When you hear “hacker” word, what comes to your mind?
Is the popular image of an unknown shady hooded figure from a basement stealing your digital identity? The truth is, hacking, just like technology, has morphed into a different, negative topic, but how were hackers born?
It all started in 1959, at MIT, Massachusetts Institute of Technology when a group of Tech Model Railroad Club students tested the limits of their model trains. The members of the club, by breaking into the technological system that controlled the trains, managed to modify the functions and control the switches. These computer experts called themselves hackers, but the event turned out to be an attempt to explore and improve upon the limitations of the existing program.
Today, hacking is synonymous with illegal access to a system or device. Hackers use various tactics, ranging from technical ones, such as the use of advanced programs, such as viruses or malware, or vulnerabilities found in security systems, called “0 days”, to social engineering, a method that involves tricks psychological factors that induce the victim to click on an attachment or to share their confidential data, such as pin and password.
The high diffusion of cyber attacks against, for example, public bodies and companies has led to the multiplication of IT security experts in recent years. Among these, there is that of the Ethical Hacker, a professional with sophisticated knowledge in the field of Cyber Security, able to identify and prevent vulnerabilities that can threaten an IT infrastructure.
Also known by the name of White hat (antagonist of the so-called Black hat), the Ethical Hacker is a computer security expert capable of simulating, anticipating and preventing cyber attacks. More specifically, the Ethical Hacker simulates attacks on the information system of the reference company in order to identify any flaws.
The Ethical Hacker is therefore able to infiltrate protected networks without authorizations (penetration test), to test the effectiveness of corporate security systems and to evaluate the effectiveness of the measures adopted up to that moment.
Among the main tasks that the Ethical Hacker usually performs we find:
- Perform penetration tests of IT infrastructures and web applications;
- Scan the access ports to the systems, in order to identify those that are open by mistake;
- Verify the security of sensitive and private data, such as those related to payments, logins or passwords;
- Simulate Hacker attacks.
Mostly present in more structured companies, it is a professional figure that is still somewhat controversial. His actions, while well-intentioned, sometimes conflict with rights such as privacy, business secrecy and consumer protection. For this reason, certifications have been established which guarantee the goodness of the actions of the White Hats, that is, which guarantee that it is an ethical hacking. The most widespread of these is the Certified Ethical Hacker (CEH), promoted by the International Council of Electronic Commerce Consultants (EC-Council), which certifies the technical skills of the person and his commitment on the ethical side.
ETHICAL HACKER: TRAINING AND MAIN SKILLS
Although there are no specific study paths, to become an Ethical Hacker it is often required:
- Have a degree in Computer Science or Computer Engineering, but also in Physics or Mathematics;
- Have attended specialization courses in Cyber Security;
- Completed professional training courses.
Being an expert in Cyber Security, the Ethical Hacker should:
- Know the main programming languages (the most used ones include, for example, Python and Bash);
- Knowing how to use penetration testing techniques (DoS attacks, Social engineering…) and Vulnerability Assessment;
- Know the most varied tools and frameworks for simulating Cyber attacks (among the most common are W3af, Nessus, Nexpose, Metasploit, Burp Suite, Nessus and Nmap togheter);
- Know how to use reverse engineering tools;
- Possess legislative notions on privacy and data processing.
From Wikipedia, the free encyclopedia
Dennis Dan “Denny” Teresi (born August 14, 1954), now known as Dennis Terry, is an American radio disc jockey and former phone phreak most famous for being the person who introduced John Draper to the field of phreaking. Both Draper and Teresi were operating pirate radio stations in the San Jose, California area. Their initial contact came when Teresi responded by telephone to one of Draper’s pirate broadcasts.
In the documentary The Secret History of Hacking, Teresi* is identified as an expert in social engineering. Teresi’s mastery of the phone company’s jargon allowed him to speak with phone company employees and trick them into revealing more information.
Teresi, who is blind, has hosted an oldies radio show on KSJS since 1976 under the name “Dennis Terry”, and for several years he also operated an oldies record store in San Jose.
He was elected into the Bay Area Radio Hall of Fame as a member of its Class of 2021.
*The film starts by reviewing the concept and the early days of phreaking, featuring anecdotes of phreaking experiences (often involving the use of a blue box) recounted by John Draper and Denny Teresi. By way of commentary from Steve Wozniak (Steve Jobs partner), the film progresses from phreaking to computer hobbyist hacking (including anecdotal experiences of the Homebrew Computer Club) on to computer security hacking, noting differences between these 2 forms of hacking in the process. The featured computer security hacking and social engineering stories and anecdotes predominantly concern experiences involving Kevin Mitnick. The film also deals with how society’s (and notably law enforcement’s) fear of hacking has increased over time due to media attention of hacking (by way of the film WarGames as well as journalistic reporting on actual hackers) combined with society’s further increase in adoption of and subsequent reliance on computing and communication networks.