Ethical hacker: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Ro Thorpe
imported>Meg Taylor
No edit summary
 
(18 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{subpages}}
{{subpages}}
<!-- Please ignore (but don't delete) any formatting that you are not familiar with. Others will probably chime in to help you set things up. -->
{{TOC|right}}
{{TOC|right}}
 
An '''ethical''' or  "'''white hat'''" '''hacker''' is an expert in information technology security who does not use skills to access systems for personal gain, but instead uses knowledge and experience to test systems for exploits and vulnerabilities to protect these systems.<ref>{{cite web
An '''ethical''' or  '''white hat''''''hacker''' is the term given to an expert in information technology security.  Ethical, meaning they do not use their skills to access systems for personal gain (this is the term given to a “black hat” or non-ethical hacker), but instead use their knowledge and experience to test systems for exploits and vulnerabilities to protect these systems.<ref>{{cite web
| url= http://www.wisegeek.com/what-is-ethical-hacking.htm
| url= http://www.wisegeek.com/what-is-ethical-hacking.htm
| title= What Is Ethical Hacking?
| title= What Is Ethical Hacking?
| author=wiseGeek
| author=wiseGeek
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>
}}</ref> These terms contrast with those of a "black hat" or non-ethical hacker.


==History of the ethical hacker==
==History of the ethical hacker==
Line 16: Line 14:
| author=Marilyn Leathers
| author=Marilyn Leathers
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>  Later, in the 1980s, ethical hacking moved into the telecommunications business, which had been the target of “cybervandals” trying to damage local telephone companies. In the 1990s, as banks became more available online, they too began to make use of ethical hacking to protect themselves.  Following shortly behind the banks came e-commerce websites (think Amazaon) who also made use of ethical hacking to protect themselves.<ref>{{cite web
}}</ref>  Later, in the 1980s, ethical hacking moved into the telecommunications business, which had been the target of “cybervandals” trying to damage local telephone companies. In the 1990s, as banks became more available online, they too began to make use of ethical hacking to protect themselves.  Following shortly behind the banks came e-commerce websites (think Amazon) who also made use of ethical hacking to protect themselves.<ref>{{cite web
| url= http://rmmag.com/Magazine/PrintTemplate.cfm?AID=2022
| url= http://rmmag.com/Magazine/PrintTemplate.cfm?AID=2022
| title= It Takes a Thief: Ethical Hackers Test Your Defenses
| title= It Takes a Thief: Ethical Hackers Test Your Defenses
Line 35: Line 33:
#*Can the intruder read the data, copy the data or even delete the data?  Can they modify the data they gain access to in any way?
#*Can the intruder read the data, copy the data or even delete the data?  Can they modify the data they gain access to in any way?
#Does anyone at the target notice the intruder’s attempts or successes?<ref name=Ethical/>
#Does anyone at the target notice the intruder’s attempts or successes?<ref name=Ethical/>
#*Are there any alerts should a hacker gain access to the target system?  This is probably the most important question that a white hat will answer because it indicates how long an attacker may attempt to gain access to a system before they succeed fully (and they will eventually, given enough time).
#*Are there any alerts should a hacker gain access to the target system?  This is probably the most important question that an ethical hacker will answer because it indicates how long an attacker may attempt to gain access to a system before they succeed fully (and they will eventually, given enough time).


==Methods an ethical hacker will use to obtain data==
==Methods an ethical hacker will use to obtain data==
Line 50: Line 48:


===Social engineering===
===Social engineering===
Where penetration testing uses technology to gain access to a system social engineering is noticeably lacking in technology.  Social engineering is the act of manipulating a person to accomplish goals that may or may not be in the best interest of the target.  Like penetration testing the goal is to gain information, gain access to a system(s), unlike penetration testing; social engineering has an added goal of attempting to have the target themselves perform a certain action.<ref name=Penetration/>Social engineering can make use of the following approaches:
Whereas penetration testing uses technology to gain access to a system, social engineering is noticeably lacking in technology.  Social engineering is the act of manipulating a person to accomplish goals that may or may not be in the best interest of the target.  Like penetration testing, the goal is to gain information, gain access to a system(s); unlike penetration testing, social engineering has the added goal of having the targets themselves perform a certain action.<ref name=Penetration/>Social engineering can make use of the following approaches:
*''Pretexting'' - Lying to the target in order to obtain privileged information.  The pretext is the hacker’s motive.<ref>http://searchcio.techtarget.com/definition/pretexting</ref>
*''Pretexting'' - Lying to the target in order to obtain privileged information.  The pretext is the hacker’s motive.<ref>http://searchcio.techtarget.com/definition/pretexting</ref>
*''Diversion theft'' - Used mostly with theft, but still considered a Social Engineering method.  The purpose is to convince a legitimate delivery person who is bringing a delivery to an address, that the package is requested some where else.<ref>http://s260f.weebly.com/index.html</ref>
*''Diversion theft'' - Used mostly with theft, but still considered a Social Engineering method.  The purpose is to convince a legitimate delivery person who is bringing a delivery to an address, that the package is requested some where else.<ref>http://s260f.weebly.com/index.html</ref>
Line 59: Line 57:
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>  For example, an ethical hacker may send an email, pretending to be a member of the organizations IT support team in order to have the user provide them with login credentials.  They could go further by creating a custom website to pose as a password reset application for the company in order to get passwords and login information.
}}</ref>  For example, an ethical hacker may send an email, pretending to be a member of the organizations IT support team in order to have the user provide them with login credentials.  They could go further by creating a custom website to pose as a password reset application for the company in order to get passwords and login information.
*''IVR or phone phishing (aka. Vishing)'' - The use of a Interactive Voice Response (IVR) system to create an official sounding Bank IVR system to trick people into providing their personal information.  An example is where a hacker will pose as a bank employee or they will even use another IVR message to advise the target they have to call into the bank to correct an issue.  They provide a number (not the bank’s) for the target to call in on and when he\she does, they record their account information as it is entered into the phone.<ref >{{cite web
*''IVR or phone phishing (aka. vishing)'' - The use of an interactive voice response (IVR) system to create an official-sounding bank IVR system to trick people into providing their personal information.  An example is where a hacker will pose as a bank employee or even use another IVR message to advise the target they have to call into the bank to correct an issue.  They provide a number (not the bank's) for the target to call in on and when he/she does, they record their account information as it is entered into the phone.<ref >{{cite web
| url= http://wiki.docdroppers.org/index.php?title=Social_engineering#IVR.2Fphone_phishing
| url= http://wiki.docdroppers.org/index.php?title=Social_engineering#IVR.2Fphone_phishing
| title= Social Engineering
| title= Social Engineering
| author= DocDroppers
| author= DocDroppers
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>  A hacker could even perform something similar in that they perform the same method, but instead attack a company employee in order to have them attempt to enter their password via the telephone.
}}</ref>  A hacker could even perform something similar in that they use the same method, but instead attack a company employee in order to have them attempt to enter their password via the telephone.
*''Baiting'' - A hacker will leave a CD-Rom or USB flash drive where it is sure to be found. When a person places the unit into their system it installs Malware (possibly viruses).<ref >{{cite web
*''Baiting'' - A hacker will leave a CD-Rom or USB flash drive where it is sure to be found. When a person places the unit into their system it installs malware (possibly viruses).<ref >{{cite web
| url= http://www.cyberwarzone.com/content/social-engineering
| url= http://www.cyberwarzone.com/content/social-engineering
| title= Social Engineering
| title= Social Engineering
Line 71: Line 69:
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>  This malware could simply cause issues on a target’s system or could even be used to pass personal information back to the hacker.  Baiting is one of the only social engineering methods that will use technology to attain its goals.
}}</ref>  This malware could simply cause issues on a target’s system or could even be used to pass personal information back to the hacker.  Baiting is one of the only social engineering methods that will use technology to attain its goals.
*''Quid pro quo'' - The term Quid pro quo basically means something for something.  In this case, a hacker will attempt to gain information by giving something in return.<ref >{{cite web
*''Quid pro quo'' - The term ''quid pro quo'' basically means something for something.  In this case, a hacker will attempt to gain information by giving something in return.<ref >{{cite web
| url= http://www.techradar.com/news/internet/how-social-engineering-works-913505
| url= http://www.techradar.com/news/internet/how-social-engineering-works-913505
| title= How social engineering works
| title= How social engineering works
Line 79: Line 77:
*''Tailgating'' - An attacker can gain access to a restricted, locked down area by following someone into the restricted area who does have access and acting like they belong.
*''Tailgating'' - An attacker can gain access to a restricted, locked down area by following someone into the restricted area who does have access and acting like they belong.


==Tools of the Ethical Hacker==
==Tools of the ethical hacker==
Although ethical hacking based on social engineering uses very little technology, penetration testing uses it extensively.  Here are some of the tools that are used by ethical hackers to protect systems:
Although ethical hacking based on social engineering uses very little technology, penetration testing uses it extensively.  Here are some of the tools that are used by ethical hackers to protect systems:
*''Nmap'' - Creates a map of a network by discovering hosts and services in the computer network.  It further aids by detecting the OS that is running on a system.  This will allow for OS specific penetration tests (are the systems patched to protect from known vulnerabilities)<ref >{{cite web
*''Nmap'' - Creates a map of a network by discovering hosts and services in the computer network.  It further aids by detecting the OS that is running on a system.  This will allow for OS-specific penetration tests (are the systems patched to protect from known vulnerabilities?)<ref >{{cite web
| url= http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf
| url= http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf
| title= Best of Network Penetration Testing Tools
| title= Best of Network Penetration Testing Tools
Line 87: Line 85:
| accessdate=2012-03-10
| accessdate=2012-03-10
}}</ref>
}}</ref>
*''Nessus''- Scans for vulnerabilities in a computer system and network.  It can scan for known remote vulnerabilities (unpatched), poor configuration of systems (bad email relays),  checks to see if common default passwords are still in use and it can also attempt to perform denial of service attacks<ref>http://en.wikipedia.org/wiki/Nessus_%28software%29</ref>
*''Nessus''- Scans for vulnerabilities in a computer system and network.  It can scan for known remote vulnerabilities (unpatched), poor configuration of systems (bad email relays),  checks to see if common default passwords are still in use and it can also attempt to perform denial of service attacks<ref>{{cite web|last=Anderson|first=Harry|date=2 November 2010|title=Introduction to Nessus|url=http://www.symantec.com/connect/articles/introduction-nessus|publisher=Symantec|accessdate=5 November 2013}}</ref>
*''THC Hydra'' - Is a brute force password cracking tool.  It has ability to access data from a website and attempt logins that way. It is not limited to website logins, but can access a number of protocols including ftp.<ref>http://www.attackvector.org/brute-force-with-thc-hydra/</ref>
*''THC Hydra'' - Is a brute force password cracking tool.  It has ability to access data from a website and attempt logins that way. It is not limited to website logins, but can access a number of protocols including ftp.<ref>http://www.attackvector.org/brute-force-with-thc-hydra/</ref>
*''Cain & Abel'' - A password recovery tool that uses a multitude of methods to determine user passwords.  It can scan networks, use brute-force and dictionary methods of checking passwords and it can even scan VoIP conversations to find passwords.<ref>http://www.oxid.it/cain.html</ref>
*''Cain & Abel'' - A password recovery tool that uses a multitude of methods to determine user passwords.  It can scan networks, use brute-force and dictionary methods of checking passwords and it can even scan VoIP conversations to find passwords.<ref>http://www.oxid.it/cain.html</ref>


==Notable white hats==
==Notable ethical hackers==
*''Robert Hansen'' - CEO and Founder of Sectheory LTD.  Designed an application “Fierce” that determines IP addresses that will allow for easier attacking of a target (used to protect, not attack companies).<ref name=PCWorld>http://www.pcworld.com/article/194467/12_white_hat_hackers_you_should_know.html</ref>
*''Robert Hansen'' - CEO and Founder of Sectheory LTD.  Designed an application “Fierce” that determines IP addresses that will allow for easier attacking of a target (used to protect, not attack companies).<ref name=PCWorld>http://www.pcworld.com/article/194467/12_white_hat_hackers_you_should_know.html</ref>
*''Greg Hoglund'' - Specializes in rootkits and buffer overflows.  Found many vulnerabilities to World of Warcraft.<ref name=PCWorld/>
*''Greg Hoglund'' - Specializes in rootkits and buffer overflows.  Found many vulnerabilities to World of Warcraft.<ref name=PCWorld/>
*''Dan Kaminsky'' - Discovered and developed a resolution for a severe DNS protocol issue that could have caused mass Internet disruption.<ref name=PCWorld/>
*''Dan Kaminsky'' - Discovered and developed a resolution for a severe DNS protocol issue that could have caused mass Internet disruption.<ref name=PCWorld/>
*''Marc Maiffret'' - Once a black hat hacker himself, he instead became a protector of Windows based computers.  Discoving many vulnerabilities.  He even played a role in discovering and researching the “Code Red” virus.<ref name=PCWorld/>
*''Marc Maiffret'' - Once a black hat hacker himself, he instead became a protector of Windows based computers.  Discovering many vulnerabilities.  He even played a role in discovering and researching the “Code Red” virus.<ref name=PCWorld/>


==References==
==References==
<references/>
{{reflist}}
 
<!--Please ignore the following lines if you are not familiar with the usage of subpages at Citizendium.-->
 
[[Category:CZ Live]]
[[Category:Articles without metadata]]
[[Category:Stub Articles]]
[[Category:Needs Workgroup]]

Latest revision as of 02:27, 5 November 2013

This article is developed but not approved.
Main Article
Discussion
Definition [?]
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable, developed Main Article is subject to a disclaimer.

An ethical or "white hat" hacker is an expert in information technology security who does not use skills to access systems for personal gain, but instead uses knowledge and experience to test systems for exploits and vulnerabilities to protect these systems.[1] These terms contrast with those of a "black hat" or non-ethical hacker.

History of the ethical hacker

Ethical hacking began as early as the 1970s when the US government attempted to hack its own system.[2] Later, in the 1980s, ethical hacking moved into the telecommunications business, which had been the target of “cybervandals” trying to damage local telephone companies. In the 1990s, as banks became more available online, they too began to make use of ethical hacking to protect themselves. Following shortly behind the banks came e-commerce websites (think Amazon) who also made use of ethical hacking to protect themselves.[3]

What an ethical hacker looks for

A white hat will use ethical hacking methods to answer three basic questions:

  1. What can an intruder see on the target systems?[4]
    • What data is available to a hacker should he/she gain access to the systems? This could be anything from pictures to business documents to information databases.
  2. What can an intruder do with that information?[4]
    • Can the intruder read the data, copy the data or even delete the data? Can they modify the data they gain access to in any way?
  3. Does anyone at the target notice the intruder’s attempts or successes?[4]
    • Are there any alerts should a hacker gain access to the target system? This is probably the most important question that an ethical hacker will answer because it indicates how long an attacker may attempt to gain access to a system before they succeed fully (and they will eventually, given enough time).

Methods an ethical hacker will use to obtain data

Ethical hackers will make use of both technological and non-technological methods to reach their goals.

Penetration testing

Penetration testing is the simulation of an attack by a true “black hat” hacker. Penetration is the use of different methods, techniques and tools to test and evaluate the strength of an organization’s security and to detect if any vulnerabilities exist. Penetration testing, unlike other forms which theorize a system's vulnerability, will actively test an organization’s security system by using real "system hacking" techniques to try and break through. A penetration test will attempt to use the same methods that a hostile attacker will employ to gain access through an organization's security.[5] A penetration test will take one of two possible approaches:

  • Black box – As used in other circumstances, "black box" implies no knowledge of the inner workings of what one is assessing/testing/viewing. In the case of penetration testing, "black box" means that the testers have no working knowledge of the target other than the target’s name prior to the start of the test.[6] The testers must use different methods to obtain the information themselves that will allow them to access the target’s systems.
  • White box – As with black box, the definition of white box in penetration testing follows the same lines as other areas of IT. It means the testers know the inner workings of the target right down to the hardware being used.[6] They know the infrastructure of the network and the security configurations, allowing them to find vulnerabilities before they even attempt a penetration test.

Social engineering

Whereas penetration testing uses technology to gain access to a system, social engineering is noticeably lacking in technology. Social engineering is the act of manipulating a person to accomplish goals that may or may not be in the best interest of the target. Like penetration testing, the goal is to gain information, gain access to a system(s); unlike penetration testing, social engineering has the added goal of having the targets themselves perform a certain action.[6]Social engineering can make use of the following approaches:

  • Pretexting - Lying to the target in order to obtain privileged information. The pretext is the hacker’s motive.[7]
  • Diversion theft - Used mostly with theft, but still considered a Social Engineering method. The purpose is to convince a legitimate delivery person who is bringing a delivery to an address, that the package is requested some where else.[8]
  • Phishing - The use of email or websites to gather personal information by pretending to be a trustworthy organization.[9] For example, an ethical hacker may send an email, pretending to be a member of the organizations IT support team in order to have the user provide them with login credentials. They could go further by creating a custom website to pose as a password reset application for the company in order to get passwords and login information.
  • IVR or phone phishing (aka. vishing) - The use of an interactive voice response (IVR) system to create an official-sounding bank IVR system to trick people into providing their personal information. An example is where a hacker will pose as a bank employee or even use another IVR message to advise the target they have to call into the bank to correct an issue. They provide a number (not the bank's) for the target to call in on and when he/she does, they record their account information as it is entered into the phone.[10] A hacker could even perform something similar in that they use the same method, but instead attack a company employee in order to have them attempt to enter their password via the telephone.
  • Baiting - A hacker will leave a CD-Rom or USB flash drive where it is sure to be found. When a person places the unit into their system it installs malware (possibly viruses).[11] This malware could simply cause issues on a target’s system or could even be used to pass personal information back to the hacker. Baiting is one of the only social engineering methods that will use technology to attain its goals.
  • Quid pro quo - The term quid pro quo basically means something for something. In this case, a hacker will attempt to gain information by giving something in return.[12] An example would be a hacker calling a company employees one at a time, posing as a member of IT and stating they are calling to help them with their computer problem. Eventually, they are going to get to someone who actually made a call to get support and now they have an easy way to gain that employee’s passwords.
  • Tailgating - An attacker can gain access to a restricted, locked down area by following someone into the restricted area who does have access and acting like they belong.

Tools of the ethical hacker

Although ethical hacking based on social engineering uses very little technology, penetration testing uses it extensively. Here are some of the tools that are used by ethical hackers to protect systems:

  • Nmap - Creates a map of a network by discovering hosts and services in the computer network. It further aids by detecting the OS that is running on a system. This will allow for OS-specific penetration tests (are the systems patched to protect from known vulnerabilities?)[13]
  • Nessus- Scans for vulnerabilities in a computer system and network. It can scan for known remote vulnerabilities (unpatched), poor configuration of systems (bad email relays), checks to see if common default passwords are still in use and it can also attempt to perform denial of service attacks[14]
  • THC Hydra - Is a brute force password cracking tool. It has ability to access data from a website and attempt logins that way. It is not limited to website logins, but can access a number of protocols including ftp.[15]
  • Cain & Abel - A password recovery tool that uses a multitude of methods to determine user passwords. It can scan networks, use brute-force and dictionary methods of checking passwords and it can even scan VoIP conversations to find passwords.[16]

Notable ethical hackers

  • Robert Hansen - CEO and Founder of Sectheory LTD. Designed an application “Fierce” that determines IP addresses that will allow for easier attacking of a target (used to protect, not attack companies).[17]
  • Greg Hoglund - Specializes in rootkits and buffer overflows. Found many vulnerabilities to World of Warcraft.[17]
  • Dan Kaminsky - Discovered and developed a resolution for a severe DNS protocol issue that could have caused mass Internet disruption.[17]
  • Marc Maiffret - Once a black hat hacker himself, he instead became a protector of Windows based computers. Discovering many vulnerabilities. He even played a role in discovering and researching the “Code Red” virus.[17]

References

  1. wiseGeek. What Is Ethical Hacking?. Retrieved on 2012-03-10.
  2. Marilyn Leathers. A Closer Look at Ethical Hacking and Hackers. Retrieved on 2012-03-10.
  3. Bill Coffin. It Takes a Thief: Ethical Hackers Test Your Defenses. Retrieved on 2012-03-10.
  4. 4.0 4.1 4.2 C.C.Palmer. Ethical hacking. Retrieved on 2012-03-10.
  5. SANS Institute. Conducting a Penetration Test on an Organization. Retrieved on 2012-03-10.
  6. 6.0 6.1 6.2 http://www.symantec.com/connect/articles/demonstrating-roi-penetration-testing-part-four
  7. http://searchcio.techtarget.com/definition/pretexting
  8. http://s260f.weebly.com/index.html
  9. United States Computer Emergency Readiness Team. Cyber Security Tip ST04-014. Retrieved on 2012-03-10.
  10. DocDroppers. Social Engineering. Retrieved on 2012-03-10.
  11. Cyber War Zone. Social Engineering. Retrieved on 2012-03-10.
  12. Tech Radar. How social engineering works. Retrieved on 2012-03-10.
  13. Best of Network Penetration Testing Tools. Retrieved on 2012-03-10.
  14. Anderson, Harry (2 November 2010). Introduction to Nessus. Symantec. Retrieved on 5 November 2013.
  15. http://www.attackvector.org/brute-force-with-thc-hydra/
  16. http://www.oxid.it/cain.html
  17. 17.0 17.1 17.2 17.3 http://www.pcworld.com/article/194467/12_white_hat_hackers_you_should_know.html