As Informational Technology (IT) continues to grow it continues to have a major impact on the economy, businesses, and individuals’ lives in America, as IT is advancing . Businesses have become a more technological work force because they deal with a plethora of messages and communications, and they are operated by a network of teams. This means that data is electronic.
Almost all businesses use IT. This is due to the fact that IT enables businesses to have more accessibility, and it is more convenient. However, a more digitized business environment means that businesses are more prone to cyber attacks. With more and more companies starting to do more commercial transactions that are conducted electronically as well as embracing new technologies like cloud computing, the threat that comes from security breaches invites a rather demanding the need for stronger and more efficient information security systems. It seems that the average cost of data breaches will become over $150 million by 2020, and the global annual cost is expected to be $2.1 trillion. The estimated cost of the first half of 2018 alone was approximately 4.5 billion records were revealed due to a series of data breaches. Likewise, consumers have been on the switch to a more digital way of life. Personal data such as photos, credit card information, and even documents has become digitized. The rising threat from cyber-attacks has exposed the huge need of people in this field. These people are known as ethical hackers.
Ethical hacking has been extremely important in this digital era. Ethical hackers are beneficial to businesses and individuals because they help prevent cyber attacks from maintaining access. Ethical hacking plays a huge role in the economy and society. Ethical hackers are extremely beneficial in that they keep businesses and people’s data more secure. However, it is hard to determine the integrity of an ethical hacker. When an ethical hacker has bad intentions, this can create dire consequences to society and businesses. In this essay, I will be exploring to what extent does ethical hacking protects individuals and businesses from malicious hackers.
History of Ethical Hacking and Background
“Ethical hacking” is a phrase that was first used in 1995 by John Patrick who is the IBM Vice President. People argue that ethical hacking is the goal of a large majority of hackers. Sadly, though, current media perception still remains that hackers should be considered criminals. In order to understand the truth better, we need to analyze the history of ethical hacking. It is interesting to note that the history of ethical hacking and hacking are actually heavily intertwined. Since current portrayal of hackers is that they are all cybercriminals or have malicious intent, the word “hacker” always has a negative connotation. But it isn’t always a bad thing to be a hacker. Actually, the word itself was invented in a modern context at MIT.
In the 1960s, the term hacking was utilized by engineering students. The term simply meant ‘finding different ways to optimize systems and machines to make them run more efficiently.’ In fact, hacking was considered a creative activity that was carried out by the most intelligent people in the world. It’s interesting that the idea of an ethical hacker was actually invented before there was a criminal hacker.
It was during the 1970s that the world of hacking started becoming muddled with criminal actions. Due to the increasing popularity of computers, people who understood programming languages and computer systems began to try and test a lot of these systems and try to understand the capabilities of these computers.
During this time, there was also an uprising of “phreaking.” Phreaking is defined as ‘the practice of manipulating telecommunications systems.’ People who would do this were called ‘phreakers,’ and they started really understanding how these telephone networks worked. Many people were able to use devices that they made to mimicked the dialing tones so that they could to route their own calls, which helped them make calls without being charged. In particular, this helped with very expensive, long-distance calls. This is seen as arguably one of the first times that hacking was ever utilized for illegal purposes by a large amount of people.
At the same time, though, governments as well as companies began to see the benefit of having technically proficient experts to help them actively seek out weaknesses in their systems. This would allow these companies solve problems in their systems before such weaknesses were exploited by the people. These groups of specialized experts were referred to as “tiger teams.” The American government was especially prone to using these teams in order to reinforce the US defences from vulnerabilities and external attacks.
In the 1980s and 1990s, hacking started to really be linked exclusively with illegal activity. The booming popularity that the personal computer industry saw, seeing the PC as a crucial tool for businesses and individuals alike meant that there was lots of important data that was stored. Now even the smallest details about everything were stored in computer programs rather than in physical form. This led to hackers starting to see possibilities of stealing user information that could easily be sold to others or even be used to defraud big companies.
Hacking started becoming prominent in the media – and it wasn’t in a positive way. Hackers were seen as criminals who would use their hacking skills to access people’s private computers and steal their data. They were notorious to blackmail businesses into paying large amounts of money to them in exchange for the information they hacked. Today, we refer to these types of hackers as black hat hackers: people who utilizing their hacking abilities for solely malicious intent and are usually connected to a large variety of heinous activities. These hackers are the ones who gain the majority of media attention, including high-profile hacks on huge companies such as eBay or Sony in recent years. The process of how ethical hacking is done is in six phases: reconnaissance, scanning, gaining access, maintaining access, clearing tracks, and reporting. Reconnaissance is the phase where there are active or passive means that are used for information gathering, and the tools used are for this purpose are NMAP, Hping, Maltego, and Google Dorks. When scanning occurs, there is a network, target machine, or database that is explored by a hacker to exploit the vulnerabilities in the system. Some of the tools used during the scanning process are Nessus, Nexpose, and NMAP. When hackers are trying to gain access, they are trying to enter into the system and find where the vulnerabilities are located and see if they can potentially be exploited. The main tool used during the gaining access process is Metasploit. During the maintaining access process, the hacker has gained access to a system. This is where backdoors are installed so that a hacker can access the system when he or she desires access in a system in the future. This tool that is used in this process is Metasploit. During the process of clearing Tracks, a log of activities that take place in the process of hacking are mostly erased in this process. The final step of the ethical hacking is called reporting. In this step, a report is then assembled by the hacker with their findings about the job they did, including tools used, their success rate, the potential vulnerabilities found, and their exploit processes.
Use of Ethical Hacking in American Businesses
There has been a huge demand of ethical hackers in businesses due to the fact that businesses are becoming more digitized. Transactions and storing data have been switched over to cloud computing. Cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. The reason so many American companies have moved to cloud computing is for efficiency. Companies have reduced funding on traditional software systems in order to fund a move to cloud computing. There has been big providers in the IaaS(Infrastructure as a market) market such as Amazon, Microsoft, Azure and Google Cloud Services that have been growing. Their revenues have increased 40 percent per year since 2011.
These companies help manage companies making or that have made a switch to cloud computing. There were many American companies that were not completely sure about hiring ethical hackers. However, this is changing. There is about a one million person shortage of cyber security specialists which includes ethical hackers, however the field has drawn attention to a lot of young individuals who have been looking to be in a field where there is high demand. In order to entice college students to want to work in cyber security, many universities such as Stanford University and UC Berkeley University have created new majors and that will train people about the basic principles of ethical hacking. Universities have created these types of majors so that companies will be able to have the chance to connect with extremely qualified hackers. Hiring ethical hackers has been high in demand in the past couple of years. In 2015 IBM had hired 1000 hackers. Many of these hackers are employed in order to conduct what are known as penetration tests.
A penetration test, as mentioned in the previous section, is completed for the sole purpose of finding out how someone could potentially gain access to into a secured network. The big reason for companies to hire ethical hackers is due to the fact that the need people that think the way hackers do. This allows many businesses to prevent any hacking or exploiting or an unwanted party. Hypothetically, when a company representative asserts the thought that it is very beneficial to employ thousands of ethical hackers to help strengthen network security, it is more difficult for detractors to make an opposing stance. This is due to the fact that IBM is extremely credible and has a solid reputation in the tech industry.
Because of the rising interest level in things related to cybersecurity, companies can’t merely stay intentionally in the dark about potential security-related problems. If they do, competitors may call them out. A similar kind of announcement happened recently when Google exposed one of Microsoft’s vulnerabilities before the latter company issued a patch for it. After that announcement, Microsoft’s representatives had to scramble and deal with the unwanted publicity — and they weren’t thrilled with Google’s security team for spreading the word about the issue. Companies not only have to worry about criminal hackers infiltrating their systems, but legal ones uncovering issues and raising awareness. Through an initiative called Project Zero, Google has hired ethical hackers, or “security researchers” to expose internet-wide security problems. Potentially then, if a business has an online presence and isn’t doing what’s necessary to keep things secure, Google might go public about those shortcomings.
Major companies, including Home Depot and Target, found out the hard way about recovering from massive data breaches. To be more proactive about preventing those attacks, brands are employing ethical hackers to try and compromise new features, having them act as if they were illegal hackers intending on grabbing customers’ details. A Citibank branch in Bahrain even discusses its use of ethical hackers on a page outlining measures taken to beef up security for customers. The mention appears alongside precautions such as 128-bit encryption and periodic security audits.
The Citibank example indicates a couple of things. Firstly, ethical hacking is becoming so commonplace that companies confidently admit they’re doing it and trust customers will understand and accept their reasons. Secondly, the hiring of ethical hackers is a worldwide practice. The partnership between ethical hackers and banks may initially not seem like a very likely one. However, the banking industry is beginning to capitalize on hiring cybersecurity experts to keep customer data secure, along with other reasons. It’s no secret that cloud computing is experiencing tremendous growth. It’s also a field that looks for people who are knowledgeable about ethical hacking. That skill is considered by some to be among the most desirable in people who are interested in cloud computing careers. One of the main reasons why shouldn’t come as a surprise.
Consider how much information companies store in the cloud. The more data that’s there, the more attractive a target it is for hackers. If a company suffers a malicious hack that only affects its on-site data, that’s bad enough — a cloud infiltration is often much more severe. Even after reading the information above, some companies still balk at hiring ethical hackers. Representatives might convince themselves the associated expense isn’t worthwhile because a hacking attempt might never occur. Statistics say cyber attacks cost US companies $15.4 million each year. Besides the direct monetary losses, they compromise jobs and wreak havoc on carefully built reputations.
Impact On Technology
There is no harm to say that almost nothing is secure in the technological world. Information are available to everyone for very reason. There are certain tools available through which anybody can easily get the information related to any system either local or remote. Ethical hacker can easily get the IP addresses of any system and may harm it. For ethical hackers there are many tools available in the global market to help them to do their job effectively. NMap is the effective tool which is available on internet to download and use, it help an ethical hacker to find open ports of the different systems. Acunetix is the tool which tests for web applications vulnerabilities and it is available on internet for an ethical hacker it is very easy to use and get the information. These tools are being used by a normal hacker or by an ethical hacker without any discrimination. Hackers may use them for criminal intentions whereas ethical hackers will use them for the organizations benefits and to identify the weaknesses and flaws in
the network security.I will take an example of Google search engine, while searching some information over the internet on Google we don’t find the valuable information because of the privacy concern of the Google to those companies. It is actually not ethical for Google to hold any kind of information for Cyber Times International Journal of Technology & Management any company; it may good for hacker but not good for target. In this context companies must ensure that none of the sensitive or secure information should send across the internet. It should not the responsibility of the search engine to show which information and which not to show to the targets rather itis should be prime responsibility of the company and its employees for not to give the sensitive information on the internet. It is like the same way that for shipping the some valuable package and it is decided to send using online system to save the time but it has to go to the post office.
Social Consequences from Ethical Hacking
Hackers are having very measurable impact on the society. They are attracting more and younger generation. Though ethical hacking is not bad but it is also very important to know that what exactly ethical hackers are doing for the interest of society. If we treat hacker is the person who pushes technology beyond perceived norms, there are several fields in computing where ethical hacking or ethical hackers made a measurable impact. Now a day’s internet has become the gateway for any computer to connect to the entire world, which also makes it vulnerable to attacks from the hackers across the world. It is really very hard to teach students hacking. Though students are more interested to learn this new technique. It is again a hard reality that if teacher is teaching them the concept of hacking he/she can ensure that how a student is taking it. It is very much possible that student will be curious to hack the other computer and may do some bad activities as well. It is not the task of argument that what an instructor is teaching them and we cannot say this also that why they have opted this course for learning. I believe that entire class is taking the lecture in a simple manner but there may be few students who are having bad intentions and can do hacking. As far as global technological knowledge is concerned it is very important to give the latest knowledge to students in the field of IT and other related areas. “A very big problem with undergraduate students to teach this approach that a teacher is effectively providing a loaded gun to them” (Marsh). There is one another a very big problem with undergraduate students that they actually don’t understand the importance and effectiveness of the hacking, but yes definitely they want to apply it either for good or bad purpose. There are number of students even of first semester are always come with this request that when we can have workshop or special classes for Ethical Hacking. It is really very surprising that they don’t know about even the ethics of computer but they want to go for hacking which is ethical, as per their understanding. There are few measures which can take place at the university or college level for students to not indulge in hacking activity which may harm at later stage. University can take personal interview, checking for the criminal background and some sort of professional certification from the students. Students are mainly going for the security courses there they can easily learn the hacking and its effectiveness. They are getting attracted towards this new aspect of learning where they can hack anybody’s computer or any peripheral device in few minutes. By taking some kind of workshops and training we can make them understand that ethical hacking is not good if it is not containing ethics. Again it is also a hard reality that ethical hackers are highly paid individuals. We have to make sure that by doing such activities ethical hacking should be ethical. If we don’t have above measures in place then we have to ensure it manually that our systems are safe and secure. So ethical hacking can also ensure about the safety and security of our system if it is done ethically.