Hacking by Solis Tech: How to Hack Computers, Basic Security and Penetration Testing (2014)
Chapter 2: The Rules of Ethical Hacking
If you are interested in hacking computers in order to launch attacks and cause damage to other computers or steal data, then you may think that ethical hacking is not for you. However, it does not mean that this is an uninteresting activity.
While not as mysterious as malicious or gray-hat hacking, there is more value in ethical hacking. It is systematic, which makes it possible for a white hat hacker to actually know when his method works. Ethical hacking makes it possible for a computer user to “read” moves of any attacker by learning all the tools that malicious hackers have, and then using the same tools to protect his computer or even launch a counter-attack.
Commandments of Ethical Hacking
Ethical hacking entails that all hackers who would want to hack and improve systems through the legal way should do the following:
1. Create specific goals
An ethical hacker thinks like a malicious hacker, but only to a point. He needs to identify vulnerabilities but he also knows that he needs to stop hacking at a particular point when he no longer knows what to do anymore. This is essential to stop possible repercussions. Note that hacking can possibly make him crash the system that he is trying to protect, and there may be a point when he cannot find a solution to the repercussion of his actions. For that reason, he needs to be sure that he is aware of what may happen as a result of a penetration or attack test and know how he can fix it. If a possible attack will lead to a damage that he cannot fix, he will need to let a more capable ethical hacker handle it.
2. Have a planned testing process.
Ethical hackers need to prevent any untoward incidences that are very likely to happen when testing attacks on computer systems and processes. He needs to identify all the tests that he would be doing, together with all the networks and computers that would be affected by them, and tell when the tests would be carried out. That way, the hacker will have an assurance that he will not have any liability on any possible attacks on networks that may happen outside that timeframe. This will also prevent him from having to interfere with any activity that may be stopped or compromised because of a testing task.
Here is a related rule that you should abide with: do not crash your own system when you perform test hacks. There are numerous websites, like hackthissite.org, that will allow you to test your hacking skills. If you need to test physical vulnerabilities, then it would be a good idea to have a spare hardware that you can perform tests on for practice.
3. Obtain authorization to test.
Even if he can get away with it or if it is for the good of the organization that he is serving, an ethical hacker must always ask for written authorization that says that he can perform a test during an agreed timeframe on specific networks. That ensures the hacker that he will not be held accountable for any claim that security or privacy has been breached during a particular test. On the other hand, authorization also allows computer users to prepare to be mindful when another hacker tests the privacy settings and data encryption. This way, users can also find a way to first remove sensitive data on their devices before carrying out any tests, if they wish to do so.
4. Always work professionally.
Professional ethical hackers always make it a point to stick to the plan. They do not step out of the boundaries even when they can do one more test attack, nor do they share any information to a third party about the systems that they manage.
5. Keep records.
Ethical hackers make it a point to take note of all vulnerabilities, remedies, and testing timelines in order to ensure that all solutions that they propose are not random. That means that if you want to be a hacker, you also need to keep a record of results and recommendations electronically and on paper and make sure that those documentations remain confidential.
6. Respect privacy.
If there is anything that will separate an ethical hacker from the rest of the hackers nowadays, it is their undying respect for privacy. Ethical hackers are the only hackers who will never go beyond the line of professionalism just because they can. While it is easy to go beyond borders and know that you would probably never be caught, you know better and stick to your responsibility.
7. Respect the rights of others.
Hackers know that there are too much information that one can extract from any device, but ethical hackers know better. These are sensitive data that they must protect at all cost. For that reason, they refrain from performing any activity that may jeopardize the rights of any computer user.
Why Ethical Hacking is a Demand
Perhaps the question to ask is “Why you should learn how to hack”. The answer is simple: it is because thousands to millions of people out there are quickly learning how to, and you do not have any idea what kind of hacker they would be once they master this skill. At the same time, you are aware that as people become more dependent to the internet and their electronic devices, the information that they store and send out become increasingly valuable. More often than not, the files that you store, download, or send to someone else can be a tool against you.
For that reason, many information technology security personnel made it a point to learn how to hack in order to discover all the preventive measures that they can implement in order to stop malicious hacking into the organizations that they protect.
However, all computers users also have the reason to know how they can protect themselves. Even if you do not have millions of dollars in your bank account, you are still likely to be a victim of cybercrime. Identitytheft.info claimed that there are around 15 million US residents whose identities were used in fraud each year. This effectively granted malicious hackers $50 billion or more. The number is still growing by the second, as about 100 million Americans continue to place personal information at risk through the Internet, public and corporate databases, and personal devices, which can be targeted by malicious hackers or social engineers.
For that reason, more people are increasingly becoming interested in ethical hacking. More and more people want to learn how to identify attacks that they will most likely encounter and how they can use the most appropriate preventive measures. Needless to say, it is important for every computer user to learn how they are being targeted and how they are going to fall prey into a trap launched by a malicious hacker.
In order to prevent yourself from being a victim of a cyber attack or any type of criminal hacking, you first need to see what other people, especially hackers, see when they look for potential targets. The next chapter will teach you how to do that.