Now commonly used, the word “hacker” first appeared in the 1960s at MIT (Massachusetts Institute of Technology). While the term is generally associated with a malicious act, there is a form of positive hacking called “ethical hacking”. This type of hacking, which is becoming increasingly popular among companies, is not aimed at hacking data but rather at preventing the risk of a cyber attack. This is a crucial issue at a time when 39% of European companies and 9 out of 10 companies admit to having suffered a cyber attack (ransomware, spyware…) Focus on a profession that is still becoming unknown to the general public.
Hackers VS ethical hackers
Hackers and ethical hackers are like two sides of the same coin: both are looking for security holes in information systems. The former, called “Black hat”, seek to exploit these loopholes illegally. Their method of intrusion consists of identifying targets, collecting information – some hackers even go so far as to physically visit a company’s premises or events – and maintaining access, while hiding the traces of their operations.
The latter, called “white hat”, are solicited by the companies themselves. Their objective? To test the robustness of a security system, to identify detected vulnerabilities and to record a set of recommendations for the company. In the event of a “sensitive” find, the information is directly communicated to the ANSSI or the government.
Some of these benevolent hackers can see their notoriety explode. In 2014, for example, Google revealed the launch of Project Zero, its team of cybersecurity experts with on board the British professional hacker Tavis Ormandy, known for discovering flaws in Windows and Sophos antivirus, among other things. The French are not to be outdone either and include among their ranks the hacker Gaël Musquet, known for having contributed his expertise to the French Air Force and the Qwant search engine, and Nicolas François, whose services have benefited Blablacar and Mozilla .
Talents sought after by companies, which do not hesitate to organize “fault hunts” or Bug Bounty to find the rare pearl. For example, the “Yes We Hack” platform encourages this practice by putting hackers in touch with partner companies. These companies can be tested by hackers, who can win up to €50,000 if a security breach is discovered. The Bounty Bug, which is now widely popular, has already been used by Google, Facebook, Yahoo and Reddit.
But contrary to popular belief, ethical hacking is not necessarily a solitary hunt for a loophole. Indeed, ethical hackers can act in groups, as in Red Team and Blue Team operations. This type of simulation is part of the slopes, which are audits aimed at strengthening cyber defence. On the one hand, the Read Team is in charge of attacking the network while the Blue Team is in charge of defending it.
Grey hat hackers
Other hackers are called Grey Hats. Their actions can vary between legality and illegality and between morality and immorality. Some hackers get into a system to make a company aware of their skills, some hackers get into a system to prevent security breaches, some hackers get into a system to defend a cause – hacktivism has been referred to as hacktivism since the 2000s, as in the case of Anonymous. So, unlike Black Hat intrusions, Grey Hats intrusions are not necessarily intended to be a nuisance.
At a time when companies are undergoing a digital transformation of their business processes, and the security of their information systems is becoming more and more at risk, talents are being encouraged to join the camp of ethical hackers in order to be one step ahead of the game and increase cybersecurity.