Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the eyes of the beholder. When examining the root cause of a website hack or application exploit, it pays to follow the money. A hacker will be motivated by whomever or whatever is sponsoring his or her actions. The computer security industry coined the term “ethical hacking” to describe a hacker who benevolently attacks a network or other security system – whether private or public – on behalf of its owners. Ethical hackers are also called white hat hackers, as distinguished from the black-hatted bad guys.
All hackers (good and evil) share a core belief that information should be free. This was distilled into text for the first time by Steven Levy in his 1984 book Hackers. In the book, Levy outlined The Hacker Ethic — a code of beliefs embraced by nearly all computer hackers. The ethics weren’t crafted by Steven Levy or any one person to dictate how hackers should act, rather they’re a reflection of the hacker culture that has grown organically over many decades.
My hope in sharing The Hacker Ethic here is to give you a deeper understanding of how hackers think. One day you may hire a hacker, work with one, or wish to become one yourself. In that case, consider this your first step into their culture. These are the top four principles of The Hacker Ethic.
Why pay someone to hack into your own application or website? To expose its vulnerabilities. Any law enforcement officer will tell you that to prevent crime, you should think like a criminal. To test a security system, ethical hackers use the same methods as their malicious brethren, but report problems uncovered to their client instead of taking advantage of them. Ethical hacking is commonplace in the Federal government, where the practice initiated in the 1970s, and many large companies today employ white hat teams within their information security practice. Other online and internet slang terms for ethical hackers include “sneakers,” red teams and tiger teams. Computer programmers can even learn ethical hacking techniques from a variety of certification authoritie