White Hat

Paul Godfrey, IT Support Specialist 09 March 2020

A few days ago, I was in a deep conversation with one of my clients around the security of their network and IT infrastructure when out of the blue my college mentioned the term White Hat. This flagged in my memory, and after the conversation I started to read up on the slang term and the vital role it plays within our cyber security world. So, I’m going to save you a google search and deep dive right into the vital role of ethical hacking.

Now I understand that the words ethical and hacking in the same sentence don’t seem to compute, but it is a critical part of ensuring our key network infrastructure is bang up to date and secure from the evil empire that is Black Hat or malicious hacker.

The terms White Hat and Black Hat are generally thought to originate from the days of the Wild Wild West in the USA, when everyone rode horses, spoke like John Wayne and you could distinguish the good guys from the bad guys by the colour of their hat. Hence the adoption of the slang term ‘White Hat’ for ethical hackers and Black Hat for those with malicious intent. Apparently, cowboys also used to wear different color sash to distinguish themselves as part of a gang. but that’s an entirely different story. Now that we know what a White Hat hacker is, let’s move on to the way White Hats have been keeping us safe for many years.

The term Hacker comes initially from coders “hacking” chunks of code together and is often, but not always, associated with poor quality. The Cambridge Dictionary defines a hacking as ‘the activity of using a computer to access information stored on another computer without permission or to spread a virus.’ This implied illegality does not apply to the White Hat. White Hats basically started with penetration testing, attacking software and computer systems from the start – scanning ports, examining known defects in protocols and applications running on the system and patch installations etc. They would then provide their findings of the system vulnerabilities to the client in the form of consultancy.

Apart from penetration testing White Hats may utilise many other tools. A full-blown ethical hack might include emailing staff to ask for password details, rummaging through the executive's dustbins and occasionally breaking and entering, without the knowledge or consent of the targets. Only the owners, CEOs and Board Members who have asked for a security review of this magnitude are aware of what is occurring.

There was a famous case of an ethical hack on a bank in London a few years ago, when a couple of dozen USB drives with “Adobe Full version” written professionally over them were strewn outside the head office with the main intention of seeing how many drives ended up in the banks IT system. It turned out that well over 90% flagged up and the users trying to access the drive were confronted by a screen stating they had been hacked and to report too their IT department, who were also in on the hack.

This case goes to show that if you think of it from a pure security perspective, your staff are often more cause for concern for a security breach than outside factors. Also, now we have personal Smart phones that are attaching themselves to the corporate Wi-Fi, without any AV or Mobile Device Management (MDM), there are ever increasing blunders and security issues that medium to large sized businesses are allowing on their “secure network”. This is a topic that I will be following up in detail in another post.

To try and replicate some of the destructive techniques that a real attack might employ, What Hat hackers may arrange a hack late at night while systems are less critical, with more recent trends moving towards hacks taking place over a longer term enabling them to get much closer to the client and infiltrate on many levels.. An example of this backfired recently when two men hired to assess a court record system's computer security were arrested – after they were caught physically sneaking into a courthouse. Click here to read more on that case.

Other techniques used by a White Hat include:

  • DoS attacks
  • Social engineering tactics
  • Reverse engineering
  • Network security
  • Disk and memory forensics
  • Vulnerability research
  • And a multitude of Network scanner tools

These methods identify and exploit known security vulnerabilities and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that can be used as a link to information or access that a 'Black Hat' may want to gain, therefore closing the holes before they are accessed by the dark side.

There are obviously a multitude of other ways to access a network or disrupt a business which I haven’t gone onto in this post; the subject is vast and can become very paranoid in its approach, some would say rightly so.

If you would like to gain further insight on the topic of Cyber Security, we are holding a webinar on “Cyber Security – Detection & Response” on the 23rd of April and have invited one of our Security Partners to share their knowledge and examples of recent cases studies. If you would like to attend, click here to register