Cybercrime is an activity that people may underestimate. “Most of the cybercrime that occurs, which is of the economic-espionage variety, is never made public,” David Burg of PricewaterhouseCoopers (PwC) told The Atlantic. “Attack activity is very big business. You’re talking trillions of dollars in wealth being transferred globally.”
This has implications on national and corporate security. A February 2015 report from the U.S. director of national intelligence named cyberattacks first among global threats, above terrorism and weapons of mass destruction. The report predicts an ongoing series of low- to moderate-level cyberattacks from a variety of sources, which will impose cumulative costs on U.S. economic competitiveness and national security.
“During 2014, we saw an increase in the scale and scope of reporting on malevolent cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information (PII) compromised, or remediation costs incurred by U.S. victims,” the report says.
These factors have caused governmental agencies and corporations to rely more on white hat hackers, or cybersecurity experts who use their skills ethically. One PwC report found that American companies’ cybersecurity budgets have grown twice as much as information technology budgets over the past two years. More than 75 percent of U.S. executives surveyed said they were more concerned about cybersecurity threats in the previous year.
White Hat Hacking as a Profession
White hats, black hats and gray hats comprise the three types of hackers, according to Wired.
- White hats discover vulnerabilities and then notify the vendor.
- Black hats are criminals who use software holes, attack methods and other malicious tools to steal data and sell information to other criminals.
- Gray hats fall in the middle of the spectrum. They typically sell software holes and vulnerabilities to governments, which will hack into the systems of adversaries or criminal suspects.
White hat hackers can be employed in-house at cybersecurity firms, governmental agencies and technology companies. In the automotive industry, manufacturers are hiring white hat hackers to help secure self driving cars. With the rise of the Internet of Things, businesses in several industries are starting to understand just how vulnerable their products and infrastructure may be, and this is leading to more career opportunities for white hat hackers.
A recent trend is the increase of self-employed white hat hackers who function as cybersecurity “bounty hunters.” These hackers earn prizes that companies offer for discovering exploits in systems, protocols or software.
- Google’s Project Zero team, which is tasked with finding zero-day exploits (undisclosed vulnerabilities), offered $200,000 to hijack a Nexus 6P or 5X running Android 7 using the device’s phone number and email address.
- Apple offered $200,000 for finding vulnerabilities in its system, Inc. reports.
- The U.S. Department of Defense launched a pilot program in March 2016 called Hack the Pentagon. It paid out more than $70,000 in bounties for 134 vulnerabilities, according to The Guardian.
- Tesla offered up to $10,000 for each vulnerability found.
Other companies like Mozilla, Microsoft, Facebook, GM and Dropbox offer bug bounty programs. Often, the programs are hosted by a third-party platform, like HackerOne and BugCrowd, which takes a cut per bounty. More than 75 percent of programs posted on HackerOne result in finding a vulnerability within 24 hours, the company’s co-founder told The Guardian.
White Hat Hacking Tools
White hat hackers use the same knowledge and many of the same tools as black hat hackers. Common tools include the following programs.
- Nmap is used for network discovery and security auditing. The free, open source utility is also used for network inventory, managing service upgrade schedules and monitoring host or service uptime. Hackers can use Nmap to discover services running on devices connected to the internet in a process known as port scanning.
- Hping is a TCP/IP packet analyzer. It is often used for security auditing and testing of firewalls and networks. Other uses for hping include advanced port scanning, advanced traceroute, remote OS fingerprinting and remote uptime guessing.
- Tcpdump is a packet analyzer that uses the command-line interface. It can be used to intercept and display TCP/IP and other packets of another computer over a network. As a result, a hacker could view logins, passwords and other content.
- Metaspoloit is a penetration testing tool that simulates real attacks to determine security vulnerabilities. It will also uncover weak and reused credentials.
- Wireshark is a network protocol analyzer. It can be used to intercept and log network traffic. Once this occurs, hackers can “see” the interface and capture items such as passwords and other packets.
- Nikto is a web scanner that can perform tests against web servers for more than 6,700 potentially dangerous files and programs, check for outdated versions of more than 1,250 servers and look at version specific problems on more than 270 servers. It can also check for multiple index files, HTTP server options and will attempt to identify installed web servers and software.
Career Opportunities in Cybersecurity
The rapid growth of the Internet of Things will result in more opportunities for white hat hackers and cybersecurity professionals. The IoT security market is expected to grow to nearly $29 billion by 2020, up from $6.89 billion in 2015.
As bounties for white hat hackers increase, so too should in-house positions for hackers. Other cybersecurity roles are expected to increase much faster than the average for all occupations. Employment of information security analysts is projected to increase 18 percent by 2024, and positions for computer and information systems managers are projected to grow 15 percent by 2024, according to the Bureau of Labor Statistics.
Aurora University’s online Bachelor of Science in Computer Science equips students with the knowledge and skills needed to pursue a future in cybersecurity or for roles like computer programmer, web developer and computer systems analyst. The program takes place in a fully online environment.