黑客(Hackers)。新闻喜欢报道他们,而公众只是喜欢完全误解他们的实际行为。“黑客”这个词已经与恶意计算机罪犯联系在一起,这在很大程度上要归功于它在媒体和电影中的使用方式。
最初这种恶意类型的电脑精灵被称为“破解者”,但黑客社区似乎已经放弃了试图让“破解者”坚持下去。相反,具有不同道德倾向的黑客被归类为三种不同的“帽子”。而且,事实证明,就像巫师一样。
因此,如果你认为所有的黑客都是“坏人”,那么现在正是解开黑客道德基础的最佳时机。强大的力量伴随着巨大的责任,黑客如何选择运用他们的知识决定了他们将戴哪顶帽子。
当然,任何给定的黑客都可以戴不止一顶帽子。这顶帽子与正在发生的黑客类型有关,而不是与谁进行黑客攻击有关。
在本文结束时,您将了解哪种类型的黑客攻击适用于哪种类型,并希望了解黑客如何融入更大的数字生态系统。因此,当我们深入研究黑客文化的道德头饰时,请牢牢抓住自己的帽子(无论它是什么)。
白帽黑客(White Hat Hackers)是网络合法的好巫师(Lawful Good Wizards)
白帽(White)黑客也被称为“道德黑客”。如果您想从事黑客的法律职业,那么这是您应该戴的唯一帽子。道德黑客总是不遗余力地确保他们所做的任何事情都得到所有相关人员的同意。他们充当安全顾问,倡导更安全的数字世界。
白帽提供的最有价值的服务之一被称为渗透测试或“渗透测试”。基本上(Basically),道德黑客会尽最大努力寻找客户安全的漏洞。如果他们设法破坏了客户的安全性,则会收到一份带有缓解措施的完整报告。
道德黑客永远不会对数据、系统或人员造成故意伤害。您实际上可以参加有关道德黑客的课程,如果您有适当的经验和资格,可以获得道德黑客的认证。(certification)
白(White)帽子通常是出于对隐私和安全的热情。随着我们都需要的商业、服务和政府机构转向完全数字化的商业模式,它们变得越来越重要。
灰帽黑客采取真正的中立态度
灰(Grey)帽黑客本身并没有恶意,但他们也没有遵循严格的道德准则。一顶灰色的帽子可能会消磨他们在未经允许的地方闲逛的时间。他们不会故意窃取信息或损坏任何东西,但他们也不真正关心同意。
如果灰帽子发现安全漏洞,他们可能会私下向系统所有者报告。然而,众所周知,如果不加以修复,灰帽子就会发布漏洞,以此作为迫使系统所有者采取行动的一种方式。
灰(Grey)帽黑客通常被简单的好奇心和探索网络的愿望所驱使。他们并不是故意违反法律或造成伤害。
只是,有时,讨厌的法律和道德原则会阻碍他们想做的事情。尽管不道德的渗透测试是非法的,但一些公司可能会容忍那些给他们带来关键漏洞的灰色帽子,而不会将它们暴露给恶意用户。
大型科技公司通常会提供“漏洞赏金”计划,人们可能会主动带来他们发现的漏洞。只要按照他们的漏洞赏金规则进行披露,任何人都可以参与。
黑帽黑客——混乱邪恶的巫师(Black Hat Hackers – Chaotic Evil Sorcerers)
黑(Black)帽黑客是互联网的恶魔。这些人利用他们的技能和知识来谋取利润,“lulz”或两者兼而有之。“Lulz”是互联网术语“LOL”的腐败或大声笑(laugh out loud)。在这种情况下,它基本上意味着做某事只是因为你认为你可以或者因为它会很有趣。
说到赚钱,黑帽子有很多选择。所有这些都是非法和不道德的!他们闯入系统窃取信息或简单地丢弃所有东西,造成巨大的损失。
出售被盗的信用卡信息对于黑帽来说是一天的工作。身份(Identity)盗窃?只是(Just)互联网黑社会的另一天。如您所料,其他两种类型的黑客通常与恶意黑客相对。
国家黑客
国家黑客是黑客万神殿中相对较新的成员。他们并不完全适合任何传统的帽子,而是一种新型的网络战士兵。根据他们本国的间谍法,他们所做的(本应是)合法的,但他们的意图也可能是恶意的。
国家黑客并不完全符合黑客帽子的范畴,因为直到今天,黑客主要是平民团体和个人。尽管如此,国家黑客仍然存在,因此我们需要在思考黑客世界时为他们找到一个空间。也许我们可以称它们为“迷彩帽”。不,那永远不会流行,不是吗?
我们需要黑客!
就其本质而言,黑客生活在数字世界的边缘。他们肯定与普通用户有很大不同,即使是高级用户和技术爱好者也不会在很多相同的圈子中移动。
黑客的思想,无论他们戴什么帽子,都必须与典型的人成直角。他们可以摆脱我们大多数人的偏见和成见,从而实现一些非常惊人的解决方法和漏洞利用。
虽然黑帽黑客的幽灵可能会让一些人彻夜难眠,但毫无疑问,要使与这些技术相关的技术和政策向前发展,我们需要具有“黑客”心态的人。
重要的是要记住,黑客攻击通常是创新过程的一部分。有人提出了一个想法并测试了这个想法,而不是认为它是不可能的。因此,如果您自动将“黑客”一词与犯罪联系起来,那么可能是时候重新审视这些偏见了。
Black, White & Gray Hat Hacking Defined
Hackers. The news loves to report on them and the public just loves to completely misunderstand what they actually do. The word “hacker” has become associated with malicious computer criminals, largely thanks to how it’s used in the media and film.
Originally the malicious type of computer wizard was known as a “cracker”, but it seems like the hacker community has given up on trying to make “cracker” stick. Instead hackers of different moral inclinations are sorted under three different “hats”. Also, as it turns out, like wizards.
So if you think that all hackers are “bad guys”, then this is the perfect time to unpack the basics of hacker morality. With great power comes great responsibility, and how a hacker chooses to wield their knowledge determines which hat they’ll wear.
Any given hacker can wear more than one hat of course. The hat is associated with the type of hacking that’s happening, not who does the hacking, necessarily.
By the end of this article, you’ll understand which type of hacking fits under which hat and, hopefully, know how hackers fit into the larger digital ecosystem. So, hold on to your own hat (whichever it may be) as we delve into the moral headpieces of hacker culture.
White Hat Hackers are the Lawful Good Wizards of the Net
White hat hackers are also known as “ethical hackers”. If you want a legal career as a hacker, then this is the only hat you should wear. Ethical hackers always go to great pains to ensure that whatever they do happens with the consent of everyone involved. They act as security consultants and advocate for a safer digital world.
One of the most valuable services offered by white hats is known as a penetration test or “pentest”. Basically the ethical hacker will try their best to find holes in a client’s security. If they manage to defeat the security of a client, a full report with mitigations follow.
Ethical hackers never cause deliberate harm to data, systems or people. You can actually take courses on ethical hacking and, if you have the right experience and qualifications, get a certification as an ethical hacker.
White hats are usually driven by a passion for privacy and security. They are becoming ever more important as the business, services and government institutions we all need shift to entirely digital business models.
Grey Hat Hackers Roll True Neutral
Grey hat hackers aren’t malicious per se, but they don’t follow a strict ethical code either. A grey hat might while away their time poking around places where they have no permission to be. They don’t steal information or damage anything on purpose, but they also don’t really care about consent.
If a grey hat discovers a security vulnerability, they are likely to report it to the owners of the system privately. However, grey hats have been known to publish exploits if they aren’t fixed, as a way to force system owners into action.
Grey hat hackers are often driven by simple curiosity and a desire to explore the net. They don’t mean to break the law or do harm on purpose.
It’s just that, sometimes, pesky laws and ethical principles stand in the way of a thing they want to do. Despite unethical pentests being illegal, some companies might tolerate grey hats who bring them critical exploits without exposing them to malicious users.
Large tech companies will often offer “bug bounty” programs where people may bring unsolicited vulnerabilities they discover. As long as the disclosure is done in accordance with their bug bounty rules, anyone can participate.
Black Hat Hackers – Chaotic Evil Sorcerers
Black hat hackers are the boogeymen of the internet. These people use their skills and knowledge for profit, the “lulz” or both. “Lulz” is a corruption of the internet term “LOL” or laugh out loud. In this context it basically means doing something just because you think you can or because it would be funny.
When it comes to making a buck, black hats have many options.All of them illegal and immoral! They break into systems to steal information or simply trash everything, causing huge damages.
Selling stolen credit card information is all in a day’s work for a black hat. Identity theft? Just another day in the internet underworld folks. The other two types of hackers are, as you might expect, usually in opposition to malicious hackers.
State Hackers
State hackers are a relatively new addition to the hacker pantheon. They don’t really fit neatly under any of the traditional hats and are a new breed of cyber warfare soldiers. What they do is (meant to be) legal, under the espionage laws of their own country, but their intent may also well be malicious.
State hackers don’t fit into the hacker hat spectrum neatly, because until today hackers have largely been civilian groups and individuals. Still, state hackers are here to stay, so we need to find a space for them in our thinking about the hacker world. Maybe we could call them “camo hats”. No, that’ll never catch on, would it?
We Need Hackers!
By their nature, hackers live at the fringes of the digital world. They are certainly very different from the average user and even power users and tech aficionados don’t move in much of the same circles.
The mind of a hacker, regardless of the hat they wear, has to be at right angles to the typical person. They can step back from the biases and preconceptions most of us have and thereby achieve some pretty amazing workarounds and exploits.
While the specter of black hat hackers might keep some people up at night, there’s no doubt that for technology and policies related to those technologies to move forward, we need people with that “hacker” mindset.
It’s important to remember that hacking is often a part of the innovation process. Someone comes up with an idea and tests that notion instead of dismissing it as impossible. So if you automatically associate the word “hacker” with criminality, it might be time to revisit those prejudices.