Reetwika tells us about the four different hacking hat colours – White, Blue, Grey and Black; each colour signifies the degree of ethical breach attached to the committed actions. Black Hat is the worst. She tells us the precautions necessary, in the weekly column, exclusively for Different Truths.
Now that you are well read in various state-of-the-art cybercrimes of the millennium, it’s the perfect time to read and boost your Technology General Knowledge on one of the most talked about cybercrimes of the world which is none other than Cyber Hacking.
There are multiple layers and shades of cyber hacking, which in itself has a wide scope of a software engineer’s lifetime research. I will still try to carve out the best of it in my column here so that from a technology user’s perspective you find it truly helpful and a jargon-free read.
The first thing which we should know about cyber hacking is that it’s not a crime, it’s just the technical term used to define the method of penetrating a secured computer system or network by abusing the already applied controls. For any person to do that, it requires a supreme understanding of computer, networks, their security loopholes and programming knowledge more than an ordinary computer expert.
The purpose for which this proficiency is utilised actually defines the borderline between cyber forensics and crime and is demarcated by four cyber hacking hat colours – White, Blue, Grey and Black; each colour signifies the degree of ethical breach attached to the committed actions. You will soon understand the differences better as we move ahead with their detailed explanations.
White Hat Hacker
A White Hat Hacker is typically a permanent employee of a software, security device or web development company who is recruited to conduct vulnerability assessments of the products they develop for in-house or client requirements and are often tagged as ‘Ethical Hackers’ for their legitimate ethos. The main purpose of White Hat hacking is to identify areas of security gaps right at the development stage so that they could be repaired before production.
Such invasive tests are always conducted on the organisation’s internal environment created deliberately for this purpose and is totally separated from the company’s core intranet and public internet. Due to the very nature of the work, White Hat hacking is always performed under the close governance of the Chief Security Officer.
Blue Hat Hacker
Unlike White Hat Hackers, a Blue Hat Hacker is one who is mostly a freelancer or a third-party computer genius, not directly employed by any organisation. Their sole intention of hacking is to impartially test any inherent system bugs (weak points or security loopholes) after it has passed the internal White Hat testing.
Blue Hat hacking is generally done before the launch of a new portal, website, cloud infrastructure, database, app, software, web feature, antivirus, antispyware, antimalware, security devices etc so that after its release the cybercriminals cannot exploit those vulnerabilities. If any defects are found, they are patched prior to the launch, depending on the severity of bugs.
Open tenders are often floated inviting hackers for Blue Hat hacking contests, commonly known as Bug Bounty programs, organised by software or web development firms. All the contesting hackers are provided with a controlled cloud-based environment for conducting multiple rounds of exhaustive exploitation of their products and the ultimate winners are honoured with huge incentives, financial benefits, and at times a consulting offer to patch those vulnerabilities detected during the event.
Grey Hat Hacker
There are many cyber geeks, who call themselves as Grey Hat Hackers, are extremely fanatic about breaking and challenging the effectiveness of security controls of newly launched security devices, websites, networks, software, etc.
They may not hack for malicious purposes but just to prove their worth to the world and the manufacturer of those products, they penetrate third-party environments and claim money to return the infringed assets if any (the most common example is a Ransomware attack). Since they force into unlawfully, Grey Hat Hackers are not considered clean in all cases. They are often put on trials depending upon the impact of their hacking attempts.
An alternative instance of Grey Hat Hacker could be forensic, national surveillance and intelligence experts who need to break into external systems for investigation, antiterrorism, secret espionage and/or legitimate security purposes.
Black Hat Hacker
This is the worst of all possible hacker hat types. Black Hat Hackers always have awfully malicious intents behind their infiltratory explorations. But they remain mingled so indistinctively amongst the public that their first-hand identification becomes the prime obstacle of the catch.
The second biggest challenge is to comprehend or predict their reason behind the hacking. A Black Hat Hacker’s motive could be criminal, cyberterrorism, personal disgruntlement or unhealthy industrial rivalry. Unfortunately, they are always ready to break every ethical barrier to accomplish their goals.
And the final hurdle is to detect at what point they will kick off their hacking attempt. Many times, it has been found that Black Hat Hackers began their hacking shot by simply stalking through their target’s social media profiles (commonly known as Social Engineering attack) before launching their final blow on the victim’s system.
As a technology user, we must be taking essential precautions to protect ourselves from the clutches of these Black Hat Hackers who can harm you to any degree you can imagine in your nightmares and not necessarily such attacks will involve a complicated computer system always. They are so technologically skillful that they can even penetrate your network devoid fireproof room from lightyears away. Majority of reported Black Hat hacking cases remain untraceable and unsolved as they are the master of camouflage. So, the best way to prevent Black Hat Hackers is to hide from becoming their target. Sharing my tips below which might help you in the long run.
- Don’t click open unsolicited emails, hyperlinks, attachments, videos, media files, attachments, advertisements etc., especially if the website, sender or author is not personally known to you. It can inject malware into your machine or network, opening backdoor access to the hackers. Black Hat hacking often begins with a Phishing attack.
- Do not allow your browser to save cookies containing your username password combos, internet surfing, and download histories. You may like to use incognito mode (through settings available in your respective browser) for masking your surfing trends to the browser facilitator.
- Try to use multiple passwords for your critical systems and make them as much difficult to guess as possible. Also, remember to change them frequently so that even if it’s cracked at some point in time, could not be misused for long.
- Don’t use cloud storages if you are not very confident with security loopholes in the cloud environment. Black Hat Hackers can steal your data in minutes from the cloud if they are not properly secured. Also, no data on cloud physically belongs to you even if you are the legitimate owner. No responsibility remains with the cloud service provider for data thefts due to user’s lack of awareness or weak passwords.
- Always remember to delete your important files from the internet once the need is over. If you require to store them in a cloud, be vigilant towards any download attempts. Keep your cloud backups locked with multiple passwords and OTPs.
- Try to avoid accessing your bank accounts or making online transactions through public Wi-Fi connections. Whatever be the security level of your system or account, if the network is weak, hacking chances get doubled. Black Hat Hackers often keep their traps spread across such public hotspots to tap banking info of the users.
- While using a public computer system, try to use virtual keyboards wherever available especially for the online banking sites. Black Hat Hackers can plant keyloggers to capture your passwords.
- Do not link your social media profiles with each other for any random blog comments or other unregistered sites. Rather you should try not to use the same email for all your accounts. If one is compromised, the task becomes easier for the hacker to stab all your profiles.
- Be very careful while using second-hand or other’s storage media like pen drives, hard disks, rewritable discs etc. You never know what data imaging software is hidden within the setup files. As you copy your information onto it, even after formatting it keeps a copy of it veiled inside. Only the installer can dig it out, even remotely. Also, it is extremely critical to delete and format all external storage media before you dispose or sell it off.
- Finally always remember to update your antivirus, firewall and antispyware to be updated at regular intervals. It is a good practice to run a weekly scan of your device and clean any unwanted data as identified by the security solutions.
Some commonly used hacking tools are Nmap, Nessus, Winzapper, Bribes, John the Ripper, ActiveX, Cain, and Abel etc. By any chance you happen to see any traces of these tools in your system or network, take immediate actions.
Nevertheless, the most important of all tips, which I always keep repeating in all my articles, no security control is more effective than self-awareness and responsible use of technology. Question yourself twice before committing any action with your computer, smartphone, and other cutting-edge electronic gadgets especially when connected to a network. All Black Hat hacking attempts begin with a noticeably poor security posture of the user over his/her system. As they say, it is easier to hack human brain than a dumb idiot box as it cannot think like we do.
Photos from the Internet
#BlackHatHacker #WhiteHatHacker #BlueHatHacker #GreyHatHacker #HatHackers #CyberHackers #CyberSeucrity #MediaProfile #DifferentTruths
Reetwika Banerjee is a Cyber Security Expert presently associated with a US consulting giant. She holds international MBA degree in Information System & Security and aims to be the face of women in security. During leisure hours, she enjoys writing books, news columns, travel blogs and films. She holds 2 World Records and 3 National Records for devising three innovative concepts in Modern Literature. A native of Kolkata, she is now a resident of Bangalore.