A History of Hacking
Hacking is a term that has been thousands of years old and it means cutting something roughly and violently, and naturally it was not associated with technology because there was no technology. According to one source, the term hacking has also been used among model train hobbyists before computers.
However, modern-day hacking originated in the 1950s when technology enthusiasts explored and played with telecommunication infrastructure, such as landline phones. A well-known trick at the time was whistling into a payphone to deceive the system and make free calls. This field of interest was referred to as Phone Phreaking, and individuals who engaged in this activity were called Phreakers.
Technology advanced and computers as well as computer networks began to be used widely. In the same way, the Phone Phreaking culture transitioned to computers and computer networks. It is good to understand that at that time there were no laws or understanding that this could be used for harm. Similarly, these enthusiasts were not acting from a malicious perspective. It was just a group of people with a great interest in the subject area and what could be done with this new and ever-evolving technology.
With a few exceptions, hacking for financial gain or causing harm grew to new proportions only when companies realized that the Internet could be used for business and e-commerce became a huge industry. This also created the need to protect customer and system information. Since then, the whole field of hacking has been a cat-and-mouse game, where attackers come up with new ways to break into systems and defenders try to patch and come up with new ways to protect them.
In the context of cybersecurity, the concept of an ethical hacker emerges here.
What is a white hat hacker?
An ethical hacker, also known as a white hat hacker, refers to a person who knows how to break into computer systems, just like a cybercriminal. However, instead of engaging in illegal activities, a white hat hacker helps, for example, companies to identify vulnerabilities before criminals find them.
An experienced expert can also advise a company on how to improve the security of, for example, information systems, people, buildings, and processes in order to make the work of criminals more difficult. This is important because security does not mean that the application has no vulnerabilities. Security rather means that even if the application has a vulnerability, it does not cause significant damage until the attack can be detected and mitigated.
How do white-hat hackers make a living?
Cybersecurity is currently at the forefront of almost every company's daily operations, and Finland offers a wide range of different cybersecurity professions, such as technical cybersecurity consultants who perform activities like penetration testing of information systems.
In addition to workplaces, many companies have so-called bug bounty programs where the company grants permission (either to anyone or specifically invited hackers) to search for vulnerabilities, for example on their own website, and then rewards the findings.
Bug bounty programs
Bug bounty programs refer to when a company gives permission to private cybersecurity professionals to search for vulnerabilities in the company's systems. Typically, the company specifies what, where, and how can be tested, according to which private professionals search for these vulnerabilities, or in other words, "bugs". Often, a monetary reward is also given for a found vulnerability. There are people in the world who make a living solely by doing these programs since significant rewards can be paid for serious vulnerabilities.
Bug bounty platforms, such as HackerOne or Intigriti, are platforms where these programs are collected and all communication with the company takes place on the platform.
However, it is important to remember that security testing and bug bounty programs differ slightly. Bug bounty programs rarely pay for anything that does not have a direct impact on their operations. This means that significant hardening deficiencies and smaller vulnerabilities are often overlooked in these systems, whereas security testing aims to discover as many vulnerabilities as possible and also identify areas for improvement. In security testing, the goal is to ensure that even if a vulnerability is found, the resulting damage can be minimized.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.