Graphic showing network security

We hear the term “hacking” a lot in the news and it often conjures up images of a person alone in a dark room, furiously tapping away on a keyboard as they take over computer networks, bring down security systems or steal personal data.  It seems that a hack is always bad news. But can hacking ever be legal and even a good thing?

So, what is hacking?  Hacking is generally defined as unauthorised or unwarranted access to a computer or network.  Once this access has been gained the hacker would then be able to disable security features, change information or access personal information about an individual or a large group of people.   These types of hackers are often known as “black-hat hackers” due to their bad intentions and the damage that their actions cause.  Kevin Mitnick, probably one of the world’s most famous hackers, spent two years breaching national defense warning systems and stealing corporate secrets.

After his arrest, supporters of Mitnick argued that his punishment was excessive as he did not rely on hacking tools or software programmes but instead relied on social engineering to compromise computers and systems. Social engineering is a form of psychological manipulation of people to get them to divulge information.  For instance, phishing emails that pretend to be from a company you trust, such as a bank, asking for pin numbers or login details would be a type of social engineering.  In this case, hackers try to trick you into volunteering your information without having to use software to hack into your account.

After serving time in prison, Mitnick is now a public advocate for computer security and even runs his own company specialising in penetration testing using technical exploits and social engineering and providing analysis, recommendations and support on IT security.

Thanks to TV and film, you probably have a clear image in your head when you think of “black-hat hackers” but many of them won’t fit this stereotype. One famous hacker, Jonathan James, was just 15 when he managed to hack into NASA’s network and download assets worth $1.7 million.  This hack caused the NASA network to be down for three weeks.  Just 16 at the time of his sentencing, James got seven months house arrest and probation until the age of 18.  If he had been tried as an adult, he could of got a sentence of up to 10 years.

But hackers aren’t always the bad guys.  The best way to ensure that your website or network is secure against hacks is to try to hack it.  Hackers who use hacking to test and improve computer security are known as “white-hat hackers”.  This type of hacking is often referred to as pen testing or penetration testing and is legal provided it is done with the permission of the owner of the network. A “white-hat” hacker that tries to breach security without permission, even if their intentions are good, would still be breaking the law.

Many organisations will actively seek out legal hackers to attempt to breach their website or network to ensure their own security.  It may even be something that is done in-house by their own IT team.  Knowing where the vulnerabilities of your network are, allows you to protect against illegal hacks and data breaches.  It is much better and more cost effective to take measures to protect against a breach than to clean up the mess afterwards.  The consequences of a hack, particularly when it relates to the stealing of personal data or security, can be at best, reputation-damaging and at worst, very costly and even put people in danger in some cases.

With smart devices that connect to the internet becoming common in people’s homes, it is more important than ever that the companies that support these devices know how to protect their networks and customers against a big data breach.  Technology moves so fast that to stay ahead of the hackers we will need to ensure we have some white-hatters on our side to test the networks to ensure they are secure against breaches.

The good news is, when done properly, network security is generally strong enough to keep out any unwanted visitors but to ensure we stay one step ahead we should make sure we continue to test our networks because the more we rely on technology the more damage a bad hack could do.