What is white-hat hacking? What is ransomware?
5 simple questions on ethical hacking answered.
5 simple questions on ethical hacking answered.
Category
🤖
TechTranscript
00:00One of the biggest cyber attacks in history. The most disruptive
00:04and destructive series of computer attacks ever attributed to a single group.
00:17Ethical hacking is the legal profession of breaking into computer systems. Typically,
00:24it's into an organization's network of computer systems. And essentially, you're getting paid
00:29to do it. So it's a pretty cool job if you could go. White hat hacking refers to someone that
00:43is hired or paid by an organization to try and find vulnerabilities in their systems or networks.
00:49A black hat hacker does it illegally. It's the example of trying to hack someone's Instagram
00:54account or maybe stealing their WhatsApp chat history. Gray hat is actually more interesting.
01:00It sits in between the two. They're not directly hired by an organization to hack their systems,
01:07but they do sometimes operate within that realm. You're seeing a lot more application of gray hat
01:13hacking, given that these cyber attacks on the rise, there is a continuing growth of hackers
01:20who are sort of trying to figure out ways or other alternate ways to increase their income.
01:28Our communication is all digital. So it's almost open the scope of a possibility for hackers and
01:36data exploitation to be possible. Governments actually care
01:39or understand that this is now a national security priority.
01:44The experts are saying that this has been one of the worst years ever, if not the worst year ever
01:52for ransomware. I want to update everyone on the ransomware cyber attack that
01:58impacted on the colonial pipeline over this past week.
02:01To explain ransomware, first, you have to understand what malware is. Malware is software
02:06where its intent is to harm someone's computer system or network. And so that includes everything
02:14from viruses to worms to spyware. Ransomware is quite new. This is a very specific type of malware
02:25that encrypts a victim's data. So say, for example, you have your laptop and someone's
02:31injected some ransomware onto your system. What that will do is it will lock all of the
02:36data on your system, making it inaccessible for you. And the idea is that the hacker won't release
02:43that lock unless you pay a ransom. I think this is more interesting, less so for, you know,
02:49me and yourself. It's more interesting for organizations. Data is essentially,
02:54for many of these companies, their product. It's really important for them to retain their users,
02:58their users' trust, so that they continue sharing their activity data on these apps.
03:03So it's often a choice between, okay, do we pay this small amount in the grand scheme of things
03:08in order to retain, you know, what is our entire company or do we let it go?
03:17Even as American companies are getting clobbered by the hackers, they're also struggling
03:21to find enough people to defend themselves. Demand for cyber workers
03:24hits a historic high this quarter. It's more important than ever, especially for organizations
03:30to invest in their own infrastructure to protect the data that they have, simply relying on their
03:37own internal workforce to guarantee the security of their own systems is quite silly, to put it
03:44frankly. And I think now you have a lot more bounty programs in place by these big tech companies,
03:48Google, Microsoft, Facebook, they actually pay you if you find a vulnerability in their system.
03:54I know Verizon Digital Media actually just passed $7 million in bounties paid.
04:00Uber has paid out over $2 million.
04:02And that's to compensate for your efforts, but also to make sure that you don't
04:06go ahead and exploit the system.
04:10Unfortunately, there isn't an easy, clear career path for becoming an ethical hacker.
04:17Unlike software engineering, there aren't clear and organized structures in place to be able to
04:22facilitate programs where, you know, students can then go on to work in the industry. Networking
04:28plays a much bigger role than it does compared to other industries. And so there is something
04:33called CTFs. If you've played a first person shooter before, you know, capture the flag,
04:38capture the flags are a kind of ethical hacking game. And most often it's sponsored by organizations,
04:44depending on what team you're on, you might be attacking the system, or you might be defending
04:49the system. But the underlying point is CTF is a security competition, and it allows you to practice
04:54your skills again in a legal and safe environment. But also, that's the place where a lot of
04:59organizations are starting to sponsor and also recruit from.