Dataquest : Top Stories : White Hat Hackers: Use a Hacker to Catch Another

White Hat Hackers: Use a Hacker to Catch Another

The corporate world has turned to this hacker sub-community to track down crackers, and help discover security holes. Working in and out of the twilight zone, such hackers—some in their late teens—are highly-paid consultants

Saturday, October 14, 2000

Who are CRusad3r, Xylorg, Swift Griggs, Oblivion and Jericho? They are all aliases for hackers, or better, hackers with a conscience—the white hat hackers.

And what makes them so hot? Well, years of hands-on, hard-to-find experience with telephone systems, dial-up modems, operating systems and networking systems.

These long-haired, jargon-speaking lawbreakers are ill-fits for even part-time corporate jobs—until, of course, they choose to wear the ‘white hat’. And the moment they do so, all their past foibles are pardoned.

Hacking for good?

A few years ago, some hackers started offering their services to scan software and corporate networks for security lacunas. This phenomenon led to hackers being classified as white and black hat hackers. For desperate corporates keen to seek bugs in their network security and plug them before they are exploited for nefarious ends by malicious ‘black hackers’, white hat hackers were like manna from heaven.

The US law, though, does not see any difference between black and white hats. Hacking—the act of breaking into computers and networks of other people—itself is considered criminal. While many hackers would say they break into systems just for a kick, the consequences for the victim organization could be disasterous—it would lose its confidential data and its trust among the B2B or B2C community. A hacking incident could make network administrators paranoid, buying network tools they wouldn’t really need. This is where the role of white hats becomes important.

Although the law is yet to make a differentiation between the black and white hacking, the industry has already started recognizing the significance of this new role. On a global scale, KPMG, Computer Associates, Gartner Group’s ICSA and Cambridge Technology Partners are said to have security services units that actually have white hat hackers on their rolls. These units may be hired by a company to, say, build security into a newly-developed e-commerce package, identify the vulnerabilities and then design defense mechanisms accordingly. In the US, the community of white hackers has been made famous by the annual DEFCONs, the latest was in July.

The Boston-based LHI Technologies does white hat hacking at the developer level. It quietly notifies a software development company of a problem, and if the company refuses to fix it, it publicizes the problem by posting it on its Web site. The developer is thus forced to fix the problem lest malicious hackers exploit the flaws. LHI is credited with identifying a flaw in Windows NT that made it possible to decode an entire registry of user passwords in 26 hours, a task Microsoft claimed would take more than 5,000 years. Recently, even the Pentagon hired hacking freelancers. The trend, however, is yet to catch on in India.

Page(s) 1 2 3

Print this article

Comments

Email this article




	Security in Black and White
	Security Breaches
	Why the Paranoid Survive
	The H-Word in E-Security

Innovation, Winning the future with ZTE

Reduce your TCO now with INGRES

Collective Intelligence @ Work

• Does cloud computing cast a cloud on the future of IT professionals?

• Is your Accounts Payable Solution working for you? Think Againâ€¦