Cybercrime

Hacking for Good and Evil

At Digital Pathways we talk a lot about ‘hackers’, generally describing them as cyber-criminals whose sole intention is to cause damage to individuals and corporations. We often describe the nefarious means by which a hacker endeavours to force entry into your system and obtain valuable information or data. We paint them as malicious, creating chaos online for no other reason than their own personal gain, or the simple destruction of others. Equally, they are highly adept computer programmers, with an in-depth knowledge of the digital world and the ways in which it can be manipulated.

Despite the general consensus, there are such people as ‘good’ hackers though. There are also a number of hacking tools that can be adapted for good as well. These individuals, and tools, search for vulnerabilities in much the same way as less moral persons would, but rather than exploiting the weaknesses for personal gain, will highlight them to those in danger and give them the opportunity to find the appropriate fix.

Hackers who have these positive intentions are known as ‘white’ or ‘ethical’ hackers. They search out security flaws and bring them to the surface. Many will be employed by major security agencies and have the full authority to perform a breach to seek out fragilities. Others will simply do so for their own enjoyment, to test their skills against major security organisations. There is never an intention to harm, more to educate and inform. They are used as a way to ensure ongoing security.

One of the major tools that divides opinion on whether it is for good or evil is the Wi-Fi Pineapple. This device is effectively a Wi-Fi honeypot. This means that it impersonates the credentials of a legitimate Wi-Fi network that someone has accessed in the past, and creates a fake access point that the device automatically connects to in future. What this allows is ‘man-in-the-middle’ attacks. This is a scenario where an attacker redirects or alters a communication between two parties. This could allow them to steal data, for example, or encourage one person to do something or relay information that the attacker can take advantage of.

The tool has its critics, for obvious reasons. The creator, though, insists that the device is a way of determining how unsafe a particular network is and outlining the ways to protect it. The majority of his products are released to governments and security professionals, who use it for penetration testing of their own networks. It is an incredibly useful way, if in the right hands, to find and fix vulnerabilities quickly and effectively.

Another tool that is regularly used is proxy sites. These are sites that we navigate through to gain access to blocked websites on the internet. By using a proxy server, you are able to do this anonymously, without being tracked. Many cyber-criminals will use proxy sites to initiate spamming, as it enables you to bounce between proxies without being detected. The dangers of spamming are very real, so surely proxies should be banned? Actually, no. When abroad, in an area where we can’t be sure of the security, even we will use a proxy site. It offers protection as much as it can do harm.

As with most things in life, it is down to personal choice whether an expert programmer chooses to use their skills for good or for evil. We will always look to protect against hackers, regardless of their intentions. But we also appreciate the efforts of those on the side of good who continue to keep us on our toes.

Penetration testing is an ideal solution to check for vulnerabilities. For more information on this please Click Here or call 0844 586 0040 for advice.