts with Reconnaissance, when the hacker will be gathering as much information about the target in question before starting the attack (Pangaria, 2013). Next up, the hacker will Scan for open and closed ports, as well as any vulnerabilities the target’s operating system may have. Third on the list is when things get risky, as the hacker will try to gain control through password cracking, and steadily increasing their own privileges with the system (Bansal, 2012).
Moving to the most damaging bit, the hacker will then attempt to maintain access through opening back doors into the system, inserting Trojans, and even leaving “Zombie” computers for further attacks. The piece-de-resistance is somewhat optional, but if the hacker is worth their salt, they will cover their tracks through overwriting the system and application logs (Pangaria, 2013). With this basic, yet convoluted method in mind, it is finally time to move on to discrepancies between our internet champions and scoundrels.
1. Black-Hat Hackers
Let’s start with our virtual assailants: The Black-hats, also known as Crackers. These guys have a wide-gap between amateurs and experts, and a variety of different methods, whether it is a Script-Kiddy (a want-to-be hacker) with a basic virus script, or an Elite Hacker taking advantage of the slightest flaw in a government’s “top-notch” security program. Regardless, the intent is never good and at least one person, if not hundreds or hundreds of thousands, get screwed over.
We’ll focus in on the most basic sort of victim: the people or even just a single person. When someone, however gullible, falls for a fake promotion (e.g. FREE IPHONE 6, JUST CLICK AND ENTER YOUR CREDIT CARD INFO), an online Ponzi scheme, or is robbed (unbeknownst to the victim) of all of his or her personal information, you can be sure a Black-hat is the orchestrater of essentially ruining the common layman (Aggarwal, 2014)–and it’s all just to make a quick buck.
If a Black-Hat wanted to make some bigger bucks, they’d hack into a business, large or small. What they normally do for this sort of fudgery is to use some form of malware (such as a Trojan or a worm) to scan for a business’ security information, such as IP addresses or user account information (Bansal, 2012). Once said Black-Hat hat(s) access, he/she would transfer funds from the business to themselves (Aggarwal, 2014), thus bankrupting said business. If left unsolved, many would lose their livelihoods, since the money the business would’ve used to pay them was stolen.
2. White Hat Hackers
Time to lighten things up, no? White-Hats, more commonly known as I.T. guys, work to prevent those previously mentioned cyber-corruptions. Unlike Black-hats, nearly every White-hat is well-educated, or just plum smart. The problem with White-hats is their connotation: Since they are technically still hackers they are not looked upon highly, nor are they easily trusted, as around 90% of cyber-attacks happen from within a victimized institution (Munjal, 2014). That isn’t to say that the White-hats are responsible, but they do have a reputation within said institution of being capable of hacking.
Due to the fact that hacking complaints are exponentially increasing, it is becoming all the more vital for security standards to increase (Pangaria, 2013). Luckily, Black-hats and White-hats are essentially two sides of the same coin. Using what are essentially the same techniques (whether it is the basic scheme described earlier, or some other form of cyber-offense such as a DDoS attack or a worm) a White-hat will investigate the organization. He or she will apply these processes–with the consent of their employer–to point out the flaws and vulnerabilities of an institution’s system (Munjal, 2014).
White-hats have had effects on more than just cyber-safety, though. The vulnerability of the Internet is beginning to impact education as well. More and more institutions are teaching students all about basic White-hat hacking (Munjal, 2014). The intention is good and as a result, more and more White-hats are being trained and certified each year (Brown, 2015). The problem then lies in the fact that life is never certain, and with people, this is especially true. No educator can guarantee that their students will take the information they learn (in this case, Ethical/White-hat Hacking) and put it to good use (Munjal, 2014).
There you have it: the outcomes and distinctions of Cracking and Ethical Hacking. So what can be drawn from all the points made herein? Hacking is a necessary evil? Not exactly; while it is true that both Black-hats and White-hats are bound to exist so long as the Internet does, that doesn’t mean it’s a pointless, never-ending conflict. Cyber-security, and any form of communicative and financial technology for that matter, is ever-evolving. Evolution, regardless of being biological or technological, is never a bad thing. New methods, strategies, and adaptations on both sides of the figurative chess board of technology are constantly being created, reborn, and cycled out.
The motive for all of this electronic development of cyber-security and hacking alike is quite off-putting: Money. Indeed, regardless of whether an IT student goes to the dark side of cracking or the virtuous profession of Ethical hacking, the initial motive for all is that they want to make bank. And indeed they do, as both White and Black hats are well-compensated for their line of work (Brown, 2015). They need to be, or else no one would or could bother to try to attack or protect an institution’s virtual structure of accounts, numbers, and assets.
-Aggarwal, P; Arora P; Neha; and Poonam “Review on Cyber Crime and Security” International Journal of Research in Engineering and Applied Sciences [I.J.R.E.A.S.] (2014) Web; Retrieved from http://www.mgijournal.com/ 25 April 2016
– Bansal, A; and Arora M. “Ethical Hacking and Social Security” Journal of Radix International Educational and Research Consortium [J.R.I.E.R.C.] (2012) Web; Retrieved from http://rierc.org/ 25 April 2016
-Brown, C. “White or Black Hat? An Economic Analysis of Computer Hacking.” Georgetown University (2015) Web; Retrieved from https://www.researchgate.net 8 April 2016
– Pangaria M. and Shrivastava V. “Need of Ethical Hacking in Online World” International Journal of Science and Research [I.J.S.R.] (2013) Web; Retrieved from http://citeseerx.ist.psu.edu/ 12 April, 2016
The one thing I can say about this piece is that it taught me what I.T. guys are for, as well as what they do. I have a new-found appreciation for these geeks, as well as reinforced contempt for Black-Hat Crackers. I hate to say that there isn’t too much we can do about current Black-Hats, but there are a few things we can do to prevent more coming onto the online scene. Namely, more thorough tests of character as part of a final exam for a course(or courses) relating to Ethical Hacking. As for tracking down those nefarious nerds, it would take a top-notch White-hat team under government employ (which probably exists, but could be improved upon) to end their reign of obnoxiousness.