Despite being in the age of Trojans and malware, the dominant dread word today among systems security managers is hacking. Thanks, in part, to Anonymous, that faceless hack-happy cyber-vigilante group that’s been vandalizing the websites of government entities, international organizations, and, even, private individuals who have earned its displeasure.
To be sure, the terms hacking (the act of breaching the security of a computer) and hacker (the individual who carries out the hacking) are rather old. They go as far back as the first days of digital computing in the ‘60s, when computer programming—and its subculture, computer hacking—was almost entirely confined to the academe.
Back then, hacking was not a dirty word at all. It was actually a means, legal and sanctioned, to test the security of a computer system and reveal its vulnerabilities, so they could be plugged. The dirty word then (and now, but only in the computer-programming community) was cracking, used by the legitimate hackers (the so-called “white” hackers) to mean illegal or illegitimate hacking, which is gaining access to a computer system without the express authorization of the computer owner. Illegal hacking is a crime in most countries.
Today, no thanks to popular media and the likes of Anonymous, the term hacking has fallen into disrepute, and in the public mind is now synonymous with cracking. Consequently, the word hacker is almost universally understood now to mean computer criminal.
The practice of legitimate hacking, however, is flourishing and, as before, is well and truly on the good side of computer security, what with the present computer landscape heavily mined by virus-worm-malware creators and crackers. It even has taken on a new name—ethical hacking.
The need for ethical hacking for businesses, whether multinational enterprises or SMEs, may not be mandatory, but it is direly necessary. For three months in 2011, for example, crackers managed to cause industry giant Sony, Inc. to shut down its lucrative Playstation network after valuable information, including passwords, emails, and credit card numbers, was stolen. All told, the hack cost Sony a whopping $171 million.
To help protect their computer systems, many organizations now employ a certified ethical hacker who uses the same bag of hacking tricks and methods as a cracker. His (or her) mission is to try to break into the computer systems or penetrate the network of the company with the purpose of discovering, identifying, and fixing its weaknesses. Penetration testing is not illegal.
An ethical hacker to be certified must earn a professional certification provided by the International Council of E-Commerce Consultants, also known as the EC-Council, a professional certification body for the IT industry. To obtain the certification, an individual must pass the certification exam given by EC-Council, usually after undergoing formal training from an accredited training provider.
To be sure, the formal training is not mandatory, but just one of two options; the other being self-study. The latter, however, is the more difficult path—not only because individuals taking it have to invest a lot of time and resources to study properly, but also because of the paperwork required by the testing body of self-study examinees—that many ethical hackers simply choose to enroll in a formal training program to prepare them for their certification exams.